summaryrefslogtreecommitdiffstats
path: root/io_uring
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2022-08-31 09:23:16 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2022-08-31 09:23:16 -0700
commit9c9d1896fa92e05e7af5a7a47e335f834aa4248c (patch)
treebbc9f084c4b9d37201243239336c6b85172973e3 /io_uring
parentdcf8e5633e2e69ad60b730ab5905608b756a032f (diff)
parentdd9373402280cf4715fdc8fd5070f7d039e43511 (diff)
downloadlinux-stable-9c9d1896fa92e05e7af5a7a47e335f834aa4248c.tar.gz
linux-stable-9c9d1896fa92e05e7af5a7a47e335f834aa4248c.tar.bz2
linux-stable-9c9d1896fa92e05e7af5a7a47e335f834aa4248c.zip
Merge tag 'lsm-pr-20220829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm
Pull LSM support for IORING_OP_URING_CMD from Paul Moore: "Add SELinux and Smack controls to the io_uring IORING_OP_URING_CMD. These are necessary as without them the IORING_OP_URING_CMD remains outside the purview of the LSMs (Luis' LSM patch, Casey's Smack patch, and my SELinux patch). They have been discussed at length with the io_uring folks, and Jens has given his thumbs-up on the relevant patches (see the commit descriptions). There is one patch that is not strictly necessary, but it makes testing much easier and is very trivial: the /dev/null IORING_OP_URING_CMD patch." * tag 'lsm-pr-20220829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm: Smack: Provide read control for io_uring_cmd /dev/null: add IORING_OP_URING_CMD support selinux: implement the security_uring_cmd() LSM hook lsm,io_uring: add LSM hooks for the new uring_cmd file op
Diffstat (limited to 'io_uring')
-rw-r--r--io_uring/uring_cmd.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/io_uring/uring_cmd.c b/io_uring/uring_cmd.c
index b9989ae7b957..e78b6f980d77 100644
--- a/io_uring/uring_cmd.c
+++ b/io_uring/uring_cmd.c
@@ -3,6 +3,7 @@
#include <linux/errno.h>
#include <linux/file.h>
#include <linux/io_uring.h>
+#include <linux/security.h>
#include <uapi/linux/io_uring.h>
@@ -88,6 +89,10 @@ int io_uring_cmd(struct io_kiocb *req, unsigned int issue_flags)
if (!req->file->f_op->uring_cmd)
return -EOPNOTSUPP;
+ ret = security_uring_cmd(ioucmd);
+ if (ret)
+ return ret;
+
if (ctx->flags & IORING_SETUP_SQE128)
issue_flags |= IO_URING_F_SQE128;
if (ctx->flags & IORING_SETUP_CQE32)