From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qv1-f43.google.com (mail-qv1-f43.google.com [209.85.219.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 909FE3D0922 for ; Wed, 6 May 2026 23:43:11 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.43 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778110992; cv=none; b=f43WsQK/wOMvngCVCGCUnyiqpBAiUxVOf1v37LHfqMXqe4EhY1VHbQNUFww6f16B8akm4yT2U7byZgzm03r396RMSqT26GBouzmGJ8M5jxYl2Oi+DLD5y7pYNhWMbYszvIENnmE6TshoG677Ap6QD1CtpEk+UhzugT9MHR9zBzU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778110992; c=relaxed/simple; bh=oZeuB7KL3zxAy0hmmydSyNOyTpvCA0EJ5yCTrgACFiw=; h=Date:Message-ID:MIME-Version:Content-Type:From:To:Cc:Subject: References:In-Reply-To; b=Vhjg3Tz3tXmIrOKZvrH+C0HqCagdEezudbkyFjnWoG5TYkYoqJsIfYhFsiY6KDd9lr/H+oqJaVGdbw7OQOcNrmkpyfcEwpXz9DYSDXolc8dShPQt9WFYdgkPEAK26n4iTi3HK2UqXkhWDOkKck3DqaJUjGKFR4NtCFHyZCB8wjI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com; spf=pass smtp.mailfrom=paul-moore.com; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b=Ton4jxpI; arc=none smtp.client-ip=209.85.219.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="Ton4jxpI" Received: by mail-qv1-f43.google.com with SMTP id 6a1803df08f44-8b4000e51fdso2253936d6.1 for ; Wed, 06 May 2026 16:43:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1778110990; x=1778715790; darn=vger.kernel.org; h=in-reply-to:references:subject:cc:to:from:content-transfer-encoding :mime-version:message-id:date:from:to:cc:subject:date:message-id :reply-to; bh=VcoKkFtwd0iz1211ZD1T22G5ji+Vy50EaZ+dpwZh4m8=; b=Ton4jxpIAnalznL68qUYp56abwnTSeBgk2RF+7LrgmYFwmDnSJU0iAxsfi2Uj7TDj/ bVFG1+2mlmsXU5r7PVcX6qAD12qU8XhfyaaBhux5qGNgTmRlOzJoswpc1GNjx6yrd2M3 objXM7BsgVLx5dPt3LvPLJn9LzYNN9cOym4ug3Kq3OiTieBNhimP9DD4cWqwr2khAnha pSkHs1niEXlQmKwKmqJp9drwC5VEs+ETVr8Gb8jGkMBChspCBmVTTWmQbjTMy548Y4np HS/iCyNBHElh375o4o3bwRnsJMqs8QeSM1H8bIo0beq9V6EF+g9LE1TFTcXjNMTtDrQj ssFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778110990; x=1778715790; h=in-reply-to:references:subject:cc:to:from:content-transfer-encoding :mime-version:message-id:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VcoKkFtwd0iz1211ZD1T22G5ji+Vy50EaZ+dpwZh4m8=; b=Nh0MjxbSqTHl5hLCQfDX4IyGL5LdFkSI+akmo318JXrYBlQVbS/hGO8Eb4K1f9fSD0 Kr5eszmLl36/DK0hlr0WAQFi8q/a8kOb2PXeiaPQmZ5uodcIuPsfe31mP0AlbflAm+P1 KyyVzsSZG9VcBDJqA6ZW7+GGnqIKqvke6t68BIOoAn6863DzBhO6ynbFr2717gqCBxGD lT0Bi1RiU2rB5QFQrRXEYScfW6Udfo7GoOkH80O4Xvq16vatHfkD2oG3SwAdGnq062DR LWjuA82F4isYg7dvjzmxkNlgoWQaWHrsQqO+lK5Z4sPB5DrnhvXazSabcZefI3HO9oGY