From: Bryam Vargas <hexlabsecurity@proton.me>
To: "Günther Noack" <gnoack@google.com>
Cc: "Mickaël Salaün" <mic@digikod.net>,
linux-security-module@vger.kernel.org
Subject: Re: Landlock: LANDLOCK_ACCESS_FS_IOCTL_DEV bypass via io_uring IORING_OP_URING_CMD
Date: Wed, 17 Jun 2026 23:02:41 +0000 [thread overview]
Message-ID: <20260617230237.14718-1-hexlabsecurity@proton.me> (raw)
In-Reply-To: <ajJtTHyqWTmX7lHo@google.com>
Thanks Günther, and thanks for filing #64.
Straight to your two questions:
1. Block: you're right. blkdev_uring_cmd() has a single case, BLOCK_URING_CMD_DISCARD,
and the blkdev.h note that it's a separate number space is fair, so I'm not arguing
it should be a generic ioctl multiplexer. The "others, through other devices" are on
NVMe: the namespace char dev takes NVME_URING_CMD_IO / _IO_VEC, and AFAICT a
write-capable confined task can reach IO passthrough (write, DSM/discard) with no
capability, since nvme_cmd_allowed() only wants FMODE_WRITE there.
Correction to my own report: I overstated the ceiling. The NVMe admin ops
(format, sanitize, firmware, security-send) sit behind capable(CAP_SYS_ADMIN)
in nvme_cmd_allowed(), so a Landlocked unprivileged task can't reach them. The
A:H / 8.4 figure was wrong; only namespace IO is in scope for a confined task.
2. Truncate: correct, no sidestep, and none looks possible. I went through every
f_op->uring_cmd provider (block, NVMe, btrfs encoded I/O, FUSE, ublk, sockets, ...)
and none change file size; truncate(2)/ftruncate(2) keep their own hook. Please
ignore the "and truncate where relevant" line in my suggested direction, it was
speculative.
On framing: I'm happy to call this a coverage gap rather than a bypass. IOCTL_DEV was
never documented to cover io_uring, so nothing it promised is broken. The one hard fact
is the asymmetry: ioctl(2) BLKDISCARD is denied (IOCTL_DEV, and it's not in
is_masked_device_ioctl()), the same op via uring_cmd isn't, and SELinux/Smack already
hook security_uring_cmd while Landlock doesn't. Whether that's worth a hook or just the
doc clarification Mickaël mentioned is your call.
If you do want one, I can send an RFC for an all-or-nothing "IOCTL_DEV for any uring_cmd
on a device file" hook (cmd_op is a private number space, so porting
is_masked_device_ioctl() wouldn't be right). Otherwise I'll drop the provider detail
into #64 and leave it at the doc fix.
Bryam
next prev parent reply other threads:[~2026-06-17 23:02 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-16 20:16 Landlock: LANDLOCK_ACCESS_FS_IOCTL_DEV bypass via io_uring IORING_OP_URING_CMD Bryam Vargas
2026-06-16 20:36 ` Jens Axboe
2026-06-17 2:25 ` Bryam Vargas
2026-06-17 2:44 ` Jens Axboe
2026-06-17 14:16 ` Mickaël Salaün
2026-06-17 14:56 ` Jens Axboe
2026-06-17 15:31 ` Günther Noack
2026-06-17 9:47 ` Günther Noack
2026-06-17 23:02 ` Bryam Vargas [this message]
2026-06-18 12:16 ` Günther Noack
2026-06-18 20:11 ` Bryam Vargas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260617230237.14718-1-hexlabsecurity@proton.me \
--to=hexlabsecurity@proton.me \
--cc=gnoack@google.com \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.