diff options
| author | Jens Axboe <axboe@kernel.dk> | 2020-10-15 13:46:44 -0600 |
|---|---|---|
| committer | Jens Axboe <axboe@kernel.dk> | 2020-10-17 09:25:47 -0600 |
| commit | 4ea33a976bfe79293965d0815e1914e4b6e58967 (patch) | |
| tree | e041b64e9f8841fdbaf28120171f32c64f42247b /fs/io_uring.c | |
| parent | d8a6df10aac9f2e4d5f30aff3129d552d2984ce7 (diff) | |
| download | lwn-4ea33a976bfe79293965d0815e1914e4b6e58967.tar.gz lwn-4ea33a976bfe79293965d0815e1914e4b6e58967.zip | |
io-wq: inherit audit loginuid and sessionid
Make sure the async io-wq workers inherit the loginuid and sessionid from
the original task, and restore them to unset once we're done with the
async work item.
While at it, disable the ability for kernel threads to write to their own
loginuid.
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'fs/io_uring.c')
| -rw-r--r-- | fs/io_uring.c | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/fs/io_uring.c b/fs/io_uring.c index 58c445b95085..b9ffe98f18bc 100644 --- a/fs/io_uring.c +++ b/fs/io_uring.c @@ -81,6 +81,7 @@ #include <linux/pagemap.h> #include <linux/io_uring.h> #include <linux/blk-cgroup.h> +#include <linux/audit.h> #define CREATE_TRACE_POINTS #include <trace/events/io_uring.h> @@ -327,6 +328,11 @@ struct io_ring_ctx { const struct cred *creds; +#ifdef CONFIG_AUDIT + kuid_t loginuid; + unsigned int sessionid; +#endif + struct completion ref_comp; struct completion sq_thread_comp; @@ -1057,6 +1063,10 @@ static void io_init_identity(struct io_identity *id) id->nsproxy = current->nsproxy; id->fs = current->fs; id->fsize = rlimit(RLIMIT_FSIZE); +#ifdef CONFIG_AUDIT + id->loginuid = current->loginuid; + id->sessionid = current->sessionid; +#endif refcount_set(&id->count, 1); } @@ -1316,6 +1326,11 @@ static bool io_grab_identity(struct io_kiocb *req) get_cred(id->creds); req->work.flags |= IO_WQ_WORK_CREDS; } +#ifdef CONFIG_AUDIT + if (!uid_eq(current->loginuid, id->loginuid) || + current->sessionid != id->sessionid) + return false; +#endif if (!(req->work.flags & IO_WQ_WORK_FS) && (def->work_flags & IO_WQ_WORK_FS)) { if (current->fs != id->fs) @@ -6755,6 +6770,10 @@ static int io_sq_thread(void *data) old_cred = override_creds(ctx->creds); } io_sq_thread_associate_blkcg(ctx, &cur_css); +#ifdef CONFIG_AUDIT + current->loginuid = ctx->loginuid; + current->sessionid = ctx->sessionid; +#endif ret |= __io_sq_thread(ctx, start_jiffies, cap_entries); @@ -9203,7 +9222,10 @@ static int io_uring_create(unsigned entries, struct io_uring_params *p, ctx->compat = in_compat_syscall(); ctx->user = user; ctx->creds = get_current_cred(); - +#ifdef CONFIG_AUDIT + ctx->loginuid = current->loginuid; + ctx->sessionid = current->sessionid; +#endif ctx->sqo_task = get_task_struct(current); /* |