[v2,2/5] selinux: convert cond_list to array

Message ID	20200117085836.445797-3-omosnace@redhat.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <SRS0=ftCu=3G=vger.kernel.org=selinux-owner@kernel.org> From: Ondrej Mosnacek <omosnace@redhat.com> To: selinux@vger.kernel.org, Paul Moore <paul@paul-moore.com> Cc: Stephen Smalley <sds@tycho.nsa.gov> Subject: [PATCH v2 2/5] selinux: convert cond_list to array Date: Fri, 17 Jan 2020 09:58:33 +0100 Message-Id: <20200117085836.445797-3-omosnace@redhat.com> In-Reply-To: <20200117085836.445797-1-omosnace@redhat.com> References: <20200117085836.445797-1-omosnace@redhat.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: selinux-owner@vger.kernel.org Precedence: bulk
Series	selinux: Assorted simplifications and cleanups \| expand [v2,0/5] selinux: Assorted simplifications and cleanups [v2,1/5] selinux: simplify evaluate_cond_node() [v2,2/5] selinux: convert cond_list to array [v2,3/5] selinux: convert cond_av_list to array [v2,4/5] selinux: convert cond_expr to array [v2,5/5] selinux: generalize evaluate_cond_node()

Message ID

20200117085836.445797-3-omosnace@redhat.com (mailing list archive)

State

Superseded

Headers

From: Ondrej Mosnacek <omosnace@redhat.com>
To: selinux@vger.kernel.org, Paul Moore <paul@paul-moore.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Subject: [PATCH v2 2/5] selinux: convert cond_list to array
Date: Fri, 17 Jan 2020 09:58:33 +0100
Message-Id: <20200117085836.445797-3-omosnace@redhat.com>
In-Reply-To: <20200117085836.445797-1-omosnace@redhat.com>
References: <20200117085836.445797-1-omosnace@redhat.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: selinux-owner@vger.kernel.org
Precedence: bulk

Series

selinux: Assorted simplifications and cleanups | expand

Commit Message

Ondrej Mosnacek Jan. 17, 2020, 8:58 a.m. UTC

Since it is fixed-size after allocation and we know the size beforehand,
using a plain old array is simpler and more efficient.

While there, also fix signedness of some related variables/parameters.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 security/selinux/include/conditional.h |  6 +--
 security/selinux/selinuxfs.c           |  4 +-
 security/selinux/ss/conditional.c      | 54 ++++++++++----------------
 security/selinux/ss/conditional.h      |  3 +-
 security/selinux/ss/policydb.c         |  2 +-
 security/selinux/ss/policydb.h         |  3 +-
 security/selinux/ss/services.c         | 28 ++++++-------
 7 files changed, 43 insertions(+), 57 deletions(-)

Comments

Stephen Smalley Jan. 17, 2020, 7:38 p.m. UTC | #1

On 1/17/20 3:58 AM, Ondrej Mosnacek wrote:
> Since it is fixed-size after allocation and we know the size beforehand,
> using a plain old array is simpler and more efficient.
> 
> While there, also fix signedness of some related variables/parameters.
> 
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>

