From: Paul Moore <paul.moore@hp.com>
To: etienne <etienne.basset@numericable.fr>
Cc: Casey Schaufler <casey@schaufler-ca.com>,
"Linux-Kernel" <linux-kernel@vger.kernel.org>,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH] SMACK netlabel fixes
Date: Thu, 19 Feb 2009 10:24:50 -0500 [thread overview]
Message-ID: <200902191024.50198.paul.moore@hp.com> (raw)
In-Reply-To: <499C7A98.7000907@numericable.fr>
On Wednesday 18 February 2009 04:16:08 pm etienne wrote:
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 0278bc0..427595e 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -1498,10 +1498,7 @@ static int smack_socket_post_create(struct socket
> *sock, int family, * looks for host based access restrictions
> *
> * This version will only be appropriate for really small
> - * sets of single label hosts. Because of the masking
> - * it cannot shortcut out on the first match. There are
> - * numerious ways to address the problem, but none of them
> - * have been applied here.
> + * sets of single label hosts.
> *
> * Returns the label of the far end or NULL if it's not special.
> */
> @@ -1512,41 +1509,22 @@ static char *smack_host_label(struct sockaddr_in
> *sip) struct in_addr *siap = &sip->sin_addr;
> struct in_addr *liap;
> struct in_addr *miap;
> - struct in_addr bestmask;
>
> if (siap->s_addr == 0)
> return NULL;
>
> - bestmask.s_addr = 0;
> -
> for (snp = smack_netlbladdrs; snp != NULL; snp = snp->smk_next) {
> liap = &snp->smk_host.sin_addr;
> miap = &snp->smk_mask;
Unless I'm mistaken the 'liap' and 'miap' variables are only used once inside
the for loop, why not remove them and simply reference 'snp' directly?
> /*
> - * If the addresses match after applying the list entry mask
> - * the entry matches the address. If it doesn't move along to
> - * the next entry.
> - */
> - if ((liap->s_addr & miap->s_addr) !=
> - (siap->s_addr & miap->s_addr))
> - continue;
> - /*
> - * If the list entry mask identifies a single address
> - * it can't get any more specific.
> - */
> - if (miap->s_addr == 0xffffffff)
> - return snp->smk_label;
> - /*
> - * If the list entry mask is less specific than the best
> - * already found this entry is uninteresting.
> + * we break after finding the first match because
> + * the list is sorted from longest to shortest mask
> + * so we have found the most specific match
> */
> - if ((miap->s_addr | bestmask.s_addr) == bestmask.s_addr)
> - continue;
> - /*
> - * This is better than any entry found so far.
> - */
> - bestmask.s_addr = miap->s_addr;
> - bestlabel = snp->smk_label;
> + if (liap->s_addr == (siap->s_addr & miap->s_addr)) {
> + bestlabel = snp->smk_label;
> + break;
This is being a bit nit-picky, but why not get rid of 'bestlabel' completely
and instead of breaking here simply reutn 'snp->smk_label'? If we ever reach
the end of the function (no match) just return NULL.
> + }
> }
>
> return bestlabel;
...
> @@ -663,12 +659,10 @@ static int netlbladdr_seq_show(struct seq_file *s,
> void *v) {
> struct smk_netlbladdr *skp = (struct smk_netlbladdr *) v;
> unsigned char *hp = (char *) &skp->smk_host.sin_addr.s_addr;
> - __be32 bebits;
> int maskn = 0;
> + u32 temp_mask = be32_to_cpu(skp->smk_mask.s_addr);
>
> - for (bebits = BEMASK; bebits != 0; maskn++, bebits <<= 1)
> - if ((skp->smk_mask.s_addr & bebits) == 0)
> - break;
> + for ( ; temp_mask; temp_mask <<= 1, maskn++);
More nit-picky stuff :) Why not set 'maskn' to zero inside the for loop
construct instead of at the top of the function? There is less chance for
error this way if someone else touches the code.
> seq_printf(s, "%u.%u.%u.%u/%d %s\n",
> hp[0], hp[1], hp[2], hp[3], maskn, skp->smk_label);
...
