diff options
| author | James Morris <jmorris@namei.org> | 2016-01-10 21:52:17 +1100 |
|---|---|---|
| committer | James Morris <james.l.morris@oracle.com> | 2016-01-10 21:52:17 +1100 |
| commit | 607259e17b37017e9ec0249a8b0a7d8b76b572aa (patch) | |
| tree | a8772ad30dd74afef995e558e723176e54369608 /security | |
| parent | aa98b942cbf305cf2abe5dc3aff11f579c7d7fdc (diff) | |
| parent | 1d6d167c2efcfe9539d9cffb1a1be9c92e39c2c0 (diff) | |
| download | linux-607259e17b37017e9ec0249a8b0a7d8b76b572aa.tar.gz | |
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into ra-next
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_fs.c | 18 | ||||
| -rw-r--r-- | security/keys/key.c | 3 | ||||
| -rw-r--r-- | security/keys/keyctl.c | 17 |
3 files changed, 17 insertions, 21 deletions
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 3caed6de610c..f355231997b4 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -261,13 +261,8 @@ static const struct file_operations ima_ascii_measurements_ops = { static ssize_t ima_write_policy(struct file *file, const char __user *buf, size_t datalen, loff_t *ppos) { - char *data = NULL; + char *data; ssize_t result; - int res; - - res = mutex_lock_interruptible(&ima_write_mutex); - if (res) - return res; if (datalen >= PAGE_SIZE) datalen = PAGE_SIZE - 1; @@ -286,14 +281,19 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf, result = -EFAULT; if (copy_from_user(data, buf, datalen)) - goto out; + goto out_free; + result = mutex_lock_interruptible(&ima_write_mutex); + if (result < 0) + goto out_free; result = ima_parse_add_rule(data); + mutex_unlock(&ima_write_mutex); + +out_free: + kfree(data); out: if (result < 0) valid_policy = 0; - kfree(data); - mutex_unlock(&ima_write_mutex); return result; } diff --git a/security/keys/key.c b/security/keys/key.c index 09ef276c4bdc..07a87311055c 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -430,8 +430,7 @@ static int __key_instantiate_and_link(struct key *key, /* and link it into the destination keyring */ if (keyring) { - if (test_bit(KEY_FLAG_KEEP, &keyring->flags)) - set_bit(KEY_FLAG_KEEP, &key->flags); + set_bit(KEY_FLAG_KEEP, &key->flags); __key_link(key, _edit); } diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index e83ec6b9eb9d..8f9f323f372b 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id) } key = key_ref_to_ptr(key_ref); + ret = 0; if (test_bit(KEY_FLAG_KEEP, &key->flags)) - return -EPERM; - else { + ret = -EPERM; + else key_revoke(key); - ret = 0; - } key_ref_put(key_ref); error: @@ -432,12 +431,11 @@ long keyctl_invalidate_key(key_serial_t id) invalidate: key = key_ref_to_ptr(key_ref); + ret = 0; if (test_bit(KEY_FLAG_KEEP, &key->flags)) ret = -EPERM; - else { + else key_invalidate(key); - ret = 0; - } error_put: key_ref_put(key_ref); error: @@ -1352,12 +1350,11 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout) okay: key = key_ref_to_ptr(key_ref); + ret = 0; if (test_bit(KEY_FLAG_KEEP, &key->flags)) ret = -EPERM; - else { + else key_set_timeout(key, timeout); - ret = 0; - } key_put(key); error: |