[RFC PATCH v2 06/11] kexec: replace call to copy_file_from_fd() with kernel version

Dmitry Torokhov dmitry.torokhov at gmail.com
Wed Jan 20 16:27:29 PST 2016


On Thu, Jan 21, 2016 at 12:12:40AM +0100, Luis R. Rodriguez wrote:
> On Mon, Jan 18, 2016 at 10:11:21AM -0500, Mimi Zohar wrote:
> > diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
> > index 4edf47f..3adf937 100644
> > --- a/security/integrity/ima/ima_appraise.c
> > +++ b/security/integrity/ima/ima_appraise.c
> > @@ -78,6 +78,8 @@ enum integrity_status ima_get_cache_status(struct integrity_iint_cache *iint,
> >  		return iint->ima_module_status;
> >  	case FIRMWARE_CHECK:
> >  		return iint->ima_firmware_status;
> > +	case KEXEC_CHECK ... IMA_MAX_READ_CHECK - 1:
> > +		return iint->ima_read_status;
> 
> I didn't get the memo that we're OK to use compiler specific extensions
> like this. I'm sure if you are using it its not the first case, just
> want to be sure we are aware of possible issues if some compiler doesn't
> support this.
> 
> If we don't have a precedence can we just avoid its use?

This has sailed:

dtor at dtor-ws:~$ grep -rl 'case.*\.\.\..*:' kernel/work/drivers/ | wc -l
98

Thanks.

-- 
Dmitry



More information about the kexec mailing list