Commit 96d450bb authored by Eric Richter's avatar Eric Richter Committed by Mimi Zohar

integrity: add measured_pcrs field to integrity cache

To keep track of which measurements have been extended to which PCRs, this
patch defines a new integrity_iint_cache field named measured_pcrs. This
field is a bitmask of the PCRs measured. Each bit corresponds to a PCR
index. For example, bit 10 corresponds to PCR 10.
Signed-off-by: default avatarEric Richter <erichte@linux.vnet.ibm.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent f786b752
...@@ -79,6 +79,7 @@ static void iint_free(struct integrity_iint_cache *iint) ...@@ -79,6 +79,7 @@ static void iint_free(struct integrity_iint_cache *iint)
iint->ima_bprm_status = INTEGRITY_UNKNOWN; iint->ima_bprm_status = INTEGRITY_UNKNOWN;
iint->ima_read_status = INTEGRITY_UNKNOWN; iint->ima_read_status = INTEGRITY_UNKNOWN;
iint->evm_status = INTEGRITY_UNKNOWN; iint->evm_status = INTEGRITY_UNKNOWN;
iint->measured_pcrs = 0;
kmem_cache_free(iint_cache, iint); kmem_cache_free(iint_cache, iint);
} }
...@@ -159,6 +160,7 @@ static void init_once(void *foo) ...@@ -159,6 +160,7 @@ static void init_once(void *foo)
iint->ima_bprm_status = INTEGRITY_UNKNOWN; iint->ima_bprm_status = INTEGRITY_UNKNOWN;
iint->ima_read_status = INTEGRITY_UNKNOWN; iint->ima_read_status = INTEGRITY_UNKNOWN;
iint->evm_status = INTEGRITY_UNKNOWN; iint->evm_status = INTEGRITY_UNKNOWN;
iint->measured_pcrs = 0;
} }
static int __init integrity_iintcache_init(void) static int __init integrity_iintcache_init(void)
......
...@@ -103,6 +103,7 @@ struct integrity_iint_cache { ...@@ -103,6 +103,7 @@ struct integrity_iint_cache {
struct inode *inode; /* back pointer to inode in question */ struct inode *inode; /* back pointer to inode in question */
u64 version; /* track inode changes */ u64 version; /* track inode changes */
unsigned long flags; unsigned long flags;
unsigned long measured_pcrs;
enum integrity_status ima_file_status:4; enum integrity_status ima_file_status:4;
enum integrity_status ima_mmap_status:4; enum integrity_status ima_mmap_status:4;
enum integrity_status ima_bprm_status:4; enum integrity_status ima_bprm_status:4;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment