diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2022-03-22 06:44:37 +0300 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2022-03-22 06:44:37 +0300 |
| commit | 7f313ff0acdecf0926ab127533a2a93948a2f547 (patch) | |
| tree | a82dc675035d735820656c7fa21ed409b257bd4b /security/integrity/ima/ima_api.c | |
| parent | 2c5a5358feff2c1e035a67a9b352c4358e669e5b (diff) | |
| parent | 4a48b4c428dc92b5e0b19de83e7eb8d530dddd48 (diff) | |
| download | linux-7f313ff0acdecf0926ab127533a2a93948a2f547.tar.xz | |
Merge tag 'integrity-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull integrity subsystem updates from Mimi Zohar:
"Except for extending the 'encrypted' key type to support user provided
data, the rest is code cleanup, __setup() usage bug fix, and a trivial
change"
* tag 'integrity-v5.18' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
MAINTAINERS: add missing security/integrity/platform_certs
EVM: fix the evm= __setup handler return value
KEYS: encrypted: Instantiate key with user-provided decrypted data
ima: define ima_max_digest_data struct without a flexible array variable
ima: rename IMA_ACTION_FLAGS to IMA_NONACTION_FLAGS
ima: Return error code obtained from securityfs functions
MAINTAINERS: add missing "security/integrity" directory
ima: Fix trivial typos in the comments
Diffstat (limited to 'security/integrity/ima/ima_api.c')
| -rw-r--r-- | security/integrity/ima/ima_api.c | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index a64fb0130b01..c6805af46211 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -217,14 +217,11 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, const char *audit_cause = "failed"; struct inode *inode = file_inode(file); const char *filename = file->f_path.dentry->d_name.name; + struct ima_max_digest_data hash; int result = 0; int length; void *tmpbuf; u64 i_version; - struct { - struct ima_digest_data hdr; - char digest[IMA_MAX_DIGEST_SIZE]; - } hash; /* * Always collect the modsig, because IMA might have already collected @@ -238,9 +235,10 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, goto out; /* - * Dectecting file change is based on i_version. On filesystems - * which do not support i_version, support is limited to an initial - * measurement/appraisal/audit. + * Detecting file change is based on i_version. On filesystems + * which do not support i_version, support was originally limited + * to an initial measurement/appraisal/audit, but was modified to + * assume the file changed. */ i_version = inode_query_iversion(inode); hash.hdr.algo = algo; |