Hi Stefan, On Wed, 2022-06-29 at 22:03 -0400, Stefan Berger wrote: > Defer the query for the iversion until it is needed. > > Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx> > --- > security/integrity/ima/ima_api.c | 4 +--- > 1 file changed, 1 insertion(+), 3 deletions(-) > > diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c > index c1e76282b5ee..4410d45eb281 100644 > --- a/security/integrity/ima/ima_api.c > +++ b/security/integrity/ima/ima_api.c > @@ -248,7 +248,6 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, > int result = 0; > int length; > void *tmpbuf; > - u64 i_version; > > /* > * Always collect the modsig, because IMA might have already collected > @@ -267,7 +266,6 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, > * to an initial measurement/appraisal/audit, but was modified to > * assume the file changed. > */ > - i_version = inode_query_iversion(inode); > hash.hdr.algo = algo; > hash.hdr.length = hash_digest_size[algo]; > > @@ -304,7 +302,7 @@ int ima_collect_measurement(struct integrity_iint_cache *iint, > > iint->ima_hash = tmpbuf; > memcpy(iint->ima_hash, &hash, length); > - iint->version = i_version; > + iint->version = inode_query_iversion(inode); > > /* Possibly temporary failure due to type of read (eg. O_DIRECT) */ > if (!result) Using the i_version value before calculating the file hash was done intentionally in case the file changed. thanks, Mimi
