From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vt@altlinux.org>
From: Vitaly Chikunov <vt@altlinux.org>
To: devel-kernel@lists.altlinux.org
Date: Thu, 26 Jan 2023 22:50:17 +0300
Message-Id: <20230126195017.1654866-1-vt@altlinux.org>
X-Mailer: git-send-email 2.33.6
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: [d-kernel] [RFC] ALT: io_uring,
	sysctl: Add 'kernel.unprivileged_io_uring_disabled' sysctl
X-BeenThere: devel-kernel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux kernel packages development
 <devel-kernel@lists.altlinux.org>
List-Id: ALT Linux kernel packages development
 <devel-kernel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel-kernel>,
 <mailto:devel-kernel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel-kernel>
List-Post: <mailto:devel-kernel@lists.altlinux.org>
List-Help: <mailto:devel-kernel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel-kernel>,
 <mailto:devel-kernel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jan 2023 19:50:28 -0000
Archived-At: <http://lore.altlinux.org/devel-kernel/20230126195017.1654866-1-vt@altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel-kernel/>
List-Post: <mailto:devel-kernel@altlinux.org>

`kernel.unprivileged_io_uring_disabled=1' is set to disable io_uring
functionality for non-roots (default). Set to 0 to allow io_uring.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
---
 io_uring/io_uring.c |  9 +++++++++
 kernel/sysctl.c     | 10 ++++++++++
 2 files changed, 19 insertions(+)

diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c
index cea5de98c4232..e786f63f78d6f 100644
--- a/io_uring/io_uring.c
+++ b/io_uring/io_uring.c
@@ -151,6 +151,7 @@ static void io_move_task_work_from_local(struct io_ring_ctx *ctx);
 static void __io_submit_flush_completions(struct io_ring_ctx *ctx);
 
 static struct kmem_cache *req_cachep;
+int sysctl_unprivileged_io_uring_disabled __read_mostly = 1;
 
 struct sock *io_uring_get_socket(struct file *file)
 {
@@ -3588,6 +3589,14 @@ static long io_uring_setup(u32 entries, struct io_uring_params __user *params)
 	struct io_uring_params p;
 	int i;
 
+	if (sysctl_unprivileged_io_uring_disabled && !capable(CAP_SYS_ADMIN)) {
+		/* Inform user of the new setting so they can disable it. */
+		pr_warn_once("io_uring: kernel.unprivileged_io_uring_disabled knob is enabled.\n");
+		pr_notice_ratelimited("%s (pid %d) io_uring_setup request denied.\n",
+				      current->comm, current->pid);
+		return -EACCES;
+	}
+
 	if (copy_from_user(&p, params, sizeof(p)))
 		return -EFAULT;
 	for (i = 0; i < ARRAY_SIZE(p.resv); i++) {
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index ae711d120ba35..ce382deb66b42 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -100,6 +100,7 @@ static const int six_hundred_forty_kb = 640 * 1024;
 extern int sysctl_userns_restrict;
 #endif
 extern int sysctl_idmap_mounts;
+extern int sysctl_unprivileged_io_uring_disabled;
 
 
 
@@ -1939,6 +1940,15 @@ static struct ctl_table kern_table[] = {
 		.extra2		= SYSCTL_ONE,
 	},
 #endif
+	{
+		.procname       = "unprivileged_io_uring_disabled",
+		.data           = &sysctl_unprivileged_io_uring_disabled,
+		.maxlen         = sizeof(int),
+		.mode           = 0644,
+		.proc_handler   = proc_dointvec_minmax,
+		.extra1         = SYSCTL_ZERO,
+		.extra2         = SYSCTL_ONE,
+	},
 	{
 		.procname	= "ngroups_max",
 		.data		= (void *)&ngroups_max,
-- 
2.33.6