[RFC PATCH 2/9] audit,io_uring,io-wq: add some basic audit support to io_uring
paul at paul-moore.com
Fri Jun 4 05:04:25 UTC 2021
On Thu, Jun 3, 2021 at 11:54 AM Jens Axboe <axboe at kernel.dk> wrote:
> On 5/28/21 10:02 AM, Paul Moore wrote:
> > On Wed, May 26, 2021 at 4:19 PM Paul Moore <paul at paul-moore.com> wrote:
> >> ... If we moved the _entry
> >> and _exit calls into the individual operation case blocks (quick
> >> openat example below) so that only certain operations were able to be
> >> audited would that be acceptable assuming the high frequency ops were
> >> untouched? My initial gut feeling was that this would involve >50% of
> >> the ops, but Steve Grubb seems to think it would be less; it may be
> >> time to look at that a bit more seriously, but if it gets a NACK
> >> regardless it isn't worth the time - thoughts?
> >> case IORING_OP_OPENAT:
> >> audit_uring_entry(req->opcode);
> >> ret = io_openat(req, issue_flags);
> >> audit_uring_exit(!ret, ret);
> >> break;
> > I wanted to pose this question again in case it was lost in the
> > thread, I suspect this may be the last option before we have to "fix"
> > things at the Kconfig level. I definitely don't want to have to go
> > that route, and I suspect most everyone on this thread feels the same,
> > so I'm hopeful we can find a solution that is begrudgingly acceptable
> > to both groups.
> Sorry for the lack of response here, but to sum up my order of
> 1) It's probably better to just make the audit an opt-out in io_op_defs
> for each opcode, and avoid needing boiler plate code for each op
> handler. The opt-out would ensure that new opcodes get it by default
> it someone doesn't know what it is, and the io_op_defs addition would
> mean that it's in generic code rather then in the handlers. Yes it's
> a bit slower, but it's saner imho.
> 2) With the above, I'm fine with adding this to io_uring. I don't think
> going the route of mutual exclusion in kconfig helps anyone, it'd
> be counter productive to both sides.
> Hope that works and helps move this forward. I'll be mostly out of touch
> the next week and a half, but wanted to ensure that I sent out my
> (brief) thoughts before going away.
Thanks Jens. I'll revise the patchset based on this (basically doing
an opt-out version of what you did on May 26th) and do a v2 post with
the other accumulated fixes/changes. If there is anything else that
needs discussion/review I'm sure Pavel can help us out, he's been
helpful thus far.
More information about the Linux-security-module-archive