From: Florent Revest <revest@chromium.org>
To: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
linux-integrity@vger.kernel.org
Cc: kpsingh@chromium.org, mjg59@google.com, zohar@linux.ibm.com,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
Florent Revest <revest@google.com>
Subject: Re: [PATCH] ima: add the ability to query ima for the hash of a given file.
Date: Mon, 06 Jan 2020 17:10:35 +0100 [thread overview]
Message-ID: <e362242edea8931f045beea1228de99b6572aa89.camel@chromium.org> (raw)
In-Reply-To: <8f4d9c4e-735d-8ba9-b84a-4f341030e0cf@linux.microsoft.com>
On Fri, 2019-12-20 at 08:48 -0800, Lakshmi Ramasubramanian wrote:
> On 12/20/2019 8:31 AM, Florent Revest wrote:
>
> >
> > +/**
> > + * ima_file_hash - return the stored measurement if a file has
> > been hashed.
> > + * @file: pointer to the file
> > + * @buf: buffer in which to store the hash
> > + * @buf_size: length of the buffer
> > + *
> > + * On success, output the hash into buf and return the hash
> > algorithm (as
> > + * defined in the enum hash_algo).
> > + * If the hash is larger than buf, then only size bytes will be
> > copied. It
> > + * generally just makes sense to pass a buffer capable of holding
> > the largest
> > + * possible hash: IMA_MAX_DIGEST_SIZE
>
> If the given buffer is smaller than the hash length, wouldn't it be
> better to return the required size and a status indicating the buffer
> is not enough. The caller can then call back with the required
> buffer.
>
> If the hash is truncated the caller may not know if the hash is
> partial or not.
I agree with Mimi's answer that the caller would know based on the
returned hash algorithm.
> > + *
> > + * If IMA is disabled or if no measurement is available, return
> > -EOPNOTSUPP.
> > + * If the parameters are incorrect, return -EINVAL.
> > + */
> > +int ima_file_hash(struct file *file, char *buf, size_t buf_size)
> > +{
> > + struct inode *inode;
> > + struct integrity_iint_cache *iint;
> > + size_t copied_size;
> > +
> > + if (!file || !buf)
> > + return -EINVAL;
> > +
> > + if (!ima_policy_flag)
> > + return -EOPNOTSUPP;
> > +
> > + inode = file_inode(file);
> > + iint = integrity_iint_find(inode);
> > + if (!iint)
> > + return -EOPNOTSUPP;
> > +
> > + mutex_lock(&iint->mutex);
> > + copied_size = min_t(size_t, iint->ima_hash->length, buf_size);
> > + memcpy(buf, iint->ima_hash->digest, copied_size);
> > + mutex_unlock(&iint->mutex);
> > +
> > + return iint->ima_hash->algo;
>
> Should the hash algorithm be copied from iinit->ima_hash to a local
> variable while holding the mutex and that one returned?
>
> I assume iinit->mutex is taken to ensure iinit->ima_hash is not
> removed while this function is accessing it.
Ah! Good catch, thank you :)
prev parent reply other threads:[~2020-01-06 16:10 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-20 16:31 [PATCH] ima: add the ability to query ima for the hash of a given file Florent Revest
2019-12-20 16:48 ` Lakshmi Ramasubramanian
2019-12-23 17:39 ` Mimi Zohar
2020-01-06 16:15 ` Florent Revest
2020-01-06 16:10 ` Florent Revest [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=e362242edea8931f045beea1228de99b6572aa89.camel@chromium.org \
--to=revest@chromium.org \
--cc=kpsingh@chromium.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mjg59@google.com \
--cc=nramas@linux.microsoft.com \
--cc=revest@google.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).