| Message ID | 20190128154333.31279-1-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [v2] selinux: replace BUG_ONs with WARN_ONs in avc.c | expand |
On 1/28/19 10:43 AM, Ondrej Mosnacek wrote: > These checks are only guarding against programming errors that could > silently grant too many permissions. These cases are better handled with > WARN_ON(), since it doesn't really help much to crash the machine in > this case. > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov> > --- > security/selinux/avc.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/security/selinux/avc.c b/security/selinux/avc.c > index 3a27418b20d7..33863298a9b5 100644 > --- a/security/selinux/avc.c > +++ b/security/selinux/avc.c > @@ -1059,7 +1059,8 @@ int avc_has_extended_perms(struct selinux_state *state, > int rc = 0, rc2; > > xp_node = &local_xp_node; > - BUG_ON(!requested); > + if (WARN_ON(!requested)) > + return -EACCES; > > rcu_read_lock(); > > @@ -1149,7 +1150,8 @@ inline int avc_has_perm_noaudit(struct selinux_state *state, > int rc = 0; > u32 denied; > > - BUG_ON(!requested); > + if (WARN_ON(!requested)) > + return -EACCES; > > rcu_read_lock(); > >
On Mon, Jan 28, 2019 at 10:43 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > These checks are only guarding against programming errors that could > silently grant too many permissions. These cases are better handled with > WARN_ON(), since it doesn't really help much to crash the machine in > this case. > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > --- > security/selinux/avc.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) Merged, thanks. > diff --git a/security/selinux/avc.c b/security/selinux/avc.c > index 3a27418b20d7..33863298a9b5 100644 > --- a/security/selinux/avc.c > +++ b/security/selinux/avc.c > @@ -1059,7 +1059,8 @@ int avc_has_extended_perms(struct selinux_state *state, > int rc = 0, rc2; > > xp_node = &local_xp_node; > - BUG_ON(!requested); > + if (WARN_ON(!requested)) > + return -EACCES; > > rcu_read_lock(); > > @@ -1149,7 +1150,8 @@ inline int avc_has_perm_noaudit(struct selinux_state *state, > int rc = 0; > u32 denied; > > - BUG_ON(!requested); > + if (WARN_ON(!requested)) > + return -EACCES; > > rcu_read_lock(); > > -- > 2.20.1 >
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 3a27418b20d7..33863298a9b5 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -1059,7 +1059,8 @@ int avc_has_extended_perms(struct selinux_state *state, int rc = 0, rc2; xp_node = &local_xp_node; - BUG_ON(!requested); + if (WARN_ON(!requested)) + return -EACCES; rcu_read_lock(); @@ -1149,7 +1150,8 @@ inline int avc_has_perm_noaudit(struct selinux_state *state, int rc = 0; u32 denied; - BUG_ON(!requested); + if (WARN_ON(!requested)) + return -EACCES; rcu_read_lock();
These checks are only guarding against programming errors that could silently grant too many permissions. These cases are better handled with WARN_ON(), since it doesn't really help much to crash the machine in this case. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- security/selinux/avc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)