Limit the number of Time-of-Measure-Time-of-Use (ToMToU) integrity violation audit messages and records in the IMA measurement list emitted when re-opening a file for write.
Signed-off-by: Mimi Zohar <[email protected]> --- security/integrity/ima/ima_main.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 5091ad931677..b35afb844048 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -129,9 +129,10 @@ static void ima_rdwr_violation_check(struct file *file, if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) { if (!iint) iint = ima_iint_find(inode); + /* IMA_MEASURE is set from reader side */ - if (iint && test_bit(IMA_MUST_MEASURE, - &iint->atomic_flags)) + if (iint && test_and_clear_bit(IMA_MUST_MEASURE, + &iint->atomic_flags)) send_tomtou = true; } } else { -- 2.48.1
