lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAHC9VhQDMSw9VNzd1pLRv1a3v8y2wz9rM4k0wa1t-Wq8KO6kFw@mail.gmail.com>
Date: Fri, 7 Feb 2025 17:21:42 -0500
From: Paul Moore <paul@...l-moore.com>
To: Jens Axboe <axboe@...nel.dk>
Cc: Hamza Mahfooz <hamzamahfooz@...ux.microsoft.com>, James Morris <jmorris@...ei.org>, 
	"Serge E. Hallyn" <serge@...lyn.com>, Pavel Begunkov <asml.silence@...il.com>, 
	Stephen Smalley <stephen.smalley.work@...il.com>, Ondrej Mosnacek <omosnace@...hat.com>, 
	Thiébaud Weksteen <tweek@...gle.com>, 
	Christian Göttsche <cgzones@...glemail.com>, 
	Bram Bonné <brambonne@...gle.com>, 
	Masahiro Yamada <masahiroy@...nel.org>, linux-security-module@...r.kernel.org, 
	io-uring@...r.kernel.org, selinux@...r.kernel.org, 
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH v3 1/2] io_uring: refactor io_uring_allowed()

On Fri, Feb 7, 2025 at 4:54 PM Jens Axboe <axboe@...nel.dk> wrote:
> On 2/7/25 2:42 PM, Paul Moore wrote:
> > On Jan 27, 2025 Hamza Mahfooz <hamzamahfooz@...ux.microsoft.com> wrote:
> >>
> >> Have io_uring_allowed() return an error code directly instead of
> >> true/false. This is needed for follow-up work to guard io_uring_setup()
> >> with LSM.
> >>
> >> Cc: Jens Axboe <axboe@...nel.dk>
> >> Signed-off-by: Hamza Mahfooz <hamzamahfooz@...ux.microsoft.com>
> >> ---
> >>  io_uring/io_uring.c | 21 ++++++++++++++-------
> >>  1 file changed, 14 insertions(+), 7 deletions(-)
> >>
> >> diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
> >> index 7bfbc7c22367..c2d8bd4c2cfc 100644
> >> --- a/io_uring/io_uring.c
> >> +++ b/io_uring/io_uring.c
> >> @@ -3789,29 +3789,36 @@ static long io_uring_setup(u32 entries, struct io_uring_params __user *params)
> >>      return io_uring_create(entries, &p, params);
> >>  }
> >>
> >> -static inline bool io_uring_allowed(void)
> >> +static inline int io_uring_allowed(void)
> >>  {
> >>      int disabled = READ_ONCE(sysctl_io_uring_disabled);
> >>      kgid_t io_uring_group;
> >>
> >>      if (disabled == 2)
> >> -            return false;
> >> +            return -EPERM;
> >>
> >>      if (disabled == 0 || capable(CAP_SYS_ADMIN))
> >> -            return true;
> >> +            goto allowed_lsm;
> >
> > I'd probably just 'return 0;' here as the "allowed_lsm" goto label
> > doesn't make a lot of sense until patch 2/2, but otherwise this
> > looks okay to me.
>
> Agree, get rid of this unnecessary goto.

Done.  Converted to return in patch 1/2 and brought the goto/label
back in patch 2/2.

> > Jens, are you okay with this patch?  If yes, can we get an ACK from you?
>
> With that change, yep I'm fine with both of these and you can add my
> acked-by to them.

Great.  Both patches have now been merged into lsm/dev, thanks everyone!

-- 
paul-moore.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