Re: [PATCH 1/1] selinux: Fix potential counting error in avc_add_xperms_decision()

From: Paul Moore
Date: Tue Aug 06 2024 - 17:56:13 EST

Next message: Jann Horn: "Re: [PATCH v2 1/4] Landlock: Add signal control"
Previous message: Peter Zijlstra: "Re: [GIT PULL] sched_ext: Initial pull request for v6.11"
In reply to: Stephen Smalley: "Re: [PATCH 1/1] selinux: Fix potential counting error in avc_add_xperms_decision()"
Next in thread: Leizhen (ThunderTown): "Re: [PATCH 1/1] selinux: Fix potential counting error in avc_add_xperms_decision()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Aug 6, 2024 at 9:26 AM Stephen Smalley
<stephen.smalley.work@xxxxxxxxx> wrote:
> On Tue, Aug 6, 2024 at 2:51 AM <thunder.leizhen@xxxxxxxxxxxxxxx> wrote:
> > From: Zhen Lei <thunder.leizhen@xxxxxxxxxx>
> >
> > The count increases only when a node is successfully added to
> > the linked list.
> >
> > Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls")
> > Signed-off-by: Zhen Lei <thunder.leizhen@xxxxxxxxxx>
>
> This looks correct to me ...

It looks good to me too, unless I hear any objections I'm going to
merge this into selinux/stable-6.11 and send it up to Linux during the
v6.11-rcX cycle.

> ... but I also notice that the caller is not
> checking or handling the return code for the -ENOMEM situation.

Good catch. We should also fix this, ideally in the same PR where we
send the count/len fix.

Zhen Lei, would you mind working on a separate fix for checking the
error code in the caller?

--
paul-moore.com

Next message: Jann Horn: "Re: [PATCH v2 1/4] Landlock: Add signal control"
Previous message: Peter Zijlstra: "Re: [GIT PULL] sched_ext: Initial pull request for v6.11"
In reply to: Stephen Smalley: "Re: [PATCH 1/1] selinux: Fix potential counting error in avc_add_xperms_decision()"
Next in thread: Leizhen (ThunderTown): "Re: [PATCH 1/1] selinux: Fix potential counting error in avc_add_xperms_decision()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]