[PATCH v16 06/12] bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs

Roberto Sassu roberto.sassu at huaweicloud.com
Wed Sep 7 06:59:25 UTC 2022


On Tue, 2022-09-06 at 11:45 -0700, Alexei Starovoitov wrote:
> On Tue, Sep 6, 2022 at 1:01 AM Roberto Sassu
> <roberto.sassu at huaweicloud.com> wrote:
> > > > +struct bpf_key *bpf_lookup_user_key(u32 serial, u64 flags)
> > > > +{
> > > > +       key_ref_t key_ref;
> > > > +       struct bpf_key *bkey;
> > > > +
> > > > +       if (flags & ~KEY_LOOKUP_ALL)
> > > > +               return NULL;
> > > > +
> > > > +       /*
> > > > +        * Permission check is deferred until the key is used,
> > > > as
> > > > the
> > > > +        * intent of the caller is unknown here.
> > > > +        */
> > > > +       key_ref = lookup_user_key(serial, flags,
> > > > KEY_DEFER_PERM_CHECK);
> > > > +       if (IS_ERR(key_ref))
> > > > +               return NULL;
> > > > +
> > > > +       bkey = kmalloc(sizeof(*bkey), GFP_ATOMIC);
> > > 
> > > Since this function (due to lookup_user_key) is sleepable, do we
> > > really need GFP_ATOMIC here?
> > 
> > Daniel suggested it for bpf_lookup_system_key(), so that the kfunc
> > does
> > not have to be sleepable.
> 
> Hold on. It has to be sleepable. Just take a look
> at what lookup_user_key is doing inside.
> 

https://lore.kernel.org/bpf/2b1d62ad-af4b-4694-ecc8-639fbd821a05@iogearbox.net/

Roberto



More information about the Linux-security-module-archive mailing list