From nobody Sat Feb 7 13:45:49 2026 Received: from mx0a-00082601.pphosted.com (mx0a-00082601.pphosted.com [67.231.145.42]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D6321F4180 for ; Sun, 1 Feb 2026 02:42:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=67.231.145.42 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769913771; cv=none; b=Cz7h+CSzuoTlNOIKBgdWvAJbf4Szk4E+39EMoNpKCEe8Dfzxlydu2STd4Am0BEvR83ee4zN1mBACYYYwApYSp+YZDiDLAItyb/8tl6mnO19ALUtm5WY/ox/AcdfcjIYdatGyvXR5vkqiO4hD61NaXRkWLjZdyCBKzcBZgrcoPu0= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1769913771; c=relaxed/simple; bh=JNajJnO9nq5PoIsWYsYzLUJ8h+KRcJYHjBw5q0Uf3mk=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=sBtVwv/TgyLQcgfNBOi8y1fmf+cj8svENTCmWxDvL9GL1obF9h2W6GEzaDSOAqqNohrvsz87cn6Apr539AtQfWJuSK+Mss84Ed+mj0AQ0QoznbJLfxRu7Dnoa3D21IYI0GdbkyhzVH71JRTfGxSUx7wdzc9Jvh0Ytb204kwPi3U= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=meta.com; spf=pass smtp.mailfrom=meta.com; dkim=pass (2048-bit key) header.d=meta.com header.i=@meta.com header.b=ZcWgui4h; arc=none smtp.client-ip=67.231.145.42 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=meta.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=meta.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=meta.com header.i=@meta.com header.b="ZcWgui4h" Received: from pps.filterd (m0109333.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.18.1.11/8.18.1.11) with ESMTP id 60VMxQib789951 for ; Sat, 31 Jan 2026 18:42:49 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meta.com; h=cc :content-transfer-encoding:content-type:date:from:message-id :mime-version:subject:to; s=s2048-2025-q2; bh=KxLQFcBKQj+dgeEIod F9EG42qAQTlb+bW/yrZOzovN4=; b=ZcWgui4hNbvRUJlyxu7eDdLXpkZ5SLp8uJ JlCpB7Kvm29rnJUhuJixcIsjfqsbBk5evJNXZGc3PbZV8z2yS11OMCEDJx6RLOJu 0QE0QkwX1A9OdG9cLSJHaR8r/dlfwN0ikMGXhs4N3yX13jKOt1qXWavAsvKvag2Z UPKVaBvdeSfWi0TCGPNcrDOG9GBDA6kkBaw2keftEkIoFm+iHXpdNQHSNsqxsEFG 7/AuKIo0eZUbVHwk87D7o0GaZIekBD5J4fesW+2tlbuN1vV8x+XQ3IrlgEZzUdha 57zCAWWIafQ0Qd3F0vL2MCxPP7Om8VUgN77dHu5RrlY8C56xFjYQ== Received: from maileast.thefacebook.com ([163.114.135.16]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 4c1emywrxe-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NOT) for ; Sat, 31 Jan 2026 18:42:49 -0800 (PST) Received: from twshared26871.17.frc2.facebook.com (2620:10d:c0a8:1b::2d) by mail.thefacebook.com (2620:10d:c0a9:6f::237c) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.2.2562.35; Sun, 1 Feb 2026 02:42:48 +0000 Received: by devbig010.atn3.facebook.com (Postfix, from userid 224791) id 1383A7789A4; Sat, 31 Jan 2026 18:40:15 -0800 (PST) From: Daniel Hodges To: Mimi Zohar , Roberto Sassu , Dmitry Kasatkin CC: Eric Snowberg , Paul Moore , James Morris , "Serge E . Hallyn" , , , , Daniel Hodges Subject: [PATCH] ima: check return value of crypto_shash_final() in boot aggregate Date: Sat, 31 Jan 2026 18:40:15 -0800 Message-ID: <20260201024015.2862236-1-hodgesd@meta.com> X-Mailer: git-send-email 2.47.3 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-FB-Internal: Safe X-Proofpoint-GUID: uxKJeo9bhaKVg_kY0EeYJlqwrQdSzdG3 X-Authority-Analysis: v=2.4 cv=aJv9aL9m c=1 sm=1 tr=0 ts=697ebda9 cx=c_pps a=MfjaFnPeirRr97d5FC5oHw==:117 a=MfjaFnPeirRr97d5FC5oHw==:17 a=vUbySO9Y5rIA:10 a=VkNPw1HP01LnGYTKEx00:22 a=VabnemYjAAAA:8 a=G4tEbEgpH93ySczLUAUA:9 a=gKebqoRLp9LExxC7YDUY:22 X-Proofpoint-ORIG-GUID: uxKJeo9bhaKVg_kY0EeYJlqwrQdSzdG3 X-Proofpoint-Spam-Details-Enc: AW1haW4tMjYwMjAxMDAyMSBTYWx0ZWRfX7bBKTUuafU13 eAMJ8fONbcLT87k3uUg+7iovQcw1sm62h1k7DUveoh3nHCm2ftisXczphgvIwWmkP+Bive6p2Oj a+Klav//XjNnJUTfiL+LZjt4qlf4e0BddQ/dCI1juY9CAIC4TG/IJQtQSV6S/+dYsA0U6SX762e jJ4Ah/+F7x+0yODFMutZMvvcXhVvQ4Llf4xRbDG4zdG3fuuteeEQBLQh+LGFhfIyPE/ZIFAfOAV 4l+Kn9HO08GnxIk/2kpdOGnn9t+GDjqcojFCAV4WqJTmUmrnIGrMrv/WWPBq3akxMJ+NSznizVB JX0OMGLSRwp/GHaXtLk2KWV75Taod9SMHkxfzksaODztmVf6wMYUqulKoVmyLNgylOMsWRPKvaN 0gB0g5TLhrDx5PTNWDfJXf7cWQ8WGoEbKJEl8BHTDyt5RvXbeYoWRkaYJnOLmWj3gppn9zw5vcv wrX1O8nPuZBIqaJw30g== X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1121,Hydra:6.1.51,FMLib:17.12.100.49 definitions=2026-02-01_01,2026-01-30_04,2025-10-01_01 Content-Type: text/plain; charset="utf-8" The return value of crypto_shash_final() is not checked in ima_calc_boot_aggregate_tfm(). If the hash finalization fails, the function returns success and a corrupted boot aggregate digest could be used for IMA measurements. Capture the return value and propagate any error to the caller. Fixes: 76bb28f6126f ("ima: use new crypto_shash API instead of old crypto_h= ash") Signed-off-by: Daniel Hodges --- security/integrity/ima/ima_crypto.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/i= ma_crypto.c index 6f5696d999d0..8ae7821a65c2 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -825,21 +825,21 @@ static int ima_calc_boot_aggregate_tfm(char *digest, = u16 alg_id, * non-SHA1 boot_aggregate digests to avoid ambiguity. */ if (alg_id !=3D TPM_ALG_SHA1) { for (i =3D TPM_PCR8; i < TPM_PCR10; i++) { ima_pcrread(i, &d); rc =3D crypto_shash_update(shash, d.digest, crypto_shash_digestsize(tfm)); } } if (!rc) - crypto_shash_final(shash, digest); + rc =3D crypto_shash_final(shash, digest); return rc; } =20 int ima_calc_boot_aggregate(struct ima_digest_data *hash) { struct crypto_shash *tfm; u16 crypto_id, alg_id; int rc, i, bank_idx =3D -1; =20 for (i =3D 0; i < ima_tpm_chip->nr_allocated_banks; i++) { --=20 2.47.3