Re: [RFC PATCH] efivarfs: define integrity_read method

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Al Viro <viro@ZenIV.linux.org.uk>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: Matthew Garrett <mjg59@srcf.ucam.org>,
	Christoph Hellwig <hch@lst.de>,
	linux-fsdevel@vger.kernel.org,
	linux-ima-devel@lists.sourceforge.net,
	linux-security-module <linux-security-module@vger.kernel.org>,
	linux-ima-user <linux-ima-user@lists.sourceforge.net>,
	linux-efi <linux-efi@vger.kernel.org>
Subject: Re: [RFC PATCH] efivarfs: define integrity_read method
Date: Thu, 6 Jul 2017 13:45:59 +0100	[thread overview]
Message-ID: <20170706124559.GO10672@ZenIV.linux.org.uk> (raw)
In-Reply-To: <1499343241.5500.15.camel@linux.vnet.ibm.com>

On Thu, Jul 06, 2017 at 08:14:01AM -0400, Mimi Zohar wrote:
> This patch defines an ->integrity_read file operation method to read data for
> integrity hash collection.

> -static ssize_t efivarfs_file_read(struct file *file, char __user *userbuf,
> -		size_t count, loff_t *ppos)
> +static ssize_t __efivarfs_file_read(struct file *file, char __user *userbuf,
> +				    size_t count, loff_t *ppos,
> +				    struct iov_iter *iter)
>  {
>  	struct efivar_entry *var = file->private_data;
>  	unsigned long datasize = 0;
> @@ -96,14 +98,32 @@ static ssize_t efivarfs_file_read(struct file *file, char __user *userbuf,
>  		goto out_free;
>  
>  	memcpy(data, &attributes, sizeof(attributes));
> -	size = simple_read_from_buffer(userbuf, count, ppos,
> -				       data, datasize + sizeof(attributes));
> +
> +	if (!iter)
> +		size = simple_read_from_buffer(userbuf, count, ppos, data,
> +					       datasize + sizeof(attributes));
> +	else
> +		size = copy_to_iter(data, datasize + sizeof(attributes), iter);

Egads...  This kind of kludges is too ugly to exist.  What the hell for?  If you
want to define something that looks like ->read_iter(), bloody make it proper
read_iter.  Really working one, that is - without this "our oh-so-special needs
do not include file position" crap.

Seriously, this kind of calling conventions alone is enough for a NAK with
extreme prejudice.  Something like
ssize_t simple_read_iter_from_buffer(struct kiocb *iocb, struct iov_iter *to,
                                const void *from, size_t available)
{
        loff_t pos = iocb->ki_pos;
        size_t ret;

        if (pos < 0)
                return -EINVAL;
        if (pos >= available)
                return 0;
        ret = copy_to_iter(to, from + pos, available - pos);
        if (!ret && iov_iter_count(to))
                return -EFAULT;
        iocb->ki_pos = pos + ret;
        return ret;
}
EXPORT_SYMBOL(simple_read_iter_from_buffer);

in fs/libfs.c and turn the efivarfs_file_read() into a real ->read_iter() by
replacing simple_read_from_buffer to simple_read_iter_from_buffer (and adjusting
the arguments, of course).  All there is to it.  Sheesh...

WARNING: multiple messages have this Message-ID (diff)

From: viro@ZenIV.linux.org.uk (Al Viro)
To: linux-security-module@vger.kernel.org
Subject: [RFC PATCH] efivarfs: define integrity_read method
Date: Thu, 6 Jul 2017 13:45:59 +0100	[thread overview]
Message-ID: <20170706124559.GO10672@ZenIV.linux.org.uk> (raw)
In-Reply-To: <1499343241.5500.15.camel@linux.vnet.ibm.com>

On Thu, Jul 06, 2017 at 08:14:01AM -0400, Mimi Zohar wrote:
> This patch defines an ->integrity_read file operation method to read data for
> integrity hash collection.

> -static ssize_t efivarfs_file_read(struct file *file, char __user *userbuf,
> -		size_t count, loff_t *ppos)
> +static ssize_t __efivarfs_file_read(struct file *file, char __user *userbuf,
> +				    size_t count, loff_t *ppos,
> +				    struct iov_iter *iter)
>  {
>  	struct efivar_entry *var = file->private_data;
>  	unsigned long datasize = 0;
> @@ -96,14 +98,32 @@ static ssize_t efivarfs_file_read(struct file *file, char __user *userbuf,
>  		goto out_free;
>  
>  	memcpy(data, &attributes, sizeof(attributes));
> -	size = simple_read_from_buffer(userbuf, count, ppos,
> -				       data, datasize + sizeof(attributes));
> +
> +	if (!iter)
> +		size = simple_read_from_buffer(userbuf, count, ppos, data,
> +					       datasize + sizeof(attributes));
> +	else
> +		size = copy_to_iter(data, datasize + sizeof(attributes), iter);

Egads...  This kind of kludges is too ugly to exist.  What the hell for?  If you
want to define something that looks like ->read_iter(), bloody make it proper
read_iter.  Really working one, that is - without this "our oh-so-special needs
do not include file position" crap.

Seriously, this kind of calling conventions alone is enough for a NAK with
extreme prejudice.  Something like
ssize_t simple_read_iter_from_buffer(struct kiocb *iocb, struct iov_iter *to,
                                const void *from, size_t available)
{
        loff_t pos = iocb->ki_pos;
        size_t ret;

        if (pos < 0)
                return -EINVAL;
        if (pos >= available)
                return 0;
        ret = copy_to_iter(to, from + pos, available - pos);
        if (!ret && iov_iter_count(to))
                return -EFAULT;
        iocb->ki_pos = pos + ret;
        return ret;
}
EXPORT_SYMBOL(simple_read_iter_from_buffer);

in fs/libfs.c and turn the efivarfs_file_read() into a real ->read_iter() by
replacing simple_read_from_buffer to simple_read_iter_from_buffer (and adjusting
the arguments, of course).  All there is to it.  Sheesh...
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2017-07-06 12:45 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-07-06 12:14 [RFC PATCH] efivarfs: define integrity_read method Mimi Zohar
2017-07-06 12:14 ` Mimi Zohar
2017-07-06 12:45 ` Al Viro [this message]
2017-07-06 12:45   ` Al Viro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170706124559.GO10672@ZenIV.linux.org.uk \
    --to=viro@zeniv.linux.org.uk \
    --cc=hch@lst.de \
    --cc=linux-efi@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-ima-devel@lists.sourceforge.net \
    --cc=linux-ima-user@lists.sourceforge.net \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mjg59@srcf.ucam.org \
    --cc=zohar@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.