Linux-Integrity Archive on
 help / color / Atom feed
From: Mimi Zohar <>
To: Linus Torvalds <>
Cc: linux-integrity <>,
	linux-kernel <>
Subject: [GIT PULL] integrity subsystem fixes for v5.7
Date: Mon, 18 May 2020 11:49:31 -0400
Message-ID: <> (raw)

Hi Linus,

Here are a couple of miscellaneous bug fixes for the integrity

- Properly modify the open flags in order to calculate the file hash.
- On systems requiring the IMA policy to be signed, the policy is
loaded differently.  Don't differentiate between "enforce" and either
"log" or "fix" modes how the policy is loaded.

- (2 patches) Fix an EVM race condition, normally the result of
attempting to load an unsupported hash algorithm.
- Use the lockless RCU version for walking an append only list.


The following changes since commit ae83d0b416db002fe95601e7f97f64b59514d936:

  Linux 5.7-rc2 (2020-04-19 14:35:30 -0700)

are available in the git repository at:

  git:// next-integrity.fixes

for you to fetch changes up to 8433856947217ebb5697a8ff9c4c9cad4639a2cf:

  evm: Fix a small race in init_desc() (2020-05-14 19:55:54 -0400)

Dan Carpenter (1):
      evm: Fix a small race in init_desc()

Madhuparna Bhowmik (1):
      evm: Fix RCU list related warnings

Roberto Sassu (3):
      ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash()
      evm: Check also if *tfm is an error pointer in init_desc()
      ima: Fix return value of ima_write_policy()

 security/integrity/evm/evm_crypto.c | 46 ++++++++++++++++++-------------------
 security/integrity/evm/evm_main.c   |  4 ++--
 security/integrity/evm/evm_secfs.c  |  9 +++++++-
 security/integrity/ima/ima_crypto.c | 12 +++++-----
 security/integrity/ima/ima_fs.c     |  3 +--
 5 files changed, 40 insertions(+), 34 deletions(-)

             reply index

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-05-18 15:49 Mimi Zohar [this message]
2020-05-18 17:47 ` Linus Torvalds
2020-05-18 17:58   ` Mimi Zohar
2020-05-18 18:55 ` pr-tracker-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \ \ \ \ \ \

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Integrity Archive on

Archives are clonable:
	git clone --mirror linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ \
	public-inbox-index linux-integrity

Example config snippet for mirrors

Newsgroup available over NNTP:

AGPL code for this site: git clone