Merge tag 'Smack-for-5.11-io_uring-fix' of git://github.com/cschaufler/smack-next

Pull smack fix from Casey Schaufler:
 "Provide a fix for the incorrect handling of privilege in the face of
  io_uring's use of kernel threads. That invalidated an long standing
  assumption regarding the privilege of kernel threads.

  The fix is simple and safe. It was provided by Jens Axboe and has been
  tested"

* tag 'Smack-for-5.11-io_uring-fix' of git://github.com/cschaufler/smack-next:
  Smack: Handle io_uring kernel thread privileges

diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c
index efe2406..7eabb44 100644 (file)
--- a/security/smack/smack_access.c
+++ b/security/smack/smack_access.c
@@ -688,9 +688,10 @@ bool smack_privileged_cred(int cap, const struct cred *cred)
 bool smack_privileged(int cap)
 {
        /*
-        * All kernel tasks are privileged
+        * Kernel threads may not have credentials we can use.
+        * The io_uring kernel threads do have reliable credentials.
         */
-       if (unlikely(current->flags & PF_KTHREAD))
+       if ((current->flags & (PF_KTHREAD | PF_IO_WORKER)) == PF_KTHREAD)
                return true;
 
        return smack_privileged_cred(cap, current_cred());