[PATCH v2 2/2] ima: Alloc ima_max_digest_data in xattr_verify() if CONFIG_VMAP_STACK=y
Eric Biggers
ebiggers at kernel.org
Thu Dec 1 18:55:27 UTC 2022
On Thu, Dec 01, 2022 at 11:06:25AM +0100, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu at huawei.com>
>
> Similarly to evm_verify_hmac(), which allocates an evm_digest structure to
> satisfy the linear mapping requirement if CONFIG_VMAP_STACK is enabled, do
> the same in xattr_verify(). Allocate an ima_max_digest_data structure and
> use that instead of the in-stack counterpart.
>
> Cc: stable at vger.kernel.org # 4.9.x
> Fixes: ba14a194a434 ("fork: Add generic vmalloced stack support")
> Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
Likewise, what is the actual problem here? Where specifically is a scatterlist
being used to represent an on-stack buffer?
- Eric
More information about the Linux-security-module-archive
mailing list