Re: [PATCH 45/46] selinux: Use common error handling code in sidtab_insert()
From: Casey Schaufler
Date: Tue Jan 17 2017 - 13:02:46 EST
On 1/15/2017 7:45 AM, SF Markus Elfring wrote:
> From: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
> Date: Sun, 15 Jan 2017 13:45:45 +0100
>
> Add a jump target so that a bit of exception handling can be better reused
> at the end of this function.
>
> Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
> ---
> security/selinux/ss/sidtab.c | 18 ++++++++----------
> 1 file changed, 8 insertions(+), 10 deletions(-)
>
> diff --git a/security/selinux/ss/sidtab.c b/security/selinux/ss/sidtab.c
> index f6915f257486..4130f882808c 100644
> --- a/security/selinux/ss/sidtab.c
> +++ b/security/selinux/ss/sidtab.c
> @@ -35,10 +35,8 @@ int sidtab_insert(struct sidtab *s, u32 sid, struct context *context)
> int hvalue, rc = 0;
> struct sidtab_node *prev, *cur, *newnode;
>
> - if (!s) {
> - rc = -ENOMEM;
> - goto out;
> - }
> + if (!s)
> + goto failure_indication;
>
> hvalue = SIDTAB_HASH(sid);
> prev = NULL;
> @@ -54,15 +52,12 @@ int sidtab_insert(struct sidtab *s, u32 sid, struct context *context)
> }
>
> newnode = kmalloc(sizeof(*newnode), GFP_ATOMIC);
> - if (!newnode) {
> - rc = -ENOMEM;
> - goto out;
Why not "return -ENOMEM;" ?
> - }
> + if (!newnode)
> + goto failure_indication;
> newnode->sid = sid;
> if (context_cpy(&newnode->context, context)) {
> kfree(newnode);
> - rc = -ENOMEM;
> - goto out;
> + goto failure_indication;
Again, "return -ENOMEM:"
> }
>
> if (prev) {
> @@ -80,6 +75,9 @@ int sidtab_insert(struct sidtab *s, u32 sid, struct context *context)
> s->next_sid = sid + 1;
> out:
> return rc;
> +failure_indication:
> + rc = -ENOMEM;
> + goto out;
Backward gotos are horrible. Don't do this.
> }
>
> static struct context *sidtab_search_core(struct sidtab *s, u32 sid, int force)