Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp2732438ybz; Mon, 27 Apr 2020 03:33:34 -0700 (PDT) X-Google-Smtp-Source: APiQypIzTHVjUhFUaevX8ygf2TM/aEDOWEoulXUC31Njw9fLHR7VAfrSMWuDVpnJh9TnxZw5fqfg X-Received: by 2002:a05:6402:8c1:: with SMTP id d1mr18400710edz.236.1587983614336; Mon, 27 Apr 2020 03:33:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587983614; cv=none; d=google.com; s=arc-20160816; b=Z28Os9m3gTX+ZSSDcjUmHpGPOuLUhNV85eERNuljpMaT3WkeQSHnLtfgUBmOziujLt LbII7LgTqECAwJamysb3/hb8bOCbWnd5ji+KpyMhOUpj1ULnZM+ZGO/Sxinq8JnLyr0U g7xEKBxeq5ez56a34k0S/71n3CcsD7F2KZOgfTrEcdik9rY1gPOZ+NSBB/5+yt0CqItm 7X/VhPJwmAxXqA/jQD2ZEg53Hyx0fd4yiJ5nmAyEnfLGiI9VZgpSt3LiygePEIoaW2rr TqDMkF8oeV/5AlO9UKHwaPWjILVHAXQryMNRLSYaRVZv5FInZ3gsf2iywOOyj5rpQ0t2 XCEA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from; bh=m5LO0qAM8mrQMajPslW/5m2eUlgv2xoOVUtydPgByqU=; b=zPHp92X6K7ioWLvo+KctbJXxFwllWNpg7LEJ2GqF8ptLyAXnPvkL4K7vwlmEKtP4k2 PmKBEEStP2kIfm9F4XkhvwSLnR3+ixuMA2ZzGmWjVDQYZCq7kj/aFrcZRPXAw6JiqkIM +RNC7TGL31dvG2sT+rM73B0cnNioYEmdlJcZtaPUPLhbWEnBxxk1qkQKmanJrpaIqplp +sm8otC3bDLPFwSeRctx8Pc0Ah3O32XWgH1fXFRhxqLEe8teVfeUtqRadxW5SxqgZROf CajPn3/D7bYsnGZmYNV+xRwxxrUCMUOQTmPer96SewtsEfINoDtupj+4HiPKPhbF0rnu VWVw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j2si8041583ejs.138.2020.04.27.03.33.11; Mon, 27 Apr 2020 03:33:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727047AbgD0Kbm (ORCPT + 99 others); Mon, 27 Apr 2020 06:31:42 -0400 Received: from lhrrgout.huawei.com ([185.176.76.210]:2105 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726537AbgD0Kbl (ORCPT ); Mon, 27 Apr 2020 06:31:41 -0400 Received: from lhreml724-chm.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id E1F57895E276EE888944; Mon, 27 Apr 2020 11:31:39 +0100 (IST) Received: from fraeml714-chm.china.huawei.com (10.206.15.33) by lhreml724-chm.china.huawei.com (10.201.108.75) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 27 Apr 2020 11:31:39 +0100 Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.160) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Mon, 27 Apr 2020 12:31:38 +0200 From: Roberto Sassu To: , CC: , , , , , "Roberto Sassu" , Subject: [PATCH v2 1/6] ima: Set file->f_mode instead of file->f_flags in ima_calc_file_hash() Date: Mon, 27 Apr 2020 12:28:55 +0200 Message-ID: <20200427102900.18887-1-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.17.1 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.204.65.160] X-ClientProxiedBy: lhreml710-chm.china.huawei.com (10.201.108.61) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit a408e4a86b36 ("ima: open a new file instance if no read permissions") tries to create a new file descriptor to calculate a file digest if the file has not been opened with O_RDONLY flag. However, if a new file descriptor cannot be obtained, it sets the FMODE_READ flag to file->f_flags instead of file->f_mode. This patch fixes this issue by replacing f_flags with f_mode as it was before that commit. Changelog v1: - fix comment for f_mode change (suggested by Mimi) - rename modified_flags variable to modified_mode (suggested by Mimi) Cc: stable@vger.kernel.org # 4.20.x Fixes: a408e4a86b36 ("ima: open a new file instance if no read permissions") Signed-off-by: Roberto Sassu --- security/integrity/ima/ima_crypto.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 5201f5ec2ce4..f3a7f4eb1fc1 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -537,7 +537,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash) loff_t i_size; int rc; struct file *f = file; - bool new_file_instance = false, modified_flags = false; + bool new_file_instance = false, modified_mode = false; /* * For consistency, fail file's opened with the O_DIRECT flag on @@ -557,13 +557,13 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash) f = dentry_open(&file->f_path, flags, file->f_cred); if (IS_ERR(f)) { /* - * Cannot open the file again, lets modify f_flags + * Cannot open the file again, lets modify f_mode * of original and continue */ pr_info_ratelimited("Unable to reopen file for reading.\n"); f = file; - f->f_flags |= FMODE_READ; - modified_flags = true; + f->f_mode |= FMODE_READ; + modified_mode = true; } else { new_file_instance = true; } @@ -581,8 +581,8 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash) out: if (new_file_instance) fput(f); - else if (modified_flags) - f->f_flags &= ~FMODE_READ; + else if (modified_mode) + f->f_mode &= ~FMODE_READ; return rc; } -- 2.17.1