| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Yxc8fwOgZ+UY0jiX@kernel.org>
Date: Tue, 6 Sep 2022 15:26:39 +0300
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Roberto Sassu <roberto.sassu@...weicloud.com>
Cc: andrii@...nel.org, ast@...nel.org, bpf@...r.kernel.org,
daniel@...earbox.net, deso@...teo.net, dhowells@...hat.com,
haoluo@...gle.com, jmorris@...ei.org, john.fastabend@...il.com,
jolsa@...nel.org, keyrings@...r.kernel.org, kpsingh@...nel.org,
linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org,
linux-security-module@...r.kernel.org, martin.lau@...ux.dev,
memxor@...il.com, mingo@...hat.com, mykolal@...com,
paul@...l-moore.com, roberto.sassu@...wei.com, rostedt@...dmis.org,
sdf@...gle.com, serge@...lyn.com, shuah@...nel.org,
song@...nel.org, yhs@...com
Subject: Re: [PATCH v17 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h
and define KEY_LOOKUP_ALL
On Tue, Sep 06, 2022 at 02:15:06PM +0200, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu@...wei.com>
>
> In preparation for the patch that introduces the bpf_lookup_user_key() eBPF
> kfunc, move KEY_LOOKUP_ definitions to include/linux/key.h, to be able to
> validate the kfunc parameters. Add them to enum key_lookup_flag, so that
> all the current ones and the ones defined in the future are automatically
> exported through BTF and available to eBPF programs.
>
> Also, add KEY_LOOKUP_ALL to the enum, with the logical OR of currently
> defined flags as value, to facilitate checking whether a variable contains
> only those flags.
>
> Signed-off-by: Roberto Sassu <roberto.sassu@...wei.com>
> ---
> include/linux/key.h | 6 ++++++
> security/keys/internal.h | 2 --
> 2 files changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/key.h b/include/linux/key.h
> index 7febc4881363..d27477faf00d 100644
> --- a/include/linux/key.h
> +++ b/include/linux/key.h
> @@ -88,6 +88,12 @@ enum key_need_perm {
> KEY_DEFER_PERM_CHECK, /* Special: permission check is deferred */
> };
>
> +enum key_lookup_flag {
> + KEY_LOOKUP_CREATE = 0x01,
> + KEY_LOOKUP_PARTIAL = 0x02,
> + KEY_LOOKUP_ALL = (KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL),
> +};
> +
> struct seq_file;
> struct user_struct;
> struct signal_struct;
> diff --git a/security/keys/internal.h b/security/keys/internal.h
> index 9b9cf3b6fcbb..3c1e7122076b 100644
> --- a/security/keys/internal.h
> +++ b/security/keys/internal.h
> @@ -165,8 +165,6 @@ extern struct key *request_key_and_link(struct key_type *type,
>
> extern bool lookup_user_key_possessed(const struct key *key,
> const struct key_match_data *match_data);
> -#define KEY_LOOKUP_CREATE 0x01
> -#define KEY_LOOKUP_PARTIAL 0x02
>
> extern long join_session_keyring(const char *name);
> extern void key_change_session_keyring(struct callback_head *twork);
> --
> 2.25.1
>
Thanks,
Acked-by: Jarkko Sakkinen <jarkko@...nel.org>
BR, Jarkko
Powered by blists - more mailing lists