Frederick Lawler 722a6972de ima: process_measurement() needlessly takes inode_lock() on MAY_READ ... [ Upstream commit 30d68cb0c3 ] On IMA policy update, if a measure rule exists in the policy, IMA_MEASURE is set for ima_policy_flags which makes the violation_check variable always true. Coupled with a no-action on MAY_READ for a FILE_CHECK call, we're always taking the inode_lock(). This becomes a performance problem for extremely heavy read-only workloads. Therefore, prevent this only in the case there's no action to be taken. Signed-off-by: Frederick Lawler <fred@cloudflare.com> Acked-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org>		2025-06-04 14:41:53 +02:00
..
evm	evm: don't copy up 'security.evm' xattr	2024-08-29 17:33:31 +02:00
ima	ima: process_measurement() needlessly takes inode_lock() on MAY_READ	2025-06-04 14:41:53 +02:00
platform_certs	Hi,	2023-08-29 08:05:18 -07:00
digsig_asymmetric.c	ima: fix reference leak in asymmetric_verify()	2022-01-24 18:37:36 -05:00
digsig.c	integrity: check whether imputed trust is enabled	2023-08-17 20:12:35 +00:00
iint.c	ima: annotate iint mutex to avoid lockdep false positive warnings	2023-11-28 17:20:03 +00:00
integrity_audit.c	integrity: check the return value of audit_log_start()	2022-02-02 11:44:23 -05:00
integrity.h	ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr	2025-03-13 12:58:40 +01:00
Kconfig	integrity: powerpc: Do not select CA_MACHINE_KEYRING	2023-11-28 17:20:01 +00:00
Makefile	integrity: Introduce a Linux keyring called machine	2022-03-08 13:55:52 +02:00