Commit b69c3085 authored by Sascha Hauer's avatar Sascha Hauer Committed by Greg Kroah-Hartman

ima: always return negative code for error

[ Upstream commit f5e10401 ]

integrity_kernel_read() returns the number of bytes read. If this is
a short read then this positive value is returned from
ima_calc_file_hash_atfm(). Currently this is only indirectly called from
ima_calc_file_hash() and this function only tests for the return value
being zero or nonzero and also doesn't forward the return value.
Nevertheless there's no point in returning a positive value as an error,
so translate a short read into -EINVAL.
Signed-off-by: default avatarSascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 6df3c66d
...@@ -271,8 +271,11 @@ static int ima_calc_file_hash_atfm(struct file *file, ...@@ -271,8 +271,11 @@ static int ima_calc_file_hash_atfm(struct file *file,
rbuf_len = min_t(loff_t, i_size - offset, rbuf_size[active]); rbuf_len = min_t(loff_t, i_size - offset, rbuf_size[active]);
rc = integrity_kernel_read(file, offset, rbuf[active], rc = integrity_kernel_read(file, offset, rbuf[active],
rbuf_len); rbuf_len);
if (rc != rbuf_len) if (rc != rbuf_len) {
if (rc >= 0)
rc = -EINVAL;
goto out3; goto out3;
}
if (rbuf[1] && offset) { if (rbuf[1] && offset) {
/* Using two buffers, and it is not the first /* Using two buffers, and it is not the first
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment