From: zohar@linux.vnet.ibm.com (Mimi Zohar)
To: linux-security-module@vger.kernel.org
Subject: [Linux-ima-devel] [PATCH 3/4] ima: use existing read file operation method to calculate file hash
Date: Mon, 10 Jul 2017 11:12:41 -0400 [thread overview]
Message-ID: <1499699561.6034.129.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <CACE9dm8SVrkVm+5MmDg+BTGiJYzoqwB-jCCXJ5ac8xkG65qAcw@mail.gmail.com>
On Mon, 2017-07-10 at 17:03 +0300, Dmitry Kasatkin wrote:
> On Fri, Jun 9, 2017 at 9:02 PM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> > The few filesystems that currently define the read file operation
> > method, either call seq_read() or have a filesystem specific read
> > method. None of them, at least in the fs directory, take the
> > i_rwsem.
> >
> > Since some files on these filesystems were previously
> > measured/appraised, not measuring them would change the PCR hash
> > value(s), possibly breaking userspace. For filesystems that do
> > not define the integrity_read file operation method and have a
> > read method, use the read method to calculate the file hash.
> >
> > Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> > ---
> > security/integrity/iint.c | 17 +++++++++++++----
> > 1 file changed, 13 insertions(+), 4 deletions(-)
> >
> > diff --git a/security/integrity/iint.c b/security/integrity/iint.c
> > index c5489672b5aa..e3ef3fba16dc 100644
> > --- a/security/integrity/iint.c
> > +++ b/security/integrity/iint.c
> > @@ -189,20 +189,29 @@ int integrity_kernel_read(struct file *file, loff_t offset,
> > struct iovec iov = { .iov_base = addr, .iov_len = count };
> > struct kiocb kiocb;
> > struct iov_iter iter;
> > - ssize_t ret;
> > + ssize_t ret = -EBADF;
> >
> > lockdep_assert_held(&inode->i_rwsem);
> >
> > if (!(file->f_mode & FMODE_READ))
> > return -EBADF;
> > - if (!file->f_op->integrity_read)
> > - return -EBADF;
> >
> > init_sync_kiocb(&kiocb, file);
> > kiocb.ki_pos = offset;
> > iov_iter_init(&iter, READ | ITER_KVEC, &iov, 1, count);
> >
> > - ret = file->f_op->integrity_read(&kiocb, &iter);
> > + if (file->f_op->integrity_read) {
> > + ret = file->f_op->integrity_read(&kiocb, &iter);
> > + } else if (file->f_op->read) {
> > + mm_segment_t old_fs;
> > + char __user *buf = (char __user *)addr;
> > +
> > + old_fs = get_fs();
> > + set_fs(get_ds());
> > + ret = file->f_op->read(file, buf, count, &offset);
> > + set_fs(old_fs);
> > + }
>
> Hi,
>
> Original code was using "__vfs_read()".
> Patch 1 replaced use of it by ->integrity_read.
> This patch re-added f_op->read() directly...
>
> While __vfs_read() did it differently
>
> if (file->f_op->read)
> return file->f_op->read(file, buf, count, pos);
> else if (file->f_op->read_iter)
> return new_sync_read(file, buf, count, pos);
>
>
> Is avoiding use of __vfs_read() is intentional?
Yes, some filesystems ->read_iter attempt to take the i_rwsem, which
IMA has already taken. ?This patch set introduces a new file operation
method ->integrity_read, which reads the file without re-taking the
lock. ?(This method should probably be renamed ->integrity_read_iter.)
The next version of this patch set will remove this patch, unless
someone provides a reason for needing it. ?At that point, a new method
equivalent to ->read would need to be defined.
Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-07-10 15:12 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-09 18:02 [PATCH 0/4] define new fs integrity_read method Mimi Zohar
2017-06-09 18:02 ` [PATCH 1/4] ima: use fs method to read integrity data Mimi Zohar
2017-06-15 23:49 ` kbuild test robot
2017-06-16 6:18 ` Christoph Hellwig
2017-06-09 18:02 ` [PATCH 2/4] tmpfs: define integrity_read file operation method Mimi Zohar
2017-06-09 18:02 ` [PATCH 3/4] ima: use existing read file operation method to calculate file hash Mimi Zohar
2017-06-13 6:46 ` Christoph Hellwig
2017-06-13 14:17 ` Mimi Zohar
2017-06-13 14:22 ` Christoph Hellwig
2017-06-13 15:07 ` Mimi Zohar
2017-06-14 7:03 ` Christoph Hellwig
2017-07-10 14:03 ` [Linux-ima-devel] " Dmitry Kasatkin
2017-07-10 15:12 ` Mimi Zohar [this message]
2017-06-09 18:02 ` [PATCH 4/4] ima: use read_iter (generic_file_read_iter) " Mimi Zohar
2017-07-10 14:07 ` [Linux-ima-devel] " Dmitry Kasatkin
2017-07-10 15:22 ` Mimi Zohar
2017-06-09 19:47 ` [PATCH] sample xfstests IMA-appraisal test module Mimi Zohar
2017-06-09 19:55 ` [PATCH] sample xfstests IMA-appraisal test module (resending) Mimi Zohar
2017-06-13 6:47 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1499699561.6034.129.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).