On Tue, Aug 23, 2022 at 8:02 AM Roberto Sassu
<roberto.sassu@xxxxxxxxxxxxxxx> wrote:
>
> From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
>
> Add the bpf_lookup_user_key(), bpf_lookup_system_key() and bpf_key_put()
> kfuncs, to respectively search a key with a given key handle serial number
> and flags, obtain a key from a pre-determined ID defined in
> include/linux/verification.h, and cleanup.
>
> Introduce system_keyring_id_check() to validate the keyring ID parameter of
> bpf_lookup_system_key().
>
> Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
> ---
> include/linux/bpf.h | 6 ++
> include/linux/verification.h | 8 +++
> kernel/trace/bpf_trace.c | 135 +++++++++++++++++++++++++++++++++++
> 3 files changed, 149 insertions(+)
>
> diff --git a/include/linux/bpf.h b/include/linux/bpf.h
> index 6041304b402e..991da09a5858 100644
> --- a/include/linux/bpf.h
> +++ b/include/linux/bpf.h
> @@ -2586,4 +2586,10 @@ static inline void bpf_cgroup_atype_get(u32 attach_btf_id, int cgroup_atype) {}
> static inline void bpf_cgroup_atype_put(int cgroup_atype) {}
> #endif /* CONFIG_BPF_LSM */
>
> +#ifdef CONFIG_KEYS
Do we need to declare struct key here?
> +struct bpf_key {
> + struct key *key;
> + bool has_ref;
> +};
> +#endif /* CONFIG_KEYS */
> #endif /* _LINUX_BPF_H */
>
