Offering: HULK
hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I6P3K4
CVE: NA

--------------------------------

There is a memory leakage in ima_store_template when ima_add_template_entry
returns a non-zero value and duplicated_entry was successfully
generated. Fix it by freeing duplicated_entry in that case.

Fixes: 31604143 ("ima: Add support for measurement with digest lists")
Signed-off-by: NGUO Zihua <guozihua@huawei.com>
Reviewed-by: Nyiyang <yiyang13@huawei.com>
Reviewed-by: NCai Xinchen <caixinchen1@huawei.com>
Reviewed-by: NWang Weiyang <wangweiyang2@huawei.com>
Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: NJialin Zhang <zhangjialin11@huawei.com>

maillist inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I61O87
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=c7423dbdbc9ecef7fff5239d144cad4b9887f4de

--------------------------------

IMA relies on the blocking LSM policy notifier callback to update the
LSM based IMA policy rules.

When SELinux update its policies, IMA would be notified and starts
updating all its lsm rules one-by-one. During this time, -ESTALE would
be returned by ima_filter_rule_match() if it is called with a LSM rule
that has not yet been updated. In ima_match_rules(), -ESTALE is not
handled, and the LSM rule is considered a match, causing extra files
to be measured by IMA.

Fix it by re-initializing a temporary rule if -ESTALE is returned by
ima_filter_rule_match(). The origin rule in the rule list would be
updated by the LSM policy notifier callback.

Fixes: b1694245 ("ima: use the lsm policy update notifier")
Signed-off-by: NGUO Zihua <guozihua@huawei.com>
Reviewed-by: NRoberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: NMimi Zohar <zohar@linux.ibm.com>
Conflicts:
	security/integrity/ima/ima_policy.c
Signed-off-by: NGUO Zihua <guozihua@huawei.com>
Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

maillist inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I61O87
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=d57378d3aa4d864d9e590482602068af1b20c0c5

--------------------------------

Currently ima_lsm_copy_rule() set the arg_p field of the source rule to
NULL, so that the source rule could be freed afterward. It does not make
sense for this behavior to be inside a "copy" function. So move it
outside and let the caller handle this field.

ima_lsm_copy_rule() now produce a shallow copy of the original entry
including args_p field. Meaning only the lsm.rule and the rule itself
should be freed for the original rule. Thus, instead of calling
ima_lsm_free_rule() which frees lsm.rule as well as args_p field, free
the lsm.rule directly.
Signed-off-by: NGUO Zihua <guozihua@huawei.com>
Reviewed-by: NRoberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: NMimi Zohar <zohar@linux.ibm.com>
Conflicts:
	security/integrity/ima/ima_policy.c
Signed-off-by: NGUO Zihua <guozihua@huawei.com>
Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

stable inclusion
from stable-v5.10.132
commit c1d9702ceb4a091da6bee380627596d1fba09274
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5YS3T

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c1d9702ceb4a091da6bee380627596d1fba09274

--------------------------------

[ Upstream commit 067d2521 ]

On failure to allocate the SHA1 tfm, IMA fails to initialize and exits
without freeing the ima_algo_array. Add the missing kfree() for
ima_algo_array to avoid the potential memory leak.
Signed-off-by: NJianglei Nie <niejianglei2021@163.com>
Fixes: 6d94809a ("ima: Allocate and initialize tfm for each PCR bank")
Signed-off-by: NMimi Zohar <zohar@linux.ibm.com>
Signed-off-by: NSasha Levin <sashal@kernel.org>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>

stable inclusion
from stable-v5.10.132
commit 831e190175f10652be93b08436cc7bf2e62e4bb6
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5YS3T

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=831e190175f10652be93b08436cc7bf2e62e4bb6

--------------------------------

[ Upstream commit d2ee2cfc ]

When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be
negative, which may cause the integer overflow problem.

Fixes: 39b07096 ("ima: Implement support for module-style appended signatures")
Signed-off-by: NHuaxin Lu <luhuaxin1@huawei.com>
Signed-off-by: NMimi Zohar <zohar@linux.ibm.com>
Signed-off-by: NSasha Levin <sashal@kernel.org>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>

stable inclusion
from stable-v5.10.121
commit b67adaec347ddb759d34478da9bf56168798350d
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5L6CQ

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b67adaec347ddb759d34478da9bf56168798350d

--------------------------------

commit 891163ad upstream.

