ima: define ima_max_digest_data struct without a flexible array variable

To support larger hash digests in the 'iint' cache, instead of defining
the 'digest' field as the maximum digest size, the 'digest' field was
defined as a flexible array variable.  The "ima_digest_data" struct was
wrapped inside a local structure with the maximum digest size.  But
before adding the record to the iint cache, memory for the exact digest
size was dynamically allocated.

The original reason for defining the 'digest' field as a flexible array
variable is still valid for the 'iint' cache use case.  Instead of
wrapping the 'ima_digest_data' struct in a local structure define
'ima_max_digest_data' struct.

Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 5b220a2fe573dccf0d502df0662c22efa6e3a919..c6805af4621187767d87ba1dd9cce908f8f8f38a 100644 (file)
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -217,14 +217,11 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
        const char *audit_cause = "failed";
        struct inode *inode = file_inode(file);
        const char *filename = file->f_path.dentry->d_name.name;
+       struct ima_max_digest_data hash;
        int result = 0;
        int length;
        void *tmpbuf;
        u64 i_version;
-       struct {
-               struct ima_digest_data hdr;
-               char digest[IMA_MAX_DIGEST_SIZE];
-       } hash;
 
        /*
         * Always collect the modsig, because IMA might have already collected
@@ -239,8 +236,9 @@ int ima_collect_measurement(struct integrity_iint_cache *iint,
 
        /*
         * Detecting file change is based on i_version. On filesystems
-        * which do not support i_version, support is limited to an initial
-        * measurement/appraisal/audit.
+        * which do not support i_version, support was originally limited
+        * to an initial measurement/appraisal/audit, but was modified to
+        * assume the file changed.
         */
        i_version = inode_query_iversion(inode);
        hash.hdr.algo = algo;

diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index b26fa67476b411d35a576e9754a1f8d450e633b7..63979aefc95f7e018852bc301a740468c75db742 100644 (file)
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -47,12 +47,9 @@ static int __init ima_add_boot_aggregate(void)
        struct integrity_iint_cache tmp_iint, *iint = &tmp_iint;
        struct ima_event_data event_data = { .iint = iint,
                                             .filename = boot_aggregate_name };
+       struct ima_max_digest_data hash;
        int result = -ENOMEM;
        int violation = 0;
-       struct {
-               struct ima_digest_data hdr;
-               char digest[TPM_MAX_DIGEST_SIZE];
-       } hash;
 
        memset(iint, 0, sizeof(*iint));
        memset(&hash, 0, sizeof(hash));

diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 7c80dfe2c7a54813088dabadc8b8a6a04bfcd809..c6412dec3810b1d757ff50c8d724f0aeec1ac51b 100644 (file)
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -874,10 +874,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns,
                                            .buf = buf,
                                            .buf_len = size};
        struct ima_template_desc *template;
-       struct {
-               struct ima_digest_data hdr;
-               char digest[IMA_MAX_DIGEST_SIZE];
-       } hash = {};
+       struct ima_max_digest_data hash;
        char digest_hash[IMA_MAX_DIGEST_SIZE];
        int digest_hash_len = hash_digest_size[ima_hash_algo];
        int violation = 0;

diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
index 5a5d462ab36db10222258b1992acf188eabf3bef..7155d17a3b75f52aaa42ad23c0323350db110846 100644 (file)
--- a/security/integrity/ima/ima_template_lib.c
+++ b/security/integrity/ima/ima_template_lib.c
@@ -307,10 +307,7 @@ static int ima_eventdigest_init_common(const u8 *digest, u32 digestsize,
 int ima_eventdigest_init(struct ima_event_data *event_data,
                         struct ima_field_data *field_data)
 {
-       struct {
-               struct ima_digest_data hdr;
-               char digest[IMA_MAX_DIGEST_SIZE];
-       } hash;
+       struct ima_max_digest_data hash;
        u8 *cur_digest = NULL;
        u32 cur_digestsize = 0;
        struct inode *inode;

diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index d045dccd415af13f2b46ba97b9c45659c163c43b..daf49894fd7d01370b211e23ae4e520c5da2b3a5 100644 (file)
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -15,6 +15,7 @@
 #include <linux/types.h>
 #include <linux/integrity.h>
 #include <crypto/sha1.h>
+#include <crypto/hash.h>
 #include <linux/key.h>
 #include <linux/audit.h>
 
@@ -110,6 +111,15 @@ struct ima_digest_data {
        u8 digest[];
 } __packed;
 
+/*
+ * Instead of wrapping the ima_digest_data struct inside a local structure
+ * with the maximum hash size, define ima_max_digest_data struct.
+ */
+struct ima_max_digest_data {
+       struct ima_digest_data hdr;
+       u8 digest[HASH_MAX_DIGESTSIZE];
+} __packed;
+
 /*
  * signature format v2 - for using with asymmetric keys
  */