> >
> > [1]
> > https://syzkaller.appspot.com/bug?id=a55ba438506fe68649a5f50d2d82d56b365e0107
>
> Acked-by: "Eric W. Biederman"
>
> Tetsuo I can pick this up, or do you have preferred path for getting
> this change merged?
>
It can go via my tree if needed, but otherwise:
Acked-by: James Morris
--
James Morris
2018 is:
* James Morris, Microsoft
* Serge Hallyn, Cisco
* Paul Moore, Red Hat
* Stephen Smalley, NSA
* Elena Reshetova, Intel
* John Johansen, Canonical
* Kees Cook, Google
* Casey Schaufler, Intel
* Mimi Zohar, IBM
* David A. Wheeler, Institute for Defense Anal
2018 is:
* James Morris, Microsoft
* Serge Hallyn, Cisco
* Paul Moore, Red Hat
* Stephen Smalley, NSA
* Elena Reshetova, Intel
* John Johansen, Canonical
* Kees Cook, Google
* Casey Schaufler, Intel
* Mimi Zohar, IBM
* David A. Wheeler, Institute for Defense Anal
On Mon, 9 Apr 2018, Stephen Rothwell wrote:
> Hi James,
>
> On Mon, 9 Apr 2018 12:51:53 +1000 (AEST) James Morris <jmor...@namei.org>
> wrote:
> >
> > That's odd, my next-general branch is merged to Linus.
>
> The security tree in linux-next is
>
>
On Mon, 9 Apr 2018, Stephen Rothwell wrote:
> Hi James,
>
> On Mon, 9 Apr 2018 12:51:53 +1000 (AEST) James Morris
> wrote:
> >
> > That's odd, my next-general branch is merged to Linus.
>
> The security tree in linux-next is
>
> git://git.kernel.org/pu
e maintainer of the conflicting tree to minimise any
> > > particularly complex conflicts.
> >
> > This is now a conflict between the efi-lock-down tree and Linus' tree.
>
> This is now a conflict between the security tree and Linus' tree.
That's odd, my next-general branch is merged to Linus.
--
James Morris
<jmor...@namei.org>
gt; > particularly complex conflicts.
> >
> > This is now a conflict between the efi-lock-down tree and Linus' tree.
>
> This is now a conflict between the security tree and Linus' tree.
That's odd, my next-general branch is merged to Linus.
--
James Morris
Please pull these updates for the Integrity subsystem, via Mimi:
a mixture of bug fixes, code cleanup, and continues to close
IMA-measurement, IMA-appraisal, and IMA-audit gaps.
Also note the addition of a new cred_getsecid LSM hook by Matthew Garrett:
For IMA purposes, we want to
Please pull these updates for the Integrity subsystem, via Mimi:
a mixture of bug fixes, code cleanup, and continues to close
IMA-measurement, IMA-appraisal, and IMA-audit gaps.
Also note the addition of a new cred_getsecid LSM hook by Matthew Garrett:
For IMA purposes, we want to
07:48:26 +1100)
Chris Chiu (1):
tpm: self test failure should not cause suspend to fail
James Bottomley (2):
tpm: add retry logic
tpm: fix intermittent failure with self tests
James Morris (1):
Merge tag '
07:48:26 +1100)
Chris Chiu (1):
tpm: self test failure should not cause suspend to fail
James Bottomley (2):
tpm: add retry logic
tpm: fix intermittent failure with self tests
James Morris (1):
Merge tag '
It's surely reasonable to allow an already secure-booted system to be
debugged without needing to be rebooted.
- James
--
James Morris
<jmor...@namei.org>
It's surely reasonable to allow an already secure-booted system to be
debugged without needing to be rebooted.
- James
--
James Morris
On Tue, 3 Apr 2018, Ard Biesheuvel wrote:
> [snip]
Thanks for the input -- there are obviously still issues to be resolved.
I'll now not be pushing these to Linus for v4.17.
--
James Morris
<jmor...@namei.org>
On Tue, 3 Apr 2018, Ard Biesheuvel wrote:
> [snip]
Thanks for the input -- there are obviously still issues to be resolved.
