[PATCH openEuler-5.10 43/64] Revert "ima: Add integrity inode related data to the ima namespace"

29 Dec 2021

From: Zhang Tianxing zhangtianxing3@huawei.com
hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4O25G
CVE: NA
--------------------------------
This reverts commit 5f7f33c2af796b77e0b252cc505d8b4cc8c448fc.
Signed-off-by: Zhang Tianxing zhangtianxing3@huawei.com
Acked-by: Xie XiuQi xiexiuqi@huawei.com
Acked-by: Xiu Jianfengxiujianfeng@huawei.com
Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com
---
 include/linux/ima.h               |  1 -
 security/integrity/ima/ima_init.c |  1 -
 security/integrity/ima/ima_ns.c   | 17 ++---------------
 3 files changed, 2 insertions(+), 17 deletions(-)

diff --git a/include/linux/ima.h b/include/linux/ima.h
index f5683756f2b5..7f847cf0297c 100644
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@ -220,7 +220,6 @@ struct ima_namespace {
    atomic_t inactive; /* set only when ns is added to the cleanup list */
    bool frozen;
    struct ima_policy_data *policy_data;
-	struct integrity_iint_tree *iint_tree;
 } __randomize_layout;
extern struct ima_namespace init_ima_ns;
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 3b8839b97a98..9f0e9dc3b77f 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -34,7 +34,6 @@ struct ima_namespace init_ima_ns = {
 #endif
    .frozen = true,
    .policy_data = &init_policy_data,
-	.iint_tree = &init_iint_tree,
 };
 EXPORT_SYMBOL(init_ima_ns);
diff --git a/security/integrity/ima/ima_ns.c b/security/integrity/ima/ima_ns.c
index 226a53279f71..1aeb9cfeb3a2 100644
--- a/security/integrity/ima/ima_ns.c
+++ b/security/integrity/ima/ima_ns.c
@@ -56,18 +56,11 @@ static struct ima_namespace *ima_ns_alloc(void)
    ima_ns->policy_data = kzalloc(sizeof(struct ima_policy_data),
    			      GFP_KERNEL);
    if (!ima_ns->policy_data)
-		goto ns_free;
-
-	ima_ns->iint_tree = kzalloc(sizeof(struct integrity_iint_tree),
-				    GFP_KERNEL);
-	if (!ima_ns->iint_tree)
-		goto policy_free;
+		goto out_free;
return ima_ns;
-policy_free:
-	kfree(ima_ns->policy_data);
-ns_free:
+out_free:
    kfree(ima_ns);
 out:
    return NULL;
@@ -127,9 +120,6 @@ static struct ima_namespace *clone_ima_ns(struct user_namespace *user_ns,
    ns->ucounts = ucounts;
    ns->frozen = false;
-	rwlock_init(&ns->iint_tree->lock);
-	ns->iint_tree->root = RB_ROOT;
-
    INIT_LIST_HEAD(&ns->policy_data->ima_default_rules);
    INIT_LIST_HEAD(&ns->policy_data->ima_policy_rules);
    INIT_LIST_HEAD(&ns->policy_data->ima_temp_rules);
@@ -137,7 +127,6 @@ static struct ima_namespace *clone_ima_ns(struct user_namespace *user_ns,
    return ns;
fail_free:
-	kfree(ns->iint_tree);
    kfree(ns->policy_data);
    kfree(ns);
 fail_dec:
@@ -184,8 +173,6 @@ static void destroy_ima_ns(struct ima_namespace *ns)
    dec_ima_namespaces(ns->ucounts);
    put_user_ns(ns->user_ns);
    ns_free_inum(&ns->ns);
-	integrity_iint_tree_free(ns->iint_tree);
-	kfree(ns->iint_tree);
    kfree(ns->policy_data);
    kfree(ns);
 }
-- 
2.20.1

    

2024

2023

2022

2021

2020

2019

[PATCH openEuler-5.10 43/64] Revert "ima: Add integrity inode related data to the ima namespace"