This is a note to let you know that I've just added the patch titled ima: Fix memory leak in __ima_inode_hash() to the 6.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: ima-fix-memory-leak-in-__ima_inode_hash.patch and it can be found in the queue-6.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 8c1d6a050a0f16e0a9d32eaf53b965c77279c6f8 Mon Sep 17 00:00:00 2001 From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> Date: Wed, 2 Nov 2022 17:30:06 +0100 Subject: ima: Fix memory leak in __ima_inode_hash() From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> commit 8c1d6a050a0f16e0a9d32eaf53b965c77279c6f8 upstream. Commit f3cc6b25dcc5 ("ima: always measure and audit files in policy") lets measurement or audit happen even if the file digest cannot be calculated. As a result, iint->ima_hash could have been allocated despite ima_collect_measurement() returning an error. Since ima_hash belongs to a temporary inode metadata structure, declared at the beginning of __ima_inode_hash(), just add a kfree() call if ima_collect_measurement() returns an error different from -ENOMEM (in that case, ima_hash should not have been allocated). Cc: stable@xxxxxxxxxxxxxxx Fixes: 280fe8367b0d ("ima: Always return a file measurement in ima_file_hash()") Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- security/integrity/ima/ima_main.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -542,8 +542,13 @@ static int __ima_inode_hash(struct inode rc = ima_collect_measurement(&tmp_iint, file, NULL, 0, ima_hash_algo, NULL); - if (rc < 0) + if (rc < 0) { + /* ima_hash could be allocated in case of failure. */ + if (rc != -ENOMEM) + kfree(tmp_iint.ima_hash); + return -EOPNOTSUPP; + } iint = &tmp_iint; mutex_lock(&iint->mutex); Patches currently in stable-queue which might be from roberto.sassu@xxxxxxxxxx are queue-6.1/ima-fix-memory-leak-in-__ima_inode_hash.patch