stuartl/linux-stable
1
0
Fork 0
mirror of https://kernel.googlesource.com/pub/scm/linux/kernel/git/stable/linux-stable.git synced 2025-10-27 18:20:10 +10:00
Code Issues Releases Wiki Activity
ff968e486e
linux-stable/security
History
Frederick Lawler 836917e7a6 ima: process_measurement() needlessly takes inode_lock() on MAY_READ 
[ Upstream commit 30d68cb0c3 ]

On IMA policy update, if a measure rule exists in the policy,
IMA_MEASURE is set for ima_policy_flags which makes the violation_check
variable always true. Coupled with a no-action on MAY_READ for a
FILE_CHECK call, we're always taking the inode_lock().

This becomes a performance problem for extremely heavy read-only workloads.
Therefore, prevent this only in the case there's no action to be taken.

Signed-off-by: Frederick Lawler <fred@cloudflare.com>
Acked-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-05-29 11:02:00 +02:00
..
apparmor
bpf
integrity ima: process_measurement() needlessly takes inode_lock() on MAY_READ 2025-05-29 11:02:00 +02:00
ipe
keys keys: Fix UAF in key_put() 2025-03-28 22:03:30 +01:00
landlock landlock: Prepare to add second errata 2025-04-20 10:15:56 +02:00
loadpin
lockdown
safesetid safesetid: check size of policy writes 2025-02-17 10:04:49 +01:00
selinux
smack smack: ipv4/ipv6: tcp/dccp/sctp: fix incorrect child socket label 2025-04-10 14:39:10 +02:00
tomoyo tomoyo: don't emit warning in tomoyo_write_control() 2025-02-17 10:04:50 +01:00
yama
commoncap.c
device_cgroup.c
inode.c
Kconfig
Kconfig.hardening
lsm_audit.c
lsm_syscalls.c
Makefile
min_addr.c
security.c