From: Zhang Tianxing zhangtianxing3@huawei.com
hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G CVE: NA
--------------------------------
This reverts commit bd86d4c77193befb330c656c5703575976f89512.
Signed-off-by: Zhang Tianxing zhangtianxing3@huawei.com Acked-by: Xie XiuQi xiexiuqi@huawei.com Acked-by: Xiu Jianfengxiujianfeng@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com --- security/integrity/ima/ima.h | 1 - security/integrity/ima/ima_ns.c | 19 ------------------- security/integrity/ima/ima_queue.c | 12 +++--------- 3 files changed, 3 insertions(+), 29 deletions(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index a179f8f2cb8e..f515a4405641 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -187,7 +187,6 @@ int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event, * used to protect h_table and sha_table */ extern spinlock_t ima_queue_lock; -extern spinlock_t ima_htable_lock;
struct ima_h_table { atomic_long_t len; /* number of stored measurements in the list */ diff --git a/security/integrity/ima/ima_ns.c b/security/integrity/ima/ima_ns.c index 885f12043cb3..a6197c708f3a 100644 --- a/security/integrity/ima/ima_ns.c +++ b/security/integrity/ima/ima_ns.c @@ -26,7 +26,6 @@ #include <linux/rwsem.h> #include <linux/workqueue.h> #include <linux/mutex.h> -#include <linux/spinlock.h>
#include "ima.h"
@@ -181,28 +180,10 @@ int __init ima_init_namespace(void) return 0; }
-static void imans_remove_hash_entries(struct ima_namespace *ima_ns) -{ - struct list_head *ele; - struct ima_queue_entry *qe; - - /* The namespace is inactive, no lock is needed */ - list_for_each(ele, &ima_ns->ns_measurements) { - qe = list_entry(ele, struct ima_queue_entry, ns_later); - /* Don't free the queue entry, it should stay on the global - * measurement list, remove only the hash table entry */ - spin_lock(&ima_htable_lock); - hlist_del_rcu(&qe->hnext); - spin_unlock(&ima_htable_lock); - atomic_long_dec(&ima_htable.len); - } -} - static void destroy_ima_ns(struct ima_namespace *ns) { bool is_init_ns = (ns == &init_ima_ns);
- imans_remove_hash_entries(ns); dec_ima_namespaces(ns->ucounts); put_user_ns(ns->user_ns); ns_free_inum(&ns->ns); diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index 3aeff7b5e036..673fd95c8d33 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -17,7 +17,6 @@
#include <linux/rculist.h> #include <linux/slab.h> -#include <linux/spinlock.h> #include "ima.h"
#define AUDIT_CAUSE_LEN_MAX 32 @@ -32,8 +31,6 @@ static unsigned long binary_runtime_size; static unsigned long binary_runtime_size = ULONG_MAX; #endif
-DEFINE_SPINLOCK(ima_htable_lock); - /* key: inode (before secure-hashing a file) */ struct ima_h_table ima_htable = { .len = ATOMIC_LONG_INIT(0), @@ -49,7 +46,7 @@ static DEFINE_MUTEX(ima_extend_list_mutex);
/* lookup up the digest value in the hash table, and return the entry */ static struct ima_queue_entry *ima_lookup_digest_entry(u8 *digest_value, - int pcr, int ns_id) + int pcr) { struct ima_queue_entry *qe, *ret = NULL; unsigned int key; @@ -60,8 +57,7 @@ static struct ima_queue_entry *ima_lookup_digest_entry(u8 *digest_value, hlist_for_each_entry_rcu(qe, &ima_htable.queue[key], hnext) { rc = memcmp(qe->entry->digests[ima_hash_algo_idx].digest, digest_value, hash_digest_size[ima_hash_algo]); - if ((rc == 0) && (qe->entry->pcr == pcr) && - (qe->entry->ns_id == ns_id)) { + if ((rc == 0) && (qe->entry->pcr == pcr)) { ret = qe; break; } @@ -115,9 +111,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry, atomic_long_inc(&ima_htable.len); if (update_htable) { key = ima_hash_key(entry->digests[ima_hash_algo_idx].digest); - spin_lock(&ima_htable_lock); hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]); - spin_unlock(&ima_htable_lock); }
if (binary_runtime_size != ULONG_MAX) { @@ -178,7 +172,7 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
mutex_lock(&ima_extend_list_mutex); if (!violation) { - if (ima_lookup_digest_entry(digest, entry->pcr, entry->ns_id)) { + if (ima_lookup_digest_entry(digest, entry->pcr)) { audit_cause = "hash_exists"; result = -EEXIST; goto out;