Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932995AbcLMNiV convert rfc822-to-8bit (ORCPT <rfc822;w@1wt.eu>);
        Tue, 13 Dec 2016 08:38:21 -0500
Received: from mx1.redhat.com ([209.132.183.28]:38736 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S932564AbcLMNiT (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 13 Dec 2016 08:38:19 -0500
Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley
        Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United
        Kingdom.
        Registered in England and Wales under Company Registration No. 3798903
From: David Howells <dhowells@redhat.com>
In-Reply-To: <CAKgNAkh9JLN4P+Fu+yRCNo96E3VwjYLRquuaf43XRWeuC7gnNw@mail.gmail.com>
References: <CAKgNAkh9JLN4P+Fu+yRCNo96E3VwjYLRquuaf43XRWeuC7gnNw@mail.gmail.com> <51643019-bb42-4066-c824-c55b9e668ac6@man7.org> <25262.1481628931@warthog.procyon.org.uk> <9f32a79b-5795-bff4-b741-bf927a525149@gmail.com>
To: mtk.manpages@gmail.com
Cc: dhowells@redhat.com, Michael Kerrisk <mtk@man7.org>,
        lkml <linux-kernel@vger.kernel.org>,
        Eugene Syromyatnikov <evgsyr@gmail.com>, keyrings@vger.kernel.org,
        linux-man <linux-man@vger.kernel.org>
Subject: Re: Revised keyrings(7) man page for review
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8BIT
Date: Tue, 13 Dec 2016 13:38:16 +0000
Message-ID: <26913.1481636296@warthog.procyon.org.uk>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.26]); Tue, 13 Dec 2016 13:38:19 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1692
Lines: 35

Michael Kerrisk (man-pages) <mtk.manpages@gmail.com> wrote:

> So, I've updated this piece a couple of times since the draft that you
> reviewed, and by now it reads:
> 
>        "big_key" (since Linux 3.13)
>               This key type is similar to the "user" key type, but it may
>               hold  a  payload  of up to 1 MiB in size.  This key type is
>               useful for tasks such as holding Kerberos ticket caches.

I'm not sure that "tasks" is quite the word I'd use here (it's overloaded).
Perhaps "purposes"?

>               The payload data may be stored in  the  swap  space  rather
>               than in kernel memory if the data size exceeds the overhead
>               of storing the data encrypted in swap space.  (A tmpfs file
>               is  used,  which requires filesystem structures to be allo‐
>               cated in the kernel; The size of  these  structures  deter‐
>               mines  the  size  threshold  above  which the tmpfs storage
>               method  is  used.)   Since  Linux  4.8,  payload  data   is
>               encrypted,  to  prevent  it  being written unencrypted into
>               swap space.

I would either drop the first "encrypted" ("storing the data encrypted") since
you mention this later or move it earlier to be after the word "stored" ("may
be stored encrypted").

Note that with the "Since Linux 4.8 ..." sentence, the encryption is only
applied if it is stored into tmpfs.

Also, the payload isn't directly stored into swapspace, but is rather stored
into tmpfs, from where it can be swapped.  This is important since you can use
this type of key without any swapspace available to your system.

David