I'll now not be pushing these to Linus for v4.17.
--
James Morris
>
> Signed-off-by: "Eric W. Biederman" <ebied...@xmission.com>
Reviewed-by: James Morris <james.mor...@microsoft.com>
--
James Morris
<jmor...@namei.org>
>
> Signed-off-by: "Eric W. Biederman"
Reviewed-by: James Morris
--
James Morris
re boot.
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
next-lockdown and next-testing
Are there any known coverage gaps now?
--
James Morris
<jmor...@namei.org>
re boot.
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
next-lockdown and next-testing
Are there any known coverage gaps now?
--
James Morris
t://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
next-tpm
and next-testing
--
James Morris
<jmor...@namei.org>
t://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
next-tpm
and next-testing
--
James Morris
org/pub/scm/linux/kernel/git/jmorris/linux-security.git
next-general
and next-testing
--
James Morris
<jmor...@namei.org>
git/jmorris/linux-security.git
next-general
and next-testing
--
James Morris
On Tue, 13 Mar 2018, Stefan Berger wrote:
> On 03/11/2018 06:58 PM, James Morris wrote:
> > On Fri, 9 Mar 2018, Stefan Berger wrote:
> >
> > > Yuqiong is publishing a paper in this area. I believe the conference is
> > > only
> > > later this year
On Tue, 13 Mar 2018, Stefan Berger wrote:
> On 03/11/2018 06:58 PM, James Morris wrote:
> > On Fri, 9 Mar 2018, Stefan Berger wrote:
> >
> > > Yuqiong is publishing a paper in this area. I believe the conference is
> > > only
> > > later this year
return ret;
>
> - ret = deny_write_access(file);
> + ret = security_kernel_read_file(file, id);
> if (ret)
> - return ret;
> + goto out;
>
> i_size = i_size_read(file_inode(file));
> if (max_size > 0 && i_size > max_size) {
>
--
James Morris
<jmor...@namei.org>
> - ret = deny_write_access(file);
> + ret = security_kernel_read_file(file, id);
> if (ret)
> - return ret;
> + goto out;
>
> i_size = i_size_read(file_inode(file));
> if (max_size > 0 && i_size > max_size) {
>
--
James Morris
can you include this requirements analysis as
a file Documentation/security on the next posting?
Also, if you need a public space for managing these kinds of documents,
consider utilizing
http://kernsec.org/wiki/index.php/Linux_Kernel_Integrity
- James
--
James Morris
<jmor...@namei.org>
can you include this requirements analysis as
a file Documentation/security on the next posting?
Also, if you need a public space for managing these kinds of documents,
consider utilizing
http://kernsec.org/wiki/index.php/Linux_Kernel_Integrity
- James
--
James Morris
On Tue, 6 Mar 2018, Casey Schaufler wrote:
> On 3/6/2018 11:01 AM, Paul Moore wrote:
> > On Fri, Sep 8, 2017 at 6:09 PM, James Morris <jmor...@namei.org> wrote:
> >> On Fri, 8 Sep 2017, Paul Moore wrote:
> >>> Looks fine to me from a SELinux perspective
On Tue, 6 Mar 2018, Casey Schaufler wrote:
> On 3/6/2018 11:01 AM, Paul Moore wrote:
> > On Fri, Sep 8, 2017 at 6:09 PM, James Morris wrote:
> >> On Fri, 8 Sep 2017, Paul Moore wrote:
> >>> Looks fine to me from a SELinux perspective. If Casey and John are
> &g
325fbcb4fc:
Merge tag 'seccomp-v4.16-rc4' of
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into fixes-v4.16-rc4
(2018-02-27 10:39:29 -0800)
--------
James Morris (1):
Merge tag 'seccomp-v4.16-rc4' of https://git.kernel.or
325fbcb4fc:
Merge tag 'seccomp-v4.16-rc4' of
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux into fixes-v4.16-rc4
(2018-02-27 10:39:29 -0800)
--------
James Morris (1):
Merge tag 'seccomp-v4.16-rc4' of https://git.kernel.or
Please pull these bugfixes for TPM, from Jeremy Boone, via Jarkko
Sakkinen.
