* [PATCH AUTOSEL 5.3 02/71] ima: always return negative code for error
[not found] <20191001163922.14735-1-sashal@kernel.org>
@ 2019-10-01 16:38 ` Sasha Levin
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 03/71] ima: fix freeing ongoing ahash_request Sasha Levin
1 sibling, 0 replies; 2+ messages in thread
From: Sasha Levin @ 2019-10-01 16:38 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Sascha Hauer, Mimi Zohar, Sasha Levin, linux-integrity,
linux-security-module
From: Sascha Hauer <s.hauer@pengutronix.de>
[ Upstream commit f5e1040196dbfe14c77ce3dfe3b7b08d2d961e88 ]
integrity_kernel_read() returns the number of bytes read. If this is
a short read then this positive value is returned from
ima_calc_file_hash_atfm(). Currently this is only indirectly called from
ima_calc_file_hash() and this function only tests for the return value
being zero or nonzero and also doesn't forward the return value.
Nevertheless there's no point in returning a positive value as an error,
so translate a short read into -EINVAL.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/integrity/ima/ima_crypto.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index d4c7b8e1b083d..7532b062be594 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -268,8 +268,11 @@ static int ima_calc_file_hash_atfm(struct file *file,
rbuf_len = min_t(loff_t, i_size - offset, rbuf_size[active]);
rc = integrity_kernel_read(file, offset, rbuf[active],
rbuf_len);
- if (rc != rbuf_len)
+ if (rc != rbuf_len) {
+ if (rc >= 0)
+ rc = -EINVAL;
goto out3;
+ }
if (rbuf[1] && offset) {
/* Using two buffers, and it is not the first
--
2.20.1
^ permalink raw reply related [flat|nested] 2+ messages in thread* [PATCH AUTOSEL 5.3 03/71] ima: fix freeing ongoing ahash_request
[not found] <20191001163922.14735-1-sashal@kernel.org>
2019-10-01 16:38 ` [PATCH AUTOSEL 5.3 02/71] ima: always return negative code for error Sasha Levin
@ 2019-10-01 16:38 ` Sasha Levin
1 sibling, 0 replies; 2+ messages in thread
From: Sasha Levin @ 2019-10-01 16:38 UTC (permalink / raw)
To: linux-kernel, stable
Cc: Sascha Hauer, Mimi Zohar, Sasha Levin, linux-integrity,
linux-security-module
From: Sascha Hauer <s.hauer@pengutronix.de>
[ Upstream commit 4ece3125f21b1d42b84896c5646dbf0e878464e1 ]
integrity_kernel_read() can fail in which case we forward to call
ahash_request_free() on a currently running request. We have to wait
for its completion before we can free the request.
This was observed by interrupting a "find / -type f -xdev -print0 | xargs -0
cat 1>/dev/null" with ctrl-c on an IMA enabled filesystem.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
security/integrity/ima/ima_crypto.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index 7532b062be594..73044fc6a9521 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -271,6 +271,11 @@ static int ima_calc_file_hash_atfm(struct file *file,
if (rc != rbuf_len) {
if (rc >= 0)
rc = -EINVAL;
+ /*
+ * Forward current rc, do not overwrite with return value
+ * from ahash_wait()
+ */
+ ahash_wait(ahash_rc, &wait);
goto out3;
}
--
2.20.1
^ permalink raw reply related [flat|nested] 2+ messages in thread