Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp3822899ybi; Mon, 3 Jun 2019 00:27:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqxnClDc2vHd4TA2Yx2Lt/mS/uo2Om0+t/ibqN0hYTGurUHBRWsLxOaVOn4Wt6dJ+pknHYlE X-Received: by 2002:a17:90a:b111:: with SMTP id z17mr29013584pjq.58.1559546853016; Mon, 03 Jun 2019 00:27:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1559546853; cv=none; d=google.com; s=arc-20160816; b=obnuCtG8YztA3eXm0S73NH3WTUiUHFriJOkkqalSbDEqN9I+YezXge9JM+3WbdGd6R d2rpa31FQXlEA3b6IKyGsbYi1zTyXJ3mNF38AwJ9t9NHI/1jcCYz5GzbypP42KC3D4b9 SjSUp2c2SkArY68eQ90C70qIs3nOu3oug63WJWaUpIOLRAak8nG5LbU5vHnzP79LOdjP ayU6E3a+nZju+NpzJfkDbA9geAGr04AfoAPPrwO5/zOKeacoifb8s6layygzeRbOvOvL DXQAKcRwN1+SHZ1PyCloX4NhFCNDUC32nK8Yrh3fBSuLFnZTszBgviGSqGkY8MiGITau CfcA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=iTUu3d7b9FzAYYjmvVuBAKOXOUdvkARIBZFMJ5+g9jg=; b=V5Y5nX7oQ3cyMRyeCG/HtHPh3Ncta4uv4kHmPPuvqUl7m5C+ZMmswn37sl5ObQFsRM f9OFn2AHT9OcM2f2prqRFWusgIK+felkY/ZC4HWUqhap02DG6mKLsXjdyRrRvQCkVytW squIOMwx0kJgdbZ5Qo9vUlHHRNtXjZ5Nk/YMlyi/Nr6bZnMIx4GSrmbVaGyq6nxAa7vZ vQCDPwYqXULrVWqiVWwYrliubick/UbYpeeQtv3St1g7+USfEMXYGy77z22BlHhvO+Ht iPi6nHcnOYleam5MlzkDPpisH5RrEdn5JdEMijPmBpQ3gzaot0fzppzWuERbGzyeo6p8 9pgw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 9si16136227pjd.48.2019.06.03.00.27.16; Mon, 03 Jun 2019 00:27:33 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726561AbfFCHXo (ORCPT + 99 others); Mon, 3 Jun 2019 03:23:44 -0400 Received: from mail-oi1-f193.google.com ([209.85.167.193]:35564 "EHLO mail-oi1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726272AbfFCHXn (ORCPT ); Mon, 3 Jun 2019 03:23:43 -0400 Received: by mail-oi1-f193.google.com with SMTP id y6so8463913oix.2 for ; Mon, 03 Jun 2019 00:23:43 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iTUu3d7b9FzAYYjmvVuBAKOXOUdvkARIBZFMJ5+g9jg=; b=Mc6HwtkQb0Ve56GtkxfamHp0aKOuR2o6N7U3thRWQ7joPEkPySABnUTOAIt65f7PVK yNEGjHmRqMWIMOLdCXwhlx3KmzmMZkr1qY0cORM/Mh8NtOW6G0rfDcDjXEUqXRR1tp61 X9uExpbno2qtS1SlqlKrLE/fH5/5MPTF9hzhtGBeGoPvpGLq1rMxRFnuf+h/OTEE7env gl0s6u+sZwXwgLHFqb6ntRLR5nCofRNxkh+bZWM/iLI6b/wuy8g1UfdPkNYl27M6K3gg C9YQgynGa2h2M3fdrBuBT4FKKd9qHt7eWXnoPfqzjq12DM/7wWHMFFh6/CZJ6gHShXpL ecpQ== X-Gm-Message-State: APjAAAVpFAZf/CK4mQwn71u88BR4Mo5pV+Q2HVNSyO7GeRDzzfefe9zS 6qmhuze80PO5QG2PLPoWtoSAAirlRVcy93QAmfOQlA== X-Received: by 2002:aca:e887:: with SMTP id f129mr115563oih.156.1559546622977; Mon, 03 Jun 2019 00:23:42 -0700 (PDT) MIME-Version: 1.0 References: <20190601021526.GA8264@zhanggen-UX430UQ> In-Reply-To: <20190601021526.GA8264@zhanggen-UX430UQ> From: Ondrej Mosnacek Date: Mon, 3 Jun 2019 09:23:32 +0200 Message-ID: Subject: Re: [PATCH v3] selinux: lsm: fix a missing-check bug in selinux_sb_eat_lsm_opts() To: Gen Zhang Cc: Paul Moore , Stephen Smalley , Eric Paris , selinux@vger.kernel.org, Linux kernel mailing list , netdev@vger.kernel.org, bpf@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jun 1, 2019 at 4:15 AM Gen Zhang wrote: > In selinux_sb_eat_lsm_opts(), 'arg' is allocated by kmemdup_nul(). It > returns NULL when fails. So 'arg' should be checked. And 'mnt_opts' > should be freed when error. > > Signed-off-by: Gen Zhang > Reviewed-by: Ondrej Mosnacek It looks like you're new to the kernel development community, so let me give you a bit of friendly advice for the future :) You don't need to repost the patch when people give you Acked-by/Reviewed-by/Tested-by (unless there is a different reason to respin/repost the patches). The maintainer goes over the replies when applying the final patch and adds Acked-by/Reviewed-by/... on his/her own. If you *do* need to respin a path for which you have received A/R/T, then you need to distinguish between two cases: 1. Only trivial changes to the patch (only fixed typos, edited commit message, removed empty line, etc. - for example, v1 -> v2 of this patch falls into this category) - in this case you can collect the A/R/T yourself and add them to the new version. This saves the maintainer and the reviewers from redundant work, since the patch is still semantically the same and the A/R/T from the last version still apply. 2. Non-trivial changes to the patch (as is the case for this patch) - in this case your patch needs to be reviewed again and you should disregard all A/R/T from the previous version. You can easily piss someone off if you add their Reviewed-by to a patch they haven't actually reviewed, so be careful ;-) (Someone please correct me if I got it wrong - this is what I gathered so far from my experience.) Good luck in your future work! > Fixes: 99dbbb593fe6 ("selinux: rewrite selinux_sb_eat_lsm_opts()") > --- > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 3ec702c..f329fc0 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -2616,6 +2616,7 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts) > char *from = options; > char *to = options; > bool first = true; > + int ret; > > while (1) { > int len = opt_len(from); > @@ -2635,15 +2636,16 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts) > *q++ = c; > } > arg = kmemdup_nul(arg, q - arg, GFP_KERNEL); > + if (!arg) { > + ret = -ENOMEM; > + goto free_opt; > + } > } > rc = selinux_add_opt(token, arg, mnt_opts); > if (unlikely(rc)) { > + ret = rc; > kfree(arg); > - if (*mnt_opts) { > - selinux_free_mnt_opts(*mnt_opts); > - *mnt_opts = NULL; > - } > - return rc; > + goto free_opt; > } > } else { > if (!first) { // copy with preceding comma > @@ -2661,6 +2663,12 @@ static int selinux_sb_eat_lsm_opts(char *options, void **mnt_opts) > } > *to = '\0'; > return 0; > +free_opt: > + if (*mnt_opts) { > + selinux_free_mnt_opts(*mnt_opts); > + *mnt_opts = NULL; > + } > + return ret; > } > > static int selinux_sb_remount(struct super_block *sb, void *mnt_opts) -- Ondrej Mosnacek Software Engineer, Security Technologies Red Hat, Inc.