On 2020-08-31 4:36 a.m., Mimi Zohar wrote:
On Thu, 2020-08-27 at 18:57 -0700, Tushar Sugandhi wrote:
process_buffer_measurement() does not return the result of the operation.
Therefore, the consumers of this function cannot act on it, if needed.
Update return type of process_buffer_measurement() from void to int.
Failure to measure may be audited, but should never fail. This is one
of the main differences between secure and trusted boot concepts.
Notice in process_measurement() that -EACCES is only returned for
appraisal.
Returning a failure from process_buffer_measurement() in itself isn't a
problem, as long as the failure isn't returned to the LSM/IMA hook.
However, just as the callers of process_measurement() originally
processed the result, that processing was moved into
process_measurement() [1].
Mimi
[1] 750943a30714 ima: remove enforce checking duplication
I can ignore the result of process_buffer_measurement() in
ima_measure_critical_data(), and make ima_measure_critical_data()
return type "void".
But currently ima_measure_critical_data() is the only place where the
results of p_b_m() are being used.
So I might as well just revert back the return type of p_b_m() to
the original "void".
