From patchwork Tue May 17 07:23:44 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: GUO Zihua <guozihua@huawei.com>
X-Patchwork-Id: 12852024
Return-Path: <linux-integrity-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 530FBC433F5
	for <linux-integrity@archiver.kernel.org>;
 Tue, 17 May 2022 07:25:19 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240490AbiEQHZS (ORCPT
        <rfc822;linux-integrity@archiver.kernel.org>);
        Tue, 17 May 2022 03:25:18 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:43484 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235896AbiEQHZR (ORCPT
        <rfc822;linux-integrity@vger.kernel.org>);
        Tue, 17 May 2022 03:25:17 -0400
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 43B6443EDC;
        Tue, 17 May 2022 00:25:16 -0700 (PDT)
Received: from dggpemm500024.china.huawei.com (unknown [172.30.72.55])
        by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4L2SL26jKtzhZLQ;
        Tue, 17 May 2022 15:24:26 +0800 (CST)
Received: from huawei.com (10.67.175.31) by dggpemm500024.china.huawei.com
 (7.185.36.203) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2375.24; Tue, 17 May
 2022 15:25:14 +0800
From: GUO Zihua <guozihua@huawei.com>
To: <linux-integrity@vger.kernel.org>
CC: <zohar@linux.ibm.com>, <dmitry.kasatkin@gmail.com>,
        <gustavoars@kernel.org>, <linux-hardening@vger.kernel.org>
Subject: [PATCH -next] evm: Refector struct evm_xattr
Date: Tue, 17 May 2022 15:23:44 +0800
Message-ID: <20220517072344.23576-1-guozihua@huawei.com>
X-Mailer: git-send-email 2.36.0
MIME-Version: 1.0
X-Originating-IP: [10.67.175.31]
X-ClientProxiedBy: dggems705-chm.china.huawei.com (10.3.19.182) To
 dggpemm500024.china.huawei.com (7.185.36.203)
X-CFilter-Loop: Reflected
Precedence: bulk
List-ID: <linux-integrity.vger.kernel.org>
X-Mailing-List: linux-integrity@vger.kernel.org

struct evm_xattr is only used for EVM_XATTR_HMAC type evm digest and is
glued together one flexible array and one fixed length array. The
original intention seems to be shortening the code as the "data" field
would always be a SHA1 digest.

This implementation is not complying with GCC's specification about
flexible array and spars yield the following warning:

security/integrity/evm/evm_main.c:852:30: warning: using sizeof on a flexible
structure
security/integrity/evm/evm_main.c:862:32: warning: using sizeof on a flexible
structure

Fix it by:
1. Remove struct evm_xattr and use struct evm_ima_xattr_data directly.
2. Get array size with struct_size instead of sizeof.

Reference: https://github.com/KSPP/linux/issues/174

Fixes: 6be5cc5246f80 ("evm: add support for different security.evm data types")
Signed-off-by: GUO Zihua <guozihua@huawei.com>
---
 security/integrity/evm/evm_main.c | 14 ++++++++------
 security/integrity/integrity.h    |  6 ------
 2 files changed, 8 insertions(+), 12 deletions(-)

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 7d87772f0ce6..f2c4501a287a 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -211,7 +211,8 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
 	/* check value type */
 	switch (xattr_data->type) {
 	case EVM_XATTR_HMAC:
-		if (xattr_len != sizeof(struct evm_xattr)) {
+		if (xattr_len != struct_size(*xattr_data, data,
+					     SHA1_DIGEST_SIZE)) {
 			evm_status = INTEGRITY_FAIL;
 			goto out;
 		}
@@ -842,24 +843,25 @@ int evm_inode_init_security(struct inode *inode,
 				 const struct xattr *lsm_xattr,
 				 struct xattr *evm_xattr)
 {
-	struct evm_xattr *xattr_data;
+	struct evm_ima_xattr_data *xattr_data;
 	int rc;
 
 	if (!(evm_initialized & EVM_INIT_HMAC) ||
 	    !evm_protected_xattr(lsm_xattr->name))
 		return 0;
 
-	xattr_data = kzalloc(sizeof(*xattr_data), GFP_NOFS);
+	xattr_data = kzalloc(struct_size(*xattr_data, data,
+			     SHA1_DIGEST_SIZE), GFP_NOFS);
 	if (!xattr_data)
 		return -ENOMEM;
 
-	xattr_data->data.type = EVM_XATTR_HMAC;
-	rc = evm_init_hmac(inode, lsm_xattr, xattr_data->digest);
+	xattr_data->type = EVM_XATTR_HMAC;
+	rc = evm_init_hmac(inode, lsm_xattr, xattr_data->data);
 	if (rc < 0)
 		goto out;
 
 	evm_xattr->value = xattr_data;
-	evm_xattr->value_len = sizeof(*xattr_data);
+	evm_xattr->value_len = struct_size(*xattr_data, data, SHA1_DIGEST_SIZE);
 	evm_xattr->name = XATTR_EVM_SUFFIX;
 	return 0;
 out:
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 3510e413ea17..91b16d620dd9 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -86,12 +86,6 @@ struct evm_ima_xattr_data {
 	u8 data[];
 } __packed;
 
-/* Only used in the EVM HMAC code. */
-struct evm_xattr {
-	struct evm_ima_xattr_data data;
-	u8 digest[SHA1_DIGEST_SIZE];
-} __packed;
-
 #define IMA_MAX_DIGEST_SIZE	64
 
 struct ima_digest_data {