From: Dmitry Kasatkin <d.kasatkin@samsung.com>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: linux-ima-devel@lists.sourceforge.net,
linux-security-module@vger.kernel.org, viro@zeniv.linux.org.uk,
linux-kernel@vger.kernel.org, dmitry.kasatkin@gmail.com
Subject: Re: [PATCH 1/1] ima: fix fallback to use new_sync_read()
Date: Thu, 26 Jun 2014 16:20:30 +0300 [thread overview]
Message-ID: <53AC1E1E.8040903@samsung.com> (raw)
In-Reply-To: <1403786949.2017.66.camel@dhcp-9-2-203-236.watson.ibm.com>
On 26/06/14 15:49, Mimi Zohar wrote:
> On Tue, 2014-06-24 at 16:27 +0300, Dmitry Kasatkin wrote:
>> 3.16 commit aad4f8bb42af06371aa0e85bf0cd9d52c0494985
>> 'switch simple generic_file_aio_read() users to ->read_iter()'
>> replaced ->aio_read with ->read_iter in most of the file systems
>> and introduced new_sync_read() as a replacement for do_sync_read().
>>
>> Most of file systems set '->read' and ima_kernel_read is not affected.
>> When ->read is not set, this patch adopts fallback call changes from the
>> vfs_read.
> So every time there are changes in vfs_read(), we're going to have to
> play catch up. A better solution would be to refactor vfs_read() so
> that we could call it.
>
> Mimi
vfs_read was stable for decade.
And next will be the same.
I followed the same approach we took to have an own version.
Refactoring vfs_read is not the best approach as we have set_fs things
there.
I would prefer to have "kernel_read_nosec" function along with
kernel_read/vfs_read, so changes could be
made noticeably together..
- Dmitry
>
>> Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
>> ---
>> security/integrity/ima/ima_crypto.c | 8 ++++----
>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
>> index ccd0ac8..b126a78 100644
>> --- a/security/integrity/ima/ima_crypto.c
>> +++ b/security/integrity/ima/ima_crypto.c
>> @@ -40,19 +40,19 @@ static int ima_kernel_read(struct file *file, loff_t offset,
>> {
>> mm_segment_t old_fs;
>> char __user *buf = addr;
>> - ssize_t ret;
>> + ssize_t ret = -EINVAL;
>>
>> if (!(file->f_mode & FMODE_READ))
>> return -EBADF;
>> - if (!file->f_op->read && !file->f_op->aio_read)
>> - return -EINVAL;
>>
>> old_fs = get_fs();
>> set_fs(get_ds());
>> if (file->f_op->read)
>> ret = file->f_op->read(file, buf, count, &offset);
>> - else
>> + else if (file->f_op->aio_read)
>> ret = do_sync_read(file, buf, count, &offset);
>> + else if (file->f_op->read_iter)
>> + ret = new_sync_read(file, buf, count, &offset);
>> set_fs(old_fs);
>> return ret;
>> }
>
>
next prev parent reply other threads:[~2014-06-26 13:21 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-24 13:27 [PATCH 1/1] ima: fix fallback to use new_sync_read() Dmitry Kasatkin
2014-06-26 12:49 ` Mimi Zohar
2014-06-26 13:20 ` Dmitry Kasatkin [this message]
2014-06-26 13:28 ` Dmitry Kasatkin
2014-06-26 14:04 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53AC1E1E.8040903@samsung.com \
--to=d.kasatkin@samsung.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-ima-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.