[PATCH v2 07/13] bpf: Move the signature kfuncs to helpers.c
James Bottomley
James.Bottomley at HansenPartnership.com
Wed Jul 23 16:47:02 UTC 2025
On Mon, 2025-07-21 at 23:19 +0200, KP Singh wrote:
> No functional changes, except for the addition of the headers for the
> kfuncs so that they can be used for signature verification.
Not really anything to do with this code, but looking at the whole of
the keyrings handing, it does seem to be a bit pointlessly redundant.
There's actually no need for the
bool has_ref;
in struct bpf_key because there's already an exported macro that can
tell you that based on struct key *
(verification.h:system_id_keyring_check), so if you replaced that, you
could drop has_ref and then, I think you could eliminate the pointer
allocation as well meaning bpf_key simply becomes an alias for struct
key ... it should simplify the code quite a lot. I can put a patch set
together and see what it looks like.
Regards,
James
More information about the Linux-security-module-archive
mailing list