Merge remote-tracking branch 'security/next'

Conflicts:
	lib/digsig.c
	security/integrity/ima/ima_main.c

diff --cc lib/digsig.c
index dc2be7ed1765b0dc3675c97b2cf862dc969dcd90,0103c5b9b80294ea793df46163789bf7745ec2b9..2f31e6a45f0af3f4e4bccd38aeb1d8324c72eeff
--- 1/lib/digsig.c
--- 2/lib/digsig.c
+++ b/lib/digsig.c
@@@ -162,13 -152,9 +152,11 @@@ static int digsig_verify_rsa(struct ke
        memset(out1, 0, head);
        memcpy(out1 + head, p, l);
  
-       err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len);
-       if (err)
-               goto err;
 +      kfree(p);
 +
+       m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
  
-       if (len != hlen || memcmp(out2, h, hlen))
+       if (!m || len != hlen || memcmp(m, h, hlen))
                err = -EINVAL;
  
  err:

diff --cc security/integrity/evm/evm_crypto.c
Simple merge

diff --cc security/integrity/ima/ima.h
index 079a85dc37b2ba9fd7d649a1a0da0e2843a9252c,6e69697fd530051c4bc3ab4af71dee6aad982fb2..a41c9c18e5e0706498d44a26e3ece7d49f307e4c
--- 1/security/integrity/ima/ima.h
--- 2/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@@ -139,10 -141,9 +141,10 @@@ void ima_delete_rules(void)
  /* Appraise integrity measurements */
  #define IMA_APPRAISE_ENFORCE  0x01
  #define IMA_APPRAISE_FIX      0x02
 +#define IMA_APPRAISE_MODULES  0x04
  
  #ifdef CONFIG_IMA_APPRAISE
- int ima_appraise_measurement(struct integrity_iint_cache *iint,
+ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
                             struct file *file, const unsigned char *filename);
  int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);
  void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);

diff --cc security/integrity/ima/ima_main.c
index dba965de90d3f838c82e1a93202bf585fa1e5cd6,3e751a9743a1896365b8ef730b77603074e2ee91..242bab80688ab1ddca69e4c6cf132d560f226b6e
--- 1/security/integrity/ima/ima_main.c
--- 2/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@@ -291,18 -282,10 +282,17 @@@ EXPORT_SYMBOL_GPL(ima_file_check)
   */
  int ima_module_check(struct file *file)
  {
-       int rc = 0;
- 
 -      if (!file)
 -              return -EACCES; /* INTEGRITY_UNKNOWN */
 +      if (!file) {
-               if (ima_appraise & IMA_APPRAISE_MODULES) {
++              if ((ima_appraise & IMA_APPRAISE_MODULES) &&
++                  (ima_appraise & IMA_APPRAISE_ENFORCE)) {
 +#ifndef CONFIG_MODULE_SIG_FORCE
-                       rc = -EACCES;   /* INTEGRITY_UNKNOWN */
++                      return -EACCES; /* INTEGRITY_UNKNOWN */
 +#endif
 +              }
-       } else
-               rc = process_measurement(file, file->f_dentry->d_name.name,
-                                        MAY_EXEC, MODULE_CHECK);
-       return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0;
++              return 0;
++      }
+       return process_measurement(file, file->f_dentry->d_name.name,
+                                  MAY_EXEC, MODULE_CHECK);
  }
  
  static int __init init_ima(void)

diff --cc security/integrity/ima/ima_policy.c
Simple merge