Commit 9e51de29 authored by Huaxin Lu's avatar Huaxin Lu
Browse files

ima: Fix violation digests extending issue in cvm 

EulerOS inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/IA71XS



------------------------------

Add the special process of IMA violation digests, the digest
with all of 0xff is extended.

Fixes: b1410546 ("IMA: Support the measurement extending of TSI TMM")
Signed-off-by: default avatarHuaxin Lu <luhuaxin1@huawei.com>
parent dbd6a8b1

security/integrity/ima/ima_cvm.c

+6 −1
Original line number Diff line number Diff line
@@ -66,7 +66,12 @@ int ima_cvm_extend(struct tpm_digest *digests_arg) 
	/* Use index 1 as CVM IMA slot */

	cme.index = 1;

	cme.size = hash_digest_size[ima_hash_algo];

	memcpy(cme.value, digests_arg[ima_hash_algo_idx].digest, cme.size);



	if (digests_arg)

		memcpy(cme.value, digests_arg[ima_hash_algo_idx].digest,

		       cme.size);

	else

		memset(cme.value, 0xff, cme.size);



	return tsi_measurement_extend(&cme) == TSI_SUCCESS ? 0 : -EFAULT;

}