Reviewed-by: Stephen Smalley <sds@tycho.nsa.gov>

> ---
>   security/selinux/include/conditional.h |  6 +--
>   security/selinux/selinuxfs.c           |  4 +-
>   security/selinux/ss/conditional.c      | 54 ++++++++++----------------
>   security/selinux/ss/conditional.h      |  3 +-
>   security/selinux/ss/policydb.c         |  2 +-
>   security/selinux/ss/policydb.h         |  3 +-
>   security/selinux/ss/services.c         | 28 ++++++-------
>   7 files changed, 43 insertions(+), 57 deletions(-)
> 
> diff --git a/security/selinux/include/conditional.h b/security/selinux/include/conditional.h
> index 0ab316f61da0..ffb9a33341f8 100644
> --- a/security/selinux/include/conditional.h
> +++ b/security/selinux/include/conditional.h
> @@ -14,12 +14,12 @@
>   #include "security.h"
>   
>   int security_get_bools(struct selinux_state *state,
> -		       int *len, char ***names, int **values);
> +		       u32 *len, char ***names, int **values);
>   
>   int security_set_bools(struct selinux_state *state,
> -		       int len, int *values);
> +		       u32 len, int *values);
>   
>   int security_get_bool_value(struct selinux_state *state,
> -			    int index);
> +			    u32 index);
>   
>   #endif
> diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
> index 79c710911a3c..296ce86e8b1f 100644
> --- a/security/selinux/selinuxfs.c
> +++ b/security/selinux/selinuxfs.c
> @@ -1327,14 +1327,14 @@ static void sel_remove_entries(struct dentry *de)
>   
>   static int sel_make_bools(struct selinux_fs_info *fsi)
>   {
> -	int i, ret;
> +	int ret;
>   	ssize_t len;
>   	struct dentry *dentry = NULL;
>   	struct dentry *dir = fsi->bool_dir;
>   	struct inode *inode = NULL;
>   	struct inode_security_struct *isec;
>   	char **names = NULL, *page;
> -	int num;
> +	u32 i, num;
>   	int *values = NULL;
>   	u32 sid;
>   
> diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
> index 04593062008d..c8a02c9b23ee 100644
> --- a/security/selinux/ss/conditional.c
> +++ b/security/selinux/ss/conditional.c
> @@ -119,6 +119,7 @@ int cond_policydb_init(struct policydb *p)
>   
>   	p->bool_val_to_struct = NULL;
>   	p->cond_list = NULL;
> +	p->cond_list_len = 0;
>   
>   	rc = avtab_init(&p->te_cond_avtab);
>   	if (rc)
> @@ -147,27 +148,22 @@ static void cond_node_destroy(struct cond_node *node)
>   	}
>   	cond_av_list_destroy(node->true_list);
>   	cond_av_list_destroy(node->false_list);
> -	kfree(node);
>   }
>   
> -static void cond_list_destroy(struct cond_node *list)
> +static void cond_list_destroy(struct policydb *p)
>   {
> -	struct cond_node *next, *cur;
> +	u32 i;
>   
> -	if (list == NULL)
> -		return;
> -
> -	for (cur = list; cur; cur = next) {
> -		next = cur->next;
> -		cond_node_destroy(cur);
> -	}
> +	for (i = 0; i < p->cond_list_len; i++)
> +		cond_node_destroy(&p->cond_list[i]);
> +	kfree(p->cond_list);
>   }
>   
>   void cond_policydb_destroy(struct policydb *p)
>   {
>   	kfree(p->bool_val_to_struct);
>   	avtab_destroy(&p->te_cond_avtab);
> -	cond_list_destroy(p->cond_list);
> +	cond_list_destroy(p);
>   }
>   
>   int cond_init_bool_indexes(struct policydb *p)
> @@ -447,7 +443,6 @@ err:
>   
>   int cond_read_list(struct policydb *p, void *fp)
>   {
> -	struct cond_node *node, *last = NULL;
>   	__le32 buf[1];
>   	u32 i, len;
>   	int rc;
> @@ -458,29 +453,24 @@ int cond_read_list(struct policydb *p, void *fp)
>   
>   	len = le32_to_cpu(buf[0]);
>   
> +	p->cond_list = kcalloc(len, sizeof(*p->cond_list), GFP_KERNEL);
> +	if (!p->cond_list)
> +		return rc;
> +
>   	rc = avtab_alloc(&(p->te_cond_avtab), p->te_avtab.nel);
>   	if (rc)
>   		goto err;
>   
>   	for (i = 0; i < len; i++) {
> -		rc = -ENOMEM;
> -		node = kzalloc(sizeof(*node), GFP_KERNEL);
> -		if (!node)
> -			goto err;
> -
> -		rc = cond_read_node(p, node, fp);
> +		rc = cond_read_node(p, &p->cond_list[i], fp);
>   		if (rc)
>   			goto err;
> -
> -		if (i == 0)
> -			p->cond_list = node;
> -		else
> -			last->next = node;
> -		last = node;
>   	}
> +
> +	p->cond_list_len = len;
>   	return 0;
>   err:
> -	cond_list_destroy(p->cond_list);
> +	cond_list_destroy(p);
>   	p->cond_list = NULL;
>   	return rc;
>   }
> @@ -585,23 +575,19 @@ static int cond_write_node(struct policydb *p, struct cond_node *node,
>   	return 0;
>   }
>   
> -int cond_write_list(struct policydb *p, struct cond_node *list, void *fp)
> +int cond_write_list(struct policydb *p, void *fp)
>   {
> -	struct cond_node *cur;
> -	u32 len;
> +	u32 i;
>   	__le32 buf[1];
>   	int rc;
>   
> -	len = 0;
> -	for (cur = list; cur != NULL; cur = cur->next)
> -		len++;
> -	buf[0] = cpu_to_le32(len);
> +	buf[0] = cpu_to_le32(p->cond_list_len);
>   	rc = put_entry(buf, sizeof(u32), 1, fp);
