From patchwork Mon Jun 15 12:12:45 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11604703 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5875592A for ; Mon, 15 Jun 2020 12:14:49 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 36B0F20679 for ; Mon, 15 Jun 2020 12:14:49 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="KXplkiHZ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729748AbgFOMNI (ORCPT ); Mon, 15 Jun 2020 08:13:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44914 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729643AbgFOMNH (ORCPT ); Mon, 15 Jun 2020 08:13:07 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 09228C061A0E; Mon, 15 Jun 2020 05:13:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=fw2+4gebTcJUXyNcS2c+cOqcMRuf3D2bJUNwgAt6wzg=; b=KXplkiHZzZavRX9c6x4yElRiWI PiVjHiuc1WKPZpyV3w6ZlaXIrHZltHeHyCTjYjavzt6PR7KhIDHml7hB1ZLKdvm10dVnWSP3eM+Y0 HKnsa2aAKEn/nE/PQV1MVaQVIyiPqvBqhx1syoFCHVtlJqLvOMhP0j0FxdW3hU+pBLs91PK35jxPH d+YX5hfeZeuxVYujnXMdUqDRs1MXj4Zsn2/po/HypByFHGMJgAuELJHs5EeEpTGC+itwTVCqg+kOk x664eDt2L1v+i5k8xSm394AaL8F+aQiDWzT18/qpoGHlgEWFaETXPFcIcqSp2nM8DW5YH37wKb1bb /CWbG7bA==; Received: from 195-192-102-148.dyn.cablelink.at ([195.192.102.148] helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jknz4-0006zA-OK; Mon, 15 Jun 2020 12:13:03 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 01/13] cachefiles: switch to kernel_write Date: Mon, 15 Jun 2020 14:12:45 +0200 Message-Id: <20200615121257.798894-2-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200615121257.798894-1-hch@lst.de> References: <20200615121257.798894-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: __kernel_write doesn't take a sb_writers references, which we need here. Signed-off-by: Christoph Hellwig Reviewed-by: David Howells --- fs/cachefiles/rdwr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c index e7726f5f1241c2..3080cda9e82457 100644 --- a/fs/cachefiles/rdwr.c +++ b/fs/cachefiles/rdwr.c @@ -937,7 +937,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page) } data = kmap(page); - ret = __kernel_write(file, data, len, &pos); + ret = kernel_write(file, data, len, &pos); kunmap(page); fput(file); if (ret != len) From patchwork Mon Jun 15 12:12:46 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11604699 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4C64A159A for ; Mon, 15 Jun 2020 12:14:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2A906206D7 for ; Mon, 15 Jun 2020 12:14:43 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="YkE5+1YF" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730014AbgFOMOl (ORCPT ); Mon, 15 Jun 2020 08:14:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44922 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729701AbgFOMNI (ORCPT ); Mon, 15 Jun 2020 08:13:08 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 535A8C061A0E; Mon, 15 Jun 2020 05:13:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=jzV+T85fyIY/sAf/kMztKfiAVfq1VzZmIi5LCeoOypo=; b=YkE5+1YFVkKtHugpo6WqOnTtwW kaLbsbL3/1HgqpHrPc8HQQypbti2XhcEfHqm/BLrXH7gp5PrKbtn1a/4aW2UO030MbnxScOFjKZDT 7WiHrFJYAjLprSF8qpopP9Ffzrshvl42OFZcuQwUkIJVAAp6ZZCPNx4azD3YP4ME4c/XqnXj7Rh8B cCTny3XhqYbArIWAKoUiCrBArWdQ95SkuHOCkKRjLKEZELiGtofRV8HE1WesGep5P1HcbxmQkxn2b BpUPHSzHqZsJUaym0xhC4KLaRrmRgkhj3xgx+YPJid2y7ejwl7hJN6G/+C+FC62Egg1g8eE7URdrw O9aWCwIg==; Received: from 195-192-102-148.dyn.cablelink.at ([195.192.102.148] helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jknz7-0006zO-Ie; Mon, 15 Jun 2020 12:13:05 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 02/13] autofs: switch to kernel_write Date: Mon, 15 Jun 2020 14:12:46 +0200 Message-Id: <20200615121257.798894-3-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200615121257.798894-1-hch@lst.de> References: <20200615121257.798894-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: While pipes don't really need sb_writers projection, __kernel_write is an interface better kept private, and the additional rw_verify_area does not hurt here. Signed-off-by: Christoph Hellwig Acked-by: Ian Kent --- fs/autofs/waitq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/autofs/waitq.c b/fs/autofs/waitq.c index b04c528b19d342..74c886f7c51cbe 100644 --- a/fs/autofs/waitq.c +++ b/fs/autofs/waitq.c @@ -53,7 +53,7 @@ static int autofs_write(struct autofs_sb_info *sbi, mutex_lock(&sbi->pipe_mutex); while (bytes) { - wr = __kernel_write(file, data, bytes, &file->f_pos); + wr = kernel_write(file, data, bytes, &file->f_pos); if (wr <= 0) break; data += wr; From patchwork Mon Jun 15 12:12:47 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11604649 