Due to commit fb5841091f28 ("apparmor: remove no-op permission check
in policy_unpack"), there is some leftover code.
Coverity reports this issue as Structurally dead code. Fix this by
removing such code.
Addresses-Coverity-ID: 1472998 ("Structurally dead code")
Fixes: fb5841091f28 ("apparmor: remove no-op permission check in policy_unpack")
Signed-off-by: Gustavo A. R. Silva <[email protected]>
---
security/apparmor/policy_unpack.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 3647b58..21cb384 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -422,10 +422,6 @@ static struct aa_dfa *unpack_dfa(struct aa_ext *e)
}
return dfa;
-
-fail:
- aa_put_dfa(dfa);
- return ERR_PTR(-EPROTO);
}
/**
--
2.7.4
On 08/23/2018 06:42 AM, Gustavo A. R. Silva wrote:
thank you for the patch, but a fix for this issue was pushed to apparmor-next yesterday
> Due to commit fb5841091f28 ("apparmor: remove no-op permission check
> in policy_unpack"), there is some leftover code.
>
> Coverity reports this issue as Structurally dead code. Fix this by
> removing such code.
>
> Addresses-Coverity-ID: 1472998 ("Structurally dead code")
> Fixes: fb5841091f28 ("apparmor: remove no-op permission check in policy_unpack")
> Signed-off-by: Gustavo A. R. Silva <[email protected]>
> ---
> security/apparmor/policy_unpack.c | 4 ----
> 1 file changed, 4 deletions(-)
>
> diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
> index 3647b58..21cb384 100644
> --- a/security/apparmor/policy_unpack.c
> +++ b/security/apparmor/policy_unpack.c
> @@ -422,10 +422,6 @@ static struct aa_dfa *unpack_dfa(struct aa_ext *e)
> }
>
> return dfa;
> -
> -fail:
> - aa_put_dfa(dfa);
> - return ERR_PTR(-EPROTO);
> }
>
> /**
>
On 8/23/18 1:21 PM, John Johansen wrote:
> On 08/23/2018 06:42 AM, Gustavo A. R. Silva wrote:
>
> thank you for the patch, but a fix for this issue was pushed to apparmor-next yesterday
>
That's great. Good to know.
Thanks
--
Gustavo
Hi Gustavo,
Thank you for the patch! Yet something to improve:
[auto build test ERROR on security/next]
[also build test ERROR on v4.18 next-20180822]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Gustavo-A-R-Silva/apparmor-remove-dead-code/20180824-005627
base: https://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next
config: i386-randconfig-x079-201833 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
security//apparmor/policy_unpack.c: In function 'unpack_dfa':
>> security//apparmor/policy_unpack.c:445:4: error: label 'fail' used but not defined
goto fail;
^~~~
vim +/fail +445 security//apparmor/policy_unpack.c
736ec752d John Johansen 2010-07-29 414
736ec752d John Johansen 2010-07-29 415 /**
736ec752d John Johansen 2010-07-29 416 * unpack_dfa - unpack a file rule dfa
736ec752d John Johansen 2010-07-29 417 * @e: serialized data extent information (NOT NULL)
736ec752d John Johansen 2010-07-29 418 *
736ec752d John Johansen 2010-07-29 419 * returns dfa or ERR_PTR or NULL if no dfa
736ec752d John Johansen 2010-07-29 420 */
736ec752d John Johansen 2010-07-29 421 static struct aa_dfa *unpack_dfa(struct aa_ext *e)
736ec752d John Johansen 2010-07-29 422 {
736ec752d John Johansen 2010-07-29 423 char *blob = NULL;
736ec752d John Johansen 2010-07-29 424 size_t size;
736ec752d John Johansen 2010-07-29 425 struct aa_dfa *dfa = NULL;
736ec752d John Johansen 2010-07-29 426
736ec752d John Johansen 2010-07-29 427 size = unpack_blob(e, &blob, "aadfa");
736ec752d John Johansen 2010-07-29 428 if (size) {
736ec752d John Johansen 2010-07-29 429 /*
736ec752d John Johansen 2010-07-29 430 * The dfa is aligned with in the blob to 8 bytes
736ec752d John Johansen 2010-07-29 431 * from the beginning of the stream.
dd51c8485 John Johansen 2013-07-10 432 * alignment adjust needed by dfa unpack
736ec752d John Johansen 2010-07-29 433 */
dd51c8485 John Johansen 2013-07-10 434 size_t sz = blob - (char *) e->start -
dd51c8485 John Johansen 2013-07-10 435 ((e->pos - e->start) & 7);
736ec752d John Johansen 2010-07-29 436 size_t pad = ALIGN(sz, 8) - sz;
736ec752d John Johansen 2010-07-29 437 int flags = TO_ACCEPT1_FLAG(YYTD_DATA32) |
abbf87340 John Johansen 2017-01-16 438 TO_ACCEPT2_FLAG(YYTD_DATA32) | DFA_FLAG_VERIFY_STATES;
736ec752d John Johansen 2010-07-29 439 dfa = aa_dfa_unpack(blob + pad, size - pad, flags);
736ec752d John Johansen 2010-07-29 440
736ec752d John Johansen 2010-07-29 441 if (IS_ERR(dfa))
736ec752d John Johansen 2010-07-29 442 return dfa;
736ec752d John Johansen 2010-07-29 443
736ec752d John Johansen 2010-07-29 444 if (!verify_accept(dfa, flags))
736ec752d John Johansen 2010-07-29 @445 goto fail;
736ec752d John Johansen 2010-07-29 446 }
736ec752d John Johansen 2010-07-29 447
736ec752d John Johansen 2010-07-29 448 return dfa;
736ec752d John Johansen 2010-07-29 449 }
736ec752d John Johansen 2010-07-29 450
:::::: The code at line 445 was first introduced by commit
:::::: 736ec752d95e91e77cc0e8c97c057ab076ac2f51 AppArmor: policy routines for loading and unpacking policy
:::::: TO: John Johansen <[email protected]>
:::::: CC: James Morris <[email protected]>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation