lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 19 May 2021 11:18:35 -0400
From:   Paul Moore <paul@...l-moore.com>
To:     Kumar Kartikeya Dwivedi <memxor@...il.com>
Cc:     io-uring@...r.kernel.org, Pavel Emelyanov <xemul@...nvz.org>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Jens Axboe <axboe@...nel.dk>,
        Pavel Begunkov <asml.silence@...il.com>,
        Daniel Colascione <dancol@...gle.com>,
        Eric Biggers <ebiggers@...gle.com>,
        Lokesh Gidra <lokeshgidra@...gle.com>,
        linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 0/2] Create io_uring fd with ephemeral inode

On Wed, May 19, 2021 at 7:37 AM Kumar Kartikeya Dwivedi
<memxor@...il.com> wrote:
>
> This set converts io_uring to use secure anon_inodes (with a newly allocated
> non-S_PRIVATE inode) for each individual instance. In addition to allowing LSM
> modules to enforce policy using the inode context, it also enables
> checkpoint/restore usecases by allowing mapping the VMA to the open fd in a
> task. Offset is already available to determine rings mapped per region, so this
> was the only missing piece in establishing region <-> io_uring instance mapping.
>
> LSM tie up has been left out of this set for now.

This brings to light something I have been trying to resolve for a
little while now, but I have been finding it difficult to find the
necessary time due to competing priorities at work and in my personal
time.  While the patches in this patchset are a necessary dependency,
there are other issues which remain unresolved but which are now
public (although the problems were not buried very far in the first
place).  Further complicating things on my end is that the system with
my current work-in-progress patchset was taken offline two days ago
and my office is under renovations :/

Give me a day or two to get the patches off that system and I'll post
them here and we can start the process of kicking around solutions
that work for everyone.

-- 
paul moore
www.paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