Mimi Zohar <zohar@xxxxxxxxxxxxx> writes:
> On Mon, 2019-06-24 at 19:03 -0300, Thiago Jung Bauermann wrote:
>> Hello Prakhar,
>>
>> Prakhar Srivastava <prsriva02@xxxxxxxxx> writes:
>>
>> > diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
>> > index 00dd5a434689..a01a17e5c581 100644
>> > --- a/security/integrity/ima/ima_template.c
>> > +++ b/security/integrity/ima/ima_template.c
>> > @@ -26,6 +26,7 @@ static struct ima_template_desc builtin_templates[] = {
>> > {.name = IMA_TEMPLATE_IMA_NAME, .fmt = IMA_TEMPLATE_IMA_FMT},
>> > {.name = "ima-ng", .fmt = "d-ng|n-ng"},
>> > {.name = "ima-sig", .fmt = "d-ng|n-ng|sig"},
>> > + {.name = "ima-buf", .fmt = "d-ng|n-ng|buf"},
>> > {.name = "", .fmt = ""}, /* placeholder for a custom format */
>> > };
>> >
>> > @@ -43,6 +44,8 @@ static const struct ima_template_field supported_fields[] = {
>> > .field_show = ima_show_template_string},
>> > {.field_id = "sig", .field_init = ima_eventsig_init,
>> > .field_show = ima_show_template_sig},
>> > + {.field_id = "buf", .field_init = ima_eventbuf_init,
>> > + .field_show = ima_show_template_buf},
>> > };
>> > #define MAX_TEMPLATE_NAME_LEN 15
>>
>> Currently, MAX_TEMPLATE_NAME_LEN is the length of a template that
>> contains all valid fields. It may make sense to increase it since
>> there's a new field being added.
>>
>> I suggest using a sizeof() to show where the number comes from (and
>> which can be visually shown to be correct):
>>
>> #define MAX_TEMPLATE_NAME_LEN sizeof("d|n|d-ng|n-ng|sig|buf")
>>
>> The sizeof() is calculated at compile time.
>
> MAX_TEMPLATE_NAME_LEN is used when restoring measurements carried over
> from a kexec. 'd' and 'd-ng' should not both be defined in the
> template description, nor should 'n' and 'n-ng'.
Ah, makes sense. Thanks for that information.
> Even without the
> duplication, the MAX_TEPLATE_NAME_LEN is greater than the current 15.
>
> Thiago, could you address this as a separate patch?
Yes, I just sent a patch.
--
Thiago Jung Bauermann
IBM Linux Technology Center
