[10/13] integrity/ima: switch to using __kernel_read

Message ID	20200615121257.798894-11-hch@lst.de (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=rGFO=74=vger.kernel.org=linux-fsdevel-owner@kernel.org> From: Christoph Hellwig <hch@lst.de> To: Al Viro <viro@zeniv.linux.org.uk> Cc: Linus Torvalds <torvalds@linux-foundation.org>, Ian Kent <raven@themaw.net>, David Howells <dhowells@redhat.com>, linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 10/13] integrity/ima: switch to using __kernel_read Date: Mon, 15 Jun 2020 14:12:54 +0200 Message-Id: <20200615121257.798894-11-hch@lst.de> In-Reply-To: <20200615121257.798894-1-hch@lst.de> References: <20200615121257.798894-1-hch@lst.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk
Series	[01/13] cachefiles: switch to kernel_write \| expand [01/13] cachefiles: switch to kernel_write [02/13] autofs: switch to kernel_write [03/13] bpfilter: switch to kernel_write [04/13] fs: unexport __kernel_write [05/13] fs: check FMODE_WRITE in __kernel_write [06/13] fs: implement kernel_write using __kernel_write [07/13] fs: remove __vfs_write [08/13] fs: don't change the address limit for ->write_iter in __kernel_write [09/13] fs: add a __kernel_read helper [10/13] integrity/ima: switch to using __kernel_read [11/13] fs: implement kernel_read using __kernel_read [12/13] fs: remove __vfs_read [13/13] fs: don't change the address limit for ->read_iter in __kernel_read

Message ID

20200615121257.798894-11-hch@lst.de (mailing list archive)

State

New, archived

Headers

From: Christoph Hellwig <hch@lst.de>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
        Ian Kent <raven@themaw.net>,
        David Howells <dhowells@redhat.com>,
        linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        netfilter-devel@vger.kernel.org
Subject: [PATCH 10/13] integrity/ima: switch to using __kernel_read
Date: Mon, 15 Jun 2020 14:12:54 +0200
Message-Id: <20200615121257.798894-11-hch@lst.de>
In-Reply-To: <20200615121257.798894-1-hch@lst.de>
References: <20200615121257.798894-1-hch@lst.de>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk

Series

[01/13] cachefiles: switch to kernel_write | expand

Commit Message

Christoph Hellwig June 15, 2020, 12:12 p.m. UTC

__kernel_read has a bunch of additional sanity checks, and this moves
the set_fs out of non-core code.

Signed-off-by: Christoph Hellwig <hch@lst.de>
---
 security/integrity/iint.c | 14 +-------------
 1 file changed, 1 insertion(+), 13 deletions(-)

Comments

Linus Torvalds June 15, 2020, 4:46 p.m. UTC | #1

On Mon, Jun 15, 2020 at 5:13 AM Christoph Hellwig <hch@lst.de> wrote:
>
> __kernel_read has a bunch of additional sanity checks, and this moves
> the set_fs out of non-core code.

Wel, you also seem to be removing this part:

> -       if (!(file->f_mode & FMODE_READ))
> -               return -EBADF;

which you didn't add in the previous patch that implemented __kernel_read().

It worries me that you're making these kinds of transformations where
the comments imply it's a no-op, but the actual code doesn't agree.

Especially when it's part of one large patch series and each commit
looks trivial.

This kind of series needs more care. Maybe that test isn't necessary,
but it isn't obvious, and I really don't like how you completely
glossed over totally changing what the code did.

               Linus

Linus Torvalds June 15, 2020, 4:56 p.m. UTC | #2

On Mon, Jun 15, 2020 at 9:46 AM Linus Torvalds
<torvalds@linux-foundation.org> wrote:
>
> It worries me that you're making these kinds of transformations where
> the comments imply it's a no-op, but the actual code doesn't agree.

Note that it's not that I think the FMODE_READ check is necessarily
_needed_. It's more the discrepancy between the commit message and the
code change that I don't like.

The commit message implies that __kernel_read() has _more_ checks than
the checks done by integrity_kernel_read(). But it looks like they
aren't so much "more" as they are just "different".

                Linus

diff --git a/security/integrity/iint.c b/security/integrity/iint.c
index e12c4900510f60..1d20003243c3fb 100644
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
@@ -188,19 +188,7 @@  DEFINE_LSM(integrity) = {
 int integrity_kernel_read(struct file *file, loff_t offset,
 			  void *addr, unsigned long count)
 {
-	mm_segment_t old_fs;
-	char __user *buf = (char __user *)addr;
-	ssize_t ret;
-
-	if (!(file->f_mode & FMODE_READ))
-		return -EBADF;
-
-	old_fs = get_fs();
-	set_fs(KERNEL_DS);
-	ret = __vfs_read(file, buf, count, &offset);
-	set_fs(old_fs);
-
-	return ret;
+	return __kernel_read(file, addr, count, &offset);
 }
 
 /*

[10/13] integrity/ima: switch to using __kernel_read

Commit Message

Comments

Patch