On Wed, 2017-10-18 at 11:38 +0800, Boshi Wang wrote: > The hash_setup function always sets hash_setup_done variable. If an > invalid hash algorithm is passed, the default hash algorithm specified > by CONFIG_IMA_DEFAULT_HASH could not be used. The Subject line of this email is too long and needs to be clearer. Please refer to Documentation/process/submitting-patches.rst section 14 "The canonical patch format". I would recommend shortening it to something like "ima: fix hash algorithm initialization". The patch description should start out with a concise explanation of the current status, followed by the problem description and end with the solution. For example, The hash_setup function always sets the hash_setup_done flag, even when the hash algorithm is invalid. This prevents the default hash algorithm defined as CONFIG_IMA_DEFAULT_HASH from being used. This patch sets hash_setup_done flag only for valid hash algorithms. Mimi > Signed-off-by: Boshi Wang <wangboshi@xxxxxxxxxx> > --- > security/integrity/ima/ima_main.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c > index 2aebb79..ab70a39 100644 > --- a/security/integrity/ima/ima_main.c > +++ b/security/integrity/ima/ima_main.c > @@ -51,6 +51,8 @@ static int __init hash_setup(char *str) > ima_hash_algo = HASH_ALGO_SHA1; > else if (strncmp(str, "md5", 3) == 0) > ima_hash_algo = HASH_ALGO_MD5; > + else > + return 1; > goto out; > } > > @@ -60,6 +62,8 @@ static int __init hash_setup(char *str) > break; > } > } > + if (i == HASH_ALGO__LAST) > + return 1; > out: > hash_setup_done = 1; > return 1;
