<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/security/integrity/ima/ima_crypto.c, branch v6.7</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>mm, treewide: redefine MAX_ORDER sanely</title>
<updated>2023-04-06T02:42:46+00:00</updated>
<author>
<name>Kirill A. Shutemov</name>
<email>kirill.shutemov@linux.intel.com</email>
</author>
<published>2023-03-15T11:31:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=23baf831a32c04f9a968812511540b1b3e648bf5'/>
<id>23baf831a32c04f9a968812511540b1b3e648bf5</id>
<content type='text'>
MAX_ORDER currently defined as number of orders page allocator supports:
user can ask buddy allocator for page order between 0 and MAX_ORDER-1.

This definition is counter-intuitive and lead to number of bugs all over
the kernel.

Change the definition of MAX_ORDER to be inclusive: the range of orders
user can ask from buddy allocator is 0..MAX_ORDER now.

[kirill@shutemov.name: fix min() warning]
  Link: https://lkml.kernel.org/r/20230315153800.32wib3n5rickolvh@box
[akpm@linux-foundation.org: fix another min_t warning]
[kirill@shutemov.name: fixups per Zi Yan]
  Link: https://lkml.kernel.org/r/20230316232144.b7ic4cif4kjiabws@box.shutemov.name
[akpm@linux-foundation.org: fix underlining in docs]
  Link: https://lore.kernel.org/oe-kbuild-all/202303191025.VRCTk6mP-lkp@intel.com/
Link: https://lkml.kernel.org/r/20230315113133.11326-11-kirill.shutemov@linux.intel.com
Signed-off-by: Kirill A. Shutemov &lt;kirill.shutemov@linux.intel.com&gt;
Reviewed-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;	[powerpc]
Cc: "Kirill A. Shutemov" &lt;kirill@shutemov.name&gt;
Cc: Zi Yan &lt;ziy@nvidia.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
MAX_ORDER currently defined as number of orders page allocator supports:
user can ask buddy allocator for page order between 0 and MAX_ORDER-1.

This definition is counter-intuitive and lead to number of bugs all over
the kernel.

Change the definition of MAX_ORDER to be inclusive: the range of orders
user can ask from buddy allocator is 0..MAX_ORDER now.

[kirill@shutemov.name: fix min() warning]
  Link: https://lkml.kernel.org/r/20230315153800.32wib3n5rickolvh@box
[akpm@linux-foundation.org: fix another min_t warning]
[kirill@shutemov.name: fixups per Zi Yan]
  Link: https://lkml.kernel.org/r/20230316232144.b7ic4cif4kjiabws@box.shutemov.name
[akpm@linux-foundation.org: fix underlining in docs]
  Link: https://lore.kernel.org/oe-kbuild-all/202303191025.VRCTk6mP-lkp@intel.com/
Link: https://lkml.kernel.org/r/20230315113133.11326-11-kirill.shutemov@linux.intel.com
Signed-off-by: Kirill A. Shutemov &lt;kirill.shutemov@linux.intel.com&gt;
Reviewed-by: Michael Ellerman &lt;mpe@ellerman.id.au&gt;	[powerpc]
Cc: "Kirill A. Shutemov" &lt;kirill@shutemov.name&gt;
Cc: Zi Yan &lt;ziy@nvidia.com&gt;
Signed-off-by: Andrew Morton &lt;akpm@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ima: Fix potential memory leak in ima_init_crypto()</title>
<updated>2022-07-13T14:13:58+00:00</updated>
<author>
<name>Jianglei Nie</name>
<email>niejianglei2021@163.com</email>
</author>
<published>2022-07-12T01:10:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=067d2521874135267e681c19d42761c601d503d6'/>
<id>067d2521874135267e681c19d42761c601d503d6</id>
<content type='text'>
On failure to allocate the SHA1 tfm, IMA fails to initialize and exits
without freeing the ima_algo_array. Add the missing kfree() for
ima_algo_array to avoid the potential memory leak.

Signed-off-by: Jianglei Nie &lt;niejianglei2021@163.com&gt;
Fixes: 6d94809af6b0 ("ima: Allocate and initialize tfm for each PCR bank")
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
On failure to allocate the SHA1 tfm, IMA fails to initialize and exits
without freeing the ima_algo_array. Add the missing kfree() for
ima_algo_array to avoid the potential memory leak.

Signed-off-by: Jianglei Nie &lt;niejianglei2021@163.com&gt;
Fixes: 6d94809af6b0 ("ima: Allocate and initialize tfm for each PCR bank")
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ima/evm: Fix type mismatch</title>
<updated>2021-06-08T20:29:10+00:00</updated>
<author>
<name>Roberto Sassu</name>
<email>roberto.sassu@huawei.com</email>
</author>
<published>2021-06-08T12:31:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=6b26285f44c9306747c609cb304f787f1933594c'/>
<id>6b26285f44c9306747c609cb304f787f1933594c</id>
<content type='text'>
The endianness of a variable written to the measurement list cannot be
determined at compile time, as it depends on the value of the
ima_canonical_fmt global variable (set through a kernel option with the
same name if the machine is big endian).

If ima_canonical_fmt is false, the endianness of a variable is the same as
the machine; if ima_canonical_fmt is true, the endianness is little endian.
The warning arises due to this type of instruction:

var = cpu_to_leXX(var)

which tries to assign a value in little endian to a variable with native
endianness (little or big endian).

Given that the variables set with this instruction are not used in any
operation but just written to a buffer, it is safe to force the type of the
value being set to be the same of the type of the variable with:

var = (__force &lt;var type&gt;)cpu_to_leXX(var)

Reported-by: kernel test robot &lt;lkp@intel.com&gt;
Signed-off-by: Roberto Sassu &lt;roberto.sassu@huawei.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The endianness of a variable written to the measurement list cannot be
determined at compile time, as it depends on the value of the
ima_canonical_fmt global variable (set through a kernel option with the
same name if the machine is big endian).

If ima_canonical_fmt is false, the endianness of a variable is the same as
the machine; if ima_canonical_fmt is true, the endianness is little endian.
The warning arises due to this type of instruction:

var = cpu_to_leXX(var)

which tries to assign a value in little endian to a variable with native
endianness (little or big endian).

Given that the variables set with this instruction are not used in any
operation but just written to a buffer, it is safe to force the type of the
value being set to be the same of the type of the variable with:

var = (__force &lt;var type&gt;)cpu_to_leXX(var)

Reported-by: kernel test robot &lt;lkp@intel.com&gt;
Signed-off-by: Roberto Sassu &lt;roberto.sassu@huawei.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ima: Don't modify file descriptor mode on the fly</title>
<updated>2020-11-29T12:02:53+00:00</updated>
<author>
<name>Roberto Sassu</name>
<email>roberto.sassu@huawei.com</email>
</author>
<published>2020-11-26T10:34:56+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=207cdd565dfc95a0a5185263a567817b7ebf5467'/>
<id>207cdd565dfc95a0a5185263a567817b7ebf5467</id>
<content type='text'>
Commit a408e4a86b36b ("ima: open a new file instance if no read
permissions") already introduced a second open to measure a file when the
original file descriptor does not allow it. However, it didn't remove the
existing method of changing the mode of the original file descriptor, which
is still necessary if the current process does not have enough privileges
to open a new one.

Changing the mode isn't really an option, as the filesystem might need to
do preliminary steps to make the read possible. Thus, this patch removes
the code and keeps the second open as the only option to measure a file
when it is unreadable with the original file descriptor.

Cc: &lt;stable@vger.kernel.org&gt; # 4.20.x: 0014cc04e8ec0 ima: Set file-&gt;f_mode
Fixes: 2fe5d6def1672 ("ima: integrity appraisal extension")
Signed-off-by: Roberto Sassu &lt;roberto.sassu@huawei.com&gt;
Reviewed-by: Christoph Hellwig &lt;hch@lst.de&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Commit a408e4a86b36b ("ima: open a new file instance if no read
permissions") already introduced a second open to measure a file when the
original file descriptor does not allow it. However, it didn't remove the
existing method of changing the mode of the original file descriptor, which
is still necessary if the current process does not have enough privileges
to open a new one.

Changing the mode isn't really an option, as the filesystem might need to
do preliminary steps to make the read possible. Thus, this patch removes
the code and keeps the second open as the only option to measure a file
when it is unreadable with the original file descriptor.

Cc: &lt;stable@vger.kernel.org&gt; # 4.20.x: 0014cc04e8ec0 ima: Set file-&gt;f_mode
Fixes: 2fe5d6def1672 ("ima: integrity appraisal extension")
Signed-off-by: Roberto Sassu &lt;roberto.sassu@huawei.com&gt;
Reviewed-by: Christoph Hellwig &lt;hch@lst.de&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ima: Don't ignore errors from crypto_shash_update()</title>
<updated>2020-09-15T17:47:37+00:00</updated>
<author>
<name>Roberto Sassu</name>
<email>roberto.sassu@huawei.com</email>
</author>
<published>2020-09-04T09:23:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=60386b854008adc951c470067f90a2d85b5d520f'/>
<id>60386b854008adc951c470067f90a2d85b5d520f</id>
<content type='text'>
Errors returned by crypto_shash_update() are not checked in
ima_calc_boot_aggregate_tfm() and thus can be overwritten at the next
iteration of the loop. This patch adds a check after calling
crypto_shash_update() and returns immediately if the result is not zero.

Cc: stable@vger.kernel.org
Fixes: 3323eec921efd ("integrity: IMA as an integrity service provider")
Signed-off-by: Roberto Sassu &lt;roberto.sassu@huawei.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Errors returned by crypto_shash_update() are not checked in
ima_calc_boot_aggregate_tfm() and thus can be overwritten at the next
iteration of the loop. This patch adds a check after calling
crypto_shash_update() and returns immediately if the result is not zero.

Cc: stable@vger.kernel.org
Fixes: 3323eec921efd ("integrity: IMA as an integrity service provider")
Signed-off-by: Roberto Sassu &lt;roberto.sassu@huawei.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ima: extend boot_aggregate with kernel measurements</title>
<updated>2020-06-25T00:47:24+00:00</updated>
<author>
<name>Maurizio Drocco</name>
<email>maurizio.drocco@ibm.com</email>
</author>
<published>2020-06-23T15:57:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=20c59ce010f84300f6c655d32db2610d3433f85c'/>
<id>20c59ce010f84300f6c655d32db2610d3433f85c</id>
<content type='text'>
Registers 8-9 are used to store measurements of the kernel and its
command line (e.g., grub2 bootloader with tpm module enabled). IMA
should include them in the boot aggregate. Registers 8-9 should be
only included in non-SHA1 digests to avoid ambiguity.

Signed-off-by: Maurizio Drocco &lt;maurizio.drocco@ibm.com&gt;
Reviewed-by: Bruno Meneguele &lt;bmeneg@redhat.com&gt;
Tested-by: Bruno Meneguele &lt;bmeneg@redhat.com&gt;  (TPM 1.2, TPM 2.0)
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Registers 8-9 are used to store measurements of the kernel and its
command line (e.g., grub2 bootloader with tpm module enabled). IMA
should include them in the boot aggregate. Registers 8-9 should be
only included in non-SHA1 digests to avoid ambiguity.

Signed-off-by: Maurizio Drocco &lt;maurizio.drocco@ibm.com&gt;
Reviewed-by: Bruno Meneguele &lt;bmeneg@redhat.com&gt;
Tested-by: Bruno Meneguele &lt;bmeneg@redhat.com&gt;  (TPM 1.2, TPM 2.0)
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ima: Remove __init annotation from ima_pcrread()</title>
<updated>2020-06-07T23:03:09+00:00</updated>
<author>
<name>Roberto Sassu</name>
<email>roberto.sassu@huawei.com</email>
</author>
<published>2020-06-07T21:00:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=8b8c704d913b0fe490af370631a4200e26334ec0'/>
<id>8b8c704d913b0fe490af370631a4200e26334ec0</id>
<content type='text'>
Commit 6cc7c266e5b4 ("ima: Call ima_calc_boot_aggregate() in
ima_eventdigest_init()") added a call to ima_calc_boot_aggregate() so that
the digest can be recalculated for the boot_aggregate measurement entry if
the 'd' template field has been requested. For the 'd' field, only SHA1 and
MD5 digests are accepted.

Given that ima_eventdigest_init() does not have the __init annotation, all
functions called should not have it. This patch removes __init from
ima_pcrread().

Cc: stable@vger.kernel.org
Fixes:  6cc7c266e5b4 ("ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()")
Reported-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Roberto Sassu &lt;roberto.sassu@huawei.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Commit 6cc7c266e5b4 ("ima: Call ima_calc_boot_aggregate() in
ima_eventdigest_init()") added a call to ima_calc_boot_aggregate() so that
the digest can be recalculated for the boot_aggregate measurement entry if
the 'd' template field has been requested. For the 'd' field, only SHA1 and
MD5 digests are accepted.

Given that ima_eventdigest_init() does not have the __init annotation, all
functions called should not have it. This patch removes __init from
ima_pcrread().

