Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp2732877ybz; Mon, 27 Apr 2020 03:34:04 -0700 (PDT) X-Google-Smtp-Source: APiQypLD+LX5IdoFKNCM1ZPH5/mSSHUpUEnfxqWM4jKFk018rk1/eibLI6RIVHqo9QbjofX7yLJ7 X-Received: by 2002:a17:907:43c2:: with SMTP id i2mr19215932ejs.185.1587983644483; Mon, 27 Apr 2020 03:34:04 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587983644; cv=none; d=google.com; s=arc-20160816; b=v5cFxkwtNykxAURtR0Pwl/tjp0d2HuTvJhHMJRQD1sl6Nc7WwBt4VAP6u5B4ji9EWm acbXutgmmlBQKo5XNXblOUvcVKHB2ON91SGb6Vypygn/lS0Kg0Ejx5gEwZTmvXiUgyx4 sFVO+n02gxRSnjijBO1TeNx7RRq0k4TwuULx1HXDv0N5nr853h7ZA3f5u7cGGEBDu5w0 Tz/AkkeYxeG++p0w1hc+J4TKKP6H/sy7BNxZuBY+xham49kaBBTDPUNvFgZX2NmSR6BP RMMFvS/NkuUnaMfrwcjasqwzLRgkiGwRYtwGybC26iU6TEOfGzZd0yRpQzhhyxWq46Ir ynrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=mRLs5hp7nceZV3Xy44aHTV+Dze20kcbouGKMKDX4cg8=; b=yvY7GcQ0gRmYuMCWHDoIi4cIQ2w8jBTF+eLXF7qmF0deeE6oW3LkUWK6uqQxrkvUst Ar/OZgjxlTXKVeT0B1BoH34XqzTgHUEo9aKH8RcfJTf0ZvzOk1vLB1IgtjTEZW1h1G/0 +iE7nt9J0hKN58S2Mv2Nr+6NTdKNHNhifmJtbt7WVt1JPDkhzSuC3HNWDaNiIEDsWb34 TtXoaMkBFndY6KhT+rdHkfImzNwNimJ0OBbalQ5/QmFfaYvRx374Kb7niXNVneZRXGsV XMWMxu5tRoUA1znFASSpleoAVKml9mztxndGf3qFkXZH7wBKLnwjb4aJiXwKr2w/nKmt A5jA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id t27si8439195edt.42.2020.04.27.03.33.39; Mon, 27 Apr 2020 03:34:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727111AbgD0Kbu (ORCPT + 99 others); Mon, 27 Apr 2020 06:31:50 -0400 Received: from lhrrgout.huawei.com ([185.176.76.210]:2107 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726955AbgD0Kbn (ORCPT ); Mon, 27 Apr 2020 06:31:43 -0400 Received: from lhreml722-chm.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 7B7784AEC8FCA8D2792F; Mon, 27 Apr 2020 11:31:41 +0100 (IST) Received: from fraeml714-chm.china.huawei.com (10.206.15.33) by lhreml722-chm.china.huawei.com (10.201.108.73) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 27 Apr 2020 11:31:41 +0100 Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.160) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 27 Apr 2020 12:31:40 +0200 From: Roberto Sassu To: , CC: , , , , , , Roberto Sassu Subject: [PATCH v2 3/6] ima: Fix ima digest hash table key calculation Date: Mon, 27 Apr 2020 12:28:57 +0200 Message-ID: <20200427102900.18887-3-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200427102900.18887-1-roberto.sassu@huawei.com> References: <20200427102900.18887-1-roberto.sassu@huawei.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.204.65.160] X-ClientProxiedBy: lhreml710-chm.china.huawei.com (10.201.108.61) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Krzysztof Struczynski Function hash_long() accepts unsigned long, while currently only one byte is passed from ima_hash_key(), which calculates a key for ima_htable. Given that hashing the digest does not give clear benefits compared to using the digest itself, remove hash_long() and return the modulus calculated on the beginning of the digest with the number of slots. Also reduce the depth of the hash table by doubling the number of slots. Cc: stable@vger.kernel.org Fixes: 3323eec921ef ("integrity: IMA as an integrity service provider") Co-developed-by: Roberto Sassu Signed-off-by: Roberto Sassu Signed-off-by: Krzysztof Struczynski --- security/integrity/ima/ima.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 467dfdbea25c..6ee458cf124a 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -36,7 +36,7 @@ enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 }; #define IMA_DIGEST_SIZE SHA1_DIGEST_SIZE #define IMA_EVENT_NAME_LEN_MAX 255 -#define IMA_HASH_BITS 9 +#define IMA_HASH_BITS 10 #define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS) #define IMA_TEMPLATE_FIELD_ID_MAX_LEN 16 @@ -179,9 +179,9 @@ struct ima_h_table { }; extern struct ima_h_table ima_htable; -static inline unsigned long ima_hash_key(u8 *digest) +static inline unsigned int ima_hash_key(u8 *digest) { - return hash_long(*digest, IMA_HASH_BITS); + return (*(unsigned int *)digest % IMA_MEASURE_HTABLE_SIZE); } #define __ima_hooks(hook) \ -- 2.17.1