| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 16 Jan 2024 12:46:13 -0500
From: Jeff Moyer <jmoyer@...hat.com>
To: Subramanya Swamy <subramanya.swamy.linux@...il.com>
Cc: corbet@....net, axboe@...nel.dk, asml.silence@...il.com,
ribalda@...omium.org, rostedt@...dmis.org, bhe@...hat.com,
akpm@...ux-foundation.org, matteorizzo@...gle.com, ardb@...nel.org,
alexghiti@...osinc.com, linux-doc@...r.kernel.org,
linux-kernel@...r.kernel.org, io-uring@...r.kernel.org
Subject: Re: [PATCH] iouring:added boundary value check for io_uring_group
systl
Subramanya Swamy <subramanya.swamy.linux@...il.com> writes:
> /proc/sys/kernel/io_uring_group takes gid as input
> added boundary value check to accept gid in range of
> 0<=gid<=4294967294 & Documentation is updated for same
Thanks for the patch. You're right, the current code artificially
limits the maximum group id.
> Signed-off-by: Subramanya Swamy <subramanya.swamy.linux@...il.com>
> ---
> Documentation/admin-guide/sysctl/kernel.rst | 9 ++++-----
> io_uring/io_uring.c | 8 ++++++--
> 2 files changed, 10 insertions(+), 7 deletions(-)
>
> diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst
> index 6584a1f9bfe3..3f96007aa971 100644
> --- a/Documentation/admin-guide/sysctl/kernel.rst
> +++ b/Documentation/admin-guide/sysctl/kernel.rst
> @@ -469,11 +469,10 @@ shrinks the kernel's attack surface.
> io_uring_group
> ==============
>
> -When io_uring_disabled is set to 1, a process must either be
> -privileged (CAP_SYS_ADMIN) or be in the io_uring_group group in order
> -to create an io_uring instance. If io_uring_group is set to -1 (the
> -default), only processes with the CAP_SYS_ADMIN capability may create
> -io_uring instances.
> +When io_uring_disabled is set to 1, only processes with the
> +CAP_SYS_ADMIN may create io_uring instances or process must be in the
> +io_uring_group group in order to create an io_uring_instance.
> +io_uring_group is set to 0.This is the default setting.
You are changing the default from an invalid group to the root group. I
guess that's ok, but I'd rather keep it the way it is. The text is a
bit repetitive. Why not just this?
"When io_uring_disabled is set to 1, a process must either be
privileged (CAP_SYS_ADMIN) or be in the io_uring_group group in order
to create an io_uring instance."
> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
> index 09b6d860deba..0ed91b69643d 100644
> --- a/io_uring/io_uring.c
> +++ b/io_uring/io_uring.c
> @@ -146,7 +146,9 @@ static void io_queue_sqe(struct io_kiocb *req);
> struct kmem_cache *req_cachep;
>
> static int __read_mostly sysctl_io_uring_disabled;
> -static int __read_mostly sysctl_io_uring_group = -1;
> +static unsigned int __read_mostly sysctl_io_uring_group;
> +static unsigned int min_gid;
> +static unsigned int max_gid = 4294967294; /*4294967294 is the max guid*/
Right, INVALID_GID is -1.
> #ifdef CONFIG_SYSCTL
> static struct ctl_table kernel_io_uring_disabled_table[] = {
> @@ -164,7 +166,9 @@ static struct ctl_table kernel_io_uring_disabled_table[] = {
> .data = &sysctl_io_uring_group,
> .maxlen = sizeof(gid_t),
> .mode = 0644,
> - .proc_handler = proc_dointvec,
> + .proc_handler = proc_douintvec_minmax,
> + .extra1 = &min_gid,
This should be SYSCTL_ZERO.
> + .extra2 = &max_gid,
> },
> {},
> };
Thanks!
Jeff
Powered by blists - more mailing lists