diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2021-09-02 22:51:41 +0300 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2021-09-02 22:51:41 +0300 |
commit | aef4892a63c248c31718d23941536b86829a49f0 (patch) | |
tree | b73cc5720eaace0398610dbd0dd9074513640a1c /drivers/md | |
parent | b55060d796c5300ad7a410cb5faec36582925570 (diff) | |
parent | cb181da161963eddc9de0000de6ab2c7942be219 (diff) | |
download | linux-aef4892a63c248c31718d23941536b86829a49f0.tar.xz |
Merge tag 'integrity-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull integrity subsystem updates from Mimi Zohar:
- Limit the allowed hash algorithms when writing security.ima xattrs or
verifying them, based on the IMA policy and the configured hash
algorithms.
- Return the calculated "critical data" measurement hash and size to
avoid code duplication. (Preparatory change for a proposed LSM.)
- and a single patch to address a compiler warning.
* tag 'integrity-v5.15' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
IMA: reject unknown hash algorithms in ima_get_hash_algo
IMA: prevent SETXATTR_CHECK policy rules with unavailable algorithms
IMA: introduce a new policy option func=SETXATTR_CHECK
IMA: add a policy option to restrict xattr hash algorithms on appraisal
IMA: add support to restrict the hash algorithms used for file appraisal
IMA: block writes of the security.ima xattr with unsupported algorithms
IMA: remove the dependency on CRYPTO_MD5
ima: Add digest and digest_len params to the functions to measure a buffer
ima: Return int in the functions to measure a buffer
ima: Introduce ima_get_current_hash_algo()
IMA: remove -Wmissing-prototypes warning
Diffstat (limited to 'drivers/md')
-rw-r--r-- | drivers/md/dm-ima.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/drivers/md/dm-ima.c b/drivers/md/dm-ima.c index 3fd69ab12a8e..2c5edfbd7711 100644 --- a/drivers/md/dm-ima.c +++ b/drivers/md/dm-ima.c @@ -136,7 +136,8 @@ static void dm_ima_measure_data(const char *event_name, const void *buf, size_t if (noio) noio_flag = memalloc_noio_save(); - ima_measure_critical_data(DM_NAME, event_name, buf, buf_len, false); + ima_measure_critical_data(DM_NAME, event_name, buf, buf_len, + false, NULL, 0); if (noio) memalloc_noio_restore(noio_flag); |