qwQA== X-Forwarded-Encrypted: i=1; AFNElJ9Iu1rAV/wFyKFi6W780nmZQ71kLY1oVKECvCymACPXclE+/VhetWEVxnXQ+tzvI9Ga9VkXTInv8q6WmJk=@vger.kernel.org X-Gm-Message-State: AOJu0Yz643Ahl/8qnLhhyEsZTGI4IkgfBP1GqvgqGsUhhWyEXoN9Bzzq imfiBd/j+DZ2B1JFV965DnyiKQPa+/v1/Zn9qaKDK5BRVmAq0GA8ii0ICZvtUshZ5A== X-Gm-Gg: AeBDieuX/JmF49a+r7wkN/jUItKCR+xl31gf5xT9GnfBIzOKijIAzW1cyy8zykEVSKs b33+z8/aG5S4Il7l33hYtZalxOU4zAJ/TTWcNpIru/K8IpnbRTeWT4N5lJBGbnPJG0MRum4Zlmc c8Gxq6GBlmtA6SxDfagyvTeBTEvM663r9k2G9nSV6+TWNYHnJol2ImuA63OoiOKSfs6J2J9t1RF Szj80cw6pKiqOlE8RIpGxNBZhmvfkQddqvWF3U2cXjEFgjg6q6HO80LanBE1Ff8E+p37wfROCC7 Ep6iaxebdzwpongLpC5RwNqThMaClP1zMbbe5K4afHA3tZCM1+wnCBQ9Pt+eT/CXj3vO/AnhSEk Iy6decj8CeI0TzcHDLtH6xSuDoAPzqH8gnQkbdN2EoTahFA9QGc1p/eMTf3uJ2n+H1U4BBv6Da1 4N6ZQNUjij9l1ijG8T3Jr/z9JuEaAd2p/jj+EtwOJ5in3eMvnrS8CEROT7zk/IrhY/YZf6WtJDh A72gHw= X-Received: by 2002:ad4:5d44:0:b0:8ac:b137:c4ec with SMTP id 6a1803df08f44-8bc42492c98mr79227136d6.5.1778110990521; Wed, 06 May 2026 16:43:10 -0700 (PDT) Received: from localhost (pool-71-126-255-178.bstnma.fios.verizon.net. [71.126.255.178]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8b538b1d953sm216990586d6.3.2026.05.06.16.43.09 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 06 May 2026 16:43:09 -0700 (PDT) Date: Wed, 06 May 2026 19:43:09 -0400 Message-ID: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Mailer: pstg-pwork:20260506_1600/pstg-lib:20260506_1556/pstg-pwork:20260506_1600 From: Paul Moore To: =?UTF-8?q?Christian=20G=C3=B6ttsche?= , selinux@vger.kernel.org Cc: =?UTF-8?q?Christian=20G=C3=B6ttsche?= , Stephen Smalley , Ondrej Mosnacek , linux-kernel@vger.kernel.org, Eric Suen , Canfeng Guo Subject: Re: [PATCH v3 7/14] selinux: check type attr map overflows References: <20250511173055.406906-7-cgoettsche@seltendoof.de> In-Reply-To: <20250511173055.406906-7-cgoettsche@seltendoof.de> On May 11, 2025 =?UTF-8?q?Christian=20G=C3=B6ttsche?= wrote: > > Validate that no types with an invalid too high ID are present in the > attribute map. Gaps are still not checked. > > Signed-off-by: Christian Göttsche > Acked-by: Stephen Smalley > --- > v3: squash with previous patch ("selinux: introduce > ebitmap_highest_set_bit()") > --- > security/selinux/ss/ebitmap.c | 27 +++++++++++++++++++++++++++ > security/selinux/ss/ebitmap.h | 1 + > security/selinux/ss/policydb.c | 5 +++++ > 3 files changed, 33 insertions(+) I changed the name to ebitmap_get_highest_set_bit(), but otherwise this looks good to me, merged to selinux/dev, thanks. -- paul-moore.com