Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp14400826pxu; Tue, 5 Jan 2021 00:01:09 -0800 (PST) X-Google-Smtp-Source: ABdhPJxv8I1nXouqaRQ0lUUWIDQoYhqmxzN7SmakpjReMBRkJHCX7LOSSySo0XQhbQ8jGHh1B+5Z X-Received: by 2002:a17:906:5285:: with SMTP id c5mr58514567ejm.17.1609833669080; Tue, 05 Jan 2021 00:01:09 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609833669; cv=none; d=google.com; s=arc-20160816; b=1D4LZqqGRCAns6elSJ5hzbkbl67WiPUE4LT0cWoSo+Hf58uFkhtXCmUImG46XKXCBZ ibU1+H0sSLb7qp7wASWlhH5gRA6/9yEnsnhMR4FnrXNyhBMQKX3ZPD4+zjkiKGC9M1P0 0CXDlwLj+6f0vWvUA0D8pMJ7V9IQNRdUmXVURB6gvt2J+t6JJ5ytyD+WIQhUBD3D5R/8 RdfGs8pqrwST+ooheDqDEJx9fzAAfvR2UXmnn/MiJuAG/91VfN4lViNvmPaxK7k5eE0w JtPc19I7GcQtHogb5A3zRefV6/oioLJIVWqpjUyBHk1ZJxcec1gZvU+vKFC/90Ec0Sq9 caVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=oJxUc+Uv0K4hXmpBTy/fJOEZXbZ0sAK/8Py99lBk3d8=; b=s0T/e7pvMFnBnavHtNtUPvmsP4vseazF7biWNe5wh4aBwXja7QaDEQjuwIZI0yTLyV udx5WdXbXSRycDtyl1LpgnVZDA/RqQHaQAbjFaWpkIxEcIf7hU7EspRvFSGzqqxX0Ne8 02uS8zURbl3f9xoRoFsILLjTqaHFtDZQLJGZT6Dh0rLq3T1OyVxPKf+iU1e+Tosc54Lx 0pqeQSQO/WMyjhSpOZCNPZWytrUBxV1tGzwCq6Xn0n+OOH8XXgiZhaRJ3h82t90F6Une xWP5Dv0krtZi1hq9Hj6i9Rl943gr7lYzaCQTtlmlrwHhIJla1JSnEm5FWBTHhCAd4B/O 8tEA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y7si18777758edt.257.2021.01.05.00.00.45; Tue, 05 Jan 2021 00:01:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727317AbhAEH6P (ORCPT + 99 others); Tue, 5 Jan 2021 02:58:15 -0500 Received: from verein.lst.de ([213.95.11.211]:60425 "EHLO verein.lst.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727271AbhAEH6P (ORCPT ); Tue, 5 Jan 2021 02:58:15 -0500 Received: by verein.lst.de (Postfix, from userid 2407) id 441A467373; Tue, 5 Jan 2021 08:57:32 +0100 (CET) Date: Tue, 5 Jan 2021 08:57:31 +0100 From: Christoph Hellwig To: "Eric W. Biederman" Cc: Tetsuo Handa , Al Viro , Jens Axboe , Christoph Hellwig , Kees Cook , LKML Subject: Re: Does uaccess_kernel() work for detecting kernel thread? Message-ID: <20210105075731.GB30414@lst.de> References: <0bcc0c63-31a3-26fd-bccb-b28af0375c34@i-love.sakura.ne.jp> <87a6u5iw3d.fsf@x220.int.ebiederm.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87a6u5iw3d.fsf@x220.int.ebiederm.org> User-Agent: Mutt/1.5.17 (2007-11-01) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Dec 22, 2020 at 11:33:58AM -0600, Eric W. Biederman wrote: > I do wonder though if perhaps we should create a is_user_cred helper to > detect the difference between the creds of kernel threads and the thread > of ordinary userspace. Which would handle io_uring that copy creds > around and check them at a later time more cleanly. I don't think we should as no one has a business to check this difference. If there is a case where the creds are not correct for all access decisions we need to fix that rather than adding hacks.