| Message ID | 20210728063110.3652-1-xiujianfeng@huawei.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [-next] selinux: correct the return value when loads initial sids | expand |
On Wed, Jul 28, 2021 at 2:30 AM Xiu Jianfeng <xiujianfeng@huawei.com> wrote: > > It should not return 0 when SID 0 is assigned to isids. > This patch fixes it. > > Fixes: e3e0b582c321a ("selinux: remove unused initial SIDs and improve handling") > Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> > --- > security/selinux/ss/policydb.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c > index defc5ef35c66..ad1183e18ce0 100644 > --- a/security/selinux/ss/policydb.c > +++ b/security/selinux/ss/policydb.c > @@ -884,6 +884,7 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s) > > if (sid == SECSID_NULL) { > pr_err("SELinux: SID 0 was assigned a context.\n"); > + rc = -EINVAL; > sidtab_destroy(s); > goto out; > } Hi Xiu Jianfeng, Thanks for the patch, but since you are fixing the error handling in policydb_load_isids(), would you mind respinning this patch to get rid of the "out" label and just have all of the associated callers return directly instead? I generally dislike jump targets that do nothing else other than return a value; those 'goto X;' statements can easily be converted into 'return Y;' statements. Thanks.
在 2021/7/28 23:56, Paul Moore 写道: > On Wed, Jul 28, 2021 at 2:30 AM Xiu Jianfeng <xiujianfeng@huawei.com> wrote: >> It should not return 0 when SID 0 is assigned to isids. >> This patch fixes it. >> >> Fixes: e3e0b582c321a ("selinux: remove unused initial SIDs and improve handling") >> Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> >> --- >> security/selinux/ss/policydb.c | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c >> index defc5ef35c66..ad1183e18ce0 100644 >> --- a/security/selinux/ss/policydb.c >> +++ b/security/selinux/ss/policydb.c >> @@ -884,6 +884,7 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s) >> >> if (sid == SECSID_NULL) { >> pr_err("SELinux: SID 0 was assigned a context.\n"); >> + rc = -EINVAL; >> sidtab_destroy(s); >> goto out; >> } > Hi Xiu Jianfeng, > > Thanks for the patch, but since you are fixing the error handling in > policydb_load_isids(), would you mind respinning this patch to get rid > of the "out" label and just have all of the associated callers return > directly instead? I generally dislike jump targets that do nothing > else other than return a value; those 'goto X;' statements can easily > be converted into 'return Y;' statements. no problem, please check the v2 patch. > > Thanks. >
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index defc5ef35c66..ad1183e18ce0 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -884,6 +884,7 @@ int policydb_load_isids(struct policydb *p, struct sidtab *s) if (sid == SECSID_NULL) { pr_err("SELinux: SID 0 was assigned a context.\n"); + rc = -EINVAL; sidtab_destroy(s); goto out; }
It should not return 0 when SID 0 is assigned to isids. This patch fixes it. Fixes: e3e0b582c321a ("selinux: remove unused initial SIDs and improve handling") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> --- security/selinux/ss/policydb.c | 1 + 1 file changed, 1 insertion(+)