Commit 2f2fce3d authored by Linus Torvalds's avatar Linus Torvalds

Merge tag 'Smack-for-5.11-io_uring-fix' of git://github.com/cschaufler/smack-next

Pull smack fix from Casey Schaufler:
 "Provide a fix for the incorrect handling of privilege in the face of
  io_uring's use of kernel threads. That invalidated an long standing
  assumption regarding the privilege of kernel threads.

  The fix is simple and safe. It was provided by Jens Axboe and has been
  tested"

* tag 'Smack-for-5.11-io_uring-fix' of git://github.com/cschaufler/smack-next:
  Smack: Handle io_uring kernel thread privileges
parents 7a2fde8d 942cb357
...@@ -688,9 +688,10 @@ bool smack_privileged_cred(int cap, const struct cred *cred) ...@@ -688,9 +688,10 @@ bool smack_privileged_cred(int cap, const struct cred *cred)
bool smack_privileged(int cap) bool smack_privileged(int cap)
{ {
/* /*
* All kernel tasks are privileged * Kernel threads may not have credentials we can use.
* The io_uring kernel threads do have reliable credentials.
*/ */
if (unlikely(current->flags & PF_KTHREAD)) if ((current->flags & (PF_KTHREAD | PF_IO_WORKER)) == PF_KTHREAD)
return true; return true;
return smack_privileged_cred(cap, current_cred()); return smack_privileged_cred(cap, current_cred());
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment