1 files changed, 20 insertions, 31 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 970693d1a320..d743c9a0a4b4 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -61,7 +61,8 @@ static void ima_rdwr_violation_check(struct file *file)
        fmode_t mode = file->f_mode;
        int must_measure;
        bool send_tomtou = false, send_writers = false;
-        unsigned char *pathname = NULL, *pathbuf = NULL;
+        char *pathbuf = NULL;
+        const char *pathname;
        if (!S_ISREG(inode->i_mode) || !ima_initialized)
                return;
@@ -86,22 +87,15 @@ out:
        if (!send_tomtou && !send_writers)
                return;
-        /* We will allow 11 spaces for ' (deleted)' to be appended */
+        pathname = ima_d_path(&file->f_path, &pathbuf);
-        pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL);
+        if (!pathname || strlen(pathname) > IMA_EVENT_NAME_LEN_MAX)
-        if (pathbuf) {
+                pathname = dentry->d_name.name;
-                pathname = d_path(&file->f_path, pathbuf, PATH_MAX + 11);
-                if (IS_ERR(pathname))
-                        pathname = NULL;
-                else if (strlen(pathname) > IMA_EVENT_NAME_LEN_MAX)
-                        pathname = NULL;
-        }
        if (send_tomtou)
-                ima_add_violation(inode,
+                ima_add_violation(inode, pathname,
-                                  !pathname ? dentry->d_name.name : pathname,
                                  "invalid_pcr", "ToMToU");
        if (send_writers)
-                ima_add_violation(inode,
+                ima_add_violation(inode, pathname,
-                                  !pathname ? dentry->d_name.name : pathname,
                                  "invalid_pcr", "open_writers");
        kfree(pathbuf);
 }
@@ -145,12 +139,13 @@ void ima_file_free(struct file *file)
        ima_check_last_writer(iint, inode, file);
 }
-static int process_measurement(struct file *file, const unsigned char *filename,
+static int process_measurement(struct file *file, const char *filename,
                               int mask, int function)
 {
        struct inode *inode = file->f_dentry->d_inode;
        struct integrity_iint_cache *iint;
-        unsigned char *pathname = NULL, *pathbuf = NULL;
+        char *pathbuf = NULL;
+        const char *pathname = NULL;
        int rc = -ENOMEM, action, must_appraise;
        if (!ima_initialized || !S_ISREG(inode->i_mode))
@@ -187,24 +182,18 @@ static int process_measurement(struct file *file, const unsigned char *filename,
        if (rc != 0)
                goto out;
-        if (function != BPRM_CHECK) {
+        if (function != BPRM_CHECK)
-                /* We will allow 11 spaces for ' (deleted)' to be appended */
+                pathname = ima_d_path(&file->f_path, &pathbuf);
-                pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL);
-                if (pathbuf) {
+        if (!pathname)
-                        pathname =
+                pathname = filename;
-                            d_path(&file->f_path, pathbuf, PATH_MAX + 11);
-                        if (IS_ERR(pathname))
-                                pathname = NULL;
-                }
-        }
        if (action & IMA_MEASURE)
-                ima_store_measurement(iint, file,
+                ima_store_measurement(iint, file, pathname);
-                                      !pathname ? filename : pathname);
        if (action & IMA_APPRAISE)
-                rc = ima_appraise_measurement(iint, file,
+                rc = ima_appraise_measurement(iint, file, pathname);
-                                              !pathname ? filename : pathname);
        if (action & IMA_AUDIT)
-                ima_audit_measurement(iint, !pathname ? filename : pathname);
+                ima_audit_measurement(iint, pathname);
        kfree(pathbuf);
 out:
        mutex_unlock(&inode->i_mutex);

