Commit f06dd16a authored by Eric Paris's avatar Eric Paris Committed by James Morris

IMA: Handle dentry_open failures

Currently IMA does not handle failures from dentry_open().  This means that we
leave a pointer set to ERR_PTR(errno) and then try to use it just a few lines
later in fput().  Oops.
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Acked-by: default avatarMimi Zohar <zohar@us.ibm.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 37bcbf13
...@@ -116,10 +116,6 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file, ...@@ -116,10 +116,6 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file,
{ {
int rc = 0; int rc = 0;
if (IS_ERR(file)) {
pr_info("%s dentry_open failed\n", filename);
return rc;
}
iint->opencount++; iint->opencount++;
iint->readcount++; iint->readcount++;
...@@ -185,6 +181,12 @@ int ima_path_check(struct path *path, int mask) ...@@ -185,6 +181,12 @@ int ima_path_check(struct path *path, int mask)
struct vfsmount *mnt = mntget(path->mnt); struct vfsmount *mnt = mntget(path->mnt);
file = dentry_open(dentry, mnt, O_RDONLY, current_cred()); file = dentry_open(dentry, mnt, O_RDONLY, current_cred());
if (IS_ERR(file)) {
pr_info("%s dentry_open failed\n", dentry->d_name.name);
rc = PTR_ERR(file);
file = NULL;
goto out;
}
rc = get_path_measurement(iint, file, dentry->d_name.name); rc = get_path_measurement(iint, file, dentry->d_name.name);
} }
out: out:
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment