Merge branch 'iov_iter' into for-next

author: Al Viro <viro@zeniv.linux.org.uk> 2014-12-08 20:39:29 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2014-12-08 20:39:29 -0500
commit: ba00410b8131b23edfb0e09f8b6dd26c8eb621fb (patch)
tree: c08504e4d2fa51ac91cef544f336d0169806c49f /security
parent: 8ce74dd6057832618957fc2cbd38fa959c3a0a6c (diff)
parent: aa583096d9767892983332e7c1a984bd17e3cd39 (diff)
4 files changed, 13 insertions, 6 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 9685af330de5..c5ee1a7c5e8a 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -319,9 +319,12 @@ int evm_inode_setxattr(struct dentry *dentry, const char *xattr_name,
 {
        const struct evm_ima_xattr_data *xattr_data = xattr_value;
-        if ((strcmp(xattr_name, XATTR_NAME_EVM) == 0)
+        if (strcmp(xattr_name, XATTR_NAME_EVM) == 0) {
-            && (xattr_data->type == EVM_XATTR_HMAC))
+                if (!xattr_value_len)
-                return -EPERM;
+                        return -EINVAL;
+                if (xattr_data->type != EVM_IMA_XATTR_DIGSIG)
+                        return -EPERM;
+        }
        return evm_protect_xattr(dentry, xattr_name, xattr_value,
                                 xattr_value_len);
 }
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index c2f203accbd1..fffcdb0b31f0 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -378,6 +378,8 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
        result = ima_protect_xattr(dentry, xattr_name, xattr_value,
                                   xattr_value_len);
        if (result == 1) {
+                if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))
+                        return -EINVAL;
                ima_reset_appraise_flags(dentry->d_inode,
                         (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0);
                result = 0;
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index c0379d13dbe1..9d1c2ebfe12a 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -61,6 +61,7 @@ enum evm_ima_xattr_type {
        EVM_XATTR_HMAC,
        EVM_IMA_XATTR_DIGSIG,
        IMA_XATTR_DIGEST_NG,
+        IMA_XATTR_LAST
 };
 struct evm_ima_xattr_data {
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index e66314138b38..c603b20356ad 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4725,9 +4725,10 @@ static int selinux_nlmsg_perm(struct sock *sk, struct sk_buff *skb)
        err = selinux_nlmsg_lookup(sksec->sclass, nlh->nlmsg_type, &perm);
        if (err) {
                if (err == -EINVAL) {
-                        WARN_ONCE(1, "selinux_nlmsg_perm: unrecognized netlink message:"
+                        printk(KERN_WARNING
-                                  " protocol=%hu nlmsg_type=%hu sclass=%hu\n",
+                               "SELinux: unrecognized netlink message:"
-                                  sk->sk_protocol, nlh->nlmsg_type, sksec->sclass);
+                               " protocol=%hu nlmsg_type=%hu sclass=%hu\n",
+                               sk->sk_protocol, nlh->nlmsg_type, sksec->sclass);
                        if (!selinux_enforcing || security_get_allow_unknown())
                                err = 0;
                }
author	Al Viro <viro@zeniv.linux.org.uk>	2014-12-08 20:39:29 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2014-12-08 20:39:29 -0500
commit	ba00410b8131b23edfb0e09f8b6dd26c8eb621fb (patch)
tree	c08504e4d2fa51ac91cef544f336d0169806c49f /security
parent	8ce74dd6057832618957fc2cbd38fa959c3a0a6c (diff)
parent	aa583096d9767892983332e7c1a984bd17e3cd39 (diff)