public inbox for [email protected]
 help / color / mirror / Atom feed
From: Joel Granados <[email protected]>
To: Christoph Hellwig <[email protected]>
Cc: <[email protected]>, <[email protected]>, <[email protected]>,
	<[email protected]>, <[email protected]>,
	<[email protected]>, <[email protected]>,
	<[email protected]>
Subject: Re: [RFC v2 1/1] Use a fs callback to set security specific data
Date: Wed, 30 Nov 2022 22:29:36 +0100	[thread overview]
Message-ID: <20221130212936.drfqjdiq6vic3cdc@localhost> (raw)
In-Reply-To: <[email protected]>

[-- Attachment #1: Type: text/plain, Size: 2020 bytes --]

On Tue, Nov 29, 2022 at 06:24:00AM -0800, Christoph Hellwig wrote:
> This seems to be missing any kind of changelog.  Also the
> subject should say file_operations.  Most of the instances here are
> not in a file system, and they most certainly aren't callbacks.
> 
> I think you've also missed a whole lot of maintainers.
> 
> > +#include "linux/security.h"
> 
> That's now how we include kernel-wide headers.
> 
> >  #include <linux/blkdev.h>
> >  #include <linux/blk-mq.h>
> >  #include <linux/blk-integrity.h>
> > @@ -3308,6 +3309,13 @@ static int nvme_dev_release(struct inode *inode, struct file *file)
> >  	return 0;
> >  }
> >  
> > +int nvme_uring_cmd_sec(struct io_uring_cmd *ioucmd,  struct security_uring_cmd *sec)
> 
> Douple white space and overly long line.
> 
> > +{
> > +	sec->flags = 0;
> > +	sec->flags = SECURITY_URING_CMD_TYPE_IOCTL;
> 
> Double initialization of ->flags.  But how is this supposed to work
> to start with?

This RFC is meant to see how different solutions may play out. I'm not
trying to push anything through yet. Just testing the waters to see what
sticks and what people think about certain approaches. Should have
mentioned that in my cover letter.

My idea was to bring all relevant maintainers into the conversation once
I had a more clear idea on what needed to be done and how I would do it.

Since the patch is just a discussion piece, it is riddled with errors
like the ones you pointed out.

The idea with this second version is to add a security uring callback to
the already existing ones in the file_operations structure. This new
callback will fill in a security struct that will contain all the data
needed for the LSMs to do their thing. This callback can be protected by
an 'ifdef' for performance purposes.

There is a third proposal by Ming Lei that uses the io_uring_sqe struct
to embed io_uring type information. In my todo list I have a task to
implement this and present it as a third option.

best
Joel

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]

      reply	other threads:[~2022-11-30 21:29 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CGME20221122103536eucas1p2a0bc5ebdf063715f063e5b6254d0b058@eucas1p2.samsung.com>
2022-11-22 10:31 ` [RFC v2 0/1] RFC on how to include LSM hooks for io_uring commands Joel Granados
     [not found]   ` <CGME20221122103536eucas1p28f1c88f2300e49942c789721fe70c428@eucas1p2.samsung.com>
2022-11-22 10:31     ` [RFC v2 1/1] Use a fs callback to set security specific data Joel Granados
2022-11-22 15:18       ` Casey Schaufler
2022-11-28  8:19         ` Joel Granados
2022-11-28  9:06           ` Joel Granados
2022-11-23 21:02       ` Paul Moore
2022-11-28  9:27         ` Joel Granados
2022-11-29 14:24       ` Christoph Hellwig
2022-11-30 21:29         ` Joel Granados [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221130212936.drfqjdiq6vic3cdc@localhost \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    [email protected] \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox