Received: by 2002:a05:6358:45e:b0:b5:b6eb:e1f9 with SMTP id 30csp174274rwe; Fri, 26 Aug 2022 03:01:57 -0700 (PDT) X-Google-Smtp-Source: AA6agR5hzxdDd4R2En0PaSrgIw4Vsaff6i++MNsnxZ9ZkJjVfMjngIfZ8FGicMogzjAytlJ3n/T9 X-Received: by 2002:a17:903:32cd:b0:16f:c31:7034 with SMTP id i13-20020a17090332cd00b0016f0c317034mr2970966plr.126.1661508117009; Fri, 26 Aug 2022 03:01:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661508117; cv=none; d=google.com; s=arc-20160816; b=ran9gWdf6cFpuw7bd3S+IpQLbGQ9tC0Dk6KwqmEUxuMyhRTkG1YNyuASen+P93HtYS bBV0gWsE80GVZQZe+WpFZKOOKS8DYJkOqg3ozSco2IJ3Jze6xfp1B5fQHPCI3L8LGTIN 2FruYSYRHfVIP9OxAmwnMYmxwyHtHmfmR5Aogoy0xKPeGANpInTiuGZIpLq6xFsgbT4s LfcJeCryyqhzY+M5FHuAxuaQG2ObCne/5HsWx3gEqgWgfO2+TKaWvMrXWH4VPriCu0FB +GUKERjOc6mEt+tGnRhZpfJCTGqh3EczUesDZ2ErtUhQTqMpaOmw1A6DGH+XCY9CJv5d uQVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=vi9uHuHXbO+NP1O0jRm+8xpfDePnuMFELvGMSBlExvI=; b=G5kuysTHRu7pd6YlA9Z/piD7zLvpxji6qx4QUbxsDlVb8PpUBdVLPutl2lIDDRvIsf OQMWw6yPoidcPk0gdyic5r9rVrlGrhuZABEaKCQP/5DvhJKQuJa8LJUSmRN2RSI7NPe2 9bSgwpA4YACjcpw9p5wIq7ekIJak//cJX47ioH3b04bafxPTqvMIefHilLcPJNynBt8q iPvHNJkhNjVGtW93lNxK6mnvvV2dsHqN87rbY8Gg1+eIYsVMhJ944qKUAPzGJl9Al3dD au1Hjpa5t2nb4j16ptvbMEl3DSA1VgbdTLr1i/AOvmC5iCz6U4/TTyITkXIw5lFJlABh cgcA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z18-20020aa78892000000b005363fa9e126si1488058pfe.358.2022.08.26.03.01.44; Fri, 26 Aug 2022 03:01:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S245146AbiHZJN1 (ORCPT + 99 others); Fri, 26 Aug 2022 05:13:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33664 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233000AbiHZJNZ (ORCPT ); Fri, 26 Aug 2022 05:13:25 -0400 Received: from frasgout11.his.huawei.com (frasgout11.his.huawei.com [14.137.139.23]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A285DCD78F; Fri, 26 Aug 2022 02:13:23 -0700 (PDT) Received: from mail02.huawei.com (unknown [172.18.147.228]) by frasgout11.his.huawei.com (SkyGuard) with ESMTP id 4MDYrv5GwNz9v7Gy; Fri, 26 Aug 2022 17:07:59 +0800 (CST) Received: from huaweicloud.com (unknown [10.204.63.22]) by APP2 (Coremail) with SMTP id GxC2BwCnXxeKjghjdBVRAA--.23684S2; Fri, 26 Aug 2022 10:12:54 +0100 (CET) From: Roberto Sassu To: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, mykolal@fb.com, corbet@lwn.net, dhowells@redhat.com, jarkko@kernel.org, rostedt@goodmis.org, mingo@redhat.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, shuah@kernel.org Cc: bpf@vger.kernel.org, linux-doc@vger.kernel.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, deso@posteo.net, Roberto Sassu Subject: [PATCH v14 04/10] KEYS: Move KEY_LOOKUP_ to include/linux/key.h and add flags check function Date: Fri, 26 Aug 2022 11:12:28 +0200 Message-Id: <20220826091228.1701185-1-roberto.sassu@huaweicloud.