renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2025-01-16 17:43:56 +08:00
Code
067a436b1b
linux-next/security/integrity/ima
History
Roberto Sassu 067a436b1b ima: Directly assign the ima_default_policy pointer to ima_rules 
This patch prevents the following oops:

[   10.771813] BUG: kernel NULL pointer dereference, address: 0000000000000
[...]
[   10.779790] RIP: 0010:ima_match_policy+0xf7/0xb80
[...]
[   10.798576] Call Trace:
[   10.798993]  ? ima_lsm_policy_change+0x2b0/0x2b0
[   10.799753]  ? inode_init_owner+0x1a0/0x1a0
[   10.800484]  ? _raw_spin_lock+0x7a/0xd0
[   10.801592]  ima_must_appraise.part.0+0xb6/0xf0
[   10.802313]  ? ima_fix_xattr.isra.0+0xd0/0xd0
[   10.803167]  ima_must_appraise+0x4f/0x70
[   10.804004]  ima_post_path_mknod+0x2e/0x80
[   10.804800]  do_mknodat+0x396/0x3c0

It occurs when there is a failure during IMA initialization, and
ima_init_policy() is not called. IMA hooks still call ima_match_policy()
but ima_rules is NULL. This patch prevents the crash by directly assigning
the ima_default_policy pointer to ima_rules when ima_rules is defined. This
wouldn't alter the existing behavior, as ima_rules is always set at the end
of ima_init_policy().

Cc: stable@vger.kernel.org # 3.7.x
Fixes: 07f6a79415 ("ima: add appraise action keywords and default rules")
Reported-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2020-06-03 14:54:35 -04:00
..
ima_api.c ima: Switch to dynamically allocated buffer for template digests 2020-04-19 22:03:39 -04:00
ima_appraise.c IMA: Add support to limit measuring keys 2019-12-12 08:53:50 -05:00
ima_asymmetric_keys.c integrity: Remove duplicate pr_fmt definitions 2020-02-28 14:32:58 -05:00
ima_crypto.c ima: Use ima_hash_algo for collision detection in the measurement list 2020-04-19 22:03:39 -04:00
ima_fs.c ima: Switch to dynamically allocated buffer for template digests 2020-04-19 22:03:39 -04:00
ima_init.c ima: Switch to ima_hash_algo for boot aggregate 2020-04-19 22:03:39 -04:00
ima_kexec.c integrity: Remove duplicate pr_fmt definitions 2020-02-28 14:32:58 -05:00
ima_main.c ima: verify mprotect change is consistent with mmap policy 2020-05-22 14:41:04 -04:00
ima_modsig.c ima: Fix use after free in ima_read_modsig() 2019-08-28 15:01:24 -04:00
ima_mok.c Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" 2019-07-10 18:43:43 -07:00
ima_policy.c ima: Directly assign the ima_default_policy pointer to ima_rules 2020-06-03 14:54:35 -04:00
ima_queue_keys.c integrity: Remove duplicate pr_fmt definitions 2020-02-28 14:32:58 -05:00
ima_queue.c ima: Use ima_hash_algo for collision detection in the measurement list 2020-04-19 22:03:39 -04:00
ima_template_lib.c integrity: Remove duplicate pr_fmt definitions 2020-02-28 14:32:58 -05:00
ima_template_lib.h ima: Define ima-modsig template 2019-08-05 18:40:25 -04:00
ima_template.c ima: Calculate and extend PCR with digests in ima_template_entry 2020-04-19 22:03:39 -04:00
ima.h ima: Fix ima digest hash table key calculation 2020-05-07 22:54:07 -04:00
Kconfig ima: add a new CONFIG for loading arch-specific policies 2020-03-12 07:43:57 -04:00
Makefile IMA: Update KBUILD_MODNAME for IMA files to ima 2020-02-28 14:32:58 -05:00