From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id CBB38ECAAA3 for ; Fri, 26 Aug 2022 19:04:26 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237904AbiHZTEZ (ORCPT ); Fri, 26 Aug 2022 15:04:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39818 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234932AbiHZTEY (ORCPT ); Fri, 26 Aug 2022 15:04:24 -0400 Received: from sonic302-28.consmr.mail.ne1.yahoo.com (sonic302-28.consmr.mail.ne1.yahoo.com [66.163.186.154]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9E7FEA5721 for ; Fri, 26 Aug 2022 12:04:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1661540662; bh=HW5ESJ2d1TlmAjTGj+fat2LUGkojEU6yBDOJ7Q+hUFk=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From:Subject:Reply-To; b=AnU9izwkij3a3nom9IeVLo+yu1pUiKkoOmlPeVO34o+S1ntF80vFQdBEe7xaMFPPlq7MgTVmFjxX6k/awIv2xnG8Cb6/maGSkG/03s8vPsU9Z1H1nyMqAr/UW8e/7k74TOzRl5o5/3O6Ng5qP34z3g0pPKvdy6M4IwPzkSRe6hGQML/BNbBSjZ4XpKmOlhcpjBqSAiskq1/W3LhboojPcXCudhqZ383gnKvDNr+Iq77nDHBbsKKbOk65XloGwy3ePRFuzRVhb1Huz5CNGh9qlSzhZY21jNf8rSFNrOUzm7GHp0WXQJLHY3CHTeI44CcFeUpOCeOz3Sb37uSWVX6Okg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1661540662; bh=a+atSZG+SfVIqt3Np/4cvmDTf6RlNi9o4j/h/6D79+m=; h=X-Sonic-MF:Date:Subject:To:From:From:Subject; b=lgYZ1DrIzF4fVX1rLtOhqCrvvT+HopJHUivjnTpcy4B3ERBCdcXGf1kb2bVbVZUloNfz8pGUAkRK5qfpH/ZkslGAeTWP20RPyiFk/uDdXZTM0tVpOJLTBFMj1rDMMQDLQHLTInCvMsVxrHpK+EmhwklIv36pd1qlEueXXs70e4oIaZK9NgafTKvDESQeRyLxlQXOv8d/jV+ck4X+l9/COzO/iSzcabfxBUWkUPyBLhXzt0yy0oo4l3239m6P6I4W0YV9AR+QMWjKVX9nwvpvMyUcoZ3rQJ5brsAKPiV7VgLLgAPJjF7IthjbMmABJexgyzHHXBbRHF42Id1t3phTVA== X-YMail-OSG: yjD.CwkVM1kH6eE6L0MBwxBpy4YlrkkR458Ienrk3kdDQ.3uFyT_bPlH6kst6f1 5_ccvHJojfSugHmxDxpZouCOCXy54UZATnKu2m69XE6pQPPpavLB.Ue7slL3S_92x11F6axE8R6d Kbwi29hldNstyGr4Lgb.iSxObzsro1wpYZknrHO_T6fBXKyHD6VuRvmlrgzaHntRT_6jmcLic9vE qq0XhSak.tepkwlxfKiVMsRPGfylk.o56t86Tmzv_PvQlnBHMENKyYjP1IrhZp8ohWTUVgYthL1O D.Vh9OavB4Ify4kwTgdpbXEvm6S0m.e0fHE1u6aB5fAiwEx7pqkJeG4z87BezPJIAIiNDiRmKtvI yB1aioYpYaGjZYc_.BOZLqaKcCDoXmSYiTyX1OV_VA532UaysNSPX9hCYmR2muKl5XHW1knafCPS 0JxTgROB4GCSsDKP8MCBfi3_5sXRkAL.gK3BnItUhddLg9bHz9YBo.KuaqIoKfvaWbrQPaAF5gUe RxfNDguZXGH_Cf5uCjNLoYERrKyXbY1cwY7_B5BvxHw9Lcybw6hh8IKBMANeL8_nLu7UhXAG2fSM aiNeAD6O99D51vC43s5btbm8Z3NQ7CF1lMUfQPMfJsdYWtrpjTjKQajLLjjDqn1J1u3UU4f6pYKO oLn88rTAoTWjHlQXl2DHs3fBO8ifrWWzTWLqGyKUg69qLErau9QpL3alOMwXG35_Tstmmg6Ahooo sqReOMBZrd3o18cmkbWcjoa0kmo5DSAKXLCQLcBvQ4T77ajpD7MEBu0xfkr8E0zPGBKqCs9a.4wx kLkoSYZEblGcXCbMbhlaGeR6MI2CZKYi4o2OL01U9DhHnGz_aie8DWpRpzHTvNiVHgEZaLmVN_Od iCazWRgm04c_JiRfYxgW1mbDB7IXOuqsWPuof6u_meelsHx91oNEYli0XpHpmHJtbB7qDXarcDf3 AiIksVqXMA5tp0XsUsIhZDH6QkEmGPWJrhhr7_qmIslvgDBcYW7utC0GiAgza2NrFYMBQ9txvirC