From: Scott Branden <scott.branden@broadcom.com>
To: Kees Cook <keescook@chromium.org>
Cc: Mimi Zohar <zohar@linux.ibm.com>,
Matthew Wilcox <willy@infradead.org>,
James Morris <jmorris@namei.org>,
Luis Chamberlain <mcgrof@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
"Rafael J. Wysocki" <rafael@kernel.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Jessica Yu <jeyu@kernel.org>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
Casey Schaufler <casey@schaufler-ca.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Peter Zijlstra <peterz@infradead.org>,
Matthew Garrett <matthewgarrett@google.com>,
David Howells <dhowells@redhat.com>,
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
Randy Dunlap <rdunlap@infradead.org>,
"Joel Fernandes (Google)" <joel@joelfernandes.org>,
KP Singh <kpsingh@google.com>, Dave Olsthoorn <dave@bewaar.me>,
Hans de Goede <hdegoede@redhat.com>,
Peter Jones <pjones@redhat.com>,
Andrew Morton <akpm@linux-foundation.org>,
Stephen Boyd <stephen.boyd@linaro.org>,
Paul Moore <paul@paul-moore.com>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
linux-security-module@vger.kernel.org,
linux-integrity@vger.kernel.org, selinux@vger.kernel.org,
linux-fsdevel@vger.kernel.org, kexec@lists.infradead.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH 06/13] fs/kernel_read_file: Remove redundant size argument
Date: Fri, 17 Jul 2020 12:55:37 -0700 [thread overview]
Message-ID: <ad1f7aa8-0b20-b611-d35f-5cdba33e0b7e@broadcom.com> (raw)
In-Reply-To: <39b2d8af-812f-8c5e-3957-34543add0173@broadcom.com>
On 2020-07-17 12:04 p.m., Scott Branden wrote:
> Hi Kees,
>
> On 2020-07-17 10:43 a.m., Kees Cook wrote:
>> In preparation for refactoring kernel_read_file*(), remove the redundant
>> "size" argument which is not needed: it can be included in the return
> I don't think the size argument is redundant though.
> The existing kernel_read_file functions always read the whole file.
> Now, what happens if the file is bigger than the buffer.
> How does kernel_read_file know it read the whole file by looking at
> the return value?
Actually, this change looks ok dealing with the size. I'll look at the
rest.
>
>> code, with callers adjusted. (VFS reads already cannot be larger than
>> INT_MAX.)
>>
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>> ---
>> drivers/base/firmware_loader/main.c | 8 ++++----
>> fs/kernel_read_file.c | 20 +++++++++-----------
>> include/linux/kernel_read_file.h | 8 ++++----
>> kernel/kexec_file.c | 13 ++++++-------
>> kernel/module.c | 7 +++----
>> security/integrity/digsig.c | 5 +++--
>> security/integrity/ima/ima_fs.c | 5 +++--
>> 7 files changed, 32 insertions(+), 34 deletions(-)
>>
>> diff --git a/drivers/base/firmware_loader/main.c
>> b/drivers/base/firmware_loader/main.c
>> index d4a413ea48ce..ea419c7d3d34 100644
>> --- a/drivers/base/firmware_loader/main.c
>> +++ b/drivers/base/firmware_loader/main.c
>> @@ -462,7 +462,7 @@ fw_get_filesystem_firmware(struct device *device,
>> struct fw_priv *fw_priv,
>> size_t in_size,
>> const void *in_buffer))
>> {
>> - loff_t size;
>> + size_t size;
>> int i, len;
>> int rc = -ENOENT;
>> char *path;
>> @@ -494,10 +494,9 @@ fw_get_filesystem_firmware(struct device
>> *device, struct fw_priv *fw_priv,
>> fw_priv->size = 0;
>> /* load firmware files from the mount namespace of init */
>> - rc = kernel_read_file_from_path_initns(path, &buffer,
>> - &size, msize,
>> + rc = kernel_read_file_from_path_initns(path, &buffer, msize,
>> READING_FIRMWARE);
>> - if (rc) {
>> + if (rc < 0) {
>> if (rc != -ENOENT)
>> dev_warn(device, "loading %s failed with error %d\n",
>> path, rc);
>> @@ -506,6 +505,7 @@ fw_get_filesystem_firmware(struct device *device,
>> struct fw_priv *fw_priv,
>> path);
>> continue;
>> }
>> + size = rc;
>> dev_dbg(device, "Loading firmware from %s\n", path);
>> if (decompress) {
>> dev_dbg(device, "f/w decompressing %s\n",
>> diff --git a/fs/kernel_read_file.c b/fs/kernel_read_file.c
>> index 54d972d4befc..dc28a8def597 100644
>> --- a/fs/kernel_read_file.c
>> +++ b/fs/kernel_read_file.c
>> @@ -5,7 +5,7 @@
>> #include <linux/security.h>
>> #include <linux/vmalloc.h>
>> -int kernel_read_file(struct file *file, void **buf, loff_t *size,
>> +int kernel_read_file(struct file *file, void **buf,
>> loff_t max_size, enum kernel_read_file_id id)
>> {
>> loff_t i_size, pos;
>> @@ -29,7 +29,7 @@ int kernel_read_file(struct file *file, void **buf,
>> loff_t *size,
>> ret = -EINVAL;
>> goto out;
>> }
>> - if (i_size > SIZE_MAX || (max_size > 0 && i_size > max_size)) {
>> + if (i_size > INT_MAX || (max_size > 0 && i_size > max_size)) {
> Should this be SSIZE_MAX?
>> ret = -EFBIG;
>> goto out;
>> }
>> @@ -59,8 +59,6 @@ int kernel_read_file(struct file *file, void **buf,
>> loff_t *size,
>> }
>> ret = security_kernel_post_read_file(file, *buf, i_size, id);
>> - if (!ret)
>> - *size = pos;
>> out_free:
>> if (ret < 0) {
>> @@ -72,11 +70,11 @@ int kernel_read_file(struct file *file, void
>> **buf, loff_t *size,
>> out:
>> allow_write_access(file);
>> - return ret;
>> + return ret == 0 ? pos : ret;
>> }
>> EXPORT_SYMBOL_GPL(kernel_read_file);
>> -int kernel_read_file_from_path(const char *path, void **buf,
>> loff_t *size,
>> +int kernel_read_file_from_path(const char *path, void **buf,
>> loff_t max_size, enum kernel_read_file_id id)
>> {
>> struct file *file;
>> @@ -89,14 +87,14 @@ int kernel_read_file_from_path(const char *path,
>> void **buf, loff_t *size,
>> if (IS_ERR(file))
>> return PTR_ERR(file);
>> - ret = kernel_read_file(file, buf, size, max_size, id);
>> + ret = kernel_read_file(file, buf, max_size, id);
>> fput(file);
>> return ret;
>> }
>> EXPORT_SYMBOL_GPL(kernel_read_file_from_path);
>> int kernel_read_file_from_path_initns(const char *path, void **buf,
>> - loff_t *size, loff_t max_size,
>> + loff_t max_size,
>> enum kernel_read_file_id id)
>> {
>> struct file *file;
>> @@ -115,13 +113,13 @@ int kernel_read_file_from_path_initns(const
>> char *path, void **buf,
>> if (IS_ERR(file))
>> return PTR_ERR(file);
>> - ret = kernel_read_file(file, buf, size, max_size, id);
>> + ret = kernel_read_file(file, buf, max_size, id);
>> fput(file);
>> return ret;
>> }
>> EXPORT_SYMBOL_GPL(kernel_read_file_from_path_initns);
>> -int kernel_read_file_from_fd(int fd, void **buf, loff_t *size,
>> loff_t max_size,
>> +int kernel_read_file_from_fd(int fd, void **buf, loff_t max_size,
>> enum kernel_read_file_id id)
>> {
>> struct fd f = fdget(fd);
>> @@ -130,7 +128,7 @@ int kernel_read_file_from_fd(int fd, void **buf,
>> loff_t *size, loff_t max_size,
>> if (!f.file)
>> goto out;
>> - ret = kernel_read_file(f.file, buf, size, max_size, id);
>> + ret = kernel_read_file(f.file, buf, max_size, id);
>> out:
>> fdput(f);
>> return ret;
>> diff --git a/include/linux/kernel_read_file.h
>> b/include/linux/kernel_read_file.h
>> index 78cf3d7dc835..0ca0bdbed1bd 100644
>> --- a/include/linux/kernel_read_file.h
>> +++ b/include/linux/kernel_read_file.h
>> @@ -36,16 +36,16 @@ static inline const char
>> *kernel_read_file_id_str(enum kernel_read_file_id id)
>> }
>> int kernel_read_file(struct file *file,
>> - void **buf, loff_t *size, loff_t max_size,
>> + void **buf, loff_t max_size,
>> enum kernel_read_file_id id);
>> int kernel_read_file_from_path(const char *path,
>> - void **buf, loff_t *size, loff_t max_size,
>> + void **buf, loff_t max_size,
>> enum kernel_read_file_id id);
>> int kernel_read_file_from_path_initns(const char *path,
>> - void **buf, loff_t *size, loff_t max_size,
>> + void **buf, loff_t max_size,
>> enum kernel_read_file_id id);
>> int kernel_read_file_from_fd(int fd,
>> - void **buf, loff_t *size, loff_t max_size,
>> + void **buf, loff_t max_size,
>> enum kernel_read_file_id id);
>> #endif /* _LINUX_KERNEL_READ_FILE_H */
>> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
>> index 1358069ce9e9..a201bbb19158 100644
>> --- a/kernel/kexec_file.c
>> +++ b/kernel/kexec_file.c
>> @@ -220,13 +220,12 @@ kimage_file_prepare_segments(struct kimage
>> *image, int kernel_fd, int initrd_fd,
>> {
>> int ret;
>> void *ldata;
>> - loff_t size;
>> ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf,
>> - &size, INT_MAX, READING_KEXEC_IMAGE);
>> - if (ret)
>> + INT_MAX, READING_KEXEC_IMAGE);
>> + if (ret < 0)
>> return ret;
>> - image->kernel_buf_len = size;
>> + image->kernel_buf_len = ret;
>> /* Call arch image probe handlers */
>> ret = arch_kexec_kernel_image_probe(image, image->kernel_buf,
>> @@ -243,11 +242,11 @@ kimage_file_prepare_segments(struct kimage
>> *image, int kernel_fd, int initrd_fd,
>> /* It is possible that there no initramfs is being loaded */
>> if (!(flags & KEXEC_FILE_NO_INITRAMFS)) {
>> ret = kernel_read_file_from_fd(initrd_fd, &image->initrd_buf,
>> - &size, INT_MAX,
>> + INT_MAX,
>> READING_KEXEC_INITRAMFS);
>> - if (ret)
>> + if (ret < 0)
>> goto out;
>> - image->initrd_buf_len = size;
>> + image->initrd_buf_len = ret;
>> }
>> if (cmdline_len) {
>> diff --git a/kernel/module.c b/kernel/module.c
>> index e9765803601b..b6fd4f51cc30 100644
>> --- a/kernel/module.c
>> +++ b/kernel/module.c
>> @@ -3988,7 +3988,6 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
>> SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs,
>> int, flags)
>> {
>> struct load_info info = { };
>> - loff_t size;
>> void *hdr = NULL;
>> int err;
>> @@ -4002,12 +4001,12 @@ SYSCALL_DEFINE3(finit_module, int, fd,
>> const char __user *, uargs, int, flags)
>> |MODULE_INIT_IGNORE_VERMAGIC))
>> return -EINVAL;
>> - err = kernel_read_file_from_fd(fd, &hdr, &size, INT_MAX,
>> + err = kernel_read_file_from_fd(fd, &hdr, INT_MAX,
>> READING_MODULE);
>> - if (err)
>> + if (err < 0)
>> return err;
>> info.hdr = hdr;
>> - info.len = size;
>> + info.len = err;
>> return load_module(&info, uargs, flags);
>> }
>> diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
>> index f8869be45d8f..97661ffabc4e 100644
>> --- a/security/integrity/digsig.c
>> +++ b/security/integrity/digsig.c
>> @@ -171,16 +171,17 @@ int __init integrity_add_key(const unsigned int
>> id, const void *data,
>> int __init integrity_load_x509(const unsigned int id, const char
>> *path)
>> {
>> void *data = NULL;
>> - loff_t size;
>> + size_t size;
>> int rc;
>> key_perm_t perm;
>> - rc = kernel_read_file_from_path(path, &data, &size, 0,
>> + rc = kernel_read_file_from_path(path, &data, 0,
