[PATCH 2/2] ima: use the lsm policy update notifier
Mimi Zohar
zohar at linux.ibm.com
Thu Jun 6 22:28:04 UTC 2019
Hi Janne,
One more comment below ...
> > +
> > +static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry)
> > +{
> > + struct ima_rule_entry *nentry;
> > + int i, result;
> > +
> > + nentry = kmalloc(sizeof(*nentry), GFP_KERNEL);
> > + if (!nentry)
> > + return NULL;
> > +
> > + memcpy(nentry, entry, sizeof(*nentry));
> > + nentry->fsname = NULL;
> > + for (i = 0; i < MAX_LSM_RULES; i++) {
> > + nentry->lsm[i].rule = NULL;
> > + nentry->lsm[i].args_p = NULL;
> > + }
I don't think this loop is necessary. Either use kzalloc() or move
the initialization to inside the loop below.
> > +
> > + if (entry->fsname) {
> > + nentry->fsname = kstrdup(entry->fsname, GFP_KERNEL);
> > + if (!nentry->fsname)
> > + goto out_err;
> > + }
> > + for (i = 0; i < MAX_LSM_RULES; i++) {
> > + if (!entry->lsm[i].rule)
> > + continue;
To here.
> > +
> > + nentry->lsm[i].type = entry->lsm[i].type;
> > + nentry->lsm[i].args_p = kstrdup(entry->lsm[i].args_p,
> > + GFP_KERNEL);
> > + if (!nentry->lsm[i].args_p)
> > + goto out_err;
If the memory allocation fails, then nentry will be freed anyway.
thanks,
Mimid
More information about the Linux-security-module-archive
mailing list