From b26bdde5bb27f3f900e25a95e33a0c476c8c2c48 Mon Sep 17 00:00:00 2001 From: Takashi Iwai Date: Thu, 4 Dec 2014 18:25:19 +0100 Subject: [PATCH 1/3] KEYS: Fix stale key registration at error path When loading encrypted-keys module, if the last check of aes_get_sizes() in init_encrypted() fails, the driver just returns an error without unregistering its key type. This results in the stale entry in the list. In addition to memory leaks, this leads to a kernel crash when registering a new key type later. This patch fixes the problem by swapping the calls of aes_get_sizes() and register_key_type(), and releasing resources properly at the error paths. Bugzilla: https://bugzilla.opensuse.org/show_bug.cgi?id=908163 Cc: Signed-off-by: Takashi Iwai Signed-off-by: Mimi Zohar --- security/keys/encrypted-keys/encrypted.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/security/keys/encrypted-keys/encrypted.c b/security/keys/encrypted-keys/encrypted.c index db9675db1026..7bed4ad7cd76 100644 --- a/security/keys/encrypted-keys/encrypted.c +++ b/security/keys/encrypted-keys/encrypted.c @@ -1017,10 +1017,13 @@ static int __init init_encrypted(void) ret = encrypted_shash_alloc(); if (ret < 0) return ret; + ret = aes_get_sizes(); + if (ret < 0) + goto out; ret = register_key_type(&key_type_encrypted); if (ret < 0) goto out; - return aes_get_sizes(); + return 0; out: encrypted_shash_release(); return ret; From 63a0eb7891bdf3ef32ecb6b01eb09106df646c10 Mon Sep 17 00:00:00 2001 From: Michael Ellerman Date: Wed, 3 Dec 2014 17:04:50 +1100 Subject: [PATCH 2/3] ima: Fix build failure on powerpc when TCG_IBMVTPM dependencies are not met On powerpc we can end up with IMA=y and PPC_PSERIES=n which leads to: warning: (IMA) selects TCG_IBMVTPM which has unmet direct dependencies (TCG_TPM && PPC_PSERIES) tpm_ibmvtpm.c:(.text+0x14f3e8): undefined reference to `.plpar_hcall_norets' I'm not sure why IMA needs to select those user-visible symbols, but if it must then the simplest fix is to just express the proper dependencies on the select. Tested-by: Hon Ching (Vicky) Lo Signed-off-by: Michael Ellerman Signed-off-by: Mimi Zohar --- security/integrity/ima/Kconfig | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/ima/Kconfig b/security/integrity/ima/Kconfig index b80a93ec1ccc..57515bc915c0 100644 --- a/security/integrity/ima/Kconfig +++ b/security/integrity/ima/Kconfig @@ -10,7 +10,7 @@ config IMA select CRYPTO_HASH_INFO select TCG_TPM if HAS_IOMEM && !UML select TCG_TIS if TCG_TPM && X86 - select TCG_IBMVTPM if TCG_TPM && PPC64 + select TCG_IBMVTPM if TCG_TPM && PPC_PSERIES help The Trusted Computing Group(TCG) runtime Integrity Measurement Architecture(IMA) maintains a list of hash From 5057975ae38452679b964f1382c5efcb9faee74e Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Thu, 11 Dec 2014 19:59:38 +0000 Subject: [PATCH 3/3] KEYS: remove a bogus NULL check We already checked if "desc" was NULL at the beginning of the function and we've dereferenced it so this causes a static checker warning. Signed-off-by: Dan Carpenter Signed-off-by: David Howells Signed-off-by: James Morris --- security/keys/key.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/security/keys/key.c b/security/keys/key.c index e17ba6aefdc0..aee2ec5a18fc 100644 --- a/security/keys/key.c +++ b/security/keys/key.c @@ -276,12 +276,10 @@ struct key *key_alloc(struct key_type *type, const char *desc, if (!key) goto no_memory_2; - if (desc) { - key->index_key.desc_len = desclen; - key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL); - if (!key->description) - goto no_memory_3; - } + key->index_key.desc_len = desclen; + key->index_key.description = kmemdup(desc, desclen + 1, GFP_KERNEL); + if (!key->description) + goto no_memory_3; atomic_set(&key->usage, 1); init_rwsem(&key->sem);