Unverified Commit dd2c7011 authored Jun 21, 2024 by openeuler-ci-bot Committed by Gitee Jun 21, 2024

!9277 ima: Fix violation digests extending issue in cvm

Merge Pull Request from: @HuaxinLuGitee 
 
Add the special process of IMA violation digests, the digest
with all of 0xff is extended.

https://gitee.com/openeuler/kernel/issues/IA71XS 
 
Link:https://gitee.com/openeuler/kernel/pulls/9277

 

Reviewed-by: Jialin Zhang <zhangjialin11@huawei.com>
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

parents dbd6a8b1 9e51de29

security/integrity/ima/ima_cvm.c

+6 −1

Original line number	Diff line number	Diff line
		@@ -66,7 +66,12 @@ int ima_cvm_extend(struct tpm_digest *digests_arg)
		/* Use index 1 as CVM IMA slot */
		cme.index = 1;
		cme.size = hash_digest_size[ima_hash_algo];
		memcpy(cme.value, digests_arg[ima_hash_algo_idx].digest, cme.size);

		if (digests_arg)
		memcpy(cme.value, digests_arg[ima_hash_algo_idx].digest,
		cme.size);
		else
		memset(cme.value, 0xff, cme.size);

		return tsi_measurement_extend(&cme) == TSI_SUCCESS ? 0 : -EFAULT;
		}