1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * Copyright (C) 2021 Microsoft Corporation 4 * 5 * Author: Tushar Sugandhi <tusharsu@linux.microsoft.com> 6 * 7 * Enables IMA measurements for DM targets 8 */ 9 10 #include "dm-core.h" 11 #include "dm-ima.h" 12 13 #include <linux/ima.h> 14 #include <linux/sched/mm.h> 15 #include <crypto/sha2.h> 16 17 #define DM_MSG_PREFIX "ima" 18 19 /* 20 * Internal function to prefix separator characters in input buffer with escape 21 * character, so that they don't interfere with the construction of key-value pairs, 22 * and clients can split the key1=val1,key2=val2,key3=val3; pairs properly. 23 */ 24 static void fix_separator_chars(char **buf) 25 { 26 int l = strlen(*buf); 27 int i, j, sp = 0; 28 29 for (i = 0; i < l; i++) 30 if ((*buf)[i] == '\\' || (*buf)[i] == ';' || (*buf)[i] == '=' || (*buf)[i] == ',') 31 sp++; 32 33 if (!sp) 34 return; 35 36 for (i = l-1, j = i+sp; i >= 0; i--) { 37 (*buf)[j--] = (*buf)[i]; 38 if ((*buf)[i] == '\\' || (*buf)[i] == ';' || (*buf)[i] == '=' || (*buf)[i] == ',') 39 (*buf)[j--] = '\\'; 40 } 41 } 42 43 /* 44 * Internal function to allocate memory for IMA measurements. 45 */ 46 static void *dm_ima_alloc(size_t len, bool noio) 47 { 48 unsigned int noio_flag; 49 void *ptr; 50 51 if (noio) 52 noio_flag = memalloc_noio_save(); 53 54 ptr = kzalloc(len, GFP_KERNEL); 55 56 if (noio) 57 memalloc_noio_restore(noio_flag); 58 59 return ptr; 60 } 61 62 /* 63 * Internal function to allocate and copy name and uuid for IMA measurements. 64 */ 65 static int dm_ima_alloc_and_copy_name_uuid(struct mapped_device *md, char **dev_name, 66 char **dev_uuid, bool noio) 67 { 68 int r; 69 *dev_name = dm_ima_alloc(DM_NAME_LEN*2, noio); 70 if (!(*dev_name)) { 71 r = -ENOMEM; 72 goto error; 73 } 74 75 *dev_uuid = dm_ima_alloc(DM_UUID_LEN*2, noio); 76 if (!(*dev_uuid)) { 77 r = -ENOMEM; 78 goto error; 79 } 80 81 r = dm_copy_name_and_uuid(md, *dev_name, *dev_uuid); 82 if (r) 83 goto error; 84 85 fix_separator_chars(dev_name); 86 fix_separator_chars(dev_uuid); 87 88 return 0; 89 error: 90 kfree(*dev_name); 91 kfree(*dev_uuid); 92 *dev_name = NULL; 93 *dev_uuid = NULL; 94 return r; 95 } 96 97 /* 98 * Internal function to allocate and copy device data for IMA measurements. 99 */ 100 static int dm_ima_alloc_and_copy_device_data(struct mapped_device *md, char **device_data, 101 unsigned int num_targets, bool noio) 102 { 103 char *dev_name = NULL, *dev_uuid = NULL; 104 int r; 105 106 r = dm_ima_alloc_and_copy_name_uuid(md, &dev_name, &dev_uuid, noio); 107 if (r) 108 return r; 109 110 *device_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN, noio); 111 if (!(*device_data)) { 112 r = -ENOMEM; 113 goto error; 114 } 115 116 scnprintf(*device_data, DM_IMA_DEVICE_BUF_LEN, 117 "name=%s,uuid=%s,major=%d,minor=%d,minor_count=%d,num_targets=%u;", 118 dev_name, dev_uuid, md->disk->major, md->disk->first_minor, 119 md->disk->minors, num_targets); 120 error: 121 kfree(dev_name); 122 kfree(dev_uuid); 123 return r; 124 } 125 126 /* 127 * Internal wrapper function to call IMA to measure DM data. 128 */ 129 static void dm_ima_measure_data(const char *event_name, const void *buf, size_t buf_len, 130 bool noio) 131 { 132 unsigned int noio_flag; 133 134 if (noio) 135 noio_flag = memalloc_noio_save(); 136 137 ima_measure_critical_data(DM_NAME, event_name, buf, buf_len, 138 false, NULL, 0); 139 140 if (noio) 141 memalloc_noio_restore(noio_flag); 142 } 143 144 /* 145 * Internal function to allocate and copy current device capacity for IMA measurements. 