lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <x49edeh5fyy.fsf@segfault.usersys.redhat.com>
Date: Tue, 16 Jan 2024 12:46:13 -0500
From: Jeff Moyer <jmoyer@...hat.com>
To: Subramanya Swamy <subramanya.swamy.linux@...il.com>
Cc: corbet@....net,  axboe@...nel.dk,  asml.silence@...il.com,
  ribalda@...omium.org,  rostedt@...dmis.org,  bhe@...hat.com,
  akpm@...ux-foundation.org,  matteorizzo@...gle.com,  ardb@...nel.org,
  alexghiti@...osinc.com,  linux-doc@...r.kernel.org,
  linux-kernel@...r.kernel.org,  io-uring@...r.kernel.org
Subject: Re: [PATCH] iouring:added boundary value check for io_uring_group
 systl

Subramanya Swamy <subramanya.swamy.linux@...il.com> writes:

> /proc/sys/kernel/io_uring_group takes gid as input
> added boundary value check to accept gid in range of
> 0<=gid<=4294967294 & Documentation is updated for same

Thanks for the patch.  You're right, the current code artificially
limits the maximum group id.

> Signed-off-by: Subramanya Swamy <subramanya.swamy.linux@...il.com>
> ---
>  Documentation/admin-guide/sysctl/kernel.rst | 9 ++++-----
>  io_uring/io_uring.c                         | 8 ++++++--
>  2 files changed, 10 insertions(+), 7 deletions(-)
>
> diff --git a/Documentation/admin-guide/sysctl/kernel.rst b/Documentation/admin-guide/sysctl/kernel.rst
> index 6584a1f9bfe3..3f96007aa971 100644
> --- a/Documentation/admin-guide/sysctl/kernel.rst
> +++ b/Documentation/admin-guide/sysctl/kernel.rst
> @@ -469,11 +469,10 @@ shrinks the kernel's attack surface.
>  io_uring_group
>  ==============
>  
> -When io_uring_disabled is set to 1, a process must either be
> -privileged (CAP_SYS_ADMIN) or be in the io_uring_group group in order
> -to create an io_uring instance.  If io_uring_group is set to -1 (the
> -default), only processes with the CAP_SYS_ADMIN capability may create
> -io_uring instances.
> +When io_uring_disabled is set to 1, only processes with the
> +CAP_SYS_ADMIN may create io_uring instances or process must be in the
> +io_uring_group group in order to create an io_uring_instance.
> +io_uring_group is set to 0.This is the default setting.

You are changing the default from an invalid group to the root group.  I
guess that's ok, but I'd rather keep it the way it is.  The text is a
bit repetitive.  Why not just this?

"When io_uring_disabled is set to 1, a process must either be
 privileged (CAP_SYS_ADMIN) or be in the io_uring_group group in order
 to create an io_uring instance."

> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
> index 09b6d860deba..0ed91b69643d 100644
> --- a/io_uring/io_uring.c
> +++ b/io_uring/io_uring.c
> @@ -146,7 +146,9 @@ static void io_queue_sqe(struct io_kiocb *req);
>  struct kmem_cache *req_cachep;
>  
>  static int __read_mostly sysctl_io_uring_disabled;
> -static int __read_mostly sysctl_io_uring_group = -1;
> +static unsigned int __read_mostly sysctl_io_uring_group;
> +static unsigned int min_gid;
> +static unsigned int max_gid  = 4294967294;  /*4294967294 is the max guid*/

Right, INVALID_GID is -1.

>  #ifdef CONFIG_SYSCTL
>  static struct ctl_table kernel_io_uring_disabled_table[] = {
> @@ -164,7 +166,9 @@ static struct ctl_table kernel_io_uring_disabled_table[] = {
>  		.data		= &sysctl_io_uring_group,
>  		.maxlen		= sizeof(gid_t),
>  		.mode		= 0644,
> -		.proc_handler	= proc_dointvec,
> +		.proc_handler	= proc_douintvec_minmax,
> +		.extra1         = &min_gid,

This should be SYSCTL_ZERO.

> +		.extra2         = &max_gid,
>  	},
>  	{},
>  };

Thanks!
Jeff


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