All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dan Carpenter <dan.carpenter@oracle.com>
To: dhowells@redhat.com
Cc: linux-fsdevel@vger.kernel.org
Subject: [bug report] smack: Implement filesystem context security hooks
Date: Mon, 28 Jan 2019 17:04:26 +0300	[thread overview]
Message-ID: <20190128140426.GA7268@kadam> (raw)

Hello David Howells,

The patch 1f38a2e9dab7: "smack: Implement filesystem context security
hooks" from Nov 1, 2018, leads to the following static checker
warning:

	fs/namespace.c:1014 vfs_kern_mount()
	error: passing non negative 1 to ERR_PTR

fs/namespace.c
    1004 		return ERR_CAST(fc);
    1005 
    1006 	if (name)
    1007 		ret = vfs_parse_fs_string(fc, "source",
    1008 					  name, strlen(name));
    1009 	if (!ret)
    1010 		ret = parse_monolithic_mount_data(fc, data);
    1011 	if (!ret)
    1012 		mnt = fc_mount(fc);
    1013 	else
--> 1014 		mnt = ERR_PTR(ret);
    1015 
    1016 	put_fs_context(fc);
    1017 	return mnt;
    1018 }

The 1 comes from selinux_fs_context_parse_param() and
smack_fs_context_parse_param().  That code looks something like:

security/smack/smack_lsm.c
   707  /**
   708   * smack_fs_context_parse_param - Parse a single mount parameter
   709   * @fc: The new filesystem context being constructed.
   710   * @param: The parameter.
   711   *
   712   * Returns 0 on success or -ENOMEM on error.
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

LIES!!!!

   713   */
   714  static int smack_fs_context_parse_param(struct fs_context *fc,
   715                                          struct fs_parameter *param)
   716  {
   717          struct fs_parse_result result;
   718          int opt, rc;
   719  
   720          opt = fs_parse(fc, &smack_fs_parameters, param, &result);
   721          if (opt < 0)
   722                  return opt;
   723  
   724          rc = smack_add_opt(opt, param->string, &fc->security);
   725          if (!rc) {
   726                  param->string = NULL;
   727                  rc = 1;
                        ^^^^^^
It probably should return zero though...

   728          }
   729          return rc;
   730  }

regards,
dan carpenter

             reply	other threads:[~2019-01-28 14:04 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-01-28 14:04 Dan Carpenter [this message]
2019-01-28 14:28 ` [bug report] smack: Implement filesystem context security hooks David Howells

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190128140426.GA7268@kadam \
    --to=dan.carpenter@oracle.com \
    --cc=dhowells@redhat.com \
    --cc=linux-fsdevel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.