[1/9] selinux: check return value of sel_make_avc_files

Message ID	20220125141422.32655-9-cgzones@googlemail.com (mailing list archive)
State	Accepted
Delegated to:	Paul Moore
Headers	show Return-Path: <selinux-owner@kernel.org> From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> To: selinux@vger.kernel.org Cc: Paul Moore <paul@paul-moore.com>, Stephen Smalley <stephen.smalley.work@gmail.com>, Eric Paris <eparis@parisplace.org>, Nathan Chancellor <nathan@kernel.org>, Nick Desaulniers <ndesaulniers@google.com>, Jeff Vander Stoep <jeffv@google.com>, linux-kernel@vger.kernel.org, llvm@lists.linux.dev Subject: [PATCH 1/9] selinux: check return value of sel_make_avc_files Date: Tue, 25 Jan 2022 15:14:20 +0100 Message-Id: <20220125141422.32655-9-cgzones@googlemail.com> In-Reply-To: <20220125141422.32655-1-cgzones@googlemail.com> References: <20220125141422.32655-1-cgzones@googlemail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	[1/9] selinux: check return value of sel_make_avc_files \| expand [2/9] selinux: declare path parameters of _genfs_sid const [3/9] selinux: declare name parameter of hash_eval const [4/9] selinux: enclose macro arguments in parenthesis [5/9] selinux: drop cast to same type [6/9] selinux: drop unused parameter of avtab_insert_node [7/9] selinux: do not discard const qualifier in cast [8/9] selinux: simplify cred_init_security [9/9] selinux: drop unused macro [1/9] selinux: check return value of sel_make_avc_files

Message ID

20220125141422.32655-9-cgzones@googlemail.com (mailing list archive)

State

Accepted

Delegated to:

Paul Moore

Headers

From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Cc: Paul Moore <paul@paul-moore.com>,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Eric Paris <eparis@parisplace.org>,
        Nathan Chancellor <nathan@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Jeff Vander Stoep <jeffv@google.com>,
        linux-kernel@vger.kernel.org, llvm@lists.linux.dev
Subject: [PATCH 1/9] selinux: check return value of sel_make_avc_files
Date: Tue, 25 Jan 2022 15:14:20 +0100
Message-Id: <20220125141422.32655-9-cgzones@googlemail.com>
In-Reply-To: <20220125141422.32655-1-cgzones@googlemail.com>
References: <20220125141422.32655-1-cgzones@googlemail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

[1/9] selinux: check return value of sel_make_avc_files | expand

Commit Message

Christian Göttsche Jan. 25, 2022, 2:14 p.m. UTC

sel_make_avc_files() might fail and return a negative errno value on
memory allocation failures. Re-add the check of the return value,
dropped in 66f8e2f03c02.

Reported by clang-analyzer:

    security/selinux/selinuxfs.c:2129:2: warning: Value stored to 'ret' is never read [deadcode.DeadStores]
            ret = sel_make_avc_files(dentry);
            ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~

Fixes: 66f8e2f03c02 ("selinux: sidtab reverse lookup hash table")
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 security/selinux/selinuxfs.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Nick Desaulniers Jan. 25, 2022, 7:46 p.m. UTC | #1

On Tue, Jan 25, 2022 at 6:15 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> sel_make_avc_files() might fail and return a negative errno value on
> memory allocation failures. Re-add the check of the return value,
> dropped in 66f8e2f03c02.
>
> Reported by clang-analyzer:
>
>     security/selinux/selinuxfs.c:2129:2: warning: Value stored to 'ret' is never read [deadcode.DeadStores]
>             ret = sel_make_avc_files(dentry);
>             ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Fixes: 66f8e2f03c02 ("selinux: sidtab reverse lookup hash table")
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>

> ---
>  security/selinux/selinuxfs.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index e4cd7cb856f3..f2f6203e0fff 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -2127,6 +2127,8 @@ static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
>         }
>
>         ret = sel_make_avc_files(dentry);
> +       if (ret)
> +               goto err;
>
>         dentry = sel_make_dir(sb->s_root, "ss", &fsi->last_ino);
>         if (IS_ERR(dentry)) {
> --
> 2.34.1
>

Paul Moore Jan. 26, 2022, 12:35 a.m. UTC | #2

On Tue, Jan 25, 2022 at 9:15 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> sel_make_avc_files() might fail and return a negative errno value on
> memory allocation failures. Re-add the check of the return value,
> dropped in 66f8e2f03c02.
>
> Reported by clang-analyzer:
>
>     security/selinux/selinuxfs.c:2129:2: warning: Value stored to 'ret' is never read [deadcode.DeadStores]
>             ret = sel_make_avc_files(dentry);
>             ^     ~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> Fixes: 66f8e2f03c02 ("selinux: sidtab reverse lookup hash table")
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
>  security/selinux/selinuxfs.c | 2 ++
>  1 file changed, 2 insertions(+)

Merged into selinux/next, thanks Christian.

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index e4cd7cb856f3..f2f6203e0fff 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -2127,6 +2127,8 @@  static int sel_fill_super(struct super_block *sb, struct fs_context *fc)
 	}
 
 	ret = sel_make_avc_files(dentry);
+	if (ret)
+		goto err;
 
 	dentry = sel_make_dir(sb->s_root, "ss", &fsi->last_ino);
 	if (IS_ERR(dentry)) {

[1/9] selinux: check return value of sel_make_avc_files

Commit Message

Comments

Patch