Cc: stable@vger.kernel.org
Fixes:  6cc7c266e5b4 ("ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()")
Reported-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
Signed-off-by: Roberto Sassu &lt;roberto.sassu@huawei.com&gt;
Signed-off-by: Linus Torvalds &lt;torvalds@linux-foundation.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'integrity-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity</title>
<updated>2020-06-06T16:39:05+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2020-06-06T16:39:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=3c0ad98c2eda5ff30d23777e30744be6f7b8f097'/>
<id>3c0ad98c2eda5ff30d23777e30744be6f7b8f097</id>
<content type='text'>
Pull integrity updates from Mimi Zohar:
 "The main changes are extending the TPM 2.0 PCR banks with bank
  specific file hashes, calculating the "boot_aggregate" based on other
  TPM PCR banks, using the default IMA hash algorithm, instead of SHA1,
  as the basis for the cache hash table key, and preventing the mprotect
  syscall to circumvent an IMA mmap appraise policy rule.

   - In preparation for extending TPM 2.0 PCR banks with bank specific
     digests, commit 0b6cf6b97b7e ("tpm: pass an array of
     tpm_extend_digest structures to tpm_pcr_extend()") modified
     tpm_pcr_extend(). The original SHA1 file digests were
     padded/truncated, before being extended into the other TPM PCR
     banks. This pull request calculates and extends the TPM PCR banks
     with bank specific file hashes completing the above change.

   - The "boot_aggregate", the first IMA measurement list record, is the
     "trusted boot" link between the pre-boot environment and the
     running OS. With TPM 2.0, the "boot_aggregate" record is not
     limited to being based on the SHA1 TPM PCR bank, but can be
     calculated based on any enabled bank, assuming the hash algorithm
     is also enabled in the kernel.

  Other changes include the following and five other bug fixes/code
  clean up:

   - supporting both a SHA1 and a larger "boot_aggregate" digest in a
     custom template format containing both the the SHA1 ('d') and
     larger digests ('d-ng') fields.

   - Initial hash table key fix, but additional changes would be good"

* tag 'integrity-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  ima: Directly free *entry in ima_alloc_init_template() if digests is NULL
  ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()
  ima: Directly assign the ima_default_policy pointer to ima_rules
  ima: verify mprotect change is consistent with mmap policy
  evm: Fix possible memory leak in evm_calc_hmac_or_hash()
  ima: Set again build_ima_appraise variable
  ima: Remove redundant policy rule set in add_rules()
  ima: Fix ima digest hash table key calculation
  ima: Use ima_hash_algo for collision detection in the measurement list
  ima: Calculate and extend PCR with digests in ima_template_entry
  ima: Allocate and initialize tfm for each PCR bank
  ima: Switch to dynamically allocated buffer for template digests
  ima: Store template digest directly in ima_template_entry
  ima: Evaluate error in init_ima()
  ima: Switch to ima_hash_algo for boot aggregate
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull integrity updates from Mimi Zohar:
 "The main changes are extending the TPM 2.0 PCR banks with bank
  specific file hashes, calculating the "boot_aggregate" based on other
  TPM PCR banks, using the default IMA hash algorithm, instead of SHA1,
  as the basis for the cache hash table key, and preventing the mprotect
  syscall to circumvent an IMA mmap appraise policy rule.

   - In preparation for extending TPM 2.0 PCR banks with bank specific
     digests, commit 0b6cf6b97b7e ("tpm: pass an array of
     tpm_extend_digest structures to tpm_pcr_extend()") modified
     tpm_pcr_extend(). The original SHA1 file digests were
     padded/truncated, before being extended into the other TPM PCR
     banks. This pull request calculates and extends the TPM PCR banks
     with bank specific file hashes completing the above change.

   - The "boot_aggregate", the first IMA measurement list record, is the
     "trusted boot" link between the pre-boot environment and the
     running OS. With TPM 2.0, the "boot_aggregate" record is not
     limited to being based on the SHA1 TPM PCR bank, but can be
     calculated based on any enabled bank, assuming the hash algorithm
     is also enabled in the kernel.

  Other changes include the following and five other bug fixes/code
  clean up:

   - supporting both a SHA1 and a larger "boot_aggregate" digest in a
     custom template format containing both the the SHA1 ('d') and
     larger digests ('d-ng') fields.

