On Sun, Nov 14, 2021 at 02:34:07AM +0000, Chuck Lever III wrote: > > Adding kernel UAPIs expands the kernel's attack surface, causing security > > vulnerabilities. It also increases the number of UAPIs that need to be > > permanently supported. It makes no sense to add kernel UAPIs for things that > > can be easily done in userspace. > > > > They work well as April Fools' jokes, though: > > https://lore.kernel.org/r/1459463613-32473-1-git-send-email-richard@xxxxxx > > Perhaps you meant to save your patch for April 1? > > That remark is uncalled for and out of line. Perhaps you just > don't know what "strawman" means or why someone would post > unfinished code to ask for direction. I'll mark that down to > your inexperience. > > Interestingly, I don't see you listed as a maintainer in this > area: > > $ scripts/get_maintainer.pl crypto/asymmetric_keys/ > David Howells <dhowells@xxxxxxxxxx> (maintainer:ASYMMETRIC KEYS) > Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> (maintainer:CRYPTO API) > "David S. Miller" <davem@xxxxxxxxxxxxx> (maintainer:CRYPTO API) > keyrings@xxxxxxxxxxxxxxx (open list:ASYMMETRIC KEYS) > linux-crypto@xxxxxxxxxxxxxxx (open list:CRYPTO API) > linux-kernel@xxxxxxxxxxxxxxx (open list) > $ > > I actually /have/ talked with one of these maintainers, and he > suggested PEM decoding under add_key(2) would be appropriate and > valuable. It actually wasn't my idea. I shall credit his idea in > the next version of this patch so there won't be any further > confusion. It's not appropriate to add UAPIs with no regards for increasing the kernel's attack surface, especially for things that can easily be done in userspace. The kernel community is already struggling with thousands of syzbot reports and constant security vulnerabilites. I understand that your patch is not yet finished, but it doesn't really matter; this is no need for this patch at all as you can just convert PEM => DER in userspace. PEM decoding is just some data processing which can be implemented in userspace in any programming language, so it's not fundamentally different from sys_leftpad(). So in my opinion the comparison is relevant. - Eric
