From: THOBY Simon <Simon.THOBY@viveris.fr>
To: Igor Zhbanov <izh1979@gmail.com>
Cc: Igor Zhbanov <i.zhbanov@omp.ru>,
linux-integrity <linux-integrity@vger.kernel.org>,
linux-security-module <linux-security-module@vger.kernel.org>,
Mimi Zohar <zohar@linux.ibm.com>
Subject: Re: [PATCH 1/1] NAX LSM: Add initial support support
Date: Fri, 13 Aug 2021 07:47:47 +0000 [thread overview]
Message-ID: <7642c670-55d9-9c30-40a9-15aba27503da@viveris.fr> (raw)
In-Reply-To: <CAEUiM9PRv+WhALQb-1im2_oZzAOvWzrMFrgn5xX9sU1K6DJ6+w@mail.gmail.com>
Hi Igor,
On 8/12/21 10:24 PM, Igor Zhbanov wrote:
> Hi Simon,
>
> ср, 28 июл. 2021 г. в 13:19, THOBY Simon <Simon.THOBY@viveris.fr>:
>> Nit: considering that allowed_caps_hex is only used in this function, and that it represents a small amount of
>> stack space, couldn't you define it directly in the function?
>>
>>> + len = strlen(allowed_caps_hex);
>
> It is also used as sysctl parameter input buffer in nax_sysctl_table[]
> for "allowed_caps" parameter.
>
Yes, what I meant was that maybe you could just declare it at the beginning of the function,
and not use it at all in the sysctl table. Because as I see it, you only use allowed_caps_hex in the sysctl
table to copy the string to that temporary (variable), and its use is limited to that one function.
Instead of:
+ if ((error = proc_dostring(table, write, buffer, lenp, ppos)))
+ return error;
You could probably get away with something like:
> +static int
> +nax_dostring(struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> +{
+ int error;
+ char allowed_caps_hex[ALLOWED_CAPS_HEX_LEN + 1];
[...]
+ len = strlen(allowed_caps_hex);
+ if (len > ALLOWED_CAPS_HEX_LEN)
+ return -EINVAL;
+ strncpy(allowed_caps_hex, buffer, ALLOWED_CAPS_HEX_LEN + 1);
I have to admit that having nearly no kernel development experience, I'm not
sure there is any guidance on the matter (maybe there is even guidance that recommend
preferring what your original patch does to what I suggested) but I think it is
unnecessary to have a variable accessible to the whole file but being used to hold (small)
temporary data for a single function.
In any case, I would appreciate comments for other reviewers if what I'm saying is completely
wrong, so as to not mislead you in doing adverse changes.
Thanks,
Simon
next prev parent reply other threads:[~2021-08-13 7:47 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-07 1:03 [PATCH 1/1] NAX LSM: Add initial support support Igor Zhbanov
2021-07-28 10:19 ` THOBY Simon
2021-08-10 4:52 ` J Freyensee
2021-08-12 14:47 ` THOBY Simon
2021-08-12 16:43 ` Igor Zhbanov
2021-08-13 8:08 ` THOBY Simon
2021-08-14 13:39 ` Igor Zhbanov
2021-08-16 7:39 ` THOBY Simon
2021-08-12 20:24 ` Igor Zhbanov
2021-08-13 7:47 ` THOBY Simon [this message]
2021-08-13 8:05 ` Igor Zhbanov
2021-08-13 8:23 ` THOBY Simon
2021-08-13 20:10 ` Igor Zhbanov
2021-08-16 7:31 ` THOBY Simon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7642c670-55d9-9c30-40a9-15aba27503da@viveris.fr \
--to=simon.thoby@viveris.fr \
--cc=i.zhbanov@omp.ru \
--cc=izh1979@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).