From patchwork Wed Jun 24 16:13:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11623633 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 89DA692A for ; Wed, 24 Jun 2020 16:14:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 66B2C20738 for ; Wed, 24 Jun 2020 16:14:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="dUILgoZi" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404802AbgFXQOG (ORCPT ); Wed, 24 Jun 2020 12:14:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38658 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404785AbgFXQOE (ORCPT ); Wed, 24 Jun 2020 12:14:04 -0400 Received: from casper.infradead.org (unknown [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 62B74C0613ED; Wed, 24 Jun 2020 09:14:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=fw2+4gebTcJUXyNcS2c+cOqcMRuf3D2bJUNwgAt6wzg=; b=dUILgoZix7k1GFmu2pIu1nD4Rz uYqtUX0fGcajB4MYLcGXWU1Ni0SiIOBPXnO+fT1Zqagqu7qh66WbzBnejMZXM/VT9gEPVj+2lEN2h 2VPQ49kSdj2rbC+daRuzeJ2G/eluIhla+lsqlvUkRNVaMpFa8j0tc3A0koXt4jZcCMMyxyNboTDUE MY1q1nGnhrw8cnEJB276vkPxKcklqStZ8ajv8o6ObqccAdNF2S1cRZ+Eh7HDmONHXJVwfLtsKqkHX DJdNc3oOG4uYaJtfnGlhiQI6uGuWjzjm9Vyje618YLVH7IZNABmT8DqKGao1byH52SKBKUwHHc7Ae QfYmVTRA==; Received: from [2001:4bb8:180:a3:5c7c:8955:539d:955b] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo81q-0005xX-Dn; Wed, 24 Jun 2020 16:13:38 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 01/14] cachefiles: switch to kernel_write Date: Wed, 24 Jun 2020 18:13:22 +0200 Message-Id: <20200624161335.1810359-2-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200624161335.1810359-1-hch@lst.de> References: <20200624161335.1810359-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: __kernel_write doesn't take a sb_writers references, which we need here. Signed-off-by: Christoph Hellwig Reviewed-by: David Howells --- fs/cachefiles/rdwr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/cachefiles/rdwr.c b/fs/cachefiles/rdwr.c index e7726f5f1241c2..3080cda9e82457 100644 --- a/fs/cachefiles/rdwr.c +++ b/fs/cachefiles/rdwr.c @@ -937,7 +937,7 @@ int cachefiles_write_page(struct fscache_storage *op, struct page *page) } data = kmap(page); - ret = __kernel_write(file, data, len, &pos); + ret = kernel_write(file, data, len, &pos); kunmap(page); fput(file); if (ret != len) From patchwork Wed Jun 24 16:13:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11623629 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 07BF792A for ; Wed, 24 Jun 2020 16:14:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D776F20768 for ; Wed, 24 Jun 2020 16:14:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="GSulsNqq" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404796AbgFXQOF (ORCPT ); Wed, 24 Jun 2020 12:14:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38656 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404235AbgFXQOE (ORCPT ); Wed, 24 Jun 2020 12:14:04 -0400 Received: from casper.infradead.org (unknown [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 3FFE5C061573; Wed, 24 Jun 2020 09:14:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=jzV+T85fyIY/sAf/kMztKfiAVfq1VzZmIi5LCeoOypo=; b=GSulsNqq1StCeZPIDwLTm/QaaG XncpBCn5QnXpMWuZvUOunWHtqGlkSf279dXmkDcdVpku8bYVvHDfMyy4uJAjYsl6fjCVhz8JzwlZ+ ujOr4/ssGMDGtQf104xvX9Ik4qJ6Sb7/eyh0svbWtsutha5ZUhyDKPIVGW/rDKWuXqPPqqmQh9HTP RGUNnUp5Dln6myLyRmFcsPUiwpYKgU83aSC5o5GZ3RO119F3LYADd7uhkL/E8aZG4duiplnioA4uC /njpKnOZKa+2BBs4wvNzCTasT23eSvUK6/wHKpl09mEoHk+ysFzyH+RD88fF2FFB8f50xGOFZEW8P 3Ljqu4eQ==; Received: from [2001:4bb8:180:a3:5c7c:8955:539d:955b] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo81r-0005xf-Jc; Wed, 24 Jun 2020 16:13:39 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 02/14] autofs: switch to kernel_write Date: Wed, 24 Jun 2020 18:13:23 +0200 Message-Id: <20200624161335.1810359-3-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200624161335.1810359-1-hch@lst.de> References: <20200624161335.1810359-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: While pipes don't really need sb_writers projection, __kernel_write is an interface better kept private, and the additional rw_verify_area does not hurt here. Signed-off-by: Christoph Hellwig Acked-by: Ian Kent --- fs/autofs/waitq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/autofs/waitq.c b/fs/autofs/waitq.c index b04c528b19d342..74c886f7c51cbe 100644 --- a/fs/autofs/waitq.c +++ b/fs/autofs/waitq.c @@ -53,7 +53,7 @@ static int autofs_write(struct autofs_sb_info *sbi, mutex_lock(&sbi->pipe_mutex); while (bytes) { - wr = __kernel_write(file, data, bytes, &file->f_pos); + wr = kernel_write(file, data, bytes, &file->f_pos); if (wr <= 0) break; data += wr; From patchwork Wed Jun 24 16:13:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11623627 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 571B760D for ; Wed, 24 Jun 2020 16:14:06 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3562020768 for ; Wed, 24 Jun 2020 16:14:06 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="F6M/qB6g" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404789AbgFXQOF (ORCPT ); Wed, 24 Jun 2020 12:14:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38648 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404678AbgFXQOC (ORCPT ); Wed, 24 Jun 2020 12:14:02 -0400 Received: from casper.infradead.org (unknown [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2C08C0613ED; Wed, 24 Jun 2020 09:14:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=PIZcUHBXRzg4FA/EeFx1uXo9md1v0NkQLsX0zI2zg6M=; b=F6M/qB6g9/5tPao1/ANmNaFFIu 7eBKcM5NjloKBPTgvN+++s4++INLJU5YYEuo1b9XkD7NAu7Jt+K9JZx5EmiVKj8o5h3MictoI/P3z 