From: Daniel Borkmann <daniel@iogearbox.net>
To: Roberto Sassu <roberto.sassu@huawei.com>,
"ast@kernel.org" <ast@kernel.org>,
"andrii@kernel.org" <andrii@kernel.org>,
"martin.lau@linux.dev" <martin.lau@linux.dev>,
"song@kernel.org" <song@kernel.org>, "yhs@fb.com" <yhs@fb.com>,
"john.fastabend@gmail.com" <john.fastabend@gmail.com>,
"kpsingh@kernel.org" <kpsingh@kernel.org>,
"sdf@google.com" <sdf@google.com>,
"haoluo@google.com" <haoluo@google.com>,
"jolsa@kernel.org" <jolsa@kernel.org>,
"corbet@lwn.net" <corbet@lwn.net>,
"dhowells@redhat.com" <dhowells@redhat.com>,
"jarkko@kernel.org" <jarkko@kernel.org>,
"rostedt@goodmis.org" <rostedt@goodmis.org>,
"mingo@redhat.com" <mingo@redhat.com>,
"paul@paul-moore.com" <paul@paul-moore.com>,
"jmorris@namei.org" <jmorris@namei.org>,
"serge@hallyn.com" <serge@hallyn.com>,
"shuah@kernel.org" <shuah@kernel.org>
Cc: "bpf@vger.kernel.org" <bpf@vger.kernel.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
"linux-security-module@vger.kernel.org"
<linux-security-module@vger.kernel.org>,
"linux-kselftest@vger.kernel.org"
<linux-kselftest@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v9 06/10] bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs
Date: Wed, 10 Aug 2022 16:29:50 +0200 [thread overview]
Message-ID: <d0c0cda2-9a79-35d7-39cf-aad8a12642d9@iogearbox.net> (raw)
In-Reply-To: <ecc84dd76f4c429bb55e6bd8fece376b@huawei.com>
[...]
>>> +noinline __weak struct bpf_key *bpf_lookup_user_key(u32 serial, u64 flags)
>>
>> Why the need for noinline and the __weak here and below? (If indeed needed
>> this
>> should probably be explained in the commit desc.)
>
> Oh, I took from v3 of KP's patch set. It is gone in v5. Will do
> the same as well.
>
>>> +{
>>> + key_ref_t key_ref;
>>> + struct bpf_key *bkey;
>>> +
>>> + /* Keep in sync with include/linux/key.h. */
>>> + if (flags > (KEY_LOOKUP_PARTIAL << 1) - 1)
>>
>> Can't we just simplify and test flags &
>> ~(KEY_LOOKUP_CREATE|KEY_LOOKUP_PARTIAL)?
>
> I thought as if we have many flags.
I'd keep it simple for now, and if the actual need comes this can still be changed.
>>> + return NULL;
>>> +
>>> + /* Permission check is deferred until actual kfunc using the key. */
>>> + key_ref = lookup_user_key(serial, flags, KEY_DEFER_PERM_CHECK);
>>> + if (IS_ERR(key_ref))
>>> + return NULL;
>>> +
>>> + bkey = kmalloc(sizeof(*bkey), GFP_KERNEL);
>>> + if (!bkey) {
>>> + key_put(key_ref_to_ptr(key_ref));
>>> + return bkey;
>>
>> nit: just return NULL probably cleaner
>
> Ok.
next prev parent reply other threads:[~2022-08-10 14:30 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-09 13:45 [PATCH v9 00/10] bpf: Add kfuncs for PKCS#7 signature verification Roberto Sassu
2022-08-09 13:45 ` [PATCH v9 01/10] btf: Add a new kfunc flag which allows to mark a function to be sleepable Roberto Sassu
2022-08-09 16:54 ` Jarkko Sakkinen
2022-08-10 13:44 ` Roberto Sassu
2022-08-10 14:25 ` Benjamin Tissoires
2022-08-10 14:38 ` Daniel Borkmann
2022-08-10 14:52 ` Roberto Sassu
2022-08-10 14:58 ` Yosry Ahmed
2022-08-09 13:45 ` [PATCH v9 02/10] bpf: Allow kfuncs to be used in LSM programs Roberto Sassu
2022-08-09 21:53 ` Daniel Borkmann
2022-08-09 13:45 ` [PATCH v9 03/10] btf: Handle dynamic pointer parameter in kfuncs Roberto Sassu
2022-08-09 22:08 ` Daniel Borkmann
2022-08-09 22:29 ` Daniel Borkmann
2022-08-09 13:45 ` [PATCH v9 04/10] bpf: Export bpf_dynptr_get_size() Roberto Sassu
2022-08-09 13:45 ` [PATCH v9 05/10] KEYS: Move KEY_LOOKUP_ to include/linux/key.h Roberto Sassu
2022-08-09 13:45 ` [PATCH v9 06/10] bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs Roberto Sassu
2022-08-09 22:53 ` Daniel Borkmann
2022-08-10 14:17 ` Roberto Sassu
2022-08-10 14:29 ` Daniel Borkmann [this message]
2022-08-09 13:46 ` [PATCH v9 07/10] bpf: Add bpf_verify_pkcs7_signature() kfunc Roberto Sassu
2022-08-09 23:09 ` Daniel Borkmann
2022-08-10 2:41 ` Alexei Starovoitov
2022-08-09 13:46 ` [PATCH v9 08/10] selftests/bpf: Add verifier tests for bpf_lookup_*_key() and bpf_key_put() Roberto Sassu
2022-08-09 13:46 ` [PATCH v9 09/10] selftests/bpf: Add additional tests for bpf_lookup_*_key() Roberto Sassu
2022-08-09 13:46 ` [PATCH v9 10/10] selftests/bpf: Add test for bpf_verify_pkcs7_signature() kfunc Roberto Sassu
2022-08-09 16:20 ` [PATCH v9 00/10] bpf: Add kfuncs for PKCS#7 signature verification patchwork-bot+netdevbpf
2022-08-09 16:53 ` Jarkko Sakkinen
2022-08-10 10:47 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d0c0cda2-9a79-35d7-39cf-aad8a12642d9@iogearbox.net \
--to=daniel@iogearbox.net \
--cc=andrii@kernel.org \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=haoluo@google.com \
--cc=jarkko@kernel.org \
--cc=jmorris@namei.org \
--cc=john.fastabend@gmail.com \
--cc=jolsa@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=kpsingh@kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=martin.lau@linux.dev \
--cc=mingo@redhat.com \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=rostedt@goodmis.org \
--cc=sdf@google.com \
--cc=serge@hallyn.com \
--cc=shuah@kernel.org \
--cc=song@kernel.org \
--cc=yhs@fb.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).