From: Mimi Zohar <zohar@linux.ibm.com>
To: David Howells <dhowells@redhat.com>, viro@zeniv.linux.org.uk
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] vfs: Move kernel_read_file() to fs/read_write.c
Date: Mon, 04 Mar 2019 11:12:10 -0500 [thread overview]
Message-ID: <1551715930.10911.468.camel@linux.ibm.com> (raw)
In-Reply-To: <155171231301.4764.5429281379303710262.stgit@warthog.procyon.org.uk>
On Mon, 2019-03-04 at 15:11 +0000, David Howells wrote:
> Move kernel_read_file() to fs/read_write.c and out of fs/exec.c as it's not
> actually used by anything in the execve subsystem.
All files being opened by the kernel should be calling one of these
helper routines. Has that changed?
Mimi
>
> Signed-off-by: David Howells <dhowells@redhat.com>
> cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
> ---
>
> fs/exec.c | 106 -------------------------------------------------------
> fs/read_write.c | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 106 insertions(+), 106 deletions(-)
>
> diff --git a/fs/exec.c b/fs/exec.c
> index fb72d36f7823..cbb1a9cd25ca 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -61,7 +61,6 @@
> #include <linux/pipe_fs_i.h>
> #include <linux/oom.h>
> #include <linux/compat.h>
> -#include <linux/vmalloc.h>
>
> #include <linux/uaccess.h>
> #include <asm/mmu_context.h>
> @@ -892,111 +891,6 @@ struct file *open_exec(const char *name)
> }
> EXPORT_SYMBOL(open_exec);
>
> -int kernel_read_file(struct file *file, void **buf, loff_t *size,
> - loff_t max_size, enum kernel_read_file_id id)
> -{
> - loff_t i_size, pos;
> - ssize_t bytes = 0;
> - int ret;
> -
> - if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0)
> - return -EINVAL;
> -
> - ret = deny_write_access(file);
> - if (ret)
> - return ret;
> -
> - ret = security_kernel_read_file(file, id);
> - if (ret)
> - goto out;
> -
> - i_size = i_size_read(file_inode(file));
> - if (i_size <= 0) {
> - ret = -EINVAL;
> - goto out;
> - }
> - if (i_size > SIZE_MAX || (max_size > 0 && i_size > max_size)) {
> - ret = -EFBIG;
> - goto out;
> - }
> -
> - if (id != READING_FIRMWARE_PREALLOC_BUFFER)
> - *buf = vmalloc(i_size);
> - if (!*buf) {
> - ret = -ENOMEM;
> - goto out;
> - }
> -
> - pos = 0;
> - while (pos < i_size) {
> - bytes = kernel_read(file, *buf + pos, i_size - pos, &pos);
> - if (bytes < 0) {
> - ret = bytes;
> - goto out;
> - }
> -
> - if (bytes == 0)
> - break;
> - }
> -
> - if (pos != i_size) {
> - ret = -EIO;
> - goto out_free;
> - }
> -
> - ret = security_kernel_post_read_file(file, *buf, i_size, id);
> - if (!ret)
> - *size = pos;
> -
> -out_free:
> - if (ret < 0) {
> - if (id != READING_FIRMWARE_PREALLOC_BUFFER) {
> - vfree(*buf);
> - *buf = NULL;
> - }
> - }
> -
> -out:
> - allow_write_access(file);
> - return ret;
> -}
> -EXPORT_SYMBOL_GPL(kernel_read_file);
> -
> -int kernel_read_file_from_path(const char *path, void **buf, loff_t *size,
> - loff_t max_size, enum kernel_read_file_id id)
> -{
> - struct file *file;
> - int ret;
> -
> - if (!path || !*path)
> - return -EINVAL;
> -
> - file = filp_open(path, O_RDONLY, 0);
> - if (IS_ERR(file))
> - return PTR_ERR(file);
> -
> - ret = kernel_read_file(file, buf, size, max_size, id);
> - fput(file);
> - return ret;
> -}
> -EXPORT_SYMBOL_GPL(kernel_read_file_from_path);
> -
> -int kernel_read_file_from_fd(int fd, void **buf, loff_t *size, loff_t max_size,
> - enum kernel_read_file_id id)
> -{
> - struct fd f = fdget(fd);
> - int ret = -EBADF;
> -
> - if (!f.file)
> - goto out;
> -
> - ret = kernel_read_file(f.file, buf, size, max_size, id);
> -out:
> - fdput(f);
