Unverified Commit 9ad6f2fc authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!14095 ima: Fix violation digests extending issue in virtcca 

Merge Pull Request from: @HuaxinLuGitee 
 
EulerOS inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IB98NJ

------------------------------

When ima processes violation measurement, the pre-allocated digest array of
all 0xFF are extended. The length of array comes from the slot number of RoT.
Currently the slot number of virtcca is zero if the algorithm configuration
is same between ima and virtcca, which causes the NULL pointer access.

This commit ensures the solt of virtcca is allocated always. 
 
Link:https://gitee.com/openeuler/kernel/pulls/14095

 

Reviewed-by: default avatarZhang Peng <zhangpeng362@huawei.com>
Signed-off-by: default avatarZhang Peng <zhangpeng362@huawei.com>
parents f3bf6add 939ff771

security/integrity/ima/ima_virtcca.c

+15 −19
Original line number Diff line number Diff line
@@ -38,10 +38,6 @@ int ima_virtcca_init(struct ima_rot *rot) 
	if (rc)

		return rc;



	if (virtcca_algo != ima_hash_algo) {

		pr_info("VirtCCA's algo (%s) is different from ima_hash_algo (%s)\n",

				hash_algo_name[virtcca_algo], hash_algo_name[ima_hash_algo]);



	rot->allocated_banks = kcalloc(1, sizeof(*rot->allocated_banks), GFP_KERNEL);

	if (!rot->allocated_banks)

		return -ENOMEM;
@@ -51,7 +47,6 @@ int ima_virtcca_init(struct ima_rot *rot) 
					 TPM_ALG_SHA512 : TPM_ALG_SHA256;

	rot->allocated_banks[0].digest_size = hash_digest_size[virtcca_algo];

	rot->allocated_banks[0].crypto_id = virtcca_algo;

	}



	return 0;

}
@@ -81,15 +76,16 @@ int ima_calc_virtcca_boot_aggregate(struct ima_digest_data *hash) 
int ima_virtcca_extend(struct tpm_digest *digests_arg, const void *args)

{

	struct virtcca_cvm_measurement_extend cme;

	int algo_idx = (virtcca_algo != ima_hash_algo) ? 0 : ima_hash_algo_idx;



	cme.index = CVM_IMA_SLOT_IDX;

	cme.size = hash_digest_size[virtcca_algo];



	if (digests_arg)

		memcpy(cme.value, digests_arg[algo_idx].digest, cme.size);

	else

		memset(cme.value, 0xff, cme.size);

	/*

	 * virtcca has only one slot, so the algorithm of digests_arg[0] is always

	 * virtcca_algo according to the init process of ima_init_crypto() and

	 * ima_init_digets()

	 */

	memcpy(cme.value, digests_arg[0].digest, cme.size);



	return tsi_measurement_extend(&cme) == TSI_SUCCESS ? 0 : -EFAULT;

}