From: Bryam Vargas <hexlabsecurity@proton.me>
To: "Günther Noack" <gnoack@google.com>
Cc: "Mickaël Salaün" <mic@digikod.net>,
linux-security-module@vger.kernel.org
Subject: Re: Landlock: LANDLOCK_ACCESS_FS_IOCTL_DEV bypass via io_uring IORING_OP_URING_CMD
Date: Wed, 17 Jun 2026 23:02:41 +0000 [thread overview]
Message-ID: <20260617230237.14718-1-hexlabsecurity@proton.me> (raw)
In-Reply-To: <ajJtTHyqWTmX7lHo@google.com>
Thanks Günther, and thanks for filing #64.
Straight to your two questions:
1. Block: you're right. blkdev_uring_cmd() has a single case, BLOCK_URING_CMD_DISCARD,
and the blkdev.h note that it's a separate number space is fair, so I'm not arguing
it should be a generic ioctl multiplexer. The "others, through other devices" are on
NVMe: the namespace char dev takes NVME_URING_CMD_IO / _IO_VEC, and AFAICT a
write-capable confined task can reach IO passthrough (write, DSM/discard) with no
capability, since nvme_cmd_allowed() only wants FMODE_WRITE there.
Correction to my own report: I overstated the ceiling. The NVMe admin ops
(format, sanitize, firmware, security-send) sit behind capable(CAP_SYS_ADMIN)
in nvme_cmd_allowed(), so a Landlocked unprivileged task can't reach them. The
A:H / 8.4 figure was wrong; only namespace IO is in scope for a confined task.
2. Truncate: correct, no sidestep, and none looks possible. I went through every
f_op->uring_cmd provider (block, NVMe, btrfs encoded I/O, FUSE, ublk, sockets, ...)
and none change file size; truncate(2)/ftruncate(2) keep their own hook. Please
ignore the "and truncate where relevant" line in my suggested direction, it was
speculative.
On framing: I'm happy to call this a coverage gap rather than a bypass. IOCTL_DEV was
never documented to cover io_uring, so nothing it promised is broken. The one hard fact
is the asymmetry: ioctl(2) BLKDISCARD is denied (IOCTL_DEV, and it's not in
is_masked_device_ioctl()), the same op via uring_cmd isn't, and SELinux/Smack already
hook security_uring_cmd while Landlock doesn't. Whether that's worth a hook or just the
doc clarification Mickaël mentioned is your call.
If you do want one, I can send an RFC for an all-or-nothing "IOCTL_DEV for any uring_cmd
on a device file" hook (cmd_op is a private number space, so porting
is_masked_device_ioctl() wouldn't be right). Otherwise I'll drop the provider detail
into #64 and leave it at the doc fix.
Bryam
prev parent reply other threads:[~2026-06-17 23:02 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-06-16 20:16 Landlock: LANDLOCK_ACCESS_FS_IOCTL_DEV bypass via io_uring IORING_OP_URING_CMD Bryam Vargas
2026-06-16 20:36 ` Jens Axboe
2026-06-17 2:25 ` Bryam Vargas
2026-06-17 2:44 ` Jens Axboe
2026-06-17 14:16 ` Mickaël Salaün
2026-06-17 14:56 ` Jens Axboe
2026-06-17 15:31 ` Günther Noack
2026-06-17 9:47 ` Günther Noack
2026-06-17 23:02 ` Bryam Vargas [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260617230237.14718-1-hexlabsecurity@proton.me \
--to=hexlabsecurity@proton.me \
--cc=gnoack@google.com \
--cc=linux-security-module@vger.kernel.org \
--cc=mic@digikod.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox