On Fri, Jun 19, 2020 at 10:43:22AM +0800, Rong Chen wrote:
>
> Could you take a look at this warning? Roberto mentioned you in previous
> report:
> https://lore.kernel.org/linux-integrity/9dbec9465bda4f8995a42593eb0db...@huawei.com/
Well having a shash descriptor on the stack is always pushing
the envelope. Doing it when you put another 256-byte string is
obviously not a good idea. The good thing is that the string
isn't necessary, so how about:
---8<---
The function ima_calc_field_array_hash_tfm uses a stack descriptor
for shash. As hashing requires a large amount of space this means
that you shouldn't put any other large data on the stack at the same
time, for example, you definitely shouldn't put a 256-byte string
which you're going to hash on the stack.
Luckily this string is mostly composed of zeroes so we could just
use ZERO_PAGE instead.
Reported-by: kbuild test robot <l...@intel.com>
Signed-off-by: Herbert Xu <herb...@gondor.apana.org.au>
diff --git a/security/integrity/ima/ima_crypto.c
b/security/integrity/ima/ima_crypto.c
index 220b14920c37..0a925d1a1bf7 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -11,6 +11,7 @@
*/
#include <linux/kernel.h>
+#include <linux/mm.h>
#include <linux/moduleparam.h>
#include <linux/ratelimit.h>
#include <linux/file.h>
@@ -605,11 +606,11 @@ static int ima_calc_field_array_hash_tfm(struct
ima_field_data *field_data,
return rc;
for (i = 0; i < num_fields; i++) {
- u8 buffer[IMA_EVENT_NAME_LEN_MAX + 1] = { 0 };
u8 *data_to_hash = field_data[i].data;
u32 datalen = field_data[i].len;
u32 datalen_to_hash =
!ima_canonical_fmt ? datalen : cpu_to_le32(datalen);
+ u32 padlen = 0;
if (strcmp(td->name, IMA_TEMPLATE_IMA_NAME) != 0) {
rc = crypto_shash_update(shash,
@@ -617,14 +618,21 @@ static int ima_calc_field_array_hash_tfm(struct
ima_field_data *field_data,
sizeof(datalen_to_hash));
if (rc)
break;
- } else if (strcmp(td->fields[i]->field_id, "n") == 0) {
- memcpy(buffer, data_to_hash, datalen);
- data_to_hash = buffer;
- datalen = IMA_EVENT_NAME_LEN_MAX + 1;
- }
+ } else if (strcmp(td->fields[i]->field_id, "n") == 0 &&
+ datalen < IMA_EVENT_NAME_LEN_MAX + 1)
+ padlen = IMA_EVENT_NAME_LEN_MAX + 1 - datalen;
+
rc = crypto_shash_update(shash, data_to_hash, datalen);
if (rc)
break;
+
+ if (padlen) {
+ const u8 *zero = page_address(ZERO_PAGE(0));
+
+ rc = crypto_shash_update(shash, zero, padlen);
+ if (rc)
+ break;
+ }
}
if (!rc)
--
Email: Herbert Xu <herb...@gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