146 */ 147 static int dm_ima_alloc_and_copy_capacity_str(struct mapped_device *md, char **capacity_str, 148 bool noio) 149 { 150 sector_t capacity; 151 152 capacity = get_capacity(md->disk); 153 154 *capacity_str = dm_ima_alloc(DM_IMA_DEVICE_CAPACITY_BUF_LEN, noio); 155 if (!(*capacity_str)) 156 return -ENOMEM; 157 158 return scnprintf(*capacity_str, DM_IMA_DEVICE_BUF_LEN, "current_device_capacity=%llu;", 159 capacity); 160 } 161 162 /* 163 * Initialize/reset the dm ima related data structure variables. 164 */ 165 void dm_ima_reset_data(struct mapped_device *md) 166 { 167 memset(&(md->ima), 0, sizeof(md->ima)); 168 md->ima.dm_version_str_len = strlen(DM_IMA_VERSION_STR); 169 } 170 171 /* 172 * Build up the IMA data for each target, and finally measure. 173 */ 174 void dm_ima_measure_on_table_load(struct dm_table *table, unsigned int status_flags) 175 { 176 size_t device_data_buf_len, target_metadata_buf_len, target_data_buf_len, l = 0; 177 char *target_metadata_buf = NULL, *target_data_buf = NULL, *digest_buf = NULL; 178 char *ima_buf = NULL, *device_data_buf = NULL; 179 int last_target_measured = -1; 180 status_type_t type = STATUSTYPE_IMA; 181 size_t cur_total_buf_len = 0; 182 unsigned int num_targets, i; 183 struct sha256_ctx hash_ctx; 184 u8 digest[SHA256_DIGEST_SIZE]; 185 bool noio = false; 186 char table_load_event_name[] = "dm_table_load"; 187 188 ima_buf = dm_ima_alloc(DM_IMA_MEASUREMENT_BUF_LEN, noio); 189 if (!ima_buf) 190 return; 191 192 target_metadata_buf = dm_ima_alloc(DM_IMA_TARGET_METADATA_BUF_LEN, noio); 193 if (!target_metadata_buf) 194 goto error; 195 196 target_data_buf = dm_ima_alloc(DM_IMA_TARGET_DATA_BUF_LEN, noio); 197 if (!target_data_buf) 198 goto error; 199 200 num_targets = table->num_targets; 201 202 if (dm_ima_alloc_and_copy_device_data(table->md, &device_data_buf, num_targets, noio)) 203 goto error; 204 205 sha256_init(&hash_ctx); 206 207 memcpy(ima_buf + l, DM_IMA_VERSION_STR, table->md->ima.dm_version_str_len); 208 l += table->md->ima.dm_version_str_len; 209 210 device_data_buf_len = strlen(device_data_buf); 211 memcpy(ima_buf + l, device_data_buf, device_data_buf_len); 212 l += device_data_buf_len; 213 214 for (i = 0; i < num_targets; i++) { 215 struct dm_target *ti = dm_table_get_target(table, i); 216 217 last_target_measured = 0; 218 219 /* 220 * First retrieve the target metadata. 221 */ 222 target_metadata_buf_len = 223 scnprintf(target_metadata_buf, 224 DM_IMA_TARGET_METADATA_BUF_LEN, 225 "target_index=%d,target_begin=%llu,target_len=%llu,", 226 i, ti->begin, ti->len); 227 228 /* 229 * Then retrieve the actual target data. 230 */ 231 if (ti->type->status) 232 ti->type->status(ti, type, status_flags, target_data_buf, 233 DM_IMA_TARGET_DATA_BUF_LEN); 234 else 235 target_data_buf[0] = '\0'; 236 237 target_data_buf_len = strlen(target_data_buf); 238 239 /* 240 * Check if the total data can fit into the IMA buffer. 241 */ 242 cur_total_buf_len = l + target_metadata_buf_len + target_data_buf_len; 243 244 /* 245 * IMA measurements for DM targets are best-effort. 246 * If the total data buffered so far, including the current target, 247 * is too large to fit into DM_IMA_MEASUREMENT_BUF_LEN, measure what 248 * we have in the current buffer, and continue measuring the remaining 249 * targets by prefixing the device metadata again. 250 */ 251 if (unlikely(cur_total_buf_len >= DM_IMA_MEASUREMENT_BUF_LEN)) { 252 dm_ima_measure_data(table_load_event_name, ima_buf, l, noio); 253 sha256_update(&hash_ctx, (const u8 *)ima_buf, l); 254 255 memset(ima_buf, 0, DM_IMA_MEASUREMENT_BUF_LEN); 256 l = 0; 257 258 /* 259 * Each new "dm_table_load" entry in IMA log should have device data 260 * prefix, so that multiple records from the same "dm_table_load" for 261 * a given device can be linked together. 