summaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
authorXiu Jianfeng <xiujianfeng@huawei.com>2022-06-17 11:44:12 +0200
committerPaul Moore <paul@paul-moore.com>2022-06-21 03:05:40 +0200
commitef54ccb61616d8293bc68220d88a8e74271141b5 (patch)
tree5e92d231c0ecd7331cec51bfa272edc7c8f06e31 /security/selinux
parentselinux: Add boundary check in put_entry() (diff)
downloadlinux-ef54ccb61616d8293bc68220d88a8e74271141b5.tar.xz
linux-ef54ccb61616d8293bc68220d88a8e74271141b5.zip
selinux: selinux_add_opt() callers free memory
The selinux_add_opt() function may need to allocate memory for the mount options if none has already been allocated, but there is no need to free that memory on error as the callers handle that. Drop the existing kfree() on error to help increase consistency in the selinux_add_opt() error handling. This patch also changes selinux_add_opt() to return -EINVAL when the mount option value, @s, is NULL. It currently return -ENOMEM. Link: https://lore.kernel.org/lkml/20220611090550.135674-1-xiujianfeng@huawei.com/T/ Suggested-by: Paul Moore <paul@paul-moore.com> Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> [PM: fix subject, rework commit description language] Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c11
1 files changed, 4 insertions, 7 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 4d20a139a86d..9d08b91e05a2 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -944,10 +944,12 @@ out:
return rc;
}
+/*
+ * NOTE: the caller is resposible for freeing the memory even if on error.
+ */
static int selinux_add_opt(int token, const char *s, void **mnt_opts)
{
struct selinux_mnt_opts *opts = *mnt_opts;
- bool is_alloc_opts = false;
u32 *dst_sid;
int rc;
@@ -955,7 +957,7 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts)
/* eaten and completely ignored */
return 0;
if (!s)
- return -ENOMEM;
+ return -EINVAL;
if (!selinux_initialized(&selinux_state)) {
pr_warn("SELinux: Unable to set superblock options before the security server is initialized\n");
@@ -967,7 +969,6 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts)
if (!opts)
return -ENOMEM;
*mnt_opts = opts;
- is_alloc_opts = true;
}
switch (token) {
@@ -1002,10 +1003,6 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts)
return rc;
err:
- if (is_alloc_opts) {
- kfree(opts);
- *mnt_opts = NULL;
- }
pr_warn(SEL_MOUNT_FAIL_MSG);
return -EINVAL;
}