[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20190627232546.28746-1-bauerman@linux.ibm.com>
Date: Thu, 27 Jun 2019 20:25:46 -0300
From: Thiago Jung Bauermann <bauerman@...ux.ibm.com>
To: linux-integrity@...r.kernel.org
Cc: linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, Mimi Zohar <zohar@...ux.ibm.com>,
Thiago Jung Bauermann <bauerman@...ux.ibm.com>
Subject: [PATCH] ima: Update MAX_TEMPLATE_NAME_LEN to fit largest reasonable definition
MAX_TEMPLATE_NAME_LEN is used when restoring measurements carried over from
a kexec. It should be set to the length of a template containing all fields
except for 'd' and 'n', which don't need to be accounted for since they
shouldn't be defined in the same template description as 'd-ng' and 'n-ng'.
That length is greater than the current 15, so update using a sizeof() to
show where the number comes from and also can be visually shown to be
correct. The sizeof() is calculated at compile time.
Signed-off-by: Thiago Jung Bauermann <bauerman@...ux.ibm.com>
---
security/integrity/ima/ima_template.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index a01a17e5c581..7343e8e0ae2f 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -47,7 +47,13 @@ static const struct ima_template_field supported_fields[] = {
{.field_id = "buf", .field_init = ima_eventbuf_init,
.field_show = ima_show_template_buf},
};
-#define MAX_TEMPLATE_NAME_LEN 15
+
+/*
+ * Used when restoring measurements carried over from a kexec. 'd' and 'n' don't
+ * need to be accounted for since they shouldn't be defined in the same template
+ * description as 'd-ng' and 'n-ng' respectively.
+ */
+#define MAX_TEMPLATE_NAME_LEN sizeof("d-ng|n-ng|sig|buf")
static struct ima_template_desc *ima_template;
Powered by blists - more mailing lists