MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-08-22 00:42:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
v6.12.40
linux-yocto/security/integrity
History
Frederick Lawler 836917e7a6 ima: process_measurement() needlessly takes inode_lock() on MAY_READ 
[ Upstream commit 30d68cb0c3 ]

On IMA policy update, if a measure rule exists in the policy,
IMA_MEASURE is set for ima_policy_flags which makes the violation_check
variable always true. Coupled with a no-action on MAY_READ for a
FILE_CHECK call, we're always taking the inode_lock().

This becomes a performance problem for extremely heavy read-only workloads.
Therefore, prevent this only in the case there's no action to be taken.

Signed-off-by: Frederick Lawler <fred@cloudflare.com>
Acked-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-05-29 11:02:00 +02:00
..
evm evm: stop avoidably reading i_writecount in evm_file_release 2024-10-09 22:49:40 -04:00
ima ima: process_measurement() needlessly takes inode_lock() on MAY_READ 2025-05-29 11:02:00 +02:00
platform_certs Hi, 2023-08-29 08:05:18 -07:00
digsig_asymmetric.c crypto: sm2 - Remove sm2 algorithm 2024-06-07 19:46:39 +08:00
digsig.c integrity: eliminate unnecessary "Problem loading X.509 certificate" msg 2024-02-16 08:04:17 -05:00
iint.c integrity: Remove LSM 2024-02-15 23:43:48 -05:00
integrity_audit.c integrity: check the return value of audit_log_start() 2022-02-02 11:44:23 -05:00
integrity.h integrity: Use static_assert() to check struct sizes 2024-10-09 22:49:40 -04:00
Kconfig integrity-v6.7 2023-11-02 06:53:22 -10:00
Makefile ima: Move to LSM infrastructure 2024-02-15 23:43:46 -05:00