The original 'ima' measurement list template contains a hash, defined
as 20 bytes, and a null terminated pathname, limited to 255
characters.  Other measurement list templates permit both larger hashes
and longer pathnames.  When the "ima" template is configured as the
default, a new measurement list template (ima_template=) must be
specified before specifying a larger hash algorithm (ima_hash=) on the
boot command line.

To avoid this boot command line ordering issue, remove the legacy "ima"
template configuration option, allowing it to still be specified on the
boot command line.

The root cause of this issue is that during the processing of ima_hash,
we would try to check whether the hash algorithm is compatible with the
template. If the template is not set at the moment we do the check, we
check the algorithm against the configured default template. If the
default template is "ima", then we reject any hash algorithm other than
sha1 and md5.

For example, if the compiled default template is "ima", and the default
algorithm is sha1 (which is the current default). In the cmdline, we put
in "ima_hash=sha256 ima_template=ima-ng". The expected behavior would be
that ima starts with ima-ng as the template and sha256 as the hash
algorithm. However, during the processing of "ima_hash=",
"ima_template=" has not been processed yet, and hash_setup would check
the configured hash algorithm against the compiled default: ima, and
reject sha256. So at the end, the hash algorithm that is actually used
will be sha1.

With template "ima" removed from the configured default, we ensure that
the default tempalte would at least be "ima-ng" which allows for
basically any hash algorithm.

This change would not break the algorithm compatibility checks for IMA.

Fixes: 4286587d ("ima: add Kconfig default measurement list template")
Signed-off-by: NGUO Zihua <guozihua@huawei.com>
Cc: <Stable@vger.kernel.org>
Signed-off-by: NMimi Zohar <zohar@linux.ibm.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>

mainline inclusion
from mainline-v5.19-rc8
commit 543ce63b
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5I0FP
CVE: CVE-2022-21505

Reference: https://seclists.org/oss-sec/2022/q3/57
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=543ce63b664e2c2f9533d089a4664b559c3e6b5b

--------------------------------

The lockdown LSM is primarily used in conjunction with UEFI Secure Boot.
This LSM may also be used on machines without UEFI.  It can also be
enabled when UEFI Secure Boot is disabled.  One of lockdown's features
is to prevent kexec from loading untrusted kernels.  Lockdown can be
enabled through a bootparam or after the kernel has booted through
securityfs.

If IMA appraisal is used with the "ima_appraise=log" boot param,
lockdown can be defeated with kexec on any machine when Secure Boot is
disabled or unavailable.  IMA prevents setting "ima_appraise=log" from
the boot param when Secure Boot is enabled, but this does not cover
cases where lockdown is used without Secure Boot.

To defeat lockdown, boot without Secure Boot and add ima_appraise=log to
the kernel command line; then:

  $ echo "integrity" > /sys/kernel/security/lockdown
  $ echo "appraise func=KEXEC_KERNEL_CHECK appraise_type=imasig" > \
    /sys/kernel/security/ima/policy
  $ kexec -ls unsigned-kernel

Add a call to verify ima appraisal is set to "enforce" whenever lockdown
is enabled.  This fixes CVE-2022-21505.

Cc: stable@vger.kernel.org
Fixes: 29d3c1c8 ("kexec: Allow kexec_file() with appropriate IMA policy when locked down")
Signed-off-by: NEric Snowberg <eric.snowberg@oracle.com>
Acked-by: NMimi Zohar <zohar@linux.ibm.com>
Reviewed-by: NJohn Haxby <john.haxby@oracle.com>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: NGUO Zihua <guozihua@huawei.com>
Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com>
Reviewed-by: NWang Weiyang <wangweiyang2@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

stable inclusion
from stable-v5.10.101
commit 8027ba480c00d56b7dcedc8f2810c6a749ed907a
bugzilla: https://gitee.com/openeuler/kernel/issues/I5669Z

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8027ba480c00d56b7dcedc8f2810c6a749ed907a

--------------------------------

commit 89677197 upstream.

Before printing a policy rule scan for inactive LSM labels in the policy
rule. Inactive LSM labels are identified by args_p != NULL and
rule == NULL.

Fixes: 483ec26e ("ima: ima/lsm policy rule loading logic bug fixes")
Signed-off-by: NStefan Berger <stefanb@linux.ibm.com>
Cc: <stable@vger.kernel.org> # v5.6+
Acked-by: NChristian Brauner <brauner@kernel.org>
[zohar@linux.ibm.com: Updated "Fixes" tag]
Signed-off-by: NMimi Zohar <zohar@linux.ibm.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: NYu Liao <liaoyu15@huawei.com>
Reviewed-by: NWei Li <liwei391@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

stable inclusion
from stable-v5.10.101
commit 8171c8a99feab7d476bcc5c48b87e285bb5650a0
bugzilla: https://gitee.com/openeuler/kernel/issues/I5669Z

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8171c8a99feab7d476bcc5c48b87e285bb5650a0

--------------------------------

commit bb8e52e4 upstream.

