Unverified Commit 16a6f4d3 authored by Mickaël Salaün's avatar Mickaël Salaün
Browse files

landlock: Use scoped guards for ruleset in landlock_add_rule() 



Simplify error handling by replacing goto statements with automatic
calls to landlock_put_ruleset() when going out of scope.

This change depends on the TCP support.

Cc: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Cc: Mikhail Ivanov <ivanov.mikhail1@huawei-partners.com>
Reviewed-by: default avatarGünther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20250113161112.452505-3-mic@digikod.net


Signed-off-by: default avatarMickaël Salaün <mic@digikod.net>
parent d32f79a5

security/landlock/syscalls.c

+4 −10
Original line number Diff line number Diff line
@@ -399,8 +399,7 @@ SYSCALL_DEFINE4(landlock_add_rule, const int, ruleset_fd, 
		const enum landlock_rule_type, rule_type,

		const void __user *const, rule_attr, const __u32, flags)

{

	struct landlock_ruleset *ruleset;

	int err;

	struct landlock_ruleset *ruleset __free(landlock_put_ruleset) = NULL;



	if (!is_initialized())

		return -EOPNOTSUPP;
@@ -416,17 +415,12 @@ SYSCALL_DEFINE4(landlock_add_rule, const int, ruleset_fd, 


	switch (rule_type) {

	case LANDLOCK_RULE_PATH_BENEATH:

		err = add_rule_path_beneath(ruleset, rule_attr);

		break;

		return add_rule_path_beneath(ruleset, rule_attr);

	case LANDLOCK_RULE_NET_PORT:

		err = add_rule_net_port(ruleset, rule_attr);

		break;

		return add_rule_net_port(ruleset, rule_attr);

	default:

		err = -EINVAL;

		break;

		return -EINVAL;

	}

	landlock_put_ruleset(ruleset);

	return err;

}



/* Enforcement */