Code Review
/
kvmfornfv.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
These changes are the raw update to linux-4.4.6-rt14. Kernel sources
[kvmfornfv.git]
/
kernel
/
security
/
integrity
/
evm
/
evm_main.c
diff --git
a/kernel/security/integrity/evm/evm_main.c
b/kernel/security/integrity/evm/evm_main.c
index
5820914
..
3d145a3
100644
(file)
--- a/
kernel/security/integrity/evm/evm_main.c
+++ b/
kernel/security/integrity/evm/evm_main.c
@@
-23,6
+23,7
@@
#include <linux/integrity.h>
#include <linux/evm.h>
#include <crypto/hash.h>
#include <linux/integrity.h>
#include <linux/evm.h>
#include <crypto/hash.h>
+#include <crypto/algapi.h>
#include "evm.h"
int evm_initialized;
#include "evm.h"
int evm_initialized;
@@
-148,7
+149,7
@@
static enum integrity_status evm_verify_hmac(struct dentry *dentry,
xattr_value_len, calc.digest);
if (rc)
break;
xattr_value_len, calc.digest);
if (rc)
break;
- rc =
memcmp
(xattr_data->digest, calc.digest,
+ rc =
crypto_memneq
(xattr_data->digest, calc.digest,
sizeof(calc.digest));
if (rc)
rc = -EINVAL;
sizeof(calc.digest));
if (rc)
rc = -EINVAL;
@@
-387,17
+388,16
@@
void evm_inode_post_setxattr(struct dentry *dentry, const char *xattr_name,
* @xattr_name: pointer to the affected extended attribute name
*
* Update the HMAC stored in 'security.evm' to reflect removal of the xattr.
* @xattr_name: pointer to the affected extended attribute name
*
* Update the HMAC stored in 'security.evm' to reflect removal of the xattr.
+ *
+ * No need to take the i_mutex lock here, as this function is called from
+ * vfs_removexattr() which takes the i_mutex.
*/
void evm_inode_post_removexattr(struct dentry *dentry, const char *xattr_name)
{
*/
void evm_inode_post_removexattr(struct dentry *dentry, const char *xattr_name)
{
- struct inode *inode = d_backing_inode(dentry);
-
if (!evm_initialized || !evm_protected_xattr(xattr_name))
return;
if (!evm_initialized || !evm_protected_xattr(xattr_name))
return;
- mutex_lock(&inode->i_mutex);
evm_update_evmxattr(dentry, xattr_name, NULL, 0);
evm_update_evmxattr(dentry, xattr_name, NULL, 0);
- mutex_unlock(&inode->i_mutex);
}
/**
}
/**