On Mon, 2019-06-24 at 19:03 -0300, Thiago Jung Bauermann wrote:
> Hello Prakhar,
>
> Prakhar Srivastava <prsriva02@xxxxxxxxx> writes:
>
> > diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
> > index 00dd5a434689..a01a17e5c581 100644
> > --- a/security/integrity/ima/ima_template.c
> > +++ b/security/integrity/ima/ima_template.c
> > @@ -26,6 +26,7 @@ static struct ima_template_desc builtin_templates[] = {
> > {.name = IMA_TEMPLATE_IMA_NAME, .fmt = IMA_TEMPLATE_IMA_FMT},
> > {.name = "ima-ng", .fmt = "d-ng|n-ng"},
> > {.name = "ima-sig", .fmt = "d-ng|n-ng|sig"},
> > + {.name = "ima-buf", .fmt = "d-ng|n-ng|buf"},
> > {.name = "", .fmt = ""}, /* placeholder for a custom format */
> > };
> >
> > @@ -43,6 +44,8 @@ static const struct ima_template_field supported_fields[] = {
> > .field_show = ima_show_template_string},
> > {.field_id = "sig", .field_init = ima_eventsig_init,
> > .field_show = ima_show_template_sig},
> > + {.field_id = "buf", .field_init = ima_eventbuf_init,
> > + .field_show = ima_show_template_buf},
> > };
> > #define MAX_TEMPLATE_NAME_LEN 15
>
> Currently, MAX_TEMPLATE_NAME_LEN is the length of a template that
> contains all valid fields. It may make sense to increase it since
> there's a new field being added.
>
> I suggest using a sizeof() to show where the number comes from (and
> which can be visually shown to be correct):
>
> #define MAX_TEMPLATE_NAME_LEN sizeof("d|n|d-ng|n-ng|sig|buf")
>
> The sizeof() is calculated at compile time.
MAX_TEMPLATE_NAME_LEN is used when restoring measurements carried over
from a kexec. 'd' and 'd-ng' should not both be defined in the
template description, nor should 'n' and 'n-ng'. Even without the
duplication, the MAX_TEPLATE_NAME_LEN is greater than the current 15.
Thiago, could you address this as a separate patch?
thanks!
Mimi
