From 78969bfe974e8b02c0a430ce648b02a079f6cee2 Mon Sep 17 00:00:00 2001
From: Hongjin Li <lihongjin1@huawei.com>
Date: Tue, 21 Nov 2023 15:20:43 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8DELF=E9=AA=8C=E7=AD=BE?=
 =?UTF-8?q?=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Hongjin Li <lihongjin1@huawei.com>
---
 code_sign/code_sign_elf.c | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/code_sign/code_sign_elf.c b/code_sign/code_sign_elf.c
index ed7acaf..65756a6 100644
--- a/code_sign/code_sign_elf.c
+++ b/code_sign/code_sign_elf.c
@@ -100,7 +100,7 @@ static int get_fsverity_desc(sign_block_t *sign_block, char *sign_data_ptr)
 	return 0;
 }
 
-static int enable_by_sign_head(struct file *fp, long long fsize, char *sign_head_ptr)
+static int enable_by_sign_head(struct file *fp, struct inode *inode, long long fsize, char *sign_head_ptr)
 {
 	sign_block_t sign_block;
 	memset(&sign_block, 0, sizeof(sign_block));
@@ -146,13 +146,28 @@ static int enable_by_sign_head(struct file *fp, long long fsize, char *sign_head
 		goto out;
 	}
 
+	err = mnt_want_write_file(fp);
+	if (err) /* -EROFS */
+		goto out;
+
+	err = deny_write_access(fp);
+	if (err) /* -ETXTBSY */
+		goto out_drop_write;
+
 	/* fsverity_enable_with_descriptor in fs/verity/enable.c */
 	err = fsverity_enable_with_descriptor(fp, (void *)(sign_block.fsverity_desc), sign_block.fsverity_desc_hdr.length);
 	if (err) {
 		code_sign_log_error("fsverity_enable_with_descriptor returns err: %d", err);
-		goto out;
+		goto out_allow_write_access;
 	}
 
+	filemap_write_and_wait(inode->i_mapping);
+	invalidate_inode_pages2(inode->i_mapping);
+
+out_allow_write_access:
+	allow_write_access(fp);
+out_drop_write:
+	mnt_drop_write_file(fp);
 out:
 	kfree(sign_data_ptr);
 	return err;
@@ -233,7 +248,7 @@ int elf_file_enable_fs_verity(struct file *file)
 		goto release_sign_head_out;
 	}
 
-	err = enable_by_sign_head(fp, fsize, sign_head_ptr);
+	err = enable_by_sign_head(fp, inode, fsize, sign_head_ptr);
 	if (err) {
 		code_sign_log_error("enable_by_sign_head err: %d", err);
 		goto release_sign_head_out;
-- 
Gitee