>   	if (rc)
>   		return rc;
>   
> -	for (cur = list; cur != NULL; cur = cur->next) {
> -		rc = cond_write_node(p, cur, fp);
> +	for (i = 0; i < p->cond_list_len; i++) {
> +		rc = cond_write_node(p, &p->cond_list[i], fp);
>   		if (rc)
>   			return rc;
>   	}
> diff --git a/security/selinux/ss/conditional.h b/security/selinux/ss/conditional.h
> index d86ef286ca84..e474bdd3a0ed 100644
> --- a/security/selinux/ss/conditional.h
> +++ b/security/selinux/ss/conditional.h
> @@ -55,7 +55,6 @@ struct cond_node {
>   	struct cond_expr *expr;
>   	struct cond_av_list *true_list;
>   	struct cond_av_list *false_list;
> -	struct cond_node *next;
>   };
>   
>   int cond_policydb_init(struct policydb *p);
> @@ -69,7 +68,7 @@ int cond_index_bool(void *key, void *datum, void *datap);
>   int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp);
>   int cond_read_list(struct policydb *p, void *fp);
>   int cond_write_bool(void *key, void *datum, void *ptr);
> -int cond_write_list(struct policydb *p, struct cond_node *list, void *fp);
> +int cond_write_list(struct policydb *p, void *fp);
>   
>   void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
>   		struct av_decision *avd, struct extended_perms *xperms);
> diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
> index 2aa7f2e1a8e7..8ac9b9ffc83c 100644
> --- a/security/selinux/ss/policydb.c
> +++ b/security/selinux/ss/policydb.c
> @@ -3483,7 +3483,7 @@ int policydb_write(struct policydb *p, void *fp)
>   	if (rc)
>   		return rc;
>   
> -	rc = cond_write_list(p, p->cond_list, fp);
> +	rc = cond_write_list(p, fp);
>   	if (rc)
>   		return rc;
>   
> diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
> index 69b24191fa38..6459616f8487 100644
> --- a/security/selinux/ss/policydb.h
> +++ b/security/selinux/ss/policydb.h
> @@ -272,8 +272,9 @@ struct policydb {
>   	struct cond_bool_datum **bool_val_to_struct;
>   	/* type enforcement conditional access vectors and transitions */
>   	struct avtab te_cond_avtab;
> -	/* linked list indexing te_cond_avtab by conditional */
> +	/* array indexing te_cond_avtab by conditional */
>   	struct cond_node *cond_list;
> +	u32 cond_list_len;
>   
>   	/* role allows */
>   	struct role_allow *role_allow;
> diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
> index ff43a35bb874..8fc8ec317bb6 100644
> --- a/security/selinux/ss/services.c
> +++ b/security/selinux/ss/services.c
> @@ -2868,10 +2868,11 @@ out:
>   }
>   
>   int security_get_bools(struct selinux_state *state,
> -		       int *len, char ***names, int **values)
> +		       u32 *len, char ***names, int **values)
>   {
>   	struct policydb *policydb;
> -	int i, rc;
> +	u32 i;
> +	int rc;
>   
>   	if (!selinux_initialized(state)) {
>   		*len = 0;
> @@ -2925,12 +2926,11 @@ err:
>   }
>   
>   
> -int security_set_bools(struct selinux_state *state, int len, int *values)
> +int security_set_bools(struct selinux_state *state, u32 len, int *values)
>   {
>   	struct policydb *policydb;
> -	int i, rc;
> -	int lenp, seqno = 0;
> -	struct cond_node *cur;
> +	int rc;
> +	u32 i, lenp, seqno = 0;
>   
>   	write_lock_irq(&state->ss->policy_rwlock);
>   
> @@ -2958,8 +2958,8 @@ int security_set_bools(struct selinux_state *state, int len, int *values)
>   			policydb->bool_val_to_struct[i]->state = 0;
>   	}
>   
> -	for (cur = policydb->cond_list; cur; cur = cur->next)
> -		evaluate_cond_node(policydb, cur);
> +	for (i = 0; i < policydb->cond_list_len; i++)
> +		evaluate_cond_node(policydb, &policydb->cond_list[i]);
>   
>   	seqno = ++state->ss->latest_granting;
>   	rc = 0;
> @@ -2975,11 +2975,11 @@ out:
>   }
>   
>   int security_get_bool_value(struct selinux_state *state,
> -			    int index)
> +			    u32 index)
>   {
>   	struct policydb *policydb;
>   	int rc;
> -	int len;
> +	u32 len;
>   
>   	read_lock(&state->ss->policy_rwlock);
>   
> @@ -2999,10 +2999,10 @@ out:
>   static int security_preserve_bools(struct selinux_state *state,
>   				   struct policydb *policydb)
>   {
> -	int rc, nbools = 0, *bvalues = NULL, i;
> +	int rc, *bvalues = NULL;
>   	char **bnames = NULL;
>   	struct cond_bool_datum *booldatum;
> -	struct cond_node *cur;
> +	u32 i, nbools = 0;
>   
>   	rc = security_get_bools(state, &nbools, &bnames, &bvalues);
>   	if (rc)
> @@ -3012,8 +3012,8 @@ static int security_preserve_bools(struct selinux_state *state,
>   		if (booldatum)
>   			booldatum->state = bvalues[i];
>   	}
> -	for (cur = policydb->cond_list; cur; cur = cur->next)
> -		evaluate_cond_node(policydb, cur);
> +	for (i = 0; i < policydb->cond_list_len; i++)
> +		evaluate_cond_node(policydb, &policydb->cond_list[i]);
>   
>   out:
>   	if (bnames) {
>

