Commit b7c1ae4b authored Mar 10, 2023 by Roberto Sassu Committed by Paul Moore Mar 10, 2023

Revert "integrity: double check iint_cache was initialized"



With the recent introduction of LSM_ORDER_LAST, the 'integrity' LSM is
always initialized (if selected in the kernel configuration) and the
iint_cache is always created (the kernel panics on error). Thus, the
additional check of iint_cache in integrity_inode_get() is no longer
necessary. If the 'integrity' LSM is not selected in the kernel
configuration, integrity_inode_get() just returns NULL.

This reverts commit 92063f3c.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

parent 42994ee3

security/integrity/iint.c

+0 −8

Original line number	Diff line number	Diff line
		@@ -98,14 +98,6 @@ struct integrity_iint_cache integrity_inode_get(struct inode inode)
		struct rb_node node, parent = NULL;
		struct integrity_iint_cache iint, test_iint;

		/*
		* The integrity's "iint_cache" is initialized at security_init(),
		* unless it is not included in the ordered list of LSMs enabled
		* on the boot command line.
		*/
		if (!iint_cache)
		panic("%s: lsm=integrity required.\n", __func__);

		iint = integrity_iint_find(inode);
		if (iint)
		return iint;