Commit d62fdaf5 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge tag 'integrity-v6.14-fix' of... 

Merge tag 'integrity-v6.14-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity

Pull integrity fixes from Mimi Zohar:
 "One bugfix and one spelling cleanup. The bug fix restores a
  performance improvement"

* tag 'integrity-v6.14-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr
  integrity: fix typos and spelling errors
parents 5c76a2e4 57a0ef02

security/integrity/evm/evm_crypto.c

+1 −1
Original line number Diff line number Diff line
@@ -180,7 +180,7 @@ static void hmac_add_misc(struct shash_desc *desc, struct inode *inode, 
}



/*

 * Dump large security xattr values as a continuous ascii hexademical string.

 * Dump large security xattr values as a continuous ascii hexadecimal string.

 * (pr_debug is limited to 64 bytes.)

 */

static void dump_security_xattr_l(const char *prefix, const void *src,

security/integrity/evm/evm_main.c

+1 −1
Original line number Diff line number Diff line
@@ -169,7 +169,7 @@ static int is_unsupported_hmac_fs(struct dentry *dentry) 
 * and compare it against the stored security.evm xattr.

 *

 * For performance:

 * - use the previoulsy retrieved xattr value and length to calculate the

 * - use the previously retrieved xattr value and length to calculate the

 *   HMAC.)

 * - cache the verification result in the iint, when available.

 *

security/integrity/ima/ima.h

+3 −0
Original line number Diff line number Diff line
@@ -149,6 +149,9 @@ struct ima_kexec_hdr { 
#define IMA_CHECK_BLACKLIST	0x40000000

#define IMA_VERITY_REQUIRED	0x80000000



/* Exclude non-action flags which are not rule-specific. */

#define IMA_NONACTION_RULE_FLAGS	(IMA_NONACTION_FLAGS & ~IMA_NEW_FILE)



#define IMA_DO_MASK		(IMA_MEASURE | IMA_APPRAISE | IMA_AUDIT | \

				 IMA_HASH | IMA_APPRAISE_SUBMASK)

#define IMA_DONE_MASK		(IMA_MEASURED | IMA_APPRAISED | IMA_AUDITED | \

security/integrity/ima/ima_main.c

+8 −5
Original line number Diff line number Diff line
@@ -269,10 +269,13 @@ static int process_measurement(struct file *file, const struct cred *cred, 
	mutex_lock(&iint->mutex);



	if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags))

		/* reset appraisal flags if ima_inode_post_setattr was called */

		/*

		 * Reset appraisal flags (action and non-action rule-specific)

		 * if ima_inode_post_setattr was called.

		 */

		iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED |

				 IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK |

				 IMA_NONACTION_FLAGS);

				 IMA_NONACTION_RULE_FLAGS);



	/*

	 * Re-evaulate the file if either the xattr has changed or the
@@ -1011,9 +1014,9 @@ int process_buffer_measurement(struct mnt_idmap *idmap, 
	}



	/*

	 * Both LSM hooks and auxilary based buffer measurements are

	 * Both LSM hooks and auxiliary based buffer measurements are

	 * based on policy. To avoid code duplication, differentiate

	 * between the LSM hooks and auxilary buffer measurements,

	 * between the LSM hooks and auxiliary buffer measurements,

	 * retrieving the policy rule information only for the LSM hook

	 * buffer measurements.

	 */