[v12,04/10] KEYS: Move KEY_LOOKUP_ to include/linux/key.h

Message ID	20220818152929.402605-5-roberto.sassu@huaweicloud.com (mailing list archive)
State	Superseded
Headers	show Return-Path: <bpf-owner@kernel.org> From: roberto.sassu@huaweicloud.com To: ast@kernel.org, daniel@iogearbox.net, andrii@kernel.org, martin.lau@linux.dev, song@kernel.org, yhs@fb.com, john.fastabend@gmail.com, kpsingh@kernel.org, sdf@google.com, haoluo@google.com, jolsa@kernel.org, mykolal@fb.com, corbet@lwn.net, dhowells@redhat.com, jarkko@kernel.org, rostedt@goodmis.org, mingo@redhat.com, paul@paul-moore.com, jmorris@namei.org, serge@hallyn.com, shuah@kernel.org Cc: bpf@vger.kernel.org, linux-doc@vger.kernel.org, keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org, deso@posteo.net, Roberto Sassu <roberto.sassu@huawei.com> Subject: [PATCH v12 04/10] KEYS: Move KEY_LOOKUP_ to include/linux/key.h Date: Thu, 18 Aug 2022 17:29:23 +0200 Message-Id: <20220818152929.402605-5-roberto.sassu@huaweicloud.com> In-Reply-To: <20220818152929.402605-1-roberto.sassu@huaweicloud.com> References: <20220818152929.402605-1-roberto.sassu@huaweicloud.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	bpf: Add kfuncs for PKCS#7 signature verification \| expand [v12,00/10] bpf: Add kfuncs for PKCS#7 signature verification [v12,01/10] bpf: Allow kfuncs to be used in LSM programs [v12,02/10] btf: Handle dynamic pointer parameter in kfuncs [v12,03/10] bpf: Export bpf_dynptr_get_size() [v12,04/10] KEYS: Move KEY_LOOKUP_ to include/linux/key.h [v12,05/10] bpf: Add bpf_lookup__key() and bpf_key_put() kfuncs [v12,06/10] bpf: Add bpf_verify_pkcs7_signature() kfunc [v12,07/10] selftests/bpf: Compile kernel with everything as built-in [v12,08/10] selftests/bpf: Add verifier tests for bpf_lookup__key() and bpf_key_put() [v12,09/10] selftests/bpf: Add additional tests for bpf_lookup_*_key() [v12,10/10] selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc

Context	Check	Description
bpf/vmtest-bpf-next-VM_Test-4	success	Logs for llvm-toolchain
bpf/vmtest-bpf-next-VM_Test-5	success	Logs for set-matrix
bpf/vmtest-bpf-next-VM_Test-3	fail	Logs for Kernel LATEST on z15 with gcc
bpf/vmtest-bpf-next-PR	fail	PR summary
bpf/vmtest-bpf-next-VM_Test-1	fail	Logs for Kernel LATEST on ubuntu-latest with gcc
bpf/vmtest-bpf-next-VM_Test-2	fail	Logs for Kernel LATEST on ubuntu-latest with llvm-16
netdev/tree_selection	success	Guessed tree name to be net-next, async
netdev/fixes_present	success	Fixes tag not required for -next series
netdev/subject_prefix	success	Link
netdev/cover_letter	success	Series has a cover letter
netdev/patch_count	success	Link
netdev/header_inline	success	No static functions without inline keyword in header files
netdev/build_32bit	success	Errors and warnings before: 1579187 this patch: 1579187
netdev/cc_maintainers	success	CCed 8 of 8 maintainers
netdev/build_clang	success	Errors and warnings before: 4322 this patch: 4322
netdev/module_param	success	Was 0 now: 0
netdev/verify_signedoff	success	Signed-off-by tag matches author and committer
netdev/check_selftest	success	No net selftest shell script
netdev/verify_fixes	success	No Fixes tag
netdev/build_allmodconfig_warn	success	Errors and warnings before: 1633382 this patch: 1633382
netdev/checkpatch	success	total: 0 errors, 0 warnings, 0 checks, 25 lines checked
netdev/kdoc	success	Errors and warnings before: 0 this patch: 0
netdev/source_inline	success	Was 0 now: 0

