diff options
| author | Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com> | 2021-07-20 15:04:13 +0000 |
|---|---|---|
| committer | Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com> | 2021-07-20 15:04:13 +0000 |
| commit | e9646ca70100b35fd85b597c3af7534c075e0e3a (patch) | |
| tree | 626c744c696fe142faa6599e1f99d3c433581cc1 /security | |
| parent | d27b76752782fcf058f548e4ecb7d9f31eefe612 (diff) | |
| parent | 7c76bd6c36ed84c0e613ba0f3a1408a515b9f12d (diff) | |
Merge tag 'v5.4.132' into 5.4-2.3.x-imx
This is the 5.4.132 stable release
Conflicts (manual resolve):
- drivers/gpu/drm/rockchip/cdn-dp-core.c:
Fix merge hiccup when integrating upstream commit 450c25b8a4c9c
("drm/rockchip: cdn-dp-core: add missing clk_disable_unprepare() on
error in cdn_dp_grf_write()")
- drivers/perf/fsl_imx8_ddr_perf.c:
Port upstream commit 3fea9b708ae37 ("drivers/perf: fix the missed
ida_simple_remove() in ddr_perf_probe()") manually to NXP version.
Signed-off-by: Andrey Zhizhikin <andrey.zhizhikin@leica-geosystems.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/evm/evm_main.c | 5 | ||||
| -rw-r--r-- | security/integrity/evm/evm_secfs.c | 13 |
2 files changed, 10 insertions, 8 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 615094eda36d..81e3245aec86 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -520,7 +520,7 @@ void evm_inode_post_setattr(struct dentry *dentry, int ia_valid) } /* - * evm_inode_init_security - initializes security.evm + * evm_inode_init_security - initializes security.evm HMAC value */ int evm_inode_init_security(struct inode *inode, const struct xattr *lsm_xattr, @@ -529,7 +529,8 @@ int evm_inode_init_security(struct inode *inode, struct evm_xattr *xattr_data; int rc; - if (!evm_key_loaded() || !evm_protected_xattr(lsm_xattr->name)) + if (!(evm_initialized & EVM_INIT_HMAC) || + !evm_protected_xattr(lsm_xattr->name)) return 0; xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS); diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c index 0f37ef27268d..d7f12ed19183 100644 --- a/security/integrity/evm/evm_secfs.c +++ b/security/integrity/evm/evm_secfs.c @@ -68,12 +68,13 @@ static ssize_t evm_read_key(struct file *filp, char __user *buf, static ssize_t evm_write_key(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - int i, ret; + unsigned int i; + int ret; if (!capable(CAP_SYS_ADMIN) || (evm_initialized & EVM_SETUP_COMPLETE)) return -EPERM; - ret = kstrtoint_from_user(buf, count, 0, &i); + ret = kstrtouint_from_user(buf, count, 0, &i); if (ret) return ret; @@ -82,12 +83,12 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf, if (!i || (i & ~EVM_INIT_MASK) != 0) return -EINVAL; - /* Don't allow a request to freshly enable metadata writes if - * keys are loaded. + /* + * Don't allow a request to enable metadata writes if + * an HMAC key is loaded. */ if ((i & EVM_ALLOW_METADATA_WRITES) && - ((evm_initialized & EVM_KEY_MASK) != 0) && - !(evm_initialized & EVM_ALLOW_METADATA_WRITES)) + (evm_initialized & EVM_INIT_HMAC) != 0) return -EPERM; if (i & EVM_INIT_HMAC) { |