From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Wed, 16 Dec 2020 19:06:07 +0000 (-0800)
Subject: Merge tag 'integrity-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar... 
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=e20a9b92ddbfe662807622dbb28e1fbb6e0011aa;p=linux.git

Merge tag 'integrity-v5.11' of git://git./linux/kernel/git/zohar/linux-integrity

Pull integrity subsystem updates from Mimi Zohar:
 "Just three patches here. Other integrity changes are being upstreamed
  via EFI (defines a common EFI secure and trusted boot IMA policy) and
  BPF LSM (exporting the IMA file cache hash info based on inode).

  The three patches included here:

   - bug fix: fail calculating the file hash, when a file not opened for
     read and the attempt to re-open it for read fails.

   - defer processing the "ima_appraise" boot command line option to
     avoid enabling different modes (e.g. fix, log) to when the secure
     boot flag is available on arm.

   - defines "ima-buf" as the default IMA buffer measurement template in
     preparation for the builtin integrity "critical data" policy"

* tag 'integrity-v5.11' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity:
  ima: Don't modify file descriptor mode on the fly
  ima: select ima-buf template for buffer measurement
  ima: defer arch_ima_get_secureboot() call to IMA init time
---

e20a9b92ddbfe662807622dbb28e1fbb6e0011aa
diff --cc include/linux/ima.h
index 7233a2751754b,ac3d82f962f2b..7db9cca1af34f
--- a/include/linux/ima.h
+++ b/include/linux/ima.h
@@@ -29,9 -29,14 +29,15 @@@ extern int ima_post_read_file(struct fi
  			      enum kernel_read_file_id id);
  extern void ima_post_path_mknod(struct dentry *dentry);
  extern int ima_file_hash(struct file *file, char *buf, size_t buf_size);
 +extern int ima_inode_hash(struct inode *inode, char *buf, size_t buf_size);
  extern void ima_kexec_cmdline(int kernel_fd, const void *buf, int size);
  
+ #ifdef CONFIG_IMA_APPRAISE_BOOTPARAM
+ extern void ima_appraise_parse_cmdline(void);
+ #else
+ static inline void ima_appraise_parse_cmdline(void) {}
+ #endif
+ 
  #ifdef CONFIG_IMA_KEXEC
  extern void ima_add_kexec_buffer(struct kimage *image);
  #endif