| Message ID | 20240529181432.494253-1-enrico.bravi@polito.it (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | ima: fix wrong zero-assignment during securityfs dentry remove | expand |
On 5/29/2024 8:14 PM, Enrico Bravi wrote: > In case of error during ima_fs_init() all the dentry already created > are removed. {ascii, binary}_securityfs_measurement_lists are freed > calling for each array the remove_securityfs_measurement_lists(). This > function, at the end, assigns to zero the securityfs_measurement_list_count. > This causes during the second call of remove_securityfs_measurement_lists() > to leave the dentry of the array pending, not removing them correctly, > because the securityfs_measurement_list_count is already zero. > > Move the securityfs_measurement_list_count = 0 after the two > remove_securityfs_measurement_lists() calls to correctly remove all the > dentry already allocated. > > Fixes: 9fa8e7625008 ("ima: add crypto agility support for template-hash algorithm") > Signed-off-by: Enrico Bravi <enrico.bravi@polito.it> Looks good to me. Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com> Thanks Roberto > --- > security/integrity/ima/ima_fs.c | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > > diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c > index abdd22007ed8..e4a79a9b2d58 100644 > --- a/security/integrity/ima/ima_fs.c > +++ b/security/integrity/ima/ima_fs.c > @@ -427,8 +427,6 @@ static void __init remove_securityfs_measurement_lists(struct dentry **lists) > > kfree(lists); > } > - > - securityfs_measurement_list_count = 0; > } > > static int __init create_securityfs_measurement_lists(void) > @@ -625,6 +623,7 @@ int __init ima_fs_init(void) > securityfs_remove(binary_runtime_measurements); > remove_securityfs_measurement_lists(ascii_securityfs_measurement_lists); > remove_securityfs_measurement_lists(binary_securityfs_measurement_lists); > + securityfs_measurement_list_count = 0; > securityfs_remove(ima_symlink); > securityfs_remove(ima_dir); > > base-commit: e0cce98fe279b64f4a7d81b7f5c3a23d80b92fbc
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index abdd22007ed8..e4a79a9b2d58 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -427,8 +427,6 @@ static void __init remove_securityfs_measurement_lists(struct dentry **lists) kfree(lists); } - - securityfs_measurement_list_count = 0; } static int __init create_securityfs_measurement_lists(void) @@ -625,6 +623,7 @@ int __init ima_fs_init(void) securityfs_remove(binary_runtime_measurements); remove_securityfs_measurement_lists(ascii_securityfs_measurement_lists); remove_securityfs_measurement_lists(binary_securityfs_measurement_lists); + securityfs_measurement_list_count = 0; securityfs_remove(ima_symlink); securityfs_remove(ima_dir);
In case of error during ima_fs_init() all the dentry already created are removed. {ascii, binary}_securityfs_measurement_lists are freed calling for each array the remove_securityfs_measurement_lists(). This function, at the end, assigns to zero the securityfs_measurement_list_count. This causes during the second call of remove_securityfs_measurement_lists() to leave the dentry of the array pending, not removing them correctly, because the securityfs_measurement_list_count is already zero. Move the securityfs_measurement_list_count = 0 after the two remove_securityfs_measurement_lists() calls to correctly remove all the dentry already allocated. Fixes: 9fa8e7625008 ("ima: add crypto agility support for template-hash algorithm") Signed-off-by: Enrico Bravi <enrico.bravi@polito.it> --- security/integrity/ima/ima_fs.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) base-commit: e0cce98fe279b64f4a7d81b7f5c3a23d80b92fbc