Paul Moore Jan. 31, 2020, 4:05 a.m. UTC | #2

On Fri, Jan 17, 2020 at 3:58 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> Since it is fixed-size after allocation and we know the size beforehand,
> using a plain old array is simpler and more efficient.
>
> While there, also fix signedness of some related variables/parameters.
>
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
>  security/selinux/include/conditional.h |  6 +--
>  security/selinux/selinuxfs.c           |  4 +-
>  security/selinux/ss/conditional.c      | 54 ++++++++++----------------
>  security/selinux/ss/conditional.h      |  3 +-
>  security/selinux/ss/policydb.c         |  2 +-
>  security/selinux/ss/policydb.h         |  3 +-
>  security/selinux/ss/services.c         | 28 ++++++-------
>  7 files changed, 43 insertions(+), 57 deletions(-)
>
> diff --git a/security/selinux/include/conditional.h b/security/selinux/include/conditional.h
> index 0ab316f61da0..ffb9a33341f8 100644
> --- a/security/selinux/include/conditional.h
> +++ b/security/selinux/include/conditional.h
> @@ -14,12 +14,12 @@
>  #include "security.h"
>
>  int security_get_bools(struct selinux_state *state,
> -                      int *len, char ***names, int **values);
> +                      u32 *len, char ***names, int **values);
>
>  int security_set_bools(struct selinux_state *state,
> -                      int len, int *values);
> +                      u32 len, int *values);

In the future, if you're making changes like this, you might as well
put it all on one line (it fits under 80 chars).

>  int security_get_bool_value(struct selinux_state *state,
> -                           int index);
> +                           u32 index);

Same here.

> diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
> index 04593062008d..c8a02c9b23ee 100644
> --- a/security/selinux/ss/conditional.c
> +++ b/security/selinux/ss/conditional.c
> @@ -119,6 +119,7 @@ int cond_policydb_init(struct policydb *p)
>
>         p->bool_val_to_struct = NULL;
>         p->cond_list = NULL;
> +       p->cond_list_len = 0;
>
>         rc = avtab_init(&p->te_cond_avtab);
>         if (rc)
> @@ -147,27 +148,22 @@ static void cond_node_destroy(struct cond_node *node)
>         }
>         cond_av_list_destroy(node->true_list);
>         cond_av_list_destroy(node->false_list);
> -       kfree(node);
>  }
>
> -static void cond_list_destroy(struct cond_node *list)
> +static void cond_list_destroy(struct policydb *p)
>  {
> -       struct cond_node *next, *cur;
> +       u32 i;
>
> -       if (list == NULL)
> -               return;
> -
> -       for (cur = list; cur; cur = next) {
> -               next = cur->next;
> -               cond_node_destroy(cur);
> -       }
> +       for (i = 0; i < p->cond_list_len; i++)
> +               cond_node_destroy(&p->cond_list[i]);
> +       kfree(p->cond_list);
>  }
>
>  void cond_policydb_destroy(struct policydb *p)
>  {
>         kfree(p->bool_val_to_struct);
>         avtab_destroy(&p->te_cond_avtab);
> -       cond_list_destroy(p->cond_list);
> +       cond_list_destroy(p);
>  }
>
>  int cond_init_bool_indexes(struct policydb *p)
> @@ -447,7 +443,6 @@ err:
>
>  int cond_read_list(struct policydb *p, void *fp)
>  {
> -       struct cond_node *node, *last = NULL;
>         __le32 buf[1];
>         u32 i, len;
>         int rc;
> @@ -458,29 +453,24 @@ int cond_read_list(struct policydb *p, void *fp)
>
>         len = le32_to_cpu(buf[0]);
>
> +       p->cond_list = kcalloc(len, sizeof(*p->cond_list), GFP_KERNEL);
> +       if (!p->cond_list)
> +               return rc;
> +
>         rc = avtab_alloc(&(p->te_cond_avtab), p->te_avtab.nel);
>         if (rc)
>                 goto err;
>
>         for (i = 0; i < len; i++) {
> -               rc = -ENOMEM;
> -               node = kzalloc(sizeof(*node), GFP_KERNEL);
> -               if (!node)
> -                       goto err;
> -
> -               rc = cond_read_node(p, node, fp);
> +               rc = cond_read_node(p, &p->cond_list[i], fp);
>                 if (rc)
>                         goto err;
> -
> -               if (i == 0)
> -                       p->cond_list = node;
> -               else
> -                       last->next = node;
> -               last = node;
>         }
> +
> +       p->cond_list_len = len;

Hmmm.  Since we don't update p->cond_list_len until here, if we fail
in the for-loop above and end up jumping to "err" we might not cleanup
all the nodes, right?

>         return 0;
>  err:
> -       cond_list_destroy(p->cond_list);
> +       cond_list_destroy(p);
>         p->cond_list = NULL;
>         return rc;
>  }

Ondrej Mosnacek Feb. 3, 2020, 9:05 a.m. UTC | #3

On Fri, Jan 31, 2020 at 5:05 AM Paul Moore <paul@paul-moore.com> wrote:
> On Fri, Jan 17, 2020 at 3:58 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
> >
> > Since it is fixed-size after allocation and we know the size beforehand,
> > using a plain old array is simpler and more efficient.
> >
> > While there, also fix signedness of some related variables/parameters.
> >
> > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> > ---
> >  security/selinux/include/conditional.h |  6 +--
> >  security/selinux/selinuxfs.c           |  4 +-
> >  security/selinux/ss/conditional.c      | 54 ++++++++++----------------
> >  security/selinux/ss/conditional.h      |  3 +-
> >  security/selinux/ss/policydb.c         |  2 +-
> >  security/selinux/ss/policydb.h         |  3 +-
> >  security/selinux/ss/services.c         | 28 ++++++-------
> >  7 files changed, 43 insertions(+), 57 deletions(-)
> >
> > diff --git a/security/selinux/include/conditional.h b/security/selinux/include/conditional.h
> > index 0ab316f61da0..ffb9a33341f8 100644
> > --- a/security/selinux/include/conditional.h
> > +++ b/security/selinux/include/conditional.h
> > @@ -14,12 +14,12 @@
> >  #include "security.h"
> >
> >  int security_get_bools(struct selinux_state *state,
> > -                      int *len, char ***names, int **values);
> > +                      u32 *len, char ***names, int **values);
> >
> >  int security_set_bools(struct selinux_state *state,
> > -                      int len, int *values);
> > +                      u32 len, int *values);
>
> In the future, if you're making changes like this, you might as well
> put it all on one line (it fits under 80 chars).

Good point, will do that in v3.

