Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp29405635rwd; Wed, 5 Jul 2023 11:19:01 -0700 (PDT) X-Google-Smtp-Source: APBJJlElEhH7fwEKxKStLf23ow+3Lz2yRDmaBbvqjOZyHBvEwSNcEXyHlPNQwW230j97KpRFWERE X-Received: by 2002:a17:902:f544:b0:1b5:2b12:6f50 with SMTP id h4-20020a170902f54400b001b52b126f50mr15082881plf.12.1688581140968; Wed, 05 Jul 2023 11:19:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1688581140; cv=none; d=google.com; s=arc-20160816; b=Ifz0FquCSKsb+q9XRqCT/rswUGRIEOM4sSqp5L8QxblcPQiWqk44E3bsNp3LSDQpCQ m+/89NcAV4vOtWLV56F2z+SNemsmqThbqbSBvU8n+NI+qDwHOwjuTAb2P7YMeArYdrR6 AghlNzQ3Ops2cbHwSCoWGzc0kGibOWikotm/2LvNMSpqmiaLwd6yUXEzI9MxhJG8vy/k 0wnjw8b4E2ygQmXPznRMYoFsgTtsTLiYheWoJng+1qGT6BCFO48jORFaiFZO4iW/2RVq DE7Jo+M9oNq87U4IZbcWCqPemypRyiYemFNevA+muagHBYu8SAKRX0HAaCIvIGird2Bc /uqA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to :organization:from:content-language:references:cc:to:subject :user-agent:mime-version:date:message-id:dkim-signature; bh=Ml6u5VGqvgonexNAqzQPeVeGEc4fEqTY9Ir/lPqp668=; fh=qfJKl8QmvahIs5unNkdGlRAPjMCU6Q4c9FqyzTVL3WI=; b=cCY8bURV40gcjiOZ+m86QEx7LXarKp/m6BPNH2pHUWePAFSXio4SepcoqfuKC9kGP6 5ddZ8aWqs8Ck+JmEZAcewuEJDARQ6Kq2L3GI2AFxTGoZo5di+XnaHuEeuIc5Nt2ZvApN iN3OQSEw2yi8XNIFoSp9AooXY7Df/z6lZMnkmsCjk0oJ76QcO1rpBaHV0APjWrdwWKQj m5a7c1CGXLa0516eQIDlOoDApjP64L45VGwY/qSmPXcDPtgXRRLpxxbahZ+k1pw8LxtQ Kf+nEsnbIznM7rZc/ZdywC+PD/EgUrqnEYstjr57L942s+AEnlWMGYKbE/nuKhGWFdGV 4vEw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=AzfHjPOo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n2-20020a170902e54200b001b3d6c68bd1si24777616plf.643.2023.07.05.11.18.43; Wed, 05 Jul 2023 11:19:00 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@canonical.com header.s=20210705 header.b=AzfHjPOo; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233322AbjGESCj (ORCPT + 99 others); Wed, 5 Jul 2023 14:02:39 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40530 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233283AbjGESCh (ORCPT ); Wed, 5 Jul 2023 14:02:37 -0400 Received: from smtp-relay-canonical-0.canonical.com (smtp-relay-canonical-0.canonical.com [185.125.188.120]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A467819A2; Wed, 5 Jul 2023 11:02:32 -0700 (PDT) Received: from [192.168.192.83] (unknown [50.47.134.245]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id C2F0E414C5; Wed, 5 Jul 2023 18:02:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1688580150; bh=Ml6u5VGqvgonexNAqzQPeVeGEc4fEqTY9Ir/lPqp668=; h=Message-ID:Date:MIME-Version:Subject:To:Cc:References:From: In-Reply-To:Content-Type; b=AzfHjPOox/m5CoOulzZnHpGWwEKBBxqulnzx2rQ2j1AYoBK1KhcgztMTACpRInTn0 xx7EU/9BRkeGy2QGWjuDDUrjCVThjXLQrjq8UVAKOppxbD9uy9gSk2V35n3vz35Ema LEFJHwuJowPA6ZayZDET+gFpG9BZtQ8G2QpqfleIgEFwTRuntLyS7m9P6OBOaTAf1C ZRfyMWZami/mCsutIfPqphb8dagEYXv7GSx0/a5CczOUuhakm4B161EEbF4PPU6V+j huJeHxppPElk79gu8QRdQKHC/eNEClVXqAuIhhVnCvP+AI/NlalhwgQxj4ViLlYZ0x sp0FDsk8t2xTQ== Message-ID: <30faaa83-bdb3-69b8-1fa9-7c1f4f011045@canonical.com> Date: Wed, 5 Jul 2023 11:02:26 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: [PATCH v1] security: remove duplicate logical judgments in return To: Minjie Du , Paul Moore , James Morris , "Serge E. Hallyn" , Nick Terrell , "moderated list:APPARMOR SECURITY MODULE" , "open list:SECURITY SUBSYSTEM" , open list Cc: opensource.kernel@vivo.com References: <20230704085653.6443-1-duminjie@vivo.com> Content-Language: en-US From: John Johansen Organization: Canonical In-Reply-To: <20230704085653.6443-1-duminjie@vivo.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-4.5 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,NICE_REPLY_A, RCVD_IN_DNSWL_MED,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 7/4/23 01:56, Minjie Du wrote: > Fix: delate duplicate logical judgments: > aa_unpack_u32(e, &perm->allow, NULL); > Please check this. Thank you! > > Signed-off-by: Minjie Du NAK, it is a bug but not in a way that we can do this, which will break the unpack. The first entry is reserved, and for the moment should be skipped. Double loading to &perm->allow, effectively does that but was not what was intended either. There is a patch coming that loads the first entry to a tmp variable and does a check that it is 0. > --- > security/apparmor/policy_unpack.c | 1 - > 1 file changed, 1 deletion(-) > > diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c > index 694fb7a09..2069adf0a 100644 > --- a/security/apparmor/policy_unpack.c > +++ b/security/apparmor/policy_unpack.c > @@ -646,7 +646,6 @@ static bool unpack_perm(struct aa_ext *e, u32 version, struct aa_perms *perm) > return false; > > return aa_unpack_u32(e, &perm->allow, NULL) && > - aa_unpack_u32(e, &perm->allow, NULL) && > aa_unpack_u32(e, &perm->deny, NULL) && > aa_unpack_u32(e, &perm->subtree, NULL) && > aa_unpack_u32(e, &perm->cond, NULL) &&