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 970693d1a320..d743c9a0a4b4 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c
@@ -61,7 +61,8 @@ static void ima_rdwr_violation_check(struct file *file)
61	fmode_t mode = file->f_mode;	61	fmode_t mode = file->f_mode;
62	int must_measure;	62	int must_measure;
63	bool send_tomtou = false, send_writers = false;	63	bool send_tomtou = false, send_writers = false;
64	unsigned char pathname = NULL, pathbuf = NULL;	64	char *pathbuf = NULL;
		65	const char *pathname;
65		66
66	if (!S_ISREG(inode->i_mode) \|\| !ima_initialized)	67	if (!S_ISREG(inode->i_mode) \|\| !ima_initialized)
67	return;	68	return;
@@ -86,22 +87,15 @@ out:
86	if (!send_tomtou && !send_writers)	87	if (!send_tomtou && !send_writers)
87	return;	88	return;
88		89
89	/* We will allow 11 spaces for ' (deleted)' to be appended */	90	pathname = ima_d_path(&file->f_path, &pathbuf);
90	pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL);	91	if (!pathname \|\| strlen(pathname) > IMA_EVENT_NAME_LEN_MAX)
91	if (pathbuf) {	92	pathname = dentry->d_name.name;
92	pathname = d_path(&file->f_path, pathbuf, PATH_MAX + 11);	93
93	if (IS_ERR(pathname))
94	pathname = NULL;
95	else if (strlen(pathname) > IMA_EVENT_NAME_LEN_MAX)
96	pathname = NULL;
97	}
98	if (send_tomtou)	94	if (send_tomtou)
99	ima_add_violation(inode,	95	ima_add_violation(inode, pathname,
100	!pathname ? dentry->d_name.name : pathname,
101	"invalid_pcr", "ToMToU");	96	"invalid_pcr", "ToMToU");
102	if (send_writers)	97	if (send_writers)
103	ima_add_violation(inode,	98	ima_add_violation(inode, pathname,
104	!pathname ? dentry->d_name.name : pathname,
105	"invalid_pcr", "open_writers");	99	"invalid_pcr", "open_writers");
106	kfree(pathbuf);	100	kfree(pathbuf);
107	}	101	}
@@ -145,12 +139,13 @@ void ima_file_free(struct file *file)
145	ima_check_last_writer(iint, inode, file);	139	ima_check_last_writer(iint, inode, file);
146	}	140	}
147		141
148	static int process_measurement(struct file file, const unsigned char filename,	142	static int process_measurement(struct file file, const char filename,
149	int mask, int function)	143	int mask, int function)
150	{	144	{
151	struct inode *inode = file->f_dentry->d_inode;	145	struct inode *inode = file->f_dentry->d_inode;
152	struct integrity_iint_cache *iint;	146	struct integrity_iint_cache *iint;
153	unsigned char pathname = NULL, pathbuf = NULL;	147	char *pathbuf = NULL;
		148	const char *pathname = NULL;
154	int rc = -ENOMEM, action, must_appraise;	149	int rc = -ENOMEM, action, must_appraise;
155		150
156	if (!ima_initialized \|\| !S_ISREG(inode->i_mode))	151	if (!ima_initialized \|\| !S_ISREG(inode->i_mode))
@@ -187,24 +182,18 @@ static int process_measurement(struct file file, const unsigned char filename,
187	if (rc != 0)	182	if (rc != 0)
188	goto out;	183	goto out;
189		184
190	if (function != BPRM_CHECK) {	185	if (function != BPRM_CHECK)
191	/* We will allow 11 spaces for ' (deleted)' to be appended */	186	pathname = ima_d_path(&file->f_path, &pathbuf);
192	pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL);	187
193	if (pathbuf) {	188	if (!pathname)
194	pathname =	189	pathname = filename;
195	d_path(&file->f_path, pathbuf, PATH_MAX + 11);	190
196	if (IS_ERR(pathname))
197	pathname = NULL;
198	}
199	}
200	if (action & IMA_MEASURE)	191	if (action & IMA_MEASURE)
201	ima_store_measurement(iint, file,	192	ima_store_measurement(iint, file, pathname);
202	!pathname ? filename : pathname);
203	if (action & IMA_APPRAISE)	193	if (action & IMA_APPRAISE)
204	rc = ima_appraise_measurement(iint, file,	194	rc = ima_appraise_measurement(iint, file, pathname);
205	!pathname ? filename : pathname);
206	if (action & IMA_AUDIT)	195	if (action & IMA_AUDIT)
207	ima_audit_measurement(iint, !pathname ? filename : pathname);	196	ima_audit_measurement(iint, pathname);
208	kfree(pathbuf);	197	kfree(pathbuf);
209	out:	198	out:
210	mutex_unlock(&inode->i_mutex);	199	mutex_unlock(&inode->i_mutex);