262 */ 263 memcpy(ima_buf + l, DM_IMA_VERSION_STR, table->md->ima.dm_version_str_len); 264 l += table->md->ima.dm_version_str_len; 265 266 memcpy(ima_buf + l, device_data_buf, device_data_buf_len); 267 l += device_data_buf_len; 268 269 /* 270 * If this iteration of the for loop turns out to be the last target 271 * in the table, dm_ima_measure_data("dm_table_load", ...) doesn't need 272 * to be called again, just the hash needs to be finalized. 273 * "last_target_measured" tracks this state. 274 */ 275 last_target_measured = 1; 276 } 277 278 /* 279 * Fill-in all the target metadata, so that multiple targets for the same 280 * device can be linked together. 281 */ 282 memcpy(ima_buf + l, target_metadata_buf, target_metadata_buf_len); 283 l += target_metadata_buf_len; 284 285 memcpy(ima_buf + l, target_data_buf, target_data_buf_len); 286 l += target_data_buf_len; 287 } 288 289 if (!last_target_measured) { 290 dm_ima_measure_data(table_load_event_name, ima_buf, l, noio); 291 292 sha256_update(&hash_ctx, (const u8 *)ima_buf, l); 293 } 294 295 /* 296 * Finalize the table hash, and store it in table->md->ima.inactive_table.hash, 297 * so that the table data can be verified against the future device state change 298 * events, e.g. resume, rename, remove, table-clear etc. 299 */ 300 sha256_final(&hash_ctx, digest); 301 302 digest_buf = kasprintf(GFP_KERNEL, "sha256:%*phN", SHA256_DIGEST_SIZE, 303 digest); 304 if (!digest_buf) 305 goto error; 306 307 if (table->md->ima.active_table.hash != table->md->ima.inactive_table.hash) 308 kfree(table->md->ima.inactive_table.hash); 309 310 table->md->ima.inactive_table.hash = digest_buf; 311 table->md->ima.inactive_table.hash_len = strlen(digest_buf); 312 table->md->ima.inactive_table.num_targets = num_targets; 313 314 if (table->md->ima.active_table.device_metadata != 315 table->md->ima.inactive_table.device_metadata) 316 kfree(table->md->ima.inactive_table.device_metadata); 317 318 table->md->ima.inactive_table.device_metadata = device_data_buf; 319 table->md->ima.inactive_table.device_metadata_len = device_data_buf_len; 320 321 goto exit; 322 error: 323 kfree(digest_buf); 324 kfree(device_data_buf); 325 exit: 326 kfree(ima_buf); 327 kfree(target_metadata_buf); 328 kfree(target_data_buf); 329 } 330 331 /* 332 * Measure IMA data on device resume. 333 */ 334 void dm_ima_measure_on_device_resume(struct mapped_device *md, bool swap) 335 { 336 char *device_table_data, *dev_name = NULL, *dev_uuid = NULL, *capacity_str = NULL; 337 char active[] = "active_table_hash="; 338 unsigned int active_len = strlen(active); 339 unsigned int l = 0; 340 bool noio = true; 341 bool nodata = true; 342 int capacity_len; 343 344 device_table_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN, noio); 345 if (!device_table_data) 346 return; 347 348 capacity_len = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio); 349 if (capacity_len < 0) 350 goto error; 351 352 memcpy(device_table_data + l, DM_IMA_VERSION_STR, md->ima.dm_version_str_len); 353 l += md->ima.dm_version_str_len; 354 355 if (swap) { 356 if (md->ima.active_table.hash != md->ima.inactive_table.hash) 357 kfree(md->ima.active_table.hash); 358 359 md->ima.active_table.hash = NULL; 360 md->ima.active_table.hash_len = 0; 361 362 if (md->ima.active_table.device_metadata != 363 md->ima.inactive_table.device_metadata) 364 