Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into ra-next

3 files changed, 17 insertions, 21 deletions

diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 3caed6de610c..f355231997b4 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -261,13 +261,8 @@ static const struct file_operations ima_ascii_measurements_ops = {
 static ssize_t ima_write_policy(struct file *file, const char __user *buf,
                                 size_t datalen, loff_t *ppos)
 {
-        char *data = NULL;
+        char *data;
         ssize_t result;
-        int res;
-
-        res = mutex_lock_interruptible(&ima_write_mutex);
-        if (res)
-                return res;
 
         if (datalen >= PAGE_SIZE)
                 datalen = PAGE_SIZE - 1;
@@ -286,14 +281,19 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf,
 
         result = -EFAULT;
         if (copy_from_user(data, buf, datalen))
-                goto out;
+                goto out_free;
 
+        result = mutex_lock_interruptible(&ima_write_mutex);
+        if (result < 0)
+                goto out_free;
         result = ima_parse_add_rule(data);
+        mutex_unlock(&ima_write_mutex);
+
+out_free:
+        kfree(data);
 out:
         if (result < 0)
                 valid_policy = 0;
-        kfree(data);
-        mutex_unlock(&ima_write_mutex);
 
         return result;
 }
diff --git a/security/keys/key.c b/security/keys/key.c
index 09ef276c4bdc..07a87311055c 100644
--- a/security/keys/key.c
+++ b/security/keys/key.c
@@ -430,8 +430,7 @@ static int __key_instantiate_and_link(struct key *key,
 
                         /* and link it into the destination keyring */
                         if (keyring) {
-                                if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-                                        set_bit(KEY_FLAG_KEEP, &key->flags);
+                                set_bit(KEY_FLAG_KEEP, &key->flags);
 
                                 __key_link(key, _edit);
                         }
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index e83ec6b9eb9d..8f9f323f372b 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id)
         }
 
         key = key_ref_to_ptr(key_ref);
+        ret = 0;
         if (test_bit(KEY_FLAG_KEEP, &key->flags))
-                return -EPERM;
-        else {
+                ret = -EPERM;
+        else
                 key_revoke(key);
-                ret = 0;
-        }
 
         key_ref_put(key_ref);
 error:
@@ -432,12 +431,11 @@ long keyctl_invalidate_key(key_serial_t id)
 
 invalidate:
         key = key_ref_to_ptr(key_ref);
+        ret = 0;
         if (test_bit(KEY_FLAG_KEEP, &key->flags))
                 ret = -EPERM;
-        else {
+        else
                 key_invalidate(key);
-                ret = 0;
-        }
 error_put:
         key_ref_put(key_ref);
 error:
@@ -1352,12 +1350,11 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout)
 
 okay:
         key = key_ref_to_ptr(key_ref);
+        ret = 0;
         if (test_bit(KEY_FLAG_KEEP, &key->flags))
                 ret = -EPERM;
-        else {
+        else
                 key_set_timeout(key, timeout);
-                ret = 0;
-        }
         key_put(key);
 
 error: