On Thu, 2020-02-06 at 16:27 +0000, Roberto Sassu wrote: > > -----Original Message----- > > From: Mimi Zohar [mailto:zohar@xxxxxxxxxxxxx] > > Sent: Thursday, February 6, 2020 5:08 PM > > To: Roberto Sassu <roberto.sassu@xxxxxxxxxx>; > > James.Bottomley@xxxxxxxxxxxxxxxxxxxxx; > > jarkko.sakkinen@xxxxxxxxxxxxxxx > > Cc: linux-integrity@xxxxxxxxxxxxxxx; linux-security-module@xxxxxxxxxxxxxxx; > > linux-kernel@xxxxxxxxxxxxxxx; Silviu Vlasceanu > > <Silviu.Vlasceanu@xxxxxxxxxx> > > Subject: Re: [PATCH v2 5/8] ima: Switch to dynamically allocated buffer for > > template digests > > > > Hi Roberto, > > > > On Wed, 2020-02-05 at 11:33 +0100, Roberto Sassu wrote: > > > This patch dynamically allocates the array of tpm_digest structures in > > > ima_alloc_init_template() and ima_restore_template_data(). The size of > > the > > > array, stored in ima_num_template_digests, is initially equal to 1 (SHA1) > > > and will be determined in the upcoming patches depending on the > > allocated > > > PCR banks and the chosen default IMA algorithm. > > > > > > Calculating the SHA1 digest is mandatory, as SHA1 still remains the default > > > hash algorithm for the measurement list. When IMA will support the > > Crypto > > > Agile format, remaining digests will be also provided. > > > > > > The position in the array of the SHA1 digest is stored in the ima_sha1_idx > > > global variable and it is determined at IMA initialization time. > > > > > > Changelog > > > > > > v1: > > > - move ima_sha1_idx to ima_crypto.c > > > - introduce ima_num_template_digests (suggested by Mimi) > > > > Instead of hardcoding "nr_allocated_banks + 1" or nr_allocated_banks + > > 2", I suggested defining "nr_allocated_banks + extra", where "extra" > > could be 0, 1, or 2. > > > > The rest of the code would remain exactly the same as you had. > > Ok. I did a small improvement. Since we determine the number of > required elements of ima_algo_array before kmalloc() I thought it > was ok to directly set that number of elements in a single variable. > > If you think that having two variables is better, I will change it. The connection to nr_allocated_banks is then not as visible. Using two variables is clearer. Mimi
