Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp3548205ybc; Thu, 14 Nov 2019 10:46:34 -0800 (PST) X-Google-Smtp-Source: APXvYqyYrw1nAYP7XN8psxIkOQXVDjcbVjzeZvvH7LTGl4cEMYfJMnKKecFd1vd8vtxx/1jcBsem X-Received: by 2002:a5d:6351:: with SMTP id b17mr7100471wrw.126.1573757194170; Thu, 14 Nov 2019 10:46:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573757194; cv=none; d=google.com; s=arc-20160816; b=ukNg2hP/rJcbXgPy06AJcB8F2YLytaiQtHftt5FPAZJoBqWOVSAofqRHT4f4aScW8s nYjWFtR6PGJIka35CuWXrgAAiD2oAlNnXEzKUhGhJDbl+3XJ7+eMPpOmyDLisqnzQZZu VdIQs+fmDQhqL+ncO/0+MKeCQUl+itFmwC3in6HJr2uH0GZh1YukpCSxXXoWGQVU8mSf 3zCKyW7Fx/ueHsg8FoVDasMWx3UzJ5srqIDi4TIKbaqsm5DcVivGB7jxeFV8ALsoAiwl 63lGyY75KMoRCtpTXwp926Rsg9BpEMtV4vBQ/UrHaIJSOfbORGJZ/2iRn3RWCF7rCY9U GFaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature:dkim-filter; bh=nT4IO+CWu2bRiTtDpcO+b4y7oYNV0E1iPqumup/LrHc=; b=08vRoEnh5SgOjHOas3gezr8J5zeagAoMip/4hkL+Ad133BLIptupmZJmrNSxEPNBtL FQ7Av+hxZprgOAl01wUF3QgK5s8VBSl6bhTw9CB2JkL6v65msEP1lHEKogMIy+IXoMRz BYKb67QHnYlQkPBfNL3Nevx4+HVL9Gj0eF5H2Ab+2nobeK5vAetGyKCDfO4hyAL0UlWa XM5aISIU5++skGMARnRAGxLTHjPSMVaLg0oAhuPKrzUBSCOsy+ePCxgKwDxSJP0oovRr NlQMdvZWquLPx26kOHNo+Jg57evqncbYaLV6F7lN2zm2YBp3oivIkd8GZYBh0ndrDFtm hdjw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b="iotEtJ/X"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id w47si4910455edd.326.2019.11.14.10.46.09; Thu, 14 Nov 2019 10:46:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b="iotEtJ/X"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726977AbfKNSpH (ORCPT + 99 others); Thu, 14 Nov 2019 13:45:07 -0500 Received: from linux.microsoft.com ([13.77.154.182]:40118 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726549AbfKNSpH (ORCPT ); Thu, 14 Nov 2019 13:45:07 -0500 Received: from [10.137.112.108] (unknown [131.107.174.108]) by linux.microsoft.com (Postfix) with ESMTPSA id 6BE9820110C5; Thu, 14 Nov 2019 10:45:06 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 6BE9820110C5 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1573757106; bh=nT4IO+CWu2bRiTtDpcO+b4y7oYNV0E1iPqumup/LrHc=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=iotEtJ/XIqAF3q7j3QPuh7LCcFit74EAEzsq08vINI1+90+Mjghnff2hxY+MSQ+O3 VttqkrTk6ez8B+0isSwd+yavPOWWYM/yTF7cWY7aH9h3gexKIV7t2RPHh0qMI2Wtgb 8f+nAKiP19QeLlqvJS9fhCwtFAQq8broiSkOwIOg= Subject: Re: [PATCH] ima: avoid appraise error for hash calc interrupt To: Patrick Callaghan , Mimi Zohar , Patrick Callaghan , linux-integrity@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Sascha Hauer References: <20191111192348.30535-1-patrickc@linux.ibm.com> <1573578841.17949.48.camel@linux.ibm.com> <1573582344.17949.67.camel@linux.ibm.com> From: Lakshmi Ramasubramanian Message-ID: <4e1c0c6b-a5e1-a95a-8a0b-c5a7f0a253cf@linux.microsoft.com> Date: Thu, 14 Nov 2019 10:45:06 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/14/19 5:55 AM, Patrick Callaghan wrote: Hi Patrick, > Hello Laks, > You suggested that the if statement of the patch change to the > following: > > if ((rbuf_len == 0) || (offset + rbuf_len >= i_size)) { > > Unless the file size changed between the time that i_size was set in > ima_calc_file_hash_tfm() and an i_size_read() call was subsequently > issued in a function downstream of the integrity_kernel_read() call, > the rbuf_len returned on the integrity_kernel_read() call will not be > more than i_size - offset. I do not think that it is possible for the > file size to change during this window but nonetheless, if it can, this > would be a different problem and I would not want to include this in my > patch. That said, I do appreciate you taking time to review this patch. You are right - unless the file size changes between the calls this problem would not occur. I agree - that issue, even if it can occur, should be addressed separately. Another one (again - am not saying this needs to be addressed in this patch, but just wanted to point out) rbuf = kzalloc(PAGE_SIZE, GFP_KERNEL); ... rbuf_len = integrity_kernel_read(file, offset, rbuf, PAGE_SIZE); ... rc = crypto_shash_update(shash, rbuf, rbuf_len); rbuf is of size PAGE_SIZE, but rbuf_len, returned by integrity_kernel_read() is passed as buffer size to crypto_shash_update() without any validation (rbuf_len <= PAGE_SIZE) It is assumed here that integrity_kernel_read() would not return a length greater than rbuf size and hence crypto_shash_update() would never access beyond the given buffer. thanks, -lakshmi