From: Jens Axboe <[email protected]>
To: Paul Moore <[email protected]>,
Hamza Mahfooz <[email protected]>
Cc: "James Morris" <[email protected]>,
"Serge E. Hallyn" <[email protected]>,
"Pavel Begunkov" <[email protected]>,
"Stephen Smalley" <[email protected]>,
"Ondrej Mosnacek" <[email protected]>,
"Thiébaud Weksteen" <[email protected]>,
"Christian Göttsche" <[email protected]>,
"Bram Bonné" <[email protected]>,
"Masahiro Yamada" <[email protected]>,
[email protected], [email protected],
[email protected], [email protected]
Subject: Re: [PATCH v3 1/2] io_uring: refactor io_uring_allowed()
Date: Fri, 7 Feb 2025 14:54:56 -0700 [thread overview]
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
On 2/7/25 2:42 PM, Paul Moore wrote:
> On Jan 27, 2025 Hamza Mahfooz <[email protected]> wrote:
>>
>> Have io_uring_allowed() return an error code directly instead of
>> true/false. This is needed for follow-up work to guard io_uring_setup()
>> with LSM.
>>
>> Cc: Jens Axboe <[email protected]>
>> Signed-off-by: Hamza Mahfooz <[email protected]>
>> ---
>> io_uring/io_uring.c | 21 ++++++++++++++-------
>> 1 file changed, 14 insertions(+), 7 deletions(-)
>>
>> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
>> index 7bfbc7c22367..c2d8bd4c2cfc 100644
>> --- a/io_uring/io_uring.c
>> +++ b/io_uring/io_uring.c
>> @@ -3789,29 +3789,36 @@ static long io_uring_setup(u32 entries, struct io_uring_params __user *params)
>> return io_uring_create(entries, &p, params);
>> }
>>
>> -static inline bool io_uring_allowed(void)
>> +static inline int io_uring_allowed(void)
>> {
>> int disabled = READ_ONCE(sysctl_io_uring_disabled);
>> kgid_t io_uring_group;
>>
>> if (disabled == 2)
>> - return false;
>> + return -EPERM;
>>
>> if (disabled == 0 || capable(CAP_SYS_ADMIN))
>> - return true;
>> + goto allowed_lsm;
>
> I'd probably just 'return 0;' here as the "allowed_lsm" goto label
> doesn't make a lot of sense until patch 2/2, but otherwise this
> looks okay to me.
Agree, get rid of this unnecessary goto.
> Jens, are you okay with this patch? If yes, can we get an ACK from you?
With that change, yep I'm fine with both of these and you can add my
acked-by to them.
--
Jens Axboe
next prev parent reply other threads:[~2025-02-07 21:54 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-27 15:57 [PATCH v3 1/2] io_uring: refactor io_uring_allowed() Hamza Mahfooz
2025-01-27 15:57 ` [PATCH v3 2/2] lsm,io_uring: add LSM hooks for io_uring_setup() Hamza Mahfooz
2025-01-27 17:18 ` Casey Schaufler
2025-01-27 21:23 ` Paul Moore
2025-01-28 0:23 ` Casey Schaufler
2025-01-28 22:35 ` Paul Moore
2025-01-29 0:02 ` Casey Schaufler
2025-01-30 17:15 ` Paul Moore
2025-02-07 21:42 ` Paul Moore
2025-02-07 21:53 ` Hamza Mahfooz
2025-02-07 21:42 ` [PATCH v3 1/2] io_uring: refactor io_uring_allowed() Paul Moore
2025-02-07 21:54 ` Jens Axboe [this message]
2025-02-07 22:21 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
[email protected] \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox