diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2020-12-24 14:08:43 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-12-24 14:08:43 -0800 |
commit | 2f2fce3d535779cb1b0d77ce839029d5d875d4f4 (patch) | |
tree | dd067cfddc69455b0ad2a30a63f1d6ec48fed420 | |
parent | 7a2fde8def1fffceda728d2441d7e69230478285 (diff) | |
parent | 942cb357ae7d9249088e3687ee6a00ed2745a0c7 (diff) |
Merge tag 'Smack-for-5.11-io_uring-fix' of git://github.com/cschaufler/smack-next
Pull smack fix from Casey Schaufler:
"Provide a fix for the incorrect handling of privilege in the face of
io_uring's use of kernel threads. That invalidated an long standing
assumption regarding the privilege of kernel threads.
The fix is simple and safe. It was provided by Jens Axboe and has been
tested"
* tag 'Smack-for-5.11-io_uring-fix' of git://github.com/cschaufler/smack-next:
Smack: Handle io_uring kernel thread privileges
-rw-r--r-- | security/smack/smack_access.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index efe2406a3960..7eabb448acab 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -688,9 +688,10 @@ bool smack_privileged_cred(int cap, const struct cred *cred) bool smack_privileged(int cap) { /* - * All kernel tasks are privileged + * Kernel threads may not have credentials we can use. + * The io_uring kernel threads do have reliable credentials. */ - if (unlikely(current->flags & PF_KTHREAD)) + if ((current->flags & (PF_KTHREAD | PF_IO_WORKER)) == PF_KTHREAD) return true; return smack_privileged_cred(cap, current_cred()); |