Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9093618pxu; Mon, 28 Dec 2020 06:29:23 -0800 (PST) X-Google-Smtp-Source: ABdhPJxSOI7OLb5Ih6+QkQ6UpppobkQCJEpJ0SpZ1b/6Kvet286TRzNNEbszZNIa4UdGfk1c8BfS X-Received: by 2002:a50:becf:: with SMTP id e15mr43584584edk.138.1609165762833; Mon, 28 Dec 2020 06:29:22 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609165762; cv=none; d=google.com; s=arc-20160816; b=j/LCq5SqhQr/Lo0+ivkSPX+tN3kn0strUGy7PQiUY6Ko5RrFP0NBzxVaLfHk0r6R3Q +qmD5eYjJmJxcNTGjK15d8dUu8b/lBAs6xKkiB1MjMG952PF4KO8eLNstvGYRlOALWyE 6OnFIXSOivWhoKRyRmQX5bTPtoy8JKu6mf7Cas6eRxYcW5jPSVcvIaQxOvhZXachMjph N317Ngl7+ExN0RlZWHmvtc1+WMWczXx5GoaHfMIhQEtU50GkalpG5lx0b5FoMO36IwNL elQHqBLBD9Mhiit7rwxAmjAhqhSHQ9PAvJSJCa8EzEykl3ySGnC9Psl4pxdgZKFgrwXu hMDQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=YMvf3CAA8WpnVF4vy3u0Qn/N7A8SNj+uJO73pjFSvTQ=; b=gLmiuCjvud2rPJLdnyJIuOJfVkdvtx+pa15G8mpZgWbUTs208TjfZonwCXwsqkvUJd MwZrutX2PZWacda39Gj0FX6Bh/vDgxVeBGcDd/nD01xz3GAuSk5DiEz9bKbovAo0KMeE mvSlfK5HH1V8tEProiQpQdsY3RyW1T7RUf9T3Nu0BlDyBZLH50vL5yMl1FovqGVPbfEH 3icLIX9xoLiRX016OWKNcIrtw5Hjyd9rrpXwTXHIlWRy1xywvU0vOHaL622A57bIp6zs I33TKQTNcDjrNYHbfsWKsDOdVzgEJzgDjlFJv1fpacDAuBiDSYu4FeU7zjwP3M84NuAC 6TXA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=t7qaYDyD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gj13si17463387ejb.521.2020.12.28.06.28.58; Mon, 28 Dec 2020 06:29:22 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=t7qaYDyD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2503223AbgL1OZb (ORCPT + 99 others); Mon, 28 Dec 2020 09:25:31 -0500 Received: from mail.kernel.org ([198.145.29.99]:33334 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2503197AbgL1OZ0 (ORCPT ); Mon, 28 Dec 2020 09:25:26 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 6C833229C5; Mon, 28 Dec 2020 14:24:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1609165485; bh=AiQ5/sQNlZG7KPCDNVwAS1q8blgrB27JK5GC4mhyu84=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=t7qaYDyDACVpBMqjpHSzrjNw2Mvf23mlaOogFz5A5tOcw9LhaILIMnNRsIJCHdS5Q pW20UMK0j1zMELUdbpv7u1plZBflMrG2PKIpvTEwG7OtF08y1lw4gvKD3cJSMAAaxK G4tr0A8RCiONX9RmV9P1L1S6SpsgEXTLO1hdAP+Q= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Jens Axboe , "Eric W. Biederman" , Casey Schaufler , Sasha Levin Subject: [PATCH 5.10 508/717] Smack: Handle io_uring kernel thread privileges Date: Mon, 28 Dec 2020 13:48:26 +0100 Message-Id: <20201228125045.299088799@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201228125020.963311703@linuxfoundation.org> References: <20201228125020.963311703@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Casey Schaufler [ Upstream commit 942cb357ae7d9249088e3687ee6a00ed2745a0c7 ] Smack assumes that kernel threads are privileged for smackfs operations. This was necessary because the credential of the kernel thread was not related to a user operation. With io_uring the credential does reflect a user's rights and can be used. Suggested-by: Jens Axboe Acked-by: Jens Axboe Acked-by: Eric W. Biederman Signed-off-by: Casey Schaufler Signed-off-by: Sasha Levin --- security/smack/smack_access.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index efe2406a39609..7eabb448acab4 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -688,9 +688,10 @@ bool smack_privileged_cred(int cap, const struct cred *cred) bool smack_privileged(int cap) { /* - * All kernel tasks are privileged + * Kernel threads may not have credentials we can use. + * The io_uring kernel threads do have reliable credentials. */ - if (unlikely(current->flags & PF_KTHREAD)) + if ((current->flags & (PF_KTHREAD | PF_IO_WORKER)) == PF_KTHREAD) return true; return smack_privileged_cred(cap, current_cred()); -- 2.27.0