lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <b8882b36-e3ef-424e-9dc1-564e3d1944f9@linux.microsoft.com>
Date: Fri, 21 Mar 2025 09:15:43 -0700
From: steven chen <chenste@...ux.microsoft.com>
To: Baoquan He <bhe@...hat.com>, Stefan Berger <stefanb@...ux.ibm.com>
Cc: zohar@...ux.ibm.com, roberto.sassu@...weicloud.com,
 roberto.sassu@...wei.com, eric.snowberg@...cle.com, ebiederm@...ssion.com,
 paul@...l-moore.com, code@...icks.com, bauermann@...abnow.com,
 linux-integrity@...r.kernel.org, kexec@...ts.infradead.org,
 linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org,
 madvenka@...ux.microsoft.com, nramas@...ux.microsoft.com,
 James.Bottomley@...senpartnership.com, vgoyal@...hat.com, dyoung@...hat.com
Subject: Re: [PATCH v10 1/8] ima: rename variable the ser_file "file" to
 "ima_kexec_file"

On 3/18/2025 7:43 PM, Baoquan He wrote:
> On 03/18/25 at 11:10am, Stefan Berger wrote:
>>
>> On 3/17/25 9:04 PM, steven chen wrote:
>>> The name of the local variable "file" of type seq_file defined in the
>>> ima_dump_measurement_list function is too generic. To better reflect the
>>> purpose of the variable, rename it to "ima_kexec_file". This change will
>>> help improve code readability and maintainability by making the variable's
>>> role more explicit.
>>>
>>> The variable ima_kexec_file is indeed the memory allocated for copying IMA
>>> measurement records. The ima_dump_measurement_list function calculates the
>>> actual memory occupied by the IMA logs and compares it with the allocated
>>> memory. If there is enough memory, it copies all IMA measurement records;
>>> otherwise, it does not copy any records, which would result in a failure
>>> of remote attestation.
>>>
>>> Suggested-by: Mimi Zohar <zohar@...ux.ibm.com>
>>> Signed-off-by: steven chen <chenste@...ux.microsoft.com>
>>
>>> ---
>>>    security/integrity/ima/ima_kexec.c | 39 ++++++++++++++++++------------
>>>    1 file changed, 24 insertions(+), 15 deletions(-)
>>>
>>> diff --git a/security/integrity/ima/ima_kexec.c b/security/integrity/ima/ima_kexec.c
>>> index 9d45f4d26f73..8567619889d1 100644
>>> --- a/security/integrity/ima/ima_kexec.c
>>> +++ b/security/integrity/ima/ima_kexec.c
>>> @@ -15,33 +15,41 @@
>>>    #include "ima.h"
>>>    #ifdef CONFIG_IMA_KEXEC
>>> +/*
>>> + * Copy the measurement list to the allocated memory
>>> + * compare the size of IMA measurement list with the size of the allocated memory
>> Compare the size of the IMA ... memory.
>>
>>
>>> + *    if the size of the allocated memory is not less than the size of IMA measurement list
>>> + *        copy the measurement list to the allocated memory.
>>> + *    else
>>> + *        return error
>> If the size of the allocated memory is not less than the size of IMA
>> measurement list, copy the measurement list to the allocated memory, return
>> an error otherwise.
> Ack the suggested change.

Thanks for the comments.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