>
> >  int security_get_bool_value(struct selinux_state *state,
> > -                           int index);
> > +                           u32 index);
>
> Same here.
>
> > diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
> > index 04593062008d..c8a02c9b23ee 100644
> > --- a/security/selinux/ss/conditional.c
> > +++ b/security/selinux/ss/conditional.c
> > @@ -119,6 +119,7 @@ int cond_policydb_init(struct policydb *p)
> >
> >         p->bool_val_to_struct = NULL;
> >         p->cond_list = NULL;
> > +       p->cond_list_len = 0;
> >
> >         rc = avtab_init(&p->te_cond_avtab);
> >         if (rc)
> > @@ -147,27 +148,22 @@ static void cond_node_destroy(struct cond_node *node)
> >         }
> >         cond_av_list_destroy(node->true_list);
> >         cond_av_list_destroy(node->false_list);
> > -       kfree(node);
> >  }
> >
> > -static void cond_list_destroy(struct cond_node *list)
> > +static void cond_list_destroy(struct policydb *p)
> >  {
> > -       struct cond_node *next, *cur;
> > +       u32 i;
> >
> > -       if (list == NULL)
> > -               return;
> > -
> > -       for (cur = list; cur; cur = next) {
> > -               next = cur->next;
> > -               cond_node_destroy(cur);
> > -       }
> > +       for (i = 0; i < p->cond_list_len; i++)
> > +               cond_node_destroy(&p->cond_list[i]);
> > +       kfree(p->cond_list);
> >  }
> >
> >  void cond_policydb_destroy(struct policydb *p)
> >  {
> >         kfree(p->bool_val_to_struct);
> >         avtab_destroy(&p->te_cond_avtab);
> > -       cond_list_destroy(p->cond_list);
> > +       cond_list_destroy(p);
> >  }
> >
> >  int cond_init_bool_indexes(struct policydb *p)
> > @@ -447,7 +443,6 @@ err:
> >
> >  int cond_read_list(struct policydb *p, void *fp)
> >  {
> > -       struct cond_node *node, *last = NULL;
> >         __le32 buf[1];
> >         u32 i, len;
> >         int rc;
> > @@ -458,29 +453,24 @@ int cond_read_list(struct policydb *p, void *fp)
> >
> >         len = le32_to_cpu(buf[0]);
> >
> > +       p->cond_list = kcalloc(len, sizeof(*p->cond_list), GFP_KERNEL);
> > +       if (!p->cond_list)
> > +               return rc;
> > +
> >         rc = avtab_alloc(&(p->te_cond_avtab), p->te_avtab.nel);
> >         if (rc)
> >                 goto err;
> >
> >         for (i = 0; i < len; i++) {
> > -               rc = -ENOMEM;
> > -               node = kzalloc(sizeof(*node), GFP_KERNEL);
> > -               if (!node)
> > -                       goto err;
> > -
> > -               rc = cond_read_node(p, node, fp);
> > +               rc = cond_read_node(p, &p->cond_list[i], fp);
> >                 if (rc)
> >                         goto err;
> > -
> > -               if (i == 0)
> > -                       p->cond_list = node;
> > -               else
> > -                       last->next = node;
> > -               last = node;
> >         }
> > +
> > +       p->cond_list_len = len;
>
> Hmmm.  Since we don't update p->cond_list_len until here, if we fail
> in the for-loop above and end up jumping to "err" we might not cleanup
> all the nodes, right?

You're right. I'll fix it by moving the p->cond_list_len assignment
before the for-loop - since the array is zero-initialized by
kcalloc(), cond_node_destroy() can be called safely also on unread
items. (That is a bit inefficient, but I see little value in
micro-optimizing the error path.)

>
> >         return 0;
> >  err:
> > -       cond_list_destroy(p->cond_list);
> > +       cond_list_destroy(p);
> >         p->cond_list = NULL;
> >         return rc;
> >  }
>
> --
> paul moore
> www.paul-moore.com

diff --git a/security/selinux/include/conditional.h b/security/selinux/include/conditional.h
index 0ab316f61da0..ffb9a33341f8 100644
--- a/security/selinux/include/conditional.h
+++ b/security/selinux/include/conditional.h
@@ -14,12 +14,12 @@ 
 #include "security.h"
 
 int security_get_bools(struct selinux_state *state,
-		       int *len, char ***names, int **values);
+		       u32 *len, char ***names, int **values);
 
 int security_set_bools(struct selinux_state *state,
-		       int len, int *values);
+		       u32 len, int *values);
 
 int security_get_bool_value(struct selinux_state *state,
-			    int index);
+			    u32 index);
 
 #endif
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 79c710911a3c..296ce86e8b1f 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1327,14 +1327,14 @@  static void sel_remove_entries(struct dentry *de)
 
 static int sel_make_bools(struct selinux_fs_info *fsi)
 {
-	int i, ret;
+	int ret;
 	ssize_t len;
 	struct dentry *dentry = NULL;
 	struct dentry *dir = fsi->bool_dir;
 	struct inode *inode = NULL;
 	struct inode_security_struct *isec;
 	char **names = NULL, *page;
-	int num;
+	u32 i, num;
 	int *values = NULL;
 	u32 sid;
 
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index 04593062008d..c8a02c9b23ee 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -119,6 +119,7 @@  int cond_policydb_init(struct policydb *p)
 
 	p->bool_val_to_struct = NULL;
 	p->cond_list = NULL;
+	p->cond_list_len = 0;
 
 	rc = avtab_init(&p->te_cond_avtab);
 	if (rc)
@@ -147,27 +148,22 @@  static void cond_node_destroy(struct cond_node *node)
 	}
 	cond_av_list_destroy(node->true_list);
 	cond_av_list_destroy(node->false_list);
-	kfree(node);
 }
 
-static void cond_list_destroy(struct cond_node *list)
+static void cond_list_destroy(struct policydb *p)
 {
-	struct cond_node *next, *cur;
+	u32 i;
 
-	if (list == NULL)
-		return;
-
-	for (cur = list; cur; cur = next) {
-		next = cur->next;
-		cond_node_destroy(cur);
-	}
+	for (i = 0; i < p->cond_list_len; i++)
+		cond_node_destroy(&p->cond_list[i]);
+	kfree(p->cond_list);
 }
 
 void cond_policydb_destroy(struct policydb *p)
 {
 	kfree(p->bool_val_to_struct);
 	avtab_destroy(&p->te_cond_avtab);
-	cond_list_destroy(p->cond_list);
+	cond_list_destroy(p);
 }
 
 int cond_init_bool_indexes(struct policydb *p)
@@ -447,7 +443,6 @@  err:
 
 int cond_read_list(struct policydb *p, void *fp)
 {
-	struct cond_node *node, *last = NULL;
 	__le32 buf[1];
 	u32 i, len;
 	int rc;
@@ -458,29 +453,24 @@  int cond_read_list(struct policydb *p, void *fp)
 
 	len = le32_to_cpu(buf[0]);
 
+	p->cond_list = kcalloc(len, sizeof(*p->cond_list), GFP_KERNEL);
+	if (!p->cond_list)
+		return rc;
+
 	rc = avtab_alloc(&(p->te_cond_avtab), p->te_avtab.nel);
 	if (rc)
 		goto err;
 
 	for (i = 0; i < len; i++) {
-		rc = -ENOMEM;
-		node = kzalloc(sizeof(*node), GFP_KERNEL);
-		if (!node)
-			goto err;
-
-		rc = cond_read_node(p, node, fp);
+		rc = cond_read_node(p, &p->cond_list[i], fp);
 		if (rc)
 			goto err;
-
-		if (i == 0)
-			p->cond_list = node;
-		else
-			last->next = node;
-		last = node;
 	}
+
+	p->cond_list_len = len;
 	return 0;
 err:
-	cond_list_destroy(p->cond_list);
+	cond_list_destroy(p);
 	p->cond_list = NULL;
 	return rc;
 }
@@ -585,23 +575,19 @@  static int cond_write_node(struct policydb *p, struct cond_node *node,
 	return 0;
 }
 
-int cond_write_list(struct policydb *p, struct cond_node *list, void *fp)
+int cond_write_list(struct policydb *p, void *fp)
 {
-	struct cond_node *cur;
-	u32 len;
+	u32 i;
 	__le32 buf[1];
 	int rc;
 
-	len = 0;
-	for (cur = list; cur != NULL; cur = cur->next)
-		len++;
-	buf[0] = cpu_to_le32(len);
+	buf[0] = cpu_to_le32(p->cond_list_len);
 	rc = put_entry(buf, sizeof(u32), 1, fp);
 	if (rc)
 		return rc;
 
-	for (cur = list; cur != NULL; cur = cur->next) {
-		rc = cond_write_node(p, cur, fp);
+	for (i = 0; i < p->cond_list_len; i++) {
+		rc = cond_write_node(p, &p->cond_list[i], fp);
 		if (rc)
 			return rc;
 	}
diff --git a/security/selinux/ss/conditional.h b/security/selinux/ss/conditional.h
index d86ef286ca84..e474bdd3a0ed 100644
--- a/security/selinux/ss/conditional.h
+++ b/security/selinux/ss/conditional.h
@@ -55,7 +55,6 @@  struct cond_node {
 	struct cond_expr *expr;
 	struct cond_av_list *true_list;
 	struct cond_av_list *false_list;
-	struct cond_node *next;
 };
 
