| Message ID | 20200904092339.19598-2-roberto.sassu@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | IMA/EVM fixes | expand |
Hi
[This is an automated email]
This commit has been processed because it contains a "Fixes:" tag
fixing commit: 3323eec921ef ("integrity: IMA as an integrity service provider").
The bot has tested the following trees: v5.8.7, v5.4.63, v4.19.143, v4.14.196, v4.9.235, v4.4.235.
v5.8.7: Build OK!
v5.4.63: Build OK!
v4.19.143: Failed to apply! Possible dependencies:
100b16a6f290 ("tpm: sort objects in the Makefile")
6f1a1d103b48 ("ima: Switch to ima_hash_algo for boot aggregate")
70a3199a7101 ("tpm: factor out tpm_get_timeouts()")
879b589210a9 ("tpm: retrieve digest size of unknown algorithms with PCR read")
95adc6b410b7 ("tpm: use u32 instead of int for PCR index")
b03c43702e7b ("tpm: add tpm_auto_startup() into tpm-interface.c")
b2d6e6de005e ("tpm: factor out tpm 1.x duration calculation to tpm1-cmd.c")
c82a330ceced ("tpm: factor out tpm 1.x pm suspend flow into tpm1-cmd.c")
d4a317563207 ("tpm: move tpm 1.x selftest code from tpm-interface.c tpm1-cmd.c")
d856c00f7d16 ("tpm: add tpm_calc_ordinal_duration() wrapper")
v4.14.196: Failed to apply! Possible dependencies:
5ef924d9e2e8 ("tpm: use tpm_msleep() value as max delay")
6f1a1d103b48 ("ima: Switch to ima_hash_algo for boot aggregate")
879b589210a9 ("tpm: retrieve digest size of unknown algorithms with PCR read")
95adc6b410b7 ("tpm: use u32 instead of int for PCR index")
aad887f66411 ("tpm: use struct tpm_chip for tpm_chip_find_get()")
b03c43702e7b ("tpm: add tpm_auto_startup() into tpm-interface.c")
c82a330ceced ("tpm: factor out tpm 1.x pm suspend flow into tpm1-cmd.c")
d4a317563207 ("tpm: move tpm 1.x selftest code from tpm-interface.c tpm1-cmd.c")
fc1d52b745ba ("tpm: rename tpm_chip_find_get() to tpm_find_get_ops()")
v4.9.235: Failed to apply! Possible dependencies:
06e93279ca77 ("tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header")
175d5b2a570c ("tpm: move TPM 1.2 code of tpm_pcr_extend() to tpm1_pcr_extend()")
37f4915fef05 ("tpm: use idr_find(), not idr_find_slowpath()")
51b0be640cf6 ("tpm: Fix expected number of response bytes of TPM1.2 PCR Extend")
62bfdacbac4c ("tpm: Do not print an error message when doing TPM auto startup")
6f1a1d103b48 ("ima: Switch to ima_hash_algo for boot aggregate")
84fda15286d1 ("tpm: sanitize constant expressions")
879b589210a9 ("tpm: retrieve digest size of unknown algorithms with PCR read")
a69faebf4d3e ("tpm: move endianness conversion of ordinals to tpm_input_header")
aaa6f7f6c8bf ("tpm: Clean up reading of timeout and duration capabilities")
aad887f66411 ("tpm: use struct tpm_chip for tpm_chip_find_get()")
c659af78eb7b ("tpm: Check size of response before accessing data")
ca6d45802201 ("tpm: place kdoc just above tpm_pcr_extend")
f865c196856d ("tpm: add kdoc for tpm_transmit and tpm_transmit_cmd")
v4.4.235: Failed to apply! Possible dependencies:
0014777f989b ("tpm: constify TPM 1.x header structures")
062807f20e3f ("tpm: Remove all uses of drvdata from the TPM Core")
06e93279ca77 ("tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header")
175d5b2a570c ("tpm: move TPM 1.2 code of tpm_pcr_extend() to tpm1_pcr_extend()")
25112048cd59 ("tpm: rework tpm_get_timeouts()")
3635e2ec7cbb ("tpm: Get rid of devname")
37f4915fef05 ("tpm: use idr_find(), not idr_find_slowpath()")
570a36097f30 ("tpm: drop 'irq' from struct tpm_vendor_specific")
6e599f6f261f ("tpm: drop 'read_queue' from struct tpm_vendor_specific")
6f1a1d103b48 ("ima: Switch to ima_hash_algo for boot aggregate")
7ab4032fa579 ("tpm_tis: Get rid of the duplicate IRQ probing code")
84fda15286d1 ("tpm: sanitize constant expressions")
879b589210a9 ("tpm: retrieve digest size of unknown algorithms with PCR read")
a69faebf4d3e ("tpm: move endianness conversion of ordinals to tpm_input_header")
aad887f66411 ("tpm: use struct tpm_chip for tpm_chip_find_get()")
af782f339a5d ("tpm: Move tpm_vendor_specific data related with PTP specification to tpm_chip")
c659af78eb7b ("tpm: Check size of response before accessing data")
ddab0e34288a ("tpm/st33zp24: Remove unneeded tpm_reg in get_burstcount")
e3837e74a06d ("tpm_tis: Refactor the interrupt setup")
f865c196856d ("tpm: add kdoc for tpm_transmit and tpm_transmit_cmd")
NOTE: The patch will not be queued to stable trees until it is upstream.
How should we proceed with this patch?
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 011c3c76af86..21989fa0c107 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -829,6 +829,8 @@ static int ima_calc_boot_aggregate_tfm(char *digest, u16 alg_id, /* now accumulate with current aggregate */ rc = crypto_shash_update(shash, d.digest, crypto_shash_digestsize(tfm)); + if (rc != 0) + return rc; } /* * Extend cumulative digest over TPM registers 8-9, which contain
Errors returned by crypto_shash_update() are not checked in ima_calc_boot_aggregate_tfm() and thus can be overwritten at the next iteration of the loop. This patch adds a check after calling crypto_shash_update() and returns immediately if the result is not zero. Cc: stable@vger.kernel.org Fixes: 3323eec921efd ("integrity: IMA as an integrity service provider") Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Reviewed-by: Mimi Zohar <zohar@linux.ibm.com> --- security/integrity/ima/ima_crypto.c | 2 ++ 1 file changed, 2 insertions(+)