On Fri, 2018-04-27 at 12:41 -0700, Matthew Garrett wrote:
> diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
> index 9ea9c19a545c..86b1632d6b5b 100644
> --- a/security/integrity/evm/evm_main.c
> +++ b/security/integrity/evm/evm_main.c
> @@ -35,7 +35,7 @@ static const char * const integrity_status_msg[] = {
> };
> int evm_hmac_attrs;
>
> -char *evm_config_xattrnames[] = {
> +char *evm_config_default_xattrnames[] = {
> #ifdef CONFIG_SECURITY_SELINUX
> XATTR_NAME_SELINUX,
> #endif
> @@ -57,6 +57,8 @@ char *evm_config_xattrnames[] = {
> NULL
> };
>
> +LIST_HEAD(evm_config_xattrnames);
> +
> static int evm_fixmode;
> static int __init evm_set_fixmode(char *str)
> {
> @@ -66,12 +68,30 @@ static int __init evm_set_fixmode(char *str)
> }
> __setup("evm=", evm_set_fixmode);
>
> -static void __init evm_init_config(void)
> +static int __init evm_init_config(void)
> {
> + struct xattr_list *tmp;
> + char **xattrname;
> +
> + for (xattrname = evm_config_default_xattrnames; *xattrname != NULL;
> + xattrname++) {
> + tmp = kmalloc(sizeof(struct xattr_list), GFP_KERNEL);
> + if (!tmp)
> + return -ENOMEM;
> + tmp->name = kstrdup(*xattrname, GFP_KERNEL);
> + if (!tmp->name) {
> + kfree(tmp);
> + return -ENOMEM;
> + }
> + list_add_tail(&tmp->list, &evm_config_xattrnames);
If evm_config_xattrnames[] is defined as struct xattr_list, there's no
need for allocating memory for the xattr_list and name. Something
like in ima_init_policy() would work.
Could we break this patch up to simplify review? The first patch
would create and use the xattrname list. The subsequent patch(es)
would add the new functionality.
thanks,
Mimi
> + }
> +
> #ifdef CONFIG_EVM_ATTR_FSUUID
> evm_hmac_attrs |= EVM_ATTR_FSUUID;
> #endif
> pr_info("HMAC attrs: 0x%x\n", evm_hmac_attrs);
> +
> + return 0;
> }
>
> static bool evm_key_loaded(void)
>
