KP Singh aa662fc04f ima: Fix NULL pointer dereference in ima_file_hash ... ima_file_hash can be called when there is no iint->ima_hash available even though the inode exists in the integrity cache. It is fairly common for a file to not have a hash. (e.g. an mknodat, prior to the file being closed). Another example where this can happen (suggested by Jann Horn): Process A does: while(1) { unlink("/tmp/imafoo"); fd = open("/tmp/imafoo", O_RDWR|O_CREAT|O_TRUNC, 0700); if (fd == -1) { perror("open"); continue; } write(fd, "A", 1); close(fd); } and Process B does: while (1) { int fd = open("/tmp/imafoo", O_RDONLY); if (fd == -1) continue; char *mapping = mmap(NULL, 0x1000, PROT_READ|PROT_EXEC, MAP_PRIVATE, fd, 0); if (mapping != MAP_FAILED) munmap(mapping, 0x1000); close(fd); } Due to the race to get the iint->mutex between ima_file_hash and process_measurement iint->ima_hash could still be NULL. Fixes: 6beea7afcc ("ima: add the ability to query the cached hash of a given file") Signed-off-by: KP Singh <kpsingh@google.com> Reviewed-by: Florent Revest <revest@chromium.org> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>		2020-09-16 17:43:02 -04:00
..
evm	evm: Check size of security.evm before using it	2020-09-15 13:47:42 -04:00
ima	ima: Fix NULL pointer dereference in ima_file_hash	2020-09-16 17:43:02 -04:00
platform_certs	EFI updates for v5.7:	2020-02-26 15:21:22 +01:00
digsig_asymmetric.c	integrity: include keyring name for unknown key request	2020-09-09 20:05:28 -04:00
digsig.c	integrity: Remove duplicate pr_fmt definitions	2020-02-28 14:32:58 -05:00
iint.c	integrity/ima: switch to using __kernel_read	2020-07-08 08:27:57 +02:00
integrity_audit.c	integrity: Use current_uid() in integrity_audit_message()	2020-08-31 17:46:50 -04:00
integrity.h	integrity: Add errno field in audit message	2020-07-16 21:48:11 -04:00
Kconfig	powerpc: Load firmware trusted keys/hashes into kernel keyring	2019-11-13 00:33:23 +11:00
Makefile	powerpc: Load firmware trusted keys/hashes into kernel keyring	2019-11-13 00:33:23 +11:00