From 25dc18d6969c637bab14163aea0c95c80d3ed80c Mon Sep 17 00:00:00 2001 From: Stefan Berger Date: Wed, 10 May 2023 10:51:22 -0400 Subject: linux: overlayfs: Drop kernel patch resolving a file change notification issue Revert the patch resolving a file change notitfication issue (for IMA appraisal) since this patch fails in 'many downstream kernels'. - https://lists.yoctoproject.org/g/yocto/message/59928 - https://lists.yoctoproject.org/g/yocto/message/59929 Signed-off-by: Stefan Berger Signed-off-by: Armin Kuster --- ...-ovl-Increment-iversion-upon-file-changes.patch | 42 ---------------------- meta-integrity/recipes-kernel/linux/linux_ima.inc | 1 - 2 files changed, 43 deletions(-) delete mode 100644 meta-integrity/recipes-kernel/linux/linux/0001-ovl-Increment-iversion-upon-file-changes.patch diff --git a/meta-integrity/recipes-kernel/linux/linux/0001-ovl-Increment-iversion-upon-file-changes.patch b/meta-integrity/recipes-kernel/linux/linux/0001-ovl-Increment-iversion-upon-file-changes.patch deleted file mode 100644 index d2b5c28..0000000 --- a/meta-integrity/recipes-kernel/linux/linux/0001-ovl-Increment-iversion-upon-file-changes.patch +++ /dev/null @@ -1,42 +0,0 @@ -From e9ed62e8d1d3eee7ffe862d9812c5320d3b9bd88 Mon Sep 17 00:00:00 2001 -From: Stefan Berger -Date: Thu, 6 Apr 2023 11:27:29 -0400 -Subject: [PATCH] ovl: Increment iversion upon file changes - -This is a temporary patch for kernels that do not implement -STATX_CHANGE_COOKIE (<= 6.2). The successor patch will be this one: - -https://lore.kernel.org/linux-integrity/20230418-engste-gastwirtschaft-601fb389bba5@brauner/T/#m3bf84296fe9e6499abb6e3191693948add2ff459 - -Increment the lower inode's iversion for IMA to be able to recognize -changes to the file. - -Signed-off-by: Stefan Berger ---- - fs/overlayfs/file.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/fs/overlayfs/file.c b/fs/overlayfs/file.c -index 6011f955436b..1dfe5e7bfe1c 100644 ---- a/fs/overlayfs/file.c -+++ b/fs/overlayfs/file.c -@@ -13,6 +13,7 @@ - #include - #include - #include -+#include - #include "overlayfs.h" - - struct ovl_aio_req { -@@ -408,6 +409,8 @@ static ssize_t ovl_write_iter(struct kiocb *iocb, struct iov_iter *iter) - if (ret != -EIOCBQUEUED) - ovl_aio_cleanup_handler(aio_req); - } -+ if (ret > 0) -+ inode_maybe_inc_iversion(inode, false); - out: - revert_creds(old_cred); - out_fdput: --- -2.34.1 - diff --git a/meta-integrity/recipes-kernel/linux/linux_ima.inc b/meta-integrity/recipes-kernel/linux/linux_ima.inc index 9d48e5c..0b6f530 100644 --- a/meta-integrity/recipes-kernel/linux/linux_ima.inc +++ b/meta-integrity/recipes-kernel/linux/linux_ima.inc @@ -2,7 +2,6 @@ FILESEXTRAPATHS:append := "${THISDIR}/linux:" SRC_URI += " \ ${@bb.utils.contains('DISTRO_FEATURES', 'ima', 'file://ima.scc', '', d)} \ - file://0001-ovl-Increment-iversion-upon-file-changes.patch \ " do_configure() { -- cgit v1.2.3-54-g00ecf