Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp806916ybt; Wed, 17 Jun 2020 14:41:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz8rCj1BL3VwWXXFNbX2jQEG8Ho9QBb8Q/aNAow3cbINdfrysyEWMWau3OsjAAofaz/Y/w0 X-Received: by 2002:a17:906:784c:: with SMTP id p12mr1083054ejm.123.1592430110962; Wed, 17 Jun 2020 14:41:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592430110; cv=none; d=google.com; s=arc-20160816; b=xe3fm72QyFEbViuxTGrO0is9vp6/uZPJM3ph3l00YLqiFkIiGjNzXfRoMTB8Bm2c07 BpAP2HqDwANeGGUpnr66Cklk+q1WDlIrXZzIbtSa+YF1aVehuECljXqgyEr/z8SMcbA+ xYeDMePCxqUlqSrtsbWvbGAtz1tTrCOABZ3Bc8Ba98cqKqua7CMZdYo9g+hpMeZdoKNK Xb6c+W0b1qfLTUFxNdBfuZMDZ4Fi2l9YuD8jiZ/vvV9BVnSuMaZYBHNUDDmQWpf7DPfF I0A3ErkrLcDtaPT6Y27YgheCDlri4lWaVVGIUCj9wQzWH3bD425q7q2qwGDXEOUjbXBb SjRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=ImI8Ok+4hTrVgMnlUOodKQsTvi7BmFR+KaXLQR11ZeI=; b=o1RmzoxdX0YqGRtt5K/thnxN44pyeJYeucdxOYd5QfkJwfhp28R/HhsRwSaywJcIUk LFyo9nAT5QdpR10ocLUvik+2G4qCaZU511sxUMJRbC/ZR9ACDfRMNvtQXUXxN4rFxaZ6 Rfn41pzA0GLMYM+JkVMrq0r5/FAtJ/qU9TmZOYEY2p25mjm8BpklLKBbM7eqA7cCB/G4 HQbFY12pv8njnx7gwDL5Ks2Gjdb4xnTT63TrXvi29J57pQAVgpG9nXOwU1P7w4cEsFHm yLmYYl0naV4RY18zykMRFMu5Uzs5r/UTwZ3LpZ0IHYtm5JoJodrHZyj7sZa9dHkOm+wM o8lA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=bWeuEGbx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q12si645878ejx.280.2020.06.17.14.41.28; Wed, 17 Jun 2020 14:41:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20150623.gappssmtp.com header.s=20150623 header.b=bWeuEGbx; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727071AbgFQVj1 (ORCPT + 99 others); Wed, 17 Jun 2020 17:39:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41190 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727000AbgFQVj0 (ORCPT ); Wed, 17 Jun 2020 17:39:26 -0400 Received: from mail-ej1-x643.google.com (mail-ej1-x643.google.com [IPv6:2a00:1450:4864:20::643]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id F2417C061755 for ; Wed, 17 Jun 2020 14:39:25 -0700 (PDT) Received: by mail-ej1-x643.google.com with SMTP id p20so4144817ejd.13 for ; Wed, 17 Jun 2020 14:39:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ImI8Ok+4hTrVgMnlUOodKQsTvi7BmFR+KaXLQR11ZeI=; b=bWeuEGbxKUp0jXrRtQ/5nd/WrZaDrcxBK6Jyx8TLWnAVAx3o6u9Sqc+OZNGYldS5ed jIkDNUmJId0Z1cmQzbrgTgrHQhpdtSRR3HltaFucCJfncZJIhyNbr3xWbH05F2HoMQFS MyyRMQ2yKC1B8mI6JQ53DdiNlSiD9w5QPcU0BmcgaDdwjCQeXGDWQjq76W5ISLWOF+Zu IDhMdmHHGwe+kOHXmkkSB52LBxhlfAy6iHSRoQKoeLlyJnoMVwPbBUhxeKV3QVJx4+0f 9GZElLuH4ywSm2+p9yievsmbujUlOkEqyCIGA3086WPOiUxLd5ow0xCLPMSrifpozBkQ mHyA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ImI8Ok+4hTrVgMnlUOodKQsTvi7BmFR+KaXLQR11ZeI=; b=YBz4HRCOFKVJNLUu4rO7P6cyhCtK9ecI9YQEHANe+nBcXzU2RTPNX2+lgbCEvTdLsZ aa4Y4of2TXXd9dkbZRtzJxN4oO3di2Twa3/Lq8uI+qdm49WMrX4MzwDIx5WAXGVqE5AO H32Xl/iJFLQe2SI67T68Wj0Bjp0QusKVVvriXzUoen9qOM8wPIuaeHN0K23vUG9R9UE4 0on+W+Mh5IHd6jObk/gb/noP35/Na+q8gpvvkMCFyST2fndb5L+alQFR+17fO0kgzSx8 XRNO97LehUi2j4x8eFQNh+zg2iJG5A2WKYy6zac0Ec/yzsTPcG7WDZnqqEbV8+7VEMd1 Ce5w== X-Gm-Message-State: AOAM530Qp7dyHdg/wt228lllMUy2lw/iARGPhru/BZhYLWb+2p5Sc6QJ R27Niq+01kmGI3vQMR+Tp7lUt9d95UnWO+4MWi38Sb8= X-Received: by 2002:a17:906:ecef:: with SMTP id qt15mr1075750ejb.91.1592429964536; Wed, 17 Jun 2020 14:39:24 -0700 (PDT) MIME-Version: 1.0 References: <20200617124028.14130-1-trix@redhat.com> In-Reply-To: From: Paul Moore Date: Wed, 17 Jun 2020 17:39:13 -0400 Message-ID: Subject: Re: [PATCH] selinux: fix undefined return of cond_evaluate_expr To: trix@redhat.com Cc: Stephen Smalley , Eric Paris , Ondrej Mosnacek , weiyongjun1@huawei.com, SElinux list , linux-kernel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jun 17, 2020 at 4:51 PM Paul Moore wrote: > On Wed, Jun 17, 2020 at 9:58 AM Stephen Smalley > wrote: > > On Wed, Jun 17, 2020 at 8:40 AM wrote: > > > > > > From: Tom Rix > > > > > > clang static analysis reports an undefined return > > > > > > security/selinux/ss/conditional.c:79:2: warning: Undefined or garbage value returned to caller [core.uninitialized.UndefReturn] > > > return s[0]; > > > ^~~~~~~~~~~ > > > > > > static int cond_evaluate_expr( ... > > > { > > > u32 i; > > > int s[COND_EXPR_MAXDEPTH]; > > > > > > for (i = 0; i < expr->len; i++) > > > ... > > > > > > return s[0]; > > > > > > When expr->len is 0, the loop which sets s[0] never runs. > > > > > > So return -1 if the loop never runs. > > > > > > Signed-off-by: Tom Rix > > > > Acked-by: Stephen Smalley > > > > clang didn't complain about the similar pattern in > > security/selinux/ss/services.c:constraint_expr_eval()? > > Related question: I appreciate the work you are doing Tom, can you > share how far along you are testing the SELinux code with clang? I > ask because it would be nice to roll all of these patches up into one > PR for Linus instead of sending multiple updates. Regardless, this patch looks good to me too so I've merged it into the selinux/stable-5.8 branch with the others. Thank you. It would still be nice to know if there are other clang failures you are working on fixing or if this is it for awhile. -- paul moore www.paul-moore.com