landlock: Use scoped guards for ruleset in landlock_add_rule()

Simplify error handling by replacing goto statements with automatic
calls to landlock_put_ruleset() when going out of scope.

This change depends on the TCP support.

Cc: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Cc: Mikhail Ivanov <ivanov.mikhail1@huawei-partners.com>
Reviewed-by: Günther Noack <gnoack@google.com>
Link: https://lore.kernel.org/r/20250113161112.452505-3-mic@digikod.net
Signed-off-by: Mickaël Salaün <mic@digikod.net>

diff --git a/security/landlock/syscalls.c b/security/landlock/syscalls.c
index 5a7f1f77292ed7af126bd3b9a87408d49e9994db..a9760d252fc2dc5c06561a71ce66c79cefcfb30f 100644 (file)
--- a/security/landlock/syscalls.c
+++ b/security/landlock/syscalls.c
@@ -399,8 +399,7 @@ SYSCALL_DEFINE4(landlock_add_rule, const int, ruleset_fd,
                const enum landlock_rule_type, rule_type,
                const void __user *const, rule_attr, const __u32, flags)
 {
-       struct landlock_ruleset *ruleset;
-       int err;
+       struct landlock_ruleset *ruleset __free(landlock_put_ruleset) = NULL;
 
        if (!is_initialized())
                return -EOPNOTSUPP;
@@ -416,17 +415,12 @@ SYSCALL_DEFINE4(landlock_add_rule, const int, ruleset_fd,
 
        switch (rule_type) {
        case LANDLOCK_RULE_PATH_BENEATH:
-               err = add_rule_path_beneath(ruleset, rule_attr);
-               break;
+               return add_rule_path_beneath(ruleset, rule_attr);
        case LANDLOCK_RULE_NET_PORT:
-               err = add_rule_net_port(ruleset, rule_attr);
-               break;
+               return add_rule_net_port(ruleset, rule_attr);
        default:
-               err = -EINVAL;
-               break;
+               return -EINVAL;
        }
-       landlock_put_ruleset(ruleset);
-       return err;
 }
 
 /* Enforcement */