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID: GxC2BwCnXxeKjghjdBVRAA--.23684S2 X-Coremail-Antispam: 1UD129KBjvJXoW7urW3JFWUGryftw1rWr4fuFg_yoW8uF1kpF yUCa4rKry8GFy2g3s3GFsIya1ag3yfGr17AFZIgwn0vF9ag3y8Jrn7GF43GF15urWruFy2 qr42ga15uw1UA3DanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUkIb4IE77IF4wAFF20E14v26rWj6s0DM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6r1S6rWUM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4 vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Jr0_JF4l84ACjcxK6xIIjxv20xvEc7Cj xVAFwI0_Gr0_Cr1l84ACjcxK6I8E87Iv67AKxVW8JVWxJwA2z4x0Y4vEx4A2jsIEc7CjxV AFwI0_Gr1j6F4UJwAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG 6I80ewAv7VC0I7IYx2IY67AKxVWUGVWUXwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFV Cjc4AY6r1j6r4UM4x0Y48IcxkI7VAKI48JM4IIrI8v6xkF7I0E8cxan2IY04v7MxAIw28I cxkI7VAKI48JMxC20s026xCaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI0_Jr0_Jr4lx2 IqxVCjr7xvwVAFwI0_JrI_JrWlx4CE17CEb7AF67AKxVW8ZVWrXwCIc40Y0x0EwIxGrwCI 42IY6xIIjxv20xvE14v26r1j6r1xMIIF0xvE2Ix0cI8IcVCY1x0267AKxVW8JVWxJwCI42 IY6xAIw20EY4v20xvaj40_WFyUJVCq3wCI42IY6I8E87Iv67AKxVWUJVW8JwCI42IY6I8E 87Iv6xkF7I0E14v26r4UJVWxJrUvcSsGvfC2KfnxnUUI43ZEXa7IUbHa0PUUUUU== X-CM-SenderInfo: purev21wro2thvvxqx5xdzvxpfor3voofrz/1tbiAQAQBF1jj4JQwgAFsx X-CFilter-Loop: Reflected X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Roberto Sassu In preparation for the patch that introduces the bpf_lookup_user_key() eBPF kfunc, move KEY_LOOKUP_ definitions to include/linux/key.h, to be able to validate the kfunc parameters. Also, introduce key_lookup_flags_valid() to check if the caller set in the argument only defined flags. Introduce it directly in include/linux/key.h, to reduce the risk that the check is not in sync with currently defined flags. Signed-off-by: Roberto Sassu Reviewed-by: KP Singh --- include/linux/key.h | 16 ++++++++++++++++ security/keys/internal.h | 2 -- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/include/linux/key.h b/include/linux/key.h index 7febc4881363..e679dbf0c940 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -88,6 +88,22 @@ enum key_need_perm { KEY_DEFER_PERM_CHECK, /* Special: permission check is deferred */ }; +#define KEY_LOOKUP_CREATE 0x01 +#define KEY_LOOKUP_PARTIAL 0x02 + +/** + * key_lookup_flags_valid - detect if provided key lookup flags are valid + * @flags: key lookup flags. + * + * Verify whether or not the caller set in the argument only defined flags. + * + * Return: true if flags are valid, false if not. + */ +static inline bool key_lookup_flags_valid(u64 flags) +{ + return !(flags & ~(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL)); +} + struct seq_file; struct user_struct; struct signal_struct; diff --git a/security/keys/internal.h b/security/keys/internal.h index 9b9cf3b6fcbb..3c1e7122076b 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -165,8 +165,6 @@ extern struct key *request_key_and_link(struct key_type *type, extern bool lookup_user_key_possessed(const struct key *key, const struct key_match_data *match_data); -#define KEY_LOOKUP_CREATE 0x01 -#define KEY_LOOKUP_PARTIAL 0x02 extern long join_session_keyring(const char *name); extern void key_change_session_keyring(struct callback_head *twork); -- 2.25.1