Commit 869cbeef authored May 12, 2021 by Ondrej Mosnacek Committed by Paul Moore May 14, 2021

lsm_audit,selinux: pass IB device name by reference



While trying to address a Coverity warning that the dev_name string
might end up unterminated when strcpy'ing it in
selinux_ib_endport_manage_subnet(), I realized that it is possible (and
simpler) to just pass the dev_name pointer directly, rather than copying
the string to a buffer.

The ibendport variable goes out of scope at the end of the function
anyway, so the lifetime of the dev_name pointer will never be shorter
than that of ibendport, thus we can safely just pass the dev_name
pointer and be done with it.

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: Richard Guy Briggs <rgb@redhat.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

parent fd781f45

include/linux/lsm_audit.h

+4 −4

Original line number	Diff line number	Diff line
		@@ -53,7 +53,7 @@ struct lsm_ibpkey_audit {
		};

		struct lsm_ibendport_audit {
		char dev_name[IB_DEVICE_NAME_MAX];
		const char *dev_name;
		u8 port;
		};

security/selinux/hooks.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -6850,7 +6850,7 @@ static int selinux_ib_endport_manage_subnet(void ib_sec, const char dev_name,
		return err;

		ad.type = LSM_AUDIT_DATA_IBENDPORT;
		strncpy(ibendport.dev_name, dev_name, sizeof(ibendport.dev_name));
		ibendport.dev_name = dev_name;
		ibendport.port = port_num;
		ad.u.ibendport = &ibendport;
		return avc_has_perm(&selinux_state,