From: Christoph Hellwig <hch@lst.de>
To: Al Viro <viro@zeniv.linux.org.uk>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Ian Kent <raven@themaw.net>, David Howells <dhowells@redhat.com>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-security-module@vger.kernel.org,
netfilter-devel@vger.kernel.org
Subject: [PATCH 10/14] integrity/ima: switch to using __kernel_read
Date: Wed, 24 Jun 2020 18:13:31 +0200 [thread overview]
Message-ID: <20200624161335.1810359-11-hch@lst.de> (raw)
In-Reply-To: <20200624161335.1810359-1-hch@lst.de>
__kernel_read has a bunch of additional sanity checks, and this moves
the set_fs out of non-core code.
Signed-off-by: Christoph Hellwig <hch@lst.de>
---
security/integrity/iint.c | 14 +-------------
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/security/integrity/iint.c b/security/integrity/iint.c
index e12c4900510f60..1d20003243c3fb 100644
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
@@ -188,19 +188,7 @@ DEFINE_LSM(integrity) = {
int integrity_kernel_read(struct file *file, loff_t offset,
void *addr, unsigned long count)
{
- mm_segment_t old_fs;
- char __user *buf = (char __user *)addr;
- ssize_t ret;
-
- if (!(file->f_mode & FMODE_READ))
- return -EBADF;
-
- old_fs = get_fs();
- set_fs(KERNEL_DS);
- ret = __vfs_read(file, buf, count, &offset);
- set_fs(old_fs);
-
- return ret;
+ return __kernel_read(file, addr, count, &offset);
}
/*
--
2.26.2
next prev parent reply other threads:[~2020-06-24 16:15 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-24 16:13 clean up kernel_{read,write} & friends v5 Christoph Hellwig
2020-06-24 16:13 ` [PATCH 01/14] cachefiles: switch to kernel_write Christoph Hellwig
2020-06-24 16:13 ` [PATCH 02/14] autofs: " Christoph Hellwig
2020-06-24 16:13 ` [PATCH 03/14] bpfilter: " Christoph Hellwig
2020-06-24 16:13 ` [PATCH 04/14] fs: unexport __kernel_write Christoph Hellwig
2020-06-24 16:13 ` [PATCH 05/14] fs: check FMODE_WRITE in __kernel_write Christoph Hellwig
2020-06-24 16:13 ` [PATCH 06/14] fs: implement kernel_write using __kernel_write Christoph Hellwig
2020-06-24 16:13 ` [PATCH 07/14] fs: remove __vfs_write Christoph Hellwig
2020-06-24 16:13 ` [PATCH 08/14] fs: don't change the address limit for ->write_iter in __kernel_write Christoph Hellwig
2020-06-24 16:13 ` [PATCH 09/14] fs: add a __kernel_read helper Christoph Hellwig
2020-06-24 16:13 ` Christoph Hellwig [this message]
2020-06-24 16:13 ` [PATCH 11/14] fs: implement kernel_read using __kernel_read Christoph Hellwig
2020-06-24 16:13 ` [PATCH 12/14] fs: remove __vfs_read Christoph Hellwig
2020-06-24 16:13 ` [PATCH 13/14] fs: implement default_file_splice_read using __kernel_read Christoph Hellwig
2020-07-01 9:19 ` [fs] 140402bab8: stress-ng.splice.ops_per_sec -100.0% regression kernel test robot
2020-07-01 12:13 ` Christoph Hellwig
2020-07-01 20:32 ` Linus Torvalds
2020-06-24 16:13 ` [PATCH 14/14] fs: don't change the address limit for ->read_iter in __kernel_read Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200624161335.1810359-11-hch@lst.de \
--to=hch@lst.de \
--cc=dhowells@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=raven@themaw.net \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.