Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3473173imu; Sun, 11 Nov 2018 15:55:14 -0800 (PST) X-Google-Smtp-Source: AJdET5ceVDTmhRdYa5/L84WaJY4Jonhw4t8kPcrusOJCXOm4YqRjGKyqgzTISkKce17EMjtCrp43 X-Received: by 2002:a63:d34a:: with SMTP id u10mr15889424pgi.301.1541980514855; Sun, 11 Nov 2018 15:55:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541980514; cv=none; d=google.com; s=arc-20160816; b=PmAg/lW72mukUfVyd42EXHaI9ZtRt7/g0FaaloKqxTWiFEr3xpm+9jdvB3xjsYLGyf IJPxrLH3jZ/xcRLn0mFTgJfcuN6m/oef20LESKhyH+p0R94XOurd0gkrqiJbU4CEPtdd QeE5R6Z76ZkdOrTiyq+9xMNx9+7c0VZcIyVeXGwzMc3bvVtZQ4BA0SnnuIcPVg8sUCLa sWlNKRXx7HR72YRMmRgQzqVWYy3jLwVuSsyGpBa27ECn18+MyaejcFK3G16+2xjvv/eE ZdMtl0v67YQzZ08yTQ05Mmy7WA8lThrzYIwx82wskzeEk6QdR/MBqg96RkorD6jv5TrY 26Mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=DeOzB6q5MBUoa7PRoOwdnTmczKBImTLknvKLPnp0DZs=; b=H+JP2n48v+nvZoLY2NBJ3hUS9FFhotsLDZsoKjcOVqq/QYhIxAgUvpjVG2WB3Jvaek yDlNrap151YY6E9tE2bzpcoF3gJn2ZwZ8eQbRWd7CYwLvZCE7pBi3nJg4UXggNynlSeN VwHALzPj/OJi56NsRddC8o3g0iHHJgLrOLwAsAmaCk5n7MoxyomYHXK+kCwOTjgeDQ3X X5HEaWmAfAlbhb3SOethXudbXpyS5xldsmLeCRrk4Biu133Atb6QdSGUL2+RadMGSZYv uFBb26Jv0J1G94v1EaAPKQeReDP4+YwIJC5+FYGh/lpuKZqn+4MXCdznlqcZKXqCepPc GJKw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=JT3EHcW7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i13-v6si14687314pgo.128.2018.11.11.15.54.59; Sun, 11 Nov 2018 15:55:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=JT3EHcW7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732941AbeKLJnu (ORCPT + 99 others); Mon, 12 Nov 2018 04:43:50 -0500 Received: from mail.kernel.org ([198.145.29.99]:37256 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732732AbeKLISZ (ORCPT ); Mon, 12 Nov 2018 03:18:25 -0500 Received: from localhost (unknown [206.108.79.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 3E5E12175B; Sun, 11 Nov 2018 22:28:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541975309; bh=LlWkG9DejTpnQRhD7uPOrAOcGoPFwQEGrP2nZtk3CNA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=JT3EHcW7i2NNiw9iheleOUax8WSks7VyGo2xRdDmL0DUAsfFRV/imlgj+IUrSGXDq MlLkM/1BOeAhbkkTSz/HPxkKILvIRWOtQkr6ZS48ZHYlArgWvZ7pvqzjGmNEu9nv3Q TAOQi4NYDAQ+HxAZVbUpaiR4mUW4RUlIs0H3Jtxk= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Goldwyn Rodrigues , Mimi Zohar Subject: [PATCH 4.19 251/361] ima: open a new file instance if no read permissions Date: Sun, 11 Nov 2018 14:19:58 -0800 Message-Id: <20181111221653.190707609@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181111221619.915519183@linuxfoundation.org> References: <20181111221619.915519183@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Goldwyn Rodrigues commit a408e4a86b36bf98ad15b9ada531cf0e5118ac67 upstream. Open a new file instance as opposed to changing file->f_mode when the file is not readable. This is done to accomodate overlayfs stacked file operations change. The real struct file is hidden behind the overlays struct file. So, any file->f_mode manipulations are not reflected on the real struct file. Open the file again in read mode if original file cannot be read, read