Re: [PATCH 2/4] Add MMC Password Protection (lock/unlock) support V8: mmc_key_retention.diff

[Anderson Briglia <anderson.briglia@indt.org.br>]

Hi,

ext Frank Seidel wrote:
> Quoting Anderson Briglia <anderson.briglia@indt.org.br>:
>> [...]
> Hi,
> thats really cool stuff you're providing with your patches. :)
> I have some feedback or questions some parts here.
> But as i just started trying to get into kernelhacking you probably
> better don't take my notes to serious, please.

All comments are welcome, thanks for the revision. :)

> 
>> Index: linux-linus-2.6/drivers/mmc/mmc_sysfs.c
>> ===================================================================
>> --- linux-linus-2.6.orig/drivers/mmc/mmc_sysfs.c        2006-12-04 [...]
>> +static int mmc_key_instantiate(struct key *key, const void *data, 
>> size_t datalen)
>> +{
>> +        struct mmc_key_payload *mpayload, *zap;
>> +        int ret;
>> +
>> +        zap = NULL;
> What is zap here for? future use?
> And wouldn't it be good to also initialize mplayload here?

The code was based on code presents at security/keys/user_defined.c. This is the reason of why the MMC PWD code was
implemented using this returns types and others implementations.
That file (user_defined.c) implements generic functions to handle keys inside the kernel, using the Kernel Key Retention
Service. Maybe you can take a look there, :).
That zap variable was used to expand the key payload when a new password exceeded a previous configured size. But the
Kernel Key Retention Service has changed and that zap variable is not used on key_instantiate function implemented at
user_defined.c, anymore. I'll update the MMC PWD code.

> 
>> +        ret = -EINVAL;
> Is there a special reason why you already assign the errors to the
> return value variable before its clear that the assignment is needed?

See the reply above.
> 
> 
>> +        if (datalen <= 0 || datalen > MMC_KEYLEN_MAXBYTES || !data) {
> Isn't the last "|| !data" redundant as you already tested if datalen ==0?

data = 0 is different from !data.

> 
>> +                pr_debug("Invalid data\n");
>> +                goto error;
>> +        }
>> +
>> +        ret = key_payload_reserve(key, datalen);
>> +        if (ret < 0) {
>> +                pr_debug("ret = %d\n", ret);
>> +                goto error;
>> +        }
>> +
>> +        ret = -ENOMEM;
> Same as above: Why do you in any case want to assign it here?

Reply above.
> 
>> +        mpayload = kmalloc(sizeof(*mpayload) + datalen, GFP_KERNEL);
> I may be totally wrong, but is dereferencing a not initialized pointer
> (even just for using sizeof) really ok? 

Yes. I believe sizeof is a compiler operation and it does not access the data pointed by that pointer, it access just
the type of the pointer.

Wouldn't it be safer to use
> a sizeof(struct mmc_key_payload) here?

I believe there is no difference on using this one and that other declaration.

Thanks,

Anderson Briglia