mirror of https://github.com/torvalds/linux.git
30d68cb0c3
On IMA policy update, if a measure rule exists in the policy, IMA_MEASURE is set for ima_policy_flags which makes the violation_check variable always true. Coupled with a no-action on MAY_READ for a FILE_CHECK call, we're always taking the inode_lock(). This becomes a performance problem for extremely heavy read-only workloads. Therefore, prevent this only in the case there's no action to be taken. Signed-off-by: Frederick Lawler <fred@cloudflare.com> Acked-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| ima.h | ||
| ima_api.c | ||
| ima_appraise.c | ||
| ima_asymmetric_keys.c | ||
| ima_crypto.c | ||
| ima_efi.c | ||
| ima_fs.c | ||
| ima_iint.c | ||
| ima_init.c | ||
| ima_kexec.c | ||
| ima_main.c | ||
| ima_modsig.c | ||
| ima_mok.c | ||
| ima_policy.c | ||
| ima_queue.c | ||
| ima_queue_keys.c | ||
| ima_template.c | ||
| ima_template_lib.c | ||
| ima_template_lib.h | ||