| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <af509503e534dfbb5b4943d97fbdb27f3e8914fc.camel@huaweicloud.com>
Date: Thu, 01 Sep 2022 09:00:00 +0200
From: Roberto Sassu <roberto.sassu@...weicloud.com>
To: ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
martin.lau@...ux.dev, song@...nel.org, yhs@...com,
john.fastabend@...il.com, kpsingh@...nel.org, sdf@...gle.com,
haoluo@...gle.com, jolsa@...nel.org, mykolal@...com,
dhowells@...hat.com, jarkko@...nel.org, rostedt@...dmis.org,
mingo@...hat.com, paul@...l-moore.com, jmorris@...ei.org,
serge@...lyn.com, shuah@...nel.org
Cc: bpf@...r.kernel.org, keyrings@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kselftest@...r.kernel.org, linux-kernel@...r.kernel.org,
deso@...teo.net, memxor@...il.com,
Roberto Sassu <roberto.sassu@...wei.com>
Subject: Re: [PATCH v15 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h
and define KEY_LOOKUP_ALL
On Wed, 2022-08-31 at 18:54 +0200, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu@...wei.com>
>
> In preparation for the patch that introduces the
> bpf_lookup_user_key() eBPF
> kfunc, move KEY_LOOKUP_ definitions to include/linux/key.h, to be
> able to
> validate the kfunc parameters. Add them to enum key_lookup_flag, so
> that
> all the current ones and the ones defined in the future are
> automatically
> exported through BTF and available to eBPF programs.
>
> Also, add KEY_LOOKUP_ALL to the enum, to facilitate checking whether
> a
> variable contains only defined flags.
>
> Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> Reviewed-by: KP Singh <kpsingh@...nel.org>
> Acked-by: Jarkko Sakkinen <jarkko@...nel.org>
Jarkko, I kept your ack although the code slightly changed to use the
enum instead of #define.
If you have more comments/suggestions, please let me know.
Thanks
Roberto
> ---
> include/linux/key.h | 6 ++++++
> security/keys/internal.h | 2 --
> 2 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/key.h b/include/linux/key.h
> index 7febc4881363..d84171f90cbd 100644
> --- a/include/linux/key.h
> +++ b/include/linux/key.h
> @@ -88,6 +88,12 @@ enum key_need_perm {
> KEY_DEFER_PERM_CHECK, /* Special: permission check is
> deferred */
> };
>
> +enum key_lookup_flag {
> + KEY_LOOKUP_CREATE = 0x01, /* Create special keyrings if they
> don't exist */
> + KEY_LOOKUP_PARTIAL = 0x02, /* Permit partially
> constructed keys to be found */
> + KEY_LOOKUP_ALL = (KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL), /*
> OR of previous flags */
> +};
> +
> struct seq_file;
> struct user_struct;
> struct signal_struct;
> diff --git a/security/keys/internal.h b/security/keys/internal.h
> index 9b9cf3b6fcbb..3c1e7122076b 100644
> --- a/security/keys/internal.h
> +++ b/security/keys/internal.h
> @@ -165,8 +165,6 @@ extern struct key *request_key_and_link(struct
> key_type *type,
>
> extern bool lookup_user_key_possessed(const struct key *key,
> const struct key_match_data
> *match_data);
> -#define KEY_LOOKUP_CREATE 0x01
> -#define KEY_LOOKUP_PARTIAL 0x02
>
> extern long join_session_keyring(const char *name);
> extern void key_change_session_keyring(struct callback_head *twork);
Powered by blists - more mailing lists