Roberto Sassu Aug. 18, 2022, 3:29 p.m. UTC

From: Roberto Sassu <roberto.sassu@huawei.com>

In preparation for the patch that introduces the bpf_lookup_user_key() eBPF
kfunc, move KEY_LOOKUP_ definitions to include/linux/key.h, to be able to
validate the kfunc parameters.

Also, introduce key_lookup_flags_check() directly in include/linux/key.h,
to reduce the risk that the check is not in sync with currently defined
flags.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: KP Singh <kpsingh@kernel.org>
---
 include/linux/key.h      | 11 +++++++++++
 security/keys/internal.h |  2 --
 2 files changed, 11 insertions(+), 2 deletions(-)

Jarkko Sakkinen Aug. 26, 2022, 5:42 a.m. UTC | #1

On Thu, Aug 18, 2022 at 05:29:23PM +0200, roberto.sassu@huaweicloud.com wrote:
> From: Roberto Sassu <roberto.sassu@huawei.com>
> 
> In preparation for the patch that introduces the bpf_lookup_user_key() eBPF
> kfunc, move KEY_LOOKUP_ definitions to include/linux/key.h, to be able to
> validate the kfunc parameters.
> 
> Also, introduce key_lookup_flags_check() directly in include/linux/key.h,
> to reduce the risk that the check is not in sync with currently defined
> flags.

Missing the description what the heck this function even is.

Please, explain that.

Also, the short subject is misleading because this *just*
does not move flags.

> 
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> Reviewed-by: KP Singh <kpsingh@kernel.org>
> ---
>  include/linux/key.h      | 11 +++++++++++
>  security/keys/internal.h |  2 --
>  2 files changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/include/linux/key.h b/include/linux/key.h
> index 7febc4881363..b5bbae77a9e7 100644
> --- a/include/linux/key.h
> +++ b/include/linux/key.h
> @@ -88,6 +88,17 @@ enum key_need_perm {
>  	KEY_DEFER_PERM_CHECK,	/* Special: permission check is deferred */
>  };
>  
> +#define KEY_LOOKUP_CREATE	0x01
> +#define KEY_LOOKUP_PARTIAL	0x02
> +

/*
 * Explain what the heck this function is.
 */
> +static inline int key_lookup_flags_check(u64 flags)
> +{
> +	if (flags & ~(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL))
> +		return -EINVAL;
> +
> +	return 0;
> +}

This is essentially a boolean function, right?

I.e. the implementation can be just:

!!(flags & ~(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL))

Not even sure if this is needed in the first place, or
would it be better just to open code it. How many call
sites does it have anyway?

BR, Jarkko

Roberto Sassu Aug. 26, 2022, 7:14 a.m. UTC | #2

On Fri, 2022-08-26 at 08:42 +0300, Jarkko Sakkinen wrote:
> On Thu, Aug 18, 2022 at 05:29:23PM +0200, 
> roberto.sassu@huaweicloud.com wrote:
> > From: Roberto Sassu <roberto.sassu@huawei.com>
> > 
> > In preparation for the patch that introduces the
> > bpf_lookup_user_key() eBPF
> > kfunc, move KEY_LOOKUP_ definitions to include/linux/key.h, to be
> > able to
> > validate the kfunc parameters.
> > 
> > Also, introduce key_lookup_flags_check() directly in
> > include/linux/key.h,
> > to reduce the risk that the check is not in sync with currently
> > defined
> > flags.
> 
> Missing the description what the heck this function even is.
> 
> Please, explain that.

Hi Jarkko

sorry, forgot to update the commit description. Will do it.

