diff options
| author | Hamza Mahfooz <hamzamahfooz@linux.microsoft.com> | 2025-01-27 10:57:17 -0500 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2025-02-07 17:17:49 -0500 |
| commit | b8a468e0b0604a10e72ab7f55af0f931aac1d477 (patch) | |
| tree | 84862cc57b4e3db9a2337f7e381c0df21e55ffab | |
| parent | 2014c95afecee3e76ca4a56956a936e23283f05b (diff) | |
io_uring: refactor io_uring_allowed()
Have io_uring_allowed() return an error code directly instead of
true/false. This is needed for follow-up work to guard io_uring_setup()
with LSM.
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Hamza Mahfooz <hamzamahfooz@linux.microsoft.com>
Acked-by: Jens Axboe <axboe@kernel.dk>
[PM: goto-to-return conversion as discussed on-list]
Signed-off-by: Paul Moore <paul@paul-moore.com>
| -rw-r--r-- | io_uring/io_uring.c | 20 |
1 files changed, 13 insertions, 7 deletions
diff --git a/io_uring/io_uring.c b/io_uring/io_uring.c index ceacf6230e34..7e68a613f5dc 100644 --- a/io_uring/io_uring.c +++ b/io_uring/io_uring.c @@ -3791,29 +3791,35 @@ static long io_uring_setup(u32 entries, struct io_uring_params __user *params) return io_uring_create(entries, &p, params); } -static inline bool io_uring_allowed(void) +static inline int io_uring_allowed(void) { int disabled = READ_ONCE(sysctl_io_uring_disabled); kgid_t io_uring_group; if (disabled == 2) - return false; + return -EPERM; if (disabled == 0 || capable(CAP_SYS_ADMIN)) - return true; + return 0; io_uring_group = make_kgid(&init_user_ns, sysctl_io_uring_group); if (!gid_valid(io_uring_group)) - return false; + return -EPERM; + + if (!in_group_p(io_uring_group)) + return -EPERM; - return in_group_p(io_uring_group); + return 0; } SYSCALL_DEFINE2(io_uring_setup, u32, entries, struct io_uring_params __user *, params) { - if (!io_uring_allowed()) - return -EPERM; + int ret; + + ret = io_uring_allowed(); + if (ret) + return ret; return io_uring_setup(entries, params); } |