The following changes since commit 4c3579f6cadd5eb8250a36e789e6df66f660237a:
Merge tag 'edac_fixes_for_4.16' of
git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp (2018-02-26 10:19:15 -0800)
are available in the
Please pull these bugfixes for TPM, from Jeremy Boone, via Jarkko
Sakkinen.
The following changes since commit 4c3579f6cadd5eb8250a36e789e6df66f660237a:
Merge tag 'edac_fixes_for_4.16' of
git://git.kernel.org/pub/scm/linux/kernel/git/bp/bp (2018-02-26 10:19:15 -0800)
are available in the
On Mon, 26 Feb 2018, James Bottomley wrote:
> On Tue, 2018-02-27 at 05:52 +1100, James Morris wrote:
> > On Mon, 26 Feb 2018, Jarkko Sakkinen wrote:
> >
> > >
> > > Hi
> > >
> > > Here is a batch of critical fixes for 4.16.
> > >
On Mon, 26 Feb 2018, James Bottomley wrote:
> On Tue, 2018-02-27 at 05:52 +1100, James Morris wrote:
> > On Mon, 26 Feb 2018, Jarkko Sakkinen wrote:
> >
> > >
> > > Hi
> > >
> > > Here is a batch of critical fixes for 4.16.
> > >
On Mon, 26 Feb 2018, Jarkko Sakkinen wrote:
> Hi
>
> Here is a batch of critical fixes for 4.16.
>
Do you have CVEs for these? If so, please include them in the commit
messages.
--
James Morris
<jmor...@namei.org>
On Mon, 26 Feb 2018, Jarkko Sakkinen wrote:
> Hi
>
> Here is a batch of critical fixes for 4.16.
>
Do you have CVEs for these? If so, please include them in the commit
messages.
--
James Morris
direct verification of SignerInfo signature
X.509: fix BUG_ON() when hash algorithm is unsupported
X.509: fix NULL dereference when restricting key with unsupported_sig
James Morris (2):
Merge tag 'seccomp-v4.16-rc3' of https://git.kernel.org/.../kees/linux
into fixes-v4.16-rc3
direct verification of SignerInfo signature
X.509: fix BUG_ON() when hash algorithm is unsupported
X.509: fix NULL dereference when restricting key with unsupported_sig
James Morris (2):
Merge tag 'seccomp-v4.16-rc3' of https://git.kernel.org/.../kees/linux
into fixes-v4.16-rc3
tp://kisskb.ellerman.id.au/kisskb/head/13396/
> ---
> security/integrity/digsig.c |1 +
> 1 file changed, 1 insertion(+)
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
fixes-v4.16-rc3
--
James Morris
<jmor...@namei.org>
1 insertion(+)
Applied to
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
fixes-v4.16-rc3
--
James Morris
grab them from there.
--
James Morris
<jmor...@namei.org>
grab them from there.
--
James Morris
> bugs.
Thanks, applied to:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
fixes-v4.16-rc3
--
James Morris
<jmor...@namei.org>
> bugs.
Thanks, applied to:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
fixes-v4.16-rc3
--
James Morris
l way to notify
IMA that a file had changed, so, always measure. IMA assumes that changes
to a running system are made under the control of a correctly enforced
security policy. If you're using FUSE and IMA, then you should understand
the security implications of that. Or am I missing something?
- James
--
James Morris
<jmor...@namei.org>
l way to notify
IMA that a file had changed, so, always measure. IMA assumes that changes
to a running system are made under the control of a correctly enforced
security policy. If you're using FUSE and IMA, then you should understand
the security implications of that. Or am I missing something?
