[thirdparty/kernel/stable-queue.git] / releases / 3.1.10 / ima-fix-invalid-memory-reference.patch

From 7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da Mon Sep 17 00:00:00 2001
From: Roberto Sassu <roberto.sassu@polito.it>
Date: Mon, 19 Dec 2011 15:57:28 +0100
Subject: ima: fix invalid memory reference

From: Roberto Sassu <roberto.sassu@polito.it>

commit 7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da upstream.

Don't free a valid measurement entry on TPM PCR extend failure.

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

---
 security/integrity/ima/ima_queue.c |   16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -23,6 +23,8 @@
 #include <linux/slab.h>
 #include "ima.h"
 
+#define AUDIT_CAUSE_LEN_MAX 32
+
 LIST_HEAD(ima_measurements);	/* list of all measurements */
 
 /* key: inode (before secure-hashing a file) */
@@ -94,7 +96,8 @@ static int ima_pcr_extend(const u8 *hash
 
 	result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash);
 	if (result != 0)
-		pr_err("IMA: Error Communicating to TPM chip\n");
+		pr_err("IMA: Error Communicating to TPM chip, result: %d\n",
+		       result);
 	return result;
 }
 
@@ -106,8 +109,9 @@ int ima_add_template_entry(struct ima_te
 {
 	u8 digest[IMA_DIGEST_SIZE];
 	const char *audit_cause = "hash_added";
+	char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX];
 	int audit_info = 1;
-	int result = 0;
+	int result = 0, tpmresult = 0;
 
 	mutex_lock(&ima_extend_list_mutex);
 	if (!violation) {
@@ -129,9 +133,11 @@ int ima_add_template_entry(struct ima_te
 	if (violation)		/* invalidate pcr */
 		memset(digest, 0xff, sizeof digest);
 
-	result = ima_pcr_extend(digest);
-	if (result != 0) {
-		audit_cause = "TPM error";
+	tpmresult = ima_pcr_extend(digest);
+	if (tpmresult != 0) {
+		snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
+			 tpmresult);
+		audit_cause = tpm_audit_cause;
 		audit_info = 0;
 	}
 out:
Commit	Line	Data
2679e64a GKH	1	From 7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da Mon Sep 17 00:00:00 2001
	2	From: Roberto Sassu <roberto.sassu@polito.it>
	3	Date: Mon, 19 Dec 2011 15:57:28 +0100
	4	Subject: ima: fix invalid memory reference
	5
	6	From: Roberto Sassu <roberto.sassu@polito.it>
	7
	8	commit 7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da upstream.
	9
	10	Don't free a valid measurement entry on TPM PCR extend failure.
	11
	12	Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
	13	Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
	14	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
	15
	16	---
	17	security/integrity/ima/ima_queue.c \| 16 +++++++++++-----
	18	1 file changed, 11 insertions(+), 5 deletions(-)
	19
	20	--- a/security/integrity/ima/ima_queue.c
	21	+++ b/security/integrity/ima/ima_queue.c
	22	@@ -23,6 +23,8 @@
	23	#include <linux/slab.h>
	24	#include "ima.h"
	25
	26	+#define AUDIT_CAUSE_LEN_MAX 32
	27	+
	28	LIST_HEAD(ima_measurements); /* list of all measurements */
	29
	30	/* key: inode (before secure-hashing a file) */
	31	@@ -94,7 +96,8 @@ static int ima_pcr_extend(const u8 *hash
	32
	33	result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash);
	34	if (result != 0)
	35	- pr_err("IMA: Error Communicating to TPM chip\n");
	36	+ pr_err("IMA: Error Communicating to TPM chip, result: %d\n",
	37	+ result);
	38	return result;
	39	}
	40
	41	@@ -106,8 +109,9 @@ int ima_add_template_entry(struct ima_te
	42	{
	43	u8 digest[IMA_DIGEST_SIZE];
	44	const char *audit_cause = "hash_added";
	45	+ char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX];
	46	int audit_info = 1;
	47	- int result = 0;
	48	+ int result = 0, tpmresult = 0;
	49
	50	mutex_lock(&ima_extend_list_mutex);
	51	if (!violation) {
	52	@@ -129,9 +133,11 @@ int ima_add_template_entry(struct ima_te
	53	if (violation) /* invalidate pcr */
	54	memset(digest, 0xff, sizeof digest);
	55
	56	- result = ima_pcr_extend(digest);
	57	- if (result != 0) {
	58	- audit_cause = "TPM error";
	59	+ tpmresult = ima_pcr_extend(digest);
	60	+ if (tpmresult != 0) {
	61	+ snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
	62	+ tpmresult);
	63	+ audit_cause = tpm_audit_cause;
	64	audit_info = 0;
65	}
66	out: