When user requests a file msync, make sure that the IMA
measurement reflects the state of the data being sync'd.
Depends on commit c8213962517e ("integrity: keep the integrity state of open files up to date")'
Signed-off-by: Janne Karhunen <janne.karhunen@xxxxxxxxx>
Signed-off-by: Konsta Karsisto <konsta.karsisto@xxxxxxxxx>
---
mm/msync.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/mm/msync.c b/mm/msync.c
index ef30a429623a..5a256e08b49d 100644
--- a/mm/msync.c
+++ b/mm/msync.c
@@ -14,6 +14,7 @@
#include <linux/file.h>
#include <linux/syscalls.h>
#include <linux/sched.h>
+#include <linux/ima.h>
/*
* MS_SYNC syncs the entire file - including mappings.
@@ -88,12 +89,18 @@ SYSCALL_DEFINE3(msync, unsigned long, start, size_t, len, int, flags)
get_file(file);
up_read(&mm->mmap_sem);
error = vfs_fsync_range(file, fstart, fend, 1);
+ if (!error)
+ ima_file_update(file);
+
fput(file);
if (error || start >= end)
goto out;
down_read(&mm->mmap_sem);
vma = find_vma(mm, start);
} else {
+ if (file)
+ ima_delayed_update(file);
+
if (start >= end) {
error = 0;
goto out_unlock;
--
2.17.1