8GQWVWmVhwk9SfZaVTg0Ly95IkfJHD1swQ1WuZq7DO5oYUlk7DbB9TKJGRyZ87zXAwnpeBVa3HPZq t7UoReJHe1r3CGQiu1f8wvuy/eZTYu0bkjKPicdqz36qxLSUAt9whbJpBxnGe+fIt7m7HWxVTdtGh m5NnfbVMRzS0EO96IoudEVBKkpb0+F5hRbBrYq52I1KgSOimKlzW6qGJ/gaCNnoAxJsMGEgoL+8yT BQ5oaoog==; Received: from [2001:4bb8:180:a3:5c7c:8955:539d:955b] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo81t-0005xm-5R; Wed, 24 Jun 2020 16:13:41 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 03/14] bpfilter: switch to kernel_write Date: Wed, 24 Jun 2020 18:13:24 +0200 Message-Id: <20200624161335.1810359-4-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200624161335.1810359-1-hch@lst.de> References: <20200624161335.1810359-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: While pipes don't really need sb_writers projection, __kernel_write is an interface better kept private, and the additional rw_verify_area does not hurt here. Signed-off-by: Christoph Hellwig --- net/bpfilter/bpfilter_kern.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/bpfilter/bpfilter_kern.c b/net/bpfilter/bpfilter_kern.c index c0f0990f30b604..1905e01c3aa9a7 100644 --- a/net/bpfilter/bpfilter_kern.c +++ b/net/bpfilter/bpfilter_kern.c @@ -50,7 +50,7 @@ static int __bpfilter_process_sockopt(struct sock *sk, int optname, req.len = optlen; if (!bpfilter_ops.info.pid) goto out; - n = __kernel_write(bpfilter_ops.info.pipe_to_umh, &req, sizeof(req), + n = kernel_write(bpfilter_ops.info.pipe_to_umh, &req, sizeof(req), &pos); if (n != sizeof(req)) { pr_err("write fail %zd\n", n); From patchwork Wed Jun 24 16:13:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11623677 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7D11390 for ; Wed, 24 Jun 2020 16:15:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 5B3F620738 for ; Wed, 24 Jun 2020 16:15:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="fnAZxTCY" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404989AbgFXQP0 (ORCPT ); Wed, 24 Jun 2020 12:15:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38662 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404787AbgFXQOE (ORCPT ); Wed, 24 Jun 2020 12:14:04 -0400 Received: from casper.infradead.org (unknown [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B17CAC061796; Wed, 24 Jun 2020 09:14:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=Bo298b9PL3Uu2rIZ3OmLGqOnn53VokHDlRvRjRJg3qI=; b=fnAZxTCYz/46Hcw/7kbJSkEbDK 05LcYXy0b8pLZLaxU37cOfNzAFQ1pKuXoGE2mC3eqDscLeBF/BbSpfA2DwSaZ50j4sntWpFsTmwe/ +TBIxX7OSmc4f6OMj8ER5Y25pIPmMTEZPbFsZeqSIImK6DKarl54m6sV3KhR+q9zFzWf/0H+CaPHb xi9Y4Jes8UT3Uy6dT3HuyuieKRTC7PmfItuM64IOgYkTARY+vYpEXMDNKAzaWmAktxtYwQxuUMQgj k8tpSIWVCzD2LM/45GycHOcLIQg5VPAsjWlu/r1htWKFCZ7wqNuxUpflQiu0IUF4WqBa/5Sl2oLDd S52L5C+Q==; Received: from [2001:4bb8:180:a3:5c7c:8955:539d:955b] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo81u-0005xs-Ab; Wed, 24 Jun 2020 16:13:42 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 04/14] fs: unexport __kernel_write Date: Wed, 24 Jun 2020 18:13:25 +0200 Message-Id: <20200624161335.1810359-5-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200624161335.1810359-1-hch@lst.de> References: <20200624161335.1810359-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: This is a very special interface that skips sb_writes protection, and not used by modules anymore. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 1 - 1 file changed, 1 deletion(-) diff --git a/fs/read_write.c b/fs/read_write.c index bbfa9b12b15eb7..2c601d853ff3d8 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -522,7 +522,6 @@ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t inc_syscw(current); return ret; } -EXPORT_SYMBOL(__kernel_write); ssize_t kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) From patchwork Wed Jun 24 16:13:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11623675 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 913E892A for ; Wed, 24 Jun 2020 16:15:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6A50A20781 for ; Wed, 24 Jun 2020 16:15:27 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="X2WXdDNr" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404987AbgFXQP0 (ORCPT ); Wed, 24 Jun 2020 12:15:26 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38660 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404786AbgFXQOE (ORCPT ); Wed, 24 Jun 2020 12:14:04 -0400 Received: from casper.infradead.org (unknown [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A3B69C061795; Wed, 24 Jun 2020 09:14:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=Ruv3QkeH3yf1ddYt00bBWdUvSXa4YUB7wJ/k+J42Rps=; b=X2WXdDNrl5NtIMaD8okmbVqsBE Fv6aiG5zmAjpVm/DMFeGS7tay3Cf5f9FVcSnt9us7oSjadjcmXAEyFmM+p0v3IzXQKNqPp+NwJzmz CjQ8vjnLW3kyWxlPGIijQKtLX4dS/AWJ/ZfG+Qt0oc0osEyuSKPcySr8GK8SaxWB39+n5Dzb1X6RA y35R1bHjb3oU4ymyp2ENPfJAtZqrc80i5SQ02RzMhIJfTzA2/MkuBAnK3/WX+F/G7Skaz9nSCHvcl /+F7Ham9HemsZjqtXl43dJ8d5tbsciSq62GLSNVI2AGE+seDJbGSvkhmT0+CMUM7Y10UElf8czU20 xXuiiUpg==; Received: from [2001:4bb8:180:a3:5c7c:8955:539d:955b] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo81v-0005xy-F5; Wed, 24 Jun 2020 16:13:43 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 05/14] fs: check FMODE_WRITE in __kernel_write Date: Wed, 24 Jun 2020 18:13:26 +0200 Message-Id: <20200624161335.1810359-6-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200624161335.1810359-1-hch@lst.de> References: <20200624161335.1810359-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Add a WARN_ON_ONCE if the file isn't actually open for write. This matches the check done in vfs_write, but actually warn warns as a kernel user calling write on a file not opened for writing is a pretty obvious programming error. