[v8,04/12] keys: export lookup_user_key to external users

Message ID	153549646033.4089.17866270311512341456.stgit@djiang5-desk3.ch.intel.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <linux-nvdimm-bounces@lists.01.org> Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=134.134.136.126; helo=mga18.intel.com; envelope-from=dave.jiang@intel.com; receiver=linux-nvdimm@lists.01.org Subject: [PATCH v8 04/12] keys: export lookup_user_key to external users From: Dave Jiang <dave.jiang@intel.com> To: linux-nvdimm@lists.01.org Date: Tue, 28 Aug 2018 15:47:40 -0700 Message-ID: <153549646033.4089.17866270311512341456.stgit@djiang5-desk3.ch.intel.com> In-Reply-To: <153549632073.4089.3609134467249378610.stgit@djiang5-desk3.ch.intel.com> References: <153549632073.4089.3609134467249378610.stgit@djiang5-desk3.ch.intel.com> User-Agent: StGit/unknown-version MIME-Version: 1.0 Precedence: list Cc: alison.schofield@intel.com, keescook@chromium.org, ebiggers3@gmail.com, dhowells@redhat.com, keyrings@vger.kernel.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-nvdimm-bounces@lists.01.org Sender: "Linux-nvdimm" <linux-nvdimm-bounces@lists.01.org>
Series	Adding security support for nvdimm \| expand [v8,00/12] Adding security support for nvdimm [v8,01/12] nfit: add support for Intel DSM 1.7 commands [v8,02/12] libnvdimm: create keyring to store security keys [v8,03/12] nfit/libnvdimm: store dimm id as a member to struct nvdimm [v8,04/12] keys: export lookup_user_key to external users [v8,05/12] nfit/libnvdimm: add unlock of nvdimm support for Intel DIMMs [v8,06/12] nfit/libnvdimm: add set passphrase support for Intel nvdimms [v8,07/12] nfit/libnvdimm: add disable passphrase support to Intel nvdimm. [v8,08/12] nfit/libnvdimm: add freeze security support to Intel nvdimm [v8,09/12] nfit/libnvdimm: add support for issue secure erase DSM to Intel nvdimm [v8,10/12] nfit_test: add context to dimm_dev for nfit_test [v8,11/12] nfit_test: add test support for Intel nvdimm security DSMs [v8,12/12] libnvdimm: add documentation for nvdimm security support

Message ID

153549646033.4089.17866270311512341456.stgit@djiang5-desk3.ch.intel.com (mailing list archive)

State

New, archived

Headers

Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=134.134.136.126; helo=mga18.intel.com;
 envelope-from=dave.jiang@intel.com; receiver=linux-nvdimm@lists.01.org
Subject: [PATCH v8 04/12] keys: export lookup_user_key to external users
From: Dave Jiang <dave.jiang@intel.com>
To: linux-nvdimm@lists.01.org
Date: Tue, 28 Aug 2018 15:47:40 -0700
Message-ID: 
 <153549646033.4089.17866270311512341456.stgit@djiang5-desk3.ch.intel.com>
In-Reply-To: 
 <153549632073.4089.3609134467249378610.stgit@djiang5-desk3.ch.intel.com>
References: 
 <153549632073.4089.3609134467249378610.stgit@djiang5-desk3.ch.intel.com>
User-Agent: StGit/unknown-version
MIME-Version: 1.0
Precedence: list
Cc: alison.schofield@intel.com, keescook@chromium.org, ebiggers3@gmail.com,
 dhowells@redhat.com, keyrings@vger.kernel.org
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: linux-nvdimm-bounces@lists.01.org
Sender: "Linux-nvdimm" <linux-nvdimm-bounces@lists.01.org>

Series

Adding security support for nvdimm | expand

Commit Message

Dave Jiang Aug. 28, 2018, 10:47 p.m. UTC

Export lookup_user_key() symbol in order to allow nvdimm passphrase
update to retrieve user injected keys.

Signed-off-by: Dave Jiang <dave.jiang@intel.com>
Cc: David Howells <dhowells@redhat.com>
---
 include/linux/key.h          |    3 +++
 security/keys/internal.h     |    2 --
 security/keys/process_keys.c |    1 +
 3 files changed, 4 insertions(+), 2 deletions(-)

Comments

Dan Williams Sept. 21, 2018, 9:59 p.m. UTC | #1

On Tue, Aug 28, 2018 at 3:47 PM Dave Jiang <dave.jiang@intel.com> wrote:
>
> Export lookup_user_key() symbol in order to allow nvdimm passphrase
> update to retrieve user injected keys.
>
> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
> Cc: David Howells <dhowells@redhat.com>
> ---
>  include/linux/key.h          |    3 +++
>  security/keys/internal.h     |    2 --
>  security/keys/process_keys.c |    1 +
>  3 files changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/include/linux/key.h b/include/linux/key.h
> index e58ee10f6e58..7099985e35a9 100644
> --- a/include/linux/key.h
> +++ b/include/linux/key.h
> @@ -346,6 +346,9 @@ static inline key_serial_t key_serial(const struct key *key)
>
>  extern void key_set_timeout(struct key *, unsigned);
>
> +extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
> +                                key_perm_t perm);
> +
>  /*
>   * The permissions required on a key that we're looking up.
>   */
> diff --git a/security/keys/internal.h b/security/keys/internal.h
> index 9f8208dc0e55..9968b21a76dd 100644
> --- a/security/keys/internal.h
> +++ b/security/keys/internal.h
> @@ -158,8 +158,6 @@ extern struct key *request_key_and_link(struct key_type *type,
>
>  extern bool lookup_user_key_possessed(const struct key *key,
>                                       const struct key_match_data *match_data);
> -extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
> -                                key_perm_t perm);
>  #define KEY_LOOKUP_CREATE      0x01
>  #define KEY_LOOKUP_PARTIAL     0x02
>  #define KEY_LOOKUP_FOR_UNLINK  0x04
> diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
> index d5b25e535d3a..ec4fd4531224 100644
> --- a/security/keys/process_keys.c
> +++ b/security/keys/process_keys.c
> @@ -755,6 +755,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
>         put_cred(ctx.cred);
>         goto try_again;
>  }
> +EXPORT_SYMBOL(lookup_user_key);

This looks like a core api for affecting keyctl api internals, should
it be EXPORT_SYMBOL_GPL?

