[PATCH v3 01/10] ima: Rename backing_inode to real_inode
Stefan Berger
stefanb at linux.ibm.com
Fri Feb 23 17:25:04 UTC 2024
Rename the backing_inode variable to real_inode since it gets its value
from real_inode().
Suggested-by: Amir Goldstein <amir73il at gmail.com>
Co-developed-by: Mimi Zohar <zohar at linux.ibm.com>
Signed-off-by: Stefan Berger <stefanb at linux.ibm.com>
Acked-by: Amir Goldstein <amir73il at gmail.com>
---
security/integrity/ima/ima_main.c | 18 ++++++++++--------
1 file changed, 10 insertions(+), 8 deletions(-)
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index c84e8c55333d..a744770d8c43 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -208,7 +208,7 @@ static int process_measurement(struct file *file, const struct cred *cred,
u32 secid, char *buf, loff_t size, int mask,
enum ima_hooks func)
{
- struct inode *backing_inode, *inode = file_inode(file);
+ struct inode *real_inode, *inode = file_inode(file);
struct ima_iint_cache *iint = NULL;
struct ima_template_desc *template_desc = NULL;
char *pathbuf = NULL;
@@ -285,14 +285,16 @@ static int process_measurement(struct file *file, const struct cred *cred,
iint->measured_pcrs = 0;
}
- /* Detect and re-evaluate changes made to the backing file. */
- backing_inode = d_real_inode(file_dentry(file));
- if (backing_inode != inode &&
+ /*
+ * On stacked filesystems, detect and re-evaluate file data changes.
+ */
+ real_inode = d_real_inode(file_dentry(file));
+ if (real_inode != inode &&
(action & IMA_DO_MASK) && (iint->flags & IMA_DONE_MASK)) {
- if (!IS_I_VERSION(backing_inode) ||
- backing_inode->i_sb->s_dev != iint->real_dev ||
- backing_inode->i_ino != iint->real_ino ||
- !inode_eq_iversion(backing_inode, iint->version)) {
+ if (!IS_I_VERSION(real_inode) ||
+ real_inode->i_sb->s_dev != iint->real_dev ||
+ real_inode->i_ino != iint->real_ino ||
+ !inode_eq_iversion(real_inode, iint->version)) {
iint->flags &= ~IMA_DONE_MASK;
iint->measured_pcrs = 0;
}
--
2.43.0
More information about the Linux-security-module-archive
mailing list