From: Mimi Zohar <zohar@linux.ibm.com>
To: Eric Biggers <ebiggers@kernel.org>
Cc: linux-integrity@vger.kernel.org,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Subject: Re: [PATCH] security/integrity: remove unnecessary 'init_keyring' variable
Date: Fri, 21 Sep 2018 16:42:26 -0400 [thread overview]
Message-ID: <1537562546.3830.373.camel@linux.ibm.com> (raw)
In-Reply-To: <20180921201322.GC255965@gmail.com>
On Fri, 2018-09-21 at 13:13 -0700, Eric Biggers wrote:
> On Fri, Sep 21, 2018 at 03:55:33PM -0400, Mimi Zohar wrote:
> > On Fri, 2018-09-21 at 12:33 -0700, Eric Biggers wrote:
> > > On Fri, Sep 21, 2018 at 03:02:14PM -0400, Mimi Zohar wrote:
> > > > On Fri, 2018-09-21 at 11:54 -0700, Eric Biggers wrote:
> > > > > On Fri, Sep 21, 2018 at 02:42:38PM -0400, Mimi Zohar wrote:
> > > > > > On Fri, 2018-09-07 at 13:25 -0700, Eric Biggers wrote:
> > > > > > > From: Eric Biggers <ebiggers@google.com>
> > > > > > >
> > > > > > > The 'init_keyring' variable actually just gave the value of
> > > > > > > CONFIG_INTEGRITY_TRUSTED_KEYRING. We should check the config option
> > > > > > > directly instead. No change in behavior; this just simplifies the code.
> > > > > >
> > > > > > We try to minimize as much as possible "ifdefs" in C code. This
> > > > > > change is moving in the wrong direction.
> > > > >
> > > > > So your preferred approach is to store the values of Kconfig options in
> > > > > variables? That defeats much of the point of having Kconfig options...
> > > >
> > > > No, I prefer using "ifdefs" in include files, not C code, and defining
> > > > stub functions.
> > > >
> > > > Mimi
> > > >
> > >
> > > integrity_init_keyring() is already stubbed out in a header. What are you
> > > suggesting, exactly?
> >
> > Refer to section "20) Conditional Compilation" of
> > Documentation/process/coding-style.rst.
> >
> > Mimi
> >
>
> I'm already familiar with that. Unfortunately, you haven't clearly indicated
> what alternative you prefer, and it's unclear whether you've even read my patch,
> given that you're apparently saying to define a stub function which actually
> already exists. Maybe you want the 'init_keyring' bool replaced
> IS_ENABLED(CONFIG_INTEGRITY_TRUSTED_KEYRING)? That doesn't really make sense
> though, because integrity_init_keyring() is already stubbed out in some
> configurations; it makes more sense to fix the condition for stubbing it out...
I read your patch and commented that "ifdefs" don't belong in .c
files, as the above referenced doc says. My comment on using ifdefs
for defining stubs was simply an example of how to get around using
ifdefs in C.
The doc seems to be suggesting to use IS_ENABLED() to set a flag,
which is what the existing code does. Replacing the existing code
with IS_ENABLE() would be fine, but seems unnecessary.
I don't see a need to change the existing code to add more ifdefs in
.c files.
Mimi
next prev parent reply other threads:[~2018-09-22 2:33 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-07 20:25 [PATCH] security/integrity: remove unnecessary 'init_keyring' variable Eric Biggers
2018-09-21 18:42 ` Mimi Zohar
2018-09-21 18:54 ` Eric Biggers
2018-09-21 19:02 ` Mimi Zohar
2018-09-21 19:33 ` Eric Biggers
2018-09-21 19:55 ` Mimi Zohar
2018-09-21 20:13 ` Eric Biggers
2018-09-21 20:42 ` Mimi Zohar [this message]
2018-10-04 0:16 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1537562546.3830.373.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=ebiggers@kernel.org \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).