Commit c2426d2a ("ima: added support for new kernel cmdline parameter
ima_template_fmt") introduced an additional check on the ima_template
variable to avoid multiple template selection.

Unfortunately, ima_template could be also set by the setup function of the
ima_hash= parameter, when it calls ima_template_desc_current(). This causes
attempts to choose a new template with ima_template= or with
ima_template_fmt=, after ima_hash=, to be ignored.

Achieve the goal of the commit mentioned with the new static variable
template_setup_done, so that template selection requests after ima_hash=
are not ignored.

Finally, call ima_init_template_list(), if not already done, to initialize
the list of templates before lookup_template_desc() is called.
Reported-by: NGuo Zihua <guozihua@huawei.com>
Signed-off-by: NRoberto Sassu <roberto.sassu@huawei.com>
Cc: stable@vger.kernel.org
Fixes: c2426d2a ("ima: added support for new kernel cmdline parameter ima_template_fmt")
Signed-off-by: NMimi Zohar <zohar@linux.ibm.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: NYu Liao <liaoyu15@huawei.com>
Reviewed-by: NWei Li <liwei391@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

stable inclusion
from stable-v5.10.101
commit 0795b7100d25994080343b8dabb60e903747bf42
bugzilla: https://gitee.com/openeuler/kernel/issues/I5669Z

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0795b7100d25994080343b8dabb60e903747bf42

--------------------------------

commit f7333b95 upstream.

The removal of ima_dir currently fails since ima_policy still exists, so
remove the ima_policy file before removing the directory.

Fixes: 4af4662f ("integrity: IMA policy")
Signed-off-by: NStefan Berger <stefanb@linux.ibm.com>
Cc: <stable@vger.kernel.org>
Acked-by: NChristian Brauner <brauner@kernel.org>
Signed-off-by: NMimi Zohar <zohar@linux.ibm.com>
Signed-off-by: NGreg Kroah-Hartman <gregkh@linuxfoundation.org>

conflicts:
	security/integrity/ima/ima_fs.c
Signed-off-by: NYu Liao <liaoyu15@huawei.com>
Reviewed-by: NWei Li <liwei391@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4XHBM
CVE: NA

-------------

The check for control character shouldn't be added when import a
binary digest list.
Signed-off-by: Nshenxiangwei <shenxiangwei1@huawei.com>
Reviewed-by: NLu Huaxin <luhuaxin1@huawei.com>
Reviewed-by: NRoberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit a8352473.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit ee67fcbf.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 9cf5b2e8.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 3c759877.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit dcc22cdd.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit c2b095cc.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 5f7f33c2.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 27229fcf.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 78e01410.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit a1f9c162.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit bd86d4c7.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 782baa66.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit ba729f30.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit b80cb82f.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 441a760d.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 5622ee15.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 2098d7b5.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit be54067b.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 3ead0c63.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit dc3fb393.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 60499d14.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 48b9f44a.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 9164a7e0.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit e16e05db.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 11047ede.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit a847fd9b.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 603cc292.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA

--------------------------------

This reverts commit 7fdd1c66.
Signed-off-by: NZhang Tianxing <zhangtianxing3@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Acked-by: Xiu Jianfeng<xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>

euler inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4L078
CVE: NA

-------------------------------------------------

We backport the
commit 17f4bad3 ("ima: remove usage of filename parameter") to
support absolute path in ima measurement log,when get absolute path
failed, the pathname with NULL value will be passed to the next
measurement processes. Fix the pathname to relative path when get
absolute path failed.
Signed-off-by: NLi Kun <hw.likun@huawei.com>
Signed-off-by: NKefeng Wang <wangkefeng.wang@huawei.com>
Signed-off-by: NHui Wang <john.wanghui@huawei.com>
Signed-off-by: NZhang Xiaoxu <zhangxiaoxu5@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>
Reviewed-by: NJason Yan <yanaijie@huawei.com>
Signed-off-by: NYang Yingliang <yangyingliang@huawei.com>

Conflicts:
	security/integrity/ima/ima_main.c
Signed-off-by: NGuo Zihua <guozihua@huawei.com>
Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>