Revert "ima: Add ima namespace id to the measurement list related structures"

hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA -------------------------------- This reverts commit 78e01410. Signed-off-by: N Zhang Tianxing <zhangtianxing3@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>

Revert "ima: Add ima namespace id to the measurement list related structures"
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA -------------------------------- This reverts commit 78e01410. Signed-off-by: N Zhang Tianxing <zhangtianxing3@huawei.com> Acked-by: N Xie XiuQi <xiexiuqi@huawei.com> Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com> Signed-off-by: N Zheng Zengkai <zhengzengkai@huawei.com>
c8237fe3 · Zhang Tianxing · Zheng Zengkai · 0d6bc14b · c8237fe3 · c8237fe3
5 changed file
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -80,7 +80,6 @@ struct ima_event_data {
 	const char *violation;
 	const void *buf;
 	int buf_len;
-	unsigned int ns_id;
 };

 /* IMA template field data definition */
@@ -109,7 +108,6 @@ struct ima_template_desc {

 struct ima_template_entry {
 	int pcr;
-	unsigned int ns_id;
 	struct tpm_digest *digests;
 	struct ima_template_desc *template_desc; /* template descriptor */
 	u32 template_data_len;
@@ -160,8 +158,7 @@ int ima_calc_field_array_hash(struct ima_field_data *field_data,
 int ima_calc_boot_aggregate(struct ima_digest_data *hash);
 void ima_add_violation(struct file *file, const unsigned char *filename,
 		       struct integrity_iint_cache *iint,
-		       const char *op, const char *cause,
-		       struct ima_namespace *ima_ns);
+		       const char *op, const char *cause);
 int ima_init_crypto(void);
 void ima_putc(struct seq_file *m, void *data, int datalen);
 void ima_print_digest(struct seq_file *m, u8 *digest, u32 size);
@@ -412,11 +409,6 @@ extern struct ima_policy_setup_data init_policy_setup_data;
 extern struct list_head ima_ns_list;
 extern struct rw_semaphore ima_ns_list_lock;

-static inline unsigned int get_ns_id(const struct ima_namespace *ima_ns)
-{
-	return ima_ns->ns.inum;
-}
-
 #ifdef CONFIG_IMA_NS
 int __init ima_init_namespace(void);


--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -76,8 +76,6 @@ int ima_alloc_init_template(struct ima_event_data *event_data,
 		(*entry)->template_data_len += sizeof(len);
 		(*entry)->template_data_len += len;
 	}
-
-	(*entry)->ns_id = event_data->ns_id;
 	return 0;
 out:
 	ima_free_template_entry(*entry);
@@ -154,8 +152,7 @@ int ima_store_template(struct ima_template_entry *entry,
 */
 void ima_add_violation(struct file *file, const unsigned char *filename,
 		       struct integrity_iint_cache *iint,
-		       const char *op, const char *cause,
-		       struct ima_namespace *ima_ns)
+		       const char *op, const char *cause)
 {
 	struct ima_template_entry *entry;
 	struct inode *inode = file_inode(file);
@@ -166,8 +163,6 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
 	int violation = 1;
 	int result;

-	event_data.ns_id = get_ns_id(ima_ns);
-
 	/* can overflow, only indicator */
 	atomic_long_inc(&ima_htable.violations);

@@ -341,7 +336,6 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
 					     .modsig = modsig };
 	int violation = 0;

-	event_data.ns_id = get_ns_id(ima_ns);
 	/*
 	 * We still need to store the measurement in the case of MODSIG because
 	 * we only have its contents to put in the list at the time of

--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -68,8 +68,6 @@ static int __init ima_add_boot_aggregate(void)
 		char digest[TPM_MAX_DIGEST_SIZE];
 	} hash;

-	event_data.ns_id = get_ns_id(&init_ima_ns);
-
 	memset(iint, 0, sizeof(*iint));
 	memset(&hash, 0, sizeof(hash));
 	iint->ima_hash = &hash.hdr;

--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -149,10 +149,10 @@ static void ima_rdwr_violation_check(struct file *file,

 	if (send_tomtou)
 		ima_add_violation(file, *pathname, iint,
-				  "invalid_pcr", "ToMToU", ima_ns);
+				  "invalid_pcr", "ToMToU");
 	if (send_writers)
 		ima_add_violation(file, *pathname, iint,
-				  "invalid_pcr", "open_writers", ima_ns);
+				  "invalid_pcr", "open_writers");
 }

 static enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
@@ -1071,7 +1071,6 @@ void process_buffer_measurement(struct inode *inode, const void *buf, int size,
 		goto out;
 	}

-	event_data.ns_id = get_ns_id(ima_ns);
 	ret = ima_alloc_init_template(&event_data, &entry, template);
 	if (ret < 0) {
 		audit_cause = "alloc_entry";

--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -373,7 +373,6 @@ int ima_restore_measurement_list(loff_t size, void *buf)
 	struct ima_template_desc *template_desc;
 	DECLARE_BITMAP(hdr_mask, HDR__LAST);
 	unsigned long count = 0;
-	unsigned int init_ns_id = get_ns_id(&init_ima_ns);
 	int ret = 0;

 	if (!buf || size < sizeof(*khdr))
@@ -473,7 +472,6 @@ int ima_restore_measurement_list(loff_t size, void *buf)

 		entry->pcr = !ima_canonical_fmt ? *(u32 *)(hdr[HDR_PCR].data) :
 			     le32_to_cpu(*(u32 *)(hdr[HDR_PCR].data));
-		entry->ns_id = init_ns_id;
 		ret = ima_restore_measurement_entry(entry);
 		if (ret < 0)
 			break;