releases/5.4.160/apparmor-fix-error-check.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From f85077b6f8665792edce275cf61d062f42101308 Mon Sep 17 00:00:00 2001
 From: Sasha Levin <sashal@kernel.org>
 Date: Sun, 4 Oct 2020 07:24:22 -0700
 Subject: apparmor: fix error check

 From: Tom Rix <trix@redhat.com>

 [ Upstream commit d108370c644b153382632b3e5511ade575c91c86 ]

 clang static analysis reports this representative problem:

 label.c:1463:16: warning: Assigned value is garbage or undefined
         label->hname = name;
                      ^ ~~~~

 In aa_update_label_name(), this the problem block of code

 	if (aa_label_acntsxprint(&name, ...) == -1)
 		return res;

 On failure, aa_label_acntsxprint() has a more complicated return
 that just -1.  So check for a negative return.

 It was also noted that the aa_label_acntsxprint() main comment refers
 to a nonexistent parameter, so clean up the comment.

 Fixes: f1bd904175e8 ("apparmor: add the base fns() for domain labels")
 Signed-off-by: Tom Rix <trix@redhat.com>
 Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
 Signed-off-by: John Johansen <john.johansen@canonical.com>
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
  security/apparmor/label.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

 diff --git a/security/apparmor/label.c b/security/apparmor/label.c
 index 5f324d63ceaa3..747a734a08246 100644
 --- a/security/apparmor/label.c
 +++ b/security/apparmor/label.c
 @@ -1459,7 +1459,7 @@ bool aa_update_label_name(struct aa_ns *ns, struct aa_label *label, gfp_t gfp)
  	if (label->hname || labels_ns(label) != ns)
  		return res;

 -	if (aa_label_acntsxprint(&name, ns, label, FLAGS_NONE, gfp) == -1)
 +	if (aa_label_acntsxprint(&name, ns, label, FLAGS_NONE, gfp) < 0)
  		return res;

  	ls = labels_set(label);
 @@ -1709,7 +1709,7 @@ int aa_label_asxprint(char **strp, struct aa_ns *ns, struct aa_label *label,

  /**
   * aa_label_acntsxprint - allocate a __counted string buffer and print label
 - * @strp: buffer to write to. (MAY BE NULL if @size == 0)
 + * @strp: buffer to write to.
   * @ns: namespace profile is being viewed from
   * @label: label to view (NOT NULL)
   * @flags: flags controlling what label info is printed
 --
 2.33.0
	From f85077b6f8665792edce275cf61d062f42101308 Mon Sep 17 00:00:00 2001
	From: Sasha Levin <sashal@kernel.org>
	Date: Sun, 4 Oct 2020 07:24:22 -0700
	Subject: apparmor: fix error check

	From: Tom Rix <trix@redhat.com>

	[ Upstream commit d108370c644b153382632b3e5511ade575c91c86 ]

	clang static analysis reports this representative problem:

	label.c:1463:16: warning: Assigned value is garbage or undefined
	label->hname = name;
	^ ~~~~

	In aa_update_label_name(), this the problem block of code

	if (aa_label_acntsxprint(&name, ...) == -1)
	return res;

	On failure, aa_label_acntsxprint() has a more complicated return
	that just -1. So check for a negative return.

	It was also noted that the aa_label_acntsxprint() main comment refers
	to a nonexistent parameter, so clean up the comment.

	Fixes: f1bd904175e8 ("apparmor: add the base fns() for domain labels")
	Signed-off-by: Tom Rix <trix@redhat.com>
	Reviewed-by: Nick Desaulniers <ndesaulniers@google.com>
	Signed-off-by: John Johansen <john.johansen@canonical.com>
	Signed-off-by: Sasha Levin <sashal@kernel.org>
	---
	security/apparmor/label.c \| 4 ++--
	1 file changed, 2 insertions(+), 2 deletions(-)

	diff --git a/security/apparmor/label.c b/security/apparmor/label.c
	index 5f324d63ceaa3..747a734a08246 100644
	--- a/security/apparmor/label.c
	+++ b/security/apparmor/label.c
	@@ -1459,7 +1459,7 @@ bool aa_update_label_name(struct aa_ns ns, struct aa_label label, gfp_t gfp)
	if (label->hname \|\| labels_ns(label) != ns)
	return res;

	- if (aa_label_acntsxprint(&name, ns, label, FLAGS_NONE, gfp) == -1)
	+ if (aa_label_acntsxprint(&name, ns, label, FLAGS_NONE, gfp) < 0)
	return res;

	ls = labels_set(label);
	@@ -1709,7 +1709,7 @@ int aa_label_asxprint(char *strp, struct aa_ns ns, struct aa_label *label,

	/**
	* aa_label_acntsxprint - allocate a __counted string buffer and print label
	- * @strp: buffer to write to. (MAY BE NULL if @size == 0)
	+ * @strp: buffer to write to.
	* @ns: namespace profile is being viewed from
	* @label: label to view (NOT NULL)
	* @flags: flags controlling what label info is printed
	--
	2.33.0