From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mimi Zohar Subject: [PATCH v2 02/11] vfs: move ima_file_free before releasing the file Date: Thu, 1 Mar 2012 14:10:39 -0500 Message-ID: <1330629048-5933-3-git-send-email-zohar@linux.vnet.ibm.com> References: <1330629048-5933-1-git-send-email-zohar@linux.vnet.ibm.com> Cc: Mimi Zohar , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Al Viro , David Safford , Dmitry Kasatkin , Mimi Zohar To: linux-security-module@vger.kernel.org Return-path: In-Reply-To: <1330629048-5933-1-git-send-email-zohar@linux.vnet.ibm.com> Sender: linux-kernel-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org ima_file_free(), called on __fput(), currently flags files that have changed, so that the file is re-measured. For appraising a files's integrity, flagging the file is not enough. The file's hash must be re-calculated and stored in the 'security.ima' xattr to reflect any changes. This patch moves the ima_file_free() call to before releasing the file in preparation of ima-appraisal measuring the file and updating the 'security.ima' xattr. Signed-off-by: Mimi Zohar Acked-by: Serge Hallyn --- fs/file_table.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/fs/file_table.c b/fs/file_table.c index 20002e3..554161a 100644 --- a/fs/file_table.c +++ b/fs/file_table.c @@ -243,10 +243,10 @@ static void __fput(struct file *file) if (file->f_op && file->f_op->fasync) file->f_op->fasync(-1, file, 0); } + ima_file_free(file); if (file->f_op && file->f_op->release) file->f_op->release(inode, file); security_file_free(file); - ima_file_free(file); if (unlikely(S_ISCHR(inode->i_mode) && inode->i_cdev != NULL && !(file->f_mode & FMODE_PATH))) { cdev_put(inode->i_cdev); -- 1.7.6.5