Re: [PATCH v14 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and set... | linux-security-module

[PATCH v14 00/12] bpf: Add kfuncs for PKCS#7 signature verification · Roberto Sassu <hidden> · 2022-08-30
[PATCH v14 01/12] bpf: Allow kfuncs to be used in LSM programs · Roberto Sassu <hidden> · 2022-08-30
[PATCH v14 02/12] bpf: Move dynptr type check to is_dynptr_type_expected() · Roberto Sassu <hidden> · 2022-08-30
Re: [PATCH v14 02/12] bpf: Move dynptr type check to is_dynptr_type_expected() · Joanne Koong <hidden> · 2022-08-30
Re: [PATCH v14 02/12] bpf: Move dynptr type check to is_dynptr_type_expected() · Roberto Sassu <hidden> · 2022-08-31
[PATCH v14 03/12] btf: Allow dynamic pointer parameters in kfuncs · Roberto Sassu <hidden> · 2022-08-30
[PATCH v14 04/12] bpf: Export bpf_dynptr_get_size() · Roberto Sassu <hidden> · 2022-08-30
[PATCH v14 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and set KEY_LOOKUP_FLAGS_ALL · Roberto Sassu <hidden> · 2022-08-30
Re: [PATCH v14 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and set KEY_LOOKUP_FLAGS_ALL · Jarkko Sakkinen <jarkko@kernel.org> · 2022-08-31
Re: [PATCH v14 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and set KEY_LOOKUP_FLAGS_ALL · Jarkko Sakkinen <jarkko@kernel.org> · 2022-08-31
Re: [PATCH v14 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and set KEY_LOOKUP_FLAGS_ALL · Jarkko Sakkinen <jarkko@kernel.org> · 2022-08-31
Re: [PATCH v14 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and set KEY_LOOKUP_FLAGS_ALL · Roberto Sassu <hidden> · 2022-08-31
Re: [PATCH v14 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and set KEY_LOOKUP_FLAGS_ALL · Alexei Starovoitov <hidden> · 2022-08-31
Re: [PATCH v14 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and set KEY_LOOKUP_FLAGS_ALL · Roberto Sassu <hidden> · 2022-08-31
Re: [PATCH v14 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and set KEY_LOOKUP_FLAGS_ALL · Jarkko Sakkinen <jarkko@kernel.org> · 2022-09-02
[PATCH v14 06/12] bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs · Roberto Sassu <hidden> · 2022-08-30
[PATCH v14 07/12] bpf: Add bpf_verify_pkcs7_signature() kfunc · Roberto Sassu <hidden> · 2022-08-30
[PATCH v14 08/12] selftests/bpf: Compile kernel with everything as built-in · Roberto Sassu <hidden> · 2022-08-30
[PATCH v14 09/12] selftests/bpf: Add verifier tests for bpf_lookup_*_key() and bpf_key_put() · Roberto Sassu <hidden> · 2022-08-30
[PATCH v14 10/12] selftests/bpf: Add additional tests for bpf_lookup_*_key() · Roberto Sassu <hidden> · 2022-08-30
[PATCH v14 11/12] selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc · Roberto Sassu <hidden> · 2022-08-30
[PATCH v14 12/12] selftests/bpf: Add verifier tests for dynamic pointers parameters in kfuncs · Roberto Sassu <hidden> · 2022-08-30
Re: [PATCH v14 12/12] selftests/bpf: Add verifier tests for dynamic pointers parameters in kfuncs · Joanne Koong <hidden> · 2022-08-30

Re: [PATCH v14 05/12] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and set KEY_LOOKUP_FLAGS_ALL

From: Jarkko Sakkinen <jarkko@kernel.org>
Date: 2022-08-31 06:29:18
Also in: bpf, keyrings, linux-kselftest, lkml

On Wed, Aug 31, 2022 at 07:51:47AM +0300, Jarkko Sakkinen wrote:

On Wed, Aug 31, 2022 at 05:53:28AM +0300, Jarkko Sakkinen wrote:

quoted

On Tue, Aug 30, 2022 at 06:17:09PM +0200, Roberto Sassu wrote:

quoted

From: Roberto Sassu <roberto.sassu@huawei.com>

In preparation for the patch that introduces the bpf_lookup_user_key() eBPF
kfunc, move KEY_LOOKUP_ definitions to include/linux/key.h, to be able to
validate the kfunc parameters.

Also, define the new constant KEY_LOOKUP_FLAGS_ALL, to facilitate checking
whether a variable contains only defined flags.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: KP Singh <kpsingh@kernel.org>
---
 include/linux/key.h      | 4 ++++
 security/keys/internal.h | 2 --
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/include/linux/key.h b/include/linux/key.h
index 7febc4881363..e2a70e0fa89f 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h

@@ -88,6 +88,10 @@ enum key_need_perm {
 	KEY_DEFER_PERM_CHECK,	/* Special: permission check is deferred */
 };
 
+#define KEY_LOOKUP_CREATE	0x01
+#define KEY_LOOKUP_PARTIAL	0x02
+#define KEY_LOOKUP_FLAGS_ALL	(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL)

IMHO this could be just KEY_LOOKUP_ALL.

quoted

+
 struct seq_file;
 struct user_struct;
 struct signal_struct;

diff --git a/security/keys/internal.h b/security/keys/internal.h
index 9b9cf3b6fcbb..3c1e7122076b 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h

@@ -165,8 +165,6 @@ extern struct key *request_key_and_link(struct key_type *type,
 
 extern bool lookup_user_key_possessed(const struct key *key,
 				      const struct key_match_data *match_data);
-#define KEY_LOOKUP_CREATE	0x01
-#define KEY_LOOKUP_PARTIAL	0x02
 
 extern long join_session_keyring(const char *name);
 extern void key_change_session_keyring(struct callback_head *twork);

-- 
2.25.1

Other than that wfm.

Roberto, with the change done above, just add my ack
to the next version:

Acked-by: Jarkko Sakkinen <jarkko@kernel.org>

And it is fine also to pick this to the bpf tree with
rest of the patch set (in the end).

BR, Jarkko

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help