Merge tag 'lsm-pr-20220829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm

Pull LSM support for IORING_OP_URING_CMD from Paul Moore:
 "Add SELinux and Smack controls to the io_uring IORING_OP_URING_CMD.

  These are necessary as without them the IORING_OP_URING_CMD remains
  outside the purview of the LSMs (Luis' LSM patch, Casey's Smack patch,
  and my SELinux patch). They have been discussed at length with the
  io_uring folks, and Jens has given his thumbs-up on the relevant
  patches (see the commit descriptions).

  There is one patch that is not strictly necessary, but it makes
  testing much easier and is very trivial: the /dev/null
  IORING_OP_URING_CMD patch."

* tag 'lsm-pr-20220829' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm:
  Smack: Provide read control for io_uring_cmd
  /dev/null: add IORING_OP_URING_CMD support
  selinux: implement the security_uring_cmd() LSM hook
  lsm,io_uring: add LSM hooks for the new uring_cmd file op

diff --combined io_uring/uring_cmd.c
index b9989ae7b957bbb54c9aa33a1d8a289c68629100,0f7ad956ddcbb5192fd9a80029d1c0aa70f4e236..e78b6f980d775147fbbaa2d9cb4d73409665e7d3
--- 1/io_uring/uring_cmd.c
--- 2/io_uring/uring_cmd.c
+++ b/io_uring/uring_cmd.c
@@@ -3,6 -3,7 +3,7 @@@
  #include <linux/errno.h>
  #include <linux/file.h>
  #include <linux/io_uring.h>
+ #include <linux/security.h>
  
  #include <uapi/linux/io_uring.h>
  
@@@ -88,6 -89,10 +89,10 @@@ int io_uring_cmd(struct io_kiocb *req, 
        if (!req->file->f_op->uring_cmd)
                return -EOPNOTSUPP;
  
+       ret = security_uring_cmd(ioucmd);
+       if (ret)
+               return ret;
+ 
        if (ctx->flags & IORING_SETUP_SQE128)
                issue_flags |= IO_URING_F_SQE128;
        if (ctx->flags & IORING_SETUP_CQE32)
@@@ -112,7 -117,7 +117,7 @@@
                if (ret < 0)
                        req_set_fail(req);
                io_req_set_res(req, ret, 0);
 -              return IOU_OK;
 +              return ret;
        }
  
        return IOU_ISSUE_SKIP_COMPLETE;