[PATCH v13 05/10] bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs

Song Liu song at kernel.org
Fri Aug 26 05:56:45 UTC 2022


On Tue, Aug 23, 2022 at 8:02 AM Roberto Sassu
<roberto.sassu at huaweicloud.com> wrote:
>
> From: Roberto Sassu <roberto.sassu at huawei.com>
>
> Add the bpf_lookup_user_key(), bpf_lookup_system_key() and bpf_key_put()
> kfuncs, to respectively search a key with a given key handle serial number
> and flags, obtain a key from a pre-determined ID defined in
> include/linux/verification.h, and cleanup.
>
> Introduce system_keyring_id_check() to validate the keyring ID parameter of
> bpf_lookup_system_key().
>
> Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
> ---
>  include/linux/bpf.h          |   6 ++
>  include/linux/verification.h |   8 +++
>  kernel/trace/bpf_trace.c     | 135 +++++++++++++++++++++++++++++++++++
>  3 files changed, 149 insertions(+)
>
> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index 6041304b402e..991da09a5858 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h
> @@ -2586,4 +2586,10 @@ static inline void bpf_cgroup_atype_get(u32 attach_btf_id, int cgroup_atype) {}
>  static inline void bpf_cgroup_atype_put(int cgroup_atype) {}
>  #endif /* CONFIG_BPF_LSM */
>
> +#ifdef CONFIG_KEYS

Do we need to declare struct key here?

> +struct bpf_key {
> +       struct key *key;
> +       bool has_ref;
> +};
> +#endif /* CONFIG_KEYS */
>  #endif /* _LINUX_BPF_H */
>



More information about the Linux-security-module-archive mailing list