On Tue, Mar 08, 2022 at 08:50:51PM +0530, Kanchan Joshi wrote:
> From: Jens Axboe <axboe@xxxxxxxxx>
>
> This is a file private kind of request. io_uring doesn't know what's
> in this command type, it's for the file_operations->async_cmd()
> handler to deal with.
>
> Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
> Signed-off-by: Kanchan Joshi <joshi.k@xxxxxxxxxxx>
> ---
<-- snip -->
> +static int io_uring_cmd(struct io_kiocb *req, unsigned int issue_flags)
> +{
> + struct file *file = req->file;
> + int ret;
> + struct io_uring_cmd *ioucmd = &req->uring_cmd;
> +
> + ioucmd->flags |= issue_flags;
> + ret = file->f_op->async_cmd(ioucmd);
I think we're going to have to add a security_file_async_cmd() check
before this call here. Because otherwise we're enabling to, for
example, bypass security_file_ioctl() for example using the new
iouring-cmd interface.
Or is this already thought out with the existing security_uring_*() stuff?
Luis
