> -----Original Message----- > From: kernel test robot [mailto:rong.a.chen@xxxxxxxxx] > Sent: Monday, March 2, 2020 2:22 AM > To: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > Cc: zohar@xxxxxxxxxxxxx; James.Bottomley@xxxxxxxxxxxxxxxxxxxxx; > jarkko.sakkinen@xxxxxxxxxxxxxxx; linux-integrity@xxxxxxxxxxxxxxx; linux- > security-module@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; Silviu > Vlasceanu <Silviu.Vlasceanu@xxxxxxxxxx>; Roberto Sassu > <roberto.sassu@xxxxxxxxxx>; lkp@xxxxxxxxxxxx > Subject: [ima] 9165b814d2: > BUG:kernel_NULL_pointer_dereference,address > > FYI, we noticed the following commit (built with gcc-7): > > commit: 9165b814d2bea8cfeb557505bb206396331e8192 ("[PATCH v2 8/8] > ima: Use ima_hash_algo for collision detection in the measurement list") > url: https://github.com/0day-ci/linux/commits/Roberto-Sassu/ima-support- > stronger-algorithms-for-attestation/20200205-233901 > base: https://git.kernel.org/cgit/linux/kernel/git/zohar/linux-integrity.git > next-integrity Hi thanks for the report. Yes, version 2 had a bug: --- ima_algo_array[i++].algo = HASH_ALGO_SHA1; } if (ima_hash_algo_idx >= nr_allocated_banks) { ima_algo_array[i].tfm = ima_shash_tfm; ima_algo_array[i].algo = ima_hash_algo; } --- The code allocated ima_algo_array with size 1 (TPM was not found and the default algorithm is SHA1). However, later it initializes ima_algo_array for SHA1 and increments the i variable. Since the code does not check if the default algorithm is SHA1, the last part is also executed and causes corruption, because ima_algo_array has only one element. I fixed already this bug in version 3 of the patch set. Thanks Roberto HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Li Jian, Shi Yanli
