From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: Dmitry Torokhov <dmitry.torokhov@gmail.com>,
Kees Cook <keescook@chromium.org>,
fsdevel@vger.kernel.org, "Luis R. Rodriguez" <mcgrof@suse.com>,
Dmitry Kasatkin <d.kasatkin@samsung.com>,
kexec@lists.infradead.org, David Howells <dhowells@redhat.com>,
linux-security-module <linux-security-module@vger.kernel.org>,
David Woodhouse <dwmw2@infradead.org>,
linux-modules@vger.kernel.org
Subject: Re: [RFC PATCH v2 03/11] ima: provide buffer hash calculation function
Date: Thu, 21 Jan 2016 08:18:12 -0500 [thread overview]
Message-ID: <1453382292.9549.136.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <CACE9dm8nd+zf-GKzdo1xYfedGhKSEtUrS2UrmARf2t+PKYNTgA@mail.gmail.com>
On Tue, 2016-01-19 at 21:26 +0200, Dmitry Kasatkin wrote:
> On Mon, Jan 18, 2016 at 5:11 PM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> > From: Dmitry Kasatkin <d.kasatkin@samsung.com>
> >
> > This patch provides convenient buffer hash calculation function.
> >
> > Changelog:
> > - rewrite to support loff_t sized buffers - Mimi
> > (based on Fenguang Wu's testing)
> >
> > Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
> > Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> > ---
> > security/integrity/ima/ima.h | 2 ++
> > security/integrity/ima/ima_crypto.c | 47 +++++++++++++++++++++++++++++++++++++
> > 2 files changed, 49 insertions(+)
> >
> > diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> > index fb8da36..de53631 100644
> > --- a/security/integrity/ima/ima.h
> > +++ b/security/integrity/ima/ima.h
> > @@ -107,6 +107,8 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
> > const char *op, struct inode *inode,
> > const unsigned char *filename);
> > int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash);
> > +int ima_calc_buffer_hash(const void *buf, loff_t len,
> > + struct ima_digest_data *hash);
> > int ima_calc_field_array_hash(struct ima_field_data *field_data,
> > struct ima_template_desc *desc, int num_fields,
> > struct ima_digest_data *hash);
> > diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
> > index fb30ce4..8d86281 100644
> > --- a/security/integrity/ima/ima_crypto.c
> > +++ b/security/integrity/ima/ima_crypto.c
> > @@ -519,6 +519,53 @@ int ima_calc_field_array_hash(struct ima_field_data *field_data,
> > return rc;
> > }
> >
> > +static int calc_buffer_shash_tfm(const void *buf, loff_t size,
> > + struct ima_digest_data *hash,
> > + struct crypto_shash *tfm)
> > +{
> > + SHASH_DESC_ON_STACK(shash, tfm);
> > + unsigned int len;
> > + loff_t offset = 0;
> > + int rc;
> > +
> > + shash->tfm = tfm;
> > + shash->flags = 0;
> > +
> > + hash->length = crypto_shash_digestsize(tfm);
> > +
> > + rc = crypto_shash_init(shash);
> > + if (rc != 0)
> > + return rc;
> > +
> > + len = size < PAGE_SIZE ? size : PAGE_SIZE;
> > + while (offset < size) {
> > + rc = crypto_shash_update(shash, buf + offset, len);
> > + if (rc)
> > + break;
> > + offset += len;
> > + }
> > +
>
> Hello Mimi,
>
> May be this was my earlier patch, but it seems to have a problem of
> accessing beyond end of buffer using the same len.
> When buffer always padded by zeros it is not a problem, but it is a bug.
>
> This seems to be better version.
>
> while (size) {
> len = size < PAGE_SIZE ? size : PAGE_SIZE;
> rc = crypto_shash_update(shash, buf, len);
> if (rc)
> break;
> buf += len;
> size -= len;
> }
>
> Please change my sign-of to: dmitry.kasatkin@huawei.com
Good catch! I think I unfortunately introduce this bug. Thank you for
the review!
Mimi
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: linux-security-module <linux-security-module@vger.kernel.org>,
Dmitry Kasatkin <d.kasatkin@samsung.com>,
"Luis R. Rodriguez" <mcgrof@suse.com>,
kexec@lists.infradead.org, linux-modules@vger.kernel.org,
fsdevel@vger.kernel.org, David Howells <dhowells@redhat.com>,
David Woodhouse <dwmw2@infradead.org>,
Kees Cook <keescook@chromium.org>,
Dmitry Torokhov <dmitry.torokhov@gmail.com>
Subject: Re: [RFC PATCH v2 03/11] ima: provide buffer hash calculation function
Date: Thu, 21 Jan 2016 08:18:12 -0500 [thread overview]
Message-ID: <1453382292.9549.136.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <CACE9dm8nd+zf-GKzdo1xYfedGhKSEtUrS2UrmARf2t+PKYNTgA@mail.gmail.com>
On Tue, 2016-01-19 at 21:26 +0200, Dmitry Kasatkin wrote:
> On Mon, Jan 18, 2016 at 5:11 PM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> > From: Dmitry Kasatkin <d.kasatkin@samsung.com>
> >
> > This patch provides convenient buffer hash calculation function.
