On Thu Sep 5, 2024 at 6:25 PM EEST, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > > Introduce a new hook to check the integrity of digest lists. "Introduce DIGEST_LIST_CHECK, a new hook..." > > The new hook is invoked during a kernel read with file type "with the file type" > READING_DIGEST LIST, which is done by the Integrity Digest Cache when it is > populating a digest cache with a digest list. The patch creates a new struct imap_rule_entry instance when it parses the corresponding rule, which means that there are couple slices of information missing here: 1. The commit message does not tell what the code change effectively is. I scavenged this information from [1]. 2. The commit message does no effort to connect the dots between the effective change and the expected goal. I'd put a lot of effort to this commit message assuming that the new hook is at the center of the goals of this patch set. [1] https://elixir.bootlin.com/linux/v6.10-rc4/source/security/integrity/ima/ima_policy.c#L1404 BR, Jarkko