[PATCH v1] selftests/landlock: Fix readlink check

Günther Noack gnoack at google.com
Wed May 28 14:48:54 UTC 2025


On Wed, May 28, 2025 at 04:44:25PM +0200, Mickaël Salaün wrote:
> The audit_init_filter_exe() helper incorrectly checks the readlink(2)
> error because an unsigned integer is used to store the result.  Use a
> signed integer for this check.
> 
> Cc: Günther Noack <gnoack at google.com>
> Reported-by: Dan Carpenter <dan.carpenter at linaro.org>
> Closes: https://lore.kernel.org/r/aDbFwyZ_fM-IO7sC@stanley.mountain
> Fixes: 6a500b22971c ("selftests/landlock: Add tests for audit flags and domain IDs")
> ---
>  tools/testing/selftests/landlock/audit.h | 7 ++++---
>  1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/tools/testing/selftests/landlock/audit.h b/tools/testing/selftests/landlock/audit.h
> index 18a6014920b5..b16986aa6442 100644
> --- a/tools/testing/selftests/landlock/audit.h
> +++ b/tools/testing/selftests/landlock/audit.h
> @@ -403,11 +403,12 @@ static int audit_init_filter_exe(struct audit_filter *filter, const char *path)
>  	/* It is assume that there is not already filtering rules. */
>  	filter->record_type = AUDIT_EXE;
>  	if (!path) {
> -		filter->exe_len = readlink("/proc/self/exe", filter->exe,
> -					   sizeof(filter->exe) - 1);
> -		if (filter->exe_len < 0)
> +		int ret = readlink("/proc/self/exe", filter->exe,
> +				   sizeof(filter->exe) - 1);
> +		if (ret < 0)
>  			return -errno;
>  
> +		filter->exe_len = ret;
>  		return 0;
>  	}
>  
> -- 
> 2.49.0
> 

Reviewed-by: Günther Noack <gnoack at google.com>



More information about the Linux-security-module-archive mailing list