bpf: tidy up internals of bpf key handling #5661
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Author
|
Upstream branch: cd7c97f |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
bpf-next_base
branch
from
6217ef6 to
9879802
Compare
Since the only consumers of struct bpf_key are bpf scripts which call the bpf kfuncs which take struct bpf_key, only the implementing functions in bpf_trace.c should be reaching inside this structure. Enforce this by making the structure opaque in the header with a body that's only defined inside bpf_trace.c Signed-off-by: James Bottomley <[email protected]>
bpf_key.has_ref is used to distinguish between real key pointers and the fake key pointers that are used for system keyrings (to ensure the actual pointers to system keyrings are never visible outside certs/system_keyring.c). The keyrings subsystem has an exported function to do this, so use that in the bpf keyring code eliminating the need to store has_ref. Signed-off-by: James Bottomley <[email protected]>
Now that struct bpf_key is an opaque structure only containing a pointer to the key, make it an alias for the key itself and thus eliminate the need to allocate and free the container. Because the return value of bpf_lookup_system_key() is now overloaded with 0 being a legitimate built in key identifier being the same value as NULL indicating failure, key id 0 is swizzled to -1 to distinguish it again and swizzled back in bpf_key_put() and bpf_verify_pkcs7_signature() to ensure correctness. Signed-off-by: James Bottomley <[email protected]>
Author
|
Upstream branch: e8d780d |
kernel-patches-daemon-bpf-rc
bot
force-pushed
the
series/985613=>bpf-next
branch
from
1e64ced to
7a6378f
Compare
Author
|
At least one diff in series https://patchwork.kernel.org/project/netdevbpf/list/?series=987109 expired. Closing PR. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull request for series with
subject: bpf: tidy up internals of bpf key handling
version: 2
url: https://patchwork.kernel.org/project/netdevbpf/list/?series=987109