Hi Mimi, On Fri, Mar 06, 2026 at 02:01:40PM -0500, Mimi Zohar wrote: > Functionally no change, just simplify the ima_detect_file_change() code. > > Signed-off-by: Mimi Zohar <[email protected]> > --- > @Fred, looking to merge with commit 0824f861605d ("ima: fallback to using > i_version to detect file change") > > security/integrity/ima/ima_main.c | 19 +++++++------------ > 1 file changed, 7 insertions(+), 12 deletions(-) > > diff --git a/security/integrity/ima/ima_main.c > b/security/integrity/ima/ima_main.c > index 6c49afa8dcc0..5cea53fc36df 100644 > --- a/security/integrity/ima/ima_main.c > +++ b/security/integrity/ima/ima_main.c > @@ -194,18 +194,13 @@ static bool ima_detect_file_change(struct > ima_iint_cache *iint, > result = vfs_getattr_nosec(&file->f_path, &stat, STATX_CHANGE_COOKIE, > AT_STATX_SYNC_AS_STAT); > > - if (!result && stat.result_mask & STATX_CHANGE_COOKIE && > - stat.change_cookie != iint->real_inode.version) > - return true; > - else if (!(stat.result_mask & STATX_CHANGE_COOKIE) && > - IS_I_VERSION(inode) && > - !(inode_eq_iversion(inode, iint->real_inode.version))) > - return true; > - else if (!(stat.result_mask & STATX_CHANGE_COOKIE) && > - !(IS_I_VERSION(inode))) > - return true; > - > - return false; > + if (!result && stat.result_mask & STATX_CHANGE_COOKIE) > + return stat.change_cookie != iint->real_inode.version; > + > + if (IS_I_VERSION(inode)) > + return !inode_eq_iversion(inode, iint->real_inode.version); > + > + return true; > } > > static void ima_check_last_writer(struct ima_iint_cache *iint, > -- > 2.53.0 >
Refactor looks good to me. Reviewed-by: Frederick Lawler <[email protected]> Best, Fred
