GUO Zihua 2d4bc60693 ima: Handle -ESTALE returned by ima_filter_rule_match() ... [ Upstream commit c7423dbdbc ] IMA relies on the blocking LSM policy notifier callback to update the LSM based IMA policy rules. When SELinux update its policies, IMA would be notified and starts updating all its lsm rules one-by-one. During this time, -ESTALE would be returned by ima_filter_rule_match() if it is called with a LSM rule that has not yet been updated. In ima_match_rules(), -ESTALE is not handled, and the LSM rule is considered a match, causing extra files to be measured by IMA. Fix it by re-initializing a temporary rule if -ESTALE is returned by ima_filter_rule_match(). The origin rule in the rule list would be updated by the LSM policy notifier callback. Fixes: b169424551 ("ima: use the lsm policy update notifier") Signed-off-by: GUO Zihua <guozihua@huawei.com> Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org>		2022-12-31 13:14:08 +01:00
..
evm	Revert "evm: Fix memleak in init_desc"	2022-07-21 21:24:14 +02:00
ima	ima: Handle -ESTALE returned by ima_filter_rule_match()	2022-12-31 13:14:08 +01:00
platform_certs	efi: Correct Macmini DMI match in uefi cert quirk	2022-10-15 07:59:01 +02:00
digsig_asymmetric.c	ima: fix reference leak in asymmetric_verify()	2022-02-16 12:56:03 +01:00
digsig.c	ima: enable loading of build time generated key on .ima keyring	2021-04-09 10:40:20 -04:00
iint.c	evm: Load EVM key in ima_load_x509() to avoid appraisal	2021-05-21 12:47:04 -04:00
integrity_audit.c	integrity: check the return value of audit_log_start()	2022-02-16 12:56:03 +01:00
integrity.h	crypto: sha - split sha.h into sha1.h and sha2.h	2020-11-20 14:45:33 +11:00
Kconfig	powerpc: Load firmware trusted keys/hashes into kernel keyring	2019-11-13 00:33:23 +11:00
Makefile	powerpc: Load firmware trusted keys/hashes into kernel keyring	2019-11-13 00:33:23 +11:00