From: Roberto Sassu roberto.sassu@huawei.com
mainline inclusion from mainline-v5.8-rc1 commit e144d6b265415ddbdc54b3f17f4f95133effa5a8 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I692HU CVE: NA
--------------------------------
Evaluate error in init_ima() before register_blocking_lsm_notifier() and return if not zero.
Cc: stable@vger.kernel.org # 5.3.x Fixes: b16942455193 ("ima: use the lsm policy update notifier") Signed-off-by: Roberto Sassu roberto.sassu@huawei.com Reviewed-by: James Morris jamorris@linux.microsoft.com Signed-off-by: Mimi Zohar zohar@linux.ibm.com Signed-off-by: GUO Zihua guozihua@huawei.com Reviewed-by: Xiu Jianfeng xiujianfeng@huawei.com Signed-off-by: Yongqiang Liu liuyongqiang13@huawei.com --- security/integrity/ima/ima_main.c | 3 +++ 1 file changed, 3 insertions(+)
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index c33f7eb6b544..834c8c927a1d 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -560,6 +560,9 @@ static int __init init_ima(void) error = ima_init(); }
+ if (error) + return error; + error = register_blocking_lsm_notifier(&ima_lsm_policy_notifier); if (error) pr_warn("Couldn't register LSM notifier, error %d\n", error);