> -----Original Message----- > From: David Laight [mailto:David.Laight@xxxxxxxxxx] > Sent: Monday, April 27, 2020 4:28 PM > To: Roberto Sassu <roberto.sassu@xxxxxxxxxx>; zohar@xxxxxxxxxxxxx; > rgoldwyn@xxxxxxx > Cc: linux-integrity@xxxxxxxxxxxxxxx; linux-security-module@xxxxxxxxxxxxxxx; > linux-kernel@xxxxxxxxxxxxxxx; Silviu Vlasceanu > <Silviu.Vlasceanu@xxxxxxxxxx>; Krzysztof Struczynski > <krzysztof.struczynski@xxxxxxxxxx>; stable@xxxxxxxxxxxxxxx > Subject: RE: [PATCH v2 3/6] ima: Fix ima digest hash table key calculation > > From: Roberto Sassu > > Sent: 27 April 2020 13:51 > ... > > > > -static inline unsigned long ima_hash_key(u8 *digest) > > > > +static inline unsigned int ima_hash_key(u8 *digest) > > > > { > > > > - return hash_long(*digest, IMA_HASH_BITS); > > > > + return (*(unsigned int *)digest % IMA_MEASURE_HTABLE_SIZE); > > > > > > That almost certainly isn't right. > > > It falls foul of the *(integer_type *)ptr being almost always wrong. > > > > I didn't find the problem. Can you please explain? > > The general problem with *(int_type *)ptr is that it does completely > the wrong thing if 'ptr' is the address of a larger integer type on > a big-endian system. > You may also get a misaligned access trap. > > In this case I guess that digest is actually u8[SHA1_DIGEST_SIZE]. > Maybe what you should return is: > (digest[0] | digest[1] << 8) % IMA_MEASURE_HTABLE_SIZE; > and comment that there is no point taking a hash of part of > a SHA1 digest. Ok, thanks. Roberto HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063 Managing Director: Li Peng, Li Jian, Shi Yanli > David > > - > Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, > MK1 1PT, UK > Registration No: 1397386 (Wales)
