> +static struct ima_rule_entry *ima_lsm_copy_rule(struct ima_rule_entry *entry)
> +{
> + struct ima_rule_entry *nentry;
> + int i, result;
> +
> + nentry = kmalloc(sizeof(*nentry), GFP_KERNEL);
> + if (!nentry)
> + return NULL;
> +
> + /*
> + * Immutable elements are copied over as pointers and data; only
> + * lsm rules can change
> + */
> + memcpy(nentry, entry, sizeof(*nentry));
> + memset(nentry->lsm, 0, FIELD_SIZEOF(struct ima_rule_entry, lsm));
> +
> for (i = 0; i < MAX_LSM_RULES; i++) {
> - security_filter_rule_free(entry->lsm[i].rule);
> - kfree(entry->lsm[i].args_p);
> + if (!entry->lsm[i].rule)
> + continue;
> +
> + nentry->lsm[i].type = entry->lsm[i].type;
> + nentry->lsm[i].args_p = kstrdup(entry->lsm[i].args_p,
> + GFP_KERNEL);
> + if (!nentry->lsm[i].args_p)
> + goto out_err;
> +
> + result = security_filter_rule_init(nentry->lsm[i].type,
> + Audit_equal,
> + nentry->lsm[i].args_p,
> + &nentry->lsm[i].rule);
> + if (result == -EINVAL)
> + pr_warn("ima: rule for LSM \'%d\' is undefined\n",
> + entry->lsm[i].type);
> }
> + return nentry;
> +
> +out_err:
> + ima_lsm_free_rule(entry);
> kfree(entry);
This should be "nentry". Otherwise, it looks good.
thanks,
Mimi
> + return NULL;
> +}