kfree(md->ima.active_table.device_metadata); 365 366 md->ima.active_table.device_metadata = NULL; 367 md->ima.active_table.device_metadata_len = 0; 368 md->ima.active_table.num_targets = 0; 369 370 if (md->ima.inactive_table.hash) { 371 md->ima.active_table.hash = md->ima.inactive_table.hash; 372 md->ima.active_table.hash_len = md->ima.inactive_table.hash_len; 373 md->ima.inactive_table.hash = NULL; 374 md->ima.inactive_table.hash_len = 0; 375 } 376 377 if (md->ima.inactive_table.device_metadata) { 378 md->ima.active_table.device_metadata = 379 md->ima.inactive_table.device_metadata; 380 md->ima.active_table.device_metadata_len = 381 md->ima.inactive_table.device_metadata_len; 382 md->ima.active_table.num_targets = md->ima.inactive_table.num_targets; 383 md->ima.inactive_table.device_metadata = NULL; 384 md->ima.inactive_table.device_metadata_len = 0; 385 md->ima.inactive_table.num_targets = 0; 386 } 387 } 388 389 if (md->ima.active_table.device_metadata) { 390 memcpy(device_table_data + l, md->ima.active_table.device_metadata, 391 md->ima.active_table.device_metadata_len); 392 l += md->ima.active_table.device_metadata_len; 393 394 nodata = false; 395 } 396 397 if (md->ima.active_table.hash) { 398 memcpy(device_table_data + l, active, active_len); 399 l += active_len; 400 401 memcpy(device_table_data + l, md->ima.active_table.hash, 402 md->ima.active_table.hash_len); 403 l += md->ima.active_table.hash_len; 404 405 memcpy(device_table_data + l, ";", 1); 406 l++; 407 408 nodata = false; 409 } 410 411 if (nodata) { 412 if (dm_ima_alloc_and_copy_name_uuid(md, &dev_name, &dev_uuid, noio)) 413 goto error; 414 415 l = scnprintf(device_table_data, DM_IMA_DEVICE_BUF_LEN, 416 "%sname=%s,uuid=%s;device_resume=no_data;", 417 DM_IMA_VERSION_STR, dev_name, dev_uuid); 418 } 419 420 memcpy(device_table_data + l, capacity_str, capacity_len); 421 l += capacity_len; 422 423 dm_ima_measure_data("dm_device_resume", device_table_data, l, noio); 424 425 kfree(dev_name); 426 kfree(dev_uuid); 427 error: 428 kfree(capacity_str); 429 kfree(device_table_data); 430 } 431 432 /* 433 * Measure IMA data on remove. 434 */ 435 void dm_ima_measure_on_device_remove(struct mapped_device *md, bool remove_all) 436 { 437 char *device_table_data, *dev_name = NULL, *dev_uuid = NULL, *capacity_str = NULL; 438 char active_table_str[] = "active_table_hash="; 439 char inactive_table_str[] = "inactive_table_hash="; 440 char device_active_str[] = "device_active_metadata="; 441 char device_inactive_str[] = "device_inactive_metadata="; 442 char remove_all_str[] = "remove_all="; 443 unsigned int active_table_len = strlen(active_table_str); 444 unsigned int inactive_table_len = strlen(inactive_table_str); 445 unsigned int device_active_len = strlen(device_active_str); 446 unsigned int device_inactive_len = strlen(device_inactive_str); 447 unsigned int remove_all_len = strlen(remove_all_str); 448 unsigned int l = 0; 449 bool noio = true; 450 bool nodata = true; 451 int capacity_len; 452 453 device_table_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN*2, noio); 454 if (!device_table_data) 455 goto exit; 456 457 capacity_len = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio); 458 if (capacity_len < 0) { 459 kfree(device_table_data); 460 goto exit; 461 } 462 463 memcpy(device_table_data + l, DM_IMA_VERSION_STR, md->ima.dm_version_str_len); 464 l += md->ima.dm_version_str_len; 465 466 if (md->ima.active_table.device_metadata) { 467 memcpy(device_table_data + l, device_active_str, device_active_len); 468 l += device_active_len; 469 470 memcpy(device_table_data + l, md->ima.active_table.device_metadata, 471 md->ima.active_table.device_metadata_len); 472 l += md->ima.active_table.device_metadata_len; 473 474 nodata = false; 475 } 476 477 if (md->ima.inactive_table.device_metadata) { 478 memcpy(device_table_data + l, device_inactive_str, device_inactive_len); 479 l += device_inactive_len; 480 481 memcpy(device_table_data + l, md->ima.inactive_table.device_metadata, 482 md->ima.inactive_table.device_metadata_len); 483 l += md->ima.inactive_table.device_metadata_len; 484 485 nodata = false; 486 } 487 488 if (md->ima.active_table.hash) { 489 memcpy(device_table_data + l, active_table_str, active_table_len); 490 l += active_table_len; 491 492 memcpy(device_table_data + l, md->ima.active_table.hash, 493 md->ima.active_table.hash_len); 494 l += md->ima.active_table.hash_len; 495 496 memcpy(device_table_data + l, ",", 1); 497 l++; 498 499 nodata = false; 500 } 501 502 if (md->ima.inactive_table.hash) { 503 memcpy(device_table_data + l, inactive_table_str, inactive_table_len); 504 l += inactive_table_len; 505 506 memcpy(device_table_data + l, md->ima.inactive_table.hash, 507 md->ima.inactive_table.hash_len); 508 l += md->ima.inactive_table.hash_len; 509 510 memcpy(device_table_data + l, ",", 1); 511 l++; 512 513 nodata = false; 514 } 515 /* 516 * In case both active and inactive tables, and corresponding 517 * device metadata is cleared/missing - record the name and uuid 518 * in IMA measurements. 519 */ 520 if (nodata) { 521 if (dm_ima_alloc_and_copy_name_uuid(md, &dev_name, &dev_uuid, noio)) 522 goto error; 523 524 l = scnprintf(device_table_data, DM_IMA_DEVICE_BUF_LEN, 525 "%sname=%s,uuid=%s;device_remove=no_data;", 526 DM_IMA_VERSION_STR, dev_name, dev_uuid); 527 } 528 529 memcpy(device_table_data + l, remove_all_str, remove_all_len); 530 l += remove_all_len; 531 memcpy(device_table_data + l, remove_all ? "y;" : "n;", 2); 532 l += 2; 533 534 memcpy(device_table_data + l, capacity_str, capacity_len); 535 l += capacity_len; 536 537 dm_ima_measure_data("dm_device_remove", device_table_data, l, noio); 538 539 error: 540 kfree(device_table_data); 541 kfree(capacity_str); 542 exit: 543 kfree(md->ima.active_table.device_metadata); 544 545 if (md->ima.active_table.device_metadata != 546 md->ima.inactive_table.device_metadata) 547 kfree(md->ima.inactive_table.device_metadata); 548 549 kfree(md->ima.active_table.hash); 550 551 if (md->ima.active_table.hash != md->ima.inactive_table.hash) 552 kfree(md->ima.inactive_table.hash); 553 554 dm_ima_reset_data(md); 555 556 kfree(dev_name); 557 kfree(dev_uuid); 558 } 559 560 /* 561 * Measure ima data on table clear. 562 */ 563 void dm_ima_measure_on_table_clear(struct mapped_device *md, bool new_map) 564 { 565 unsigned int l = 0; 566 char *device_table_data = NULL, *dev_name = NULL, *dev_uuid = NULL, *capacity_str = NULL; 567 char inactive_str[] = "inactive_table_hash="; 568 unsigned int inactive_len = strlen(inactive_str); 569 bool noio = true; 570 bool nodata = true; 571 int capacity_len; 572 573 device_table_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN, noio); 574 if (!device_table_data) 575 return; 576 577 capacity_len = dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio); 578 if (capacity_len < 0) 579 goto error1; 580 581 memcpy(device_table_data + l, DM_IMA_VERSION_STR, md->ima.dm_version_str_len); 582 l += md->ima.dm_version_str_len; 583 584 if (md->ima.inactive_table.device_metadata_len && 585 md->ima.inactive_table.hash_len) { 586 memcpy(device_table_data + l, md->ima.inactive_table.device_metadata, 587 md->ima.inactive_table.device_metadata_len); 588 l += md->ima.inactive_table.device_metadata_len; 589 590 memcpy(device_table_data + l, inactive_str, inactive_len); 591 l += inactive_len; 592 593 memcpy(device_table_data + l, md->ima.inactive_table.hash, 594 md->ima.inactive_table.hash_len); 595 596 l += md->ima.inactive_table.hash_len; 597 598 memcpy(device_table_data + l, ";", 1); 599 l++; 600 601 nodata = false; 602 } 603 604 if (nodata) { 605 if (dm_ima_alloc_and_copy_name_uuid(md, &dev_name, &dev_uuid, noio)) 606 goto error2; 607 608 l = scnprintf(device_table_data, DM_IMA_DEVICE_BUF_LEN, 609 "%sname=%s,uuid=%s;table_clear=no_data;", 610 DM_IMA_VERSION_STR, dev_name, dev_uuid); 611 } 612 613 memcpy(device_table_data + l, capacity_str, capacity_len); 614 l += capacity_len; 615 616 dm_ima_measure_data("dm_table_clear", device_table_data, l, noio); 617 618 if (new_map) { 619 if (md->ima.inactive_table.hash && 620 md->ima.inactive_table.hash != md->ima.active_table.hash) 621 kfree(md->ima.inactive_table.hash); 622 623 md->ima.inactive_table.hash = NULL; 624 md->ima.inactive_table.hash_len = 0; 625 626 if (md->ima.inactive_table.device_metadata && 627 md->ima.inactive_table.device_metadata != md->ima.active_table.device_metadata) 628 kfree(md->ima.inactive_table.device_metadata); 629 630 md->ima.inactive_table.device_metadata = NULL; 631 md->ima.inactive_table.device_metadata_len = 0; 632 md->ima.inactive_table.num_targets = 0; 633 634 if (md->ima.active_table.hash) { 635 md->ima.inactive_table.hash = md->ima.active_table.hash; 636 md->ima.inactive_table.hash_len = md->ima.active_table.hash_len; 637 } 638 639 if (md->ima.active_table.device_metadata) { 640 md->ima.inactive_table.device_metadata = 641 md->ima.active_table.device_metadata; 642 md->ima.inactive_table.device_metadata_len = 643 md->ima.active_table.device_metadata_len; 644 md->ima.inactive_table.num_targets = 645 md->ima.active_table.num_targets; 646 } 647 } 648 649 kfree(dev_name); 650 kfree(dev_uuid); 651 error2: 652 kfree(capacity_str); 653 error1: 654 kfree(device_table_data); 655 } 656 657 /* 658 * Measure IMA data on device rename. 659 */ 660 void dm_ima_measure_on_device_rename(struct mapped_device *md) 661 { 662 char *old_device_data = NULL, *new_device_data = NULL, *combined_device_data = NULL; 663 char *new_dev_name = NULL, *new_dev_uuid = NULL, *capacity_str = NULL; 664 bool noio = true; 665 int len; 666 667 if (dm_ima_alloc_and_copy_device_data(md, &new_device_data, 668 md->ima.active_table.num_targets, noio)) 669 return; 670 671 if (dm_ima_alloc_and_copy_name_uuid(md, &new_dev_name, &new_dev_uuid, noio)) 672 goto error; 673 674 combined_device_data = dm_ima_alloc(DM_IMA_DEVICE_BUF_LEN * 2, noio); 675 if (!combined_device_data) 676 goto error; 677 678 if (dm_ima_alloc_and_copy_capacity_str(md, &capacity_str, noio) < 0) 679 goto error; 680 681 old_device_data = md->ima.active_table.device_metadata; 682 683 md->ima.active_table.device_metadata = new_device_data; 684 md->ima.active_table.device_metadata_len = strlen(new_device_data); 685 686 len = scnprintf(combined_device_data, DM_IMA_DEVICE_BUF_LEN * 2, 687 "%s%snew_name=%s,new_uuid=%s;%s", DM_IMA_VERSION_STR, old_device_data, 688 new_dev_name, new_dev_uuid, capacity_str); 689 690 dm_ima_measure_data("dm_device_rename", combined_device_data, len, noio); 691 692 goto exit; 693 694 error: 695 kfree(new_device_data); 696 exit: 697 kfree(capacity_str); 698 kfree(combined_device_data); 699 kfree(old_device_data); 700 kfree(new_dev_name); 701 kfree(new_dev_uuid); 702 } 703