lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Z9ovT3CnxBqN+cKI@MiWiFi-R3L-srv>
Date: Wed, 19 Mar 2025 10:43:27 +0800
From: Baoquan He <bhe@...hat.com>
To: Stefan Berger <stefanb@...ux.ibm.com>
Cc: steven chen <chenste@...ux.microsoft.com>, zohar@...ux.ibm.com,
	roberto.sassu@...weicloud.com, roberto.sassu@...wei.com,
	eric.snowberg@...cle.com, ebiederm@...ssion.com,
	paul@...l-moore.com, code@...icks.com, bauermann@...abnow.com,
	linux-integrity@...r.kernel.org, kexec@...ts.infradead.org,
	linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org,
	madvenka@...ux.microsoft.com, nramas@...ux.microsoft.com,
	James.Bottomley@...senpartnership.com, vgoyal@...hat.com,
	dyoung@...hat.com
Subject: Re: [PATCH v10 1/8] ima: rename variable the ser_file "file" to
 "ima_kexec_file"

On 03/18/25 at 11:10am, Stefan Berger wrote:
> 
> 
> On 3/17/25 9:04 PM, steven chen wrote:
> > The name of the local variable "file" of type seq_file defined in the
> > ima_dump_measurement_list function is too generic. To better reflect the
> > purpose of the variable, rename it to "ima_kexec_file". This change will
> > help improve code readability and maintainability by making the variable's
> > role more explicit.
> > 
> > The variable ima_kexec_file is indeed the memory allocated for copying IMA
> > measurement records. The ima_dump_measurement_list function calculates the
> > actual memory occupied by the IMA logs and compares it with the allocated
> > memory. If there is enough memory, it copies all IMA measurement records;
> > otherwise, it does not copy any records, which would result in a failure
> > of remote attestation.
> > 
> > Suggested-by: Mimi Zohar <zohar@...ux.ibm.com>
> > Signed-off-by: steven chen <chenste@...ux.microsoft.com>
> 
> 
> > ---
> >   security/integrity/ima/ima_kexec.c | 39 ++++++++++++++++++------------
> >   1 file changed, 24 insertions(+), 15 deletions(-)
> > 
> > diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
> > index 9d45f4d26f73..8567619889d1 100644
> > --- a/security/integrity/ima/ima_kexec.c
> > +++ b/security/integrity/ima/ima_kexec.c
> > @@ -15,33 +15,41 @@
> >   #include "ima.h"
> >   #ifdef CONFIG_IMA_KEXEC
> > +/*
> > + * Copy the measurement list to the allocated memory
> > + * compare the size of IMA measurement list with the size of the allocated memory
> 
> Compare the size of the IMA ... memory.
> 
> 
> > + *    if the size of the allocated memory is not less than the size of IMA measurement list
> > + *        copy the measurement list to the allocated memory.
> > + *    else
> > + *        return error
> 
> If the size of the allocated memory is not less than the size of IMA
> measurement list, copy the measurement list to the allocated memory, return
> an error otherwise.

Ack the suggested change.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