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C49D8912 for ; Mon, 15 Jun 2020 12:13:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A141B20739 for ; Mon, 15 Jun 2020 12:13:13 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="G819EK+Z" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729820AbgFOMNM (ORCPT ); Mon, 15 Jun 2020 08:13:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44930 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729644AbgFOMNL (ORCPT ); Mon, 15 Jun 2020 08:13:11 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 60F69C061A0E; Mon, 15 Jun 2020 05:13:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=PIZcUHBXRzg4FA/EeFx1uXo9md1v0NkQLsX0zI2zg6M=; b=G819EK+ZF3l4JKvJpNoDQkzaoG Lc/RMuX7kR6jflTIh7Afa84Wzq8HIOk+gxtGA3d0RxIRRhf8+RBsO2rynGtF9OMKdF2yS4xYVtAsk QGtjYG1cWqpNs4OJN48ErkHOWIILDg/LEQ+9pVsNPT9BzD7hh8m2mJM+zNl/SROcdASBZFw148eRf m6uRPy2cUiiKXsTjQ0NA1YARO0EQUaKUwMVBV5/J+H84bw/mf3fWWbf1bb1uUuSRBRlGlmkBraUmx S4P7BtemzJPe7aMW7+JssuP2APl/y9PTcRtklu7VyYbPuDpZXG461PZX8iswebAJjl1/tUT6jhD+H f5vN2xbA==; Received: from 195-192-102-148.dyn.cablelink.at ([195.192.102.148] helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jknzA-0006zf-Hg; Mon, 15 Jun 2020 12:13:08 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 03/13] bpfilter: switch to kernel_write Date: Mon, 15 Jun 2020 14:12:47 +0200 Message-Id: <20200615121257.798894-4-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200615121257.798894-1-hch@lst.de> References: <20200615121257.798894-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: While pipes don't really need sb_writers projection, __kernel_write is an interface better kept private, and the additional rw_verify_area does not hurt here. Signed-off-by: Christoph Hellwig --- net/bpfilter/bpfilter_kern.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/bpfilter/bpfilter_kern.c b/net/bpfilter/bpfilter_kern.c index c0f0990f30b604..1905e01c3aa9a7 100644 --- a/net/bpfilter/bpfilter_kern.c +++ b/net/bpfilter/bpfilter_kern.c @@ -50,7 +50,7 @@ static int __bpfilter_process_sockopt(struct sock *sk, int optname, req.len = optlen; if (!bpfilter_ops.info.pid) goto out; - n = __kernel_write(bpfilter_ops.info.pipe_to_umh, &req, sizeof(req), + n = kernel_write(bpfilter_ops.info.pipe_to_umh, &req, sizeof(req), &pos); if (n != sizeof(req)) { pr_err("write fail %zd\n", n); From patchwork Mon Jun 15 12:12:48 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11604693 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 4107D92A for ; Mon, 15 Jun 2020 12:14:36 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 285D8206D7 for ; Mon, 15 Jun 2020 12:14:36 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="jKPZ9uAC" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729839AbgFOMNP (ORCPT ); Mon, 15 Jun 2020 08:13:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44942 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729644AbgFOMNO (ORCPT ); Mon, 15 Jun 2020 08:13:14 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D95D3C061A0E; Mon, 15 Jun 2020 05:13:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=Bo298b9PL3Uu2rIZ3OmLGqOnn53VokHDlRvRjRJg3qI=; b=jKPZ9uACRORYoVYfoI9BXm464h JAOZmm17I/gcyaUnBHlK+WlpVJukkJcI90F63eLmNjNozlT9vx8Tt5mWdVn/Dfjqb3Aw76UdwdRlz T5i2QqrD/mXLNdun/r67H+rr3o0KApAG+8q2Ypjm12fHXkSUJanraLSZVMD5k0eGHLbQ07c5wPeok MOJwbPJnNywbgSwsYVUOZ6J5UVLGo5nFsVp/Ggc9kCldQQ8J/VT3Gvc/sAYw6t3tPhypFnyAFAvlL KUThAWN2V1Gew5jobpg/iDOwnpHf9aSHWtZXV6yJf0VdqlDBeBiSty06lQ9fYXjwNb7S8Xh9N0jzh RUAmkXsA==; Received: from 195-192-102-148.dyn.cablelink.at ([195.192.102.148] helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jknzD-00070N-6m; Mon, 15 Jun 2020 12:13:11 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 04/13] fs: unexport __kernel_write Date: Mon, 15 Jun 2020 14:12:48 +0200 Message-Id: <20200615121257.798894-5-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200615121257.798894-1-hch@lst.de> References: <20200615121257.798894-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: This is a very special interface that skips sb_writes protection, and not used by modules anymore. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/read_write.c b/fs/read_write.c index bbfa9b12b15eb7..2c601d853ff3d8 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -522,7 +522,6 @@ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t inc_syscw(current); return ret; } -EXPORT_SYMBOL(__kernel_write); ssize_t kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) From patchwork Mon Jun 15 12:12:49 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11604655 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EBD2E92A for ; Mon, 15 Jun 2020 12:13:22 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D3FEC206D7 for ; Mon, 15 Jun 2020 12:13:22 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="KL4PXATW" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729855AbgFOMNS (ORCPT ); Mon, 15 Jun 2020 08:13:18 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44948 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729854AbgFOMNR (ORCPT ); Mon, 15 Jun 2020 08:13:17 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4F0BFC061A0E; Mon, 15 Jun 2020 05:13:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: Content-Type:MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc: To:From:Sender:Reply-To:Content-ID:Content-Description; bh=2BlRuJ2pmNZR4h52dmedFXwTdTgWfjbTqLeho/km0oQ=; b=KL4PXATW5bzWQa6KgiIiBdB2Fz X4SbmtBexwGNoK+sfLzMEe07mtCa6yoATAtxW3bgtPrIBNGYmVsC3pqNMFzCnfDXEqZ8EwsSauN68 ihvICY3c3i5Afl6bBW9x8KxperepdeS/Y76TywQnXn67ybv5tvxh3hmoDxkcgQNwuRivuM2L3Zj6G 6WP3n5j1aSVHmDWB2hwxEHkfmq+o0/WahF6XJt0V4CPdQW0WoNC0srSoEsJ4nvcRpX+F6NFtBVP4t Yfu/TiZhQ7u/rvUElGAuaWtvzyPT+OCxDhl30nUETjbiKzqZjoWNF2ElfBvb5JHrkoCYOZA9aTkfU VSyLjlYA==; Received: from 195-192-102-148.dyn.cablelink.at ([195.192.102.148] helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jknzG-00070t-2U; Mon, 15 Jun 2020 12:13:14 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 05/13] fs: check FMODE_WRITE in __kernel_write Date: Mon, 15 Jun 2020 14:12:49 +0200 Message-Id: <20200615121257.798894-6-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200615121257.798894-1-hch@lst.de> References: <20200615121257.798894-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: We still need to check if the fѕ is open write, even for the low-level helper. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/read_write.c b/fs/read_write.c index 2c601d853ff3d8..76be155ad98242 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -505,6 +505,8 @@ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t const char __user *p; ssize_t ret; + if (!(file->f_mode & FMODE_WRITE)) + return -EBADF; if (!(file->f_mode & FMODE_CAN_WRITE)) return -EINVAL; From patchwork Mon Jun 15 12:12:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11604657 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7AEEB912 for ; Mon, 15 Jun 2020 12:13:23 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5A11C206D7 for ; Mon, 15 Jun 2020 12:13:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="PplWXNk6" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728510AbgFOMNW (ORCPT ); Mon, 15 Jun 2020 08:13:22 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44956 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729868AbgFOMNT (ORCPT ); Mon, 15 Jun 2020 08:13:19 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A5DA2C061A0E; Mon, 15 Jun 2020 05:13:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=ZbaBcuk5JEiQynZOdgILty6nImhbTO8PWIKxcr9jXUI=; b=PplWXNk6ecjBwXWk5w42Iu/Gir kwKzwlPF8ijEvKAmPw8Eva2egr95FfYdhQrrNFttpWET7omAVVKbnRH7qoblPQig4/S1yCGptRKIy K5HwFDO8kb13Bg6HSU0cJHH/bEE9OkiT8hCGP0yn8MfDEANSdf4jNCgo8ZfZ6pSv0u0yw3HtDB8Zg b997ssPJ1cOXJMn8MhnW/gvI/EoOA/+2NK+7vQOfR/F2Yylxneo7iNRID0Rf7bIut+YhkhmVSxi4I rAC/Cmadm/2MenHINrer1NZCwRX7AxFdTNv5rz9RRNpXwZoRKZW7t8XgjmpIpHZFY3nEV6AUwtxR6 kAR/J1iA==; Received: from 195-192-102-148.dyn.cablelink.at ([195.192.102.148] helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jknzI-00071O-UW; Mon, 15 Jun 2020 12:13:17 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 06/13] fs: implement kernel_write using __kernel_write Date: Mon, 15 Jun 2020 14:12:50 +0200 Message-Id: <20200615121257.798894-7-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200615121257.798894-1-hch@lst.de> References: <20200615121257.798894-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Consolidate the two in-kernel write helpers to make upcoming changes easier. The only difference are the missing call to rw_verify_area in kernel_write, and an access_ok check that doesn't make sense for kernel buffers to start with. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index 76be155ad98242..9d50d3cec017d8 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -499,6 +499,7 @@ static ssize_t __vfs_write(struct file *file, const char __user *p, return -EINVAL; } +/* caller is responsible for file_start_write/file_end_write */ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) { mm_segment_t old_fs; @@ -528,16 +529,16 @@ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t ssize_t kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) { - mm_segment_t old_fs; - ssize_t res; + ssize_t ret; - old_fs = get_fs(); - set_fs(KERNEL_DS); - /* The cast to a user pointer is valid due to the set_fs() */ - res = vfs_write(file, (__force const char __user *)buf, count, pos); - set_fs(old_fs); + ret = rw_verify_area(WRITE, file, pos, count); + if (ret) + return ret; - return res; + file_start_write(file); + ret = __kernel_write(file, buf, count, pos); + file_end_write(file); + return ret; } EXPORT_SYMBOL(kernel_write); From patchwork Mon Jun 15 12:12:51 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11604661 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A3E2A14DD for ; Mon, 15 Jun 2020 12:13:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8CAD820738 for ; Mon, 15 Jun 2020 12:13:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="R/8vJ0ka" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729892AbgFOMN1 (ORCPT ); Mon, 15 Jun 2020 08:13:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44966 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729880AbgFOMNW (ORCPT ); Mon, 15 Jun 2020 08:13:22 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B506FC061A0E; Mon, 15 Jun 2020 05:13:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=TlGwNzeUV5SdPQdMXQTZE0wOboZa+pqgldScyQb3lYk=; b=R/8vJ0kaupTtFA7vm44e95YJSf 2lHoDQbLTSdYcQrFbG42XLO52ZQcIlOP2li/9rkRD6XWWwJwBuZVuGcB+4vxYC8AiOrV+tfnCfcKY Vcy53UEFZ4ewPWBs9gmBjIxI+13GOiZYXgzgzF6rqJ4PbLd3qGxLVtRfQ+U2NgbzuhFo/4LiCdHoA h63M0qShCyWfl5jDpQapGOndZl2a9yGtMwu7WEyFyqdAWqmCrA/M/6+NVQRgKTBarhzae8xLAGhWs GOZOeynjzOj61ziv0S+SGCB5mNj53/z8sV+mMOI8xNwWZIocZl4t1b3maeA0ajsIZkgmfz25JLykO vps/Hsnw==; Received: from 195-192-102-148.dyn.cablelink.at ([195.192.102.148] helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jknzL-000724-QC; Mon, 15 Jun 2020 12:13:20 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 07/13] fs: remove __vfs_write Date: Mon, 15 Jun 2020 14:12:51 +0200 Message-Id: <20200615121257.798894-8-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200615121257.798894-1-hch@lst.de> References: <20200615121257.798894-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Fold it into the two callers. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 46 ++++++++++++++++++++++------------------------ 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index 9d50d3cec017d8..f81e15c95f576c 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -488,17 +488,6 @@ static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t return ret; } -static ssize_t __vfs_write(struct file *file, const char __user *p, - size_t count, loff_t *pos) -{ - if (file->f_op->write) - return file->f_op->write(file, p, count, pos); - else if (file->f_op->write_iter) - return new_sync_write(file, p, count, pos); - else - return -EINVAL; -} - /* caller is responsible for file_start_write/file_end_write */ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) { @@ -516,7 +505,12 @@ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t p = (__force const char __user *)buf; if (count > MAX_RW_COUNT) count = MAX_RW_COUNT; - ret = __vfs_write(file, p, count, pos); + if (file->f_op->write) + ret = file->f_op->write(file, p, count, pos); + else if (file->f_op->write_iter) + ret = new_sync_write(file, p, count, pos); + else + ret = -EINVAL; set_fs(old_fs); if (ret > 0) { fsnotify_modify(file); @@ -554,19 +548,23 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_ return -EFAULT; ret = rw_verify_area(WRITE, file, pos, count); - if (!ret) { - if (count > MAX_RW_COUNT) - count = MAX_RW_COUNT; - file_start_write(file); - ret = __vfs_write(file, buf, count, pos); - if (ret > 0) { - fsnotify_modify(file); - add_wchar(current, ret); - } - inc_syscw(current); - file_end_write(file); + if (ret) + return ret; + if (count > MAX_RW_COUNT) + count = MAX_RW_COUNT; + file_start_write(file); + if (file->f_op->write) + ret = file->f_op->write(file, buf, count, pos); + else if (file->f_op->write_iter) + ret = new_sync_write(file, buf, count, pos); + else + ret = -EINVAL; + if (ret > 0) { + fsnotify_modify(file); + add_wchar(current, ret); } - + inc_syscw(current); + file_end_write(file); return ret; } From patchwork Mon Jun 15 12:12:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11604691 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id AEF81912 for ; Mon, 15 Jun 2020 12:14:30 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9649E206D7 for ; Mon, 15 Jun 2020 12:14:30 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="cE84tygu" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729908AbgFOMOX (ORCPT ); Mon, 15 Jun 2020 08:14:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44978 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729868AbgFOMN0 (ORCPT ); Mon, 15 Jun 2020 08:13:26 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F5C1C061A0E; Mon, 15 Jun 2020 05:13:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=VBVeuzuM0P2q7W7ljlXXpDeFT/LdXFSEK3FuQYaqgbw=; b=cE84tygumZOTSk2LdOM0spcCKt h0fdezrVYR70UorfbR2STjeuuNJx0mibOd3HntKUaw8UYL1v+oHSsAzuaZNgOPDBKlNtUZxpn6NMi A5FtaDTwAbPmExJgOxJ1YZsasH3kb6cmLgl5NmLGAwFkY2xUuRgBuVusurSTe+YejKlNGsPQV3PSz dFwxqVAQhdVWSQC6rToszDj6EifTUtdZsSNBwu98fgxYgau2H7K5+podse+cgEXcJiWBwAjZmM9UL /cgW9z7pFcu6KfZUHJTKf3lEtgi1dTdpcB3Aw2hCcQgqEhyt9bD0nb869ecwvg/EythVDYR58lK2l xDGs//4Q==; Received: from 195-192-102-148.dyn.cablelink.at ([195.192.102.148] helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jknzP-00072p-68; Mon, 15 Jun 2020 12:13:23 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 08/13] fs: don't change the address limit for ->write_iter in __kernel_write Date: Mon, 15 Jun 2020 14:12:52 +0200 Message-Id: <20200615121257.798894-9-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200615121257.798894-1-hch@lst.de> References: <20200615121257.798894-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: If we write to a file that implements ->write_iter there is no need to change the address limit if we send a kvec down. Implement that case, and prefer it over using plain ->write with a changed address limit if available. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index f81e15c95f576c..4fb7966f023526 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -491,8 +491,6 @@ static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t /* caller is responsible for file_start_write/file_end_write */ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) { - mm_segment_t old_fs; - const char __user *p; ssize_t ret; if (!(file->f_mode & FMODE_WRITE)) @@ -500,18 +498,29 @@ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t if (!(file->f_mode & FMODE_CAN_WRITE)) return -EINVAL; - old_fs = get_fs(); - set_fs(KERNEL_DS); - p = (__force const char __user *)buf; if (count > MAX_RW_COUNT) count = MAX_RW_COUNT; - if (file->f_op->write) - ret = file->f_op->write(file, p, count, pos); - else if (file->f_op->write_iter) - ret = new_sync_write(file, p, count, pos); - else + if (file->f_op->write_iter) { + struct kvec iov = { .iov_base = (void *)buf, .iov_len = count }; + struct kiocb kiocb; + struct iov_iter iter; + + init_sync_kiocb(&kiocb, file); + kiocb.ki_pos = *pos; + iov_iter_kvec(&iter, WRITE, &iov, 1, count); + ret = file->f_op->write_iter(&kiocb, &iter); + if (ret > 0) + *pos = kiocb.ki_pos; + } else if (file->f_op->write) { + mm_segment_t old_fs = get_fs(); + + set_fs(KERNEL_DS); + ret = file->f_op->write(file, (__force const char __user *)buf, + count, pos); + set_fs(old_fs); + } else { ret = -EINVAL; - set_fs(old_fs); + } if (ret > 0) { fsnotify_modify(file); add_wchar(current, ret); From patchwork Mon Jun 15 12:12:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11604683 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8073C92A for ; Mon, 15 Jun 2020 12:14:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 65AC720738 for ; Mon, 15 Jun 2020 12:14:13 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="kJGaLFdm" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729914AbgFOMNc (ORCPT ); Mon, 15 Jun 2020 08:13:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44986 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729898AbgFOMN3 (ORCPT ); Mon, 15 Jun 2020 08:13:29 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3DD72C061A0E; Mon, 15 Jun 2020 05:13:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=zJW7Jtqa7VI4dbEhWxHAS4o1PYq8n66woBay8gaz72c=; b=kJGaLFdmv2/MpBs2fnBDhfYmc+ KKYxOioe2yFs4iG308ClfQBLEOlLThWQVk4nqZtqFFf/BR5IuYMW9DOd+CTC1e2d20YWSLvECRwnU pylluOhKk2wkHrp8ZoIINCO8BzvJ2kLaaSWU69v6bDeJ80kfMdgn6W0YD/fPsNzTLR/uuzvLrmsx/ Uke6WfTdfG0toHXwpgZ6hKJTMmyf4bgWhqFNxmf+IWUyVahJhy8NnIAg3TuzApLqSk6EU8kyQiA+V DNFkVG61FUdu0SOfZmm2ELiS9MgvlBOCRJO9qsQu3hcpLBhiSar/XWr8sRAvebwHCRxuoK57Aemqr K8vhtv7A==; Received: from 195-192-102-148.dyn.cablelink.at ([195.192.102.148] helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jknzS-00073g-5E; Mon, 15 Jun 2020 12:13:26 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 09/13] fs: add a __kernel_read helper Date: Mon, 15 Jun 2020 14:12:53 +0200 Message-Id: <20200615121257.798894-10-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200615121257.798894-1-hch@lst.de> References: <20200615121257.798894-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: This is the counterpart to __kernel_write, and skip the rw_verify_area call compared to kernel_read. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 21 +++++++++++++++++++++ include/linux/fs.h | 1 + 2 files changed, 22 insertions(+) diff --git a/fs/read_write.c b/fs/read_write.c index 4fb7966f023526..3364fdfc2982b4 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -430,6 +430,27 @@ ssize_t __vfs_read(struct file *file, char __user *buf, size_t count, return -EINVAL; } +ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) +{ + mm_segment_t old_fs = get_fs(); + ssize_t ret; + + if (!(file->f_mode & FMODE_CAN_READ)) + return -EINVAL; + + if (count > MAX_RW_COUNT) + count = MAX_RW_COUNT; + set_fs(KERNEL_DS); + ret = __vfs_read(file, (void __user *)buf, count, pos); + set_fs(old_fs); + if (ret > 0) { + fsnotify_access(file); + add_rchar(current, ret); + } + inc_syscr(current); + return ret; +} + ssize_t kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) { mm_segment_t old_fs; diff --git a/include/linux/fs.h b/include/linux/fs.h index 6c4ab4dc1cd718..21613bf1b49690 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -3035,6 +3035,7 @@ extern int kernel_read_file_from_path_initns(const char *, void **, loff_t *, lo extern int kernel_read_file_from_fd(int, void **, loff_t *, loff_t, enum kernel_read_file_id); extern ssize_t kernel_read(struct file *, void *, size_t, loff_t *); +ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos); extern ssize_t kernel_write(struct file *, const void *, size_t, loff_t *); extern ssize_t __kernel_write(struct file *, const void *, size_t, loff_t *); extern struct file * open_exec(const char *); From patchwork Mon Jun 15 12:12:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11604685 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 59599912 for ; Mon, 15 Jun 2020 12:14:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 373A6206D7 for ; Mon, 15 Jun 2020 12:14:14 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="MW6WKUON" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729981AbgFOMON (ORCPT ); Mon, 15 Jun 2020 08:14:13 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44998 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729908AbgFOMNc (ORCPT ); Mon, 15 Jun 2020 08:13:32 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3ECEDC061A0E; Mon, 15 Jun 2020 05:13:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=EBziasLTB9yyj8vVMRpUDtYmmAnu214zH16u+u17qnY=; b=MW6WKUONFQZxICu7turzJKDY7v QGc2aDqWPAjffBuQW310yEAMTvWlwCDyU4WKshAhsUAvasBR9HL7nir4NZzck9WGSEqNtJGer6uJj hmc8sHyARGV+U9MyZFT5nuxJnlHsvvELiXKzwOfYtvPn9VEyWIqQ8Rifc/UOPO9H6xQjpy7ssP55z 3217JGlgjaaC3Y0vJYqNZcip+USpgQaErA/HobKBJh+/RCLPf0NWQFUY7n8BnWnRLZhI33Kf40nWG pkbvU0R6tu6ZF+uHnVZ5kMQjp24DTXDWl0jv9rc6mkQHFSnrFkCTwmXABHlTDWqw5pU6nA97b7z2R H/T/+/Yg==; Received: from 195-192-102-148.dyn.cablelink.at ([195.192.102.148] helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jknzV-00074A-E8; Mon, 15 Jun 2020 12:13:29 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 10/13] integrity/ima: switch to using __kernel_read Date: Mon, 15 Jun 2020 14:12:54 +0200 Message-Id: <20200615121257.798894-11-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200615121257.798894-1-hch@lst.de> References: <20200615121257.798894-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: __kernel_read has a bunch of additional sanity checks, and this moves the set_fs out of non-core code. Signed-off-by: Christoph Hellwig --- security/integrity/iint.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/security/integrity/iint.c b/security/integrity/iint.c index e12c4900510f60..1d20003243c3fb 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -188,19 +188,7 @@ DEFINE_LSM(integrity) = { int integrity_kernel_read(struct file *file, loff_t offset, void *addr, unsigned long count) { - mm_segment_t old_fs; - char __user *buf = (char __user *)addr; - ssize_t ret; - - if (!(file->f_mode & FMODE_READ)) - return -EBADF; - - old_fs = get_fs(); - set_fs(KERNEL_DS); - ret = __vfs_read(file, buf, count, &offset); - set_fs(old_fs); - - return ret; + return __kernel_read(file, addr, count, &offset); } /* From patchwork Mon Jun 15 12:12:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11604667 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 92EED912 for ; Mon, 15 Jun 2020 12:13:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 7ADCA206D7 for ; Mon, 15 Jun 2020 12:13:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="kQj/YptZ" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729898AbgFOMNi (ORCPT ); Mon, 15 Jun 2020 08:13:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729926AbgFOMNf (ORCPT ); Mon, 15 Jun 2020 08:13:35 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1B41AC061A0E; Mon, 