On Mon, Dec 14, 2015 at 08:46:33AM -0500, Mimi Zohar wrote: > On Sun, 2015-12-13 at 17:42 +0200, Jarkko Sakkinen wrote: > > The trusted keys option parsing allows specifying the same option > > multiple times. The last option value specified is used. > > > > This can be seen as a regression because: > > > > * No gain. > > * Could be problematic if there is be options dependent on other > > options. > > Thanks, Jarkko. Although it should be obvious that patch limits the > number of times an option can be specified, you should explicitly > mention it in the patch description.
OK, I'll update the commit message with this information before I send the pull request. Thanks for the advice! > Mimi /Jarkko > > > Reported-by: James Morris James Morris <[email protected]> > > Signed-off-by: Jarkko Sakkinen <[email protected]> > > --- > > security/keys/trusted.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/security/keys/trusted.c b/security/keys/trusted.c > > index 903dace..7c183c7 100644 > > --- a/security/keys/trusted.c > > +++ b/security/keys/trusted.c > > @@ -736,11 +736,14 @@ static int getoptions(char *c, struct > > trusted_key_payload *pay, > > int res; > > unsigned long handle; > > unsigned long lock; > > + unsigned long token_mask = 0; > > > > while ((p = strsep(&c, " \t"))) { > > if (*p == '\0' || *p == ' ' || *p == '\t') > > continue; > > token = match_token(p, key_tokens, args); > > + if (test_and_set_bit(token, &token_mask)) > > + return -EINVAL; > > > > switch (token) { > > case Opt_pcrinfo: > > > -- > To unsubscribe from this list: send the line "unsubscribe > linux-security-module" in > the body of a message to [email protected] > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
