Hi James, Today's linux-next merge of the security tree got a conflict in: security/integrity/ima/ima_fs.c between commit: 3bc8f29b149e ("new helper: memdup_user_nul()") from the vfs tree and commit: 38d859f991f3 ("IMA: policy can now be updated multiple times") from the security tree. I fixed it up (hopefully, see below) and can carry the fix as necessary (no action is required). -- Cheers, Stephen Rothwell sfr@xxxxxxxxxxxxxxxx diff --cc security/integrity/ima/ima_fs.c index 71aa60b8d257,3caed6de610c..000000000000 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@@ -259,21 -261,35 +261,30 @@@ static const struct file_operations ima static ssize_t ima_write_policy(struct file *file, const char __user *buf, size_t datalen, loff_t *ppos) { - char *data = NULL; ssize_t result; - char *data; ++ char *data = NULL; + int res; + + res = mutex_lock_interruptible(&ima_write_mutex); + if (res) + return res; if (datalen >= PAGE_SIZE) datalen = PAGE_SIZE - 1; /* No partial writes. */ + result = -EINVAL; if (*ppos != 0) - return -EINVAL; + goto out; - result = -ENOMEM; - data = kmalloc(datalen + 1, GFP_KERNEL); - if (!data) - goto out; - - *(data + datalen) = '\0'; - - result = -EFAULT; - if (copy_from_user(data, buf, datalen)) + data = memdup_user_nul(buf, datalen); - if (IS_ERR(data)) - return PTR_ERR(data); ++ if (IS_ERR(data)) { ++ result = PTR_ERR(data); + goto out; ++ } result = ima_parse_add_rule(data); + out: if (result < 0) valid_policy = 0; kfree(data); -- To unsubscribe from this list: send the line "unsubscribe linux-next" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html