15 Jun 2020 05:13:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=/uNGWMS6wsKEeNDbdq2MMYM/revZQnG+SE/ig1KbAgs=; b=kQj/YptZTgHtviYD8VY9pDaHTh Nth47/JWS6HPkOCKIBaXf+P0hgcO4QYIwlLm15PzHXiO8z3vDfVw2OZQfftIyksXcjksV6yZ9q0Kz zQPx0MsVBOuBNzzEYpYY/jP8yjvy8CDszcUkg6hJVpCabuI1zJ1tOw9U3oVn+aijjVm8Brck+zI8t yxLxbHcvW5Uj5T74opjNyhohAHs+gDyfJiHUQtXWs8f5Esfe5q3VXOv+tOtjkKBoXS6OdlLXsJ2PB XL4XVX0iMzkEKdQKWmdfmQpCM5qhGYqdDt3Cji/4SSbJXr/IYiiKx+PhQcHwCqo9jFV2EaaSNKFMH vBtD8CzA==; Received: from 195-192-102-148.dyn.cablelink.at ([195.192.102.148] helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jknzY-00074R-9o; Mon, 15 Jun 2020 12:13:32 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 11/13] fs: implement kernel_read using __kernel_read Date: Mon, 15 Jun 2020 14:12:55 +0200 Message-Id: <20200615121257.798894-12-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200615121257.798894-1-hch@lst.de> References: <20200615121257.798894-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Consolidate the two in-kernel read helpers to make upcoming changes easier. The only difference are the missing call to rw_verify_area in kernel_read, and an access_ok check that doesn't make sense for kernel buffers to start with. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index 3364fdfc2982b4..e1c471982d6213 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -453,15 +453,12 @@ ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) ssize_t kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) { - mm_segment_t old_fs; - ssize_t result; + ssize_t ret; - old_fs = get_fs(); - set_fs(KERNEL_DS); - /* The cast to a user pointer is valid due to the set_fs() */ - result = vfs_read(file, (void __user *)buf, count, pos); - set_fs(old_fs); - return result; + ret = rw_verify_area(READ, file, pos, count); + if (ret) + return ret; + return __kernel_read(file, buf, count, pos); } EXPORT_SYMBOL(kernel_read); From patchwork Mon Jun 15 12:12:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11604677 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 46B4C912 for ; Mon, 15 Jun 2020 12:14:01 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2F5EE20738 for ; Mon, 15 Jun 2020 12:14:01 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="h4wEdYkP" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729942AbgFOMNl (ORCPT ); Mon, 15 Jun 2020 08:13:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45022 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729937AbgFOMNk (ORCPT ); Mon, 15 Jun 2020 08:13:40 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 88EDAC05BD43; Mon, 15 Jun 2020 05:13:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=AQ5udJA+NwKe8G2MYfCPk2Yw3QD75S9zXgkBfTA1DOU=; b=h4wEdYkPn5ozRggWS9tSnqPRr0 5jT20oaxNcQF7Ln/kWUSLNYlCZAAXqnHi49z4o5CqA8ycGZ/ecZEIZFE4cesO4zd/AOvalXy9/1wT wDa1d0qDmgdtiFWzWtQ02fO0dDfUJGJq0kdvJ+PAIQg8l+fi9sY6SmUZvNZHiPicivaSR2gYx+9VP Jllvfzy6ci9oZhnfVajkdnPcDEjNZF1oC6K/1UcLP5TdfoztfUVLUhORexhNrQW8JYxcZbUhiNU60 96GjLjoPc5BOE0gPS7AwFsgWVSbxisSxiSBQLvDtaobSpVup94FoqV5YnFQ0XUT1a190klAHJt/Yu 2W/2UKRA==; Received: from 195-192-102-148.dyn.cablelink.at ([195.192.102.148] helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jknzb-00075C-Im; Mon, 15 Jun 2020 12:13:35 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 12/13] fs: remove __vfs_read Date: Mon, 15 Jun 2020 14:12:56 +0200 Message-Id: <20200615121257.798894-13-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200615121257.798894-1-hch@lst.de> References: <20200615121257.798894-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Fold it into the two callers. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 43 +++++++++++++++++++++---------------------- include/linux/fs.h | 1 - 2 files changed, 21 insertions(+), 23 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index e1c471982d6213..1d43da8554dc0d 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -419,17 +419,6 @@ static ssize_t new_sync_read(struct file *filp, char __user *buf, size_t len, lo return ret; } -ssize_t __vfs_read(struct file *file, char __user *buf, size_t count, - loff_t *pos) -{ - if (file->f_op->read) - return file->f_op->read(file, buf, count, pos); - else if (file->f_op->read_iter) - return new_sync_read(file, buf, count, pos); - else - return -EINVAL; -} - ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) { mm_segment_t old_fs = get_fs(); @@ -441,7 +430,12 @@ ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) if (count > MAX_RW_COUNT) count = MAX_RW_COUNT; set_fs(KERNEL_DS); - ret = __vfs_read(file, (void __user *)buf, count, pos); + if (file->f_op->read) + ret = file->f_op->read(file, (void __user *)buf, count, pos); + else if (file->f_op->read_iter) + ret = new_sync_read(file, (void __user *)buf, count, pos); + else + ret = -EINVAL; set_fs(old_fs); if (ret > 0) { fsnotify_access(file); @@ -474,17 +468,22 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) return -EFAULT; ret = rw_verify_area(READ, file, pos, count); - if (!ret) { - if (count > MAX_RW_COUNT) - count = MAX_RW_COUNT; - ret = __vfs_read(file, buf, count, pos); - if (ret > 0) { - fsnotify_access(file); - add_rchar(current, ret); - } - inc_syscr(current); - } + if (ret) + return ret; + if (count > MAX_RW_COUNT) + count = MAX_RW_COUNT; + if (file->f_op->read) + ret = file->f_op->read(file, buf, count, pos); + else if (file->f_op->read_iter) + ret = new_sync_read(file, buf, count, pos); + else + ret = -EINVAL; + if (ret > 0) { + fsnotify_access(file); + add_rchar(current, ret); + } + inc_syscr(current); return ret; } diff --git a/include/linux/fs.h b/include/linux/fs.h index 21613bf1b49690..522d04843d4175 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1917,7 +1917,6 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector, struct iovec *fast_pointer, struct iovec **ret_pointer); -extern ssize_t __vfs_read(struct file *, char __user *, size_t, loff_t *); extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *); extern ssize_t vfs_write(struct file *, const char __user *, size_t, loff_t *); extern ssize_t vfs_readv(struct file *, const struct iovec __user *, From patchwork Mon Jun 15 12:12:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11604675 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5A520912 for ; Mon, 15 Jun 2020 12:13:57 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3994A206D7 for ; Mon, 15 Jun 2020 12:13:57 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="E+eWHfg8" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729952AbgFOMNm (ORCPT ); Mon, 15 Jun 2020 08:13:42 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45024 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729944AbgFOMNl (ORCPT ); Mon, 15 Jun 2020 08:13:41 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 829ACC061A0E; Mon, 15 Jun 2020 05:13:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=PF4bzIK4C6pn8fyYVupIOSqczJ5WF2NO/8H9ENbmrME=; b=E+eWHfg8isJ5VnITgvQWL3PrTo CDP0ntDNh+D+4Y08c8n8h6tHp2L9c9d/GgR/kYjjigllS6cMvUNBnKSyB2L7sPJdVG1xFLXFu9dyW Iym0Uuru+rhilWJlPJB3/dGxZw7NdKubcyQyXGhIiznynOkFlDx+iuJOyFfHzOQnV4C1f47dLYPG4 ldy+u85fJelGMj9wn7XQ59dTHR3794/tzkjF4hErxrs3cls381N+ryJYL6Yg4AceK14tMkjB218eK 9jkbhkpcH8PUkqwWO5arDXrWC/D6KfxnRK3nmVcpvHozawoTwmEkslU3GmBNAy/5DsKsgM9KbJwoe g9qLP+bQ==; Received: from 195-192-102-148.dyn.cablelink.at ([195.192.102.148] helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jknze-00075s-L2; Mon, 15 Jun 2020 12:13:39 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 13/13] fs: don't change the address limit for ->read_iter in __kernel_read Date: Mon, 15 Jun 2020 14:12:57 +0200 Message-Id: <20200615121257.798894-14-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200615121257.798894-1-hch@lst.de> References: <20200615121257.798894-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: If we read to a file that implements ->read_iter there is no need to change the address limit if we send a kvec down. Implement that case, and prefer it over using plain ->read with a changed address limit if available. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index 1d43da8554dc0d..3bde37aa63db6c 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -421,7 +421,6 @@ static ssize_t new_sync_read(struct file *filp, char __user *buf, size_t len, lo ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) { - mm_segment_t old_fs = get_fs(); ssize_t ret; if (!(file->f_mode & FMODE_CAN_READ)) @@ -429,14 +428,25 @@ ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) if (count > MAX_RW_COUNT) count = MAX_RW_COUNT; - set_fs(KERNEL_DS); - if (file->f_op->read) + if (file->f_op->read_iter) { + struct kvec iov = { .iov_base = buf, .iov_len = count }; + struct kiocb kiocb; + struct iov_iter iter; + + init_sync_kiocb(&kiocb, file); + kiocb.ki_pos = *pos; + iov_iter_kvec(&iter, READ, &iov, 1, count); + ret = file->f_op->read_iter(&kiocb, &iter); + *pos = kiocb.ki_pos; + } else if (file->f_op->read) { + mm_segment_t old_fs = get_fs(); + + set_fs(KERNEL_DS); ret = file->f_op->read(file, (void __user *)buf, count, pos); - else if (file->f_op->read_iter) - ret = new_sync_read(file, (void __user *)buf, count, pos); - else + set_fs(old_fs); + } else { ret = -EINVAL; - set_fs(old_fs); + } if (ret > 0) { fsnotify_access(file); add_rchar(current, ret);