From: Andrew Cooper <andrew.cooper3@citrix.com>
To: Jan Beulich <JBeulich@suse.com>
Cc: George Dunlap <George.Dunlap@eu.citrix.com>,
xen-devel <xen-devel@lists.xenproject.org>,
dgdegra@tycho.nsa.gov
Subject: Re: [PATCH 2/4] flask: fix error propagation from flask_security_set_bool()
Date: Fri, 7 Feb 2014 13:07:27 +0000 [thread overview]
Message-ID: <52F4DA8F.1040407@citrix.com> (raw)
In-Reply-To: <52F4E7E3020000780011A3D7@nat28.tlf.novell.com>
On 07/02/14 13:04, Jan Beulich wrote:
>>>> On 07.02.14 at 13:56, Andrew Cooper <andrew.cooper3@citrix.com> wrote:
>> On 07/02/14 09:47, Jan Beulich wrote:
>>> The function should return an error when flask_security_make_bools() as
>> when flask_security_make_bools() fails ?
> Oops, yes of course. Corrected.
>
>>> --- a/xen/xsm/flask/flask_op.c
>>> +++ b/xen/xsm/flask/flask_op.c
>>> @@ -364,9 +364,10 @@ static int flask_security_set_bool(struc
>>> else
>>> {
>>> if ( !bool_pending_values )
>>> - flask_security_make_bools();
>>> -
>>> - if ( arg->bool_id >= bool_num )
>>> + rv = flask_security_make_bools();
>>> + if ( !rv && arg->bool_id >= bool_num )
>> Surely you want "rv || arg->" if you want to catch both
>> flask_security_make_bools() failing as well as the input ID being out of
>> range?
> Yes, which is what the code does - it just cares to not clobber "rv"
> if that got already set non-zero from the function call. See the
> context below.
>
> Jan
Ah yes.
Reviewed-by: Andrew Cooper <andrew.cooper3@citrix.com>
>
>>> + rv = -ENOENT;
>>> + if ( rv )
>>> goto out;
>>>
>>> bool_pending_values[arg->bool_id] = !!(arg->new_value);
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> Xen-devel mailing list
>>> Xen-devel@lists.xen.org
>>> http://lists.xen.org/xen-devel
>
>
next prev parent reply other threads:[~2014-02-07 13:07 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-07 9:41 [PATCH 0/4] flask: XSA-84 follow-ups Jan Beulich
2014-02-07 9:46 ` [PATCH 1/4] flask: fix memory leaks Jan Beulich
2014-02-07 12:51 ` Andrew Cooper
2014-02-07 9:47 ` [PATCH 2/4] flask: fix error propagation from flask_security_set_bool() Jan Beulich
2014-02-07 12:56 ` Andrew Cooper
2014-02-07 13:04 ` Jan Beulich
2014-02-07 13:07 ` Andrew Cooper [this message]
2014-02-07 9:47 ` [PATCH 3/4] flask: check permissions first thing in flask_security_set_bool() Jan Beulich
2014-02-07 12:57 ` Andrew Cooper
2014-02-07 9:48 ` [PATCH 4/4] flask: add compat mode guest support Jan Beulich
2014-02-07 11:29 ` [PATCH 0/4] flask: XSA-84 follow-ups George Dunlap
2014-02-10 20:22 ` Daniel De Graaf
2014-02-11 8:02 ` Jan Beulich
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52F4DA8F.1040407@citrix.com \
--to=andrew.cooper3@citrix.com \
--cc=George.Dunlap@eu.citrix.com \
--cc=JBeulich@suse.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).