| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <90e19242fd8445cf93728c0946c03c19@huawei.com>
Date: Mon, 27 Apr 2020 12:50:30 +0000
From: Roberto Sassu <roberto.sassu@...wei.com>
To: David Laight <David.Laight@...LAB.COM>,
"zohar@...ux.ibm.com" <zohar@...ux.ibm.com>,
"rgoldwyn@...e.de" <rgoldwyn@...e.de>
CC: "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
"linux-security-module@...r.kernel.org"
<linux-security-module@...r.kernel.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Silviu Vlasceanu <Silviu.Vlasceanu@...wei.com>,
Krzysztof Struczynski <krzysztof.struczynski@...wei.com>,
"stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: RE: [PATCH v2 3/6] ima: Fix ima digest hash table key calculation
> -----Original Message-----
> From: David Laight [mailto:David.Laight@...LAB.COM]
> Sent: Monday, April 27, 2020 1:00 PM
> To: Roberto Sassu <roberto.sassu@...wei.com>; zohar@...ux.ibm.com;
> rgoldwyn@...e.de
> Cc: linux-integrity@...r.kernel.org; linux-security-module@...r.kernel.org;
> linux-kernel@...r.kernel.org; Silviu Vlasceanu
> <Silviu.Vlasceanu@...wei.com>; Krzysztof Struczynski
> <krzysztof.struczynski@...wei.com>; stable@...r.kernel.org
> Subject: RE: [PATCH v2 3/6] ima: Fix ima digest hash table key calculation
>
> From: Roberto Sassu
> > Sent: 27 April 2020 11:29
> > Function hash_long() accepts unsigned long, while currently only one byte
> > is passed from ima_hash_key(), which calculates a key for ima_htable.
> >
> > Given that hashing the digest does not give clear benefits compared to
> > using the digest itself, remove hash_long() and return the modulus
> > calculated on the beginning of the digest with the number of slots. Also
> > reduce the depth of the hash table by doubling the number of slots.
> >
> > Cc: stable@...r.kernel.org
> > Fixes: 3323eec921ef ("integrity: IMA as an integrity service provider")
> > Co-developed-by: Roberto Sassu <roberto.sassu@...wei.com>
> > Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> > Signed-off-by: Krzysztof Struczynski <krzysztof.struczynski@...wei.com>
> > ---
> > security/integrity/ima/ima.h | 6 +++---
> > 1 file changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> > index 467dfdbea25c..6ee458cf124a 100644
> > --- a/security/integrity/ima/ima.h
> > +++ b/security/integrity/ima/ima.h
> > @@ -36,7 +36,7 @@ enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 };
> > #define IMA_DIGEST_SIZE SHA1_DIGEST_SIZE
> > #define IMA_EVENT_NAME_LEN_MAX 255
> >
> > -#define IMA_HASH_BITS 9
> > +#define IMA_HASH_BITS 10
> > #define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS)
> >
> > #define IMA_TEMPLATE_FIELD_ID_MAX_LEN 16
> > @@ -179,9 +179,9 @@ struct ima_h_table {
> > };
> > extern struct ima_h_table ima_htable;
> >
> > -static inline unsigned long ima_hash_key(u8 *digest)
> > +static inline unsigned int ima_hash_key(u8 *digest)
> > {
> > - return hash_long(*digest, IMA_HASH_BITS);
> > + return (*(unsigned int *)digest % IMA_MEASURE_HTABLE_SIZE);
>
> That almost certainly isn't right.
> It falls foul of the *(integer_type *)ptr being almost always wrong.
I didn't find the problem. Can you please explain?
Thanks
Roberto
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Li Jian, Shi Yanli
> David
>
> -
> Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes,
> MK1 1PT, UK
> Registration No: 1397386 (Wales)
Powered by blists - more mailing lists