diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2022-08-31 09:23:16 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2022-08-31 09:23:16 -0700 |
commit | 9c9d1896fa92e05e7af5a7a47e335f834aa4248c (patch) | |
tree | bbc9f084c4b9d37201243239336c6b85172973e3 /io_uring | |
parent | dcf8e5633e2e69ad60b730ab5905608b756a032f (diff) | |
parent | dd9373402280cf4715fdc8fd5070f7d039e43511 (diff) | |
download | linux-stable-9c9d1896fa92e05e7af5a7a47e335f834aa4248c.tar.gz linux-stable-9c9d1896fa92e05e7af5a7a47e335f834aa4248c.tar.bz2 linux-stable-9c9d1896fa92e05e7af5a7a47e335f834aa4248c.zip |
Merge tag 'lsm-pr-20220829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm
Pull LSM support for IORING_OP_URING_CMD from Paul Moore:
"Add SELinux and Smack controls to the io_uring IORING_OP_URING_CMD.
These are necessary as without them the IORING_OP_URING_CMD remains
outside the purview of the LSMs (Luis' LSM patch, Casey's Smack patch,
and my SELinux patch). They have been discussed at length with the
io_uring folks, and Jens has given his thumbs-up on the relevant
patches (see the commit descriptions).
There is one patch that is not strictly necessary, but it makes
testing much easier and is very trivial: the /dev/null
IORING_OP_URING_CMD patch."
* tag 'lsm-pr-20220829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
Smack: Provide read control for io_uring_cmd
/dev/null: add IORING_OP_URING_CMD support
selinux: implement the security_uring_cmd() LSM hook
lsm,io_uring: add LSM hooks for the new uring_cmd file op
Diffstat (limited to 'io_uring')
-rw-r--r-- | io_uring/uring_cmd.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/io_uring/uring_cmd.c b/io_uring/uring_cmd.c index b9989ae7b957..e78b6f980d77 100644 --- a/io_uring/uring_cmd.c +++ b/io_uring/uring_cmd.c @@ -3,6 +3,7 @@ #include <linux/errno.h> #include <linux/file.h> #include <linux/io_uring.h> +#include <linux/security.h> #include <uapi/linux/io_uring.h> @@ -88,6 +89,10 @@ int io_uring_cmd(struct io_kiocb *req, unsigned int issue_flags) if (!req->file->f_op->uring_cmd) return -EOPNOTSUPP; + ret = security_uring_cmd(ioucmd); + if (ret) + return ret; + if (ctx->flags & IORING_SETUP_SQE128) issue_flags |= IO_URING_F_SQE128; if (ctx->flags & IORING_SETUP_CQE32) |