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/read_write.c b/fs/read_write.c index 2c601d853ff3d8..8f9fc05990ae8b 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -505,6 +505,8 @@ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t const char __user *p; ssize_t ret; + if (WARN_ON_ONCE(!(file->f_mode & FMODE_WRITE))) + return -EBADF; if (!(file->f_mode & FMODE_CAN_WRITE)) return -EINVAL; From patchwork Wed Jun 24 16:13:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11623669 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1E61290 for ; Wed, 24 Jun 2020 16:15:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EF95D206A1 for ; Wed, 24 Jun 2020 16:15:15 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="WFlQK8lR" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404969AbgFXQPO (ORCPT ); Wed, 24 Jun 2020 12:15:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38668 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404800AbgFXQOG (ORCPT ); Wed, 24 Jun 2020 12:14:06 -0400 Received: from casper.infradead.org (unknown [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E9867C061573; Wed, 24 Jun 2020 09:14:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=Hlt6C7VzRXUPvzt04ubxLGUKBtxCCqCnw0SDgIXm7hw=; b=WFlQK8lROlq2wopy0YNuA4PurY T0La8mdHkssAiMiFwrvbcko8YkFtDBrabnQEmr9F5Yk7RFKipkL7CrRypqv3tav+L1chAZbGheAxz 4fxFtgdkmemzU2qnSv3htDLZn56HxForOZfiOkDIrUCuEPwf2+tyREjf20+GZ5x3P+JLpGrterVlQ CG/NQ/tCGzRDoF7SxTM2pcd9onk5riS1Dy7ma9WITzOt6as9RxPS+LWJk+ORBsn8qbKxN3kCu+cd3 sSfwwR5mTlp8wrKC8j7Drm49Isnr85P1IGLuIYqt5/Mp0HsWXk9D9F7bsaKJg7zvAhCqXKaiTncc8 yUoxs6IA==; Received: from [2001:4bb8:180:a3:5c7c:8955:539d:955b] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo81w-0005yG-JE; Wed, 24 Jun 2020 16:13:44 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 06/14] fs: implement kernel_write using __kernel_write Date: Wed, 24 Jun 2020 18:13:27 +0200 Message-Id: <20200624161335.1810359-7-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200624161335.1810359-1-hch@lst.de> References: <20200624161335.1810359-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Consolidate the two in-kernel write helpers to make upcoming changes easier. The only difference are the missing call to rw_verify_area in kernel_write, and an access_ok check that doesn't make sense for kernel buffers to start with. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index 8f9fc05990ae8b..5110cd1e6e2771 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -499,6 +499,7 @@ static ssize_t __vfs_write(struct file *file, const char __user *p, return -EINVAL; } +/* caller is responsible for file_start_write/file_end_write */ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) { mm_segment_t old_fs; @@ -528,16 +529,16 @@ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t ssize_t kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) { - mm_segment_t old_fs; - ssize_t res; + ssize_t ret; - old_fs = get_fs(); - set_fs(KERNEL_DS); - /* The cast to a user pointer is valid due to the set_fs() */ - res = vfs_write(file, (__force const char __user *)buf, count, pos); - set_fs(old_fs); + ret = rw_verify_area(WRITE, file, pos, count); + if (ret) + return ret; - return res; + file_start_write(file); + ret = __kernel_write(file, buf, count, pos); + file_end_write(file); + return ret; } EXPORT_SYMBOL(kernel_write); From patchwork Wed Jun 24 16:13:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11623665 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 45D18913 for ; Wed, 24 Jun 2020 16:15:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2AE2920768 for ; Wed, 24 Jun 2020 16:15:10 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="SEYiB5Bq" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404945AbgFXQO6 (ORCPT ); Wed, 24 Jun 2020 12:14:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38688 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404235AbgFXQOM (ORCPT ); Wed, 24 Jun 2020 12:14:12 -0400 Received: from casper.infradead.org (unknown [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 55346C0613ED; Wed, 24 Jun 2020 09:14:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=dVcUaNs/nJl21S9DI4MlGzuWbjmDqO4Jqbdos/3DXPs=; b=SEYiB5BqjCV6jniJkzB5E8JhTG eJ224sWAei+pMxmYPPkoawxmQpXxYMxcJS5/eB/EA30KLPrh/N8LPd4eyqdF6SPySZUlx0+AZlJ5V iSSvz+G6018e89C3IFeQN+FBzQ62uo97HtWSfghbxf6g4brX2/rD0ceg6KjXLg3gU2Kn+bzxA8ekT +tPNoHv+eaVo5sQarUK+8RIbfQ83B47c24ojDotVbqmX3cRPUXj34gG8TSAdwVm96JcRAtLDjLjU4 JgrkShJfGSzErP2Z4ICzwB0oLETA5q8Crqbs+Rk22LJ6e0ezj+2IR0HTvmEFRTyG3a828xcyIRHkg fI7Q3sMA==; Received: from [2001:4bb8:180:a3:5c7c:8955:539d:955b] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo81x-0005yT-Pk; Wed, 24 Jun 2020 16:13:46 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 07/14] fs: remove __vfs_write Date: Wed, 24 Jun 2020 18:13:28 +0200 Message-Id: <20200624161335.1810359-8-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200624161335.1810359-1-hch@lst.de> References: <20200624161335.1810359-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Fold it into the two callers. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 46 ++++++++++++++++++++++------------------------ 1 file changed, 22 insertions(+), 24 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index 5110cd1e6e2771..96e8e354f99b45 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -488,17 +488,6 @@ static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t return ret; } -static ssize_t __vfs_write(struct file *file, const char __user *p, - size_t count, loff_t *pos) -{ - if (file->f_op->write) - return file->f_op->write(file, p, count, pos); - else if (file->f_op->write_iter) - return new_sync_write(file, p, count, pos); - else - return -EINVAL; -} - /* caller is responsible for file_start_write/file_end_write */ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) { @@ -516,7 +505,12 @@ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t p = (__force const char __user *)buf; if (count > MAX_RW_COUNT) count = MAX_RW_COUNT; - ret = __vfs_write(file, p, count, pos); + if (file->f_op->write) + ret = file->f_op->write(file, p, count, pos); + else if (file->f_op->write_iter) + ret = new_sync_write(file, p, count, pos); + else + ret = -EINVAL; set_fs(old_fs); if (ret > 0) { fsnotify_modify(file); @@ -554,19 +548,23 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_ return -EFAULT; ret = rw_verify_area(WRITE, file, pos, count); - if (!ret) { - if (count > MAX_RW_COUNT) - count = MAX_RW_COUNT; - file_start_write(file); - ret = __vfs_write(file, buf, count, pos); - if (ret > 0) { - fsnotify_modify(file); - add_wchar(current, ret); - } - inc_syscw(current); - file_end_write(file); + if (ret) + return ret; + if (count > MAX_RW_COUNT) + count = MAX_RW_COUNT; + file_start_write(file); + if (file->f_op->write) + ret = file->f_op->write(file, buf, count, pos); + else if (file->f_op->write_iter) + ret = new_sync_write(file, buf, count, pos); + else + ret = -EINVAL; + if (ret > 0) { + fsnotify_modify(file); + add_wchar(current, ret); } - + inc_syscw(current); + file_end_write(file); return ret; } From patchwork Wed Jun 24 16:13:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11623657 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7EF6360D for ; Wed, 24 Jun 2020 16:14:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 65E022077D for ; Wed, 24 Jun 2020 16:14:56 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="ZH/V3h/F" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404855AbgFXQOO (ORCPT ); Wed, 24 Jun 2020 12:14:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38690 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404838AbgFXQOM (ORCPT ); Wed, 24 Jun 2020 12:14:12 -0400 Received: from casper.infradead.org (unknown [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5F36CC061795; Wed, 24 Jun 2020 09:14:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=pE9BZ+cY4E02xMmAEaREea9Ma9ZDLW8TJAoArZaeVmc=; b=ZH/V3h/F09tJ/8Ew4myQ0kwwwV UdzsGGC0wz11EuHS40MNnMeDHiZEhgBMYeVi1WSGFSqgZXsMCMfKB44svJODO+GfGfw0Zm+NyR+pd qC3uZ83siCkv5WmFFtSDmKak0OEjuxBGGPq8e1UdvJMz//hCp+jxBAgCsoxQHCKI+NvkeQlaj+kDc ob6PijkVynyM3EOACHngrfamR4gb+MksTxrm1m8wEuuI9DFZBvZneUVVdAO+TLOLDfHoZ1sAZvMtu hvRcavBHAeJZVgE2pe0vQeCeSm0P4EyAmT7LENtx1Isp0Lj7e7AWpuO2+5tw9UP25bVn1ysjIxa5P /e/WUBjA==; Received: from [2001:4bb8:180:a3:5c7c:8955:539d:955b] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo81y-0005yc-Vs; Wed, 24 Jun 2020 16:13:47 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 08/14] fs: don't change the address limit for ->write_iter in __kernel_write Date: Wed, 24 Jun 2020 18:13:29 +0200 Message-Id: <20200624161335.1810359-9-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200624161335.1810359-1-hch@lst.de> References: <20200624161335.1810359-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: If we write to a file that implements ->write_iter there is no need to change the address limit if we send a kvec down. Implement that case, and prefer it over using plain ->write with a changed address limit if available. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 34 ++++++++++++++++++++++------------ 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index 96e8e354f99b45..bd46c959799e97 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -489,10 +489,9 @@ static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t } /* caller is responsible for file_start_write/file_end_write */ -ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos) +ssize_t __kernel_write(struct file *file, const void *buf, size_t count, + loff_t *pos) { - mm_segment_t old_fs; - const char __user *p; ssize_t ret; if (WARN_ON_ONCE(!(file->f_mode & FMODE_WRITE))) @@ -500,18 +499,29 @@ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t if (!(file->f_mode & FMODE_CAN_WRITE)) return -EINVAL; - old_fs = get_fs(); - set_fs(KERNEL_DS); - p = (__force const char __user *)buf; if (count > MAX_RW_COUNT) count = MAX_RW_COUNT; - if (file->f_op->write) - ret = file->f_op->write(file, p, count, pos); - else if (file->f_op->write_iter) - ret = new_sync_write(file, p, count, pos); - else + if (file->f_op->write_iter) { + struct kvec iov = { .iov_base = (void *)buf, .iov_len = count }; + struct kiocb kiocb; + struct iov_iter iter; + + init_sync_kiocb(&kiocb, file); + kiocb.ki_pos = *pos; + iov_iter_kvec(&iter, WRITE, &iov, 1, count); + ret = file->f_op->write_iter(&kiocb, &iter); + if (ret > 0) + *pos = kiocb.ki_pos; + } else if (file->f_op->write) { + mm_segment_t old_fs = get_fs(); + + set_fs(KERNEL_DS); + ret = file->f_op->write(file, (__force const char __user *)buf, + count, pos); + set_fs(old_fs); + } else { ret = -EINVAL; - set_fs(old_fs); + } if (ret > 0) { fsnotify_modify(file); add_wchar(current, ret); From patchwork Wed Jun 24 16:13:30 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11623649 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1948F913 for ; Wed, 24 Jun 2020 16:14:53 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id F326820768 for ; Wed, 24 Jun 2020 16:14:52 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="nBbrQgnE" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404910AbgFXQOe (ORCPT ); Wed, 24 Jun 2020 12:14:34 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38700 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404848AbgFXQOO (ORCPT ); Wed, 24 Jun 2020 12:14:14 -0400 Received: from casper.infradead.org (unknown [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DB664C061795; Wed, 24 Jun 2020 09:14:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=8oAca2Sh96a0lCcV3gNnPlvoMT0ySVT+lMAbT/xWciU=; b=nBbrQgnEbdvEu49QwFYpJ6VjdR UVgVTE+cKNKYvuJivPfNHCHsKYdeeYKcn+IjVuZARmA85D0mqjXqBqJ3hnc/kaPkIdyn9iaf40n/j 9jRqaOSuZKteN8JxmI0FayUzcm8safEhLRWVhdd+8rnVzl9B9lOHRKa9fyLqVJjXYb94J6IMASXrc Yd6wZZapzuwx/fTz7+CI/4RmKhb5hTPyw2BUjEqJUgHzO7dCBBvk17HY24pGsKo84GG7IODOkujV/ LJUqY1qvdnD8z+3Jggqihr830f33dUmAAk5KM7o4Nu+p8SQnEMHIGC/CPJ+/7apgkl1IjYxRCFo5d amxyaHDg==; Received: from [2001:4bb8:180:a3:5c7c:8955:539d:955b] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo820-0005yk-5f; Wed, 24 Jun 2020 16:13:48 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 09/14] fs: add a __kernel_read helper Date: Wed, 24 Jun 2020 18:13:30 +0200 Message-Id: <20200624161335.1810359-10-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200624161335.1810359-1-hch@lst.de> References: <20200624161335.1810359-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: This is the counterpart to __kernel_write, and skip the rw_verify_area call compared to kernel_read. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 23 +++++++++++++++++++++++ include/linux/fs.h | 1 + 2 files changed, 24 insertions(+) diff --git a/fs/read_write.c b/fs/read_write.c index bd46c959799e97..cc8e0b4f3cd697 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -430,6 +430,29 @@ ssize_t __vfs_read(struct file *file, char __user *buf, size_t count, return -EINVAL; } +ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) +{ + mm_segment_t old_fs = get_fs(); + ssize_t ret; + + if (WARN_ON_ONCE(!(file->f_mode & FMODE_READ))) + return -EINVAL; + if (!(file->f_mode & FMODE_CAN_READ)) + return -EINVAL; + + if (count > MAX_RW_COUNT) + count = MAX_RW_COUNT; + set_fs(KERNEL_DS); + ret = __vfs_read(file, (void __user *)buf, count, pos); + set_fs(old_fs); + if (ret > 0) { + fsnotify_access(file); + add_rchar(current, ret); + } + inc_syscr(current); + return ret; +} + ssize_t kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) { mm_segment_t old_fs; diff --git a/include/linux/fs.h b/include/linux/fs.h index 3f881a892ea746..22cbe7b2e91994 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -3033,6 +3033,7 @@ extern int kernel_read_file_from_path_initns(const char *, void **, loff_t *, lo extern int kernel_read_file_from_fd(int, void **, loff_t *, loff_t, enum kernel_read_file_id); extern ssize_t kernel_read(struct file *, void *, size_t, loff_t *); +ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos); extern ssize_t kernel_write(struct file *, const void *, size_t, loff_t *); extern ssize_t __kernel_write(struct file *, const void *, size_t, loff_t *); extern struct file * open_exec(const char *); From patchwork Wed Jun 24 16:13:31 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11623659 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id E0684913 for ; Wed, 24 Jun 2020 16:14:59 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C8DDC20768 for ; Wed, 24 Jun 2020 16:14:59 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="NqBoTe0z" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404949AbgFXQO6 (ORCPT ); Wed, 24 Jun 2020 12:14:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38686 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404837AbgFXQOM (ORCPT ); Wed, 24 Jun 2020 12:14:12 -0400 Received: from casper.infradead.org (unknown [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4EED0C061573; Wed, 24 Jun 2020 09:14:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=EBziasLTB9yyj8vVMRpUDtYmmAnu214zH16u+u17qnY=; b=NqBoTe0zX4vzyujdD4NHZ10Qu0 zfvwXYQiiumY6Ws/XXz7r/OBEKylx3b+78wRfskQAeYXQnhZHnG9zB0uu+c7/Jz6xeCVCOh7JxXUD Bx8mYm4uaaIz/AlY9Xsfw/4zwr7B+NWFtNPDPRA+Tt4QSStkeyLlhiTBFBHXmjW1fFCau+QDyxWgz 10HZ7h+owRRoZqfja+qfJA3SyAaNZumUPSK6u9RjxgoZEnuvsH4lVOBgxAvtBc/XHwCMSTULbznVU HFb+KVkS9MgpifUz8EMqG9X3UE6u7qyjEHbwH9CQ5i5xsc08wa+m9OnyQPdr8PzZ25b62JzSb/6k+ x3wng0rQ==; Received: from [2001:4bb8:180:a3:5c7c:8955:539d:955b] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo821-0005yv-Fj; Wed, 24 Jun 2020 16:13:49 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 10/14] integrity/ima: switch to using __kernel_read Date: Wed, 24 Jun 2020 18:13:31 +0200 Message-Id: <20200624161335.1810359-11-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200624161335.1810359-1-hch@lst.de> References: <20200624161335.1810359-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: __kernel_read has a bunch of additional sanity checks, and this moves the set_fs out of non-core code. Signed-off-by: Christoph Hellwig --- security/integrity/iint.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/security/integrity/iint.c b/security/integrity/iint.c index e12c4900510f60..1d20003243c3fb 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -188,19 +188,7 @@ DEFINE_LSM(integrity) = { int integrity_kernel_read(struct file *file, loff_t offset, void *addr, unsigned long count) { - mm_segment_t old_fs; - char __user *buf = (char __user *)addr; - ssize_t ret; - - if (!