From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751931AbbLNOyy (ORCPT ); Mon, 14 Dec 2015 09:54:54 -0500 Received: from mga03.intel.com ([134.134.136.65]:32719 "EHLO mga03.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750914AbbLNOyw (ORCPT ); Mon, 14 Dec 2015 09:54:52 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.20,427,1444719600"; d="scan'208";a="860404283" Date: Mon, 14 Dec 2015 16:54:15 +0200 From: Jarkko Sakkinen To: Mimi Zohar Cc: Peter Huewe , Marcel Selhorst , David Howells , Jonathan Corbet , James Morris , "Serge E. Hallyn" , "open list:KEYS-TRUSTED" , "open list:KEYS-TRUSTED" , open list Subject: Re: [PATCH v2 1/3] keys, trusted: fix: *do not* allow duplicate key options Message-ID: <20151214145415.GA2237@intel.com> References: <1450021353-8775-1-git-send-email-jarkko.sakkinen@linux.intel.com> <1450021353-8775-2-git-send-email-jarkko.sakkinen@linux.intel.com> <1450100793.2702.42.camel@linux.vnet.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1450100793.2702.42.camel@linux.vnet.ibm.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Dec 14, 2015 at 08:46:33AM -0500, Mimi Zohar wrote: > On Sun, 2015-12-13 at 17:42 +0200, Jarkko Sakkinen wrote: > > The trusted keys option parsing allows specifying the same option > > multiple times. The last option value specified is used. > > > > This can be seen as a regression because: > > > > * No gain. > > * Could be problematic if there is be options dependent on other > > options. > > Thanks, Jarkko. Although it should be obvious that patch limits the > number of times an option can be specified, you should explicitly > mention it in the patch description. OK, I'll update the commit message with this information before I send the pull request. Thanks for the advice! > Mimi /Jarkko > > > Reported-by: James Morris James Morris > > Signed-off-by: Jarkko Sakkinen > > --- > > security/keys/trusted.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/security/keys/trusted.c b/security/keys/trusted.c > > index 903dace..7c183c7 100644 > > --- a/security/keys/trusted.c > > +++ b/security/keys/trusted.c > > @@ -736,11 +736,14 @@ static int getoptions(char *c, struct trusted_key_payload *pay, > > int res; > > unsigned long handle; > > unsigned long lock; > > + unsigned long token_mask = 0; > > > > while ((p = strsep(&c, " \t"))) { > > if (*p == '\0' || *p == ' ' || *p == '\t') > > continue; > > token = match_token(p, key_tokens, args); > > + if (test_and_set_bit(token, &token_mask)) > > + return -EINVAL; > > > > switch (token) { > > case Opt_pcrinfo: > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html