Matthew Wilcox (Oracle)
abe046ddf3
vfs: check fd has read access in kernel_read_file_from_fd()
...
commit 032146cda8https://lkml.kernel.org/r/20211007220110.600005-1-willy@infradead.org
Fixes: b844f0ecbcwilly@infradead.org >
Reported-by: Hao Sun <sunhao.th@gmail.com >
Reviewed-by: Kees Cook <keescook@chromium.org >
Acked-by: Christian Brauner <christian.brauner@ubuntu.com >
Cc: Al Viro <viro@zeniv.linux.org.uk >
Cc: Mimi Zohar <zohar@linux.ibm.com >
Cc: <stable@vger.kernel.org >
Signed-off-by: Andrew Morton <akpm@linux-foundation.org >
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org >
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org >
2021-10-27 09:59:43 +02:00
Al Viro
ffb37ca3bd
switch file_open_root() to struct path
...
... and provide file_open_root_mnt(), using the root of given mount.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk >
2021-04-07 13:56:43 -04:00
Kees Cook
0fa8e08464
fs/kernel_file_read: Add "offset" arg for partial reads
...
To perform partial reads, callers of kernel_read_file*() must have a
non-NULL file_size argument and a preallocated buffer. The new "offset"
argument can then be used to seek to specific locations in the file to
fill the buffer to, at most, "buf_size" per call.
Where possible, the LSM hooks can report whether a full file has been
read or not so that the contents can be reasoned about.
Signed-off-by: Kees Cook <keescook@chromium.org >
Link: https://lore.kernel.org/r/20201002173828.2099543-14-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org >
2020-10-05 13:37:04 +02:00
Kees Cook
2039bda1fa
LSM: Add "contents" flag to kernel_read_file hook
...
As with the kernel_load_data LSM hook, add a "contents" flag to the
kernel_read_file LSM hook that indicates whether the LSM can expect
a matching call to the kernel_post_read_file LSM hook with the full
contents of the file. With the coming addition of partial file read
support for kernel_read_file*() API, the LSM will no longer be able
to always see the entire contents of a file during the read calls.
For cases where the LSM must read examine the complete file contents,
it will need to do so on its own every time the kernel_read_file
hook is called with contents=false (or reject such cases). Adjust all
existing LSMs to retain existing behavior.
Signed-off-by: Kees Cook <keescook@chromium.org >
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com >
Link: https://lore.kernel.org/r/20201002173828.2099543-12-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org >
2020-10-05 13:37:03 +02:00
Kees Cook
885352881f
fs/kernel_read_file: Add file_size output argument
...
In preparation for adding partial read support, add an optional output
argument to kernel_read_file*() that reports the file size so callers
can reason more easily about their reading progress.
Signed-off-by: Kees Cook <keescook@chromium.org >
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com >
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org >
Reviewed-by: James Morris <jamorris@linux.microsoft.com >
Acked-by: Scott Branden <scott.branden@broadcom.com >
Link: https://lore.kernel.org/r/20201002173828.2099543-8-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org >
2020-10-05 13:37:03 +02:00
Kees Cook
113eeb5177
fs/kernel_read_file: Switch buffer size arg to size_t
...
In preparation for further refactoring of kernel_read_file*(), rename
the "max_size" argument to the more accurate "buf_size", and correct
its type to size_t. Add kerndoc to explain the specifics of how the
arguments will be used. Note that with buf_size now size_t, it can no
longer be negative (and was never called with a negative value). Adjust
callers to use it as a "maximum size" when *buf is NULL.
Signed-off-by: Kees Cook <keescook@chromium.org >
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com >
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org >
Reviewed-by: James Morris <jamorris@linux.microsoft.com >
Acked-by: Scott Branden <scott.branden@broadcom.com >
Link: https://lore.kernel.org/r/20201002173828.2099543-7-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org >
2020-10-05 13:34:19 +02:00
Kees Cook
f7a4f689bc
fs/kernel_read_file: Remove redundant size argument
...
In preparation for refactoring kernel_read_file*(), remove the redundant
"size" argument which is not needed: it can be included in the return
code, with callers adjusted. (VFS reads already cannot be larger than
INT_MAX.)
Signed-off-by: Kees Cook <keescook@chromium.org >
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com >
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org >
Reviewed-by: James Morris <jamorris@linux.microsoft.com >
Acked-by: Scott Branden <scott.branden@broadcom.com >
Link: https://lore.kernel.org/r/20201002173828.2099543-6-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org >
2020-10-05 13:34:18 +02:00
Kees Cook
5287b07f6d
fs/kernel_read_file: Split into separate source file
...
These routines are used in places outside of exec(2), so in preparation
for refactoring them, move them into a separate source file,
fs/kernel_read_file.c.
Signed-off-by: Kees Cook <keescook@chromium.org >
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com >
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org >
Acked-by: Scott Branden <scott.branden@broadcom.com >
Link: https://lore.kernel.org/r/20201002173828.2099543-5-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org >
2020-10-05 13:34:18 +02:00
