[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220826091228.1701185-1-roberto.sassu@huaweicloud.com>
Date: Fri, 26 Aug 2022 11:12:28 +0200
From: Roberto Sassu <roberto.sassu@...weicloud.com>
To: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
martin.lau@...ux.dev, song@...nel.org, yhs@...com,
john.fastabend@...il.com, kpsingh@...nel.org, sdf@...gle.com,
haoluo@...gle.com, jolsa@...nel.org, mykolal@...com,
corbet@....net, dhowells@...hat.com, jarkko@...nel.org,
rostedt@...dmis.org, mingo@...hat.com, paul@...l-moore.com,
jmorris@...ei.org, serge@...lyn.com, shuah@...nel.org
Cc: bpf@...r.kernel.org, linux-doc@...r.kernel.org,
keyrings@...r.kernel.org, linux-security-module@...r.kernel.org,
linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org,
deso@...teo.net, Roberto Sassu <roberto.sassu@...wei.com>
Subject: [PATCH v14 04/10] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and add flags check function
From: Roberto Sassu <roberto.sassu@...wei.com>
In preparation for the patch that introduces the bpf_lookup_user_key() eBPF
kfunc, move KEY_LOOKUP_ definitions to include/linux/key.h, to be able to
validate the kfunc parameters.
Also, introduce key_lookup_flags_valid() to check if the caller set in the
argument only defined flags. Introduce it directly in include/linux/key.h,
to reduce the risk that the check is not in sync with currently defined
flags.
Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
Reviewed-by: KP Singh <kpsingh@...nel.org>
---
include/linux/key.h | 16 ++++++++++++++++
security/keys/internal.h | 2 --
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/include/linux/key.h b/include/linux/key.h
index 7febc4881363..e679dbf0c940 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -88,6 +88,22 @@ enum key_need_perm {
KEY_DEFER_PERM_CHECK, /* Special: permission check is deferred */
};
+#define KEY_LOOKUP_CREATE 0x01
+#define KEY_LOOKUP_PARTIAL 0x02
+
+/**
+ * key_lookup_flags_valid - detect if provided key lookup flags are valid
+ * @flags: key lookup flags.
+ *
+ * Verify whether or not the caller set in the argument only defined flags.
+ *
+ * Return: true if flags are valid, false if not.
+ */
+static inline bool key_lookup_flags_valid(u64 flags)
+{
+ return !(flags & ~(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL));
+}
+
struct seq_file;
struct user_struct;
struct signal_struct;
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 9b9cf3b6fcbb..3c1e7122076b 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -165,8 +165,6 @@ extern struct key *request_key_and_link(struct key_type *type,
extern bool lookup_user_key_possessed(const struct key *key,
const struct key_match_data *match_data);
-#define KEY_LOOKUP_CREATE 0x01
-#define KEY_LOOKUP_PARTIAL 0x02
extern long join_session_keyring(const char *name);
extern void key_change_session_keyring(struct callback_head *twork);
--
2.25.1
Powered by blists - more mailing lists