Re: [PATCH 2/4] Add MMC Password Protection (lock/unlock) supportV8: mmc_key_retention.diff

From: Anderson Briglia
Date: Thu Dec 14 2006 - 09:38:28 EST


Hi,

ext Frank Seidel wrote:
> Quoting Anderson Briglia <anderson.briglia@xxxxxxxxxxx>:
>> [...]
> Hi,
> thats really cool stuff you're providing with your patches. :)
> I have some feedback or questions some parts here.
> But as i just started trying to get into kernelhacking you probably
> better don't take my notes to serious, please.

All comments are welcome, thanks for the revision. :)

>
>> Index: linux-linus-2.6/drivers/mmc/mmc_sysfs.c
>> ===================================================================
>> --- linux-linus-2.6.orig/drivers/mmc/mmc_sysfs.c 2006-12-04 [...]
>> +static int mmc_key_instantiate(struct key *key, const void *data,
>> size_t datalen)
>> +{
>> + struct mmc_key_payload *mpayload, *zap;
>> + int ret;
>> +
>> + zap = NULL;
> What is zap here for? future use?
> And wouldn't it be good to also initialize mplayload here?

The code was based on code presents at security/keys/user_defined.c. This is the reason of why the MMC PWD code was
implemented using this returns types and others implementations.
That file (user_defined.c) implements generic functions to handle keys inside the kernel, using the Kernel Key Retention
Service. Maybe you can take a look there, :).
That zap variable was used to expand the key payload when a new password exceeded a previous configured size. But the
Kernel Key Retention Service has changed and that zap variable is not used on key_instantiate function implemented at
user_defined.c, anymore. I'll update the MMC PWD code.

>
>> + ret = -EINVAL;
> Is there a special reason why you already assign the errors to the
> return value variable before its clear that the assignment is needed?

See the reply above.
>
>
>> + if (datalen <= 0 || datalen > MMC_KEYLEN_MAXBYTES || !data) {
> Isn't the last "|| !data" redundant as you already tested if datalen ==0?

data = 0 is different from !data.

>
>> + pr_debug("Invalid data\n");
>> + goto error;
>> + }
>> +
>> + ret = key_payload_reserve(key, datalen);
>> + if (ret < 0) {
>> + pr_debug("ret = %d\n", ret);
>> + goto error;
>> + }
>> +
>> + ret = -ENOMEM;
> Same as above: Why do you in any case want to assign it here?

Reply above.
>
>> + mpayload = kmalloc(sizeof(*mpayload) + datalen, GFP_KERNEL);
> I may be totally wrong, but is dereferencing a not initialized pointer
> (even just for using sizeof) really ok?

Yes. I believe sizeof is a compiler operation and it does not access the data pointed by that pointer, it access just
the type of the pointer.

Wouldn't it be safer to use
> a sizeof(struct mmc_key_payload) here?

I believe there is no difference on using this one and that other declaration.

Thanks,

Anderson Briglia
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/