[PATCH v13 05/10] bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs
Song Liu
song at kernel.org
Fri Aug 26 05:56:45 UTC 2022
On Tue, Aug 23, 2022 at 8:02 AM Roberto Sassu
<roberto.sassu at huaweicloud.com> wrote:
>
> From: Roberto Sassu <roberto.sassu at huawei.com>
>
> Add the bpf_lookup_user_key(), bpf_lookup_system_key() and bpf_key_put()
> kfuncs, to respectively search a key with a given key handle serial number
> and flags, obtain a key from a pre-determined ID defined in
> include/linux/verification.h, and cleanup.
>
> Introduce system_keyring_id_check() to validate the keyring ID parameter of
> bpf_lookup_system_key().
>
> Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
> ---
> include/linux/bpf.h | 6 ++
> include/linux/verification.h | 8 +++
> kernel/trace/bpf_trace.c | 135 +++++++++++++++++++++++++++++++++++
> 3 files changed, 149 insertions(+)
>
> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index 6041304b402e..991da09a5858 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h
> @@ -2586,4 +2586,10 @@ static inline void bpf_cgroup_atype_get(u32 attach_btf_id, int cgroup_atype) {}
> static inline void bpf_cgroup_atype_put(int cgroup_atype) {}
> #endif /* CONFIG_BPF_LSM */
>
> +#ifdef CONFIG_KEYS
Do we need to declare struct key here?
> +struct bpf_key {
> + struct key *key;
> + bool has_ref;
> +};
> +#endif /* CONFIG_KEYS */
> #endif /* _LINUX_BPF_H */
>
More information about the Linux-security-module-archive
mailing list