> >
> > Changelog:
> > - rewrite to support loff_t sized buffers - Mimi
> > (based on Fenguang Wu's testing)
> >
> > Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
> > Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> > ---
> > security/integrity/ima/ima.h | 2 ++
> > security/integrity/ima/ima_crypto.c | 47 +++++++++++++++++++++++++++++++++++++
> > 2 files changed, 49 insertions(+)
> >
> > diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> > index fb8da36..de53631 100644
> > --- a/security/integrity/ima/ima.h
> > +++ b/security/integrity/ima/ima.h
> > @@ -107,6 +107,8 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
> > const char *op, struct inode *inode,
> > const unsigned char *filename);
> > int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash);
> > +int ima_calc_buffer_hash(const void *buf, loff_t len,
> > + struct ima_digest_data *hash);
> > int ima_calc_field_array_hash(struct ima_field_data *field_data,
> > struct ima_template_desc *desc, int num_fields,
> > struct ima_digest_data *hash);
> > diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
> > index fb30ce4..8d86281 100644
> > --- a/security/integrity/ima/ima_crypto.c
> > +++ b/security/integrity/ima/ima_crypto.c
> > @@ -519,6 +519,53 @@ int ima_calc_field_array_hash(struct ima_field_data *field_data,
> > return rc;
> > }
> >
> > +static int calc_buffer_shash_tfm(const void *buf, loff_t size,
> > + struct ima_digest_data *hash,
> > + struct crypto_shash *tfm)
> > +{
> > + SHASH_DESC_ON_STACK(shash, tfm);
> > + unsigned int len;
> > + loff_t offset = 0;
> > + int rc;
> > +
> > + shash->tfm = tfm;
> > + shash->flags = 0;
> > +
> > + hash->length = crypto_shash_digestsize(tfm);
> > +
> > + rc = crypto_shash_init(shash);
> > + if (rc != 0)
> > + return rc;
> > +
> > + len = size < PAGE_SIZE ? size : PAGE_SIZE;
> > + while (offset < size) {
> > + rc = crypto_shash_update(shash, buf + offset, len);
> > + if (rc)
> > + break;
> > + offset += len;
> > + }
> > +
>
> Hello Mimi,
>
> May be this was my earlier patch, but it seems to have a problem of
> accessing beyond end of buffer using the same len.
> When buffer always padded by zeros it is not a problem, but it is a bug.
>
> This seems to be better version.
>
> while (size) {
> len = size < PAGE_SIZE ? size : PAGE_SIZE;
> rc = crypto_shash_update(shash, buf, len);
> if (rc)
> break;
> buf += len;
> size -= len;
> }
>
> Please change my sign-of to: dmitry.kasatkin@huawei.com
Good catch! I think I unfortunately introduce this bug. Thank you for
the review!
Mimi
next prev parent reply other threads:[~2016-01-21 13:19 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-18 15:11 [RFC PATCH v2 00/11] vfss: support for a common kernel file loader Mimi Zohar
2016-01-18 15:11 ` Mimi Zohar
2016-01-18 15:11 ` [RFC PATCH v2 01/11] ima: separate 'security.ima' reading functionality from collect Mimi Zohar
2016-01-18 15:11 ` Mimi Zohar
2016-01-19 20:00 ` Dmitry Kasatkin
2016-01-19 20:00 ` Dmitry Kasatkin
2016-01-21 13:19 ` Mimi Zohar
2016-01-21 13:19 ` Mimi Zohar
2016-01-21 18:18 ` Dmitry Kasatkin
2016-01-21 18:18 ` Dmitry Kasatkin
2016-01-18 15:11 ` [RFC PATCH v2 02/11] vfs: define a generic function to read a file from the kernel Mimi Zohar
2016-01-18 15:11 ` Mimi Zohar
2016-01-20 1:09 ` Luis R. Rodriguez
2016-01-20 1:09 ` Luis R. Rodriguez
2016-01-21 13:24 ` Mimi Zohar
2016-01-21 13:24 ` Mimi Zohar
2016-01-18 15:11 ` [RFC PATCH v2 03/11] ima: provide buffer hash calculation function Mimi Zohar
2016-01-18 15:11 ` Mimi Zohar
2016-01-19 19:26 ` Dmitry Kasatkin
2016-01-19 19:26 ` Dmitry Kasatkin
2016-01-21 13:18 ` Mimi Zohar [this message]
