[PATCH v14 04/10] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and add flags check function
Roberto Sassu
roberto.sassu at huaweicloud.com
Fri Aug 26 09:22:54 UTC 2022
On Fri, 2022-08-26 at 11:12 +0200, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu at huawei.com>
>
> In preparation for the patch that introduces the
> bpf_lookup_user_key() eBPF
> kfunc, move KEY_LOOKUP_ definitions to include/linux/key.h, to be
> able to
> validate the kfunc parameters.
>
> Also, introduce key_lookup_flags_valid() to check if the caller set
> in the
> argument only defined flags. Introduce it directly in
> include/linux/key.h,
> to reduce the risk that the check is not in sync with currently
> defined
> flags.
>
> Signed-off-by: Roberto Sassu <roberto.sassu at huawei.com>
> Reviewed-by: KP Singh <kpsingh at kernel.org>
Jarkko, could you please ack it if it is fine?
Thanks
Roberto
> ---
> include/linux/key.h | 16 ++++++++++++++++
> security/keys/internal.h | 2 --
> 2 files changed, 16 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/key.h b/include/linux/key.h
> index 7febc4881363..e679dbf0c940 100644
> --- a/include/linux/key.h
> +++ b/include/linux/key.h
> @@ -88,6 +88,22 @@ enum key_need_perm {
> KEY_DEFER_PERM_CHECK, /* Special: permission check is
> deferred */
> };
>
> +#define KEY_LOOKUP_CREATE 0x01
> +#define KEY_LOOKUP_PARTIAL 0x02
> +
> +/**
> + * key_lookup_flags_valid - detect if provided key lookup flags are
> valid
> + * @flags: key lookup flags.
> + *
> + * Verify whether or not the caller set in the argument only defined
> flags.
> + *
> + * Return: true if flags are valid, false if not.
> + */
> +static inline bool key_lookup_flags_valid(u64 flags)
> +{
> + return !(flags & ~(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL));
> +}
> +
> struct seq_file;
> struct user_struct;
> struct signal_struct;
> diff --git a/security/keys/internal.h b/security/keys/internal.h
> index 9b9cf3b6fcbb..3c1e7122076b 100644
> --- a/security/keys/internal.h
> +++ b/security/keys/internal.h
> @@ -165,8 +165,6 @@ extern struct key *request_key_and_link(struct
> key_type *type,
>
> extern bool lookup_user_key_possessed(const struct key *key,
> const struct key_match_data
> *match_data);
> -#define KEY_LOOKUP_CREATE 0x01
> -#define KEY_LOOKUP_PARTIAL 0x02
>
> extern long join_session_keyring(const char *name);
> extern void key_change_session_keyring(struct callback_head *twork);
More information about the Linux-security-module-archive
mailing list