Upon recognizing previously unmaintained PCR banks at __init after kexec,
a subsequent commit will make IMA to disable the corresponding hashes
for the current boot as well.
For this, access to ima_free_tfm() from outside its compilation unit is
needed. Make its linkage extern.
Signed-off-by: Nicolai Stange <nsta...@suse.de>
---
security/integrity/ima/ima.h | 1 +
security/integrity/ima/ima_crypto.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 67b78f5512f1..9bfe045ac9d5 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -274,6 +274,7 @@ void ima_add_violation(struct file *file, const unsigned
char *filename,
struct ima_iint_cache *iint, const char *op,
const char *cause);
int ima_init_crypto(void);
+void ima_free_tfm(struct crypto_shash *tfm);
unsigned long ima_pcr_invalidated_banks(u32 pcr);
void ima_putc(struct seq_file *m, void *data, int datalen);
void ima_print_digest(struct seq_file *m, u8 *digest, u32 size);
diff --git a/security/integrity/ima/ima_crypto.c
b/security/integrity/ima/ima_crypto.c
index c1d9cd85a66d..716bb302e75d 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -213,7 +213,7 @@ int __init ima_init_crypto(void)
return rc;
}
-static void ima_free_tfm(struct crypto_shash *tfm)
+void ima_free_tfm(struct crypto_shash *tfm)
{
int i;
--
2.49.0