- James
--
James Morris
On Fri, 2 Feb 2018, Mimi Zohar wrote:
> On Fri, 2018-02-02 at 21:07 +1100, James Morris wrote:
> > On Thu, 1 Feb 2018, Mimi Zohar wrote:
> >
> > > Hi James,
> > >
> > > Included in this pull request are three bug fixes, assuming the 2 FUSE
> > &g
On Fri, 2 Feb 2018, Mimi Zohar wrote:
> On Fri, 2018-02-02 at 21:07 +1100, James Morris wrote:
> > On Thu, 1 Feb 2018, Mimi Zohar wrote:
> >
> > > Hi James,
> > >
> > > Included in this pull request are three bug fixes, assuming the 2 FUSE
> > &g
nitialize iint->atomic_flags
> maintainers: update trusted keys
>
> MAINTAINERS | 1 +
> fs/fuse/inode.c | 2 +-
> include/linux/fs.h| 1 +
> security/integrity/iint.c | 1 +
> security/integrity/ima/ima_main.c | 15 +--
> 5 files changed, 17 insertions(+), 3 deletions(-)
>
--
James Morris
<jmor...@namei.org>
nitialize iint->atomic_flags
> maintainers: update trusted keys
>
> MAINTAINERS | 1 +
> fs/fuse/inode.c | 2 +-
> include/linux/fs.h| 1 +
> security/integrity/iint.c | 1 +
> security/integrity/ima/ima_main.c | 15 +--
> 5 files changed, 17 insertions(+), 3 deletions(-)
>
--
James Morris
On Wed, 31 Jan 2018, Linus Torvalds wrote:
> On Sun, Jan 28, 2018 at 3:41 PM, James Morris <jmor...@namei.org> wrote:
> >
> > Note that individual trees may also be pulled via:
> >
> > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-securi
On Wed, 31 Jan 2018, Linus Torvalds wrote:
> On Sun, Jan 28, 2018 at 3:41 PM, James Morris wrote:
> >
> > Note that individual trees may also be pulled via:
> >
> > git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
> > next
missing in [1]. Is it supposed to be that way?
> >
> > 1.
> > https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=6e592a065d51d26f9d62b8b7501a5114076af8b4
> >
> > Thanks,
> > PrasannaKumar
>
> Yes, it would be senseful.
>
e that way?
> >
> > 1.
> > https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=6e592a065d51d26f9d62b8b7501a5114076af8b4
> >
> > Thanks,
> > PrasannaKumar
>
> Yes, it would be senseful.
>
> James, would it still be possible to amend this tag to security tree?
Nope, it's been pushed to Linus.
--
James Morris
dule appraisal error
Casey Schaufler (1):
Smack: Privilege check on key operations
Dmitry Kasatkin (1):
ima: re-introduce own integrity cache lock
James Morris (8):
Merge tag 'v4.15-rc1' into next-testing
Merge tag 'seccomp-next' of https://git.kernel.org/.../kees/linu
dule appraisal error
Casey Schaufler (1):
Smack: Privilege check on key operations
Dmitry Kasatkin (1):
ima: re-introduce own integrity cache lock
James Morris (8):
Merge tag 'v4.15-rc1' into next-testing
Merge tag 'seccomp-next' of https://git.kernel.org/.../kees/linu
/pub/scm/linux/kernel/git/jmorris/linux-security.git
for-linus
for you to fetch changes up to 3eab2ad9162e7467c988b91f50395eac51a1e650:
MAINTAINERS: update email address for James Morris (2018-01-25 07:53:57 +1100)
James Morris (1
/pub/scm/linux/kernel/git/jmorris/linux-security.git
for-linus
for you to fetch changes up to 3eab2ad9162e7467c988b91f50395eac51a1e650:
MAINTAINERS: update email address for James Morris (2018-01-25 07:53:57 +1100)
James Morris (1
On Thu, 18 Jan 2018, Mimi Zohar wrote:
> Hi James,
>
> Sorry, here's one last patch for 4.16.
>
Thanks, merged to:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
next-testing
next-integrity
--
James Morris
<jmor...@namei.org>
On Thu, 18 Jan 2018, Mimi Zohar wrote:
> Hi James,
>
> Sorry, here's one last patch for 4.16.
>
Thanks, merged to:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
next-testing
next-integrity
--
James Morris
On Fri, 12 Jan 2018, W. Trevor King wrote:
> The reference landed with the config option in 385ce0ea (x86/mm/pti:
> Add Kconfig, 2017-12-04), but the referenced file was never committed.
