From patchwork Sat Aug 13 20:38:22 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 9279323
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	0229760231
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Sun, 14 Aug 2016 11:50:05 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E75CE28A01
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Sun, 14 Aug 2016 11:50:04 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id DB83428A4A; Sun, 14 Aug 2016 11:50:04 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7636928A01
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Sun, 14 Aug 2016 11:50:04 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S965320AbcHNLuC (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Sun, 14 Aug 2016 07:50:02 -0400
Received: from nm22-vm1.bullet.mail.bf1.yahoo.com ([98.139.212.127]:44910
	"EHLO nm22-vm1.bullet.mail.bf1.yahoo.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S964867AbcHNLuB (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Sun, 14 Aug 2016 07:50:01 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
	t=1471120705; bh=xRjMFdREB1Cb/vKIV1IvZEvPWhXes34Ah/zFQg/8K0g=;
	h=Subject:To:References:Cc:From:Date:In-Reply-To:From:Subject;
	b=peTFQnXFqMmabPGtjtZjlw9F8IpSDZjJS0Z3aInqjt+QRpryqOswD+/AR3xmgyve0+DA0aagaiwNtskoA+2iGL0RZa6nVioTWJuSlRF8GoWnTNDLKxk9lyn2S4qYhvWunF6D4BptqMtqrIJ9kRvr5OAJLP3yBo9ZyFSLLTDUlHDk7rKbe0uLD8F1cY/c6r6HECl5v6XHLsNkiKC+tK+Ixri+vUgheZe0f+Rr7rBO9kZKMmxiWissMl7m44Zz6xzXVLRWa0cOtY8PtRpTQuKJwllf+MVNCrr5+Q4pNfFmizvMtMe3ybXL7Ft9+wntJKSF1pB/cI7eFikNYfajRgM+qw==
Received: from [98.139.215.140] by nm22.bullet.mail.bf1.yahoo.com with NNFMP;
	13 Aug 2016 20:38:25 -0000
Received: from [98.139.211.205] by tm11.bullet.mail.bf1.yahoo.com with NNFMP;
	13 Aug 2016 20:38:25 -0000
Received: from [127.0.0.1] by smtp214.mail.bf1.yahoo.com with NNFMP;
	13 Aug 2016 20:38:25 -0000
X-Yahoo-Newman-Id: 407935.43964.bm@smtp214.mail.bf1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: RmQuSVUVM1m3BHjOz4mR7shZ8KVvOsXYUTe_XevjMpAUMOi
	JjxqZSJZETY9GwCE2NENbM2WYrwU7Q2fgNVut0gba8pfbSr2SZH.3qA1e1qE
	V.6f3gGlpKmA7m52SGnSBlg5ad4psxF6vXdNFjFABjb4pI.mnEXnLxbJAQoD
	1W8lBOKpIUtuuWpexArS5Fby2SAN6Nt_9HwwL8s2kVoGO3HhLqZqMObjEX2o
	BAO4EYOJo7jf2ZJfT2Ufkco6FVSdogB1a0S4hDYn1k.mvFBsRqtGZBAn62ff
	lZEZNAb5t7MYNMTYewR7cTxe3H48WH4VBIJEJ3LTf4mH7bJx5LtCfKyEBKmF
	IsxzQkU.4qNoEQVzPxK3oo1lFn2AqJ2q5VJVv9ZIHiJYklrX51IPwgqSXS1l
	PJHxfdWvRCnv9YsOcTvQje4tHpLEGvUdJxpAzlF03iik4r2AHrY.6sf42XtS
	Nlgea0V0qhup9BBpUpUORPkzX3Adb6UQfUCx_OY8ypPanHRrEVtk_0GRmjLz
	wPV4Y9El9QlIkKgJYtpRoRo85VZXI7UwnJgdkSTPiYJ8QWXpnhN60_hTq1rJ
	gcwYGU7roU.3C
X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw--
Subject: [PATCH 24/25] LSM: Less agressive debug code in blob allocation
To: LSM <linux-security-module@vger.kernel.org>,
	James Morris <jmorris@namei.org>
References: <801ef9a9-e594-387c-f285-8d90879ee2bf@schaufler-ca.com>
Cc: John Johansen <john.johansen@canonical.com>,
	Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
	Paul Moore <paul@paul-moore.com>, Stephen Smalley <sds@tycho.nsa.gov>
From: Casey Schaufler <casey@schaufler-ca.com>
Message-ID: <77a39fca-4e06-a2e5-4264-1c972cd001ef@schaufler-ca.com>
Date: Sat, 13 Aug 2016 13:38:22 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101
	Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <801ef9a9-e594-387c-f285-8d90879ee2bf@schaufler-ca.com>
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