>> READING_X509_CERTIFICATE);
>> if (rc < 0) {
>> pr_err("Unable to open file: %s (%d)", path, rc);
>> return rc;
>> }
>> + size = rc;
>> perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
>> KEY_USR_READ;
>> diff --git a/security/integrity/ima/ima_fs.c
>> b/security/integrity/ima/ima_fs.c
>> index e13ffece3726..9ba145d3d6d9 100644
>> --- a/security/integrity/ima/ima_fs.c
>> +++ b/security/integrity/ima/ima_fs.c
>> @@ -275,7 +275,7 @@ static ssize_t ima_read_policy(char *path)
>> {
>> void *data = NULL;
>> char *datap;
>> - loff_t size;
>> + size_t size;
>> int rc, pathlen = strlen(path);
>> char *p;
>> @@ -284,11 +284,12 @@ static ssize_t ima_read_policy(char *path)
>> datap = path;
>> strsep(&datap, "\n");
>> - rc = kernel_read_file_from_path(path, &data, &size, 0,
>> READING_POLICY);
>> + rc = kernel_read_file_from_path(path, &data, 0, READING_POLICY);
>> if (rc < 0) {
>> pr_err("Unable to open file: %s (%d)", path, rc);
>> return rc;
>> }
>> + size = rc;
>> datap = data;
>> while (size > 0 && (p = strsep(&datap, "\n"))) {
>
WARNING: multiple messages have this Message-ID (diff)
From: Scott Branden <scott.branden@broadcom.com>
To: Kees Cook <keescook@chromium.org>
Cc: "Rafael J. Wysocki" <rafael@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Stephen Boyd <stephen.boyd@linaro.org>,
Mimi Zohar <zohar@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
Peter Jones <pjones@redhat.com>,
"Joel Fernandes (Google)" <joel@joelfernandes.org>,
linux-security-module@vger.kernel.org,
Paul Moore <paul@paul-moore.com>,
Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
Matthew Garrett <matthewgarrett@google.com>,
James Morris <jmorris@namei.org>,
Matthew Wilcox <willy@infradead.org>,
KP Singh <kpsingh@google.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
selinux@vger.kernel.org, Jessica Yu <jeyu@kernel.org>,
Hans de Goede <hdegoede@redhat.com>,
Alexander Viro <viro@zeniv.linux.org.uk>,
linux-integrity@vger.kernel.org,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Stephen Smalley <stephen.smalley.work@gmail.com>,
Randy Dunlap <rdunlap@infradead.org>,
kexec@lists.infradead.org, linux-kernel@vger.kernel.org,
Luis Chamberlain <mcgrof@kernel.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Dave Olsthoorn <dave@bewaar.me>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
Casey Schaufler <casey@schaufler-ca.com>,
linux-fsdevel@vger.kernel.org,
Andrew Morton <akpm@linux-foundation.org>
Subject: Re: [PATCH 06/13] fs/kernel_read_file: Remove redundant size argument
Date: Fri, 17 Jul 2020 12:55:37 -0700 [thread overview]
Message-ID: <ad1f7aa8-0b20-b611-d35f-5cdba33e0b7e@broadcom.com> (raw)
In-Reply-To: <39b2d8af-812f-8c5e-3957-34543add0173@broadcom.com>
On 2020-07-17 12:04 p.m., Scott Branden wrote:
> Hi Kees,
>
> On 2020-07-17 10:43 a.m., Kees Cook wrote:
>> In preparation for refactoring kernel_read_file*(), remove the redundant
>> "size" argument which is not needed: it can be included in the return
> I don't think the size argument is redundant though.
> The existing kernel_read_file functions always read the whole file.
> Now, what happens if the file is bigger than the buffer.
> How does kernel_read_file know it read the whole file by looking at
> the return value?
Actually, this change looks ok dealing with the size. I'll look at the
rest.
>
>> code, with callers adjusted. (VFS reads already cannot be larger than
>> INT_MAX.)
