From: Christoph Hellwig <hch@lst.de>
To: Al Viro <viro@zeniv.linux.org.uk>,
Linus Torvalds <torvalds@linux-foundation.org>
Cc: Luis Chamberlain <mcgrof@kernel.org>,
Matthew Wilcox <willy@infradead.org>,
Kees Cook <keescook@chromium.org>,
Iurii Zaikin <yzaikin@google.com>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org
Subject: [PATCH 8/9] fs: don't allow kernel reads and writes without iter ops
Date: Fri, 26 Jun 2020 09:58:35 +0200 [thread overview]
Message-ID: <20200626075836.1998185-9-hch@lst.de> (raw)
In-Reply-To: <20200626075836.1998185-1-hch@lst.de>
Don't allow calling ->read or ->write with set_fs as a preparation for
killing off set_fs. While I've not triggered any of these cases in my
setups as all the usual suspect (file systems, pipes, sockets, block
devices, system character devices) use the iter ops this is almost
going to be guaranteed to eventuall break something, so print a detailed
error message helping to debug such cases. The fix will be to switch the
affected driver to use the iter ops.
Signed-off-by: Christoph Hellwig <hch@lst.de>
---
fs/read_write.c | 33 ++++++++++++++++++---------------
1 file changed, 18 insertions(+), 15 deletions(-)
diff --git a/fs/read_write.c b/fs/read_write.c
index e765c95ff3440d..ae463bcadb6906 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -420,6 +420,18 @@ ssize_t iter_read(struct file *filp, char __user *buf, size_t len, loff_t *ppos,
return ret;
}
+static void warn_unsupported(struct file *file, const char *op)
+{
+ char pathname[128], *path;
+
+ path = file_path(file, pathname, sizeof(pathname));
+ if (IS_ERR(path))
+ path = "(unknown)";
+ pr_warn_ratelimited(
+ "kernel %s not supported for file %s (pid: %d comm: %.20s)\n",
+ op, path, current->pid, current->comm);
+}
+
ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos)
{
ssize_t ret;
@@ -431,13 +443,7 @@ ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos)
if (count > MAX_RW_COUNT)
count = MAX_RW_COUNT;
- if (file->f_op->read) {
- mm_segment_t old_fs = get_fs();
-
- set_fs(KERNEL_DS);
- ret = file->f_op->read(file, (void __user *)buf, count, pos);
- set_fs(old_fs);
- } else if (file->f_op->read_iter) {
+ if (file->f_op->read_iter) {
struct kvec iov = { .iov_base = buf, .iov_len = count };
struct kiocb kiocb;
struct iov_iter iter;
@@ -448,6 +454,8 @@ ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos)
ret = file->f_op->read_iter(&kiocb, &iter);
*pos = kiocb.ki_pos;
} else {
+ if (file->f_op->read)
+ warn_unsupported(file, "read");
ret = -EINVAL;
}
if (ret > 0) {
@@ -532,14 +540,7 @@ ssize_t __kernel_write(struct file *file, const void *buf, size_t count,
if (count > MAX_RW_COUNT)
count = MAX_RW_COUNT;
- if (file->f_op->write) {
- mm_segment_t old_fs = get_fs();
-
- set_fs(KERNEL_DS);
- ret = file->f_op->write(file, (__force const char __user *)buf,
- count, pos);
- set_fs(old_fs);
- } else if (file->f_op->write_iter) {
+ if (file->f_op->write_iter) {
struct kvec iov = { .iov_base = (void *)buf, .iov_len = count };
struct kiocb kiocb;
struct iov_iter iter;
@@ -551,6 +552,8 @@ ssize_t __kernel_write(struct file *file, const void *buf, size_t count,
if (ret > 0)
*pos = kiocb.ki_pos;
} else {
+ if (file->f_op->write)
+ warn_unsupported(file, "write");
ret = -EINVAL;
}
if (ret > 0) {
--
2.26.2
next prev parent reply other threads:[~2020-06-26 7:59 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-26 7:58 [RFC] stop using ->read and ->write for kernel access v2 Christoph Hellwig
2020-06-26 7:58 ` [PATCH 1/9] fs: refactor new_sync_read Christoph Hellwig
2020-06-26 7:58 ` [PATCH 2/9] proc: add a read_iter method to proc proc_ops Christoph Hellwig
2020-06-26 12:06 ` Luis Chamberlain
2020-06-26 13:36 ` Christoph Hellwig
2020-06-26 7:58 ` [PATCH 3/9] seq_file: add seq_read_iter Christoph Hellwig
2020-06-26 7:58 ` [PATCH 5/9] proc: switch over direct seq_read method calls to seq_read_iter Christoph Hellwig
2020-06-26 7:58 ` [PATCH 6/9] sysctl: Call sysctl_head_finish on error Christoph Hellwig
2020-06-26 12:17 ` Luis Chamberlain
2020-06-26 12:27 ` Matthew Wilcox
2020-06-26 7:58 ` [PATCH 7/9] sysctl: Convert to iter interfaces Christoph Hellwig
2020-06-26 7:58 ` Christoph Hellwig [this message]
2020-06-26 12:27 ` [PATCH 8/9] fs: don't allow kernel reads and writes without iter ops Luis Chamberlain
2020-06-26 13:37 ` Christoph Hellwig
2020-06-26 13:51 ` Matthew Wilcox
2020-06-26 21:05 ` Kees Cook
2020-06-27 7:10 ` Christoph Hellwig
2020-06-26 7:58 ` [PATCH 9/9] fs: don't allow splice read/write without explicit ops Christoph Hellwig
2020-06-27 22:15 ` [RFC] stop using ->read and ->write for kernel access v2 Linus Torvalds
2020-06-28 7:20 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200626075836.1998185-9-hch@lst.de \
--to=hch@lst.de \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
--cc=yzaikin@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).