> Also, the short subject is misleading because this *just*
> does not move flags.
> 
> > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > Reviewed-by: KP Singh <kpsingh@kernel.org>
> > ---
> >  include/linux/key.h      | 11 +++++++++++
> >  security/keys/internal.h |  2 --
> >  2 files changed, 11 insertions(+), 2 deletions(-)
> > 
> > diff --git a/include/linux/key.h b/include/linux/key.h
> > index 7febc4881363..b5bbae77a9e7 100644
> > --- a/include/linux/key.h
> > +++ b/include/linux/key.h
> > @@ -88,6 +88,17 @@ enum key_need_perm {
> >  	KEY_DEFER_PERM_CHECK,	/* Special: permission check is
> > deferred */
> >  };
> >  
> > +#define KEY_LOOKUP_CREATE	0x01
> > +#define KEY_LOOKUP_PARTIAL	0x02
> > +
> 
> /*
>  * Explain what the heck this function is.
>  */
> > +static inline int key_lookup_flags_check(u64 flags)
> > +{
> > +	if (flags & ~(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL))
> > +		return -EINVAL;
> > +
> > +	return 0;
> > +}
> 
> This is essentially a boolean function, right?
> 
> I.e. the implementation can be just:
> 
> !!(flags & ~(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL))

Absolutely fine with that, if you prefer.

> Not even sure if this is needed in the first place, or
> would it be better just to open code it. How many call
> sites does it have anyway?
> 

Daniel preferred to have this check here.

Thanks

Roberto

Jarkko Sakkinen Aug. 28, 2022, 3:57 a.m. UTC | #3

On Fri, Aug 26, 2022 at 09:14:09AM +0200, Roberto Sassu wrote:
> On Fri, 2022-08-26 at 08:42 +0300, Jarkko Sakkinen wrote:
> > On Thu, Aug 18, 2022 at 05:29:23PM +0200, 
> > roberto.sassu@huaweicloud.com wrote:
> > > From: Roberto Sassu <roberto.sassu@huawei.com>
> > > 
> > > In preparation for the patch that introduces the
> > > bpf_lookup_user_key() eBPF
> > > kfunc, move KEY_LOOKUP_ definitions to include/linux/key.h, to be
> > > able to
> > > validate the kfunc parameters.
> > > 
> > > Also, introduce key_lookup_flags_check() directly in
> > > include/linux/key.h,
> > > to reduce the risk that the check is not in sync with currently
> > > defined
> > > flags.
> > 
> > Missing the description what the heck this function even is.
> > 
> > Please, explain that.
> 
> Hi Jarkko
> 
> sorry, forgot to update the commit description. Will do it.
> 
> > Also, the short subject is misleading because this *just*
> > does not move flags.
> > 
> > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > > Reviewed-by: KP Singh <kpsingh@kernel.org>
> > > ---
> > >  include/linux/key.h      | 11 +++++++++++
> > >  security/keys/internal.h |  2 --
> > >  2 files changed, 11 insertions(+), 2 deletions(-)
> > > 
> > > diff --git a/include/linux/key.h b/include/linux/key.h
> > > index 7febc4881363..b5bbae77a9e7 100644
> > > --- a/include/linux/key.h
> > > +++ b/include/linux/key.h
> > > @@ -88,6 +88,17 @@ enum key_need_perm {
> > >  	KEY_DEFER_PERM_CHECK,	/* Special: permission check is
> > > deferred */
> > >  };
> > >  
> > > +#define KEY_LOOKUP_CREATE	0x01
> > > +#define KEY_LOOKUP_PARTIAL	0x02
> > > +
> > 
> > /*
> >  * Explain what the heck this function is.
> >  */
> > > +static inline int key_lookup_flags_check(u64 flags)
> > > +{
> > > +	if (flags & ~(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL))
> > > +		return -EINVAL;
> > > +
> > > +	return 0;
> > > +}
> > 
> > This is essentially a boolean function, right?
> > 
> > I.e. the implementation can be just:
> > 
> > !!(flags & ~(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL))
> 
> Absolutely fine with that, if you prefer.