>>
>> Signed-off-by: Kees Cook <keescook@chromium.org>
>> ---
>> drivers/base/firmware_loader/main.c | 8 ++++----
>> fs/kernel_read_file.c | 20 +++++++++-----------
>> include/linux/kernel_read_file.h | 8 ++++----
>> kernel/kexec_file.c | 13 ++++++-------
>> kernel/module.c | 7 +++----
>> security/integrity/digsig.c | 5 +++--
>> security/integrity/ima/ima_fs.c | 5 +++--
>> 7 files changed, 32 insertions(+), 34 deletions(-)
>>
>> diff --git a/drivers/base/firmware_loader/main.c
>> b/drivers/base/firmware_loader/main.c
>> index d4a413ea48ce..ea419c7d3d34 100644
>> --- a/drivers/base/firmware_loader/main.c
>> +++ b/drivers/base/firmware_loader/main.c
>> @@ -462,7 +462,7 @@ fw_get_filesystem_firmware(struct device *device,
>> struct fw_priv *fw_priv,
>> size_t in_size,
>> const void *in_buffer))
>> {
>> - loff_t size;
>> + size_t size;
>> int i, len;
>> int rc = -ENOENT;
>> char *path;
>> @@ -494,10 +494,9 @@ fw_get_filesystem_firmware(struct device
>> *device, struct fw_priv *fw_priv,
>> fw_priv->size = 0;
>> /* load firmware files from the mount namespace of init */
>> - rc = kernel_read_file_from_path_initns(path, &buffer,
>> - &size, msize,
>> + rc = kernel_read_file_from_path_initns(path, &buffer, msize,
>> READING_FIRMWARE);
>> - if (rc) {
>> + if (rc < 0) {
>> if (rc != -ENOENT)
>> dev_warn(device, "loading %s failed with error %d\n",
>> path, rc);
>> @@ -506,6 +505,7 @@ fw_get_filesystem_firmware(struct device *device,
>> struct fw_priv *fw_priv,
>> path);
>> continue;
>> }
>> + size = rc;
>> dev_dbg(device, "Loading firmware from %s\n", path);
>> if (decompress) {
>> dev_dbg(device, "f/w decompressing %s\n",
>> diff --git a/fs/kernel_read_file.c b/fs/kernel_read_file.c
>> index 54d972d4befc..dc28a8def597 100644
>> --- a/fs/kernel_read_file.c
>> +++ b/fs/kernel_read_file.c
>> @@ -5,7 +5,7 @@
>> #include <linux/security.h>
>> #include <linux/vmalloc.h>
>> -int kernel_read_file(struct file *file, void **buf, loff_t *size,
>> +int kernel_read_file(struct file *file, void **buf,
>> loff_t max_size, enum kernel_read_file_id id)
>> {
>> loff_t i_size, pos;
>> @@ -29,7 +29,7 @@ int kernel_read_file(struct file *file, void **buf,
>> loff_t *size,
>> ret = -EINVAL;
>> goto out;
>> }
>> - if (i_size > SIZE_MAX || (max_size > 0 && i_size > max_size)) {
>> + if (i_size > INT_MAX || (max_size > 0 && i_size > max_size)) {
> Should this be SSIZE_MAX?
