Received: by 2002:a25:e74b:0:0:0:0:0 with SMTP id e72csp2220769ybh; Fri, 17 Jul 2020 12:12:20 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxmstdrr3pEqI4Z+FdvGDrg8YbebkANFzERIwTsNMtyuY7HfvSYvES22SNCgwqowOdMZItP X-Received: by 2002:aa7:d802:: with SMTP id v2mr10534380edq.77.1595013139885; Fri, 17 Jul 2020 12:12:19 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1595013139; cv=none; d=google.com; s=arc-20160816; b=cQgpl0hw7lomC3nk3Gq9zZlTmRetHukkyD6hVgFMKiCJdbpqgc7YF9IcxrbGBgVcxR /aba3KhJlcfHLEQqNM7y7kX9P+TE/PwBHRQk6Rh743IevZdnzmuff/QEdBduNyvDt/1k 9AOH8uN20MN4Oo8UhfU7EsH5O//2W7AMBIljumF3+w/zHDuLjp4Ez/wi36HB1VKq33oN LLvHGoZqYfJU2cWNrpFBvqXdLCQBQ58JOE/E1VucVrSUgyacWQ9a2YY4DSksRJm/fjV/ iFXgq4TSKTvXn4swTCGQe268QKPEu3oNkD3blbxX0eMmheV+ZPMep6HO05ggeolnqse6 C91g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject:dkim-signature; bh=ANR3bM9WoDNZme2eXqbjD+VVwWr+Pg7y8IOcp52zafo=; b=gYmge4n7HjV6HOOR6J98COkBjNysMpboTUZnYiBRy0BZsV5hS7d2XMCdZUPZ+VC17X mom9roxBBQHsAa1pHWKoJ3tAAiQKH7JVtLbK6PZhaiHq/LYt45rVW3hm7etttywXXArB sPy7NaWEIdkUaGTTTV0nSF3o3s+Jtq/nhmmRBBYmnikmaqCIPpAV/abFQ4WBXIEP5DWl z7mikeuSabxvWAGseHn3Iycq0PKIheTA3tTEMaP95KvZXfAzrXO8FjriuVgl/+zTcR9V KBKlwvHAcpkMheQW1igO+2mYTw3D3vzqRJAO/7P9TzJ0IyMDfHjpC4IXvqVisMxIj7Dm rnBQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b="Dxz/h+2Q"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i12si5847442edq.340.2020.07.17.12.11.57; Fri, 17 Jul 2020 12:12:19 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@broadcom.com header.s=google header.b="Dxz/h+2Q"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=broadcom.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728449AbgGQTLg (ORCPT + 99 others); Fri, 17 Jul 2020 15:11:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59658 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728376AbgGQTLf (ORCPT ); Fri, 17 Jul 2020 15:11:35 -0400 Received: from mail-wm1-x343.google.com (mail-wm1-x343.google.com [IPv6:2a00:1450:4864:20::343]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B07A0C0619D6 for ; Fri, 17 Jul 2020 12:11:34 -0700 (PDT) Received: by mail-wm1-x343.google.com with SMTP id a6so7743149wmm.0 for ; Fri, 17 Jul 2020 12:11:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=broadcom.com; s=google; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding:content-language; bh=ANR3bM9WoDNZme2eXqbjD+VVwWr+Pg7y8IOcp52zafo=; b=Dxz/h+2QtpKfi2V2MIRiLWspHxKnBOb+LTZCJQJcXrLXbCTI/zzk8g0vMz6lbwpirD RJgzZIfyprhgCbX7khnO37bOshkA0CO+OVqolpIod43sL+Y/1xK7beL9EgNaXDtd+1JG dVPoXc1C6hxeY1Z/gFQco1LhxYZxHIFaqOKNw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=ANR3bM9WoDNZme2eXqbjD+VVwWr+Pg7y8IOcp52zafo=; b=Kqnzzk4T9v1qNOT6SQuicY2uL5Dw/jf/CeWNf19dH1tGeji00qD3ymoKwF1sLmnmR/ IlYgFClaiU3aMkHPYzMNcFIrPdsakDH22tBVp7wqQ6yOxDei2XF09aIYlb8Q8S1gHZed toJWAr+wd2gWrTyprt6xozHTJNMIOKLx97VX5qOFOlxlQUnQ/RzDjAgX2SoQTbq1kMfk jQoBNXaLLb8ehp559VdebMdDRz8iGPnUpeNErcYrkJj6tJqctK0mi2LICsXbTPKcQDbf IUQuqBxzi+LO4y5DPNkb4t5G5ShC0FgQPgrzhb6GsQZVfDTzCoCDptrp76QC0GAFf02R QOhQ== X-Gm-Message-State: