On Mon, 2016-03-28 at 14:14 -0700, Kees Cook wrote:
> +static const char *id_str[READING_MAX_ID] = {
> + [READING_FIRMWARE] = "firmware",
> + [READING_MODULE] = "kernel module",
> + [READING_KEXEC_IMAGE] = "kexec image",
> + [READING_KEXEC_INITRAMFS] = "kexec initramfs",
> + [READING_POLICY] = "security policy",
> +};
> +
> +static int loadpin_read_file(struct file *file, enum kernel_read_file_id id)
> +{
> + struct super_block *load_root;
> + const char *origin;
> +
> + if (id < 0 || id >= READING_MAX_ID)
> + return -EINVAL;
> +
The kernel_read_file_id enumeration starts at 1.
> + origin = id_str[id];
> + if (!origin) {
> + origin = "unknown";
Right, all the entries in the kernel_read_file_id enumeration are
currently listed in id_str. Checking origin is needed for when id_str[]
isn't kept in sync with the enumeration.
Looks good!
Mimi