>> ret = -EFBIG;
>> goto out;
>> }
>> @@ -59,8 +59,6 @@ int kernel_read_file(struct file *file, void **buf,
>> loff_t *size,
>> }
>> ret = security_kernel_post_read_file(file, *buf, i_size, id);
>> - if (!ret)
>> - *size = pos;
>> out_free:
>> if (ret < 0) {
>> @@ -72,11 +70,11 @@ int kernel_read_file(struct file *file, void
>> **buf, loff_t *size,
>> out:
>> allow_write_access(file);
>> - return ret;
>> + return ret == 0 ? pos : ret;
>> }
>> EXPORT_SYMBOL_GPL(kernel_read_file);
>> -int kernel_read_file_from_path(const char *path, void **buf,
>> loff_t *size,
>> +int kernel_read_file_from_path(const char *path, void **buf,
>> loff_t max_size, enum kernel_read_file_id id)
>> {
>> struct file *file;
>> @@ -89,14 +87,14 @@ int kernel_read_file_from_path(const char *path,
>> void **buf, loff_t *size,
>> if (IS_ERR(file))
>> return PTR_ERR(file);
>> - ret = kernel_read_file(file, buf, size, max_size, id);
>> + ret = kernel_read_file(file, buf, max_size, id);
>> fput(file);
>> return ret;
>> }
>> EXPORT_SYMBOL_GPL(kernel_read_file_from_path);
>> int kernel_read_file_from_path_initns(const char *path, void **buf,
>> - loff_t *size, loff_t max_size,
>> + loff_t max_size,
>> enum kernel_read_file_id id)
>> {
>> struct file *file;
>> @@ -115,13 +113,13 @@ int kernel_read_file_from_path_initns(const
>> char *path, void **buf,
>> if (IS_ERR(file))
>> return PTR_ERR(file);
>> - ret = kernel_read_file(file, buf, size, max_size, id);
>> + ret = kernel_read_file(file, buf, max_size, id);
>> fput(file);
>> return ret;
>> }
>> EXPORT_SYMBOL_GPL(kernel_read_file_from_path_initns);
>> -int kernel_read_file_from_fd(int fd, void **buf, loff_t *size,
>> loff_t max_size,
>> +int kernel_read_file_from_fd(int fd, void **buf, loff_t max_size,
>> enum kernel_read_file_id id)
>> {
>> struct fd f = fdget(fd);
>> @@ -130,7 +128,7 @@ int kernel_read_file_from_fd(int fd, void **buf,
>> loff_t *size, loff_t max_size,
>> if (!f.file)
>> goto out;
>> - ret = kernel_read_file(f.file, buf, size, max_size, id);
>> + ret = kernel_read_file(f.file, buf, max_size, id);
>> out:
>> fdput(f);
>> return ret;
>> diff --git a/include/linux/kernel_read_file.h
>> b/include/linux/kernel_read_file.h
>> index 78cf3d7dc835..0ca0bdbed1bd 100644
>> --- a/include/linux/kernel_read_file.h
>> +++ b/include/linux/kernel_read_file.h
>> @@ -36,16 +36,16 @@ static inline const char
>> *kernel_read_file_id_str(enum kernel_read_file_id id)
>> }
>> int kernel_read_file(struct file *file,
>> - void **buf, loff_t *size, loff_t max_size,
>> + void **buf, loff_t max_size,
>> enum kernel_read_file_id id);
>> int kernel_read_file_from_path(const char *path,
>> - void **buf, loff_t *size, loff_t max_size,
>> + void **buf, loff_t max_size,
>> enum kernel_read_file_id id);
>> int kernel_read_file_from_path_initns(const char *path,
>> - void **buf, loff_t *size, loff_t max_size,
>> + void **buf, loff_t max_size,
>> enum kernel_read_file_id id);
>> int kernel_read_file_from_fd(int fd,
>> - void **buf, loff_t *size, loff_t max_size,
>> + void **buf, loff_t max_size,
>> enum kernel_read_file_id id);
>> #endif /* _LINUX_KERNEL_READ_FILE_H */
>> diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c
>> index 1358069ce9e9..a201bbb19158 100644
>> --- a/kernel/kexec_file.c
>> +++ b/kernel/kexec_file.c
>> @@ -220,13 +220,12 @@ kimage_file_prepare_segments(struct kimage
>> *image, int kernel_fd, int initrd_fd,
>> {
>> int ret;
>> void *ldata;
>> - loff_t size;
>> ret = kernel_read_file_from_fd(kernel_fd, &image->kernel_buf,
