[PATCH] selinux: return -ENOMEM if kzalloc() fails

linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] selinux: return -ENOMEM if kzalloc() fails
@ 2017-06-30  7:56 Dan Carpenter
  2017-06-30 12:48 ` Stephen Smalley
  0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2017-06-30  7:56 UTC (permalink / raw)
  To: linux-security-module

We accidentally return success instead of -ENOMEM on this failure path.

Fixes: 409dcf31538a ("selinux: Add a cache for quicker retreival of PKey SIDs")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

diff --git a/security/selinux/ibpkey.c b/security/selinux/ibpkey.c
index e3614ee5f1c0..36e61f622b5a 100644
--- a/security/selinux/ibpkey.c
+++ b/security/selinux/ibpkey.c
@@ -160,8 +160,10 @@ static int sel_ib_pkey_sid_slow(u64 subnet_prefix, u16 pkey_num, u32 *sid)
 	 * is valid, it just won't be added to the cache.
 	 */
 	new = kzalloc(sizeof(*new), GFP_ATOMIC);
-	if (!new)
+	if (!new) {
+		ret = -ENOMEM;
 		goto out;
+	}
 
 	new->psec.subnet_prefix = subnet_prefix;
 	new->psec.pkey = pkey_num;
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* [PATCH] selinux: return -ENOMEM if kzalloc() fails
  2017-06-30  7:56 [PATCH] selinux: return -ENOMEM if kzalloc() fails Dan Carpenter
@ 2017-06-30 12:48 ` Stephen Smalley
  2017-06-30 13:10   ` Tetsuo Handa
  0 siblings, 1 reply; 4+ messages in thread
From: Stephen Smalley @ 2017-06-30 12:48 UTC (permalink / raw)
  To: linux-security-module

On Fri, 2017-06-30 at 10:56 +0300, Dan Carpenter wrote:
> We accidentally return success instead of -ENOMEM on this failure
> path.
> 
> Fixes: 409dcf31538a ("selinux: Add a cache for quicker retreival of
> PKey SIDs")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

NAK, that's intentional.  See the comment just above the code in
question.

> 
> diff --git a/security/selinux/ibpkey.c b/security/selinux/ibpkey.c
> index e3614ee5f1c0..36e61f622b5a 100644
> --- a/security/selinux/ibpkey.c
> +++ b/security/selinux/ibpkey.c
> @@ -160,8 +160,10 @@ static int sel_ib_pkey_sid_slow(u64
> subnet_prefix, u16 pkey_num, u32 *sid)
> ?	?* is valid, it just won't be added to the cache.
> ?	?*/
> ?	new = kzalloc(sizeof(*new), GFP_ATOMIC);
> -	if (!new)
> +	if (!new) {
> +		ret = -ENOMEM;
> ?		goto out;
> +	}
> ?
> ?	new->psec.subnet_prefix = subnet_prefix;
> ?	new->psec.pkey = pkey_num;
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH] selinux: return -ENOMEM if kzalloc() fails
  2017-06-30 12:48 ` Stephen Smalley
@ 2017-06-30 13:10   ` Tetsuo Handa
  2017-06-30 22:30     ` Paul Moore
  0 siblings, 1 reply; 4+ messages in thread
From: Tetsuo Handa @ 2017-06-30 13:10 UTC (permalink / raw)
  To: linux-security-module

Stephen Smalley wrote:
> On Fri, 2017-06-30 at 10:56 +0300, Dan Carpenter wrote:
> > We accidentally return success instead of -ENOMEM on this failure
> > path.
> > 
> > Fixes: 409dcf31538a ("selinux: Add a cache for quicker retreival of
> > PKey SIDs")
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> NAK, that's intentional.  See the comment just above the code in
> question.

If allocation failure is no problem, please consider using
GFP_NOWAIT | __GFP_NOMEMALLOC | __GFP_NOWARN instead of
GFP_ATOMIC, for memory reserves is mainly targeted for OOM victims.
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH] selinux: return -ENOMEM if kzalloc() fails
  2017-06-30 13:10   ` Tetsuo Handa
@ 2017-06-30 22:30     ` Paul Moore
  0 siblings, 0 replies; 4+ messages in thread
From: Paul Moore @ 2017-06-30 22:30 UTC (permalink / raw)
  To: linux-security-module

On Fri, Jun 30, 2017 at 9:10 AM, Tetsuo Handa
<penguin-kernel@i-love.sakura.ne.jp> wrote:
> Stephen Smalley wrote:
>> On Fri, 2017-06-30 at 10:56 +0300, Dan Carpenter wrote:
>> > We accidentally return success instead of -ENOMEM on this failure
>> > path.
>> >
>> > Fixes: 409dcf31538a ("selinux: Add a cache for quicker retreival of
>> > PKey SIDs")
>> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>>
>> NAK, that's intentional.  See the comment just above the code in
>> question.
>
> If allocation failure is no problem, please consider using
> GFP_NOWAIT | __GFP_NOMEMALLOC | __GFP_NOWARN instead of
> GFP_ATOMIC, for memory reserves is mainly targeted for OOM victims.

I have a todo item to try and consolidate some of the SELinux object
cache code, this seems like something worth experimenting with when
that happens.

-- 
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2017-06-30 22:30 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-06-30  7:56 [PATCH] selinux: return -ENOMEM if kzalloc() fails Dan Carpenter
2017-06-30 12:48 ` Stephen Smalley
2017-06-30 13:10   ` Tetsuo Handa
2017-06-30 22:30     ` Paul Moore

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).