From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: David Howells <dhowells@redhat.com>,
Peter Huewe <peterhuewe@gmx.de>,
Marcel Selhorst <tpmdd@selhorst.net>,
Jonathan Corbet <corbet@lwn.net>,
Jason Gunthorpe <jgunthorpe@obsidianresearch.com>,
James Morris <james.l.morris@oracle.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
"open list:KEYS-ENCRYPTED"
<linux-security-module@vger.kernel.org>,
"open list:KEYS-ENCRYPTED" <keyrings@vger.kernel.org>,
"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>,
open list <linux-kernel@vger.kernel.org>,
"moderated list:TPM DEVICE DRIVER"
<tpmdd-devel@lists.sourceforge.net>
Subject: Re: [PATCH 2/2] keys, trusted: seal with a policy
Date: Tue, 08 Dec 2015 18:56:17 -0500 [thread overview]
Message-ID: <1449618977.2937.104.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20151208202423.GA4232@intel.com>
On Tue, 2015-12-08 at 22:24 +0200, Jarkko Sakkinen wrote:
> On Tue, Dec 08, 2015 at 01:01:02PM +0200, Jarkko Sakkinen wrote:
> > On Tue, Dec 08, 2015 at 09:35:05AM +1100, James Morris wrote:
> > > On Mon, 7 Dec 2015, Jarkko Sakkinen wrote:
> > >
> > > > On Fri, Nov 20, 2015 at 01:34:35PM +1100, James Morris wrote:
> > > > > On Wed, 18 Nov 2015, Jarkko Sakkinen wrote:
> > > > >
> > > > > > On Wed, Nov 18, 2015 at 11:21:01AM +1100, James Morris wrote:
> > > > > > > On Tue, 17 Nov 2015, Jarkko Sakkinen wrote:
> > > > > > >
> > > > > > > > }
> > > > > > > > break;
> > > > > > > > + case Opt_policydigest:
> > > > > > > > + if (!tpm2 ||
> > > > > > > > + strlen(args[0].from) != (2 * opt->digest_len))
> > > > > > > > + return -EINVAL;
> > > > > > > > + kfree(opt->policydigest);
> > > > > > > > + opt->policydigest = kzalloc(opt->digest_len,
> > > > > > > > + GFP_KERNEL);
You're allocating the exact amount of storage needed. There's no reason
to use kzalloc here or elsewhere in the patch.
> > > > > > >
> > > > > > > Is it correct to kfree opt->policydigest here before allocating it?
> > > > > >
> > > > > > I think so. The same option might be encountered multiple times.
> > > > >
> > > > > This would surely signify an error?
> > > >
> > > > I'm following the semantics of other options. That's why I implemented
> > > > it that way for example:
> > > >
> > > > keyctl add trusted kmk "new 32 keyhandle=0x80000000 keyhandle=0x80000000"
> > > >
> > > > is perfectly OK. I just thought that it'd be more odd if this option
> > > > behaved in a different way...
> > >
> > > It seems broken to me -- if you're messing up keyctl commands you might
> > > want to know about it, but we should remain consistent.
> >
> > So should I return error if policyhandle/digest appears a second time? I
> > agree that it'd be better to return -EINVAL.
> >
> > The existing behavior is such that any option can appear multiple times
> > and I chose to be consistent with that.
>
> Mimi, David?
I don't have a problem with changing the existing behavior to allow the
options to be specified only once.
BTW, you might want to fail the getoptions() parsing earlier, rather
than waiting until after the while loop to test "policydigest_len !=
opt->digest_len". In both Opt_hash and Opt_policydigest you can check
to see if the other option has already been specified.
Mimi
next prev parent reply other threads:[~2015-12-08 23:56 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-17 16:27 [PATCH 0/2] TPM 2.0 trusted key features for v4.5 Jarkko Sakkinen
2015-11-17 16:27 ` Jarkko Sakkinen
2015-11-17 16:27 ` [PATCH 1/2] keys, trusted: select hash algorithm for TPM2 chips Jarkko Sakkinen
2015-11-17 16:27 ` Jarkko Sakkinen
2015-11-17 16:27 ` [PATCH 2/2] keys, trusted: seal with a policy Jarkko Sakkinen
2015-11-18 0:21 ` James Morris
2015-11-18 7:03 ` Jarkko Sakkinen
2015-11-20 2:34 ` James Morris
2015-12-07 9:12 ` Jarkko Sakkinen
2015-12-07 22:35 ` James Morris
2015-12-08 11:01 ` Jarkko Sakkinen
2015-12-08 20:24 ` Jarkko Sakkinen
2015-12-08 23:56 ` Mimi Zohar [this message]
2015-12-09 14:24 ` Jarkko Sakkinen
2015-12-09 16:10 ` Mimi Zohar
2015-11-19 10:59 ` [tpmdd-devel] " Fuchs, Andreas
2015-11-20 14:53 ` Jarkko Sakkinen
2015-11-21 18:50 ` Jarkko Sakkinen
2015-11-23 14:49 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1449618977.2937.104.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=james.l.morris@oracle.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jgunthorpe@obsidianresearch.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=serge@hallyn.com \
--cc=tpmdd-devel@lists.sourceforge.net \
--cc=tpmdd@selhorst.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.