Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp744505ybk; Wed, 13 May 2020 11:55:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJw/hD/7gP8FR4qzDQJ9KDgXV5+8eMK2v7RRr88oQHI7QSbsrwfir6k1/McPYV1n7U9IJTzn X-Received: by 2002:a17:906:c943:: with SMTP id fw3mr439531ejb.288.1589396146330; Wed, 13 May 2020 11:55:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589396146; cv=none; d=google.com; s=arc-20160816; b=zdCiKSjSj2A/45RU2SYdssYfRKSg1SPtXUtxk81fX+ifetkePTiFBHE5fYxNOHE6XN xjZBLhpJX9rGZnVuuCiR65aPHpsXdSUa+vA6C/VEfC9OP60tHEpy8gbJTN/Wuag2Jhw1 NB/6H7L2JRpkhI2yZiSR2H4iXKtaHYZOskK7gLos8thGVuHEZQJ/yZc5Ga18O2LMYfAh TGUwf/ECESxlb0H9S9mGHuc9sapoA02/l2kkez8r1z4k/YcZkQ1B8uW8AyZ6XckHy7WZ SwV0hVFaXDgSznAvCu1O8Ku2Gi34HwGhR9wuv904lZhPY5TfvA+1v/22uxJjEUus+L7A Kzwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=pXu37DD6iE65dDGCF4WvK7cyvgiimEWOvvgpryvd52U=; b=e0+HUVI413Dj135YvAqOpPlfgv8P2TOM5RNDvhva7LE4lF5PTvn3yrkFjzraBOZZAZ fqdlP8J/W4rGwx+v0rSxN23l6LXsTBhIEjIelcjijzZaX8Vf8DoPVo/yW7ZCAq7RzSTj u8N3vqXTohds7gjZqXS1dAlIusIJsr5ewc3hamk5++/12W81VOOriXvFAyOMlGKjE/5x elP7pnV+1SvyPzy63xU5VJrFHPEfHxtr15yzc3gzeIdQSkALjJOYjw+mYGddXcAEvuoS gNjBbu6brr5ZjeOjEmEGaM7BQGtOPv7+2eYVkMO48Cpuf1b0LDKDrfyU9jD99vLEQGZg C3lA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=IbEVDf1P; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ov7si355336ejb.409.2020.05.13.11.55.23; Wed, 13 May 2020 11:55:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b=IbEVDf1P; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390335AbgEMSxd (ORCPT + 99 others); Wed, 13 May 2020 14:53:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49462 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1732990AbgEMSxc (ORCPT ); Wed, 13 May 2020 14:53:32 -0400 Received: from mail-wr1-x443.google.com (mail-wr1-x443.google.com [IPv6:2a00:1450:4864:20::443]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3C6F6C061A0C for ; Wed, 13 May 2020 11:53:32 -0700 (PDT) Received: by mail-wr1-x443.google.com with SMTP id v12so720338wrp.12 for ; Wed, 13 May 2020 11:53:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=pXu37DD6iE65dDGCF4WvK7cyvgiimEWOvvgpryvd52U=; b=IbEVDf1PZkcsC9qKSfRpq/TZXfimI98pReSCcaQgTPNl9HmndoODpa4MDeOulOvRz4 yCi4Y0M//sK1fidl4u5Podrn0hGfzM9JzccG27h3Bum61GNrk5w9Z1sOClL7Gns6+5GF NnqDrlIux2oiU+oQESCrAfiMljk+vnBzT/ypM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=pXu37DD6iE65dDGCF4WvK7cyvgiimEWOvvgpryvd52U=; b=pZyBa4AMghWrwbDIAil1FaNn6s7n8V713W6lk6rBuvGhEqb2rFLmnI8VQ2J6kM2glx VLo6o5qc2Fi1dQT7obZSD3eZxB55lgaq9nz7ViAP+QmsOnR9b0v/EhWnCUaPQndffW1j vOCYXgo/QCDsZ4dzty0oB34HBBokwrXrxPqZtnFxLU+d5U3a7Ycf/oH7I6ET+l88NGXq UZIVuzgkMVcXus1OurTU037KdzbroSNGRU5cnHRJ2wYbyzhxVAllwpKxTpfAf5RfGp7+ zCAtTt90/XBMJH0V6tWsybjokRMIGVBweiyb1S2j6fvzWvBJ7n3PlpFoJt2v29X/byR1 r+7g== X-Gm-Message-State: AOAM531lxYXHT3xvKjOtHP5hgF2KrBUq1NywpzbodwcSCrYuNKu1Fhie Cmxmev6lpfHlgQEYtg01KlDORQ== X-Received: by 2002:adf:a151:: with SMTP id r17mr761655wrr.161.1589396010916; Wed, 