AOAM530NpYrA2cwKl0hjT2SGDpbEHP9eLl55HQMpcgm9x2ejSfRQTEsy ycET8NexhFoSv+0O1clxcRvQ/ek0ELXfcVsVPHbXKfplInZ3ZML8YuHzVG7KhXraSu9yBCnhK1m EQsHsyuMOh9TDIzlI4q/2QJB16IoXtxELLWwa8ZKUqkAcgTyZqpK0jc6YE7WRUqnk2+U6ycGli8 DMGRwznFUq X-Received: by 2002:a7b:c0da:: with SMTP id s26mr9985824wmh.96.1595013092984; Fri, 17 Jul 2020 12:11:32 -0700 (PDT) Received: from [10.136.13.65] ([192.19.228.250]) by smtp.gmail.com with ESMTPSA id d132sm15249820wmd.35.2020.07.17.12.11.26 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 17 Jul 2020 12:11:32 -0700 (PDT) Subject: Re: [PATCH 05/13] fs/kernel_read_file: Split into separate source file To: Kees Cook Cc: Mimi Zohar , Matthew Wilcox , James Morris , Luis Chamberlain , Greg Kroah-Hartman , "Rafael J. Wysocki" , Alexander Viro , Jessica Yu , Dmitry Kasatkin , "Serge E. Hallyn" , Casey Schaufler , "Eric W. Biederman" , Peter Zijlstra , Matthew Garrett , David Howells , Mauro Carvalho Chehab , Randy Dunlap , "Joel Fernandes (Google)" , KP Singh , Dave Olsthoorn , Hans de Goede , Peter Jones , Andrew Morton , Stephen Boyd , Paul Moore , Stephen Smalley , linux-security-module@vger.kernel.org, linux-integrity@vger.kernel.org, selinux@vger.kernel.org, linux-fsdevel@vger.kernel.org, kexec@lists.infradead.org, linux-kernel@vger.kernel.org References: <20200717174309.1164575-1-keescook@chromium.org> <20200717174309.1164575-6-keescook@chromium.org> From: Scott Branden Message-ID: Date: Fri, 17 Jul 2020 12:11:24 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.10.0 MIME-Version: 1.0 In-Reply-To: <20200717174309.1164575-6-keescook@chromium.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020-07-17 10:43 a.m., Kees Cook wrote: > These routines are used in places outside of exec(2), so in preparation > for refactoring them, move them into a separate source file, > fs/kernel_read_file.c. > > Signed-off-by: Kees Cook Acked-by: Scott Branden > --- > fs/Makefile | 3 +- > fs/exec.c | 132 ---------------------------------------- > fs/kernel_read_file.c | 138 ++++++++++++++++++++++++++++++++++++++++++ > 3 files changed, 140 insertions(+), 133 deletions(-) > create mode 100644 fs/kernel_read_file.c > > diff --git a/fs/Makefile b/fs/Makefile > index 2ce5112b02c8..a05fc247b2a7 100644 > --- a/fs/Makefile > +++ b/fs/Makefile > @@ -13,7 +13,8 @@ obj-y := open.o read_write.o file_table.o super.o \ > seq_file.o xattr.o libfs.o fs-writeback.o \ > pnode.o splice.o sync.o utimes.o d_path.o \ > stack.o fs_struct.o statfs.o fs_pin.o nsfs.o \ > - fs_types.o fs_context.o fs_parser.o fsopen.o > + fs_types.o fs_context.o fs_parser.o fsopen.o \ > + kernel_read_file.o > > ifeq ($(CONFIG_BLOCK),y) > obj-y += buffer.o block_dev.o direct-io.o mpage.o > diff --git a/fs/exec.c b/fs/exec.c > index 07a7fe9ac5be..d619b79aab30 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -923,138 +923,6 @@ struct file *open_exec(const char *name) > } > EXPORT_SYMBOL(open_exec); > > -int kernel_read_file(struct file *file, void **buf, loff_t *size, > - loff_t max_size, enum kernel_read_file_id