(file->f_mode & FMODE_READ)) - return -EBADF; - - old_fs = get_fs(); - set_fs(KERNEL_DS); - ret = __vfs_read(file, buf, count, &offset); - set_fs(old_fs); - - return ret; + return __kernel_read(file, addr, count, &offset); } /* From patchwork Wed Jun 24 16:13:32 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11623655 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3784E60D for ; Wed, 24 Jun 2020 16:14:55 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 15CF020768 for ; Wed, 24 Jun 2020 16:14:55 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="YB66beWO" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404546AbgFXQOc (ORCPT ); Wed, 24 Jun 2020 12:14:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38698 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404846AbgFXQOO (ORCPT ); Wed, 24 Jun 2020 12:14:14 -0400 Received: from casper.infradead.org (unknown [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D9C40C061796; Wed, 24 Jun 2020 09:14:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=rF/h+g2aRvM7O684xTgcwq5WjNPNPSLZJBoCztHySj0=; b=YB66beWOM8rLRQIjm3q1TqZJBC vflHEfvmWfS43Nb8HKAhtLHQdK6g2/Unssp2DZGrYtBVMAgO+i7da/bCwoX5pxMNfUmSECCFYXPFt 8VoeXBYA6E4KtmJaaiivhK3+YsuOGyG6IGO6HTfOolB2Yh4TlUb1rQkIxJN1CAqlj5fEXVhLIWl+A 9Av9Oup4gxm7V/a2w3TiALvTA1dT352cwzmU8rRHU84XguyObJpzSQmNGpUgGruVAQ7H9CophvWTp 1GRQrXzlzJ55RB4fv2qgulET3KsCT4P48Uj82dOR9TIxqug7D+a4axHIFBXvJlXzp3wElpvlLdL0M sayusasQ==; Received: from [2001:4bb8:180:a3:5c7c:8955:539d:955b] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo822-0005z6-OR; Wed, 24 Jun 2020 16:13:51 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 11/14] fs: implement kernel_read using __kernel_read Date: Wed, 24 Jun 2020 18:13:32 +0200 Message-Id: <20200624161335.1810359-12-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200624161335.1810359-1-hch@lst.de> References: <20200624161335.1810359-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Consolidate the two in-kernel read helpers to make upcoming changes easier. The only difference are the missing call to rw_verify_area in kernel_read, and an access_ok check that doesn't make sense for kernel buffers to start with. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index cc8e0b4f3cd697..a0a0b5d1d9249c 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -455,15 +455,12 @@ ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) ssize_t kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) { - mm_segment_t old_fs; - ssize_t result; + ssize_t ret; - old_fs = get_fs(); - set_fs(KERNEL_DS); - /* The cast to a user pointer is valid due to the set_fs() */ - result = vfs_read(file, (void __user *)buf, count, pos); - set_fs(old_fs); - return result; + ret = rw_verify_area(READ, file, pos, count); + if (ret) + return ret; + return __kernel_read(file, buf, count, pos); } EXPORT_SYMBOL(kernel_read); From patchwork Wed Jun 24 16:13:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11623643 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6750E60D for ; Wed, 24 Jun 2020 16:14:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4BB6520768 for ; Wed, 24 Jun 2020 16:14:33 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="rj9UEETw" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404864AbgFXQOP (ORCPT ); Wed, 24 Jun 2020 12:14:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38702 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404844AbgFXQOO (ORCPT ); Wed, 24 Jun 2020 12:14:14 -0400 Received: from casper.infradead.org (unknown [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E0BA3C061797; Wed, 24 Jun 2020 09:14:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=0zhvBQZ7oT4xAzbMT5Iv8nd7tiG+K7QhKCHlApRhAsY=; b=rj9UEETwxin4VJAPjVg6r3e023 RH1DQnKT1JJoQx1tsI3bZTXut1oay83DL5F03ruwCjxPwITaC2uUXDl4U6yFJkAZBYWNLRCanWr0B qZk1d6TR0UPaf2L5EGSDMV59k61OZgMeFcxebOP1Hl0jwghcI6izwjcC1gdEMP+EAeZ25K/4Czcbr jR0UoVKrXuS/NZvCcmOJdzyhoBM6zk3oZT+wvCCtqedfQ0j1dyX03pKW+aZ/sty3oBN27fAn79bTK Za/JCVS20StmGsAuE1WsstlYa+BjlqocGKW3I++BHi8+F1XouOfWvQ8hwWKVCVg2T0FQIsbxQXbmX p2ZYzMDA==; Received: from [2001:4bb8:180:a3:5c7c:8955:539d:955b] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo823-0005zC-Tw; Wed, 24 Jun 2020 16:13:52 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 12/14] fs: remove __vfs_read Date: Wed, 24 Jun 2020 18:13:33 +0200 Message-Id: <20200624161335.1810359-13-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200624161335.1810359-1-hch@lst.de> References: <20200624161335.1810359-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: Fold it into the two callers. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 43 +++++++++++++++++++++---------------------- include/linux/fs.h | 1 - 2 files changed, 21 insertions(+), 23 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index a0a0b5d1d9249c..6a2170eaee64f9 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -419,17 +419,6 @@ static ssize_t new_sync_read(struct file *filp, char __user *buf, size_t len, lo return ret; } -ssize_t __vfs_read(struct file *file, char __user *buf, size_t count, - loff_t *pos) -{ - if (file->f_op->read) - return file->f_op->read(file, buf, count, pos); - else if (file->f_op->read_iter) - return new_sync_read(file, buf, count, pos); - else - return -EINVAL; -} - ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) { mm_segment_t old_fs = get_fs(); @@ -443,7 +432,12 @@ ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) if (count > MAX_RW_COUNT) count = MAX_RW_COUNT; set_fs(KERNEL_DS); - ret = __vfs_read(file, (void __user *)buf, count, pos); + if (file->f_op->read) + ret = file->f_op->read(file, (void __user *)buf, count, pos); + else if (file->f_op->read_iter) + ret = new_sync_read(file, (void __user *)buf, count, pos); + else + ret = -EINVAL; set_fs(old_fs); if (ret > 0) { fsnotify_access(file); @@ -476,17 +470,22 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) return -EFAULT; ret = rw_verify_area(READ, file, pos, count); - if (!ret) { - if (count > MAX_RW_COUNT) - count = MAX_RW_COUNT; - ret = __vfs_read(file, buf, count, pos); - if (ret > 0) { - fsnotify_access(file); - add_rchar(current, ret); - } - inc_syscr(current); - } + if (ret) + return ret; + if (count > MAX_RW_COUNT) + count = MAX_RW_COUNT; + if (file->f_op->read) + ret = file->f_op->read(file, buf, count, pos); + else if (file->f_op->read_iter) + ret = new_sync_read(file, buf, count, pos); + else + ret = -EINVAL; + if (ret > 0) { + fsnotify_access(file); + add_rchar(current, ret); + } + inc_syscr(current); return ret; } diff --git a/include/linux/fs.h b/include/linux/fs.h index 22cbe7b2e91994..0c0ec76b600b50 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1917,7 +1917,6 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector, struct iovec *fast_pointer, struct iovec **ret_pointer); -extern ssize_t __vfs_read(struct file *, char __user *, size_t, loff_t *); extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *); extern ssize_t vfs_write(struct file *, const char __user *, size_t, loff_t *); extern ssize_t vfs_readv(struct file *, const struct iovec __user *, From patchwork Wed Jun 24 16:13:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11623641 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2170A60D for ; Wed, 24 Jun 2020 16:14:29 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 082BD20768 for ; Wed, 24 Jun 2020 16:14:29 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="JRsce6Lc" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404888AbgFXQOX (ORCPT ); Wed, 24 Jun 2020 12:14:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38714 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404546AbgFXQOR (ORCPT ); Wed, 24 Jun 2020 12:14:17 -0400 Received: from casper.infradead.org (unknown [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BEB53C061573; Wed, 24 Jun 2020 09:14:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=ohADaDX1EpLOvE9FiJrzT1hC9HlZKskrAoteovdnv8Q=; b=JRsce6Lcb5oIozkhzRENHz5Ekk lDJ/bQ6cpPOcTd/B1ynXK7B05dowJcgKg17O9GCyjMdUfrK54Tt9NAYSUioBYAzy44EG5lIfW2eVu XrsnW2eBSoJrNcgfsXfKD37ascFXJ0Wws+cb2bmMR8NxKowiNwSt406tbB5SVZaajaPqTYebXBx/E B4LaeLrw8obJRgWyAQL2yQrtf+SWKKBhxuSDdM96wCO0WBECiR61PeJI12G8qo6Q5AAIi3QRu8bLV Z4zrTH3xbxkQE67XTLws/d4zW5URKfX+90uf/BFTz6nMJ0idA5kcG0e1rXU5xXN73/8LQ5tUX2XCF KA6hmm7g==; Received: from [2001:4bb8:180:a3:5c7c:8955:539d:955b] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo825-0005zP-1s; Wed, 24 Jun 2020 16:13:53 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 13/14] fs: implement default_file_splice_read using __kernel_read Date: Wed, 24 Jun 2020 18:13:34 +0200 Message-Id: <20200624161335.1810359-14-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200624161335.1810359-1-hch@lst.de> References: <20200624161335.1810359-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: default_file_splice_read goes through great lenght to create an iovec array and iov_iter for all the reads, but is a helper only useful for files not implementing ->read_iter as we have the much better generic_file_splice_read version available for those. Remove the iters and just call __kernel_read in a loop instead. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 2 +- fs/splice.c | 53 +++++++++++++--------------------------------- include/linux/fs.h | 2 -- 3 files changed, 16 insertions(+), 41 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index 6a2170eaee64f9..1c41c25e548d8c 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -1070,7 +1070,7 @@ ssize_t vfs_iter_write(struct file *file, struct iov_iter *iter, loff_t *ppos, } EXPORT_SYMBOL(vfs_iter_write); -ssize_t vfs_readv(struct file *file, const struct iovec __user *vec, +static ssize_t vfs_readv(struct file *file, const struct iovec __user *vec, unsigned long vlen, loff_t *pos, rwf_t flags) { struct iovec iovstack[UIO_FASTIOV]; diff --git a/fs/splice.c b/fs/splice.c index d7c8a7c4db07ff..d1efc53875bd93 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -342,38 +342,26 @@ const struct pipe_buf_operations nosteal_pipe_buf_ops = { }; EXPORT_SYMBOL(nosteal_pipe_buf_ops); -static ssize_t kernel_readv(struct file *file, const struct kvec *vec, - unsigned long vlen, loff_t offset) -{ - mm_segment_t old_fs; - loff_t pos = offset; - ssize_t res; - - old_fs = get_fs(); - set_fs(KERNEL_DS); - /* The cast to a user pointer is valid due to the set_fs() */ - res = vfs_readv(file, (const struct iovec __user *)vec, vlen, &pos, 0); - set_fs(old_fs); - - return res; -} - static ssize_t default_file_splice_read(struct file *in, loff_t *ppos, struct pipe_inode_info *pipe, size_t len, unsigned int flags) { - struct kvec *vec, __vec[PIPE_DEF_BUFFERS]; struct iov_iter to; struct page **pages; unsigned int nr_pages; unsigned int mask; size_t offset, base, copied = 0; + loff_t pos; ssize_t res; int i; if (pipe_full(pipe->head, pipe->tail, pipe->max_usage)) return -EAGAIN; + res = rw_verify_area(READ, in, ppos, len); + if (res < 0) + return res; + /* * Try to keep page boundaries matching to source pagecache ones - * it probably won't be much help, but... @@ -386,37 +374,26 @@ static ssize_t default_file_splice_read(struct file *in, loff_t *ppos, if (res <= 0) return -ENOMEM; - nr_pages = DIV_ROUND_UP(res + base, PAGE_SIZE); - - vec = __vec; - if (nr_pages > PIPE_DEF_BUFFERS) { - vec = kmalloc_array(nr_pages, sizeof(struct kvec), GFP_KERNEL); - if (unlikely(!vec)) { - res = -ENOMEM; - goto out; - } - } - mask = pipe->ring_size - 1; pipe->bufs[to.head & mask].offset = offset; pipe->bufs[to.head & mask].len -= offset; + nr_pages = DIV_ROUND_UP(res + base, PAGE_SIZE); + + pos = *ppos; for (i = 0; i < nr_pages; i++) { size_t this_len = min_t(size_t, len, PAGE_SIZE - offset); - vec[i].iov_base = page_address(pages[i]) + offset; - vec[i].iov_len = this_len; + + res = __kernel_read(in, page_address(pages[i]) + offset, + this_len, &pos); + if (res < 0) + goto out; len -= this_len; offset = 0; } + copied = pos - *ppos; + *ppos = pos; - res = kernel_readv(in, vec, nr_pages, *ppos); - if (res > 0) { - copied = res; - *ppos += res; - } - - if (vec != __vec) - kfree(vec); out: for (i = 0; i < nr_pages; i++) put_page(pages[i]); diff --git a/include/linux/fs.h b/include/linux/fs.h index 0c0ec76b600b50..fac6aead402a98 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1919,8 +1919,6 @@ ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector, extern ssize_t vfs_read(struct file *, char __user *, size_t, loff_t *); extern ssize_t vfs_write(struct file *, const char __user *, size_t, loff_t *); -extern ssize_t vfs_readv(struct file *, const struct iovec __user *, - unsigned long, loff_t *, rwf_t); extern ssize_t vfs_copy_file_range(struct file *, loff_t , struct file *, loff_t, size_t, unsigned int); extern ssize_t generic_copy_file_range(struct file *file_in, loff_t pos_in, From patchwork Wed Jun 24 16:13:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Christoph Hellwig X-Patchwork-Id: 11623653 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 383D2913 for ; Wed, 24 Jun 2020 16:14:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 1DA912077D for ; Wed, 24 Jun 2020 16:14:54 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="I82Djkmi" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404903AbgFXQOd (ORCPT ); Wed, 24 Jun 2020 12:14:33 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38696 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404843AbgFXQOO (ORCPT ); Wed, 24 Jun 2020 12:14:14 -0400 Received: from casper.infradead.org (unknown [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D8C7CC0613ED; Wed, 24 Jun 2020 09:14:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=Content-Transfer-Encoding:MIME-Version: References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To: Content-Type:Content-ID:Content-Description; bh=2SizYORAzETdBPOXQ0bh10vOYVYerECcQapfjW0L0UI=; b=I82Djkmixse3CInvkiL3x75jlg TQANtf+xq0FUXln1hgh+v86mlIOiHnz5Fgz4xS+esrrdS+6jFM3urx7ev7uFGq5ClXHb8a4H4HV+W bM7b9mFOP1HW+N0P1uAt944L9pPSeVoaTFyF8RTe1VG4pgwqXunuGoRIzDNouzWdxfRST11ovSM8i rhqgqwUEwbwflT4qdidDhV3b63zaGYWsTfY5MFMpxOdYsuACFBrlWCbHexJuYmsg6L0sSBt6SHvxc Ha6DLT8L7L4sEtD+02BbllCNDVN9pgfNBqNy0LUIrJJtJgrAxccT+sNEW+e8dcptybilQIm6fK6OX kchfD5aA==; Received: from [2001:4bb8:180:a3:5c7c:8955:539d:955b] (helo=localhost) by casper.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jo826-0005zV-FQ; Wed, 24 Jun 2020 16:13:54 +0000 From: Christoph Hellwig To: Al Viro Cc: Linus Torvalds , Ian Kent , David Howells , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, netfilter-devel@vger.kernel.org Subject: [PATCH 14/14] fs: don't change the address limit for ->read_iter in __kernel_read Date: Wed, 24 Jun 2020 18:13:35 +0200 Message-Id: <20200624161335.1810359-15-hch@lst.de> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200624161335.1810359-1-hch@lst.de> References: <20200624161335.1810359-1-hch@lst.de> MIME-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by casper.infradead.org. See http://www.infradead.org/rpr.html Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: If we read to a file that implements ->read_iter there is no need to change the address limit if we send a kvec down. Signed-off-by: Christoph Hellwig --- fs/read_write.c | 40 +++++++++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 15 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index 1c41c25e548d8c..e7f36b15683049 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -421,7 +421,6 @@ static ssize_t new_sync_read(struct file *filp, char __user *buf, size_t len, lo ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) { - mm_segment_t old_fs = get_fs(); ssize_t ret; if (WARN_ON_ONCE(!(file->f_mode & FMODE_READ))) @@ -431,14 +430,25 @@ ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos) if (count > MAX_RW_COUNT) count = MAX_RW_COUNT; - set_fs(KERNEL_DS); - if (file->f_op->read) + if (file->f_op->read) { + mm_segment_t old_fs = get_fs(); + + set_fs(KERNEL_DS); ret = file->f_op->read(file, (void __user *)buf, count, pos); - else if (file->f_op->read_iter) - ret = new_sync_read(file, (void __user *)buf, count, pos); - else + set_fs(old_fs); + } else if (file->f_op->read_iter) { + struct kvec iov = { .iov_base = buf, .iov_len = count }; + struct kiocb kiocb; + struct iov_iter iter; + + init_sync_kiocb(&kiocb, file); + kiocb.ki_pos = *pos; + iov_iter_kvec(&iter, READ, &iov, 1, count); + ret = file->f_op->read_iter(&kiocb, &iter); + *pos = kiocb.ki_pos; + } else { ret = -EINVAL; - set_fs(old_fs); + } if (ret > 0) { fsnotify_access(file); add_rchar(current, ret); @@ -520,7 +530,14 @@ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, if (count > MAX_RW_COUNT) count = MAX_RW_COUNT; - if (file->f_op->write_iter) { + if (file->f_op->write) { + mm_segment_t old_fs = get_fs(); + + set_fs(KERNEL_DS); + ret = file->f_op->write(file, (__force const char __user *)buf, + count, pos); + set_fs(old_fs); + } else if (file->f_op->write_iter) { struct kvec iov = { .iov_base = (void *)buf, .iov_len = count }; struct kiocb kiocb; struct iov_iter iter; @@ -531,13 +548,6 @@ ssize_t __kernel_write(struct file *file, const void *buf, size_t count, ret = file->f_op->write_iter(&kiocb, &iter); if (ret > 0) *pos = kiocb.ki_pos; - } else if (file->f_op->write) { - mm_segment_t old_fs = get_fs(); - - set_fs(KERNEL_DS); - ret = file->f_op->write(file, (__force const char __user *)buf, - count, pos); - set_fs(old_fs); } else { ret = -EINVAL; }