Subject: [PATCH 24/25] LSM: Less agressive debug code in blob allocation

The debug code warning about allocating blobs for data structures
that are not freed should not abort the allocation process.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/security.c | 32 ++++++++------------------------
 1 file changed, 8 insertions(+), 24 deletions(-)

diff --git a/security/security.c b/security/security.c
index e194679..dc7506e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -196,10 +196,8 @@ void __init security_add_hooks(struct security_hook_list *hooks, int count,
 int lsm_cred_alloc(struct cred *cred, gfp_t gfp)
 {
 #ifdef CONFIG_SECURITY_STACKING_DEBUG
-	if (cred->security) {
+	if (cred->security)
 		pr_info("%s: Inbound cred blob is not NULL.\n", __func__);
-		return 0;
-	}
 #endif
 	if (blob_sizes.lbs_cred == 0)
 		return 0;
@@ -254,10 +252,8 @@ void __init security_add_blobs(struct lsm_blob_sizes *needed)
 int lsm_file_alloc(struct file *file)
 {
 #ifdef CONFIG_SECURITY_STACKING_DEBUG
-	if (file->f_security) {
+	if (file->f_security)
 		pr_info("%s: Inbound file blob is not NULL.\n", __func__);
-		return 0;
-	}
 #endif
 	if (blob_sizes.lbs_file == 0)
 		return 0;
@@ -279,10 +275,8 @@ int lsm_file_alloc(struct file *file)
 int lsm_inode_alloc(struct inode *inode)
 {
 #ifdef CONFIG_SECURITY_STACKING_DEBUG
-	if (inode->i_security) {
+	if (inode->i_security)
 		pr_info("%s: Inbound inode blob is not NULL.\n", __func__);
-		return 0;
-	}
 #endif
 	if (blob_sizes.lbs_inode == 0)
 		return 0;
@@ -304,10 +298,8 @@ int lsm_inode_alloc(struct inode *inode)
 int lsm_ipc_alloc(struct kern_ipc_perm *kip)
 {
 #ifdef CONFIG_SECURITY_STACKING_DEBUG
-	if (kip->security) {
+	if (kip->security)
 		pr_info("%s: Inbound ipc blob is not NULL.\n", __func__);
-		return 0;
-	}
 #endif
 	if (blob_sizes.lbs_ipc == 0)
 		return 0;
@@ -330,10 +322,8 @@ int lsm_ipc_alloc(struct kern_ipc_perm *kip)
 int lsm_key_alloc(struct key *key)
 {
 #ifdef CONFIG_SECURITY_STACKING_DEBUG
-	if (key->security) {
+	if (key->security)
 		pr_info("%s: Inbound key blob is not NULL.\n", __func__);
-		return 0;
-	}
 #endif
 	if (blob_sizes.lbs_key == 0)
 		return 0;
@@ -356,10 +346,8 @@ int lsm_key_alloc(struct key *key)
 int lsm_msg_msg_alloc(struct msg_msg *mp)
 {
 #ifdef CONFIG_SECURITY_STACKING_DEBUG
-	if (mp->security) {
+	if (mp->security)
 		pr_info("%s: Inbound msg_msg blob is not NULL.\n", __func__);
-		return 0;
-	}
 #endif
 	if (blob_sizes.lbs_msg_msg == 0)
 		return 0;
@@ -382,10 +370,8 @@ int lsm_msg_msg_alloc(struct msg_msg *mp)
 int lsm_sock_alloc(struct sock *sock, gfp_t priority)
 {
 #ifdef CONFIG_SECURITY_STACKING_DEBUG
-	if (sock->sk_security) {
+	if (sock->sk_security)
 		pr_info("%s: Inbound sock blob is not NULL.\n", __func__);
-		return 0;
-	}
 #endif
 	if (blob_sizes.lbs_sock == 0)
 		return 0;
@@ -407,10 +393,8 @@ int lsm_sock_alloc(struct sock *sock, gfp_t priority)
 int lsm_superblock_alloc(struct super_block *sb)
 {
 #ifdef CONFIG_SECURITY_STACKING_DEBUG
-	if (sb->s_security) {
+	if (sb->s_security)
 		pr_info("%s: Inbound superblock blob is not NULL.\n", __func__);
-		return 0;
-	}
 #endif
 	if (blob_sizes.lbs_superblock == 0)
 		return 0;