diff mbox series

[RFC,v2,2/2] ima: limit the number of ToMToU integrity violations

Message ID 20250205033210.849509-2-zohar@linux.ibm.com (mailing list archive)
State New
Headers show
Series [RFC,v2,1/2] ima: limit the number of open-writers integrity violations | expand

Commit Message

Mimi Zohar Feb. 5, 2025, 3:32 a.m. UTC 
Limit the number of Time-of-Measure-Time-of-Use (ToMToU) integrity
violation audit messages and records in the IMA measurement list
emitted when re-opening a file for write.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 security/integrity/ima/ima_main.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 5091ad931677..b35afb844048 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -129,9 +129,10 @@  static void ima_rdwr_violation_check(struct file *file,
 		if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) {
 			if (!iint)
 				iint = ima_iint_find(inode);
+
 			/* IMA_MEASURE is set from reader side */
-			if (iint && test_bit(IMA_MUST_MEASURE,
-						&iint->atomic_flags))
+			if (iint && test_and_clear_bit(IMA_MUST_MEASURE,
+						       &iint->atomic_flags))
 				send_tomtou = true;
 		}
 	} else {