[PATCH v2 04/10] dm-ima: don't copy the active table to the inactive table

Benjamin Marzinski Wed, 29 Apr 2026 13:22:14 -0700

If an inactive table was cleared, dm_ima_measure_on_table_clear() was
copying the ima.active_table to ima.inactive_table. This is not what
device-mapper does, and it makes the IMA measurements show an inactive
table when there isn't one. Also, once this is removed, the code no
longer needs to keep checking if the active and the inactive table point
to the same memory.


Signed-off-by: Benjamin Marzinski <[email protected]>
---
 drivers/md/dm-ima.c | 64 +++++++--------------------------------------
 1 file changed, 10 insertions(+), 54 deletions(-)

diff --git a/drivers/md/dm-ima.c b/drivers/md/dm-ima.c
index 8b84b676cad4..c141068bc6b4 100644
--- a/drivers/md/dm-ima.c
+++ b/drivers/md/dm-ima.c
@@ -281,17 +281,13 @@ void dm_ima_measure_on_table_load(struct dm_table *table)
        if (!digest_buf)
                goto error;
 
-       if (table->md->ima.active_table.hash != 
table->md->ima.inactive_table.hash)
-               kfree(table->md->ima.inactive_table.hash);
-
+       kfree(table->md->ima.inactive_table.hash);
        table->md->ima.inactive_table.hash = digest_buf;
        table->md->ima.inactive_table.hash_len = strlen(digest_buf);
        table->md->ima.inactive_table.num_targets = num_targets;
 
-       if (table->md->ima.active_table.device_metadata !=
-           table->md->ima.inactive_table.device_metadata)
-               kfree(table->md->ima.inactive_table.device_metadata);
 
+       kfree(table->md->ima.inactive_table.device_metadata);
        table->md->ima.inactive_table.device_metadata = device_data_buf;
        table->md->ima.inactive_table.device_metadata_len = device_data_buf_len;
 
@@ -330,19 +326,9 @@ void dm_ima_measure_on_device_resume(struct mapped_device 
*md, bool swap)
        l += strlen(DM_IMA_VERSION_STR);
 
        if (swap) {
-               if (md->ima.active_table.hash != md->ima.inactive_table.hash)
-                       kfree(md->ima.active_table.hash);
-
-               md->ima.active_table.hash = NULL;
-               md->ima.active_table.hash_len = 0;
-
-               if (md->ima.active_table.device_metadata !=
-                   md->ima.inactive_table.device_metadata)
-                       kfree(md->ima.active_table.device_metadata);
-
-               md->ima.active_table.device_metadata = NULL;
-               md->ima.active_table.device_metadata_len = 0;
-               md->ima.active_table.num_targets = 0;
+               kfree(md->ima.active_table.hash);
+               kfree(md->ima.active_table.device_metadata);
+               memset(&md->ima.active_table, 0, sizeof(md->ima.active_table));
 
                if (md->ima.inactive_table.hash) {
                        md->ima.active_table.hash = md->ima.inactive_table.hash;
@@ -518,15 +504,10 @@ void dm_ima_measure_on_device_remove(struct mapped_device 
*md, bool remove_all)
        kfree(capacity_str);
 exit:
        kfree(md->ima.active_table.device_metadata);
-
-       if (md->ima.active_table.device_metadata !=
-           md->ima.inactive_table.device_metadata)
-               kfree(md->ima.inactive_table.device_metadata);
+       kfree(md->ima.inactive_table.device_metadata);
 
        kfree(md->ima.active_table.hash);
-
-       if (md->ima.active_table.hash != md->ima.inactive_table.hash)
-               kfree(md->ima.inactive_table.hash);
+       kfree(md->ima.inactive_table.hash);
 
        memset(&md->ima.active_table, 0, sizeof(md->ima.active_table));
        memset(&md->ima.inactive_table, 0, sizeof(md->ima.inactive_table));
@@ -594,34 +575,9 @@ void dm_ima_measure_on_table_clear(struct mapped_device 
*md, bool new_map)
        dm_ima_measure_data("dm_table_clear", device_table_data, l, noio);
 
        if (new_map) {
-               if (md->ima.inactive_table.hash &&
-                   md->ima.inactive_table.hash != md->ima.active_table.hash)
-                       kfree(md->ima.inactive_table.hash);
-
-               md->ima.inactive_table.hash = NULL;
-               md->ima.inactive_table.hash_len = 0;
-
-               if (md->ima.inactive_table.device_metadata &&
-                   md->ima.inactive_table.device_metadata != 
md->ima.active_table.device_metadata)
-                       kfree(md->ima.inactive_table.device_metadata);
-
-               md->ima.inactive_table.device_metadata = NULL;
-               md->ima.inactive_table.device_metadata_len = 0;
-               md->ima.inactive_table.num_targets = 0;
-
-               if (md->ima.active_table.hash) {
-                       md->ima.inactive_table.hash = md->ima.active_table.hash;
-                       md->ima.inactive_table.hash_len = 
md->ima.active_table.hash_len;
-               }
-
-               if (md->ima.active_table.device_metadata) {
-                       md->ima.inactive_table.device_metadata =
-                               md->ima.active_table.device_metadata;
-                       md->ima.inactive_table.device_metadata_len =
-                               md->ima.active_table.device_metadata_len;
-                       md->ima.inactive_table.num_targets =
-                               md->ima.active_table.num_targets;
-               }
+               kfree(md->ima.inactive_table.hash);
+               kfree(md->ima.inactive_table.device_metadata);
+               memset(&md->ima.inactive_table, 0, 
sizeof(md->ima.inactive_table));
        }
 
        kfree(dev_name);
-- 
2.53.0

[PATCH v2 04/10] dm-ima: don't copy the active table to the inactive table

Reply via email to