> @@ -702,6 +696,40 @@ static int smk_open_netlbladdr(struct inode *inode,
> struct file *file) }
>
> /**
> + * smk_netlbladdr_insert
> + * @new : netlabel to insert
> + *
> + * This helper insert netlabel in the smack_netlbladdrs list
> + * sorted by netmask length (longest to smallest)
> + */
> +static void smk_netlbladdr_insert(struct smk_netlbladdr *new)
> +{
> + struct smk_netlbladdr *m;
An empty line here might be nice.
> + if (smack_netlbladdrs == NULL) {
> + smack_netlbladdrs = new;
> + return;
> + }
I would prefer another one here, if that is okay with you.
> + /** the comparison '>' is a bit hacky, but works */
Why start the comment with '/**', using a single '*' works just fine.
> + if (new->smk_mask.s_addr > smack_netlbladdrs->smk_mask.s_addr) {
> + new->smk_next = smack_netlbladdrs;
> + smack_netlbladdrs = new;
> + return;
> + }
> + for (m = smack_netlbladdrs; m != NULL; m = m->smk_next) {
> + if (m->smk_next == NULL) {
> + m->smk_next = new;
> + return;
> + }
> + if (new->smk_mask.s_addr > m->smk_next->smk_mask.s_addr) {
> + new->smk_next = m->smk_next;
> + m->smk_next = new;
> + return;
> + }
> + }
As Casey mentioned earlier (and has been brough up in the past), you should
heavily consider using the list.h constructs, it would make life much easier
here and elsewhere.
Bonus points if you convert the other Smack lists to using the list.h bits.
> +}
...
> +/**
> * smk_write_netlbladdr - write() for /smack/netlabel
> * @filp: file pointer, not actually used
> * @buf: where to get the data from
> @@ -724,8 +752,9 @@ static ssize_t smk_write_netlbladdr(struct file *file,
> const char __user *buf, struct netlbl_audit audit_info;
> struct in_addr mask;
> unsigned int m;
> - __be32 bebits = BEMASK;
> + u32 mask_bits = (1<<31);
Why not just enter the value directly here? It would be much clearer I think.
--
paul moore
linux @ hp
next prev parent reply other threads:[~2009-02-19 15:25 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <fa.O38YY4pVfLlMFJNBI3mhgn+qOcQ@ifi.uio.no>
[not found] ` <fa.c87eBVWyCqqi9h1c54QlwKDAIbg@ifi.uio.no>
[not found] ` <fa.f7jv/+EnhNJziduAqQS3XHiU6/A@ifi.uio.no>
[not found] ` <fa.1A5YyyPb1uCn//vnk7baNJGI0IM@ifi.uio.no>
[not found] ` <fa.HFpMNTzIQ1+pODZB3+XkfnipCfo@ifi.uio.no>
[not found] ` <fa.3IBoeBnwT1eZcqeO6DAE1tHBYc4@ifi.uio.no>
2009-02-17 20:01 ` [PATCH] SMACK netfilter smacklabel socket match etienne
2009-02-17 20:32 ` [PATCH] SMACK smacklabel : apply &MASK to IP inserted in /smack/netlabel etienne
2009-02-17 23:54 ` Paul Moore
2009-02-18 6:01 ` Casey Schaufler
2009-02-18 7:25 ` etienne
2009-02-17 22:39 ` [PATCH] SMACK netfilter smacklabel socket match David Miller
2009-02-17 23:52 ` Paul Moore
2009-02-18 7:23 ` etienne
2009-02-18 15:05 ` Paul Moore
2009-02-18 17:09 ` Casey Schaufler
2009-02-18 19:35 ` etienne
2009-02-18 20:55 ` Paul Moore
2009-02-20 4:36 ` Casey Schaufler
2009-02-20 18:26 ` etienne
2009-02-18 18:29 ` etienne
2009-02-18 19:06 ` Casey Schaufler
2009-02-18 21:16 ` [PATCH] SMACK netlabel fixes etienne
2009-02-19 5:50 ` Casey Schaufler
2009-02-19 15:24 ` Paul Moore [this message]
2009-02-19 23:22 ` [PATCH] SMACK netlabel fixes v2 etienne
2009-02-20 16:11 ` Paul Moore
2009-02-18 19:18 ` [PATCH] SMACK netfilter smacklabel socket match Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200902191024.50198.paul.moore@hp.com \
--to=paul.moore@hp.com \
--cc=casey@schaufler-ca.com \
--cc=etienne.basset@numericable.fr \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox