Re: [PATCH] Smack: Provide read control for io_uring_cmd

Paul Moore <paul@xxxxxxxxxxxxxx> · Fri, 26 Aug 2022 11:15:41 -0400

On Tue, Aug 23, 2022 at 8:07 PM Jens Axboe <axboe@xxxxxxxxx> wrote:
> On 8/23/22 6:05 PM, Paul Moore wrote:
> > On Tue, Aug 23, 2022 at 7:46 PM Casey Schaufler <casey@xxxxxxxxxxxxxxxx> wrote:
> >>
> >> Limit io_uring "cmd" options to files for which the caller has
> >> Smack read access. There may be cases where the cmd option may
> >> be closer to a write access than a read, but there is no way
> >> to make that determination.
> >>
> >> Signed-off-by: Casey Schaufler <casey@xxxxxxxxxxxxxxxx>
> >> --
> >>  security/smack/smack_lsm.c | 32 ++++++++++++++++++++++++++++++++
> >>  1 file changed, 32 insertions(+)
> >>
> >> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> >> index 001831458fa2..bffccdc494cb 100644
> >> --- a/security/smack/smack_lsm.c
> >> +++ b/security/smack/smack_lsm.c
> >
> > ...
> >
> >> @@ -4732,6 +4733,36 @@ static int smack_uring_sqpoll(void)
> >>         return -EPERM;
> >>  }
> >>
> >> +/**
> >> + * smack_uring_cmd - check on file operations for io_uring
> >> + * @ioucmd: the command in question
> >> + *
> >> + * Make a best guess about whether a io_uring "command" should
> >> + * be allowed. Use the same logic used for determining if the
> >> + * file could be opened for read in the absence of better criteria.
> >> + */
> >> +static int smack_uring_cmd(struct io_uring_cmd *ioucmd)
> >> +{
> >> +       struct file *file = ioucmd->file;
> >> +       struct smk_audit_info ad;
> >> +       struct task_smack *tsp;
> >> +       struct inode *inode;
> >> +       int rc;
> >> +
> >> +       if (!file)
> >> +               return -EINVAL;
> >
> > Perhaps this is a better question for Jens, but ioucmd->file is always
> > going to be valid when the LSM hook is called, yes?
>
> file will always be valid for uring commands, as they are marked as
> requiring a file. If no valid fd is given for it, it would've been
> errored early on, before reaching f_op->uring_cmd().

Hey Casey, where do things stand with this patch?  To be specific, did
you want me to include this in the lsm/stable-6.0 PR for Linus or are
you planning to send it separately?  If you want me to send it up, are
you planning another revision?

There is no right or wrong answer here as far as I'm concerned, I'm
just trying to make sure we are all on the same page.

-- 
paul-moore.com