13 May 2020 11:53:30 -0700 (PDT) Received: from [10.136.13.65] ([192.19.228.250]) by smtp.gmail.com with ESMTPSA id i17sm37309331wml.23.2020.05.13.11.53.25 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 13 May 2020 11:53:30 -0700 (PDT) Subject: Re: [PATCH v5 1/7] fs: introduce kernel_pread_file* support To: Mimi Zohar , Luis Chamberlain , Greg Kroah-Hartman , David Brown , Alexander Viro , Shuah Khan , bjorn.andersson@linaro.org, Shuah Khan , Arnd Bergmann Cc: "Rafael J . Wysocki" , linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org, linux-fsdevel@vger.kernel.org, BCM Kernel Feedback , Olof Johansson , Andrew Morton , Dan Carpenter , Colin Ian King , Kees Cook , Takashi Iwai , linux-kselftest@vger.kernel.org, Andy Gross , linux-security-module , linux-integrity References: <20200508002739.19360-1-scott.branden@broadcom.com> <20200508002739.19360-2-scott.branden@broadcom.com> <1589395153.5098.158.camel@kernel.org> From: Scott Branden Message-ID: <0e6b5f65-8c61-b02e-7d35-b4ae52aebcf3@broadcom.com> Date: Wed, 13 May 2020 11:53:23 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <1589395153.5098.158.camel@kernel.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Mimi, On 2020-05-13 11:39 a.m., Mimi Zohar wrote: > [Cc'ing linux-security-module, linux-integrity] > > On Thu, 2020-05-07 at 17:27 -0700, Scott Branden wrote: >> Add kernel_pread_file* support to kernel to allow for partial read >> of files with an offset into the file. Existing kernel_read_file >> functions call new kernel_pread_file functions with offset=0 and >> flags=KERNEL_PREAD_FLAG_WHOLE. >> >> Signed-off-by: Scott Branden >> --- > > >> @@ -941,14 +955,16 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size, The checkpatch shows this as kernel_read_file when it is actually the new function kernel_pread_file. Please see the call to kernel_pread_file from kernel_read_file in the complete patch rather this snippet. >> >> if (bytes == 0) >> break; >> + >> + buf_pos += bytes; >> } >> >> - if (pos != i_size) { >> + if (pos != read_end) { >> ret = -EIO; >> goto out_free; >> } >> >> - ret = security_kernel_post_read_file(file, *buf, i_size, id); >> + ret = security_kernel_post_read_file(file, *buf, alloc_size, id); >> if (!ret) >> *size = pos; > Prior to the patch set that introduced this security hook, firmware > would be read twice, once for measuring/appraising the firmware and > again reading the file contents into memory.  Partial reads will break > both IMA's measuring the file and appraising the file signatures. The partial file read support is needed for request_firmware_into_buf from drivers.  The EXPORT_SYMBOL_GPL is being removed so that there can be no abuse of the partial file read support.  Such file integrity checks are not needed for this use case.  The partial file (firmware image) is actually downloaded in portions and verified on the device it is loaded to. Regards,  Scott