> -----Original Message----- > From: owner-linux-security-module@xxxxxxxxxxxxxxx [mailto:owner-linux- > security-module@xxxxxxxxxxxxxxx] On Behalf Of Mimi Zohar > Sent: Thursday, February 6, 2020 5:34 PM > To: Roberto Sassu <roberto.sassu@xxxxxxxxxx>; > James.Bottomley@xxxxxxxxxxxxxxxxxxxxx; > jarkko.sakkinen@xxxxxxxxxxxxxxx > Cc: linux-integrity@xxxxxxxxxxxxxxx; linux-security-module@xxxxxxxxxxxxxxx; > linux-kernel@xxxxxxxxxxxxxxx; Silviu Vlasceanu > <Silviu.Vlasceanu@xxxxxxxxxx> > Subject: Re: [PATCH v2 5/8] ima: Switch to dynamically allocated buffer for > template digests > > On Thu, 2020-02-06 at 16:27 +0000, Roberto Sassu wrote: > > > -----Original Message----- > > > From: Mimi Zohar [mailto:zohar@xxxxxxxxxxxxx] > > > Sent: Thursday, February 6, 2020 5:08 PM > > > To: Roberto Sassu <roberto.sassu@xxxxxxxxxx>; > > > James.Bottomley@xxxxxxxxxxxxxxxxxxxxx; > > > jarkko.sakkinen@xxxxxxxxxxxxxxx > > > Cc: linux-integrity@xxxxxxxxxxxxxxx; linux-security- > module@xxxxxxxxxxxxxxx; > > > linux-kernel@xxxxxxxxxxxxxxx; Silviu Vlasceanu > > > <Silviu.Vlasceanu@xxxxxxxxxx> > > > Subject: Re: [PATCH v2 5/8] ima: Switch to dynamically allocated buffer > for > > > template digests > > > > > > Hi Roberto, > > > > > > On Wed, 2020-02-05 at 11:33 +0100, Roberto Sassu wrote: > > > > This patch dynamically allocates the array of tpm_digest structures in > > > > ima_alloc_init_template() and ima_restore_template_data(). The size > of > > > the > > > > array, stored in ima_num_template_digests, is initially equal to 1 > (SHA1) > > > > and will be determined in the upcoming patches depending on the > > > allocated > > > > PCR banks and the chosen default IMA algorithm. > > > > > > > > Calculating the SHA1 digest is mandatory, as SHA1 still remains the > default > > > > hash algorithm for the measurement list. When IMA will support the > > > Crypto > > > > Agile format, remaining digests will be also provided. > > > > > > > > The position in the array of the SHA1 digest is stored in the > ima_sha1_idx > > > > global variable and it is determined at IMA initialization time. > > > > > > > > Changelog > > > > > > > > v1: > > > > - move ima_sha1_idx to ima_crypto.c > > > > - introduce ima_num_template_digests (suggested by Mimi) > > > > > > Instead of hardcoding "nr_allocated_banks + 1" or nr_allocated_banks + > > > 2", I suggested defining "nr_allocated_banks + extra", where "extra" > > > could be 0, 1, or 2. > > > > > > The rest of the code would remain exactly the same as you had. > > > > Ok. I did a small improvement. Since we determine the number of > > required elements of ima_algo_array before kmalloc() I thought it > > was ok to directly set that number of elements in a single variable. > > > > If you think that having two variables is better, I will change it. > > The connection to nr_allocated_banks is then not as visible. Using > two variables is clearer. Ok, no problem. I will change it in the next version. Roberto HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Li Jian, Shi Yanli