> - return ret;
> -}
> -EXPORT_SYMBOL_GPL(kernel_read_file_from_fd);
> -
> ssize_t read_code(struct file *file, unsigned long addr, loff_t pos, size_t len)
> {
> ssize_t res = vfs_read(file, (void __user *)addr, len, &pos);
> diff --git a/fs/read_write.c b/fs/read_write.c
> index ff3c5e6f87cf..555dcaec00ac 100644
> --- a/fs/read_write.c
> +++ b/fs/read_write.c
> @@ -20,6 +20,7 @@
> #include <linux/compat.h>
> #include <linux/mount.h>
> #include <linux/fs.h>
> +#include <linux/vmalloc.h>
> #include "internal.h"
>
> #include <linux/uaccess.h>
> @@ -1362,6 +1363,111 @@ COMPAT_SYSCALL_DEFINE6(pwritev2, compat_ulong_t, fd,
>
> #endif
>
> +int kernel_read_file(struct file *file, void **buf, loff_t *size,
> + loff_t max_size, enum kernel_read_file_id id)
> +{
> + loff_t i_size, pos;
> + ssize_t bytes = 0;
> + int ret;
> +
> + if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0)
> + return -EINVAL;
> +
> + ret = deny_write_access(file);
> + if (ret)
> + return ret;
> +
> + ret = security_kernel_read_file(file, id);
> + if (ret)
> + goto out;
> +
> + i_size = i_size_read(file_inode(file));
> + if (i_size <= 0) {
> + ret = -EINVAL;
> + goto out;
> + }
> + if (i_size > SIZE_MAX || (max_size > 0 && i_size > max_size)) {
> + ret = -EFBIG;
> + goto out;
> + }
> +
> + if (id != READING_FIRMWARE_PREALLOC_BUFFER)
> + *buf = vmalloc(i_size);
> + if (!*buf) {
> + ret = -ENOMEM;
> + goto out;
> + }
> +
> + pos = 0;
> + while (pos < i_size) {
> + bytes = kernel_read(file, *buf + pos, i_size - pos, &pos);
> + if (bytes < 0) {
> + ret = bytes;
> + goto out;
> + }
> +
> + if (bytes == 0)
> + break;
> + }
> +
> + if (pos != i_size) {
> + ret = -EIO;
> + goto out_free;
> + }
> +
> + ret = security_kernel_post_read_file(file, *buf, i_size, id);
> + if (!ret)
> + *size = pos;
> +
> +out_free:
> + if (ret < 0) {
> + if (id != READING_FIRMWARE_PREALLOC_BUFFER) {
> + vfree(*buf);
> + *buf = NULL;
> + }
> + }
> +
> +out:
> + allow_write_access(file);
> + return ret;
> +}
> +EXPORT_SYMBOL_GPL(kernel_read_file);
> +
> +int kernel_read_file_from_path(const char *path, void **buf, loff_t *size,
> + loff_t max_size, enum kernel_read_file_id id)
> +{
> + struct file *file;
> + int ret;
> +
> + if (!path || !*path)
> + return -EINVAL;
> +
> + file = filp_open(path, O_RDONLY, 0);
> + if (IS_ERR(file))
> + return PTR_ERR(file);
> +
> + ret = kernel_read_file(file, buf, size, max_size, id);
> + fput(file);
> + return ret;
> +}
> +EXPORT_SYMBOL_GPL(kernel_read_file_from_path);
> +
> +int kernel_read_file_from_fd(int fd, void **buf, loff_t *size, loff_t max_size,
> + enum kernel_read_file_id id)
> +{
> + struct fd f = fdget(fd);
> + int ret = -EBADF;
> +
> + if (!f.file)
> + goto out;
> +
> + ret = kernel_read_file(f.file, buf, size, max_size, id);
> +out:
> + fdput(f);
> + return ret;
> +}
> +EXPORT_SYMBOL_GPL(kernel_read_file_from_fd);
> +
> static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos,
> size_t count, loff_t max)
> {
>
next prev parent reply other threads:[~2019-03-04 16:12 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-04 15:11 [PATCH] vfs: Move kernel_read_file() to fs/read_write.c David Howells
2019-03-04 16:12 ` Mimi Zohar [this message]
2019-03-04 16:22 ` David Howells
2019-03-04 16:49 ` Mimi Zohar
-- strict thread matches above, loose matches on Subject: below --
2019-03-05 23:18 David Howells
2019-05-16 10:24 David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1551715930.10911.468.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=dhowells@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.