From: Roberto Sassu <[email protected]> Make ima_num_entries as an array, to have separate counters per binary measurements list type. Currently, define the BINARY type for the existing binary measurements list.
No functional change: the BINARY type is equivalent to the value without the array. Link: https://github.com/linux-integrity/linux/issues/1 Signed-off-by: Roberto Sassu <[email protected]> --- security/integrity/ima/ima.h | 9 ++++++++- security/integrity/ima/ima_fs.c | 3 +-- security/integrity/ima/ima_kexec.c | 2 +- security/integrity/ima/ima_queue.c | 7 +++++-- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 9cdc4c5afd3b..199237e2d2e3 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -28,6 +28,13 @@ enum ima_show_type { IMA_SHOW_BINARY, IMA_SHOW_BINARY_NO_FIELD_LEN, IMA_SHOW_BINARY_OLD_STRING_FMT, IMA_SHOW_ASCII }; enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8, TPM_PCR10 = 10 }; +/* + * BINARY: current binary measurements list + */ +enum binary_lists { + BINARY, BINARY__LAST +}; + /* digest size for IMA, fits SHA1 or MD5 */ #define IMA_DIGEST_SIZE SHA1_DIGEST_SIZE #define IMA_EVENT_NAME_LEN_MAX 255 @@ -324,7 +331,7 @@ int ima_lsm_policy_change(struct notifier_block *nb, unsigned long event, */ extern spinlock_t ima_queue_lock; -extern atomic_long_t ima_num_entries; +extern atomic_long_t ima_num_entries[BINARY__LAST]; extern atomic_long_t ima_num_violations; extern struct hlist_head __rcu *ima_htable; diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index aaa460d70ff7..79b0f287c668 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -63,8 +63,7 @@ static ssize_t ima_show_measurements_count(struct file *filp, char __user *buf, size_t count, loff_t *ppos) { - return ima_show_counter(buf, count, ppos, &ima_num_entries); - + return ima_show_counter(buf, count, ppos, &ima_num_entries[BINARY]); } static const struct file_operations ima_measurements_count_ops = { diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c index 5801649fbbef..40962dc0ca86 100644 --- a/security/integrity/ima/ima_kexec.c +++ b/security/integrity/ima/ima_kexec.c @@ -43,7 +43,7 @@ void ima_measure_kexec_event(const char *event_name) int n; buf_size = ima_get_binary_runtime_size(); - len = atomic_long_read(&ima_num_entries); + len = atomic_long_read(&ima_num_entries[BINARY]); n = scnprintf(ima_kexec_event, IMA_KEXEC_EVENT_LEN, "kexec_segment_size=%lu;ima_binary_runtime_size=%lu;" diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index 41f4941ceaad..952172a4905d 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c @@ -33,7 +33,10 @@ static unsigned long binary_runtime_size = ULONG_MAX; #endif /* num of stored measurements in the list */ -atomic_long_t ima_num_entries = ATOMIC_LONG_INIT(0); +atomic_long_t ima_num_entries[BINARY__LAST] = { + [0 ... BINARY__LAST - 1] = ATOMIC_LONG_INIT(0) +}; + /* num of violations in the list */ atomic_long_t ima_num_violations = ATOMIC_LONG_INIT(0); @@ -154,7 +157,7 @@ static int ima_add_digest_entry(struct ima_template_entry *entry, htable = rcu_dereference_protected(ima_htable, lockdep_is_held(&ima_extend_list_mutex)); - atomic_long_inc(&ima_num_entries); + atomic_long_inc(&ima_num_entries[BINARY]); if (update_htable) { key = ima_hash_key(entry->digests[ima_hash_algo_idx].digest); hlist_add_head_rcu(&qe->hnext, &htable[key]); -- 2.43.0
