Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity into ra-next

security/integrity/ima/ima_fs.c

@@ -261,13 +261,8 @@ static const struct file_operations ima_ascii_measurements_ops = {
 static ssize_t ima_write_policy(struct file *file, const char __user *buf,
 				size_t datalen, loff_t *ppos)
 {
-	char *data = NULL;
+	char *data;
 	ssize_t result;
-	int res;
-
-	res = mutex_lock_interruptible(&ima_write_mutex);
-	if (res)
-		return res;
 
 	if (datalen >= PAGE_SIZE)
 		datalen = PAGE_SIZE - 1;
@@ -286,14 +281,19 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf,
 
 	result = -EFAULT;
 	if (copy_from_user(data, buf, datalen))
-		goto out;
+		goto out_free;
 
+	result = mutex_lock_interruptible(&ima_write_mutex);
+	if (result < 0)
+		goto out_free;
 	result = ima_parse_add_rule(data);
+	mutex_unlock(&ima_write_mutex);
+
+out_free:
+	kfree(data);
 out:
 	if (result < 0)
 		valid_policy = 0;
-	kfree(data);
-	mutex_unlock(&ima_write_mutex);
 
 	return result;
 }

security/keys/key.c

@@ -430,8 +430,7 @@ static int __key_instantiate_and_link(struct key *key,
 
 			/* and link it into the destination keyring */
 			if (keyring) {
-				if (test_bit(KEY_FLAG_KEEP, &keyring->flags))
-					set_bit(KEY_FLAG_KEEP, &key->flags);
+				set_bit(KEY_FLAG_KEEP, &key->flags);
 
 				__key_link(key, _edit);
 			}

security/keys/keyctl.c

@@ -381,12 +381,11 @@ long keyctl_revoke_key(key_serial_t id)
 	}
 
 	key = key_ref_to_ptr(key_ref);
+	ret = 0;
 	if (test_bit(KEY_FLAG_KEEP, &key->flags))
-		return -EPERM;
-	else {
+		ret = -EPERM;
+	else
 		key_revoke(key);
-		ret = 0;
-	}
 
 	key_ref_put(key_ref);
 error:
@@ -432,12 +431,11 @@ long keyctl_invalidate_key(key_serial_t id)
 
 invalidate:
 	key = key_ref_to_ptr(key_ref);
+	ret = 0;
 	if (test_bit(KEY_FLAG_KEEP, &key->flags))
 		ret = -EPERM;
-	else {
+	else
 		key_invalidate(key);
-		ret = 0;
-	}
 error_put:
 	key_ref_put(key_ref);
 error:
@@ -1352,12 +1350,11 @@ long keyctl_set_timeout(key_serial_t id, unsigned timeout)
 
 okay:
 	key = key_ref_to_ptr(key_ref);
+	ret = 0;
 	if (test_bit(KEY_FLAG_KEEP, &key->flags))
 		ret = -EPERM;
-	else {
+	else
 		key_set_timeout(key, timeout);
-		ret = 0;
-	}
 	key_put(key);
 
 error: