ima: free duplicate measurement memory

Info about new measurements are cached in the iint for performance.  When
the inode is flushed from cache, the associated iint is flushed as well.
Subsequent access to the inode will cause the inode to be re-measured and
will attempt to add a duplicate entry to the measurement list.

This patch frees the duplicate measurement memory, fixing a memory leak.

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Cc: stable@vger.kernel.org

2 files changed, 3 insertions, 2 deletions

diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 0d50df04ccc4..88a2788b981d 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -178,8 +178,8 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
         strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX);
 
         result = ima_store_template(entry, violation, inode);
-        if (!result)
+        if (!result || result == -EEXIST)
                 iint->flags |= IMA_MEASURED;
-        else
+        if (result < 0)
                 kfree(entry);
 }
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index 8e28f04a5e2e..e1a5062b1f6a 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -114,6 +114,7 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
                 memcpy(digest, entry->digest, sizeof digest);
                 if (ima_lookup_digest_entry(digest)) {
                         audit_cause = "hash_exists";
+                        result = -EEXIST;
                         goto out;
                 }
         }