ima: fix freeing ongoing ahash_request

BugLink: https://bugs.launchpad.net/bugs/1849576
[ Upstream commit 4ece3125f21b1d42b84896c5646dbf0e878464e1 ]

integrity_kernel_read() can fail in which case we forward to call
ahash_request_free() on a currently running request. We have to wait
for its completion before we can free the request.

This was observed by interrupting a "find / -type f -xdev -print0 | xargs -0
cat 1>/dev/null" with ctrl-c on an IMA enabled filesystem.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>

diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index ac1cf1dffc62434cc3799bf7ba6265737b4cc4de..64d937ec55ee63e089a05712ceacc7f4f2364560 100644 (file)
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -274,6 +274,11 @@ static int ima_calc_file_hash_atfm(struct file *file,
                if (rc != rbuf_len) {
                        if (rc >= 0)
                                rc = -EINVAL;
+                       /*
+                        * Forward current rc, do not overwrite with return value
+                        * from ahash_wait()
+                        */
+                       ahash_wait(ahash_rc, &wait);
                        goto out3;
                }