ima: fix ima_d_path() possible race with rename

[mirror_ubuntu-bionic-kernel.git] / security / integrity / ima / ima_main.c

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 50818c60538b8e0e764de72c842cfb608abb305a..d5e492bd28991fc6d205102003c4d970c9f76189 100644 (file)
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -83,6 +83,7 @@ static void ima_rdwr_violation_check(struct file *file,
                                     const char **pathname)
 {
        struct inode *inode = file_inode(file);
+       char filename[NAME_MAX];
        fmode_t mode = file->f_mode;
        bool send_tomtou = false, send_writers = false;
 
@@ -102,7 +103,7 @@ static void ima_rdwr_violation_check(struct file *file,
        if (!send_tomtou && !send_writers)
                return;
 
-       *pathname = ima_d_path(&file->f_path, pathbuf);
+       *pathname = ima_d_path(&file->f_path, pathbuf, filename);
 
        if (send_tomtou)
                ima_add_violation(file, *pathname, iint,
@@ -161,6 +162,7 @@ static int process_measurement(struct file *file, char *buf, loff_t size,
        struct integrity_iint_cache *iint = NULL;
        struct ima_template_desc *template_desc;
        char *pathbuf = NULL;
+       char filename[NAME_MAX];
        const char *pathname = NULL;
        int rc = -ENOMEM, action, must_appraise;
        int pcr = CONFIG_IMA_MEASURE_PCR_IDX;
@@ -239,8 +241,8 @@ static int process_measurement(struct file *file, char *buf, loff_t size,
                goto out_digsig;
        }
 
-       if (!pathname)  /* ima_rdwr_violation possibly pre-fetched */
-               pathname = ima_d_path(&file->f_path, &pathbuf);
+       if (!pathbuf)   /* ima_rdwr_violation possibly pre-fetched */
+               pathname = ima_d_path(&file->f_path, &pathbuf, filename);
 
        if (action & IMA_MEASURE)
                ima_store_measurement(iint, file, pathname,