Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp483388pxu; Thu, 26 Nov 2020 03:55:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJzYlZdTZpAlDYd+81bExwS9EQ5iSqXxAPTmprZMbmTEAytOSzEOnbSDUrUeWlcnWb+apR2b X-Received: by 2002:a17:906:7016:: with SMTP id n22mr2260250ejj.402.1606391753400; Thu, 26 Nov 2020 03:55:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606391753; cv=none; d=google.com; s=arc-20160816; b=HQ3CleMPpiqYUbRfO/is93H/RCI19y4lpxG1JrqKZpRGB/MXza0DQJMtX5bZt/nXA+ dPxlROJZWWk5H2VPoL6MagAtETqYm9tgc2+yGVgE7fUUAGbi0DNIZW555PWcWSmNP1xO vy4tXMWA02qIrNM3xWbgKNikmQ+fDXNN76Gl0Qva4DSY2IF/60//pWdXJAdz1v1wrPBP NJNRaNgN/TLwCWChhKWzqehk2o0ELhVi34do+J7cA1YvZ02HYg8qJzRodE2c1Ig9khl3 91jstKygQcKnwIY08uu1TXofiWOHcVjwIgP4OQ9a3aW6YSEZRn543T7ed9CNrROTxrSf IsFw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=Ky8M7mJ5iH5fde7WxUSfsZqRgay85iTF5uSFVt4Ii1k=; b=cA1JjtxbSDEC/SZY/rX/K2GiAEZyo8B0LQ9DXHS11pwRo0mafKwFdh4QtPWhMHCLXa E+N3RIuXgpYn7PcpF5+v1gUtb6zZwEl7Qlz6T0fB9dU3NC6VTnCsNjxJ9b/iQEqXior5 eT+eHM1u76nGyKmhHhIHSAtWh0tRtQd9kfzYdbZ7x1onuG4MHnW1DaN68pwErYrd9Kht eHtQkz/NOOydIw3MjUlFXmXYmk7mQoD4O5ClpDmefLG7PxnL0M8zJHciKF9Ey8F8zqbr nROPthDiTotfH6uVszrsNprGUHca+F2vzMMNChSBPHlJZ+bcCkeEDalSNPIJeAbhGjH8 0/Bw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s9si3050649edt.290.2020.11.26.03.55.30; Thu, 26 Nov 2020 03:55:53 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388143AbgKZKfO (ORCPT + 99 others); Thu, 26 Nov 2020 05:35:14 -0500 Received: from frasgout.his.huawei.com ([185.176.79.56]:2158 "EHLO frasgout.his.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729095AbgKZKfO (ORCPT ); Thu, 26 Nov 2020 05:35:14 -0500 Received: from fraeml714-chm.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4ChYww1WYjz67Hmq; Thu, 26 Nov 2020 18:32:32 +0800 (CST) Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.161) by fraeml714-chm.china.huawei.com (10.206.15.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.1.2106.2; Thu, 26 Nov 2020 11:35:10 +0100 From: Roberto Sassu To: , , CC: , , , , Roberto Sassu , Subject: [PATCH] ima: Don't modify file descriptor mode on the fly Date: Thu, 26 Nov 2020 11:34:56 +0100 Message-ID: <20201126103456.15167-1-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.27.GIT MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; charset=US-ASCII X-Originating-IP: [10.204.65.161] X-ClientProxiedBy: lhreml705-chm.china.huawei.com (10.201.108.54) To fraeml714-chm.china.huawei.com (10.206.15.33) X-CFilter-Loop: Reflected Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit a408e4a86b36b ("ima: open a new file instance if no read permissions") already introduced a second open to measure a file when the original file descriptor does not allow it. However, it didn't remove the existing method of changing the mode of the original file descriptor, which is still necessary if the current process does not have enough privileges to open a new one. Changing the mode isn't really an option, as the filesystem might need to do preliminary steps to make the read possible. Thus, this patch removes the code and keeps the second open as the only option to measure a file when it is unreadable with the original file descriptor. Cc: # 4.20.x: 0014cc04e8ec0 ima: Set file->f_mode Cc: # 4.20.x Fixes: 2fe5d6def1672 ("ima: integrity appraisal extension") Signed-off-by: Roberto Sassu --- security/integrity/ima/ima_crypto.c | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 21989fa0c107..f6a7e9643b54 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -537,7 +537,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash) loff_t i_size; int rc; struct file *f = file; - bool new_file_instance = false, modified_mode = false; + bool new_file_instance = false; /* * For consistency, fail file's opened with the O_DIRECT flag on @@ -555,18 +555,10 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash) O_TRUNC | O_CREAT | O_NOCTTY | O_EXCL); flags |= O_RDONLY; f = dentry_open(&file->f_path, flags, file->f_cred); - if (IS_ERR(f)) { - /* - * Cannot open the file again, lets modify f_mode - * of original and continue - */ - pr_info_ratelimited("Unable to reopen file for reading.\n"); - f = file; - f->f_mode |= FMODE_READ; - modified_mode = true; - } else { - new_file_instance = true; - } + if (IS_ERR(f)) + return PTR_ERR(f); + + new_file_instance = true; } i_size = i_size_read(file_inode(f)); @@ -581,8 +573,6 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash) out: if (new_file_instance) fput(f); - else if (modified_mode) - f->f_mode &= ~FMODE_READ; return rc; } -- 2.27.GIT