>> - &size, INT_MAX, READING_KEXEC_IMAGE);
>> - if (ret)
>> + INT_MAX, READING_KEXEC_IMAGE);
>> + if (ret < 0)
>> return ret;
>> - image->kernel_buf_len = size;
>> + image->kernel_buf_len = ret;
>> /* Call arch image probe handlers */
>> ret = arch_kexec_kernel_image_probe(image, image->kernel_buf,
>> @@ -243,11 +242,11 @@ kimage_file_prepare_segments(struct kimage
>> *image, int kernel_fd, int initrd_fd,
>> /* It is possible that there no initramfs is being loaded */
>> if (!(flags & KEXEC_FILE_NO_INITRAMFS)) {
>> ret = kernel_read_file_from_fd(initrd_fd, &image->initrd_buf,
>> - &size, INT_MAX,
>> + INT_MAX,
>> READING_KEXEC_INITRAMFS);
>> - if (ret)
>> + if (ret < 0)
>> goto out;
>> - image->initrd_buf_len = size;
>> + image->initrd_buf_len = ret;
>> }
>> if (cmdline_len) {
>> diff --git a/kernel/module.c b/kernel/module.c
>> index e9765803601b..b6fd4f51cc30 100644
>> --- a/kernel/module.c
>> +++ b/kernel/module.c
>> @@ -3988,7 +3988,6 @@ SYSCALL_DEFINE3(init_module, void __user *, umod,
>> SYSCALL_DEFINE3(finit_module, int, fd, const char __user *, uargs,
>> int, flags)
>> {
>> struct load_info info = { };
>> - loff_t size;
>> void *hdr = NULL;
>> int err;
>> @@ -4002,12 +4001,12 @@ SYSCALL_DEFINE3(finit_module, int, fd,
>> const char __user *, uargs, int, flags)
>> |MODULE_INIT_IGNORE_VERMAGIC))
>> return -EINVAL;
>> - err = kernel_read_file_from_fd(fd, &hdr, &size, INT_MAX,
>> + err = kernel_read_file_from_fd(fd, &hdr, INT_MAX,
>> READING_MODULE);
>> - if (err)
>> + if (err < 0)
>> return err;
>> info.hdr = hdr;
>> - info.len = size;
>> + info.len = err;
>> return load_module(&info, uargs, flags);
>> }
>> diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
>> index f8869be45d8f..97661ffabc4e 100644
>> --- a/security/integrity/digsig.c
>> +++ b/security/integrity/digsig.c
>> @@ -171,16 +171,17 @@ int __init integrity_add_key(const unsigned int
>> id, const void *data,
>> int __init integrity_load_x509(const unsigned int id, const char
>> *path)
>> {
>> void *data = NULL;
>> - loff_t size;
>> + size_t size;
>> int rc;
>> key_perm_t perm;
>> - rc = kernel_read_file_from_path(path, &data, &size, 0,
>> + rc = kernel_read_file_from_path(path, &data, 0,
>> READING_X509_CERTIFICATE);
>> if (rc < 0) {
>> pr_err("Unable to open file: %s (%d)", path, rc);
>> return rc;
>> }
>> + size = rc;
>> perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW |
>> KEY_USR_READ;
>> diff --git a/security/integrity/ima/ima_fs.c
>> b/security/integrity/ima/ima_fs.c
>> index e13ffece3726..9ba145d3d6d9 100644
>> --- a/security/integrity/ima/ima_fs.c
>> +++ b/security/integrity/ima/ima_fs.c
>> @@ -275,7 +275,7 @@ static ssize_t ima_read_policy(char *path)
>> {
>> void *data = NULL;
>> char *datap;
>> - loff_t size;
>> + size_t size;
>> int rc, pathlen = strlen(path);
>> char *p;
>> @@ -284,11 +284,12 @@ static ssize_t ima_read_policy(char *path)
>> datap = path;
>> strsep(&datap, "\n");
>> - rc = kernel_read_file_from_path(path, &data, &size, 0,
>> READING_POLICY);
>> + rc = kernel_read_file_from_path(path, &data, 0, READING_POLICY);
>> if (rc < 0) {
>> pr_err("Unable to open file: %s (%d)", path, rc);
>> return rc;
>> }
>> + size = rc;
>> datap = data;
>> while (size > 0 && (p = strsep(&datap, "\n"))) {
>
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2020-07-17 19:55 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-17 17:42 [PATCH 00/13] Introduce partial kernel_read_file() support Kees Cook
2020-07-17 17:42 ` Kees Cook
