IMA: Handle dentry_open failures

Currently IMA does not handle failures from dentry_open().  This means that we
leave a pointer set to ERR_PTR(errno) and then try to use it just a few lines
later in fput().  Oops.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index cdae13c5ae05fc6f8e248f34a80993a635875666..1987424623c249aae66c709b2a01d83babaec74d 100644 (file)
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -116,10 +116,6 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file,
 {
        int rc = 0;
 
-       if (IS_ERR(file)) {
-               pr_info("%s dentry_open failed\n", filename);
-               return rc;
-       }
        iint->opencount++;
        iint->readcount++;
 
@@ -185,6 +181,12 @@ int ima_path_check(struct path *path, int mask)
                struct vfsmount *mnt = mntget(path->mnt);
 
                file = dentry_open(dentry, mnt, O_RDONLY, current_cred());
+               if (IS_ERR(file)) {
+                       pr_info("%s dentry_open failed\n", dentry->d_name.name);
+                       rc = PTR_ERR(file);
+                       file = NULL;
+                       goto out;
+               }
                rc = get_path_measurement(iint, file, dentry->d_name.name);
        }
 out: