Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp9230911pxu; Mon, 28 Dec 2020 09:57:11 -0800 (PST) X-Google-Smtp-Source: ABdhPJxUD5uzaf7FsJtdCGNpqFqFky/ySkVlsuyp8JYKdEFHmo8kXBc0wx7ZJYdiV3KDTFIGxJjQ X-Received: by 2002:a50:e845:: with SMTP id k5mr9332933edn.35.1609178231340; Mon, 28 Dec 2020 09:57:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1609178231; cv=none; d=google.com; s=arc-20160816; b=PQWMmwKjQZNNlN7BWipj3f7YoMj6RZ4gwTIr7mff/0NPsR3LxH5JCBLZYVxUUIUKje RsQJOfdATTMKBesb55FfIyQg8xZ7/KgnQQERNsckTGaFDIguh+ru+Fy8k/N9opGd/lIe dA0c9DncLJ7z8pt99yBFF4ATw53Ndk7arflCbx04AuRYdF8Ah8NK864HsOD59I+kKLT2 6bDxB0diygEc3BgL6QHoykQqC90RQk74RcPnzhgel/Qq+u3q7rC0F6bqTDj7hFmXssVw 3NZVH4biX1gGbJy55J122QAdTukX5vGSP9euUYX+BuC5mopkDhYOlJRxkvj3SC5vdV+a +/Cw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=ppikvmdzOzUVaa/Oq7RUIiUWXQvCvJaYP6OKdpk7my8=; b=LkUsH1+dbvQnPV0J000tcc2HXy8eDcbZJxYhivBBTgi9uQUFS2o3Wyl3ghwUciglAw 0jfXXSF8jKdAb6Kb5FFUJNLLIMpLhWKINJxw/0E2wqMQEDyj13jEnvbHz1bSQZ8W1ot8 cX+wRtQd1/PZC0sl6Vor+cHCDKb6khfZ4uX92q+AFczDjc5WQbDKlaQf7u5LXyYLyaMQ 9ugy+ge6wB85y6aYRZi+47scyZtDeQhemjR8Br5J2g4wV4SyBnVoW18FCly5nkgXqhpP 5FPKGuhMG5Cv+kZS3J+zQXc/HXVrnRJag4C1aLb2BtC4dK14G2/Zw7Ky5dKA6iHBt7Fm G/qw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ceEHUZqn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id h17si18711971ejc.592.2020.12.28.09.56.49; Mon, 28 Dec 2020 09:57:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ceEHUZqn; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387460AbgL1NSH (ORCPT + 99 others); Mon, 28 Dec 2020 08:18:07 -0500 Received: from mail.kernel.org ([198.145.29.99]:46598 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731669AbgL1NSD (ORCPT ); Mon, 28 Dec 2020 08:18:03 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id A328520776; Mon, 28 Dec 2020 13:17:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1609161442; bh=QIOKw+a1dqpbLal4EBucqqYTu9j9NGnLum/n8hrfvwI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ceEHUZqnywsBNDrmxpSKwAlzlgPln2mSSoDUgPm0R7SdzvlCZXZI4WcxhV2ZKaLOs 0Bi5ss5Y3gIopBKgUCRbS+N/AY7uunWjw2v0aQ6VF2bGYzAKyWTZED4D82VakqBnQZ lUT7BMQgKscPLXrRIw7kgrZWkrlTjp3wnBT0QH2I= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Roberto Sassu , Christoph Hellwig , Mimi Zohar Subject: [PATCH 4.14 215/242] ima: Dont modify file descriptor mode on the fly Date: Mon, 28 Dec 2020 13:50:20 +0100 Message-Id: <20201228124915.249292543@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201228124904.654293249@linuxfoundation.org> References: <20201228124904.654293249@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Roberto Sassu commit 207cdd565dfc95a0a5185263a567817b7ebf5467 upstream. Commit a408e4a86b36b ("ima: open a new file instance if no read permissions") already introduced a second open to measure a file when the original file descriptor does not allow it. However, it didn't remove the existing method of changing the mode of the original file descriptor, which is still necessary if the current process does not have enough privileges to open a new one. Changing the mode isn't really an option, as the filesystem might need to do preliminary steps to make the read possible. Thus, this patch removes the code and keeps the second open as the only option to measure a file when it is unreadable with the original file descriptor. Cc: # 4.20.x: 0014cc04e8ec0 ima: Set file->f_mode Fixes: 2fe5d6def1672 ("ima: integrity appraisal extension") Signed-off-by: Roberto Sassu Reviewed-by: Christoph Hellwig Signed-off-by: Mimi Zohar Signed-off-by: Greg Kroah-Hartman --- security/integrity/ima/ima_crypto.c | 20 +++++--------------- 1 file changed, 5 insertions(+), 15 deletions(-) --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -432,7 +432,7 @@ int ima_calc_file_hash(struct file *file loff_t i_size; int rc; struct file *f = file; - bool new_file_instance = false, modified_mode = false; + bool new_file_instance = false; /* * For consistency, fail file's opened with the O_DIRECT flag on @@ -450,18 +450,10 @@ int ima_calc_file_hash(struct file *file O_TRUNC | O_CREAT | O_NOCTTY | O_EXCL); flags |= O_RDONLY; f = dentry_open(&file->f_path, flags, file->f_cred); - if (IS_ERR(f)) { - /* - * Cannot open the file again, lets modify f_mode - * of original and continue - */ - pr_info_ratelimited("Unable to reopen file for reading.\n"); - f = file; - f->f_mode |= FMODE_READ; - modified_mode = true; - } else { - new_file_instance = true; - } + if (IS_ERR(f)) + return PTR_ERR(f); + + new_file_instance = true; } i_size = i_size_read(file_inode(f)); @@ -476,8 +468,6 @@ int ima_calc_file_hash(struct file *file out: if (new_file_instance) fput(f); - else if (modified_mode) - f->f_mode &= ~FMODE_READ; return rc; }