All of lore.kernel.org
 help / color / mirror / Atom feed
From: Roberto Sassu <roberto.sassu@huaweicloud.com>
To: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org,
	martin.lau@linux.dev, song@kernel.org, yhs@fb.com,
	john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com,
	haoluo@google.com, jolsa@kernel.org, mykolal@fb.com,
	corbet@lwn.net, dhowells@redhat.com, jarkko@kernel.org,
	rostedt@goodmis.org, mingo@redhat.com, paul@paul-moore.com,
	jmorris@namei.org, serge@hallyn.com, shuah@kernel.org
Cc: bpf@vger.kernel.org, linux-doc@vger.kernel.org,
	keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
	linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org,
	deso@posteo.net, Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH v14 04/10] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and add flags check function
Date: Fri, 26 Aug 2022 11:12:28 +0200	[thread overview]
Message-ID: <20220826091228.1701185-1-roberto.sassu@huaweicloud.com> (raw)
In-Reply-To: <acae432697e854748d9a44c732ec8cab807d9d46.camel@huaweicloud.com>

From: Roberto Sassu <roberto.sassu@huawei.com>

In preparation for the patch that introduces the bpf_lookup_user_key() eBPF
kfunc, move KEY_LOOKUP_ definitions to include/linux/key.h, to be able to
validate the kfunc parameters.

Also, introduce key_lookup_flags_valid() to check if the caller set in the
argument only defined flags. Introduce it directly in include/linux/key.h,
to reduce the risk that the check is not in sync with currently defined
flags.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: KP Singh <kpsingh@kernel.org>
---
 include/linux/key.h      | 16 ++++++++++++++++
 security/keys/internal.h |  2 --
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/include/linux/key.h b/include/linux/key.h
index 7febc4881363..e679dbf0c940 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -88,6 +88,22 @@ enum key_need_perm {
 	KEY_DEFER_PERM_CHECK,	/* Special: permission check is deferred */
 };
 
+#define KEY_LOOKUP_CREATE	0x01
+#define KEY_LOOKUP_PARTIAL	0x02
+
+/**
+ * key_lookup_flags_valid - detect if provided key lookup flags are valid
+ * @flags: key lookup flags.
+ *
+ * Verify whether or not the caller set in the argument only defined flags.
+ *
+ * Return: true if flags are valid, false if not.
+ */
+static inline bool key_lookup_flags_valid(u64 flags)
+{
+	return !(flags & ~(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL));
+}
+
 struct seq_file;
 struct user_struct;
 struct signal_struct;
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 9b9cf3b6fcbb..3c1e7122076b 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -165,8 +165,6 @@ extern struct key *request_key_and_link(struct key_type *type,
 
 extern bool lookup_user_key_possessed(const struct key *key,
 				      const struct key_match_data *match_data);
-#define KEY_LOOKUP_CREATE	0x01
-#define KEY_LOOKUP_PARTIAL	0x02
 
 extern long join_session_keyring(const char *name);
 extern void key_change_session_keyring(struct callback_head *twork);
-- 
2.25.1


  reply	other threads:[~2022-08-26  9:13 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-18 15:29 [PATCH v12 00/10] bpf: Add kfuncs for PKCS#7 signature verification roberto.sassu
2022-08-18 15:29 ` [PATCH v12 01/10] bpf: Allow kfuncs to be used in LSM programs roberto.sassu
2022-08-18 15:29 ` [PATCH v12 02/10] btf: Handle dynamic pointer parameter in kfuncs roberto.sassu
2022-08-26  4:54   ` Jarkko Sakkinen
2022-08-26  5:16     ` Alexei Starovoitov
2022-08-26  5:46       ` Jarkko Sakkinen
2022-08-26 14:43         ` Jarkko Sakkinen
2022-08-26 14:46           ` Jarkko Sakkinen
2022-08-26 15:34           ` Roberto Sassu
2022-08-26 16:32             ` Jarkko Sakkinen
2022-08-26 16:41               ` Jarkko Sakkinen
2022-08-26 19:10                 ` Roberto Sassu
2022-08-18 15:29 ` [PATCH v12 03/10] bpf: Export bpf_dynptr_get_size() roberto.sassu
2022-08-18 15:29 ` [PATCH v12 04/10] KEYS: Move KEY_LOOKUP_ to include/linux/key.h roberto.sassu
2022-08-26  5:42   ` Jarkko Sakkinen
2022-08-26  7:14     ` Roberto Sassu
2022-08-26  9:12       ` Roberto Sassu [this message]
2022-08-26  9:22         ` [PATCH v14 04/10] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and add flags check function Roberto Sassu
2022-08-28  3:59           ` Jarkko Sakkinen
2022-08-28  4:03             ` Jarkko Sakkinen
2022-08-29  7:25               ` Roberto Sassu
2022-08-29 12:33                 ` Jarkko Sakkinen
2022-08-28  3:57       ` [PATCH v12 04/10] KEYS: Move KEY_LOOKUP_ to include/linux/key.h Jarkko Sakkinen
2022-08-28 12:04         ` KP Singh
2022-08-18 15:29 ` [PATCH v12 05/10] bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs roberto.sassu
2022-08-18 15:29 ` [PATCH v12 06/10] bpf: Add bpf_verify_pkcs7_signature() kfunc roberto.sassu
2022-08-18 15:29 ` [PATCH v12 07/10] selftests/bpf: Compile kernel with everything as built-in roberto.sassu
2022-08-18 17:35   ` Daniel Müller
2022-08-18 15:29 ` [PATCH v12 08/10] selftests/bpf: Add verifier tests for bpf_lookup_*_key() and bpf_key_put() roberto.sassu
2022-08-18 15:29 ` [PATCH v12 09/10] selftests/bpf: Add additional tests for bpf_lookup_*_key() roberto.sassu
2022-08-18 15:29 ` [PATCH v12 10/10] selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc roberto.sassu

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220826091228.1701185-1-roberto.sassu@huaweicloud.com \
    --to=roberto.sassu@huaweicloud.com \
    --cc=andrii@kernel.org \
    --cc=ast@kernel.org \
    --cc=bpf@vger.kernel.org \
    --cc=corbet@lwn.net \
    --cc=daniel@iogearbox.net \
    --cc=deso@posteo.net \
    --cc=dhowells@redhat.com \
    --cc=haoluo@google.com \
    --cc=jarkko@kernel.org \
    --cc=jmorris@namei.org \
    --cc=john.fastabend@gmail.com \
    --cc=jolsa@kernel.org \
    --cc=keyrings@vger.kernel.org \
    --cc=kpsingh@kernel.org \
    --cc=linux-doc@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-kselftest@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=martin.lau@linux.dev \
    --cc=mingo@redhat.com \
    --cc=mykolal@fb.com \
    --cc=paul@paul-moore.com \
    --cc=roberto.sassu@huawei.com \
    --cc=rostedt@goodmis.org \
    --cc=sdf@google.com \
    --cc=serge@hallyn.com \
    --cc=shuah@kernel.org \
    --cc=song@kernel.org \
    --cc=yhs@fb.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.