Re: [PATCH 4/5] AF_RXRPC: Key facility changes for AF_RXRPC [try #2]

From: David Howells <dhowells@xxxxxxxxxx>
Date: Fri, 16 Mar 2007 14:15:46 +0000

Christoph Hellwig <hch@xxxxxxxxxxxxx> wrote:

You wrote the code so there must be some reason for this, but these
changes look rather odd to me :)

The union is for use by the type in any way it sees fit, but it may not want to
use it as a list_head. So all I've done is to make it available as a pair of
arbitrary pointers or a pair of arbitrary numbers.

Maybe a better way would be to have an overlay struct that's private to the
type, sort of how sk_buff::cb works.

Having a type exported is really odd, how is this supposed to be a public API?

Keyrings are a special type.

It occurred to me whilst doing this that the best way to achieve what I wanted
was by dealing with rings of keys. What I needed was for the server app to
give the kernel a key for each security type it wanted to support, which the
kernel would then have to retain. It seems natural to use a keyring to do the
retension as that's its purpose.

Another way to look at it is that in the client I need just one key at once,
and I can get that from the process as it's setting up the connection.
However, in the server I need to have several keys, and I need them available
up front because the server app doesn't set up a connection, the kernel does,
and it needs the keys immediately.

I'll add a mention to Documentation/keys.txt to record this exportation.

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

References:
- Re: [PATCH 4/5] AF_RXRPC: Key facility changes for AF_RXRPC [try #2]
  - From: Christoph Hellwig
- [PATCH 0/5] [RFC] AF_RXRPC socket family implementation [try #2]
  - From: David Howells
- [PATCH 4/5] AF_RXRPC: Key facility changes for AF_RXRPC [try #2]
  - From: David Howells

Prev by Date: Re: [PATCH 0/5] [RFC] AF_RXRPC socket family implementation [try #2]
Next by Date: Re: [PATCH 1/5] AF_RXRPC: Add blkcipher accessors for using kernel data directly [try #2]
Previous by thread: Re: [PATCH 4/5] AF_RXRPC: Key facility changes for AF_RXRPC [try #2]
Next by thread: [PATCH 2/5] AF_RXRPC: Move generic skbuff stuff from XFRM code to generic code [try #2]
Index(es):
- Date
- Thread

Relevant Pages

Re: Solaris ssh pam_krb
... The kernel needs to know keys for encrypting ... We're planning on per-filesystem keys, too, so there's no ... from PAG management. ... rudimentary access controls for PAG mappings. ...
(comp.protocols.kerberos)
Re: [PATCH RESEND 1/1] crypto API: RSA algorithm patch (kernel version 2.6.20.1)
... I mean, you can't mess with the bzImage on flash, the secure bootloader ... Depends on what you consider an exploitable bug. ... then you must make very sure that all possible ways to modify kernel ... So design it for symmetric keys. ...
(Linux-Kernel)
RFC: Suspend-to-ram cold boot protection by encrypting page cache
... This means that any encryption keys ... either in kernel memory or in the page cache, as well as any other data ... it to the kernel to use to decrypt the page cache. ...
(Linux-Kernel)
Re: 2.6.22.1: hang with forcedeth driver?
... I have had few total hangs with 2.6.22.1 kernel. ... freezes and nothing works (SysRq keys, ... once with high network fs activity). ... using the built in ethernet with forcedeth driver. ...
(Linux-Kernel)
Re: Question regarding security programming newsgroups
... initiates a key exchnage and so does B, so now B gets a request from ... when you write A->B - do you mean that A has keys with B? ... connection to B. With B->A I mean, that A has keys with B, because ... kernel, like the Linux kernel or some BSD kernel. ...
(comp.security.misc)