From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-5.3 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A,SPF_HELO_NONE, SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id EB2FEC47089 for ; Wed, 26 May 2021 17:51:05 +0000 (UTC) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id D671B6139A for ; Wed, 26 May 2021 17:51:04 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D671B6139A Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.dk Authentication-Results: mail.kernel.org; spf=tempfail smtp.mailfrom=linux-audit-bounces@redhat.com Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-8-r1PlRF36NBm4xaE2yABrrA-1; Wed, 26 May 2021 13:51:00 -0400 X-MC-Unique: r1PlRF36NBm4xaE2yABrrA-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 1CD85180FD66; Wed, 26 May 2021 17:50:58 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1726B10023AF; Wed, 26 May 2021 17:50:57 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C2F3955348; Wed, 26 May 2021 17:50:54 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id 14QHMK3x020573 for ; Wed, 26 May 2021 13:22:20 -0400 Received: by smtp.corp.redhat.com (Postfix) id 36C6D20E76A2; Wed, 26 May 2021 17:22:20 +0000 (UTC) Received: from mimecast-mx02.redhat.com (mimecast05.extmail.prod.ext.rdu2.redhat.com [10.11.55.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 323D320E76A1 for ; Wed, 26 May 2021 17:22:20 +0000 (UTC) Received: from us-smtp-1.mimecast.com (us-smtp-delivery-1.mimecast.com [207.211.31.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 1A5BD8339A4 for ; Wed, 26 May 2021 17:22:20 +0000 (UTC) Received: from mail-il1-f177.google.com (mail-il1-f177.google.com [209.85.166.177]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-521-ThPTXtt4PlS0sU5QzJAyUQ-1; Wed, 26 May 2021 13:22:18 -0400 X-MC-Unique: ThPTXtt4PlS0sU5QzJAyUQ-1 Received: by mail-il1-f177.google.com with SMTP id h11so1574569ili.9 for ; Wed, 26 May 2021 10:22:17 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=2OhppeIspUDCdDqTlenJ6aztMdU67TtMNZxD3yeg400=; b=Vp2/XL5xF2oFri8x+AlAvLQwv2hFe7uDY2iMXUkqF8KaEok5KKAjp/IndEhyTtBgfZ iBWQ+lI8BnuiuU9tBtay1D0WIuMIGlFOuH8jxTrbEUfj/dwvBaYcRdc/hAMOEkVFkkM/ aBdzXIcVKHaXXbAbWXTYdYem4TnUFFO8A9okLO36EN4StYgQ+QbEvwF9eM3biZoRTwH3 +e8LmbNelvh9xGgbOX8UDNv6u2KPufvRl6QiPoxxfpRpXe7Hr+uk8tGZEbXJieA8ez9O 8FKoI/pWBJtO7E0H8izZ23AW0PDRcYy0SpscYfbOFLX4mz5HLENTIwbfHUyqQtpq8pcj 0L4Q== X-Gm-Message-State: AOAM532QP4FUSM7shCNtP+dYbq4Ww0uFLikc9kqJhk1A4fUKVHUOwWFO /NLHEr3JZPEk9WABN/LcBBeLSw== X-Google-Smtp-Source: ABdhPJxPLz3YY9EUDMQFtFn/VcophkNmNE0tWvvBLvKnHP1NR0b0HejoaWXYugArW/GqD1kJy2w6DA== X-Received: by 2002:a05:6e02:ea8:: with SMTP id u8mr26501483ilj.67.1622049736979; Wed, 26 May 2021 10:22:16 -0700 (PDT) Received: from [192.168.1.30] ([65.144.74.34]) by smtp.gmail.com with ESMTPSA id a11sm6820114ioq.12.2021.05.26.10.22.16 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 26 May 2021 10:22:16 -0700 (PDT) Subject: Re: [RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring To: Richard Guy Briggs , Stefan Metzmacher References: <162163379461.8379.9691291608621179559.stgit@sifl> <162219f9-7844-0c78-388f-9b5c06557d06@gmail.com> <8943629d-3c69-3529-ca79-d7f8e2c60c16@kernel.dk> <0a668302-b170-31ce-1651-ddf45f63d02a@gmail.com> <18823c99-7d65-0e6f-d508-a487f1b4b9e7@samba.org> <20210526154905.GJ447005@madcap2.tricolour.ca> From: Jens Axboe Message-ID: Date: Wed, 26 May 2021 11:22:15 -0600 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20210526154905.GJ447005@madcap2.tricolour.ca> X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection Definition; Similar Internal Domain=false; Similar Monitored External Domain=false; Custom External Domain=false; Mimecast External Domain=false; Newly Observed Domain=false; Internal User Name=false; Custom Display Name List=false; Reply-to Address Mismatch=false; Targeted Threat Dictionary=false; Mimecast Threat Dictionary=false; Custom Threat Dictionary=false X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-loop: linux-audit@redhat.com X-Mailman-Approved-At: Wed, 26 May 2021 13:50:52 -0400 Cc: selinux@vger.kernel.org, io-uring@vger.kernel.org, linux-security-module@vger.kernel.org, linux-audit@redhat.com, Kumar Kartikeya Dwivedi , linux-fsdevel@vger.kernel.org, Pavel Begunkov , Alexander Viro X-BeenThere: linux-audit@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Linux Audit Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=linux-audit-bounces@redhat.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit On 5/26/21 9:49 AM, Richard Guy Briggs wrote: >> So why is there anything special needed for io_uring (now that the >> native worker threads are used)? > > Because syscall has been bypassed by a memory-mapped work queue. I don't follow this one at all, that's just the delivery mechanism if you choose to use SQPOLL. If you do, then a thread sibling of the original task does the actual system call. There's no magic involved there, and the tasks are related. So care to expand on that? >> Is there really any io_uring opcode that bypasses the security checks the corresponding native syscall >> would do? If so, I think that should just be fixed... > > This is by design to speed it up. This is what Paul's iouring entry and > exit hooks do. As far as I can tell, we're doing double logging at that point, if the syscall helper does the audit as well. We'll get something logging the io_uring opcode (eg IORING_OP_OPENAT2), then log again when we call the fs helper. That's _assuming_ that we always hit the logging part when we call into the vfs, but that's something that can be updated to be true and kept an eye on for future additions. Why is the double logging useful? It only tells you that the invocation was via io_uring as the delivery mechanism rather than the usual system call, but the effect is the same - the file is opened, for example. I feel like I'm missing something here, or the other side is. Or both! -- Jens Axboe -- Linux-audit mailing list Linux-audit@redhat.com https://listman.redhat.com/mailman/listinfo/linux-audit