diff options
| author | Benjamin Marzinski <bmarzins@redhat.com> | 2026-04-29 16:21:07 -0400 |
|---|---|---|
| committer | Mikulas Patocka <mpatocka@redhat.com> | 2026-05-04 14:53:44 +0200 |
| commit | 8710ef1fa0715a331f967565a4eb56c6d4b4c15b (patch) | |
| tree | 3a5f0615b110928e43765074913b532405220f64 /drivers/md | |
| parent | 4c14480c37f757acfeff8be1c7be0ab8384d79be (diff) | |
dm-ima: Fail more gracefully in dm_ima_measure_on_*
In all the dm_ima_measure_on_* functions besides
dm_ima_measure_on_table_load(), even if measuring the event fails, it's
still possible to update dm->ima, so that it continues to correctly
track the device state. This means that one measurement failure won't
cause future measurements to record the wrong data.
Signed-off-by: Benjamin Marzinski <bmarzins@redhat.com>
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Diffstat (limited to 'drivers/md')
| -rw-r--r-- | drivers/md/dm-ima.c | 38 |
1 files changed, 19 insertions, 19 deletions
diff --git a/drivers/md/dm-ima.c b/drivers/md/dm-ima.c index 47af99c9b79c..5e2efcd1de33 100644 --- a/drivers/md/dm-ima.c +++ b/drivers/md/dm-ima.c @@ -357,17 +357,6 @@ void dm_ima_measure_on_device_resume(struct mapped_device *md, bool swap, wait_to_measure(&md->ima, context->update_idx); - device_table_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN, noio); - if (!device_table_data) - goto error; - - capacity_len = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio); - if (capacity_len < 0) - goto error; - - memcpy(device_table_data + l, DM_IMA_VERSION_STR, strlen(DM_IMA_VERSION_STR)); - l += strlen(DM_IMA_VERSION_STR); - if (swap) { kfree(md->ima.active_table.hash); kfree(md->ima.active_table.device_metadata); @@ -388,6 +377,17 @@ void dm_ima_measure_on_device_resume(struct mapped_device *md, bool swap, } } + device_table_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN, noio); + if (!device_table_data) + goto error; + + capacity_len = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio); + if (capacity_len < 0) + goto error; + + memcpy(device_table_data + l, DM_IMA_VERSION_STR, strlen(DM_IMA_VERSION_STR)); + l += strlen(DM_IMA_VERSION_STR); + if (md->ima.active_table.device_metadata) { memcpy(device_table_data + l, md->ima.active_table.device_metadata, md->ima.active_table.device_metadata_len); @@ -621,11 +621,11 @@ void dm_ima_measure_on_table_clear(struct mapped_device *md, dm_ima_measure_data("dm_table_clear", device_table_data, l, noio); +error: kfree(md->ima.inactive_table.hash); kfree(md->ima.inactive_table.device_metadata); memset(&md->ima.inactive_table, 0, sizeof(md->ima.inactive_table)); -error: kfree(capacity_str); kfree(device_table_data); @@ -649,6 +649,8 @@ void dm_ima_measure_on_device_rename(struct mapped_device *md, wait_to_measure(&md->ima, context->update_idx); + fix_context_strings(context); + combined_device_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN * 2, noio); if (!combined_device_data) goto exit; @@ -662,11 +664,15 @@ void dm_ima_measure_on_device_rename(struct mapped_device *md, old_device_data = md->ima.inactive_table.device_metadata; else old_device_data = "device_rename=no_data;"; - fix_context_strings(context); len = scnprintf(combined_device_data, DM_IMA_DEVICE_BUF_LEN * 2, "%s%snew_name=%s,new_uuid=%s;%s", DM_IMA_VERSION_STR, old_device_data, context->dev_name, context->dev_uuid, capacity_str); + dm_ima_measure_data("dm_device_rename", combined_device_data, len, noio); +exit: + kfree(capacity_str); + kfree(combined_device_data); + if (md->ima.active_table.device_metadata) { table = &md->ima.active_table; dm_ima_copy_device_data(md, table->device_metadata, context, @@ -681,11 +687,5 @@ void dm_ima_measure_on_device_rename(struct mapped_device *md, table->device_metadata_len = strlen(table->device_metadata); } - dm_ima_measure_data("dm_device_rename", combined_device_data, len, noio); - -exit: - kfree(capacity_str); - kfree(combined_device_data); - wake_next_measure(&md->ima); } |