Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp3813533ybz; Tue, 28 Apr 2020 00:34:45 -0700 (PDT) X-Google-Smtp-Source: APiQypIZIjy+7WjgBzAzKEeI4WigNZJyXiQpuxGoyRdCKuo9j1nhRN5c+XBTQ+nvk5xD9nbwCw6O X-Received: by 2002:a17:906:459:: with SMTP id e25mr23938327eja.379.1588059285836; Tue, 28 Apr 2020 00:34:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588059285; cv=none; d=google.com; s=arc-20160816; b=VdlWSCC/jlBxYg+AUyQvBx18fAfGEdl8QgtdLDdQOMLZdIvQJlYOSnkmOpjJmsLwGM X9pAkKcwY31bTvihCdNJ8up5Rd98r0Kw5Kn0W/G7O/beNyg4XsAgm0158A7Suu5TZCfp BIcaUeWmyR6HyYc5JyHJ2nWywwH+rWWWu9jFvuO6ZpqpcuC+0xd17LWLjBpznwVg/2I1 2Prleqi2S+dDvJb0oMIoqqJVq12S1K7xYlCZ0cmVwgAnXde7SaydkaXxQsaScT38GT6R 1mcyk7lvCW0bKBz+SDl964ata8zHQ1RLO2WC8kDaDt+7vvCsTs59NpCL60Y9G56GCiwu Ieuw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from; bh=VXVmTigNEDz8mJZMn23gLAG0nx36+Dq/ydu0fuheRis=; b=D8TzPyu4B9YNllerwdN/lTepBgMT8DY9ZxDknbLRgli1WyrYDxvO6k9UNJlaP4PcF4 4YUO4U0fJNZvz8jQfBqzY+R5Q4Yo5cdTg+rkf9zbuJiuf/LQf6DeKm64StfIRqUFZBFk hCXH3iwtceR4lcbUqLLt8FPF5HoJr0WRLi4JelIHtwOB/EDYlcqDOKQCeakkgP2s6MUL z+u+AyUPBakIs8+qbwMy0bGDExxbWULN+9+8Z+LrqJNdfKTObT+SE7Xgi3MADCon9May dntHo6rzl1m06+7JLHn86q2aGttpLs2FAyeyXRXA7Dz3Key4HVZAtJGlF23yFnsIq45X mF4w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q4si1380768eji.14.2020.04.28.00.34.21; Tue, 28 Apr 2020 00:34:45 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726396AbgD1Hco (ORCPT + 99 others); Tue, 28 Apr 2020 03:32:44 -0400 Received: from lhrrgout.huawei.com ([185.176.76.210]:2117 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726274AbgD1Hcn (ORCPT ); Tue, 28 Apr 2020 03:32:43 -0400 Received: from lhreml743-chm.china.huawei.com (unknown [172.18.7.106]) by Forcepoint Email with ESMTP id BA2CFD6E8C5E08530288; Tue, 28 Apr 2020 08:32:41 +0100 (IST) Received: from fraeml714-chm.china.huawei.com (10.206.15.33) by lhreml743-chm.china.huawei.com (10.201.108.193) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Tue, 28 Apr 2020 08:32:41 +0100 Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.160) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Tue, 28 Apr 2020 09:32:40 +0200 From: Roberto Sassu To: , , CC: , , , , , , Roberto Sassu Subject: [RESEND][PATCH v2 3/6] ima: Fix ima digest hash table key calculation Date: Tue, 28 Apr 2020 09:30:10 +0200 Message-ID: <20200428073010.25631-1-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200427102900.18887-3-roberto.sassu@huawei.com> References: <20200427102900.18887-3-roberto.sassu@huawei.com> MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.204.65.160] X-ClientProxiedBy: lhreml736-chm.china.huawei.com (10.201.108.87) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Krzysztof Struczynski Function hash_long() accepts unsigned long, while currently only one byte is passed from ima_hash_key(), which calculates a key for ima_htable. Given that hashing the digest does not give clear benefits compared to using the digest itself, remove hash_long() and return the modulus calculated on the first two bytes of the digest with the number of slots. Also reduce the depth of the hash table by doubling the number of slots. Changelog v2: directly access the first two bytes of the digest to avoid memory access issues on big endian systems (suggested by David Laight) Cc: stable@vger.kernel.org Fixes: 3323eec921ef ("integrity: IMA as an integrity service provider") Co-developed-by: Roberto Sassu Signed-off-by: Roberto Sassu Signed-off-by: Krzysztof Struczynski --- security/integrity/ima/ima.h | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 467dfdbea25c..02796473238b 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -36,7 +36,7 @@ enum tpm_pcrs { TPM_PCR0 = 0, TPM_PCR8 = 8 }; #define IMA_DIGEST_SIZE SHA1_DIGEST_SIZE #define IMA_EVENT_NAME_LEN_MAX 255 -#define IMA_HASH_BITS 9 +#define IMA_HASH_BITS 10 #define IMA_MEASURE_HTABLE_SIZE (1 << IMA_HASH_BITS) #define IMA_TEMPLATE_FIELD_ID_MAX_LEN 16 @@ -179,9 +179,10 @@ struct ima_h_table { }; extern struct ima_h_table ima_htable; -static inline unsigned long ima_hash_key(u8 *digest) +static inline unsigned int ima_hash_key(u8 *digest) { - return hash_long(*digest, IMA_HASH_BITS); + /* there is no point in taking a hash of part of a digest */ + return (digest[0] | digest[1] << 8) % IMA_MEASURE_HTABLE_SIZE; } #define __ima_hooks(hook) \ -- 2.17.1