From: Roberto Sassu <roberto.sassu@xxxxxxxxxx> In preparation for the patch that introduces the bpf_lookup_user_key() eBPF kfunc, move KEY_LOOKUP_ definitions to include/linux/key.h, to be able to validate the kfunc parameters. Also, introduce key_lookup_flags_valid() to check if the caller set in the argument only defined flags. Introduce it directly in include/linux/key.h, to reduce the risk that the check is not in sync with currently defined flags. Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> Reviewed-by: KP Singh <kpsingh@xxxxxxxxxx> --- include/linux/key.h | 16 ++++++++++++++++ security/keys/internal.h | 2 -- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/include/linux/key.h b/include/linux/key.h index 7febc4881363..e679dbf0c940 100644 --- a/include/linux/key.h +++ b/include/linux/key.h @@ -88,6 +88,22 @@ enum key_need_perm { KEY_DEFER_PERM_CHECK, /* Special: permission check is deferred */ }; +#define KEY_LOOKUP_CREATE 0x01 +#define KEY_LOOKUP_PARTIAL 0x02 + +/** + * key_lookup_flags_valid - detect if provided key lookup flags are valid + * @flags: key lookup flags. + * + * Verify whether or not the caller set in the argument only defined flags. + * + * Return: true if flags are valid, false if not. + */ +static inline bool key_lookup_flags_valid(u64 flags) +{ + return !(flags & ~(KEY_LOOKUP_CREATE | KEY_LOOKUP_PARTIAL)); +} + struct seq_file; struct user_struct; struct signal_struct; diff --git a/security/keys/internal.h b/security/keys/internal.h index 9b9cf3b6fcbb..3c1e7122076b 100644 --- a/security/keys/internal.h +++ b/security/keys/internal.h @@ -165,8 +165,6 @@ extern struct key *request_key_and_link(struct key_type *type, extern bool lookup_user_key_possessed(const struct key *key, const struct key_match_data *match_data); -#define KEY_LOOKUP_CREATE 0x01 -#define KEY_LOOKUP_PARTIAL 0x02 extern long join_session_keyring(const char *name); extern void key_change_session_keyring(struct callback_head *twork); -- 2.25.1