Merge tag 'integrity-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Pull integrity updates from Mimi Zohar:
"Just two bug fixes"

* tag 'integrity-v6.1' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
efi: Correct Macmini DMI match in uefi cert quirk
ima: fix blocking of security.ima xattrs of unsupported algorithms

Linus Torvalds 3 years ago eafb121e 74a0f845

+9 -5

2 changed files

expand all

security

integrity

ima

ima_appraise.c

platform_certs

load_uefi.c

+8 -4

security/integrity/ima/ima_appraise.c

··· 750 750 const struct evm_ima_xattr_data *xvalue = xattr_value; 751 751 int digsig = 0; 752 752 int result; 753 + int err; 753 754 754 755 result = ima_protect_xattr(dentry, xattr_name, xattr_value, 755 756 xattr_value_len); 756 757 if (result == 1) { 757 758 if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST)) 758 759 return -EINVAL; 760 + 761 + err = validate_hash_algo(dentry, xvalue, xattr_value_len); 762 + if (err) 763 + return err; 764 + 759 765 digsig = (xvalue->type == EVM_IMA_XATTR_DIGSIG); 760 766 } else if (!strcmp(xattr_name, XATTR_NAME_EVM) && xattr_value_len > 0) { 761 767 digsig = (xvalue->type == EVM_XATTR_PORTABLE_DIGSIG); 762 768 } 763 769 if (result == 1 || evm_revalidate_status(xattr_name)) { 764 - result = validate_hash_algo(dentry, xvalue, xattr_value_len); 765 - if (result) 766 - return result; 767 - 768 770 ima_reset_appraise_flags(d_backing_inode(dentry), digsig); 771 + if (result == 1) 772 + result = 0; 769 773 } 770 774 return result; 771 775 }

+1 -1

security/integrity/platform_certs/load_uefi.c

··· 31 31 { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,1") }, 32 32 { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir8,2") }, 33 33 { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacBookAir9,1") }, 34 - { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacMini8,1") }, 34 + { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "Macmini8,1") }, 35 35 { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "MacPro7,1") }, 36 36 { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,1") }, 37 37 { UEFI_QUIRK_SKIP_CERT("Apple Inc.", "iMac20,2") },