Message ID | 20240205182506.3569743-2-stefanb@linux.ibm.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | evm: Support signatures on stacked filesystem | expand |
On Mon, Feb 5, 2024 at 8:25 PM Stefan Berger <stefanb@linux.ibm.com> wrote: > > Rename the backing_inode variable to real_inode since it gets its value > from real_inode(). > > Suggested-by: Amir Goldstein <amir73il@gmail.com> > Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Acked-by: Amir Goldstein <amir73il@gmail.com> > --- > security/integrity/ima/ima_main.c | 18 ++++++++++-------- > 1 file changed, 10 insertions(+), 8 deletions(-) > > diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c > index cc1217ac2c6f..f1a01d32b92a 100644 > --- a/security/integrity/ima/ima_main.c > +++ b/security/integrity/ima/ima_main.c > @@ -208,7 +208,7 @@ static int process_measurement(struct file *file, const struct cred *cred, > u32 secid, char *buf, loff_t size, int mask, > enum ima_hooks func) > { > - struct inode *backing_inode, *inode = file_inode(file); > + struct inode *real_inode, *inode = file_inode(file); > struct integrity_iint_cache *iint = NULL; > struct ima_template_desc *template_desc = NULL; > char *pathbuf = NULL; > @@ -285,14 +285,16 @@ static int process_measurement(struct file *file, const struct cred *cred, > iint->measured_pcrs = 0; > } > > - /* Detect and re-evaluate changes made to the backing file. */ > - backing_inode = d_real_inode(file_dentry(file)); > - if (backing_inode != inode && > + /* > + * Detect and re-evaluate changes made to the inode holding file data. > + */ > + real_inode = d_real_inode(file_dentry(file)); > + if (real_inode != inode && > (action & IMA_DO_MASK) && (iint->flags & IMA_DONE_MASK)) { > - if (!IS_I_VERSION(backing_inode) || > - backing_inode->i_sb->s_dev != iint->real_dev || > - backing_inode->i_ino != iint->real_ino || > - !inode_eq_iversion(backing_inode, iint->version)) { > + if (!IS_I_VERSION(real_inode) || > + real_inode->i_sb->s_dev != iint->real_dev || > + real_inode->i_ino != iint->real_ino || > + !inode_eq_iversion(real_inode, iint->version)) { > iint->flags &= ~IMA_DONE_MASK; > iint->measured_pcrs = 0; > } > -- > 2.43.0 >
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index cc1217ac2c6f..f1a01d32b92a 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -208,7 +208,7 @@ static int process_measurement(struct file *file, const struct cred *cred, u32 secid, char *buf, loff_t size, int mask, enum ima_hooks func) { - struct inode *backing_inode, *inode = file_inode(file); + struct inode *real_inode, *inode = file_inode(file); struct integrity_iint_cache *iint = NULL; struct ima_template_desc *template_desc = NULL; char *pathbuf = NULL; @@ -285,14 +285,16 @@ static int process_measurement(struct file *file, const struct cred *cred, iint->measured_pcrs = 0; } - /* Detect and re-evaluate changes made to the backing file. */ - backing_inode = d_real_inode(file_dentry(file)); - if (backing_inode != inode && + /* + * Detect and re-evaluate changes made to the inode holding file data. + */ + real_inode = d_real_inode(file_dentry(file)); + if (real_inode != inode && (action & IMA_DO_MASK) && (iint->flags & IMA_DONE_MASK)) { - if (!IS_I_VERSION(backing_inode) || - backing_inode->i_sb->s_dev != iint->real_dev || - backing_inode->i_ino != iint->real_ino || - !inode_eq_iversion(backing_inode, iint->version)) { + if (!IS_I_VERSION(real_inode) || + real_inode->i_sb->s_dev != iint->real_dev || + real_inode->i_ino != iint->real_ino || + !inode_eq_iversion(real_inode, iint->version)) { iint->flags &= ~IMA_DONE_MASK; iint->measured_pcrs = 0; }
Rename the backing_inode variable to real_inode since it gets its value from real_inode(). Suggested-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- security/integrity/ima/ima_main.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-)