   - Initial hash table key fix, but additional changes would be good"

* tag 'integrity-v5.8' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  ima: Directly free *entry in ima_alloc_init_template() if digests is NULL
  ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()
  ima: Directly assign the ima_default_policy pointer to ima_rules
  ima: verify mprotect change is consistent with mmap policy
  evm: Fix possible memory leak in evm_calc_hmac_or_hash()
  ima: Set again build_ima_appraise variable
  ima: Remove redundant policy rule set in add_rules()
  ima: Fix ima digest hash table key calculation
  ima: Use ima_hash_algo for collision detection in the measurement list
  ima: Calculate and extend PCR with digests in ima_template_entry
  ima: Allocate and initialize tfm for each PCR bank
  ima: Switch to dynamically allocated buffer for template digests
  ima: Store template digest directly in ima_template_entry
  ima: Evaluate error in init_ima()
  ima: Switch to ima_hash_algo for boot aggregate
</pre>
</div>
</content>
</entry>
<entry>
<title>ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init()</title>
<updated>2020-06-03T21:20:43+00:00</updated>
<author>
<name>Roberto Sassu</name>
<email>roberto.sassu@huawei.com</email>
</author>
<published>2020-06-03T15:08:21+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=6cc7c266e5b47d3cd2b5bb7fd3aac4e6bb2dd1d2'/>
<id>6cc7c266e5b47d3cd2b5bb7fd3aac4e6bb2dd1d2</id>
<content type='text'>
If the template field 'd' is chosen and the digest to be added to the
measurement entry was not calculated with SHA1 or MD5, it is
recalculated with SHA1, by using the passed file descriptor. However, this
cannot be done for boot_aggregate, because there is no file descriptor.

This patch adds a call to ima_calc_boot_aggregate() in
ima_eventdigest_init(), so that the digest can be recalculated also for the
boot_aggregate entry.

Cc: stable@vger.kernel.org # 3.13.x
Fixes: 3ce1217d6cd5d ("ima: define template fields library and new helpers")
Reported-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Roberto Sassu &lt;roberto.sassu@huawei.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
If the template field 'd' is chosen and the digest to be added to the
measurement entry was not calculated with SHA1 or MD5, it is
recalculated with SHA1, by using the passed file descriptor. However, this
cannot be done for boot_aggregate, because there is no file descriptor.

This patch adds a call to ima_calc_boot_aggregate() in
ima_eventdigest_init(), so that the digest can be recalculated also for the
boot_aggregate entry.

Cc: stable@vger.kernel.org # 3.13.x
Fixes: 3ce1217d6cd5d ("ima: define template fields library and new helpers")
Reported-by: Takashi Iwai &lt;tiwai@suse.de&gt;
Signed-off-by: Roberto Sassu &lt;roberto.sassu@huawei.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>ima: Set file-&gt;f_mode instead of file-&gt;f_flags in ima_calc_file_hash()</title>
<updated>2020-05-08T01:30:58+00:00</updated>
<author>
<name>Roberto Sassu</name>
<email>roberto.sassu@huawei.com</email>
</author>
<published>2020-04-27T10:28:55+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=0014cc04e8ec077dc482f00c87dfd949cfe2b98f'/>
<id>0014cc04e8ec077dc482f00c87dfd949cfe2b98f</id>
<content type='text'>
Commit a408e4a86b36 ("ima: open a new file instance if no read
permissions") tries to create a new file descriptor to calculate a file
digest if the file has not been opened with O_RDONLY flag. However, if a
new file descriptor cannot be obtained, it sets the FMODE_READ flag to
file-&gt;f_flags instead of file-&gt;f_mode.

This patch fixes this issue by replacing f_flags with f_mode as it was
before that commit.

Cc: stable@vger.kernel.org # 4.20.x
Fixes: a408e4a86b36 ("ima: open a new file instance if no read permissions")
Signed-off-by: Roberto Sassu &lt;roberto.sassu@huawei.com&gt;
Reviewed-by: Goldwyn Rodrigues &lt;rgoldwyn@suse.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Commit a408e4a86b36 ("ima: open a new file instance if no read
permissions") tries to create a new file descriptor to calculate a file
digest if the file has not been opened with O_RDONLY flag. However, if a
new file descriptor cannot be obtained, it sets the FMODE_READ flag to
file-&gt;f_flags instead of file-&gt;f_mode.

This patch fixes this issue by replacing f_flags with f_mode as it was
before that commit.

Cc: stable@vger.kernel.org # 4.20.x
Fixes: a408e4a86b36 ("ima: open a new file instance if no read permissions")
Signed-off-by: Roberto Sassu &lt;roberto.sassu@huawei.com&gt;
Reviewed-by: Goldwyn Rodrigues &lt;rgoldwyn@suse.com&gt;
Signed-off-by: Mimi Zohar &lt;zohar@linux.ibm.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
