Re: [v5.19.y PATCH 3/3] Smack: Provide read control for io_uring_cmd

On 9/6/2022 2:03 PM, Paul Moore wrote:

Backport the following upstream commit into Linux v5.19.y:

commit dd9373402280cf4715fdc8fd5070f7d039e43511
Author: Casey Schaufler <casey@schaufler-ca.com>
Date:   Tue Aug 23 16:46:18 2022 -0700

Smack: Provide read control for io_uring_cmd

Limit io_uring "cmd" options to files for which the caller has
Smack read access. There may be cases where the cmd option may
be closer to a write access than a read, but there is no way
to make that determination.

Signed-off-by: Paul Moore paul@paul-moore.com

Acked-by: Casey Schaufler casey@schaufler-ca.com

---

security/smack/smack_lsm.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 6207762dbdb1..b30e20f64471 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -42,6 +42,7 @@ #include <linux/fs_context.h> #include <linux/fs_parser.h> #include <linux/watch_queue.h> +#include <linux/io_uring.h> #include "smack.h" #define TRANS_TRUE "TRUE" @@ -4739,6 +4740,36 @@ static int smack_uring_sqpoll(void) return -EPERM; } +/**

• • smack_uring_cmd - check on file operations for io_uring
• • @ioucmd: the command in question
• • Make a best guess about whether a io_uring "command" should
• • be allowed. Use the same logic used for determining if the
• • file could be opened for read in the absence of better criteria.
• */

+static int smack_uring_cmd(struct io_uring_cmd *ioucmd) +{

• struct file *file = ioucmd->file;
• struct smk_audit_info ad;
• struct task_smack *tsp;
• struct inode *inode;
• int rc;
• if (!file)

• return -EINVAL;
  

• tsp = smack_cred(file->f_cred);
• inode = file_inode(file);
• smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_PATH);
• smk_ad_setfield_u_fs_path(&ad, file->f_path);
• rc = smk_tskacc(tsp, smk_of_inode(inode), MAY_READ, &ad);
• rc = smk_bu_credfile(file->f_cred, file, MAY_READ, rc);
• return rc;

+}

#endif /* CONFIG_IO_URING */ struct lsm_blob_sizes smack_blob_sizes __lsm_ro_after_init = { @@ -4896,6 +4927,7 @@ static struct security_hook_list smack_hooks[] __lsm_ro_after_init = { #ifdef CONFIG_IO_URING LSM_HOOK_INIT(uring_override_creds, smack_uring_override_creds), LSM_HOOK_INIT(uring_sqpoll, smack_uring_sqpoll),

• LSM_HOOK_INIT(uring_cmd, smack_uring_cmd),

#endif };