On Thu, 2020-08-27 at 18:57 -0700, Tushar Sugandhi wrote:I can ignore the result of process_buffer_measurement() in
process_buffer_measurement() does not return the result of the operation.
Therefore, the consumers of this function cannot act on it, if needed.
Update return type of process_buffer_measurement() from void to int.
Failure to measure may be audited, but should never fail. This is one
of the main differences between secure and trusted boot concepts.
Notice in process_measurement() that -EACCES is only returned for
appraisal.
Returning a failure from process_buffer_measurement() in itself isn't a
problem, as long as the failure isn't returned to the LSM/IMA hook.
However, just as the callers of process_measurement() originally
processed the result, that processing was moved into
process_measurement() [1].
Mimi
[1] 750943a30714 ima: remove enforce checking duplication