[Just cc'ing the security tree maintainer, since this will soon be in
his tree and is related to a conflict between that tree and the vfs
tree.]
On Mon, 4 Jan 2016 13:52:21 +1100 Stephen Rothwell <sfr@xxxxxxxxxxxxxxxx> wrote:
>
> Hi all,
>
> Today's linux-next merge of the integrity tree got a conflict in:
>
> security/integrity/ima/ima_fs.c
>
> between commit:
>
> 3bc8f29b149e ("new helper: memdup_user_nul()")
>
> from the vfs tree and commit:
>
> 6427e6c71c8b ("ima: ima_write_policy() limit locking")
>
> from the integrity tree.
>
> I fixed it up (see below) and can carry the fix as necessary (no action
> is required).
>
> --
> Cheers,
> Stephen Rothwell sfr@xxxxxxxxxxxxxxxx
>
> diff --cc security/integrity/ima/ima_fs.c
> index a185b6f2f390,f355231997b4..000000000000
> --- a/security/integrity/ima/ima_fs.c
> +++ b/security/integrity/ima/ima_fs.c
> @@@ -277,13 -272,25 +272,20 @@@ static ssize_t ima_write_policy(struct
> if (*ppos != 0)
> goto out;
>
> - result = -ENOMEM;
> - data = kmalloc(datalen + 1, GFP_KERNEL);
> - if (!data)
> + data = memdup_user_nul(buf, datalen);
> + if (IS_ERR(data)) {
> + result = PTR_ERR(data);
> goto out;
> -
> - *(data + datalen) = '\0';
> -
> - result = -EFAULT;
> - if (copy_from_user(data, buf, datalen))
> - goto out_free;
> + }
>
> + result = mutex_lock_interruptible(&ima_write_mutex);
> + if (result < 0)
> + goto out_free;
> result = ima_parse_add_rule(data);
> + mutex_unlock(&ima_write_mutex);
> +
> + out_free:
> + kfree(data);
> out:
> if (result < 0)
> valid_policy = 0;
--
To unsubscribe from this list: send the line "unsubscribe linux-next" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
