[v3,01/10] ima: Rename backing_inode to real_inode

Message ID	20240223172513.4049959-2-stefanb@linux.ibm.com (mailing list archive)
State	New
Headers	show Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 13BFD133995; Fri, 23 Feb 2024 17:25:43 +0000 (UTC) From: Stefan Berger <stefanb@linux.ibm.com> To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-unionfs@vger.kernel.org Cc: linux-kernel@vger.kernel.org, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, zohar@linux.ibm.com, roberto.sassu@huawei.com, amir73il@gmail.com, brauner@kernel.org, miklos@szeredi.hu, Stefan Berger <stefanb@linux.ibm.com> Subject: [PATCH v3 01/10] ima: Rename backing_inode to real_inode Date: Fri, 23 Feb 2024 12:25:04 -0500 Message-ID: <20240223172513.4049959-2-stefanb@linux.ibm.com> In-Reply-To: <20240223172513.4049959-1-stefanb@linux.ibm.com> References: <20240223172513.4049959-1-stefanb@linux.ibm.com> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	evm: Support signatures on stacked filesystem \| expand [v3,00/10] evm: Support signatures on stacked filesystem [v3,01/10] ima: Rename backing_inode to real_inode [v3,02/10] security: allow finer granularity in permitting copy-up of security xattrs [v3,03/10] evm: Implement per signature type decision in security_inode_copy_up_xattr [v3,04/10] evm: Use the metadata inode to calculate metadata hash [v3,05/10] ima: Move file-change detection variables into new structure [v3,06/10] evm: Store and detect metadata inode attributes changes [v3,07/10] ima: re-evaluate file integrity on file metadata change [v3,08/10] evm: Enforce signatures on unsupported filesystem for EVM_INIT_X509 [v3,09/10] fs: Rename SB_I_EVM_UNSUPPORTED to SB_I_EVM_HMAC_UNSUPPORTED [v3,10/10] evm: Rename is_unsupported_fs to is_unsupported_hmac_fs

Message ID

20240223172513.4049959-2-stefanb@linux.ibm.com (mailing list archive)

State

New

Headers

From: Stefan Berger <stefanb@linux.ibm.com>
To: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org,
        linux-unionfs@vger.kernel.org
Cc: linux-kernel@vger.kernel.org, paul@paul-moore.com, jmorris@namei.org,
        serge@hallyn.com, zohar@linux.ibm.com, roberto.sassu@huawei.com,
        amir73il@gmail.com, brauner@kernel.org, miklos@szeredi.hu,
        Stefan Berger <stefanb@linux.ibm.com>
Subject: [PATCH v3 01/10] ima: Rename backing_inode to real_inode
Date: Fri, 23 Feb 2024 12:25:04 -0500
Message-ID: <20240223172513.4049959-2-stefanb@linux.ibm.com>
In-Reply-To: <20240223172513.4049959-1-stefanb@linux.ibm.com>
References: <20240223172513.4049959-1-stefanb@linux.ibm.com>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

evm: Support signatures on stacked filesystem | expand

Commit Message

Stefan Berger Feb. 23, 2024, 5:25 p.m. UTC

Rename the backing_inode variable to real_inode since it gets its value
from real_inode().

Suggested-by: Amir Goldstein <amir73il@gmail.com>
Co-developed-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Amir Goldstein <amir73il@gmail.com>
---
 security/integrity/ima/ima_main.c | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

Comments

Mimi Zohar March 19, 2024, 10:50 p.m. UTC | #1

Hi Stefan,

On Fri, 2024-02-23 at 12:25 -0500, Stefan Berger wrote:
> Rename the backing_inode variable to real_inode since it gets its value
> from real_inode().
> 
> Suggested-by: Amir Goldstein <amir73il@gmail.com>
> Co-developed-by: Mimi Zohar <zohar@linux.ibm.com>
> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
> Acked-by: Amir Goldstein <amir73il@gmail.com>

Thanks for adding me as a co-developer.  The "Co-developed-by" tag needs to be
followed immediately by their "Signed-off-by" tag.  I'll need to move it
immediately before my "Signed-off-by" tag.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

Mimi

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index c84e8c55333d..a744770d8c43 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -208,7 +208,7 @@  static int process_measurement(struct file *file, const struct cred *cred,
 			       u32 secid, char *buf, loff_t size, int mask,
 			       enum ima_hooks func)
 {
-	struct inode *backing_inode, *inode = file_inode(file);
+	struct inode *real_inode, *inode = file_inode(file);
 	struct ima_iint_cache *iint = NULL;
 	struct ima_template_desc *template_desc = NULL;
 	char *pathbuf = NULL;
@@ -285,14 +285,16 @@  static int process_measurement(struct file *file, const struct cred *cred,
 		iint->measured_pcrs = 0;
 	}
 
-	/* Detect and re-evaluate changes made to the backing file. */
-	backing_inode = d_real_inode(file_dentry(file));
-	if (backing_inode != inode &&
+	/*
+	 * On stacked filesystems, detect and re-evaluate file data changes.
+	 */
+	real_inode = d_real_inode(file_dentry(file));
+	if (real_inode != inode &&
 	    (action & IMA_DO_MASK) && (iint->flags & IMA_DONE_MASK)) {
-		if (!IS_I_VERSION(backing_inode) ||
-		    backing_inode->i_sb->s_dev != iint->real_dev ||
-		    backing_inode->i_ino != iint->real_ino ||
-		    !inode_eq_iversion(backing_inode, iint->version)) {
+		if (!IS_I_VERSION(real_inode) ||
+		    real_inode->i_sb->s_dev != iint->real_dev ||
+		    real_inode->i_ino != iint->real_ino ||
+		    !inode_eq_iversion(real_inode, iint->version)) {
 			iint->flags &= ~IMA_DONE_MASK;
 			iint->measured_pcrs = 0;
 		}

[v3,01/10] ima: Rename backing_inode to real_inode

Commit Message

Comments

Patch