Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/integrity/ima/ima_queue.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-only
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  * Copyright (C) 2005,2006,2007,2008 IBM Corporation
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Authors:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  * Serge Hallyn <serue@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  * Reiner Sailer <sailer@watson.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  * Mimi Zohar <zohar@us.ibm.com>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10)  * File: ima_queue.c
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11)  *       Implements queues that store template measurements and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12)  *       maintains aggregate over the stored measurements
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13)  *       in the pre-configured TPM PCR (if available).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14)  *       The measurement list is append-only. No entry is
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15)  *       ever removed or changed during the boot-cycle.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) #include <linux/rculist.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) #include "ima.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) #define AUDIT_CAUSE_LEN_MAX 32
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) /* pre-allocated array of tpm_digest structures to extend a PCR */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) static struct tpm_digest *digests;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) LIST_HEAD(ima_measurements);	/* list of all measurements */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) #ifdef CONFIG_IMA_KEXEC
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29) static unsigned long binary_runtime_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) #else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) static unsigned long binary_runtime_size = ULONG_MAX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) #endif
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) /* key: inode (before secure-hashing a file) */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) struct ima_h_table ima_htable = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 	.len = ATOMIC_LONG_INIT(0),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 	.violations = ATOMIC_LONG_INIT(0),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 	.queue[0 ... IMA_MEASURE_HTABLE_SIZE - 1] = HLIST_HEAD_INIT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) /* mutex protects atomicity of extending measurement list
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42)  * and extending the TPM PCR aggregate. Since tpm_extend can take
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43)  * long (and the tpm driver uses a mutex), we can't use the spinlock.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) static DEFINE_MUTEX(ima_extend_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) /* lookup up the digest value in the hash table, and return the entry */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) static struct ima_queue_entry *ima_lookup_digest_entry(u8 *digest_value,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) 						       int pcr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 	struct ima_queue_entry *qe, *ret = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52) 	unsigned int key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 	int rc;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 	key = ima_hash_key(digest_value);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 	rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 	hlist_for_each_entry_rcu(qe, &ima_htable.queue[key], hnext) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 		rc = memcmp(qe->entry->digests[ima_hash_algo_idx].digest,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) 			    digest_value, hash_digest_size[ima_hash_algo]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 		if ((rc == 0) && (qe->entry->pcr == pcr)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 			ret = qe;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62) 			break;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 	rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 	return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70)  * Calculate the memory required for serializing a single
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71)  * binary_runtime_measurement list entry, which contains a
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72)  * couple of variable length fields (e.g template name and data).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) static int get_binary_runtime_size(struct ima_template_entry *entry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 	int size = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 	size += sizeof(u32);	/* pcr */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 	size += TPM_DIGEST_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 	size += sizeof(int);	/* template name size field */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 	size += strlen(entry->template_desc->name);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) 	size += sizeof(entry->template_data_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 	size += entry->template_data_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 	return size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) /* ima_add_template_entry helper function:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88)  * - Add template entry to the measurement list and hash table, for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89)  *   all entries except those carried across kexec.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91)  * (Called with ima_extend_list_mutex held.)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) static int ima_add_digest_entry(struct ima_template_entry *entry,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 				bool update_htable)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	struct ima_queue_entry *qe;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 	unsigned int key;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 	qe = kmalloc(sizeof(*qe), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	if (qe == NULL) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 		pr_err("OUT OF MEMORY ERROR creating queue entry\n");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 		return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) 	qe->entry = entry;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) 	INIT_LIST_HEAD(&qe->later);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) 	list_add_tail_rcu(&qe->later, &ima_measurements);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 	atomic_long_inc(&ima_htable.len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 	if (update_htable) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 		key = ima_hash_key(entry->digests[ima_hash_algo_idx].digest);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 		hlist_add_head_rcu(&qe->hnext, &ima_htable.queue[key]);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 	if (binary_runtime_size != ULONG_MAX) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) 		int size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) 		size = get_binary_runtime_size(entry);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119) 		binary_runtime_size = (binary_runtime_size < ULONG_MAX - size) ?
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120) 		     binary_runtime_size + size : ULONG_MAX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126)  * Return the amount of memory required for serializing the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127)  * entire binary_runtime_measurement list, including the ima_kexec_hdr
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128)  * structure.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130) unsigned long ima_get_binary_runtime_size(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132) 	if (binary_runtime_size >= (ULONG_MAX - sizeof(struct ima_kexec_hdr)))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133) 		return ULONG_MAX;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) 	else
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) 		return binary_runtime_size + sizeof(struct ima_kexec_hdr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) static int ima_pcr_extend(struct tpm_digest *digests_arg, int pcr)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 	int result = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 	if (!ima_tpm_chip)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) 		return result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145) 	result = tpm_pcr_extend(ima_tpm_chip, pcr, digests_arg);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) 	if (result != 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) 		pr_err("Error Communicating to TPM chip, result: %d\n", result);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 	return result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152)  * Add template entry to the measurement list and hash table, and
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153)  * extend the pcr.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155)  * On systems which support carrying the IMA measurement list across
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156)  * kexec, maintain the total memory size required for serializing the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157)  * binary_runtime_measurements.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159) int ima_add_template_entry(struct ima_template_entry *entry, int violation,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160) 			   const char *op, struct inode *inode,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) 			   const unsigned char *filename)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 	u8 *digest = entry->digests[ima_hash_algo_idx].digest;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) 	struct tpm_digest *digests_arg = entry->digests;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 	const char *audit_cause = "hash_added";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 	char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 	int audit_info = 1;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 	int result = 0, tpmresult = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 	mutex_lock(&ima_extend_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 	if (!violation) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 		if (ima_lookup_digest_entry(digest, entry->pcr)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 			audit_cause = "hash_exists";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 			result = -EEXIST;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 			goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 	result = ima_add_digest_entry(entry, 1);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 	if (result < 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 		audit_cause = "ENOMEM";
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 		audit_info = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 		goto out;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 	if (violation)		/* invalidate pcr */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 		digests_arg = digests;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 	tpmresult = ima_pcr_extend(digests_arg, entry->pcr);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 	if (tpmresult != 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 		snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 			 tpmresult);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 		audit_cause = tpm_audit_cause;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 		audit_info = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) out:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 	mutex_unlock(&ima_extend_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 	integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 			    op, audit_cause, result, audit_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 	return result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) int ima_restore_measurement_entry(struct ima_template_entry *entry)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 	int result = 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 	mutex_lock(&ima_extend_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 	result = ima_add_digest_entry(entry, 0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 	mutex_unlock(&ima_extend_list_mutex);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 	return result;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) int __init ima_init_digests(void)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 	u16 digest_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 	u16 crypto_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 	int i;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 	if (!ima_tpm_chip)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 		return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 	digests = kcalloc(ima_tpm_chip->nr_allocated_banks, sizeof(*digests),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 			  GFP_NOFS);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 	if (!digests)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 		return -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 	for (i = 0; i < ima_tpm_chip->nr_allocated_banks; i++) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 		digests[i].alg_id = ima_tpm_chip->allocated_banks[i].alg_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 		digest_size = ima_tpm_chip->allocated_banks[i].digest_size;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 		crypto_id = ima_tpm_chip->allocated_banks[i].crypto_id;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 		/* for unmapped TPM algorithms digest is still a padded SHA1 */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) 		if (crypto_id == HASH_ALGO__LAST)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 			digest_size = SHA1_DIGEST_SIZE;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 		memset(digests[i].digest, 0xff, digest_size);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.