diff mbox series

ima: fix wrong zero-assignment during securityfs dentry remove

Message ID 20240529181432.494253-1-enrico.bravi@polito.it (mailing list archive)
State New, archived
Headers show
Series ima: fix wrong zero-assignment during securityfs dentry remove | expand

Commit Message

Enrico Bravi May 29, 2024, 6:14 p.m. UTC
In case of error during ima_fs_init() all the dentry already created
are removed. {ascii, binary}_securityfs_measurement_lists are freed
calling for each array the remove_securityfs_measurement_lists(). This
function, at the end, assigns to zero the securityfs_measurement_list_count.
This causes during the second call of remove_securityfs_measurement_lists()
to leave the dentry of the array pending, not removing them correctly,
because the securityfs_measurement_list_count is already zero.

Move the securityfs_measurement_list_count = 0 after the two
remove_securityfs_measurement_lists() calls to correctly remove all the
dentry already allocated.

Fixes: 9fa8e7625008 ("ima: add crypto agility support for template-hash algorithm")
Signed-off-by: Enrico Bravi <enrico.bravi@polito.it>
---
 security/integrity/ima/ima_fs.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

base-commit: e0cce98fe279b64f4a7d81b7f5c3a23d80b92fbc

Comments

Roberto Sassu May 30, 2024, 7:34 a.m. UTC | #1
On 5/29/2024 8:14 PM, Enrico Bravi wrote:
> In case of error during ima_fs_init() all the dentry already created
> are removed. {ascii, binary}_securityfs_measurement_lists are freed
> calling for each array the remove_securityfs_measurement_lists(). This
> function, at the end, assigns to zero the securityfs_measurement_list_count.
> This causes during the second call of remove_securityfs_measurement_lists()
> to leave the dentry of the array pending, not removing them correctly,
> because the securityfs_measurement_list_count is already zero.
> 
> Move the securityfs_measurement_list_count = 0 after the two
> remove_securityfs_measurement_lists() calls to correctly remove all the
> dentry already allocated.
> 
> Fixes: 9fa8e7625008 ("ima: add crypto agility support for template-hash algorithm")
> Signed-off-by: Enrico Bravi <enrico.bravi@polito.it>

Looks good to me.

Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com>

Thanks

Roberto

> ---
>   security/integrity/ima/ima_fs.c | 3 +--
>   1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
> index abdd22007ed8..e4a79a9b2d58 100644
> --- a/security/integrity/ima/ima_fs.c
> +++ b/security/integrity/ima/ima_fs.c
> @@ -427,8 +427,6 @@ static void __init remove_securityfs_measurement_lists(struct dentry **lists)
>   
>   		kfree(lists);
>   	}
> -
> -	securityfs_measurement_list_count = 0;
>   }
>   
>   static int __init create_securityfs_measurement_lists(void)
> @@ -625,6 +623,7 @@ int __init ima_fs_init(void)
>   	securityfs_remove(binary_runtime_measurements);
>   	remove_securityfs_measurement_lists(ascii_securityfs_measurement_lists);
>   	remove_securityfs_measurement_lists(binary_securityfs_measurement_lists);
> +	securityfs_measurement_list_count = 0;
>   	securityfs_remove(ima_symlink);
>   	securityfs_remove(ima_dir);
> 
> base-commit: e0cce98fe279b64f4a7d81b7f5c3a23d80b92fbc
diff mbox series

Patch

diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index abdd22007ed8..e4a79a9b2d58 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -427,8 +427,6 @@  static void __init remove_securityfs_measurement_lists(struct dentry **lists)
 
 		kfree(lists);
 	}
-
-	securityfs_measurement_list_count = 0;
 }
 
 static int __init create_securityfs_measurement_lists(void)
@@ -625,6 +623,7 @@  int __init ima_fs_init(void)
 	securityfs_remove(binary_runtime_measurements);
 	remove_securityfs_measurement_lists(ascii_securityfs_measurement_lists);
 	remove_securityfs_measurement_lists(binary_securityfs_measurement_lists);
+	securityfs_measurement_list_count = 0;
 	securityfs_remove(ima_symlink);
 	securityfs_remove(ima_dir);