linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] Smack: Handle io_uring kernel thread privileges.
       [not found] <dacfb329-de66-d0cf-dcf9-f030ea1370de.ref@schaufler-ca.com>
@ 2020-12-18  1:12 ` Casey Schaufler
  2020-12-21 19:55   ` Eric W. Biederman
  2020-12-22  2:05   ` Jens Axboe
  0 siblings, 2 replies; 3+ messages in thread
From: Casey Schaufler @ 2020-12-18  1:12 UTC (permalink / raw)
  To: SMACK-discuss, Linux Security Module list
  Cc: Jens Axboe, Eric W. Biederman, Casey Schaufler, LKML

Smack assumes that kernel threads are privileged for smackfs
operations. This was necessary because the credential of the
kernel thread was not related to a user operation. With io_uring
the credential does reflect a user's rights and can be used.

Suggested-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/smack/smack_access.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index efe2406a3960..7eabb448acab 100644
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -688,9 +688,10 @@ bool smack_privileged_cred(int cap, const struct cred *cred)
 bool smack_privileged(int cap)
 {
 	/*
-	 * All kernel tasks are privileged
+	 * Kernel threads may not have credentials we can use.
+	 * The io_uring kernel threads do have reliable credentials.
 	 */
-	if (unlikely(current->flags & PF_KTHREAD))
+	if ((current->flags & (PF_KTHREAD | PF_IO_WORKER)) == PF_KTHREAD)
 		return true;
 
 	return smack_privileged_cred(cap, current_cred());



^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH] Smack: Handle io_uring kernel thread privileges.
  2020-12-18  1:12 ` [PATCH] Smack: Handle io_uring kernel thread privileges Casey Schaufler
@ 2020-12-21 19:55   ` Eric W. Biederman
  2020-12-22  2:05   ` Jens Axboe
  1 sibling, 0 replies; 3+ messages in thread
From: Eric W. Biederman @ 2020-12-21 19:55 UTC (permalink / raw)
  To: Casey Schaufler
  Cc: SMACK-discuss, Linux Security Module list, Jens Axboe, LKML

Casey Schaufler <casey@schaufler-ca.com> writes:

> Smack assumes that kernel threads are privileged for smackfs
> operations. This was necessary because the credential of the
> kernel thread was not related to a user operation. With io_uring
> the credential does reflect a user's rights and can be used.

Acked-by: "Eric W. Biederman" <ebiederm@xmission.com>

>
> Suggested-by: Jens Axboe <axboe@kernel.dk>
> Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
> ---
>  security/smack/smack_access.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
> index efe2406a3960..7eabb448acab 100644
> --- a/security/smack/smack_access.c
> +++ b/security/smack/smack_access.c
> @@ -688,9 +688,10 @@ bool smack_privileged_cred(int cap, const struct cred *cred)
>  bool smack_privileged(int cap)
>  {
>  	/*
> -	 * All kernel tasks are privileged
> +	 * Kernel threads may not have credentials we can use.
> +	 * The io_uring kernel threads do have reliable credentials.
>  	 */
> -	if (unlikely(current->flags & PF_KTHREAD))
> +	if ((current->flags & (PF_KTHREAD | PF_IO_WORKER)) == PF_KTHREAD)
>  		return true;
>  
>  	return smack_privileged_cred(cap, current_cred());

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH] Smack: Handle io_uring kernel thread privileges.
  2020-12-18  1:12 ` [PATCH] Smack: Handle io_uring kernel thread privileges Casey Schaufler
  2020-12-21 19:55   ` Eric W. Biederman
@ 2020-12-22  2:05   ` Jens Axboe
  1 sibling, 0 replies; 3+ messages in thread
From: Jens Axboe @ 2020-12-22  2:05 UTC (permalink / raw)
  To: Casey Schaufler, SMACK-discuss, Linux Security Module list
  Cc: Eric W. Biederman, LKML

On 12/17/20 6:12 PM, Casey Schaufler wrote:
> Smack assumes that kernel threads are privileged for smackfs
> operations. This was necessary because the credential of the
> kernel thread was not related to a user operation. With io_uring
> the credential does reflect a user's rights and can be used.

Acked-by: Jens Axboe <axboe@kernel.dk>

-- 
Jens Axboe


^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-12-22  2:06 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <dacfb329-de66-d0cf-dcf9-f030ea1370de.ref@schaufler-ca.com>
2020-12-18  1:12 ` [PATCH] Smack: Handle io_uring kernel thread privileges Casey Schaufler
2020-12-21 19:55   ` Eric W. Biederman
2020-12-22  2:05   ` Jens Axboe

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).