On Fri, Oct 18, 2024 at 15:42:15 +0000, Eric Snowberg wrote: > > On Oct 17, 2024, at 11:21 PM, Ben Boeckel <m...@benboeckel.net> wrote: > > Can this be committed to `Documentation/` and not just the Git history > > please? > > This is documented, but it doesn't come in until the 8th patch in the series. > Hopefully that is not an issue.
Ah, I'll look there, thanks. > >> + if (isspace(desc[i])) > >> + desc[i] = 0; > > > > How is setting a space to `0` *removing* it? Surely the `isxdigit` check > > internally is going to reject this. Perhaps you meant to have two > > indices into `desc`, one read and one write and to stall the write index > > as long as we're reading whitespace? > > > > Also, that whitespace is stripped is a userspace-relevant detail that > > should be documented. > > This was done incase the end-user has a trailing carriage return at the > end of their ACL. I have updated the comment as follows: > > + /* > + * Copy the user supplied contents, if uppercase is used, convert it > to > + * lowercase. Also if the end of the ACL contains any whitespace, > strip > + * it out. > + */ Well, this doesn't check the end for whitespace; any internal whitespace will terminate the key: DEAD BEEF ^ becomes NUL and results in the same thing as `DEAD` being passed. > > > >> +static void key_acl_destroy(struct key *key) > >> +{ > >> + /* It should not be possible to get here */ > >> + pr_info("destroy clavis_key_acl denied\n"); > >> +} > >> + > >> +static void key_acl_revoke(struct key *key) > >> +{ > >> + /* It should not be possible to get here */ > >> + pr_info("revoke clavis_key_acl denied\n"); > >> +} > > > > These keys cannot be destroyed or revoked? This seems…novel to me. What > > if there's a timeout on the key? If such keys are immortal, timeouts > > should also be refused? > > All the system kernel keyrings work this way. But now that you bring this up, > neither of > these functions are really necessary, so I will remove them in the next round. > > >> +static int key_acl_vet_description(const char *desc) > >> +{ > >> + int i, desc_len; > >> + s16 ktype; > >> + > >> + if (!desc) > >> + goto invalid; > >> + > >> + desc_len = sizeof(desc); > > > > This should be `strlen`, no? > > I will change this to strlen Actually, this could probably be `strnlen` using `CLAVIS_ASCII_KID_MAX + 1` just to avoid running off into la-la land when we're going to error anyways. Or even `8` because we only actually care about "is at least 7 bytes". Worth a comment either way. Looking forward to the next cycle. Thanks, --Ben