Merge tag 'integrity-v5.8-fix' of git://git.kernel.org/pub/scm/linux/…

…kernel/git/zohar/linux-integrity Pull integrity fix from Mimi Zohar: "ima mprotect performance fix" * tag 'integrity-v5.8-fix' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: ima: fix mprotect checking
mariux64 · Jun 12, 2020 · 923ea16 · 923ea16
2 parents 4071b85 + 4235b1a
commit 923ea16
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
@@ -419,7 +419,8 @@ int ima_file_mprotect(struct vm_area_struct *vma, unsigned long prot)
 	int pcr;
 
 	/* Is mprotect making an mmap'ed file executable? */
-	if (!vma->vm_file || !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC))
+	if (!(ima_policy_flag & IMA_APPRAISE) || !vma->vm_file ||
+	    !(prot & PROT_EXEC) || (vma->vm_flags & VM_EXEC))
 		return 0;
 
 	security_task_getsecid(current, &secid);