diff options
author | Andrey Zhizhikin <andrey.z@gmail.com> | 2020-08-20 14:26:04 +0000 |
---|---|---|
committer | Andrey Zhizhikin <andrey.z@gmail.com> | 2020-08-20 14:26:04 +0000 |
commit | b66890eae17a10b50a94472de6ed095ff8ebd315 (patch) | |
tree | 27a2be46771b907d0f6bc78825ad9d1e8b72477b /security | |
parent | 397a487c917f91e3fbca6c9a1a5bffb779d42e76 (diff) | |
parent | f61e1c3638dddaa1a1f3bb59d2bc288d9f0f1b5b (diff) |
Merge tag 'v5.4.59' into 5.4-2.1.x-imx
This is the 5.4.59 stable release
Conflicts (manual resolve):
drivers/gpu/drm/imx/dw_hdmi-imx.c:
drivers/gpu/drm/imx/imx-ldb.c:
drivers/gpu/drm/imx/ipuv3/ipuv3-crtc.c:
Port changes from upstream commit [1a279871012d3], which extends
component lifetime by moving drm structures allocation/free from
bind() to probe().
sound/soc/fsl/fsl_sai.c:
Apply patch [b8ae2bf5ccc66] from upstream, which uses FIFO watermark
mask macro.
Signed-off-by: Andrey Zhizhikin <andrey.z@gmail.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/ima/ima.h | 5 | ||||
-rw-r--r-- | security/integrity/ima/ima_policy.c | 2 | ||||
-rw-r--r-- | security/smack/smackfs.c | 6 |
3 files changed, 11 insertions, 2 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index be469fce19e1..8173982e00ab 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -362,6 +362,7 @@ static inline void ima_free_modsig(struct modsig *modsig) #ifdef CONFIG_IMA_LSM_RULES #define security_filter_rule_init security_audit_rule_init +#define security_filter_rule_free security_audit_rule_free #define security_filter_rule_match security_audit_rule_match #else @@ -372,6 +373,10 @@ static inline int security_filter_rule_init(u32 field, u32 op, char *rulestr, return -EINVAL; } +static inline void security_filter_rule_free(void *lsmrule) +{ +} + static inline int security_filter_rule_match(u32 secid, u32 field, u32 op, void *lsmrule) { diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index 558a7607bf93..e725d4187271 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@ -254,7 +254,7 @@ static void ima_lsm_free_rule(struct ima_rule_entry *entry) int i; for (i = 0; i < MAX_LSM_RULES; i++) { - kfree(entry->lsm[i].rule); + security_filter_rule_free(entry->lsm[i].rule); kfree(entry->lsm[i].args_p); } kfree(entry); diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 840a192e9337..9c4308077574 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -884,7 +884,7 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, } ret = sscanf(rule, "%d", &maplevel); - if (ret != 1 || maplevel > SMACK_CIPSO_MAXLEVEL) + if (ret != 1 || maplevel < 0 || maplevel > SMACK_CIPSO_MAXLEVEL) goto out; rule += SMK_DIGITLEN; @@ -905,6 +905,10 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, for (i = 0; i < catlen; i++) { rule += SMK_DIGITLEN; + if (rule > data + count) { + rc = -EOVERFLOW; + goto out; + } ret = sscanf(rule, "%u", &cat); if (ret != 1 || cat > SMACK_CIPSO_MAXCATNUM) goto out; |