Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()

Browse source 
[ Upstream commit 0014cc04e8ec077dc482f00c87dfd949cfe2b98f ]

Commit a408e4a86b36 ("ima: open a new file instance if no read
permissions") tries to create a new file descriptor to calculate a file
digest if the file has not been opened with O_RDONLY flag. However, if a
new file descriptor cannot be obtained, it sets the FMODE_READ flag to
file->f_flags instead of file->f_mode.

This patch fixes this issue by replacing f_flags with f_mode as it was
before that commit.

Cc: stable@vger.kernel.org # 4.20.x
Fixes: a408e4a86b36 ("ima: open a new file instance if no read permissions")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Goldwyn Rodrigues <rgoldwyn@suse.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Roberto Sassu 2020-04-27 12:28:55 +02:00 committed by Greg Kroah-Hartman
parent 512f9837b4
commit 904de138ba
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
security/integrity/ima/ima_crypto.c
View file

@ -415,7 +415,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
loff_t i_size; loff_t i_size;
int rc; int rc;
struct file *f = file; struct file *f = file;
bool new_file_instance = false, modified_flags = false; bool new_file_instance = false, modified_mode = false;
/* /*
* For consistency, fail file's opened with the O_DIRECT flag on * For consistency, fail file's opened with the O_DIRECT flag on
@ -435,13 +435,13 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
f = dentry_open(&file->f_path, flags, file->f_cred); f = dentry_open(&file->f_path, flags, file->f_cred);
if (IS_ERR(f)) { if (IS_ERR(f)) {
/* /*
* Cannot open the file again, lets modify f_flags * Cannot open the file again, lets modify f_mode
* of original and continue * of original and continue
*/ */
pr_info_ratelimited("Unable to reopen file for reading.\n"); pr_info_ratelimited("Unable to reopen file for reading.\n");
f = file; f = file;
f->f_flags |= FMODE_READ; f->f_mode |= FMODE_READ;
modified_flags = true; modified_mode = true;
} else { } else {
new_file_instance = true; new_file_instance = true;
} }
@ -459,8 +459,8 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
out: out:
if (new_file_instance) if (new_file_instance)
fput(f); fput(f);
else if (modified_flags) else if (modified_mode)
f->f_flags &= ~FMODE_READ; f->f_mode &= ~FMODE_READ;
return rc; return rc;
} }