public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-11-01 01:03:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/security/integrity
History
Frederick Lawler 30d68cb0c3 ima: process_measurement() needlessly takes inode_lock() on MAY_READ 
On IMA policy update, if a measure rule exists in the policy,
IMA_MEASURE is set for ima_policy_flags which makes the violation_check
variable always true. Coupled with a no-action on MAY_READ for a
FILE_CHECK call, we're always taking the inode_lock().

This becomes a performance problem for extremely heavy read-only workloads.
Therefore, prevent this only in the case there's no action to be taken.

Signed-off-by: Frederick Lawler <fred@cloudflare.com>
Acked-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2025-04-22 16:39:32 +02:00
..
evm integrity: fix typos and spelling errors 2025-02-04 21:36:43 -05:00
ima ima: process_measurement() needlessly takes inode_lock() on MAY_READ 2025-04-22 16:39:32 +02:00
platform_certs Hi, 2023-08-29 08:05:18 -07:00
digsig.c integrity: eliminate unnecessary "Problem loading X.509 certificate" msg 2024-02-16 08:04:17 -05:00
digsig_asymmetric.c crypto: sm2 - Remove sm2 algorithm 2024-06-07 19:46:39 +08:00
iint.c integrity: Remove LSM 2024-02-15 23:43:48 -05:00
integrity.h integrity: Use static_assert() to check struct sizes 2024-10-09 22:49:40 -04:00
integrity_audit.c integrity: check the return value of audit_log_start() 2022-02-02 11:44:23 -05:00
Kconfig integrity-v6.7 2023-11-02 06:53:22 -10:00
Makefile ima: Move to LSM infrastructure 2024-02-15 23:43:46 -05:00