From: Linus Torvalds Date: Wed, 29 Jan 2020 02:52:09 +0000 (-0800) Subject: Merge branch 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar... X-Git-Tag: v5.10.7~3376 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=73a0bff2058f2403c604371c325fec737ac2ac61;p=platform%2Fkernel%2Flinux-rpi.git Merge branch 'next-integrity' of git://git./linux/kernel/git/zohar/linux-integrity Pull IMA updates from Mimi Zohar: "Two new features - measuring certificates and querying IMA for a file hash - and three bug fixes: - Measuring certificates is like the rest of IMA, based on policy, but requires loading a custom policy. Certificates loaded onto a keyring, for example during early boot, before a custom policy has been loaded, are queued and only processed after loading the custom policy. - IMA calculates and caches files hashes. Other kernel subsystems, and possibly kernel modules, are interested in accessing these cached file hashes. The bug fixes prevent classifying a file short read (e.g. shutdown) as an invalid file signature, add a missing blank when displaying the securityfs policy rules containing LSM labels, and, lastly, fix the handling of the IMA policy information for unknown LSM labels" * 'next-integrity' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: IMA: Defined delayed workqueue to free the queued keys IMA: Call workqueue functions to measure queued keys IMA: Define workqueue for early boot key measurements IMA: pre-allocate buffer to hold keyrings string ima: ima/lsm policy rule loading logic bug fixes ima: add the ability to query the cached hash of a given file ima: Add a space after printing LSM rules for readability IMA: fix measuring asymmetric keys Kconfig IMA: Read keyrings= option from the IMA policy IMA: Add support to limit measuring keys KEYS: Call the IMA hook to measure keys IMA: Define an IMA hook to measure keys IMA: Add KEY_CHECK func to measure keys IMA: Check IMA policy flag ima: avoid appraise error for hash calc interrupt --- 73a0bff2058f2403c604371c325fec737ac2ac61 diff --cc security/integrity/ima/ima_policy.c index ef8dfd4,f45ae38..4534270 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c @@@ -274,10 -280,10 +280,10 @@@ static struct ima_rule_entry *ima_lsm_c * lsm rules can change */ memcpy(nentry, entry, sizeof(*nentry)); - memset(nentry->lsm, 0, FIELD_SIZEOF(struct ima_rule_entry, lsm)); + memset(nentry->lsm, 0, sizeof_field(struct ima_rule_entry, lsm)); for (i = 0; i < MAX_LSM_RULES; i++) { - if (!entry->lsm[i].rule) + if (!entry->lsm[i].args_p) continue; nentry->lsm[i].type = entry->lsm[i].type;