Patch "ima: Simplify ima_lsm_copy_rule" has been added to the 6.0-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 26 Dec 2022 21:34:19 -0500

This is a note to let you know that I've just added the patch titled

    ima: Simplify ima_lsm_copy_rule

to the 6.0-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ima-simplify-ima_lsm_copy_rule.patch
and it can be found in the queue-6.0 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 2a8793b01cf621b3d370fdbdf448dc63b858cbc8
Author: GUO Zihua <guozihua@xxxxxxxxxx>
Date:   Wed Sep 21 20:58:03 2022 +0800

    ima: Simplify ima_lsm_copy_rule
    
    [ Upstream commit d57378d3aa4d864d9e590482602068af1b20c0c5 ]
    
    Currently ima_lsm_copy_rule() set the arg_p field of the source rule to
    NULL, so that the source rule could be freed afterward. It does not make
    sense for this behavior to be inside a "copy" function. So move it
    outside and let the caller handle this field.
    
    ima_lsm_copy_rule() now produce a shallow copy of the original entry
    including args_p field. Meaning only the lsm.rule and the rule itself
    should be freed for the original rule. Thus, instead of calling
    ima_lsm_free_rule() which frees lsm.rule as well as args_p field, free
    the lsm.rule directly.
    
    Signed-off-by: GUO Zihua <guozihua@xxxxxxxxxx>
    Reviewed-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
    Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index bb3707160b01..2edff7f58c25 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -398,12 +398,6 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry)
 
 		nentry->lsm[i].type = entry->lsm[i].type;
 		nentry->lsm[i].args_p = entry->lsm[i].args_p;
-		/*
-		 * Remove the reference from entry so that the associated
-		 * memory will not be freed during a later call to
-		 * ima_lsm_free_rule(entry).
-		 */
-		entry->lsm[i].args_p = NULL;
 
 		ima_filter_rule_init(nentry->lsm[i].type, Audit_equal,
 				     nentry->lsm[i].args_p,
@@ -417,6 +411,7 @@ static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry)
 
 static int ima_lsm_update_rule(struct ima_rule_entry *entry)
 {
+	int i;
 	struct ima_rule_entry *nentry;
 
 	nentry = ima_lsm_copy_rule(entry);
@@ -431,7 +426,8 @@ static int ima_lsm_update_rule(struct ima_rule_entry *entry)
 	 * references and the entry itself. All other memory references will now
 	 * be owned by nentry.
 	 */
-	ima_lsm_free_rule(entry);
+	for (i = 0; i < MAX_LSM_RULES; i++)
+		ima_filter_rule_free(entry->lsm[i].rule);
 	kfree(entry);
 
 	return 0;






