Re: [PATCH 1/1] selinux: Fix potential counting error in avc_add_xperms_decision()
From: Leizhen (ThunderTown)
Date: Wed Aug 07 2024 - 02:28:09 EST
On 2024/8/7 5:55, Paul Moore wrote:
> On Tue, Aug 6, 2024 at 9:26 AM Stephen Smalley
> <stephen.smalley.work@xxxxxxxxx> wrote:
>> On Tue, Aug 6, 2024 at 2:51 AM <thunder.leizhen@xxxxxxxxxxxxxxx> wrote:
>>> From: Zhen Lei <thunder.leizhen@xxxxxxxxxx>
>>>
>>> The count increases only when a node is successfully added to
>>> the linked list.
>>>
>>> Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls")
>>> Signed-off-by: Zhen Lei <thunder.leizhen@xxxxxxxxxx>
>>
>> This looks correct to me ...
>
> It looks good to me too, unless I hear any objections I'm going to
> merge this into selinux/stable-6.11 and send it up to Linux during the
> v6.11-rcX cycle.
>
>> ... but I also notice that the caller is not
>> checking or handling the return code for the -ENOMEM situation.
>
> Good catch. We should also fix this, ideally in the same PR where we
> send the count/len fix.
>
> Zhen Lei, would you mind working on a separate fix for checking the
> error code in the caller?
Yeah, I'd love to.
>
--
Regards,
Zhen Lei