ima: always return negative code for error

integrity_kernel_read() returns the number of bytes read. If this is a short read then this positive value is returned from ima_calc_file_hash_atfm(). Currently this is only indirectly called from ima_calc_file_hash() and this function only tests for the return value being zero or nonzero and also doesn't forward the return value. Nevertheless there's no point in returning a positive value as an error, so translate a short read into -EINVAL. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
author: Sascha Hauer <s.hauer@pengutronix.de> 2019-07-02 10:00:40 +0200
committer: Mimi Zohar <zohar@linux.ibm.com> 2019-08-05 18:40:27 -0400
commit: f5e1040196dbfe14c77ce3dfe3b7b08d2d961e88 (patch)
tree: e369877467e809e5557e7c2d9446b0612a8b37bb /security
parent: e5092255bb3967bcc473dc86492dbbd5f7714023 (diff)
download: linux-f5e1040196dbfe14c77ce3dfe3b7b08d2d961e88.tar.bz2
1 files changed, 4 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index d4c7b8e1b083..7532b062be59 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -268,8 +268,11 @@ static int ima_calc_file_hash_atfm(struct file *file,
 		rbuf_len = min_t(loff_t, i_size - offset, rbuf_size[active]);
 		rc = integrity_kernel_read(file, offset, rbuf[active],
 					   rbuf_len);
-		if (rc != rbuf_len)
+		if (rc != rbuf_len) {
+			if (rc >= 0)
+				rc = -EINVAL;
 			goto out3;
+		}
 
 		if (rbuf[1] && offset) {
 			/* Using two buffers, and it is not the first
author	Sascha Hauer <s.hauer@pengutronix.de>	2019-07-02 10:00:40 +0200
committer	Mimi Zohar <zohar@linux.ibm.com>	2019-08-05 18:40:27 -0400
commit	f5e1040196dbfe14c77ce3dfe3b7b08d2d961e88 (patch)
tree	e369877467e809e5557e7c2d9446b0612a8b37bb /security
parent	e5092255bb3967bcc473dc86492dbbd5f7714023 (diff)
download	linux-f5e1040196dbfe14c77ce3dfe3b7b08d2d961e88.tar.bz2