[Patch 5/7] integrity: mtime patch for mmap files

[Patch 5/7] integrity: mtime patch for mmap files

[Mimi Zohar]

mmaped files are hashed and hmac'ed properly by EVM after being modified
when the file's mtime is updated correctly.  Peter Staubach's 'memory
mapped files not updating timestamps v2' patch properly updates the
mmapped file's mtime.  In those cases when an application does not
first msync the file before calling munmap, the mtime is eventually
updated, but not before file_close is called.  This patch forces the
mtime for mmaped files to be updated in a timely manner.

signed-off-by: Mimi Zohar <zohar@us.ibm.com>
----
Index: linux-2.6.21-rc4-mm1/mm/mmap.c
===================================================================
--- linux-2.6.21-rc4-mm1.orig/mm/mmap.c
+++ linux-2.6.21-rc4-mm1/mm/mmap.c
@@ -1790,6 +1790,7 @@ int do_munmap(struct mm_struct *mm, unsi
 {
 	unsigned long end;
 	struct vm_area_struct *vma, *prev, *last;
+	struct file *file;
 
 	if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
 		return -EINVAL;
@@ -1808,6 +1809,10 @@ int do_munmap(struct mm_struct *mm, unsi
 	if (vma->vm_start >= end)
 		return 0;
 
+	file = vma->vm_file;
+	if (file && test_and_clear_bit(AS_MCTIME, &file->f_mapping->flags))
+		file_update_time(file);
+
 	/*
 	 * If we need to split any vma, do it now to save pain later.
 	 *

Re: [Patch 5/7] integrity: mtime patch for mmap files

[Andrew Morton]

On Fri, 23 Mar 2007 12:09:58 -0400 Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:

> mmaped files are hashed and hmac'ed properly by EVM after being modified
> when the file's mtime is updated correctly.  Peter Staubach's 'memory
> mapped files not updating timestamps v2' patch properly updates the
> mmapped file's mtime.  In those cases when an application does not
> first msync the file before calling munmap, the mtime is eventually
> updated, but not before file_close is called.  This patch forces the
> mtime for mmaped files to be updated in a timely manner.

I don't think we've ever had that patch in -mm?

> signed-off-by: Mimi Zohar <zohar@us.ibm.com>
> ----
> Index: linux-2.6.21-rc4-mm1/mm/mmap.c
> ===================================================================
> --- linux-2.6.21-rc4-mm1.orig/mm/mmap.c
> +++ linux-2.6.21-rc4-mm1/mm/mmap.c
> @@ -1790,6 +1790,7 @@ int do_munmap(struct mm_struct *mm, unsi
>  {
>  	unsigned long end;
>  	struct vm_area_struct *vma, *prev, *last;
> +	struct file *file;
>  
>  	if ((start & ~PAGE_MASK) || start > TASK_SIZE || len > TASK_SIZE-start)
>  		return -EINVAL;
> @@ -1808,6 +1809,10 @@ int do_munmap(struct mm_struct *mm, unsi
>  	if (vma->vm_start >= end)
>  		return 0;
>  
> +	file = vma->vm_file;
> +	if (file && test_and_clear_bit(AS_MCTIME, &file->f_mapping->flags))
> +		file_update_time(file);
> +
>  	/*
>  	 * If we need to split any vma, do it now to save pain later.
>  	 *

Hence this won't compile.

Re: [Patch 5/7] integrity: mtime patch for mmap files

[Mimi Zohar]

On Sun, 2007-03-25 at 00:26 -0800, Andrew Morton wrote: 
> On Fri, 23 Mar 2007 12:09:58 -0400 Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> 
> > mmaped files are hashed and hmac'ed properly by EVM after being modified
> > when the file's mtime is updated correctly.  Peter Staubach's 'memory
> > mapped files not updating timestamps v2' patch properly updates the
> > mmapped file's mtime.  In those cases when an application does not
> > first msync the file before calling munmap, the mtime is eventually
> > updated, but not before file_close is called.  This patch forces the
> > mtime for mmaped files to be updated in a timely manner.
> 
> I don't think we've ever had that patch in -mm?

We are basing the EVM code on Peter's '[PATCH] memory mapped files not 
updating timestamps v2' patch http://lkml.org/lkml/2007/2/20/255 on the
assumption that it would be accepted.  I guess that has not yet happened.

Mimi Zohar