summaryrefslogtreecommitdiff
path: root/drivers/md/dm-ima.c
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2021-09-02 12:51:41 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2021-09-02 12:51:41 -0700
commitaef4892a63c248c31718d23941536b86829a49f0 (patch)
treeb73cc5720eaace0398610dbd0dd9074513640a1c /drivers/md/dm-ima.c
parentb55060d796c5300ad7a410cb5faec36582925570 (diff)
parentcb181da161963eddc9de0000de6ab2c7942be219 (diff)
Merge tag 'integrity-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull integrity subsystem updates from Mimi Zohar: - Limit the allowed hash algorithms when writing security.ima xattrs or verifying them, based on the IMA policy and the configured hash algorithms. - Return the calculated "critical data" measurement hash and size to avoid code duplication. (Preparatory change for a proposed LSM.) - and a single patch to address a compiler warning. * tag 'integrity-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: IMA: reject unknown hash algorithms in ima_get_hash_algo IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms IMA: introduce a new policy option func=SETXATTR_CHECK IMA: add a policy option to restrict xattr hash algorithms on appraisal IMA: add support to restrict the hash algorithms used for file appraisal IMA: block writes of the security.ima xattr with unsupported algorithms IMA: remove the dependency on CRYPTO_MD5 ima: Add digest and digest_len params to the functions to measure a buffer ima: Return int in the functions to measure a buffer ima: Introduce ima_get_current_hash_algo() IMA: remove -Wmissing-prototypes warning
Diffstat (limited to 'drivers/md/dm-ima.c')
-rw-r--r--drivers/md/dm-ima.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/md/dm-ima.c b/drivers/md/dm-ima.c
index 3fd69ab12a8e..2c5edfbd7711 100644
--- a/drivers/md/dm-ima.c
+++ b/drivers/md/dm-ima.c
@@ -136,7 +136,8 @@ static void dm_ima_measure_data(const char *event_name, const void *buf, size_t
if (noio)
noio_flag = memalloc_noio_save();
- ima_measure_critical_data(DM_NAME, event_name, buf, buf_len, false);
+ ima_measure_critical_data(DM_NAME, event_name, buf, buf_len,
+ false, NULL, 0);
if (noio)
memalloc_noio_restore(noio_flag);