2020-07-17 17:42 ` [PATCH 01/13] firmware_loader: EFI firmware loader must handle pre-allocated buffer Kees Cook
2020-07-17 17:42 ` Kees Cook
2020-07-17 19:08 ` Scott Branden
2020-07-17 19:08 ` Scott Branden
2020-07-17 17:42 ` [PATCH 02/13] fs/kernel_read_file: Remove FIRMWARE_PREALLOC_BUFFER enum Kees Cook
2020-07-17 17:42 ` Kees Cook
2020-07-17 19:09 ` Scott Branden
2020-07-17 19:09 ` Scott Branden
2020-07-17 17:42 ` [PATCH 03/13] fs/kernel_read_file: Remove FIRMWARE_EFI_EMBEDDED enum Kees Cook
2020-07-17 17:42 ` Kees Cook
2020-07-17 19:10 ` Scott Branden
2020-07-17 19:10 ` Scott Branden
2020-07-17 17:42 ` [PATCH 04/13] fs/kernel_read_file: Split into separate include file Kees Cook
2020-07-17 17:42 ` Kees Cook
2020-07-17 17:43 ` [PATCH 05/13] fs/kernel_read_file: Split into separate source file Kees Cook
2020-07-17 17:43 ` Kees Cook
2020-07-17 19:11 ` Scott Branden
2020-07-17 19:11 ` Scott Branden
2020-07-17 17:43 ` [PATCH 06/13] fs/kernel_read_file: Remove redundant size argument Kees Cook
2020-07-17 17:43 ` Kees Cook
2020-07-17 19:04 ` Scott Branden
2020-07-17 19:04 ` Scott Branden
2020-07-17 19:55 ` Scott Branden [this message]
2020-07-17 19:55 ` Scott Branden
2020-07-17 22:06 ` Kees Cook
2020-07-17 22:06 ` Kees Cook
2020-07-18 5:44 ` Scott Branden
2020-07-18 5:44 ` Scott Branden
2020-07-21 21:43 ` Scott Branden
2020-07-21 21:43 ` Scott Branden
2020-07-21 21:50 ` Kees Cook
2020-07-21 21:50 ` Kees Cook
2020-07-17 17:43 ` [PATCH 07/13] fs/kernel_read_file: Switch buffer size arg to size_t Kees Cook
2020-07-17 17:43 ` Kees Cook
2020-07-20 8:34 ` David Laight
2020-07-20 8:34 ` David Laight
2020-07-17 17:43 ` [PATCH 08/13] fs/kernel_read_file: Add file_size output argument Kees Cook
2020-07-17 17:43 ` Kees Cook
2020-07-17 17:43 ` [PATCH 09/13] LSM: Introduce kernel_post_load_data() hook Kees Cook
2020-07-17 17:43 ` Kees Cook
2020-07-17 17:43 ` [PATCH 10/13] firmware_loader: Use security_post_load_data() Kees Cook
2020-07-17 17:43 ` Kees Cook
2020-07-17 17:43 ` [PATCH 11/13] module: Call security_kernel_post_load_data() Kees Cook
2020-07-17 17:43 ` Kees Cook
2020-07-17 17:43 ` [PATCH 12/13] LSM: Add "contents" flag to kernel_read_file hook Kees Cook
2020-07-17 17:43 ` Kees Cook
2020-07-17 17:43 ` [PATCH 13/13] fs/kernel_file_read: Add "offset" arg for partial reads Kees Cook
2020-07-17 17:43 ` Kees Cook
2020-07-17 19:17 ` [PATCH 00/13] Introduce partial kernel_read_file() support Scott Branden
2020-07-17 19:17 ` Scott Branden
2020-07-17 22:10 ` Kees Cook
2020-07-17 22:10 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ad1f7aa8-0b20-b611-d35f-5cdba33e0b7e@broadcom.com \
--to=scott.branden@broadcom.com \
--cc=akpm@linux-foundation.org \
--cc=casey@schaufler-ca.com \
--cc=dave@bewaar.me \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=ebiederm@xmission.com \
--cc=gregkh@linuxfoundation.org \
--cc=hdegoede@redhat.com \
--cc=jeyu@kernel.org \
--cc=jmorris@namei.org \
--cc=joel@joelfernandes.org \
--cc=keescook@chromium.org \
--cc=kexec@lists.infradead.org \
--cc=kpsingh@google.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthewgarrett@google.com \
--cc=mcgrof@kernel.org \
--cc=mchehab+huawei@kernel.org \
--cc=paul@paul-moore.com \
--cc=peterz@infradead.org \
--cc=pjones@redhat.com \
--cc=rafael@kernel.org \
--cc=rdunlap@infradead.org \
--cc=selinux@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=stephen.boyd@linaro.org \
--cc=stephen.smalley.work@gmail.com \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.