rxrpc: add rxrpc_sock_set_min_security_level

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Add a helper to directly set the RXRPC_MIN_SECURITY_LEVEL sockopt from
kernel space without going through a fake uaccess.

Thanks to David Howells for the documentation updates.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Acked-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Christoph Hellwig and committed by

David S. Miller 5 years ago 298cd88a 7d7207c2

+28 -6

4 changed files

expand all

Documentation

networking

rxrpc.rst

afs

rxrpc.c

include

net

af_rxrpc.h

net

rxrpc

af_rxrpc.c

+11 -2

Documentation/networking/rxrpc.rst

··· 477 477 Encrypted checksum plus packet padded and first eight bytes of packet 478 478 encrypted - which includes the actual packet length. 479 479 480 - (c) RXRPC_SECURITY_ENCRYPTED 480 + (c) RXRPC_SECURITY_ENCRYPT 481 481 482 482 Encrypted checksum plus entire packet padded and encrypted, including 483 483 actual packet length. ··· 578 578 This issues a request_key() to get the key representing the security 579 579 context. The minimum security level can be set:: 580 580 581 - unsigned int sec = RXRPC_SECURITY_ENCRYPTED; 581 + unsigned int sec = RXRPC_SECURITY_ENCRYPT; 582 582 setsockopt(client, SOL_RXRPC, RXRPC_MIN_SECURITY_LEVEL, 583 583 &sec, sizeof(sec)); 584 584 ··· 1089 1089 This sets the maximum lifespan on a call to hard_timeout (which is in 1090 1090 jiffies). In the event of the timeout occurring, the call will be 1091 1091 aborted and -ETIME or -ETIMEDOUT will be returned. 1092 + 1093 + (#) Apply the RXRPC_MIN_SECURITY_LEVEL sockopt to a socket from within in the 1094 + kernel:: 1095 + 1096 + int rxrpc_sock_set_min_security_level(struct sock *sk, 1097 + unsigned int val); 1098 + 1099 + This specifies the minimum security level required for calls on this 1100 + socket. 1092 1101 1093 1102 1094 1103 Configurable Parameters

+2 -4

fs/afs/rxrpc.c

··· 37 37 { 38 38 struct sockaddr_rxrpc srx; 39 39 struct socket *socket; 40 - unsigned int min_level; 41 40 int ret; 42 41 43 42 _enter(""); ··· 56 57 srx.transport.sin6.sin6_family = AF_INET6; 57 58 srx.transport.sin6.sin6_port = htons(AFS_CM_PORT); 58 59 59 - min_level = RXRPC_SECURITY_ENCRYPT; 60 - ret = kernel_setsockopt(socket, SOL_RXRPC, RXRPC_MIN_SECURITY_LEVEL, 61 - (void *)&min_level, sizeof(min_level)); 60 + ret = rxrpc_sock_set_min_security_level(socket->sk, 61 + RXRPC_SECURITY_ENCRYPT); 62 62 if (ret < 0) 63 63 goto error_2; 64 64

include/net/af_rxrpc.h

··· 72 72 void rxrpc_kernel_set_max_life(struct socket *, struct rxrpc_call *, 73 73 unsigned long); 74 74 75 + int rxrpc_sock_set_min_security_level(struct sock *sk, unsigned int val); 76 + 75 77 #endif /* _NET_RXRPC_H */

+13

net/rxrpc/af_rxrpc.c

··· 571 571 return ret; 572 572 } 573 573 574 + int rxrpc_sock_set_min_security_level(struct sock *sk, unsigned int val) 575 + { 576 + if (sk->sk_state != RXRPC_UNBOUND) 577 + return -EISCONN; 578 + if (val > RXRPC_SECURITY_MAX) 579 + return -EINVAL; 580 + lock_sock(sk); 581 + rxrpc_sk(sk)->min_sec_level = val; 582 + release_sock(sk); 583 + return 0; 584 + } 585 + EXPORT_SYMBOL(rxrpc_sock_set_min_security_level); 586 + 574 587 /* 575 588 * set RxRPC socket options 576 589 */