Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp3408799ybl; Fri, 20 Dec 2019 08:49:55 -0800 (PST) X-Google-Smtp-Source: APXvYqxkDslEe1a1uWThlXEad6kJClqXkpNeIkojijG9vQeyY8DqwXnATu7gjjKjn8HjBc9/yg3a X-Received: by 2002:a05:6830:4d5:: with SMTP id s21mr620109otd.294.1576860595436; Fri, 20 Dec 2019 08:49:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576860595; cv=none; d=google.com; s=arc-20160816; b=0uBQMu4ds0WiHx478g+OvvDVEqe40jUtMxJh01w4PImR2/FALiFDRxYk542lOA24wh XrLoskrrYtlMbTQxCABYWkdAgU/sPh7WzKjHfOCYmHvjYsQ4TvnhurAWydx6eiRlqCpz 7PHoCUtSM6EQtWTrS5xAqBDRU+EhJarSmJcj7KH88dm9NGEHdOKE6SVlT5bUMNzzsmOT 62j7vhw2W+oTuVn2S7Z3Qy/j/2eILYeH0Ub8zl9jJ6qMyNDggEpxcvYdZceuLH3S/4b2 S6BKbIg8B6CJ6HwefDYwDJfevymSRelx3/Y6mP5uCyq9Q1RbgAHGzDCH5bWcNRgm+0kW MZ2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature:dkim-filter; bh=NIUGZ+fuf2FDsvapAJaWJ5cOfekjGTTUeUXSm26IsMw=; b=Py0RpZJxH9A/gdar6k0DfW4HSb4ZEa2vH/AZJTcgHtjxrRY87pwRYYHec2cLQn6lMG mGXJSUHFeJL1o47QKRNEXzGhwmmBRRJYdRuQzXVQDCrhkW1zQxgaXQ7toTakkbbJcsj+ rB5xFKLq0bIvYqVAVGvLOCMB9YndY0rrU80bOdMkQJMf3Up3lkS4H1wAkFTiOqKUawOK Luhs7AuyBx/sVN7mK3+LWzx5T9TKvsm+jL7OWcGdg8CZazwaV2QrDMgYfwzvivWHez4V 1Lag/YAeaoN2Q/iOEvivnTzieGVSScZxoYcj2hJqvTppUoMoXPKHQVIr+/uK2GXVFteV WqXg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=mtjPX2bn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id n137si5155539oig.127.2019.12.20.08.49.43; Fri, 20 Dec 2019 08:49:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux.microsoft.com header.s=default header.b=mtjPX2bn; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linux.microsoft.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727413AbfLTQr5 (ORCPT + 99 others); Fri, 20 Dec 2019 11:47:57 -0500 Received: from linux.microsoft.com ([13.77.154.182]:42394 "EHLO linux.microsoft.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727181AbfLTQr5 (ORCPT ); Fri, 20 Dec 2019 11:47:57 -0500 Received: from [10.137.112.111] (unknown [131.107.147.111]) by linux.microsoft.com (Postfix) with ESMTPSA id 1B2412010C1D; Fri, 20 Dec 2019 08:47:56 -0800 (PST) DKIM-Filter: OpenDKIM Filter v2.11.0 linux.microsoft.com 1B2412010C1D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux.microsoft.com; s=default; t=1576860476; bh=NIUGZ+fuf2FDsvapAJaWJ5cOfekjGTTUeUXSm26IsMw=; h=Subject:To:Cc:References:From:Date:In-Reply-To:From; b=mtjPX2bnsRQdsMZejTUMArtWQtbrzKQSj3yviq04WLFkhlLiFjJ6iBPCoSICOedm/ POUBGuQZqYlrRqgttnRhWGUVb/KRAzqx6fV9yG+j+UrfyWE04xQbz6AfyGUw3KLKB+ 3MpjdcsPYnkSh7Uy8LtOW0gMH4qSQZ7xX5lH+i4I= Subject: Re: [PATCH] ima: add the ability to query ima for the hash of a given file. To: Florent Revest , linux-integrity@vger.kernel.org Cc: kpsingh@chromium.org, mjg59@google.com, zohar@linux.ibm.com, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, Florent Revest References: <20191220163136.25010-1-revest@chromium.org> From: Lakshmi Ramasubramanian Message-ID: <8f4d9c4e-735d-8ba9-b84a-4f341030e0cf@linux.microsoft.com> Date: Fri, 20 Dec 2019 08:48:20 -0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.0 MIME-Version: 1.0 In-Reply-To: <20191220163136.25010-1-revest@chromium.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/20/2019 8:31 AM, Florent Revest wrote: > > +/** > + * ima_file_hash - return the stored measurement if a file has been hashed. > + * @file: pointer to the file > + * @buf: buffer in which to store the hash > + * @buf_size: length of the buffer > + * > + * On success, output the hash into buf and return the hash algorithm (as > + * defined in the enum hash_algo). > + * If the hash is larger than buf, then only size bytes will be copied. It > + * generally just makes sense to pass a buffer capable of holding the largest > + * possible hash: IMA_MAX_DIGEST_SIZE If the given buffer is smaller than the hash length, wouldn't it be better to return the required size and a status indicating the buffer is not enough. The caller can then call back with the required buffer. If the hash is truncated the caller may not know if the hash is partial or not. > + * > + * If IMA is disabled or if no measurement is available, return -EOPNOTSUPP. > + * If the parameters are incorrect, return -EINVAL. > + */ > +int ima_file_hash(struct file *file, char *buf, size_t buf_size) > +{ > + struct inode *inode; > + struct integrity_iint_cache *iint; > + size_t copied_size; > + > + if (!file || !buf) > + return -EINVAL; > + > + if (!ima_policy_flag) > + return -EOPNOTSUPP; > + > + inode = file_inode(file); > + iint = integrity_iint_find(inode); > + if (!iint) > + return -EOPNOTSUPP; > + > + mutex_lock(&iint->mutex); > + copied_size = min_t(size_t, iint->ima_hash->length, buf_size); > + memcpy(buf, iint->ima_hash->digest, copied_size); > + mutex_unlock(&iint->mutex); > + > + return iint->ima_hash->algo; Should the hash algorithm be copied from iinit->ima_hash to a local variable while holding the mutex and that one returned? I assume iinit->mutex is taken to ensure iinit->ima_hash is not removed while this function is accessing it. thanks, -lakshmi