Unverified Commit 71761918 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!5878 ima:Dont check xattr when loading digest lists 

Merge Pull Request from: @zgzxx 
 
ima:Dont check xattr when loading digest lists

The file xattr is not needed in modsig format,
so remove the check when loading digest list file.

issue:
https://gitee.com/openeuler/kernel/issues/I9F9FC

Test:
The function is verified successfully.

Known issue:NA

Default config change:NA

Reference:NA


 
 
Link:https://gitee.com/openeuler/kernel/pulls/5878

 

Reviewed-by: default avatarZhu Jianwei <zhujianwei7@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parents 830c644d 518a0c09

security/integrity/ima/ima_digest_list.c

+0 −10
Original line number Diff line number Diff line
@@ -331,7 +331,6 @@ static bool __init load_digest_list(struct dir_context *__ctx, const char *name, 
	struct path *dir = ctx->path;

	struct dentry *dentry;

	struct file *file;

	u8 *xattr_value = NULL;

	char *type_start, *format_start, *format_end;

	void *datap = NULL;

	loff_t size;
@@ -360,14 +359,6 @@ static bool __init load_digest_list(struct dir_context *__ctx, const char *name, 
	if (IS_ERR(dentry))

		return true;



	size = vfs_getxattr(&nop_mnt_idmap, dentry, XATTR_NAME_EVM, NULL, 0);

	if (size < 0) {

		size = vfs_getxattr_alloc(&nop_mnt_idmap, dentry, XATTR_NAME_IMA,

					  (char **)&xattr_value, 0, GFP_NOFS);

		if (size < 0 || xattr_value[0] != EVM_IMA_XATTR_DIGSIG)

			goto out;

	}



	file = file_open_root(dir, name, O_RDONLY, 0);

	if (IS_ERR(file)) {

		pr_err("Unable to open file: %s (%ld)", name, PTR_ERR(file));
@@ -399,7 +390,6 @@ static bool __init load_digest_list(struct dir_context *__ctx, const char *name, 
out_fput:

	fput(file);

out:

	kfree(xattr_value);

	return true;

}