From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Boshi Wang <wangboshi@huawei.com>, linux-integrity@vger.kernel.org
Subject: Re: [PATCH] ima: fix ineffective default hash algorithm due to invalid hash algorithm boot argument
Date: Thu, 19 Oct 2017 11:05:16 -0400 [thread overview]
Message-ID: <1508425516.3268.18.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20171018033801.220383-1-wangboshi@huawei.com>
On Wed, 2017-10-18 at 11:38 +0800, Boshi Wang wrote:
> The hash_setup function always sets hash_setup_done variable. If an
> invalid hash algorithm is passed, the default hash algorithm specified
> by CONFIG_IMA_DEFAULT_HASH could not be used.
The Subject line of this email is too long and needs to be clearer.
Please refer to Documentation/process/submitting-patches.rst section
14 "The canonical patch format". I would recommend shortening it to
something like "ima: fix hash algorithm initialization".
The patch description should start out with a concise explanation of
the current status, followed by the problem description and end with
the solution. For example,
The hash_setup function always sets the hash_setup_done flag, even
when the hash algorithm is invalid. This prevents the default hash
algorithm defined as CONFIG_IMA_DEFAULT_HASH from being used.
This patch sets hash_setup_done flag only for valid hash algorithms.
Mimi
> Signed-off-by: Boshi Wang <wangboshi@huawei.com>
> ---
> security/integrity/ima/ima_main.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 2aebb79..ab70a39 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -51,6 +51,8 @@ static int __init hash_setup(char *str)
> ima_hash_algo = HASH_ALGO_SHA1;
> else if (strncmp(str, "md5", 3) == 0)
> ima_hash_algo = HASH_ALGO_MD5;
> + else
> + return 1;
> goto out;
> }
>
> @@ -60,6 +62,8 @@ static int __init hash_setup(char *str)
> break;
> }
> }
> + if (i == HASH_ALGO__LAST)
> + return 1;
> out:
> hash_setup_done = 1;
> return 1;
next prev parent reply other threads:[~2017-10-19 15:07 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-18 3:38 [PATCH] ima: fix ineffective default hash algorithm due to invalid hash algorithm boot argument Boshi Wang
2017-10-19 15:05 ` Mimi Zohar [this message]
2017-10-20 2:14 ` Boshi Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1508425516.3268.18.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=wangboshi@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.