diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2012-01-19 14:46:08 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2012-01-19 14:46:08 -0500 |
| commit | afd290945cd283030b51b433a66fe57a8feb28c8 (patch) | |
| tree | a389cb472d0ca242e02e86becd4a1967dfb0624b | |
| parent | 90a4c0f51e8e44111a926be6f4c87af3938a79c3 (diff) | |
| parent | 456a8167e94b66f406c27400a46a707b870452b0 (diff) | |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
KEYS: Permit key_serial() to be called with a const key pointer
keys: fix user_defined key sparse messages
ima: fix cred sparse warning
MPILIB: Add a missing ENOMEM check
| -rw-r--r-- | include/linux/key.h | 2 | ||||
| -rw-r--r-- | lib/mpi/mpicoder.c | 2 | ||||
| -rw-r--r-- | security/integrity/ima/ima_policy.c | 3 | ||||
| -rw-r--r-- | security/keys/user_defined.c | 6 |
4 files changed, 8 insertions, 5 deletions
diff --git a/include/linux/key.h b/include/linux/key.h index bfc014c57351..5253471cd2ea 100644 --- a/include/linux/key.h +++ b/include/linux/key.h | |||
| @@ -271,7 +271,7 @@ extern int keyring_add_key(struct key *keyring, | |||
| 271 | 271 | ||
| 272 | extern struct key *key_lookup(key_serial_t id); | 272 | extern struct key *key_lookup(key_serial_t id); |
| 273 | 273 | ||
| 274 | static inline key_serial_t key_serial(struct key *key) | 274 | static inline key_serial_t key_serial(const struct key *key) |
| 275 | { | 275 | { |
| 276 | return key ? key->serial : 0; | 276 | return key ? key->serial : 0; |
| 277 | } | 277 | } |
diff --git a/lib/mpi/mpicoder.c b/lib/mpi/mpicoder.c index fe84bb978e3b..716802b774ea 100644 --- a/lib/mpi/mpicoder.c +++ b/lib/mpi/mpicoder.c | |||
| @@ -255,6 +255,8 @@ void *mpi_get_buffer(MPI a, unsigned *nbytes, int *sign) | |||
| 255 | if (!n) | 255 | if (!n) |
| 256 | n++; /* avoid zero length allocation */ | 256 | n++; /* avoid zero length allocation */ |
| 257 | p = buffer = kmalloc(n, GFP_KERNEL); | 257 | p = buffer = kmalloc(n, GFP_KERNEL); |
| 258 | if (!p) | ||
| 259 | return NULL; | ||
| 258 | 260 | ||
| 259 | for (i = a->nlimbs - 1; i >= 0; i--) { | 261 | for (i = a->nlimbs - 1; i >= 0; i--) { |
| 260 | alimb = a->d[i]; | 262 | alimb = a->d[i]; |
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index d661afbe474c..d45061d02fee 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
| @@ -99,6 +99,7 @@ static bool ima_match_rules(struct ima_measure_rule_entry *rule, | |||
| 99 | struct inode *inode, enum ima_hooks func, int mask) | 99 | struct inode *inode, enum ima_hooks func, int mask) |
| 100 | { | 100 | { |
| 101 | struct task_struct *tsk = current; | 101 | struct task_struct *tsk = current; |
| 102 | const struct cred *cred = current_cred(); | ||
| 102 | int i; | 103 | int i; |
| 103 | 104 | ||
| 104 | if ((rule->flags & IMA_FUNC) && rule->func != func) | 105 | if ((rule->flags & IMA_FUNC) && rule->func != func) |
| @@ -108,7 +109,7 @@ static bool ima_match_rules(struct ima_measure_rule_entry *rule, | |||
| 108 | if ((rule->flags & IMA_FSMAGIC) | 109 | if ((rule->flags & IMA_FSMAGIC) |
| 109 | && rule->fsmagic != inode->i_sb->s_magic) | 110 | && rule->fsmagic != inode->i_sb->s_magic) |
| 110 | return false; | 111 | return false; |
| 111 | if ((rule->flags & IMA_UID) && rule->uid != tsk->cred->uid) | 112 | if ((rule->flags & IMA_UID) && rule->uid != cred->uid) |
| 112 | return false; | 113 | return false; |
| 113 | for (i = 0; i < MAX_LSM_RULES; i++) { | 114 | for (i = 0; i < MAX_LSM_RULES; i++) { |
| 114 | int rc = 0; | 115 | int rc = 0; |
diff --git a/security/keys/user_defined.c b/security/keys/user_defined.c index 69ff52c08e97..2aee3c5a3b99 100644 --- a/security/keys/user_defined.c +++ b/security/keys/user_defined.c | |||
| @@ -59,7 +59,7 @@ int user_instantiate(struct key *key, const void *data, size_t datalen) | |||
| 59 | /* attach the data */ | 59 | /* attach the data */ |
| 60 | upayload->datalen = datalen; | 60 | upayload->datalen = datalen; |
| 61 | memcpy(upayload->data, data, datalen); | 61 | memcpy(upayload->data, data, datalen); |
| 62 | rcu_assign_pointer(key->payload.data, upayload); | 62 | rcu_assign_keypointer(key, upayload); |
| 63 | ret = 0; | 63 | ret = 0; |
| 64 | 64 | ||
| 65 | error: | 65 | error: |
| @@ -98,7 +98,7 @@ int user_update(struct key *key, const void *data, size_t datalen) | |||
| 98 | if (ret == 0) { | 98 | if (ret == 0) { |
| 99 | /* attach the new data, displacing the old */ | 99 | /* attach the new data, displacing the old */ |
| 100 | zap = key->payload.data; | 100 | zap = key->payload.data; |
| 101 | rcu_assign_pointer(key->payload.data, upayload); | 101 | rcu_assign_keypointer(key, upayload); |
| 102 | key->expiry = 0; | 102 | key->expiry = 0; |
| 103 | } | 103 | } |
| 104 | 104 | ||
| @@ -133,7 +133,7 @@ void user_revoke(struct key *key) | |||
| 133 | key_payload_reserve(key, 0); | 133 | key_payload_reserve(key, 0); |
| 134 | 134 | ||
| 135 | if (upayload) { | 135 | if (upayload) { |
| 136 | rcu_assign_pointer(key->payload.data, NULL); | 136 | rcu_assign_keypointer(key, NULL); |
| 137 | kfree_rcu(upayload, rcu); | 137 | kfree_rcu(upayload, rcu); |
| 138 | } | 138 | } |
| 139 | } | 139 | } |