Re: [PATCH v5] ima_fs: Avoid creating measurement lists for unsupported hash algos

[Mimi Zohar]

> > > @@ -404,16 +398,24 @@ static int __init create_securityfs_measurement_lists(void)
> > >  		char file_name[NAME_MAX + 1];
> > >  		struct dentry *dentry;
> > >  
> > > -		sprintf(file_name, "ascii_runtime_measurements_%s",
> > > -			hash_algo_name[algo]);
> > > +		if (algo == HASH_ALGO__LAST)
> > > +			sprintf(file_name, "ascii_runtime_measurements_tpm_alg_%x",
> > > +				ima_tpm_chip->allocated_banks[i].alg_id);
> > > +		else
> > > +			sprintf(file_name, "ascii_runtime_measurements_%s",
> > > +				hash_algo_name[algo]);
> > >  		dentry = securityfs_create_file(file_name, S_IRUSR | S_IRGRP,
> > >  						ima_dir, (void *)(uintptr_t)i,
> > >  						&ima_ascii_measurements_ops);
> > >  		if (IS_ERR(dentry))
> > >  			return PTR_ERR(dentry);
> > >  
> > > -		sprintf(file_name, "binary_runtime_measurements_%s",
> > > -			hash_algo_name[algo]);
> > > +		if (algo == HASH_ALGO__LAST)
> > > +			sprintf(file_name, "binary_runtime_measurements_tpm_alg_%x",
> > > +				ima_tpm_chip->allocated_banks[i].alg_id);
> > 
> > There's no point in creating either of the securityfs files if the kernel
> > doesn't support the hash algorithm.
> 
> It is not useful per se, but since it is an information that it is
> produced and maintained by IMA, we can print it. And second, it will
> expose the fact that there is an unsupported algorithm (in the case of
> SHA3-256, the fix is add to the TPM - crypto subsystem mapping in tpm2-
> cmd.c).

Yes, agreed.

Dmitry, the Subject line implies the measurement lists aren't being created, yet
you're actually creating them.  Please update the patch description before re-
posting.

thanks,

Mimi