Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp2163061ybh; Fri, 17 Jul 2020 10:46:32 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwPyGmywJ1viGZnOUUkFpPwU2fyLSiBCcuol73Efwdx+i426CvKudbaHhKayUJ0Zzq1pznC X-Received: by 2002:aa7:d3cd:: with SMTP id o13mr10135138edr.176.1595007992019; Fri, 17 Jul 2020 10:46:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595007992; cv=none; d=google.com; s=arc-20160816; b=NqiDNkILz+PGJPkFcrr1lSBoL2cfvq9KvojH20GlpjjhoSVuy8U1hY38gEFGxVtKQi 3UligrB08gdMBebciCQHg9iBjG/nVJInQ6F/VESHmManggk/vGN7O7BHhnwZ0LMScfPP oZhIvX+mzr3D6ci1DN4ppy7plwlEtdn5HyCWUIfrI+dt5SHA9z6d4C7n//bCJcf5J/Gm eZE5c8TyDpvQyRf42jlwu1WIUZI4nDeNqAHdbvbo6rb+CG+Hm1bShshFGsrn9AuRO9BP ZLiHJ/CzXsY1RD7Wurm6w8e/eusCFYdiRi9pVntn9+qux0F8ziY/RFPvkuVOh3rp0OxL v2bw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=ZkxvPLCCbkaCa7brsK8xPc93mGLBdRO5INApECzM/44=; b=uenlYCSbBgFkDl94sj/iIpfv+38kV3bgDtAemkIDGV1ObM8GJBvO92gr+DtjCufs2t DaGQBDsNUxvUKZdaTeKamjc0KwWdawPabpx4ir321Y5kTqQVjSxamCmpG6CNrthAXk+7 NAhiJYhvcEaL9FcQWg91x0v1pz02s3HTpBtawq2D0LNK0/6zq2Wb9waStuvZgGq2akKt pfLF7vtMfuZQWPb/mfMdUJOhDHTuruQH+iwPLj9slqjg3s7J1I0VRLgCWDIigEaAlUGt hLKYmaJS1QvwskziP6E666KQvTfLz9kIi0lj4wE1EG0ZnmfcIw20lPYuJY0QkLCLvt/A Md7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Obi84u54; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j3si5715414edt.8.2020.07.17.10.46.08; Fri, 17 Jul 2020 10:46:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=Obi84u54; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728346AbgGQRoQ (ORCPT + 99 others); Fri, 17 Jul 2020 13:44:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45920 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728119AbgGQRnU (ORCPT ); Fri, 17 Jul 2020 13:43:20 -0400 Received: from mail-pj1-x1043.google.com (mail-pj1-x1043.google.com [IPv6:2607:f8b0:4864:20::1043]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2644DC0619D4 for ; Fri, 17 Jul 2020 10:43:20 -0700 (PDT) Received: by mail-pj1-x1043.google.com with SMTP id ch3so6887511pjb.5 for ; Fri, 17 Jul 2020 10:43:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ZkxvPLCCbkaCa7brsK8xPc93mGLBdRO5INApECzM/44=; b=Obi84u54vqzQUVtvmNddMQRsiTpR6jcSCi+mhXq+0efSHn07vMce2E+mN9kUGTbp+F 2FXZ3yXSaDc9Ydh5nTVBDcBX+MOwccFRzQBjjvdINPBeGImq8RccZ4tYxmhLz8xvCNtl b+gIUrlrkMgjIBGEAjMj4K9iO+dYUW1OsqHC8= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ZkxvPLCCbkaCa7brsK8xPc93mGLBdRO5INApECzM/44=; b=WSvCcDqsdZUfLKM71vBIfdeg0wEbDqRqXGlwd6Z/x/8WNBDCLMQL2Tzz71R3KHYYtl X8VmJ++rydOAiHi473aNjwd74BjjTxsuf07ByRTwnvo0JXHJIHBAnURaNAxZuF3w7Hvu yAWOpwxwCXZUgzgbld3bAf5+O4iSTUy31eJtSNeyln6w6Ba9FJNu8VejrAwgQDPndKhq ULN/mtsu2kKop9fh6ITPZhTpPLSc8eormILfe5cydQfaRfS+nVJzsRMPTQnLXMS10jqN oBy2qosUROw3n6kXgZ5Vr9K/xfbnCwFh3sU3KF91oxyniW+oi+iZ56l+6HZoHsKUmfmP nwBA== X-Gm-Message-State: AOAM5300AuZrQm9/w61IrI/ZgCwewfylHbWyRsus6Ne5eipDO9hsjeO7 tonTjbNVp1rfsT2VYhXDAQCzhA== X-Received: by 2002:a17:90a:ed87:: with SMTP id k7mr11358336pjy.31.1595007799518; Fri, 17 Jul 2020 10:43:19 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id p12sm3261945pjz.44.2020.07.17.10.43.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 17 Jul 2020 10:43:17 -0700 (PDT) From: Kees Cook To: Scott Branden Cc: Kees Cook , Mimi Zohar , Matthew Wilcox , James Morris , Luis Chamberlain , Greg Kroah-Hartman , "Rafael J. Wysocki" , Alexander Viro , Jessica Yu , Dmitry Kasatkin , "Serge E. Hallyn" , Casey Schaufler , "Eric W. Biederman" , Peter Zijlstra , Matthew Garrett , David Howells , Mauro Carvalho Chehab , Randy Dunlap , "Joel Fernandes (Google)" , KP Singh , Dave Olsthoorn , Hans de Goede , Peter Jones , Andrew Morton , Stephen Boyd , Paul Moore , Stephen Smalley , linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org, linux-fsdevel@vger.kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org Subject: [PATCH 05/13] fs/kernel_read_file: Split into separate source file Date: Fri, 17 Jul 2020 10:43:00 -0700 Message-Id: <20200717174309.1164575-6-keescook@chromium.