secmark: do not return early if there was no error

Commit 4a5a5c73 attempted to pass decent error messages back to userspace for netfilter errors. In xt_SECMARK.c however the patch screwed up and returned on 0 (aka no error) early and didn't finish setting up secmark. This results in a kernel BUG if you use SECMARK. Signed-off-by: N Eric Paris <eparis@redhat.com> Acked-by: N Paul Moore <paul.moore@hp.com> Signed-off-by: N James Morris <jmorris@namei.org>

secmark: do not return early if there was no error
Commit 4a5a5c73 attempted to pass decent error messages back to userspace for netfilter errors. In xt_SECMARK.c however the patch screwed up and returned on 0 (aka no error) early and didn't finish setting up secmark. This results in a kernel BUG if you use SECMARK. Signed-off-by: N Eric Paris <eparis@redhat.com> Acked-by: N Paul Moore <paul.moore@hp.com> Signed-off-by: N James Morris <jmorris@namei.org>
15714f7b · Eric Paris · James Morris · 3ed02ada · 15714f7b
隐藏空白更改
内联并排

Showing with 1 addition and 1 deletion

net/netfilter/xt_SECMARK.c net/netfilter/xt_SECMARK.c +1 -1

未找到文件。
--- a/net/netfilter/xt_SECMARK.c
+++ b/net/netfilter/xt_SECMARK.c
@@ -101,7 +101,7 @@ static int secmark_tg_check(const struct xt_tgchk_param *par)
 	switch (info->mode) {
 	case SECMARK_MODE_SEL:
 		err = checkentry_selinux(info);
-		if (err <= 0)
+		if (err)
 			return err;
 		break;