Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3266079imu;
        Mon, 17 Dec 2018 16:46:56 -0800 (PST)
X-Google-Smtp-Source: AFSGD/UI7bKDoa5c4s7ZOiMJrYhDV0odTJL8yNRjBAi+mV+kQNl+uvJg8gSW+nPnThOdl7eri/zg
X-Received: by 2002:a62:1212:: with SMTP id a18mr15261461pfj.217.1545094016885;
        Mon, 17 Dec 2018 16:46:56 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1545094016; cv=none;
        d=google.com; s=arc-20160816;
        b=R9XxSiRmmFe3P3FIBm0IJR/A+pbZggFIC46EtmFy//G1mlUkOjX3aJPLiVwuR8NNo/
         6fbkGNSPcdfSGCiF5pAtxI+1KwTwj8dZbOV5/NBZ7U1H21XkRkLW9AmLoNFfQpn33a5l
         lrhDfEa52Akr16UtAsks8lWXzTiHHNyNz8QV+1ORBBhgwetAUXa9RBN1EW1cVr7hCY3T
         JR07cZjBjmlMSRcc25acWJo1NTLW4l7Cz3FA1Lr2BRVa3g/NwbIM4yKwYQUZl4CTvn5A
         50iBKX3Ihm4J/IfWhP6QyHRw9pkoUtbhBEf50LHps21WDxfBHK98PK599xETEBuTiZWk
         NoEg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id
         :dkim-signature;
        bh=vitnorFMndDutma3jsM3PbgraOl96ml4WpPVsIzHWsY=;
        b=owq1HhgBOOiGOXzsJdanOsx0IHHFqHz2tMkp5wNaBda8x8h4n5JJ4OQtG6gc5sajkW
         5k7+iHvZurwoEdVGYjDB75l2kMOAEFsDtNkh02eAzDYk90DLU6//N5fRVH3EuPJnuMLq
         XKa4tVkDEfuGKQqKk5VVfC3C9wGbYKzsYOY0903/DdlKh1FfQvuc6H6FbmBpA5Kbh89i
         fce/BDygVwneiW2+gkWBjtpwxlLZonUdZraLl/cCJPFd1hhOHp0TJqFEVWxxemMENtXh
         C8bDuluxTPqjcxzZSPEvgfTnUEwb50pADS+dx4qvuVTKefTm0rpLTC0bQ6+dkR3TCCJz
         RwYQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=mJ6FPQ8l;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 37si11956953plv.243.2018.12.17.16.46.41;
        Mon, 17 Dec 2018 16:46:56 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=mJ6FPQ8l;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726387AbeLRAoZ (ORCPT <rfc822;krseo358@gmail.com> + 99 others);
        Mon, 17 Dec 2018 19:44:25 -0500
Received: from bedivere.hansenpartnership.com ([66.63.167.143]:33442 "EHLO
        bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1726285AbeLRAoZ (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 17 Dec 2018 19:44:25 -0500
Received: from localhost (localhost [127.0.0.1])
        by bedivere.hansenpartnership.com (Postfix) with ESMTP id 3D2358EE1CB;
        Mon, 17 Dec 2018 16:44:24 -0800 (PST)
Received: from bedivere.hansenpartnership.com ([127.0.0.1])
        by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id F7V6TdXFDJAB; Mon, 17 Dec 2018 16:44:24 -0800 (PST)
Received: from [153.66.254.194] (unknown [50.35.68.20])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 83AE58EE0A4;
        Mon, 17 Dec 2018 16:44:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com;
        s=20151216; t=1545093863;
        bh=UXoCsqDxGMQ26kVNzeM3o73fRnhRn/iTedhRTINLL5k=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=mJ6FPQ8ltN+n5tWXUmoj2Kr+fNzy9Rwrh39zjRKUB1uT+hiXfUkolxRr8my7hrt6u
         w9U7/EMJ1U2oOLsOjMBSWx8Do0T0OH0xoyprtlzOcUqMTtSpzBBQ8iwFpO+rJZh45c
         JAO7m9jTLMkDsvhueFcbsCZpd+mXb3XA6/eNthbw=
Message-ID: <1545093862.2878.34.camel@HansenPartnership.com>
Subject: Re: [PATCH RESEND] KEYS: fix parsing invalid pkey info string
From:   James Bottomley <James.Bottomley@HansenPartnership.com>
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     ebiggers@kernel.org, James Morris James Morris <jmorris@namei.org>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        Peter Huewe <peterhuewe@gmx.de>,
        David Howells <dhowells@redhat.com>, keyrings@vger.kernel.org,
        Linux List Kernel Mailing <linux-kernel@vger.kernel.org>,
        syzkaller-bugs@googlegroups.com
Date:   Mon, 17 Dec 2018 16:44:22 -0800
In-Reply-To: <CAHk-=wjPhKNKRq24wXL3wvqUgfyriDjYNXUPCumbH=64ZMXrSw@mail.gmail.com>
References: <20181128232019.GC131170@gmail.com>
         <20181217181244.220052-1-ebiggers@kernel.org>
         <CAHk-=whmh8WdcKHdYjioJNjyeewv=fO1H0hxXqDh6kiX0YvzmQ@mail.gmail.com>
         <CAHk-=wi8iGD8zHuPr38m9MUwDwf3qy2FYSbyoQ_Ygky+D-pU1Q@mail.gmail.com>
         <CAHk-=wjsMJeEkJbE3QhM3SY-DT9VsnMWNQKMNsG9TetnjREWDQ@mail.gmail.com>
         <CAHk-=wgGYebCEE-M-6Dnbn5MpC8BD8SLjgw8iPGrgy8zETrdJg@mail.gmail.com>
         <1545076260.2878.15.camel@HansenPartnership.com>
         <CAHk-=wjPhKNKRq24wXL3wvqUgfyriDjYNXUPCumbH=64ZMXrSw@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.26.6 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 2018-12-17 at 12:02 -0800, Linus Torvalds wrote:
> On Mon, Dec 17, 2018 at 11:51 AM James Bottomley
> <James.Bottomley@hansenpartnership.com> wrote:
> > 
> > If this is to replace Eric's patch, didn't you want to set
> > token_mask to (1<<Opt_err)?
> 
> No, let's not add any extra code that is trying to be subtle. Subtle
> interactions was where the bug came from.

Sure; I suppose liking the TPM gives me a taste for subtlety.

> The code already checks the actual Opt_xyz for errors in a switch
> statement. The token_mask should be _purely_ about duplicate options
> (or conflicting ones).
> 
> Talking about the conflicting ones: Opt_hash checks that
> Opt_policydigest isn't set. But Opt_policydigest doesn't check that
> Opt_hash isn't set, so you can mix the two if you just do it in the
> right order.
>
> But that's a separate bug, and doesn't seem to be a huge deal.

Actually, I'm afraid it's not a bug, it's a command line ordering
thing.  To check the policy digest length, we need to know which hash
algorithm you're using, so if you're specifying a hash algorithm, it
has to appear *before* a policydigest as a command input.

I take it this is another subtlety you'd like documenting ...?

> But it *is* an example of how bogus all of this stuff is. Clearly
> people weren't really paying attention when writing any of this code.

Hey, not going to argue here.  The whole policy session passed in is
questionable because some of the actions the kernel takes on the key
have to depend on what was in the policy (which you don't know and
can't deduce from the hash).  The only way to get it to work
universally is to pass the actual policy in and have the kernel
construct the policy session itself.  Fortunately fixing it can be low
priority because we don't seem to have any users.

James