On 11/7/2023 5:39 AM, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
>
> Change evm_inode_post_setattr() definition, so that it can be registered as
> implementation of the inode_post_setattr hook (to be introduced).
>
> Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
Reviewed-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> ---
> fs/attr.c | 2 +-
> include/linux/evm.h | 6 ++++--
> security/integrity/evm/evm_main.c | 4 +++-
> 3 files changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/fs/attr.c b/fs/attr.c
> index 9bddc0a6352c..498e673bdf06 100644
> --- a/fs/attr.c
> +++ b/fs/attr.c
> @@ -503,7 +503,7 @@ int notify_change(struct mnt_idmap *idmap, struct dentry *dentry,
> if (!error) {
> fsnotify_change(dentry, ia_valid);
> ima_inode_post_setattr(idmap, dentry, ia_valid);
> - evm_inode_post_setattr(dentry, ia_valid);
> + evm_inode_post_setattr(idmap, dentry, ia_valid);
> }
>
> return error;
> diff --git a/include/linux/evm.h b/include/linux/evm.h
> index 01fc495a83e2..cf976d8dbd7a 100644
> --- a/include/linux/evm.h
> +++ b/include/linux/evm.h
> @@ -23,7 +23,8 @@ extern enum integrity_status evm_verifyxattr(struct dentry *dentry,
> struct integrity_iint_cache *iint);
> extern int evm_inode_setattr(struct mnt_idmap *idmap,
> struct dentry *dentry, struct iattr *attr);
> -extern void evm_inode_post_setattr(struct dentry *dentry, int ia_valid);
> +extern void evm_inode_post_setattr(struct mnt_idmap *idmap,
> + struct dentry *dentry, int ia_valid);
> extern int evm_inode_setxattr(struct mnt_idmap *idmap,
> struct dentry *dentry, const char *name,
> const void *value, size_t size);
> @@ -97,7 +98,8 @@ static inline int evm_inode_setattr(struct mnt_idmap *idmap,
> return 0;
> }
>
> -static inline void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
> +static inline void evm_inode_post_setattr(struct mnt_idmap *idmap,
> + struct dentry *dentry, int ia_valid)
> {
> return;
> }
> diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
> index 894570fe39bc..d452d469c503 100644
> --- a/security/integrity/evm/evm_main.c
> +++ b/security/integrity/evm/evm_main.c
> @@ -840,6 +840,7 @@ int evm_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
>
> /**
> * evm_inode_post_setattr - update 'security.evm' after modifying metadata
> + * @idmap: idmap of the idmapped mount
> * @dentry: pointer to the affected dentry
> * @ia_valid: for the UID and GID status
> *
> @@ -849,7 +850,8 @@ int evm_inode_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
> * This function is called from notify_change(), which expects the caller
> * to lock the inode's i_mutex.
> */
> -void evm_inode_post_setattr(struct dentry *dentry, int ia_valid)
> +void evm_inode_post_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
> + int ia_valid)
> {
> if (!evm_revalidate_status(NULL))
> return;