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200717174309.1164575-1-keescook@chromium.org> References: <20200717174309.1164575-1-keescook@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org These routines are used in places outside of exec(2), so in preparation for refactoring them, move them into a separate source file, fs/kernel_read_file.c. Signed-off-by: Kees Cook --- fs/Makefile | 3 +- fs/exec.c | 132 ---------------------------------------- fs/kernel_read_file.c | 138 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 140 insertions(+), 133 deletions(-) create mode 100644 fs/kernel_read_file.c diff --git a/fs/Makefile b/fs/Makefile index 2ce5112b02c8..a05fc247b2a7 100644 --- a/fs/Makefile +++ b/fs/Makefile @@ -13,7 +13,8 @@ obj-y := open.o read_write.o file_table.o super.o \ seq_file.o xattr.o libfs.o fs-writeback.o \ pnode.o splice.o sync.o utimes.o d_path.o \ stack.o fs_struct.o statfs.o fs_pin.o nsfs.o \ - fs_types.o fs_context.o fs_parser.o fsopen.o + fs_types.o fs_context.o fs_parser.o fsopen.o \ + kernel_read_file.o ifeq ($(CONFIG_BLOCK),y) obj-y += buffer.o block_dev.o direct-io.o mpage.o diff --git a/fs/exec.c b/fs/exec.c index 07a7fe9ac5be..d619b79aab30 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -923,138 +923,6 @@ struct file *open_exec(const char *name) } EXPORT_SYMBOL(open_exec); -int kernel_read_file(struct file *file, void **buf, loff_t *size, - loff_t max_size, enum kernel_read_file_id id) -{ - loff_t i_size, pos; - ssize_t bytes = 0; - void *allocated = NULL; - int ret; - - if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0) - return -EINVAL; - - ret = deny_write_access(file); - if (ret) - return ret; - - ret = security_kernel_read_file(file, id); - if (ret) - goto out; - - i_size = i_size_read(file_inode(file)); - if (i_size <= 0) { - ret = -EINVAL; - goto out; - } - if (i_size > SIZE_MAX || (max_size > 0 && i_size > max_size)) { - ret = -EFBIG; - goto out; - } - - if (!*buf) - *buf = allocated = vmalloc(i_size); - if (!*buf) { - ret = -ENOMEM; - goto out; - } - - pos = 0; - while (pos < i_size) { - bytes = kernel_read(file, *buf + pos, i_size - pos, &pos); - if (bytes < 0) { - ret = bytes; - goto out_free; - } - - if (bytes == 0) - break; - } - - if (pos != i_size) { - ret = -EIO; - goto out_free; - } - - ret = security_kernel_post_read_file(file, *buf, i_size, id); - if (!ret) - *size = pos; - -out_free: - if (ret < 0) { - if (allocated) { - vfree(*buf); - *buf = NULL; - } - } - -out: - allow_write_access(file); - return ret; -} -EXPORT_SYMBOL_GPL(kernel_read_file); - -int kernel_read_file_from_path(const char *path, void **buf, loff_t *size, - loff_t max_size, enum kernel_read_file_id id) -{ - struct file *file; - int ret; - - if (!path || !*path) - return -EINVAL; - - file = filp_open(path, O_RDONLY, 0); - if (IS_ERR(file)) - return PTR_ERR(file); - - ret = kernel_read_file(file, buf, size, max_size, id); - fput(file); - return ret; -} -EXPORT_SYMBOL_GPL(kernel_read_file_from_path); - -int kernel_read_file_from_path_initns(const char *path, void **buf, - loff_t *size, loff_t max_size, - enum kernel_read_file_id id) -{ - struct file *file; - struct path root; - int ret; - - if (!path || !