Merge 4.4.101 into android-4.4

Changes in 4.4.101
	tcp: do not mangle skb->cb[] in tcp_make_synack()
	netfilter/ipvs: clear ipvs_property flag when SKB net namespace changed
	bonding: discard lowest hash bit for 802.3ad layer3+4
	vlan: fix a use-after-free in vlan_device_event()
	af_netlink: ensure that NLMSG_DONE never fails in dumps
	sctp: do not peel off an assoc from one netns to another one
	fealnx: Fix building error on MIPS
	net/sctp: Always set scope_id in sctp_inet6_skb_msgname
	ima: do not update security.ima if appraisal status is not INTEGRITY_PASS
	serial: omap: Fix EFR write on RTS deassertion
	arm64: fix dump_instr when PAN and UAO are in use
	nvme: Fix memory order on async queue deletion
	ocfs2: should wait dio before inode lock in ocfs2_setattr()
	ipmi: fix unsigned long underflow
	mm/page_alloc.c: broken deferred calculation
	coda: fix 'kernel memory exposure attempt' in fsync
	mm: check the return value of lookup_page_ext for all call sites
	mm/page_ext.c: check if page_ext is not prepared
	mm/pagewalk.c: report holes in hugetlb ranges
	Linux 4.4.101

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>

1 files changed, 3 insertions, 0 deletions

diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 9ce9d5003dcc..19014293f927 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -297,6 +297,9 @@ void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file)
 	if (iint->flags & IMA_DIGSIG)
 		return;
 
+	if (iint->ima_file_status != INTEGRITY_PASS)
+		return;
+
 	rc = ima_collect_measurement(iint, file, NULL, NULL);
 	if (rc < 0)
 		return;