[PATCH v5 2/2] ima: Handle -ESTALE returned by ima_filter_rule_match()
Mimi Zohar
zohar at linux.ibm.com
Thu Sep 22 11:09:57 UTC 2022
Hi Scott,
On Wed, 2022-09-21 at 20:58 +0800, GUO Zihua wrote:
> }
> - if (!rc)
> - return false;
> +
> + if (rc == -ESTALE && !rule_reinitialized) {
Ok, this limits allocating ima_lsm_copy_rule() to the first -ESTALE,
> + lsm_rule = ima_lsm_copy_rule(rule);
> + if (lsm_rule) {
> + rule_reinitialized = true;
> + goto retry;
but "retry" is also limited to the first -ESTALE.
> + }
> + }
> + if (!rc) {
> + result = false;
> + goto out;
> + }
> }
> - return true;
> + result = true;
> +
> +out:
> + if (rule_reinitialized) {
> + for (i = 0; i < MAX_LSM_RULES; i++)
> + ima_filter_rule_free(lsm_rule->lsm[i].rule);
> + kfree(lsm_rule);
> + }
> + return result;
> }
--
thanks,
Mimi
More information about the Linux-security-module-archive
mailing list