mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2024-12-29 09:12:07 +00:00
integrity-v6.12
-----BEGIN PGP SIGNATURE----- iIoEABYKADIWIQQdXVVFGN5XqKr1Hj7LwZzRsCrn5QUCZzNj9BQcem9oYXJAbGlu dXguaWJtLmNvbQAKCRDLwZzRsCrn5QKDAQCkbTcWVTnMrdz/0hV9JVmoLCFs6GWZ cTjaBApOQge1pgD/bTQGJ0fYP6sWEzMPSTMXr6uJaJtlmpsGdPNoOmKUTQU= =+K7B -----END PGP SIGNATURE----- Merge tag 'integrity-v6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity Pull integrity fixes from Mimi Zohar: "One bug fix, one performance improvement, and the use of static_assert: - The bug fix addresses "only a cosmetic change" commit, which didn't take into account the original 'ima' template definition. - The performance improvement limits the atomic_read()" * tag 'integrity-v6.12' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: integrity: Use static_assert() to check struct sizes evm: stop avoidably reading i_writecount in evm_file_release ima: fix buffer overrun in ima_eventdigest_init_common
This commit is contained in:
commit
93db202ce0
@ -1084,7 +1084,8 @@ static void evm_file_release(struct file *file)
|
||||
if (!S_ISREG(inode->i_mode) || !(mode & FMODE_WRITE))
|
||||
return;
|
||||
|
||||
if (iint && atomic_read(&inode->i_writecount) == 1)
|
||||
if (iint && iint->flags & EVM_NEW_FILE &&
|
||||
atomic_read(&inode->i_writecount) == 1)
|
||||
iint->flags &= ~EVM_NEW_FILE;
|
||||
}
|
||||
|
||||
|
@ -318,15 +318,21 @@ static int ima_eventdigest_init_common(const u8 *digest, u32 digestsize,
|
||||
hash_algo_name[hash_algo]);
|
||||
}
|
||||
|
||||
if (digest)
|
||||
if (digest) {
|
||||
memcpy(buffer + offset, digest, digestsize);
|
||||
else
|
||||
} else {
|
||||
/*
|
||||
* If digest is NULL, the event being recorded is a violation.
|
||||
* Make room for the digest by increasing the offset by the
|
||||
* hash algorithm digest size.
|
||||
* hash algorithm digest size. If the hash algorithm is not
|
||||
* specified increase the offset by IMA_DIGEST_SIZE which
|
||||
* fits SHA1 or MD5
|
||||
*/
|
||||
offset += hash_digest_size[hash_algo];
|
||||
if (hash_algo < HASH_ALGO__LAST)
|
||||
offset += hash_digest_size[hash_algo];
|
||||
else
|
||||
offset += IMA_DIGEST_SIZE;
|
||||
}
|
||||
|
||||
return ima_write_template_field_data(buffer, offset + digestsize,
|
||||
fmt, field_data);
|
||||
|
@ -37,6 +37,8 @@ struct evm_ima_xattr_data {
|
||||
);
|
||||
u8 data[];
|
||||
} __packed;
|
||||
static_assert(offsetof(struct evm_ima_xattr_data, data) == sizeof(struct evm_ima_xattr_data_hdr),
|
||||
"struct member likely outside of __struct_group()");
|
||||
|
||||
/* Only used in the EVM HMAC code. */
|
||||
struct evm_xattr {
|
||||
@ -65,6 +67,8 @@ struct ima_digest_data {
|
||||
);
|
||||
u8 digest[];
|
||||
} __packed;
|
||||
static_assert(offsetof(struct ima_digest_data, digest) == sizeof(struct ima_digest_data_hdr),
|
||||
"struct member likely outside of __struct_group()");
|
||||
|
||||
/*
|
||||
* Instead of wrapping the ima_digest_data struct inside a local structure
|
||||
|
Loading…
Reference in New Issue
Block a user