It can be either, it more depends on if a new function
is needed in the first place.

E.g. if you are worried about maintaining you could just
as well define a constant containing the mask, right?

> 
> > Not even sure if this is needed in the first place, or
> > would it be better just to open code it. How many call
> > sites does it have anyway?
> > 
> 
> Daniel preferred to have this check here.

How many call sites?

BR, Jarkko

KP Singh Aug. 28, 2022, 12:04 p.m. UTC | #4

On Sun, Aug 28, 2022 at 5:57 AM Jarkko Sakkinen <jarkko@kernel.org> wrote:
>
> On Fri, Aug 26, 2022 at 09:14:09AM +0200, Roberto Sassu wrote:
> > On Fri, 2022-08-26 at 08:42 +0300, Jarkko Sakkinen wrote:
> > > On Thu, Aug 18, 2022 at 05:29:23PM +0200,
> > > roberto.sassu@huaweicloud.com wrote:
> > > > From: Roberto Sassu <roberto.sassu@huawei.com>
> > > >
> > > > In preparation for the patch that introduces the
> > > > bpf_lookup_user_key() eBPF
> > > > kfunc, move KEY_LOOKUP_ definitions to include/linux/key.h, to be
> > > > able to
> > > > validate the kfunc parameters.
> > > >
> > > > Also, introduce key_lookup_flags_check() directly in
> > > > include/linux/key.h,
> > > > to reduce the risk that the check is not in sync with currently
> > > > defined
> > > > flags.
> > >
> > > Missing the description what the heck this function even is.
> > >
> > > Please, explain that.
> >
> > Hi Jarkko
> >
> > sorry, forgot to update the commit description. Will do it.
> >
> > > Also, the short subject is misleading because this *just*
> > > does not move flags.
> > >
> > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > > > Reviewed-by: KP Singh <kpsingh@kernel.org>
> > > > ---
> > > >  include/linux/key.h      | 11 +++++++++++
> > > >  security/keys/internal.h |  2 --
> > > >  2 files changed, 11 insertions(+), 2 deletions(-)
> > > >
> > > > diff --git a/include/linux/key.h b/include/linux/key.h
> > > > index 7febc4881363..b5bbae77a9e7 100644
> > > > --- a/include/linux/key.h
> > > > +++ b/include/linux/key.h
> > > > @@ -88,6 +88,17 @@ enum key_need_perm {
> > > >   KEY_DEFER_PERM_CHECK,   /* Special: permission check is
> > > > deferred */
> > > >  };
> > > >
> > > > +#define KEY_LOOKUP_CREATE        0x01
> > > > +#define KEY_LOOKUP_PARTIAL       0x02
> > > > +
> > >
> > > /*
> > >  * Explain what the heck this function is.
> > >  */
> > > > +static inline int key_lookup_flags_check(u64 flags)
> > > > +{
> > > > + if (flags & ~(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL))
> > > > +         return -EINVAL;
> > > > +
> > > > + return 0;
> > > > +}
> > >
> > > This is essentially a boolean function, right?
> > >
> > > I.e. the implementation can be just:
> > >
> > > !!(flags & ~(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL))
> >
> > Absolutely fine with that, if you prefer.
>
> It can be either, it more depends on if a new function
> is needed in the first place.
>
> E.g. if you are worried about maintaining you could just
> as well define a constant containing the mask, right?

+1 A mask is better.

>
> >
> > > Not even sure if this is needed in the first place, or
> > > would it be better just to open code it. How many call
> > > sites does it have anyway?
> > >
> >
> > Daniel preferred to have this check here.
>
> How many call sites?
>
> BR, Jarkko

[v12,04/10] KEYS: Move KEY_LOOKUP_ to include/linux/key.h

Checks

Commit Message

Comments

Patch