提交 c8237fe3 编写于 作者: Z Zhang Tianxing 提交者: Zheng Zengkai

Revert "ima: Add ima namespace id to the measurement list related structures"

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 78e01410.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
上级 0d6bc14b
...@@ -80,7 +80,6 @@ struct ima_event_data { ...@@ -80,7 +80,6 @@ struct ima_event_data {
const char *violation; const char *violation;
const void *buf; const void *buf;
int buf_len; int buf_len;
unsigned int ns_id;
}; };
/* IMA template field data definition */ /* IMA template field data definition */
...@@ -109,7 +108,6 @@ struct ima_template_desc { ...@@ -109,7 +108,6 @@ struct ima_template_desc {
struct ima_template_entry { struct ima_template_entry {
int pcr; int pcr;
unsigned int ns_id;
struct tpm_digest *digests; struct tpm_digest *digests;
struct ima_template_desc *template_desc; /* template descriptor */ struct ima_template_desc *template_desc; /* template descriptor */
u32 template_data_len; u32 template_data_len;
...@@ -160,8 +158,7 @@ int ima_calc_field_array_hash(struct ima_field_data *field_data, ...@@ -160,8 +158,7 @@ int ima_calc_field_array_hash(struct ima_field_data *field_data,
int ima_calc_boot_aggregate(struct ima_digest_data *hash); int ima_calc_boot_aggregate(struct ima_digest_data *hash);
void ima_add_violation(struct file *file, const unsigned char *filename, void ima_add_violation(struct file *file, const unsigned char *filename,
struct integrity_iint_cache *iint, struct integrity_iint_cache *iint,
const char *op, const char *cause, const char *op, const char *cause);
struct ima_namespace *ima_ns);
int ima_init_crypto(void); int ima_init_crypto(void);
void ima_putc(struct seq_file *m, void *data, int datalen); void ima_putc(struct seq_file *m, void *data, int datalen);
void ima_print_digest(struct seq_file *m, u8 *digest, u32 size); void ima_print_digest(struct seq_file *m, u8 *digest, u32 size);
...@@ -412,11 +409,6 @@ extern struct ima_policy_setup_data init_policy_setup_data; ...@@ -412,11 +409,6 @@ extern struct ima_policy_setup_data init_policy_setup_data;
extern struct list_head ima_ns_list; extern struct list_head ima_ns_list;
extern struct rw_semaphore ima_ns_list_lock; extern struct rw_semaphore ima_ns_list_lock;
static inline unsigned int get_ns_id(const struct ima_namespace *ima_ns)
{
return ima_ns->ns.inum;
}
#ifdef CONFIG_IMA_NS #ifdef CONFIG_IMA_NS
int __init ima_init_namespace(void); int __init ima_init_namespace(void);
......
...@@ -76,8 +76,6 @@ int ima_alloc_init_template(struct ima_event_data *event_data, ...@@ -76,8 +76,6 @@ int ima_alloc_init_template(struct ima_event_data *event_data,
(*entry)->template_data_len += sizeof(len); (*entry)->template_data_len += sizeof(len);
(*entry)->template_data_len += len; (*entry)->template_data_len += len;
} }
(*entry)->ns_id = event_data->ns_id;
return 0; return 0;
out: out:
ima_free_template_entry(*entry); ima_free_template_entry(*entry);
...@@ -154,8 +152,7 @@ int ima_store_template(struct ima_template_entry *entry, ...@@ -154,8 +152,7 @@ int ima_store_template(struct ima_template_entry *entry,
*/ */
void ima_add_violation(struct file *file, const unsigned char *filename, void ima_add_violation(struct file *file, const unsigned char *filename,
struct integrity_iint_cache *iint, struct integrity_iint_cache *iint,
const char *op, const char *cause, const char *op, const char *cause)
struct ima_namespace *ima_ns)
{ {
struct ima_template_entry *entry; struct ima_template_entry *entry;
struct inode *inode = file_inode(file); struct inode *inode = file_inode(file);
...@@ -166,8 +163,6 @@ void ima_add_violation(struct file *file, const unsigned char *filename, ...@@ -166,8 +163,6 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
int violation = 1; int violation = 1;
int result; int result;
event_data.ns_id = get_ns_id(ima_ns);
/* can overflow, only indicator */ /* can overflow, only indicator */
atomic_long_inc(&ima_htable.violations); atomic_long_inc(&ima_htable.violations);
...@@ -341,7 +336,6 @@ void ima_store_measurement(struct integrity_iint_cache *iint, ...@@ -341,7 +336,6 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
.modsig = modsig }; .modsig = modsig };
int violation = 0; int violation = 0;
event_data.ns_id = get_ns_id(ima_ns);
/* /*
* We still need to store the measurement in the case of MODSIG because * We still need to store the measurement in the case of MODSIG because
* we only have its contents to put in the list at the time of * we only have its contents to put in the list at the time of
......
