Re: [Linux-ima-devel] [PATCH 5/7] ima: add securityfs interface to save a measurements list with kexec header

[Mimi Zohar]

On Tue, 2017-06-06 at 11:13 +0200, Roberto Sassu wrote:
> >>Â /* returns pointer to hlist_node */
> >>Â static void *ima_measurements_start(struct seq_file *m, loff_t *pos)
> >>Â {
> >>ÂÂÂÂÂÂloff_t l = *pos;
> >>ÂÂÂÂÂÂstruct ima_queue_entry *qe;
> >> +ÂÂÂÂstruct ima_queue_entry *qe_found = NULL;
> >> +ÂÂÂÂunsigned long size = 0, count = 0;
> >> +ÂÂÂÂbool khdr = m->file->f_path.dentry == binary_kexec_runtime_measurements;
> >>
> >>ÂÂÂÂÂÂ/* we need a lock since pos could point beyond last element */
> >>ÂÂÂÂÂÂrcu_read_lock();
> >>ÂÂÂÂÂÂlist_for_each_entry_rcu(qe, &ima_measurements, later) {
> >> -ÂÂÂÂÂÂÂÂÂÂÂÂif (!l--) {
> >> -ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂrcu_read_unlock();
> >> -ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂreturn qe;
> >> +ÂÂÂÂÂÂÂÂÂÂÂÂif (!l) {
> >> +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂqe_found = qe_found ? qe_found : qe;
> >
> > What is this?
> 
> ima_measurements_start() should return the list entry at position *pos.
> The line above prevents qe_found from being updated when the loop
> continues until the last list entry.

Wouldn't a simple if/then be more appropriate here?

> 
> >
> >> +
> >> +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂif (!khdr)
> >> +ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂbreak;
> >
> > Does this test need to be in the loop?
> 
> Yes. Otherwise, ima_measurements_start() would iterate over the whole
> list when it is not necessary.

Oh, for displaying the measurement list you need to set qe_found
before returning.

thanks,

Mimi