From mboxrd@z Thu Jan 1 00:00:00 1970 From: zohar@linux.vnet.ibm.com (Mimi Zohar) Date: Mon, 10 Jul 2017 11:22:31 -0400 Subject: [Linux-ima-devel] [PATCH 4/4] ima: use read_iter (generic_file_read_iter) to calculate file hash In-Reply-To: References: <1497031364-19949-1-git-send-email-zohar@linux.vnet.ibm.com> <1497031364-19949-5-git-send-email-zohar@linux.vnet.ibm.com> Message-ID: <1499700151.6034.133.camel@linux.vnet.ibm.com> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Mon, 2017-07-10 at 17:07 +0300, Dmitry Kasatkin wrote: > On Fri, Jun 9, 2017 at 9:02 PM, Mimi Zohar wrote: > > The large marjority of filesystems in the fs directory define > > generic_file_read_iter as the read_iter file operation method. > > > > Instead of specifying the integrity_read file operation method > > for all of these file systems, continue to calculate the file > > hash using the read_iter method, when defined as > > generic_file_read_iter. > > > > For all other read_iter methods, define an integrity_read > > method. > > > > Signed-off-by: Mimi Zohar > > --- > > security/integrity/iint.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/security/integrity/iint.c b/security/integrity/iint.c > > index e3ef3fba16dc..8164f57f5cea 100644 > > --- a/security/integrity/iint.c > > +++ b/security/integrity/iint.c > > @@ -202,6 +202,9 @@ int integrity_kernel_read(struct file *file, loff_t offset, > > > > if (file->f_op->integrity_read) { > > ret = file->f_op->integrity_read(&kiocb, &iter); > > + } else if (file->f_op->read_iter && > > + file->f_op->read_iter == generic_file_read_iter) { > > + ret = file->f_op->read_iter(&kiocb, &iter); > > } else if (file->f_op->read) { > > mm_segment_t old_fs; > > char __user *buf = (char __user *)addr; > > Why not __vfs_read()?? it uses new_sync_read() and that calls read_sync_iter(), which calls ->read_iter. ? Is there a problem with directly calling ->integrity_read instead? Mimi > else if (file->f_op->read_iter) > return new_sync_read(file, buf, count, pos); > > -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:50959 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753772AbdGJPX4 (ORCPT ); Mon, 10 Jul 2017 11:23:56 -0400 Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id v6AFKil4118506 for ; Mon, 10 Jul 2017 11:23:55 -0400 Received: from e23smtp06.au.ibm.com (e23smtp06.au.ibm.com [202.81.31.148]) by mx0a-001b2d01.pphosted.com with ESMTP id 2bjufqv6h4-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Mon, 10 Jul 2017 11:23:55 -0400 Received: from localhost by e23smtp06.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 11 Jul 2017 01:23:52 +1000 Subject: Re: [Linux-ima-devel] [PATCH 4/4] ima: use read_iter (generic_file_read_iter) to calculate file hash From: Mimi Zohar To: Dmitry Kasatkin Cc: Christoph Hellwig , Al Viro , linux-fsdevel@vger.kernel.org, linux-ima-devel , linux-security-module Date: Mon, 10 Jul 2017 11:22:31 -0400 In-Reply-To: References: <1497031364-19949-1-git-send-email-zohar@linux.vnet.ibm.com> <1497031364-19949-5-git-send-email-zohar@linux.vnet.ibm.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <1499700151.6034.133.camel@linux.vnet.ibm.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Mon, 2017-07-10 at 17:07 +0300, Dmitry Kasatkin wrote: > On Fri, Jun 9, 2017 at 9:02 PM, Mimi Zohar wrote: > > The large marjority of filesystems in the fs directory define > > generic_file_read_iter as the read_iter file operation method. > > > > Instead of specifying the integrity_read file operation method > > for all of these file systems, continue to calculate the file > > hash using the read_iter method, when defined as > > generic_file_read_iter. > > > > For all other read_iter methods, define an integrity_read > > method. > > > > Signed-off-by: Mimi Zohar > > --- > > security/integrity/iint.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/security/integrity/iint.c b/security/integrity/iint.c > > index e3ef3fba16dc..8164f57f5cea 100644 > > --- a/security/integrity/iint.c > > +++ b/security/integrity/iint.c > > @@ -202,6 +202,9 @@ int integrity_kernel_read(struct file *file, loff_t offset, > > > > if (file->f_op->integrity_read) { > > ret = file->f_op->integrity_read(&kiocb, &iter); > > + } else if (file->f_op->read_iter && > > + file->f_op->read_iter == generic_file_read_iter) { > > + ret = file->f_op->read_iter(&kiocb, &iter); > > } else if (file->f_op->read) { > > mm_segment_t old_fs; > > char __user *buf = (char __user *)addr; > > Why not __vfs_read()?? it uses new_sync_read() and that calls read_sync_iter(), which calls ->read_iter.   Is there a problem with directly calling ->integrity_read instead? Mimi > else if (file->f_op->read_iter) > return new_sync_read(file, buf, count, pos); > >