At a minimum this needs David's ack.

Dave Jiang Sept. 21, 2018, 10:02 p.m. UTC | #2

On 09/21/2018 02:59 PM, Dan Williams wrote:
> On Tue, Aug 28, 2018 at 3:47 PM Dave Jiang <dave.jiang@intel.com> wrote:
>>
>> Export lookup_user_key() symbol in order to allow nvdimm passphrase
>> update to retrieve user injected keys.
>>
>> Signed-off-by: Dave Jiang <dave.jiang@intel.com>
>> Cc: David Howells <dhowells@redhat.com>
>> ---
>>  include/linux/key.h          |    3 +++
>>  security/keys/internal.h     |    2 --
>>  security/keys/process_keys.c |    1 +
>>  3 files changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/include/linux/key.h b/include/linux/key.h
>> index e58ee10f6e58..7099985e35a9 100644
>> --- a/include/linux/key.h
>> +++ b/include/linux/key.h
>> @@ -346,6 +346,9 @@ static inline key_serial_t key_serial(const struct key *key)
>>
>>  extern void key_set_timeout(struct key *, unsigned);
>>
>> +extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
>> +                                key_perm_t perm);
>> +
>>  /*
>>   * The permissions required on a key that we're looking up.
>>   */
>> diff --git a/security/keys/internal.h b/security/keys/internal.h
>> index 9f8208dc0e55..9968b21a76dd 100644
>> --- a/security/keys/internal.h
>> +++ b/security/keys/internal.h
>> @@ -158,8 +158,6 @@ extern struct key *request_key_and_link(struct key_type *type,
>>
>>  extern bool lookup_user_key_possessed(const struct key *key,
>>                                       const struct key_match_data *match_data);
>> -extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
>> -                                key_perm_t perm);
>>  #define KEY_LOOKUP_CREATE      0x01
>>  #define KEY_LOOKUP_PARTIAL     0x02
>>  #define KEY_LOOKUP_FOR_UNLINK  0x04
>> diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
>> index d5b25e535d3a..ec4fd4531224 100644
>> --- a/security/keys/process_keys.c
>> +++ b/security/keys/process_keys.c
>> @@ -755,6 +755,7 @@ key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
>>         put_cred(ctx.cred);
>>         goto try_again;
>>  }
>> +EXPORT_SYMBOL(lookup_user_key);
> 
> This looks like a core api for affecting keyctl api internals, should
> it be EXPORT_SYMBOL_GPL?

Yes something I overlooked.

> 
> At a minimum this needs David's ack.
> 

David, can you please ACK? Thanks!

David Howells Sept. 21, 2018, 11:05 p.m. UTC | #3

Dan Williams <dan.j.williams@intel.com> wrote:

> This looks like a core api for affecting keyctl api internals, should
> it be EXPORT_SYMBOL_GPL?

No, it should be EXPORT_SYMBOL().  Let me look through the other patches.

David

David Howells Sept. 22, 2018, 12:01 a.m. UTC | #4

Dave Jiang <dave.jiang@intel.com> wrote:

> Export lookup_user_key() symbol in order to allow nvdimm passphrase
> update to retrieve user injected keys.
> 
> Signed-off-by: Dave Jiang <dave.jiang@intel.com>

Acked-by: David Howells <dhowells@redhat.com>

diff --git a/include/linux/key.h b/include/linux/key.h
index e58ee10f6e58..7099985e35a9 100644
--- a/include/linux/key.h
+++ b/include/linux/key.h
@@ -346,6 +346,9 @@  static inline key_serial_t key_serial(const struct key *key)
 
 extern void key_set_timeout(struct key *, unsigned);
 
+extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
+				 key_perm_t perm);
+
 /*
  * The permissions required on a key that we're looking up.
  */
diff --git a/security/keys/internal.h b/security/keys/internal.h
index 9f8208dc0e55..9968b21a76dd 100644
--- a/security/keys/internal.h
+++ b/security/keys/internal.h
@@ -158,8 +158,6 @@  extern struct key *request_key_and_link(struct key_type *type,
 
 extern bool lookup_user_key_possessed(const struct key *key,
 				      const struct key_match_data *match_data);
-extern key_ref_t lookup_user_key(key_serial_t id, unsigned long flags,
-				 key_perm_t perm);
 #define KEY_LOOKUP_CREATE	0x01
 #define KEY_LOOKUP_PARTIAL	0x02
 #define KEY_LOOKUP_FOR_UNLINK	0x04
diff --git a/security/keys/process_keys.c b/security/keys/process_keys.c
index d5b25e535d3a..ec4fd4531224 100644
--- a/security/keys/process_keys.c
+++ b/security/keys/process_keys.c
@@ -755,6 +755,7 @@  key_ref_t lookup_user_key(key_serial_t id, unsigned long lflags,
 	put_cred(ctx.cred);
 	goto try_again;
 }
+EXPORT_SYMBOL(lookup_user_key);
 
 /*
  * Join the named keyring as the session keyring if possible else attempt to

[v8,04/12] keys: export lookup_user_key to external users

Commit Message

Comments

Patch