yyZGkAvt3.qe03Li5CuI60kK1_pUAtik2yTgEOJQqeshRG1hWFeDRRjqb.Ft9lEYxe21jx3rSmNc 63do.9mSIgJsVOE2zOvpiQMAFuS7U41HzFM7CvjE5qgin1AAh_NPoK.bdYPdG3AW6hLbU8M4wqWV 3cfsACMcHU438vWdYlPDQk6WMNHDbQcOggLJa1r1aIEcl7Lu2q1_1kMxNjxe_9AOR2VOAjFP9oE. zD.5XBlj9IKw57c0p6IqkvMCAjzqLjoAGZFED1rSv5XBrf76vPs6wF06UdCwBTzJKDQD46Pq.T1F ElEwSouO2HD1YWpfIClGYfSCDWiSRV1XlpG6qCYK01pZNMPiPYVoOsWHD1NgXnZvVtzOJpekSXWA iRtZzMMKSaq8OqOh.MdgPoLN8u0DA_mTqWguRr6D9r94Wvh39pxYJcUpcKErHdEl4GC.XWR_5frM JZz8X_dMVvHzg995Ls8YxVWWnQgun1hkPqmnO1UAE3k8YCT7uwwUXeS19oD1Yhy1xgVL92bOQR6J spynAnYliHm2g_xONBOIZqL16lpKOwZ.j8M_RkWakrfeInQJli_qMNA9ZcXgm1ldJ3yVc2Ng73fR x2a5AhnTl2pZtXQPDQgyFhxjFySXobjTmV03Q4mlo6JXDZ0qTwG4Jglj_iFoLYqFSmTu2RJHWQux 9sv9fJuxX1ctWx2frPk9UeZC7Ytp5POWaONE__TmpPLUijUmwXpHgSfLnJvFLlWRnkkJLFWrwOza i1P7ygCopTAdrgWdfAok0yzYU.LqgBzjJMm1k.PNE40M_Jc_AgM9f7yyIV6A6nCKxcfKPxwvFBfX Y8p_MN4HvIn2IsZrw1FcqWabdc5zENumRBBrOpUnoHAC3BNAXcYBFGL_P7ezJVgiky1K78fi1.ho 4t43SHYunHG_qR_ip_.6M6NDcW9RlMnqNgZYn40qqqnVAxXMLpBJ5dCRbJF3ZUOjkjhgHb_A.gT7 gqv5SJhgjakH2EyUsY3DhLtnxkLntGVzWYJr0kSI2oW4VkRco0GRrvdjC5FhN_nDCrY18a.YZdz6 YhMSgeJ5iK6Ib_FhcZh.hWAHg7L01mNVo37SOnBME1.0YRgWk47stUCuDIAHqiwe5SxlQ4zmgNW2 Hm3yIylqUqp9j8YjJLRn7kkkupPMjB_TBpSc636Z6lZM5tKABkohggcO4.BWS3WnkzFqQKmW5CjA zQEDX70yZya7LS9FVyy2dx_bZu56CA_GlgGDYICstRl5swTB3cJUtlxqyFmGQXWQfuPKSP1GwC.h j_tmPgSsMMoqj2kr7dwbQlg-- X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Fri, 26 Aug 2022 19:04:22 +0000 Received: by hermes--production-ne1-6649c47445-zmkqs (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID 0f833e2dbebcb0f01cf2b23fd6dfff04; Fri, 26 Aug 2022 19:04:20 +0000 (UTC) Message-ID: <537daae0-606c-3db4-59dc-2165cc4d212c@schaufler-ca.com> Date: Fri, 26 Aug 2022 12:04:19 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.12.0 Subject: Re: [PATCH] Smack: Provide read control for io_uring_cmd Content-Language: en-US To: Paul Moore Cc: Jens Axboe , Ankit Kumar , io-uring@vger.kernel.org, joshi.k@samsung.com, casey@schaufler-ca.com References: <20220719135234.14039-1-ankit.kumar@samsung.com> <116e04c2-3c45-48af-65f2-87fce6826683@schaufler-ca.com> <83a121d5-a2ec-197b-708c-9ea2f9d0bd6a@schaufler-ca.com> <2e6b56cf-d04b-6537-62f4-a4cb0191172a@kernel.dk> From: Casey Schaufler In-Reply-To: Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Mailer: WebService/1.1.20595 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Precedence: bulk List-ID: X-Mailing-List: io-uring@vger.kernel.org On 8/26/2022 11:59 AM, Paul Moore wrote: > On Fri, Aug 26, 2022 at 12:53 PM Casey Schaufler wrote: >> On 8/26/2022 8:15 AM, Paul Moore wrote: >>> On Tue, Aug 23, 2022 at 8:07 PM Jens Axboe wrote: >>>> On 8/23/22 6:05 PM, Paul Moore wrote: >>>>> On Tue, Aug 23, 2022 at 7:46 PM Casey Schaufler wrote: >>>>>> Limit io_uring "cmd" options to files for which the caller has >>>>>> Smack read access. There may be cases where the cmd option may >>>>>> be closer to a write access than a read, but there is no way >>>>>> to make that determination. >>>>>> >>>>>> Signed-off-by: Casey Schaufler >>>>>> -- >>>>>> security/smack/smack_lsm.c | 32 ++++++++++++++++++++++++++++++++ >>>>>> 1 file changed, 32 insertions(+) >>>>>> >>>>>> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c >>>>>> index 001831458fa2..bffccdc494cb 100644 >>>>>> --- a/security/smack/smack_lsm.c >>>>>> +++ b/security/smack/smack_lsm.c >>>>> ... >>>>> >>>>>> @@ -4732,6 +4733,36 @@ static int smack_uring_sqpoll(void) >>>>>> return -EPERM; >>>>>> } >>>>>> >>>>>> +/** >>>>>> + * smack_uring_cmd - check on file operations for io_uring >>>>>> + * @ioucmd: the command in question >>>>>> + * >>>>>> + * Make a best guess about whether a io_uring "command" should >>>>>> + * be allowed. Use the same logic used for determining if the >>>>>> + * file could be opened for read in the absence of better criteria. >>>>>> + */ >>>>>> +static int smack_uring_cmd(struct io_uring_cmd *ioucmd) >>>>>> +{ >>>>>> + struct file *file = ioucmd->file; >>>>>> + struct smk_audit_info ad; >>>>>> + struct task_smack *tsp; >>>>>> + struct inode *inode; >>>>>> + int rc; >>>>>> + >>>>>> + if (!file) >>>>>> + return -EINVAL; >>>>> Perhaps this is a better question for Jens, but ioucmd->file is always >>>>> going to be valid when the LSM hook is called, yes? >>>> file will always be valid for uring commands, as they are marked as >>>> requiring a file. If no valid fd is given for it, it would've been >>>> errored early on, before reaching f_op->uring_cmd(). >>> Hey Casey, where do things stand with this patch? To be specific, did >>> you want me to include this in the lsm/stable-6.0 PR for Linus or are >>> you planning to send it separately? If you want me to send it up, are >>> you planning another revision? >>> >>> There is no right or wrong answer here as far as I'm concerned, I'm >>> just trying to make sure we are all on the same page. >> I think the whole LSM fix for io_uring looks better the more complete >> it is. I don't see the Smack check changing until such time as there's >> better information available to make decisions upon. If you send it along >> with the rest of the patch set I think we'll have done our best. > Okay, will do. Would you like me to tag the patch with the 'Fixes:' > and stable tags, similar to the LSM and SELinux patches? Yes, I think that's best.