RE: [PATCH v2 5/8] ima: Switch to dynamically allocated buffer for template digests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

> -----Original Message-----
> From: Mimi Zohar [mailto:zohar@xxxxxxxxxxxxx]
> Sent: Thursday, February 6, 2020 5:08 PM
> To: Roberto Sassu <roberto.sassu@xxxxxxxxxx>;
> James.Bottomley@xxxxxxxxxxxxxxxxxxxxx;
> jarkko.sakkinen@xxxxxxxxxxxxxxx
> Cc: linux-integrity@xxxxxxxxxxxxxxx; linux-security-module@xxxxxxxxxxxxxxx;
> linux-kernel@xxxxxxxxxxxxxxx; Silviu Vlasceanu
> <Silviu.Vlasceanu@xxxxxxxxxx>
> Subject: Re: [PATCH v2 5/8] ima: Switch to dynamically allocated buffer for
> template digests
> 
> Hi Roberto,
> 
> On Wed, 2020-02-05 at 11:33 +0100, Roberto Sassu wrote:
> > This patch dynamically allocates the array of tpm_digest structures in
> > ima_alloc_init_template() and ima_restore_template_data(). The size of
> the
> > array, stored in ima_num_template_digests, is initially equal to 1 (SHA1)
> > and will be determined in the upcoming patches depending on the
> allocated
> > PCR banks and the chosen default IMA algorithm.
> >
> > Calculating the SHA1 digest is mandatory, as SHA1 still remains the default
> > hash algorithm for the measurement list. When IMA will support the
> Crypto
> > Agile format, remaining digests will be also provided.
> >
> > The position in the array of the SHA1 digest is stored in the ima_sha1_idx
> > global variable and it is determined at IMA initialization time.
> >
> > Changelog
> >
> > v1:
> > - move ima_sha1_idx to ima_crypto.c
> > - introduce ima_num_template_digests (suggested by Mimi)
> 
> Instead of hardcoding "nr_allocated_banks + 1" or nr_allocated_banks +
> 2", I suggested defining "nr_allocated_banks + extra", where "extra"
> could be 0, 1, or 2.
> 
> The rest of the code would remain exactly the same as you had.

Ok. I did a small improvement. Since we determine the number of
required elements of ima_algo_array before kmalloc() I thought it
was ok to directly set that number of elements in a single variable.

If you think that having two variables is better, I will change it.

Thanks

Roberto

HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Li Jian, Shi Yanli
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux