iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ima: fix error handling logic when file measurement failed

Browse Source 
Restore the error handling logic so that when file measurement fails,
the respective iint entry is not left with the digest data being
populated with zeroes.

Fixes: 54f03916fb ("ima: permit fsverity's file digests in the IMA measurement list")
Cc: stable@vger.kernel.org	# 5.19
Signed-off-by: Matt Bobrowski <mattbobrowski@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Matt Bobrowski 2023-01-04 03:41:44 +00:00 committed by Mimi Zohar
parent 5dc4c995db
commit 6dc387d52e
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/integrity/ima/ima_api.c
View File

@ -292,7 +292,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
result = ima_calc_file_hash(file, &hash.hdr);
}
if (result == -ENOMEM)
if (result && result != -EBADF && result != -EINVAL)
goto out;
length = sizeof(hash.hdr) + hash.hdr.length;

2
security/integrity/ima/ima_main.c
View File

@ -337,7 +337,7 @@ static int process_measurement(struct file *file, const struct cred *cred,
hash_algo = ima_get_hash_algo(xattr_value, xattr_len);
rc = ima_collect_measurement(iint, file, buf, size, hash_algo, modsig);
if (rc == -ENOMEM)
if (rc != 0 && rc != -EBADF && rc != -EINVAL)
goto out_locked;
if (!pathbuf) /* ima_rdwr_violation possibly pre-fetched */