From: Dan Carpenter <error27@gmail.com>
To: John Johansen <john.johansen@canonical.com>
Cc: apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org
Subject: [bug report] apparmor: add support loading per permission tagging
Date: Fri, 10 Apr 2026 13:16:56 +0300 [thread overview]
Message-ID: <adjOGC9qtr_9XkgS@stanley.mountain> (raw)
Hello John Johansen,
Commit 3d28e2397af7 ("apparmor: add support loading per permission
tagging") from Apr 1, 2025 (linux-next), leads to the following
Smatch static checker warning:
security/apparmor/policy_unpack.c:883 unpack_tags()
warn: missing error code 'error'
security/apparmor/policy_unpack.c
852 static int unpack_tags(struct aa_ext *e, struct aa_tags_struct *tags,
853 const char **info)
854 {
855 int error = -EPROTO;
856 void *pos = e->pos;
857
858 AA_BUG(!tags);
859 /* policy tags are optional */
860 if (aa_unpack_nameX(e, AA_STRUCT, "tags")) {
861 u32 version;
862
863 if (!aa_unpack_u32(e, &version, "version") || version != 1) {
864 *info = "invalid tags version";
865 goto fail_reset;
866 }
867 error = unpack_strs_table(e, "strs", true, &tags->strs);
868 if (error) {
869 *info = "failed to unpack profile tag.strs";
870 goto fail;
871 }
872 error = unpack_tag_headers(e, tags);
873 if (error) {
874 *info = "failed to unpack profile tag.headers";
875 goto fail;
876 }
877 error = unpack_tagsets(e, tags);
878 if (error) {
879 *info = "failed to unpack profile tag.sets";
880 goto fail;
881 }
882 if (!aa_unpack_nameX(e, AA_STRUCTEND, NULL))
--> 883 goto fail;
set the error code here
884
885 if (!verify_tags(tags, info))
886 goto fail;
and here
887 }
888
889 return 0;
890
891 fail:
892 aa_destroy_tags(tags);
893 fail_reset:
894 e->pos = pos;
895 return error;
896 }
This email is a free service from the Smatch-CI project [smatch.sf.net].
regards,
dan carpenter
next reply other threads:[~2026-04-10 10:17 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-10 10:16 Dan Carpenter [this message]
[not found] <caa37f28-a2e8-4e0a-a9ce-a365ce805e4b@stanley.mountain>
2026-02-09 9:44 ` [bug report] apparmor: add support loading per permission tagging Dan Carpenter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=adjOGC9qtr_9XkgS@stanley.mountain \
--to=error27@gmail.com \
--cc=apparmor@lists.ubuntu.com \
--cc=john.johansen@canonical.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox