Sign in before continuing.

Commit 6dc387d5 authored Jan 04, 2023 by Matt Bobrowski Committed by Mimi Zohar Jan 18, 2023

ima: fix error handling logic when file measurement failed



Restore the error handling logic so that when file measurement fails,
the respective iint entry is not left with the digest data being
populated with zeroes.

Fixes: 54f03916 ("ima: permit fsverity's file digests in the IMA measurement list")
Cc: stable@vger.kernel.org	# 5.19
Signed-off-by: Matt Bobrowski <mattbobrowski@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

parent 5dc4c995

security/integrity/ima/ima_api.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -292,7 +292,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
		result = ima_calc_file_hash(file, &hash.hdr);
		}

		if (result == -ENOMEM)
		if (result && result != -EBADF && result != -EINVAL)
		goto out;

		length = sizeof(hash.hdr) + hash.hdr.length;

security/integrity/ima/ima_main.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -337,7 +337,7 @@ static int process_measurement(struct file file, const struct cred cred,
		hash_algo = ima_get_hash_algo(xattr_value, xattr_len);

		rc = ima_collect_measurement(iint, file, buf, size, hash_algo, modsig);
		if (rc == -ENOMEM)
		if (rc != 0 && rc != -EBADF && rc != -EINVAL)
		goto out_locked;

		if (!pathbuf) /* ima_rdwr_violation possibly pre-fetched */