MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-08-22 00:42:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
v6.6.100
linux-yocto/security/integrity/ima
History
Frederick Lawler 722a6972de ima: process_measurement() needlessly takes inode_lock() on MAY_READ 
[ Upstream commit 30d68cb0c3 ]

On IMA policy update, if a measure rule exists in the policy,
IMA_MEASURE is set for ima_policy_flags which makes the violation_check
variable always true. Coupled with a no-action on MAY_READ for a
FILE_CHECK call, we're always taking the inode_lock().

This becomes a performance problem for extremely heavy read-only workloads.
Therefore, prevent this only in the case there's no action to be taken.

Signed-off-by: Frederick Lawler <fred@cloudflare.com>
Acked-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-06-04 14:41:53 +02:00
..
ima_api.c ima: Fix use-after-free on a dentry's dname.name 2024-06-21 14:38:48 +02:00
ima_appraise.c
ima_asymmetric_keys.c
ima_crypto.c
ima_efi.c
ima_fs.c
ima_init.c
ima_kexec.c
ima_main.c ima: process_measurement() needlessly takes inode_lock() on MAY_READ 2025-06-04 14:41:53 +02:00
ima_modsig.c
ima_mok.c
ima_policy.c ima: Avoid blocking in RCU read-side critical section 2024-07-11 12:49:18 +02:00
ima_queue_keys.c
ima_queue.c
ima_template_lib.c ima: fix buffer overrun in ima_eventdigest_init_common 2024-11-22 15:38:34 +01:00
ima_template_lib.h
ima_template.c
ima.h ima: Avoid blocking in RCU read-side critical section 2024-07-11 12:49:18 +02:00
Kconfig
Makefile