On Mon, Jul 18, 2022 at 05:52:01PM -0400, Paul Moore wrote: >On Mon, Jul 18, 2022 at 1:12 PM Casey Schaufler wrote: >> On 7/15/2022 8:33 PM, Paul Moore wrote: >> > On Fri, Jul 15, 2022 at 3:52 PM Paul Moore wrote: >> >> On Fri, Jul 15, 2022 at 3:28 PM Jens Axboe wrote: >> >>> On 7/15/22 1:16 PM, Luis Chamberlain wrote: >> >>>> io-uring cmd support was added through ee692a21e9bf ("fs,io_uring: >> >>>> add infrastructure for uring-cmd"), this extended the struct >> >>>> file_operations to allow a new command which each subsystem can use >> >>>> to enable command passthrough. Add an LSM specific for the command >> >>>> passthrough which enables LSMs to inspect the command details. >> >>>> >> >>>> This was discussed long ago without no clear pointer for something >> >>>> conclusive, so this enables LSMs to at least reject this new file >> >>>> operation. >> >>> From an io_uring perspective, this looks fine to me. It may be easier if >> >>> I take this through my tree due to the moving of the files, or the >> >>> security side can do it but it'd have to then wait for merge window (and >> >>> post io_uring branch merge) to do so. Just let me know. If done outside >> >>> of my tree, feel free to add: >> > I forgot to add this earlier ... let's see how the timing goes, I >> > don't expect the LSM/Smack/SELinux bits to be ready and tested before >> > the merge window opens so I'm guessing this will not be an issue in >> > practice, but thanks for the heads-up. >> >> I have a patch that may or may not be appropriate. I ran the >> liburing tests without (additional) failures, but it looks like >> there isn't anything there testing uring_cmd. Do you have a >> test tucked away somewhere I can use? Earlier testing was done using fio. liburing tests need a formal review in list. Tree is here - https://github.com/ankit-sam/liburing/tree/uring-pt It adds new "test/io_uring_passthrough.t", which can be run this way: ./test/io_uring_passthrough.t /dev/ng0n1 Requires nvme device (/dev/ng0n1). And admin-access as well, as this is raw open. FWIW, each passthrough command (at nvme driver level) is also guarded by admin-access. Ankit (CCed) has the plans to post it (will keep you guys in loop) after bit more testing with 5.20 branch. >All I have at the moment is the audit-testsuite io_uring test (link >below) which is lacking a test for the io_uring CMD command. I plan >on adding that, but I haven't finished the SELinux patch yet. > >* https://protect2.fireeye.com/v1/url?k=9cb2caea-fd39dfd9-9cb341a5-000babff9bb7-e1f9086bae09b852&q=1&e=b1985274-4644-447d-be8c-16f520cadbd9&u=https%3A%2F%2Fgithub.com%2Flinux-audit%2Faudit-testsuite%2Ftree%2Fmain%2Ftests%2Fio_uring > >(Side note: there will be a SELinux io_uring test similar to the >audit-testsuite test, but that effort was delayed due to lack of >io_uring support in the Fedora policy for a while; it's working now, >but the SELinux/SCTP issues have been stealing my time lately.)