2016-01-21 13:18 ` Mimi Zohar
2016-01-18 15:11 ` [RFC PATCH v2 04/11] ima: calculate the hash of a buffer using aynchronous hash(ahash) Mimi Zohar
2016-01-18 15:11 ` Mimi Zohar
2016-01-18 15:11 ` [RFC PATCH v2 05/11] ima: define a new hook to measure and appraise a file already in memory Mimi Zohar
2016-01-18 15:11 ` Mimi Zohar
2016-01-18 15:11 ` [RFC PATCH v2 06/11] kexec: replace call to copy_file_from_fd() with kernel version Mimi Zohar
2016-01-18 15:11 ` Mimi Zohar
2016-01-20 3:22 ` Minfei Huang
2016-01-20 3:22 ` Minfei Huang
2016-01-20 23:12 ` Luis R. Rodriguez
2016-01-20 23:12 ` Luis R. Rodriguez
2016-01-21 0:27 ` Dmitry Torokhov
2016-01-21 0:27 ` Dmitry Torokhov
2016-01-25 6:37 ` Dave Young
2016-01-25 6:37 ` Dave Young
2016-01-25 7:02 ` Dave Young
2016-01-25 7:02 ` Dave Young
2016-01-25 15:04 ` Mimi Zohar
2016-01-25 15:04 ` Mimi Zohar
2016-01-25 20:34 ` Luis R. Rodriguez
2016-01-25 20:34 ` Luis R. Rodriguez
2016-01-25 23:48 ` Mimi Zohar
2016-01-25 23:48 ` Mimi Zohar
2016-01-26 20:48 ` Luis R. Rodriguez
2016-01-26 20:48 ` Luis R. Rodriguez
2016-01-26 1:20 ` Dave Young
2016-01-26 1:20 ` Dave Young
2016-01-26 16:40 ` Mimi Zohar
2016-01-26 16:40 ` Mimi Zohar
2016-01-27 1:50 ` Dave Young
2016-01-27 1:50 ` Dave Young
2016-01-18 15:11 ` [RFC PATCH v2 07/11] firmware: replace call to fw_read_file_contents() " Mimi Zohar
2016-01-18 15:11 ` Mimi Zohar
2016-01-20 0:10 ` Kees Cook
2016-01-20 0:10 ` Kees Cook
2016-01-21 12:04 ` Mimi Zohar
2016-01-21 12:04 ` Mimi Zohar
2016-01-20 23:39 ` Luis R. Rodriguez
2016-01-20 23:39 ` Luis R. Rodriguez
2016-01-20 23:56 ` Luis R. Rodriguez
2016-01-20 23:56 ` Luis R. Rodriguez
2016-01-21 12:05 ` Mimi Zohar
2016-01-21 12:05 ` Mimi Zohar
2016-01-21 16:49 ` Luis R. Rodriguez
2016-01-21 16:49 ` Luis R. Rodriguez
2016-01-18 15:11 ` [RFC PATCH v2 08/11] module: replace copy_module_from_fd " Mimi Zohar
2016-01-18 15:11 ` Mimi Zohar
2016-01-21 0:03 ` Luis R. Rodriguez
2016-01-21 0:03 ` Luis R. Rodriguez
2016-01-21 13:12 ` Mimi Zohar
2016-01-21 13:12 ` Mimi Zohar
2016-01-21 15:45 ` Paul Moore
2016-01-21 15:45 ` Paul Moore
2016-01-21 21:15 ` Mimi Zohar
2016-01-21 21:15 ` Mimi Zohar
2016-01-21 21:26 ` Paul Moore
2016-01-21 21:26 ` Paul Moore
2016-01-21 21:58 ` Kees Cook
2016-01-21 21:58 ` Kees Cook
2016-01-21 16:56 ` Luis R. Rodriguez
2016-01-21 16:56 ` Luis R. Rodriguez
2016-01-21 20:37 ` Mimi Zohar
2016-01-21 20:37 ` Mimi Zohar
2016-01-18 15:11 ` [RFC PATCH v2 09/11] ima: load policy using path Mimi Zohar
2016-01-18 15:11 ` Mimi Zohar
2016-01-21 0:05 ` Luis R. Rodriguez
2016-01-21 0:05 ` Luis R. Rodriguez
2016-01-21 13:15 ` Mimi Zohar
2016-01-21 13:15 ` Mimi Zohar
2016-01-23 2:59 ` Luis R. Rodriguez
2016-01-23 2:59 ` Luis R. Rodriguez
2016-01-18 15:11 ` [RFC PATCH v2 10/11] ima: measure and appraise the IMA policy itself Mimi Zohar
2016-01-18 15:11 ` Mimi Zohar
2016-01-18 15:11 ` [RFC PATCH v2 11/11] ima: require signed IMA policy Mimi Zohar
2016-01-18 15:11 ` Mimi Zohar
2016-01-21 20:16 ` [RFC PATCH v2 00/11] vfss: support for a common kernel file loader Luis R. Rodriguez
2016-01-21 20:16 ` Luis R. Rodriguez
2016-01-21 20:18 ` Mimi Zohar
2016-01-21 20:18 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1453382292.9549.136.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=d.kasatkin@samsung.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=dmitry.torokhov@gmail.com \
--cc=dwmw2@infradead.org \
--cc=fsdevel@vger.kernel.org \
--cc=keescook@chromium.org \
--cc=kexec@lists.infradead.org \
--cc=linux-modules@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mcgrof@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.