...@@ -68,8 +68,6 @@ static int __init ima_add_boot_aggregate(void) ...@@ -68,8 +68,6 @@ static int __init ima_add_boot_aggregate(void)
char digest[TPM_MAX_DIGEST_SIZE]; char digest[TPM_MAX_DIGEST_SIZE];
} hash; } hash;
event_data.ns_id = get_ns_id(&init_ima_ns);
memset(iint, 0, sizeof(*iint)); memset(iint, 0, sizeof(*iint));
memset(&hash, 0, sizeof(hash)); memset(&hash, 0, sizeof(hash));
iint->ima_hash = &hash.hdr; iint->ima_hash = &hash.hdr;
......
...@@ -149,10 +149,10 @@ static void ima_rdwr_violation_check(struct file *file, ...@@ -149,10 +149,10 @@ static void ima_rdwr_violation_check(struct file *file,
if (send_tomtou) if (send_tomtou)
ima_add_violation(file, *pathname, iint, ima_add_violation(file, *pathname, iint,
"invalid_pcr", "ToMToU", ima_ns); "invalid_pcr", "ToMToU");
if (send_writers) if (send_writers)
ima_add_violation(file, *pathname, iint, ima_add_violation(file, *pathname, iint,
"invalid_pcr", "open_writers", ima_ns); "invalid_pcr", "open_writers");
} }
static enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value, static enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
...@@ -1071,7 +1071,6 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size, ...@@ -1071,7 +1071,6 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size,
goto out; goto out;
} }
event_data.ns_id = get_ns_id(ima_ns);
ret = ima_alloc_init_template(&event_data, &entry, template); ret = ima_alloc_init_template(&event_data, &entry, template);
if (ret < 0) { if (ret < 0) {
audit_cause = "alloc_entry"; audit_cause = "alloc_entry";
......
...@@ -373,7 +373,6 @@ int ima_restore_measurement_list(loff_t size, void *buf) ...@@ -373,7 +373,6 @@ int ima_restore_measurement_list(loff_t size, void *buf)
struct ima_template_desc *template_desc; struct ima_template_desc *template_desc;
DECLARE_BITMAP(hdr_mask, HDR__LAST); DECLARE_BITMAP(hdr_mask, HDR__LAST);
unsigned long count = 0; unsigned long count = 0;
unsigned int init_ns_id = get_ns_id(&init_ima_ns);
int ret = 0; int ret = 0;
if (!buf || size < sizeof(*khdr)) if (!buf || size < sizeof(*khdr))
...@@ -473,7 +472,6 @@ int ima_restore_measurement_list(loff_t size, void *buf) ...@@ -473,7 +472,6 @@ int ima_restore_measurement_list(loff_t size, void *buf)
entry->pcr = !ima_canonical_fmt ? *(u32 *)(hdr[HDR_PCR].data) : entry->pcr = !ima_canonical_fmt ? *(u32 *)(hdr[HDR_PCR].data) :
le32_to_cpu(*(u32 *)(hdr[HDR_PCR].data)); le32_to_cpu(*(u32 *)(hdr[HDR_PCR].data));
entry->ns_id = init_ns_id;
ret = ima_restore_measurement_entry(entry); ret = ima_restore_measurement_entry(entry);
if (ret < 0) if (ret < 0)
break; break;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册