*path) - return -EINVAL; - - task_lock(&init_task); - get_fs_root(init_task.fs, &root); - task_unlock(&init_task); - - file = file_open_root(root.dentry, root.mnt, path, O_RDONLY, 0); - path_put(&root); - if (IS_ERR(file)) - return PTR_ERR(file); - - ret = kernel_read_file(file, buf, size, max_size, id); - fput(file); - return ret; -} -EXPORT_SYMBOL_GPL(kernel_read_file_from_path_initns); - -int kernel_read_file_from_fd(int fd, void **buf, loff_t *size, loff_t max_size, - enum kernel_read_file_id id) -{ - struct fd f = fdget(fd); - int ret = -EBADF; - - if (!f.file) - goto out; - - ret = kernel_read_file(f.file, buf, size, max_size, id); -out: - fdput(f); - return ret; -} -EXPORT_SYMBOL_GPL(kernel_read_file_from_fd); - #if defined(CONFIG_HAVE_AOUT) || defined(CONFIG_BINFMT_FLAT) || \ defined(CONFIG_BINFMT_ELF_FDPIC) ssize_t read_code(struct file *file, unsigned long addr, loff_t pos, size_t len) diff --git a/fs/kernel_read_file.c b/fs/kernel_read_file.c new file mode 100644 index 000000000000..54d972d4befc --- /dev/null +++ b/fs/kernel_read_file.c @@ -0,0 +1,138 @@ +// SPDX-License-Identifier: GPL-2.0-only +#include +#include +#include +#include +#include + +int kernel_read_file(struct file *file, void **buf, loff_t *size, + loff_t max_size, enum kernel_read_file_id id) +{ + loff_t i_size, pos; + ssize_t bytes = 0; + void *allocated = NULL; + int ret; + + if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0) + return -EINVAL; + + ret = deny_write_access(file); + if (ret) + return ret; + + ret = security_kernel_read_file(file, id); + if (ret) + goto out; + + i_size = i_size_read(file_inode(file)); + if (i_size <= 0) { + ret = -EINVAL; + goto out; + } + if (i_size > SIZE_MAX || (max_size > 0 && i_size > max_size)) { + ret = -EFBIG; + goto out; + } + + if (!*buf) + *buf = allocated = vmalloc(i_size); + if (!*buf) { + ret = -ENOMEM; + goto out; + } + + pos = 0; + while (pos < i_size) { + bytes = kernel_read(file, *buf + pos, i_size - pos, &pos); + if (bytes < 0) { + ret = bytes; + goto out_free; + } + + if (bytes == 0) + break; + } + + if (pos != i_size) { + ret = -EIO; + goto out_free; + } + + ret = security_kernel_post_read_file(file, *buf, i_size, id); + if (!ret) + *size = pos; + +out_free: + if (ret < 0) { + if (allocated) { + vfree(*buf); + *buf = NULL; + } + } + +out: + allow_write_access(file); + return ret; +} +EXPORT_SYMBOL_GPL(kernel_read_file); + +int kernel_read_file_from_path(const char *path, void **buf, loff_t *size, + loff_t max_size, enum kernel_read_file_id id) +{ + struct file *file; + int ret; + + if (!path || !*path) + return -EINVAL; + + file = filp_open(path, O_RDONLY, 0); + if (IS_ERR(file)) + return PTR_ERR(file); + + ret = kernel_read_file(file, buf, size, max_size, id); + fput(file); + return ret; +} +EXPORT_SYMBOL_GPL(kernel_read_file_from_path); + +int kernel_read_file_from_path_initns(const char *path, void **buf, + loff_t *size, loff_t max_size, + enum kernel_read_file_id id) +{ + struct file *file; + struct path root; + int ret; + + if (!path || !*path) + return -EINVAL; + + task_lock(&init_task); + get_fs_root(init_task.fs, &root); + task_unlock(&init_task); + + file = file_open_root(root.dentry, root.mnt, path, O_RDONLY, 0); + path_put(&root); + if (IS_ERR(file)) + return PTR_ERR(file); + + ret = kernel_read_file(file, buf, size, max_size, id); + fput(file); + return ret; +} +EXPORT_SYMBOL_GPL(kernel_read_file_from_path_initns); + +int kernel_read_file_from_fd(int fd, void **buf, loff_t *size, loff_t max_size, + enum kernel_read_file_id id) +{ + struct fd f = fdget(fd); + int ret = -EBADF; + + if (!f.file) + goto out; + + ret = kernel_read_file(f.file, buf, size, max_size, id); +out: + fdput(f); + return ret; +} +EXPORT_SYMBOL_GPL(kernel_read_file_from_fd); -- 2.25.1