 int cond_policydb_init(struct policydb *p);
@@ -69,7 +68,7 @@  int cond_index_bool(void *key, void *datum, void *datap);
 int cond_read_bool(struct policydb *p, struct hashtab *h, void *fp);
 int cond_read_list(struct policydb *p, void *fp);
 int cond_write_bool(void *key, void *datum, void *ptr);
-int cond_write_list(struct policydb *p, struct cond_node *list, void *fp);
+int cond_write_list(struct policydb *p, void *fp);
 
 void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
 		struct av_decision *avd, struct extended_perms *xperms);
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 2aa7f2e1a8e7..8ac9b9ffc83c 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -3483,7 +3483,7 @@  int policydb_write(struct policydb *p, void *fp)
 	if (rc)
 		return rc;
 
-	rc = cond_write_list(p, p->cond_list, fp);
+	rc = cond_write_list(p, fp);
 	if (rc)
 		return rc;
 
diff --git a/security/selinux/ss/policydb.h b/security/selinux/ss/policydb.h
index 69b24191fa38..6459616f8487 100644
--- a/security/selinux/ss/policydb.h
+++ b/security/selinux/ss/policydb.h
@@ -272,8 +272,9 @@  struct policydb {
 	struct cond_bool_datum **bool_val_to_struct;
 	/* type enforcement conditional access vectors and transitions */
 	struct avtab te_cond_avtab;
-	/* linked list indexing te_cond_avtab by conditional */
+	/* array indexing te_cond_avtab by conditional */
 	struct cond_node *cond_list;
+	u32 cond_list_len;
 
 	/* role allows */
 	struct role_allow *role_allow;
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index ff43a35bb874..8fc8ec317bb6 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2868,10 +2868,11 @@  out:
 }
 
 int security_get_bools(struct selinux_state *state,
-		       int *len, char ***names, int **values)
+		       u32 *len, char ***names, int **values)
 {
 	struct policydb *policydb;
-	int i, rc;
+	u32 i;
+	int rc;
 
 	if (!selinux_initialized(state)) {
 		*len = 0;
@@ -2925,12 +2926,11 @@  err:
 }
 
 
-int security_set_bools(struct selinux_state *state, int len, int *values)
+int security_set_bools(struct selinux_state *state, u32 len, int *values)
 {
 	struct policydb *policydb;
-	int i, rc;
-	int lenp, seqno = 0;
-	struct cond_node *cur;
+	int rc;
+	u32 i, lenp, seqno = 0;
 
 	write_lock_irq(&state->ss->policy_rwlock);
 
@@ -2958,8 +2958,8 @@  int security_set_bools(struct selinux_state *state, int len, int *values)
 			policydb->bool_val_to_struct[i]->state = 0;
 	}
 
-	for (cur = policydb->cond_list; cur; cur = cur->next)
-		evaluate_cond_node(policydb, cur);
+	for (i = 0; i < policydb->cond_list_len; i++)
+		evaluate_cond_node(policydb, &policydb->cond_list[i]);
 
 	seqno = ++state->ss->latest_granting;
 	rc = 0;
@@ -2975,11 +2975,11 @@  out:
 }
 
 int security_get_bool_value(struct selinux_state *state,
-			    int index)
+			    u32 index)
 {
 	struct policydb *policydb;
 	int rc;
-	int len;
+	u32 len;
 
 	read_lock(&state->ss->policy_rwlock);
 
@@ -2999,10 +2999,10 @@  out:
 static int security_preserve_bools(struct selinux_state *state,
 				   struct policydb *policydb)
 {
-	int rc, nbools = 0, *bvalues = NULL, i;
+	int rc, *bvalues = NULL;
 	char **bnames = NULL;
 	struct cond_bool_datum *booldatum;
-	struct cond_node *cur;
+	u32 i, nbools = 0;
 
 	rc = security_get_bools(state, &nbools, &bnames, &bvalues);
 	if (rc)
@@ -3012,8 +3012,8 @@  static int security_preserve_bools(struct selinux_state *state,
 		if (booldatum)
 			booldatum->state = bvalues[i];
 	}
-	for (cur = policydb->cond_list; cur; cur = cur->next)
-		evaluate_cond_node(policydb, cur);
+	for (i = 0; i < policydb->cond_list_len; i++)
+		evaluate_cond_node(policydb, &policydb->cond_list[i]);
 
 out:
 	if (bnames) {

[v2,2/5] selinux: convert cond_list to array

Commit Message

Comments

Patch