Re: [PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support

[PATCH 0/3] LSM hooks for IORING_OP_URING_CMD · Paul Moore <paul@paul-moore.com> · 2022-08-22
[PATCH 1/3] lsm,io_uring: add LSM hooks for the new uring_cmd file op · Paul Moore <paul@paul-moore.com> · 2022-08-22
Re: [PATCH 1/3] lsm,io_uring: add LSM hooks for the new uring_cmd file op · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2022-08-23
Re: [PATCH 1/3] lsm,io_uring: add LSM hooks for the new uring_cmd file op · Paul Moore <paul@paul-moore.com> · 2022-08-23
Re: [PATCH 1/3] lsm,io_uring: add LSM hooks for the new uring_cmd file op · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2022-08-24
Re: [PATCH 1/3] lsm,io_uring: add LSM hooks for the new uring_cmd file op · Paul Moore <paul@paul-moore.com> · 2022-08-24
[PATCH 2/3] selinux: implement the security_uring_cmd() LSM hook · Paul Moore <paul@paul-moore.com> · 2022-08-22
Re: [PATCH 2/3] selinux: implement the security_uring_cmd() LSM hook · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2022-08-23
Re: [PATCH 2/3] selinux: implement the security_uring_cmd() LSM hook · Paul Moore <paul@paul-moore.com> · 2022-08-23
Re: [PATCH 2/3] selinux: implement the security_uring_cmd() LSM hook · Joel Granados <hidden> · 2022-09-01
Re: [PATCH 2/3] selinux: implement the security_uring_cmd() LSM hook · Paul Moore <paul@paul-moore.com> · 2022-09-01
Re: [PATCH 2/3] selinux: implement the security_uring_cmd() LSM hook · Joel Granados <hidden> · 2022-09-07
Re: [PATCH 2/3] selinux: implement the security_uring_cmd() LSM hook · Joel Granados <hidden> · 2022-09-16
[PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support · Paul Moore <paul@paul-moore.com> · 2022-08-22
Re: [PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support · Jens Axboe <axboe@kernel.dk> · 2022-08-22
Re: [PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support · Paul Moore <paul@paul-moore.com> · 2022-08-22
Re: [PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support · Jens Axboe <axboe@kernel.dk> · 2022-08-22
Re: [PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support · Paul Moore <paul@paul-moore.com> · 2022-08-22
Re: [PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support · Jens Axboe <axboe@kernel.dk> · 2022-08-22
Re: [PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support · Paul Moore <paul@paul-moore.com> · 2022-08-22
Re: [PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2022-08-23
Re: [PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support · Jens Axboe <axboe@kernel.dk> · 2022-08-23
Re: [PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support · Paul Moore <paul@paul-moore.com> · 2022-08-23
Re: [PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2022-08-23
Re: [PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support · Paul Moore <paul@paul-moore.com> · 2022-08-23
Re: [PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support · Greg Kroah-Hartman <gregkh@linuxfoundation.org> · 2022-08-24
Re: [PATCH 3/3] /dev/null: add IORING_OP_URING_CMD support · Paul Moore <paul@paul-moore.com> · 2022-08-24
Re: [PATCH 0/3] LSM hooks for IORING_OP_URING_CMD · Paul Moore <paul@paul-moore.com> · 2022-08-26

From: Paul Moore <paul@paul-moore.com>
Date: 2022-08-23 18:39:57
Also in: io-uring, selinux

On Tue, Aug 23, 2022 at 9:33 AM Jens Axboe [off-list ref] wrote:

On 8/23/22 12:51 AM, Greg Kroah-Hartman wrote:

quoted

On Mon, Aug 22, 2022 at 05:21:19PM -0400, Paul Moore wrote:

quoted

This patch adds support for the io_uring command pass through, aka
IORING_OP_URING_CMD, to the /dev/null driver.  As with all of the
/dev/null functionality, the implementation is just a simple sink
where commands go to die, but it should be useful for developers who
need a simple IORING_OP_URING_CMD test device that doesn't require
any special hardware.

Cc: Arnd Bergmann <arnd@arndb.de>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---
 drivers/char/mem.c |    6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/char/mem.c b/drivers/char/mem.c
index 84ca98ed1dad..32a932a065a6 100644
--- a/drivers/char/mem.c
+++ b/drivers/char/mem.c

@@ -480,6 +480,11 @@ static ssize_t splice_write_null(struct pipe_inode_info *pipe, struct file *out,
     return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_null);
 }

+static int uring_cmd_null(struct io_uring_cmd *ioucmd, unsigned int issue_flags)
+{
+    return 0;

If a callback just returns 0, that implies it is not needed at all and
can be removed and then you are back at the original file before your
commit :)

In theory you are correct, but the empty hook is needed so that
submitting an io_uring cmd to the file type is attempted. If not it's
just errored upfront.

Paul, is it strictly needed to test the selinux uring cmd policy? If the
operation would've been attempted but null doesn't support it, you'd get
-1/EOPNOTSUPP - and supposedly you'd get EACCES/EPERM or something if
it's filtered?

I haven't built a kernel without this patch to test, but yes, you are
probably correct that it wouldn't be strictly necessary, but
considering the extreme simplicity of this addition, what is the real
harm here?  Wouldn't it be nice to have a rather simple
IORING_OP_URING_CMD target?

Also, just so we are clear, I didn't mark this patch with the
stable/fixes tags because I don't believe this should go into -stable;
while I believe it is a nice addition, it is definitely not critical.

-- 
paul-moore.com

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help