>
> Signed-off-by: W. Trevor King <wk...@tremily.us>
Acked-by: James Morris <jame
On Fri, 12 Jan 2018, W. Trevor King wrote:
> The reference landed with the config option in 385ce0ea (x86/mm/pti:
> Add Kconfig, 2017-12-04), but the referenced file was never committed.
>
> Signed-off-by: W. Trevor King
Acked-by: James Morris
--
James Morris
he entier TPM command/response flow.
> * Check whether #CLKRUN is enabled before disabling and enabling it
> again because enabling it breaks PS/2 devices on a system where it
> is disabled.
>
Thanks, merged to:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-se
he entier TPM command/response flow.
> * Check whether #CLKRUN is enabled before disabling and enabling it
> again because enabling it breaks PS/2 devices on a system where it
> is disabled.
>
Thanks, merged to:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-se
duration of
> transmit_cmd()")
> Signed-off-by: Arnd Bergmann <a...@arndb.de>
Reviewed-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<james.l.mor...@oracle.com>
duration of
> transmit_cmd()")
> Signed-off-by: Arnd Bergmann
Reviewed-by: James Morris
--
James Morris
0x50 fs/xattr.c:483
entry_SYSCALL_64_fastpath+0x18/0x85
Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities")
Cc: <sta...@vger.kernel.org> # v4.14+
Signed-off-by: Eric Biggers <ebigg...@google.com>
Reviewed-by: Serge Hallyn <se...@hallyn.com&g
s/xattr.c:483
entry_SYSCALL_64_fastpath+0x18/0x85
Fixes: 8db6c34f1dbc ("Introduce v3 namespaced file capabilities")
Cc: # v4.14+
Signed-off-by: Eric Biggers
Reviewed-by: Serge Hallyn
Signed-off-by: James Morris
diff --git a/security/commoncap.c b/security/commoncap.c
index
You need
semantic knowledge of how those hooks are configured, i.e. security
policy.
I suggest dropping this part for now at least, and perhaps think about
building an API on top of this feature with strongly defined semantics
(e.g. something like iptables on top of netfilter).
- James
--
Jam
You need
semantic knowledge of how those hooks are configured, i.e. security
policy.
I suggest dropping this part for now at least, and perhaps think about
building an API on top of this feature with strongly defined semantics
(e.g. something like iptables on top of netfilter).
- James
--
James Morris
James
--
James Morris
<james.l.mor...@oracle.com>
James
--
James Morris
On Fri, 8 Dec 2017, Casey Schaufler wrote:
> Would it make sense to have lsm_dynamic.h ?
Yes.
>
> > + DYNAMIC_SECURITY_HOOK_binder_set_context_mgr,
Please trim replies!
--
James Morris
<james.l.mor...@oracle.com>
On Fri, 8 Dec 2017, Casey Schaufler wrote:
> Would it make sense to have lsm_dynamic.h ?
Yes.
>
> > + DYNAMIC_SECURITY_HOOK_binder_set_context_mgr,
Please trim replies!
--
James Morris
NULL restriction string when type is specified
X.509: fix comparisons of ->pkey_algo
James Morris (1):
Merge tag 'keys-fixes-20171208' of
git://git.kernel.org/.../dhowells/linux-fs into keys-for-linus
crypto/asymmetric_keys/pkcs7_parser.c | 4 ++-
crypto/asymmetric_k
NULL restriction string when type is specified
X.509: fix comparisons of ->pkey_algo
James Morris (1):
Merge tag 'keys-fixes-20171208' of
git://git.kernel.org/.../dhowells/linux-fs into keys-for-linus
crypto/asymmetric_keys/pkcs7_parser.c | 4 ++-
crypto/asymmetric_k
y to set a default error condition once and then
some call during the function sets it to zero on success.
--
James Morris
<james.l.mor...@oracle.com>
y to set a default error condition once and then
some call during the function sets it to zero on success.
--
James Morris
makes a lot of sense just having one giant list. I was thinking
> it might make more sense using the module_name instead.
I don't know how useful this will be in practice. Who/what will be
looking at these entries and why?
