| Message ID | 20190125100651.21753-3-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | Report raw context in AVCs + refactoring | expand |
On 1/25/19 5:06 AM, Ondrej Mosnacek wrote: > We don't need to crash the machine in these cases. Let's just detect the > buggy state early and error out with a warning. > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> > --- > security/selinux/avc.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/security/selinux/avc.c b/security/selinux/avc.c > index 502162eeb3a0..5ebad47391c9 100644 > --- a/security/selinux/avc.c > +++ b/security/selinux/avc.c > @@ -678,7 +678,6 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) > return; > } > > - BUG_ON(!sad->tclass || sad->tclass >= ARRAY_SIZE(secclass_map)); > perms = secclass_map[sad->tclass-1].perms; > > audit_log_string(ab, " {"); > @@ -731,7 +730,6 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a) > kfree(scontext); > } > > - BUG_ON(!sad->tclass || sad->tclass >= ARRAY_SIZE(secclass_map)); > audit_log_format(ab, " tclass=%s", secclass_map[sad->tclass-1].name); > > if (sad->denied) > @@ -748,6 +746,9 @@ noinline int slow_avc_audit(struct selinux_state *state, > struct common_audit_data stack_data; > struct selinux_audit_data sad; > > + if (WARN_ON(!tclass || tclass >= ARRAY_SIZE(secclass_map))) > + return -EINVAL; > + > if (!a) { > a = &stack_data; > a->type = LSM_AUDIT_DATA_NONE; >
On Fri, Jan 25, 2019 at 5:07 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > We don't need to crash the machine in these cases. Let's just detect the > buggy state early and error out with a warning. > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > --- > security/selinux/avc.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) It's always good to remove BUG_ON()s. Merged, thanks. > diff --git a/security/selinux/avc.c b/security/selinux/avc.c > index 502162eeb3a0..5ebad47391c9 100644 > --- a/security/selinux/avc.c > +++ b/security/selinux/avc.c > @@ -678,7 +678,6 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) > return; > } > > - BUG_ON(!sad->tclass || sad->tclass >= ARRAY_SIZE(secclass_map)); > perms = secclass_map[sad->tclass-1].perms; > > audit_log_string(ab, " {"); > @@ -731,7 +730,6 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a) > kfree(scontext); > } > > - BUG_ON(!sad->tclass || sad->tclass >= ARRAY_SIZE(secclass_map)); > audit_log_format(ab, " tclass=%s", secclass_map[sad->tclass-1].name); > > if (sad->denied) > @@ -748,6 +746,9 @@ noinline int slow_avc_audit(struct selinux_state *state, > struct common_audit_data stack_data; > struct selinux_audit_data sad; > > + if (WARN_ON(!tclass || tclass >= ARRAY_SIZE(secclass_map))) > + return -EINVAL; > + > if (!a) { > a = &stack_data; > a->type = LSM_AUDIT_DATA_NONE; > -- > 2.20.1 >
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 502162eeb3a0..5ebad47391c9 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -678,7 +678,6 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a) return; } - BUG_ON(!sad->tclass || sad->tclass >= ARRAY_SIZE(secclass_map)); perms = secclass_map[sad->tclass-1].perms; audit_log_string(ab, " {"); @@ -731,7 +730,6 @@ static void avc_audit_post_callback(struct audit_buffer *ab, void *a) kfree(scontext); } - BUG_ON(!sad->tclass || sad->tclass >= ARRAY_SIZE(secclass_map)); audit_log_format(ab, " tclass=%s", secclass_map[sad->tclass-1].name); if (sad->denied) @@ -748,6 +746,9 @@ noinline int slow_avc_audit(struct selinux_state *state, struct common_audit_data stack_data; struct selinux_audit_data sad; + if (WARN_ON(!tclass || tclass >= ARRAY_SIZE(secclass_map))) + return -EINVAL; + if (!a) { a = &stack_data; a->type = LSM_AUDIT_DATA_NONE;
We don't need to crash the machine in these cases. Let's just detect the buggy state early and error out with a warning. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- security/selinux/avc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)