and calculate the hash. Signed-off-by: Goldwyn Rodrigues Cc: stable@vger.kernel.org (linux-4.19) Signed-off-by: Mimi Zohar Signed-off-by: Greg Kroah-Hartman --- security/integrity/ima/ima_crypto.c | 54 ++++++++++++++++++++++-------------- 1 file changed, 34 insertions(+), 20 deletions(-) --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -210,7 +210,7 @@ static int ima_calc_file_hash_atfm(struc { loff_t i_size, offset; char *rbuf[2] = { NULL, }; - int rc, read = 0, rbuf_len, active = 0, ahash_rc = 0; + int rc, rbuf_len, active = 0, ahash_rc = 0; struct ahash_request *req; struct scatterlist sg[1]; struct crypto_wait wait; @@ -257,11 +257,6 @@ static int ima_calc_file_hash_atfm(struc &rbuf_size[1], 0); } - if (!(file->f_mode & FMODE_READ)) { - file->f_mode |= FMODE_READ; - read = 1; - } - for (offset = 0; offset < i_size; offset += rbuf_len) { if (!rbuf[1] && offset) { /* Not using two buffers, and it is not the first @@ -300,8 +295,6 @@ static int ima_calc_file_hash_atfm(struc /* wait for the last update request to complete */ rc = ahash_wait(ahash_rc, &wait); out3: - if (read) - file->f_mode &= ~FMODE_READ; ima_free_pages(rbuf[0], rbuf_size[0]); ima_free_pages(rbuf[1], rbuf_size[1]); out2: @@ -336,7 +329,7 @@ static int ima_calc_file_hash_tfm(struct { loff_t i_size, offset = 0; char *rbuf; - int rc, read = 0; + int rc; SHASH_DESC_ON_STACK(shash, tfm); shash->tfm = tfm; @@ -357,11 +350,6 @@ static int ima_calc_file_hash_tfm(struct if (!rbuf) return -ENOMEM; - if (!(file->f_mode & FMODE_READ)) { - file->f_mode |= FMODE_READ; - read = 1; - } - while (offset < i_size) { int rbuf_len; @@ -378,8 +366,6 @@ static int ima_calc_file_hash_tfm(struct if (rc) break; } - if (read) - file->f_mode &= ~FMODE_READ; kfree(rbuf); out: if (!rc) @@ -420,6 +406,8 @@ int ima_calc_file_hash(struct file *file { loff_t i_size; int rc; + struct file *f = file; + bool new_file_instance = false, modified_flags = false; /* * For consistency, fail file's opened with the O_DIRECT flag on @@ -431,15 +419,41 @@ int ima_calc_file_hash(struct file *file return -EINVAL; } - i_size = i_size_read(file_inode(file)); + /* Open a new file instance in O_RDONLY if we cannot read */ + if (!(file->f_mode & FMODE_READ)) { + int flags = file->f_flags & ~(O_WRONLY | O_APPEND | + O_TRUNC | O_CREAT | O_NOCTTY | O_EXCL); + flags |= O_RDONLY; + f = dentry_open(&file->f_path, flags, file->f_cred); + if (IS_ERR(f)) { + /* + * Cannot open the file again, lets modify f_flags + * of original and continue + */ + pr_info_ratelimited("Unable to reopen file for reading.\n"); + f = file; + f->f_flags |= FMODE_READ; + modified_flags = true; + } else { + new_file_instance = true; + } + } + + i_size = i_size_read(file_inode(f)); if (ima_ahash_minsize && i_size >= ima_ahash_minsize) { - rc = ima_calc_file_ahash(file, hash); + rc = ima_calc_file_ahash(f, hash); if (!rc) - return 0; + goto out; } - return ima_calc_file_shash(file, hash); + rc = ima_calc_file_shash(f, hash); +out: + if (new_file_instance) + fput(f); + else if (modified_flags) + f->f_flags &= ~FMODE_READ; + return rc; } /*