From: Mimi Zohar [mailto:zohar@linux.ibm.com]
Sent: Monday, July 19, 2021 10:28 PM
Hi Roberto,

On Mon, 2021-07-05 at 11:09 +0200, Roberto Sassu wrote:

quoted

ima_measure_critical_data() and process_buffer_measurement() currently
don't return a result. A caller wouldn't be able to know whether those
functions were executed successfully.

Missing is an explanation as to why these functions aren't currently
returning a result.   The LSM/IMA hooks only return a negative result
for failure to appraise a file's integrity, not measure a file.  Only
failure to appraise a file's integrity results in preventing the file
from being read/executed/mmaped.  Other failures are only audited.

Hi Mimi

ok, will add it.

quoted

This patch modifies the return type from void to int, and returns 0 if the
buffer has been successfully measured, a negative value otherwise.

Needed here is an explanation as to why ima_measure_critical_data() is
special.

We don't want to unnecessarily calculate the digest twice.

quoted

Also, this patch does not modify the behavior of existing callers by
processing the returned value. For those, the return value is ignored.

I agree that the existing behavior shouldn't change, but will this
result in the bots complaining?

If I remember correctly, I didn't get any error even with W=1.

Thanks

Roberto

HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Li Jian, Shi Yanli

thanks,

Mimi