On Mon, Jul 14, 2025 at 01:39:12PM +0100, Tingmao Wang wrote:
> On 7/11/25 20:19, Mickaël Salaün wrote:
> > [...]
> > @@ -800,6 +802,8 @@ static bool is_access_to_paths_allowed(
> > access_masked_parent1 = access_masked_parent2 =
> > landlock_union_access_masks(domain).fs;
> > is_dom_check = true;
> > + memcpy(&_layer_masks_parent2_bkp, layer_masks_parent2,
> > + sizeof(_layer_masks_parent2_bkp));
> > } else {
> > if (WARN_ON_ONCE(dentry_child1 || dentry_child2))
> > return false;
> > @@ -807,6 +811,8 @@ static bool is_access_to_paths_allowed(
> > access_masked_parent1 = access_request_parent1;
> > access_masked_parent2 = access_request_parent2;
> > is_dom_check = false;
> > + memcpy(&_layer_masks_parent1_bkp, layer_masks_parent1,
> > + sizeof(_layer_masks_parent1_bkp));
>
> Is this memcpy meant to be in this else branch? If parent2 is set, we
> will leave _layer_masks_parent1_bkp uninitialized right?
Good catch! We should always initialize _layer_masks_parent1_bkp.
I'll move both _layer_masks_parent*_bkp initializations just before the
related allowed_parent* initialization.
>
> > }
> >
> > if (unlikely(dentry_child1)) {
