]> www.infradead.org Git - users/dwmw2/linux.git/commitdiff
ima: fix error handling logic when file measurement failed
authorMatt Bobrowski <mattbobrowski@google.com>
Wed, 4 Jan 2023 03:41:44 +0000 (03:41 +0000)
committerMimi Zohar <zohar@linux.ibm.com>
Wed, 18 Jan 2023 18:17:00 +0000 (13:17 -0500)
Restore the error handling logic so that when file measurement fails,
the respective iint entry is not left with the digest data being
populated with zeroes.

Fixes: 54f03916fb89 ("ima: permit fsverity's file digests in the IMA measurement list")
Cc: stable@vger.kernel.org # 5.19
Signed-off-by: Matt Bobrowski <mattbobrowski@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
security/integrity/ima/ima_api.c
security/integrity/ima/ima_main.c

index c1e76282b5ee5ad38ae61dc532c3091c75950738..1e3a7a4f8833ffad3b9e99ab802119b5673fdafe 100644 (file)
@@ -292,7 +292,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
                result = ima_calc_file_hash(file, &hash.hdr);
        }
 
-       if (result == -ENOMEM)
+       if (result && result != -EBADF && result != -EINVAL)
                goto out;
 
        length = sizeof(hash.hdr) + hash.hdr.length;
index 377300973e6c55eb3e0156f31c873ee2a1a20709..b1ae0f2751f15ba7f92c51bcf4930bf8cfc7df69 100644 (file)
@@ -337,7 +337,7 @@ static int process_measurement(struct file *file, const struct cred *cred,
        hash_algo = ima_get_hash_algo(xattr_value, xattr_len);
 
        rc = ima_collect_measurement(iint, file, buf, size, hash_algo, modsig);
-       if (rc == -ENOMEM)
+       if (rc != 0 && rc != -EBADF && rc != -EINVAL)
                goto out_locked;
 
        if (!pathbuf)   /* ima_rdwr_violation possibly pre-fetched */