| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Aug 2022 11:22:54 +0200
From: Roberto Sassu <roberto.sassu@...weicloud.com>
To: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
martin.lau@...ux.dev, song@...nel.org, yhs@...com,
john.fastabend@...il.com, kpsingh@...nel.org, sdf@...gle.com,
haoluo@...gle.com, jolsa@...nel.org, mykolal@...com,
corbet@....net, dhowells@...hat.com, jarkko@...nel.org,
rostedt@...dmis.org, mingo@...hat.com, paul@...l-moore.com,
jmorris@...ei.org, serge@...lyn.com, shuah@...nel.org
Cc: bpf@...r.kernel.org, linux-doc@...r.kernel.org,
keyrings@...r.kernel.org, linux-security-module@...r.kernel.org,
linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org,
deso@...teo.net, Roberto Sassu <roberto.sassu@...wei.com>
Subject: Re: [PATCH v14 04/10] KEYS: Move KEY_LOOKUP_ to include/linux/key.h
and add flags check function
On Fri, 2022-08-26 at 11:12 +0200, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu@...wei.com>
>
> In preparation for the patch that introduces the
> bpf_lookup_user_key() eBPF
> kfunc, move KEY_LOOKUP_ definitions to include/linux/key.h, to be
> able to
> validate the kfunc parameters.
>
> Also, introduce key_lookup_flags_valid() to check if the caller set
> in the
> argument only defined flags. Introduce it directly in
> include/linux/key.h,
> to reduce the risk that the check is not in sync with currently
> defined
> flags.
>
> Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> Reviewed-by: KP Singh <kpsingh@...nel.org>
Jarkko, could you please ack it if it is fine?
Thanks
Roberto
> ---
> include/linux/key.h | 16 ++++++++++++++++
> security/keys/internal.h | 2 --
> 2 files changed, 16 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/key.h b/include/linux/key.h
> index 7febc4881363..e679dbf0c940 100644
> --- a/include/linux/key.h
> +++ b/include/linux/key.h
> @@ -88,6 +88,22 @@ enum key_need_perm {
> KEY_DEFER_PERM_CHECK, /* Special: permission check is
> deferred */
> };
>
> +#define KEY_LOOKUP_CREATE 0x01
> +#define KEY_LOOKUP_PARTIAL 0x02
> +
> +/**
> + * key_lookup_flags_valid - detect if provided key lookup flags are
> valid
> + * @flags: key lookup flags.
> + *
> + * Verify whether or not the caller set in the argument only defined
> flags.
> + *
> + * Return: true if flags are valid, false if not.
> + */
> +static inline bool key_lookup_flags_valid(u64 flags)
> +{
> + return !(flags & ~(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL));
> +}
> +
> struct seq_file;
> struct user_struct;
> struct signal_struct;
> diff --git a/security/keys/internal.h b/security/keys/internal.h
> index 9b9cf3b6fcbb..3c1e7122076b 100644
> --- a/security/keys/internal.h
> +++ b/security/keys/internal.h
> @@ -165,8 +165,6 @@ extern struct key *request_key_and_link(struct
> key_type *type,
>
> extern bool lookup_user_key_possessed(const struct key *key,
> const struct key_match_data
> *match_data);
> -#define KEY_LOOKUP_CREATE 0x01
> -#define KEY_LOOKUP_PARTIAL 0x02
>
> extern long join_session_keyring(const char *name);
> extern void key_change_session_keyring(struct callback_head *twork);
Powered by blists - more mailing lists