| Message ID | 20190126101816.1065-1-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Superseded |
| Headers | show |
| Series | selinux: replace BUG_ONs with WARN_ONs in avc.c | expand |
On 1/26/19 5:18 AM, Ondrej Mosnacek wrote: > These checks are only guarding against programming errors that could > silently grant too many permissions. These cases are better handled with > WARN_ON(), since it doesn't really help much to crash the machine in > this case. > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > --- > security/selinux/avc.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/security/selinux/avc.c b/security/selinux/avc.c > index 3a27418b20d7..84f108f4100a 100644 > --- a/security/selinux/avc.c > +++ b/security/selinux/avc.c > @@ -1059,7 +1059,7 @@ int avc_has_extended_perms(struct selinux_state *state, > int rc = 0, rc2; > > xp_node = &local_xp_node; > - BUG_ON(!requested); > + WARN_ON(!requested); Should this be: if (WARN_ON(!requested)) return -EACCES; > > rcu_read_lock(); > > @@ -1149,7 +1149,7 @@ inline int avc_has_perm_noaudit(struct selinux_state *state, > int rc = 0; > u32 denied; > > - BUG_ON(!requested); > + WARN_ON(!requested); And likewise > > rcu_read_lock(); > >
On Mon, Jan 28, 2019 at 8:23 AM Stephen Smalley <sds@tycho.nsa.gov> wrote: > On 1/26/19 5:18 AM, Ondrej Mosnacek wrote: > > These checks are only guarding against programming errors that could > > silently grant too many permissions. These cases are better handled with > > WARN_ON(), since it doesn't really help much to crash the machine in > > this case. > > > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > > --- > > security/selinux/avc.c | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/security/selinux/avc.c b/security/selinux/avc.c > > index 3a27418b20d7..84f108f4100a 100644 > > --- a/security/selinux/avc.c > > +++ b/security/selinux/avc.c > > @@ -1059,7 +1059,7 @@ int avc_has_extended_perms(struct selinux_state *state, > > int rc = 0, rc2; > > > > xp_node = &local_xp_node; > > - BUG_ON(!requested); > > + WARN_ON(!requested); > > Should this be: > if (WARN_ON(!requested)) > return -EACCES; I think so, it would be bad not to return an error in this case (and the similar one below). > > > > rcu_read_lock(); > > > > @@ -1149,7 +1149,7 @@ inline int avc_has_perm_noaudit(struct selinux_state *state, > > int rc = 0; > > u32 denied; > > > > - BUG_ON(!requested); > > + WARN_ON(!requested); > > And likewise > > > > > rcu_read_lock(); > > > >
On Mon, Jan 28, 2019 at 4:11 PM Paul Moore <paul@paul-moore.com> wrote: > On Mon, Jan 28, 2019 at 8:23 AM Stephen Smalley <sds@tycho.nsa.gov> wrote: > > On 1/26/19 5:18 AM, Ondrej Mosnacek wrote: > > > These checks are only guarding against programming errors that could > > > silently grant too many permissions. These cases are better handled with > > > WARN_ON(), since it doesn't really help much to crash the machine in > > > this case. > > > > > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > > > --- > > > security/selinux/avc.c | 4 ++-- > > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > > > diff --git a/security/selinux/avc.c b/security/selinux/avc.c > > > index 3a27418b20d7..84f108f4100a 100644 > > > --- a/security/selinux/avc.c > > > +++ b/security/selinux/avc.c > > > @@ -1059,7 +1059,7 @@ int avc_has_extended_perms(struct selinux_state *state, > > > int rc = 0, rc2; > > > > > > xp_node = &local_xp_node; > > > - BUG_ON(!requested); > > > + WARN_ON(!requested); > > > > Should this be: > > if (WARN_ON(!requested)) > > return -EACCES; > > I think so, it would be bad not to return an error in this case (and > the similar one below). Makes sense... will send a v2 right away. > > > > > > > rcu_read_lock(); > > > > > > @@ -1149,7 +1149,7 @@ inline int avc_has_perm_noaudit(struct selinux_state *state, > > > int rc = 0; > > > u32 denied; > > > > > > - BUG_ON(!requested); > > > + WARN_ON(!requested); > > > > And likewise > > > > > > > > rcu_read_lock(); > > > > > > > > -- > paul moore > www.paul-moore.com
diff --git a/security/selinux/avc.c b/security/selinux/avc.c index 3a27418b20d7..84f108f4100a 100644 --- a/security/selinux/avc.c +++ b/security/selinux/avc.c @@ -1059,7 +1059,7 @@ int avc_has_extended_perms(struct selinux_state *state, int rc = 0, rc2; xp_node = &local_xp_node; - BUG_ON(!requested); + WARN_ON(!requested); rcu_read_lock(); @@ -1149,7 +1149,7 @@ inline int avc_has_perm_noaudit(struct selinux_state *state, int rc = 0; u32 denied; - BUG_ON(!requested); + WARN_ON(!requested); rcu_read_lock();
These checks are only guarding against programming errors that could silently grant too many permissions. These cases are better handled with WARN_ON(), since it doesn't really help much to crash the machine in this case. Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- security/selinux/avc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)