On Wed, 2025-01-22 at 18:24 +0100, Roberto Sassu wrote: > From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > > IMA stores a pointer of the ima_iint_cache structure, containing integrity > metadata, in the inode security blob. However, check and assignment of this > pointer is not atomic, and it might happen that two tasks both see that the > iint pointer is NULL and try to set it, causing a memory leak. > > Detect if the iint check and assignment is guarded by the iint_lock mutex, > by adding a lockdep assertion in ima_inode_get(). > > Consequently, guard the remaining ima_inode_get() calls, in > ima_post_create_tmpfile() and ima_post_path_mknod(), to avoid the lockdep > warnings. > > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> Thank you for updating the patch description. You might also want to mention that CONFIG_LOCKDEP_DEBUG is required to see the warnings. Reviewed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