id) > -{ > - loff_t i_size, pos; > - ssize_t bytes = 0; > - void *allocated = NULL; > - int ret; > - > - if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0) > - return -EINVAL; > - > - ret = deny_write_access(file); > - if (ret) > - return ret; > - > - ret = security_kernel_read_file(file, id); > - if (ret) > - goto out; > - > - i_size = i_size_read(file_inode(file)); > - if (i_size <= 0) { > - ret = -EINVAL; > - goto out; > - } > - if (i_size > SIZE_MAX || (max_size > 0 && i_size > max_size)) { > - ret = -EFBIG; > - goto out; > - } > - > - if (!*buf) > - *buf = allocated = vmalloc(i_size); > - if (!*buf) { > - ret = -ENOMEM; > - goto out; > - } > - > - pos = 0; > - while (pos < i_size) { > - bytes = kernel_read(file, *buf + pos, i_size - pos, &pos); > - if (bytes < 0) { > - ret = bytes; > - goto out_free; > - } > - > - if (bytes == 0) > - break; > - } > - > - if (pos != i_size) { > - ret = -EIO; > - goto out_free; > - } > - > - ret = security_kernel_post_read_file(file, *buf, i_size, id); > - if (!ret) > - *size = pos; > - > -out_free: > - if (ret < 0) { > - if (allocated) { > - vfree(*buf); > - *buf = NULL; > - } > - } > - > -out: > - allow_write_access(file); > - return ret; > -} > -EXPORT_SYMBOL_GPL(kernel_read_file); > - > -int kernel_read_file_from_path(const char *path, void **buf, loff_t *size, > - loff_t max_size, enum kernel_read_file_id id) > -{ > - struct file *file; > - int ret; > - > - if (!path || !*path) > - return -EINVAL; > - > - file = filp_open(path, O_RDONLY, 0); > - if (IS_ERR(file)) > - return PTR_ERR(file); > - > - ret = kernel_read_file(file, buf, size, max_size, id); > - fput(file); > - return ret; > -} > -EXPORT_SYMBOL_GPL(kernel_read_file_from_path); > - > -int kernel_read_file_from_path_initns(const char *path, void **buf, > - loff_t *size, loff_t max_size, > - enum kernel_read_file_id id) > -{ > - struct file *file; > - struct path root; > - int ret; > - > - if (!path || !*path) > - return -EINVAL; > - > - task_lock(&init_task); > - get_fs_root(init_task.fs, &root); > - task_unlock(&init_task); > - > - file = file_open_root(root.dentry, root.mnt, path, O_RDONLY, 0); > - path_put(&root); > - if (IS_ERR(file)) > - return PTR_ERR(file); > - > - ret = kernel_read_file(file, buf, size, max_size, id); > - fput(file); > - return ret; > -} > -EXPORT_SYMBOL_GPL(kernel_read_file_from_path_initns); > - > -int kernel_read_file_from_fd(int fd, void **buf, loff_t *size, loff_t max_size, > - enum kernel_read_file_id id) > -{ > - struct fd f = fdget(fd); > - int ret = -EBADF; > - > - if (!f.file) > - goto out; > - > - ret = kernel_read_file(f.file, buf, size, max_size, id); > -out: > - fdput(f); > - return ret; > -} > -EXPORT_SYMBOL_GPL(kernel_read_file_from_fd); > - > #if defined(CONFIG_HAVE_AOUT) || defined(CONFIG_BINFMT_FLAT) || \ > defined(CONFIG_BINFMT_ELF_FDPIC) > ssize_t read_code(struct file *file, unsigned long addr, loff_t pos, size_t len) > diff --git a/fs/kernel_read_file.c b/fs/kernel_read_file.c > new file mode 100644 > index 000000000000..54d972d4befc > --- /dev/null > +++ b/fs/kernel_read_file.c > @@ -0,0 +1,138 @@ > +// SPDX-License-Identifier: GPL-2.0-only > +#include > +#include > +#include > +#include > +#include > + > +int kernel_read_file(struct file *file, void **buf, loff_t *size, > + loff_t max_size, enum kernel_read_file_id id) > +{ > + loff_t i_size, pos; > + ssize_t bytes = 0; > + void *allocated = NULL; > + int ret; > + > + if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0) > + return -EINVAL; > + > + ret = deny_write_access(file); > + if (ret) > + return ret; > + > + ret = security_kernel_read_file(file, id); > + if (ret) > + goto out; > + > + i_size = i_size_read(file_inode(file)); > + if (i_size <= 0) { > + ret = -EINVAL; > + goto out; > + } > + if (i_size > SIZE_MAX || (max_size > 0 && i_size > max_size)) { > + ret = -EFBIG; > + goto out; > + } > + > + if (!*buf) > + *buf = allocated = vmalloc(i_size); > + if (!*buf) { > + ret = -ENOMEM; > + goto out; > + } > + > + pos = 0; > + while (pos < i_size) { > + bytes = kernel_read(file, *buf + pos, i_size - pos, &pos); > + if (bytes < 0) { > + ret = bytes; > + goto out_free; > + } > + > + if (bytes == 0) > + break; > + } > + > + if (pos != i_size) { > + ret = -EIO; > + goto out_free; > + } > + > + ret = security_kernel_post_read_file(file, *buf, i_size, id); > + if (!ret) > + *size = pos; > + > +out_free: > + if (ret < 0) { > + if (allocated) { > + vfree(*buf); > + *buf = NULL; > + } > + } > + > +out: > + allow_write_access(file); > + return ret; > +} > +EXPORT_SYMBOL_GPL(kernel_read_file); > + > +int kernel_read_file_from_path(const char *path, void **buf, loff_t *size, > + loff_t max_size, enum kernel_read_file_id id) > +{ > + struct file *file; > + int ret; > + > + if (!path || !*path) > + return -EINVAL; > + > + file = filp_open(path, O_RDONLY, 0); > + if (IS_ERR(file)) > + return PTR_ERR(file); > + > + ret = kernel_read_file(file, buf, size, max_size, id); > + fput(file); > + return ret; > +} > +EXPORT_SYMBOL_GPL(kernel_read_file_from_path); > + > +int kernel_read_file_from_path_initns(const char *path, void **buf, > + loff_t *size, loff_t max_size, > + enum kernel_read_file_id id) > +{ > + struct file *file; > + struct path root; > + int ret; > + > + if (!path || !*path) > + return -EINVAL; > + > + task_lock(&init_task); > + get_fs_root(init_task.fs, &root); > + task_unlock(&init_task); > + > + file = file_open_root(root.dentry, root.mnt, path, O_RDONLY, 0); > + path_put(&root); > + if (IS_ERR(file)) > + return PTR_ERR(file); > + > + ret = kernel_read_file(file, buf, size, max_size, id); > + fput(file); > + return ret; > +} > +EXPORT_SYMBOL_GPL(kernel_read_file_from_path_initns); > + > +int kernel_read_file_from_fd(int fd, void **buf, loff_t *size, loff_t max_size, > + enum kernel_read_file_id id) > +{ > + struct fd f = fdget(fd); > + int ret = -EBADF; > + > + if (!f.file) > + goto out; > + > + ret = kernel_read_file(f.file, buf, size, max_size, id); > +out: > + fdput(f); > + return ret; > +} > +EXPORT_SYMBOL_GPL(kernel_read_file_from_fd);