2 files changed, 39 insertions, 7 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 88a2788b981d..032ff03ad907 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -175,7 +175,9 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
        }
        memset(&entry->template, 0, sizeof(entry->template));
        memcpy(entry->template.digest, iint->digest, IMA_DIGEST_SIZE);
-        strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX);
+        strcpy(entry->template.file_name,
+               (strlen(filename) > IMA_EVENT_NAME_LEN_MAX) ?
+               file->f_dentry->d_name.name : filename);
        result = ima_store_template(entry, violation, inode);
        if (!result || result == -EEXIST)
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index b17be79b9cf2..a0e631a19058 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -54,6 +54,7 @@ static void ima_rdwr_violation_check(struct file *file)
        fmode_t mode = file->f_mode;
        int rc;
        bool send_tomtou = false, send_writers = false;
+        unsigned char *pathname = NULL, *pathbuf = NULL;
        if (!S_ISREG(inode->i_mode) || !ima_initialized)
                return;
@@ -75,12 +76,27 @@ static void ima_rdwr_violation_check(struct file *file)
 out:
        mutex_unlock(&inode->i_mutex);
+        if (!send_tomtou && !send_writers)
+                return;
+        /* We will allow 11 spaces for ' (deleted)' to be appended */
+        pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL);
+        if (pathbuf) {
+                pathname = d_path(&file->f_path, pathbuf, PATH_MAX + 11);
+                if (IS_ERR(pathname))
+                        pathname = NULL;
+                else if (strlen(pathname) > IMA_EVENT_NAME_LEN_MAX)
+                        pathname = NULL;
+        }
        if (send_tomtou)
-                ima_add_violation(inode, dentry->d_name.name, "invalid_pcr",
+                ima_add_violation(inode,
-                                  "ToMToU");
+                                  !pathname ? dentry->d_name.name : pathname,
+                                  "invalid_pcr", "ToMToU");
        if (send_writers)
-                ima_add_violation(inode, dentry->d_name.name, "invalid_pcr",
+                ima_add_violation(inode,
-                                  "open_writers");
+                                  !pathname ? dentry->d_name.name : pathname,
+                                  "invalid_pcr", "open_writers");
+        kfree(pathbuf);
 }
 static void ima_check_last_writer(struct integrity_iint_cache *iint,
@@ -123,6 +139,7 @@ static int process_measurement(struct file *file, const unsigned char *filename,
 {
        struct inode *inode = file->f_dentry->d_inode;
        struct integrity_iint_cache *iint;
+        unsigned char *pathname = NULL, *pathbuf = NULL;
        int rc = 0;
        if (!ima_initialized || !S_ISREG(inode->i_mode))
@@ -147,8 +164,21 @@ retry:
                goto out;
        rc = ima_collect_measurement(iint, file);
-        if (!rc)
+        if (rc != 0)
-                ima_store_measurement(iint, file, filename);
+                goto out;
+        if (function != BPRM_CHECK) {
+                /* We will allow 11 spaces for ' (deleted)' to be appended */
+                pathbuf = kmalloc(PATH_MAX + 11, GFP_KERNEL);
+                if (pathbuf) {
+                        pathname =
+                            d_path(&file->f_path, pathbuf, PATH_MAX + 11);
+                        if (IS_ERR(pathname))
+                                pathname = NULL;
+                }
+        }
+        ima_store_measurement(iint, file, !pathname ? filename : pathname);
+        kfree(pathbuf);
 out:
        mutex_unlock(&iint->mutex);
        return rc;