--
James Morris
<james.l.mor...@oracle.com>
makes a lot of sense just having one giant list. I was thinking
> it might make more sense using the module_name instead.
I don't know how useful this will be in practice. Who/what will be
looking at these entries and why?
--
James Morris
the error first, would be better, but
this is a clear enough fix on its own.
Reviewed-by: James Morris <james.l.mor...@oracle.com>
--
James Morris
<james.l.mor...@oracle.com>
on its own.
Reviewed-by: James Morris
--
James Morris
s the simplest fix is to use strncmp() instead of strcmp().
>
> Can somebody test below patch? (My CentOS 7 environment does not support
> enabling SELinux in linux.git . Userspace tool is too old to support?)
You mean enabling KASAN? Yep, you need gcc 4.9.2 or better. Recent
Fedora has it.
--
James Morris
<james.l.mor...@oracle.com>
s the simplest fix is to use strncmp() instead of strcmp().
>
> Can somebody test below patch? (My CentOS 7 environment does not support
> enabling SELinux in linux.git . Userspace tool is too old to support?)
You mean enabling KASAN? Yep, you need gcc 4.9.2 or better. Recent
Fedora has it.
--
James Morris
McKenney <paul...@linux.vnet.ibm.com>
> Cc: David Howells <dhowe...@redhat.com>
> Cc: James Morris <james.l.mor...@oracle.com>
> Cc: "Serge E. Hallyn" <se...@hallyn.com>
> Cc: <keyri...@vger.kernel.org>
> Cc: <linux-security-mod..
McKenney
> Cc: David Howells
> Cc: James Morris
> Cc: "Serge E. Hallyn"
> Cc:
> Cc:
Reviewed-by: James Morris
--
James Morris
t/jmorris/linux-security.git
--
James Morris
<james.l.mor...@oracle.com>
t/jmorris/linux-security.git
--
James Morris
st to /proc (per-task) or /sys/fs (global) ?
The per-task whitelist is inherited from the global one by default, or
from a parent process if it's been modified in the parent.
--
James Morris
<james.l.mor...@oracle.com>
st to /proc (per-task) or /sys/fs (global) ?
The per-task whitelist is inherited from the global one by default, or
from a parent process if it's been modified in the parent.
--
James Morris
!capable(CAP_NET_ADMIN) ||
!unprivileged_autoload(module_name)))
return -EPERM;
--
James Morris
<james.l.mor...@oracle.com>
!capable(CAP_NET_ADMIN) ||
!unprivileged_autoload(module_name)))
return -EPERM;
--
James Morris
KEYS: fix in-kernel documentation for keyctl_read()
James Morris (1):
Merge tag 'keys-next-20171123' of
git://git.kernel.org/.../dhowells/linux-fs into next-keys
Documentation/security/keys/core.rst | 10 +-
crypto/asymmetric_keys/pkcs7_key_type.c | 1 +
crypto/as
KEYS: fix in-kernel documentation for keyctl_read()
James Morris (1):
Merge tag 'keys-next-20171123' of
git://git.kernel.org/.../dhowells/linux-fs into next-keys
Documentation/security/keys/core.rst | 10 +-
crypto/asymmetric_keys/pkcs7_key_type.c | 1 +
crypto/as
before updating
security.ima.
Cc: sta...@vger.kernel.org
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
Signed-off-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Signed-off-by: James Morris <james.l.mor...@oracle.com>
diff --git a/security/integrity/ima/ima_ap
Cc: sta...@vger.kernel.org
Signed-off-by: Roberto Sassu
Signed-off-by: Mimi Zohar
Signed-off-by: James Morris
diff --git a/security/integrity/ima/ima_appraise.c
b/security/integrity/ima/ima_appraise.c
index ec7dfa0..65fbcf3 100644
--- a/security/integrity/ima/ima_appraise.c
+++
kref_put(>refcount, sgx_encl_release);
> + return ret;
> +}
Don't you need an sgx_free_page() somewhere here?
--
James Morris
<james.l.mor...@oracle.com>
401 - 500 of 2193 matches
Mail list logo