korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-26 05:34:13 +08:00
Code Issues Packages Projects Releases Wiki Activity
1,123,125 Commits 113 Branches 5,292 Tags 3.5 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
865b0566d8
Go to file
Roberto Sassu 865b0566d8 bpf: Add bpf_verify_pkcs7_signature() kfunc 
Add the bpf_verify_pkcs7_signature() kfunc, to give eBPF security modules
the ability to check the validity of a signature against supplied data, by
using user-provided or system-provided keys as trust anchor.

The new kfunc makes it possible to enforce mandatory policies, as eBPF
programs might be allowed to make security decisions only based on data
sources the system administrator approves.

The caller should provide the data to be verified and the signature as eBPF
dynamic pointers (to minimize the number of parameters) and a bpf_key
structure containing a reference to the keyring with keys trusted for
signature verification, obtained from bpf_lookup_user_key() or
bpf_lookup_system_key().

For bpf_key structures obtained from the former lookup function,
bpf_verify_pkcs7_signature() completes the permission check deferred by
that function by calling key_validate(). key_task_permission() is already
called by the PKCS#7 code.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Acked-by: KP Singh <kpsingh@kernel.org>
Acked-by: Song Liu <song@kernel.org>
Link: https://lore.kernel.org/r/20220920075951.929132-9-roberto.sassu@huaweicloud.com
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
2022-09-21 17:32:49 -07:00
arch bpf: Move bpf_dispatcher function out of ftrace locations 2022-09-16 22:23:20 +02:00
block block-6.0-2022-08-26 2022-08-26 11:05:54 -07:00
certs Kbuild updates for v5.20 2022-08-10 10:40:41 -07:00
crypto crypto: blake2b: effectively disable frame size warning 2022-08-10 17:59:11 -07:00
Documentation bpf: Use bpf_capable() instead of CAP_SYS_ADMIN for blinding decision 2022-09-16 22:11:57 +02:00
drivers net: moxa: fix endianness-related issues from 'sparse' 2022-09-06 10:24:42 +02:00
fs Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-09-01 12:58:02 -07:00
include bpf: Add bpf_lookup_*_key() and bpf_key_put() kfuncs 2022-09-21 17:32:49 -07:00
init arm64 fixes for -rc3 2022-08-26 11:32:53 -07:00
io_uring lsm/stable-6.0 PR 20220829 2022-08-31 09:23:16 -07:00
ipc Updates to various subsystems which I help look after. lib, ocfs2, 2022-08-07 10:03:24 -07:00
kernel bpf: Add bpf_verify_pkcs7_signature() kfunc 2022-09-21 17:32:49 -07:00
lib This push fixes a boot performance regression due to an unnecessary 2022-08-31 09:47:06 -07:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm slab fixes for 6.0-rc4 2022-09-01 09:14:56 -07:00
net bpf: Move nf_conn extern declarations to filter.h 2022-09-20 14:41:35 -07:00
samples samples/bpf: Replace blk_account_io_done() with __blk_account_io_done() 2022-09-20 17:25:59 -07:00
scripts Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2022-09-06 23:21:18 +02:00
security KEYS: Move KEY_LOOKUP_ to include/linux/key.h and define KEY_LOOKUP_ALL 2022-09-21 17:32:48 -07:00
sound ALSA: usb-audio: Add quirk for LH Labs Geek Out HD Audio 1V5 2022-08-28 09:42:14 +02:00
tools bpf: Move dynptr type check to is_dynptr_type_expected() 2022-09-21 17:32:48 -07:00
usr Not a lot of material this cycle. Many singleton patches against various 2022-05-27 11:22:03 -07:00
virt KVM: Drop unnecessary initialization of "ops" in kvm_ioctl_create_device() 2022-08-19 04:05:43 -04:00
.clang-format PCI/DOE: Add DOE mailbox support functions 2022-07-19 15:38:04 -07:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore kbuild: split the second line of *.mod into *.usyms 2022-05-08 03:16:59 +09:00
.mailmap .mailmap: update Luca Ceresoli's e-mail address 2022-08-28 14:02:46 -07:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS drm for 5.20/6.0 2022-08-03 19:52:08 -07:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS net: pcs: add new PCS driver for altera TSE PCS 2022-09-05 10:16:53 +01:00
Makefile Linux 6.0-rc3 2022-08-28 15:05:29 -07:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.