RE: [RESEND][PATCH] ima: Set and clear FMODE_CAN_READ in ima_calc_file_hash()

[Roberto Sassu <roberto.sassu@huawei.com>]

> From: Christoph Hellwig [mailto:hch@infradead.org]
> Sent: Saturday, November 14, 2020 12:11 PM
> On Fri, Nov 13, 2020 at 09:01:32AM +0100, Roberto Sassu wrote:
> > Commit a1f9b1c0439db ("integrity/ima: switch to using __kernel_read")
> > replaced the __vfs_read() call in integrity_kernel_read() with
> > __kernel_read(), a new helper introduced by commit 61a707c543e2a ("fs:
> add
> > a __kernel_read helper").
> >
> > Since the new helper requires that also the FMODE_CAN_READ flag is set
> in
> > file->f_mode, this patch saves the original f_mode and sets the flag if the
> > the file descriptor has the necessary file operation. Lastly, it restores
> > the original f_mode at the end of ima_calc_file_hash().
> 
> This looks bogus.  FMODE_CAN_READ has a pretty clear definition and
> you can't just go and read things if it is not set.  Also f_mode
> manipulations on a life file are racy.

FMODE_CAN_READ was not set because f_mode does not have
FMODE_READ. In the patch, I check if the former can be set
similarly to the way it is done in file_table.c and open.c.

Is there a better way to read a file when the file was not opened
for reading and a new file descriptor cannot be created?

Thanks

Roberto

HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Li Peng, Li Jian, Shi Yanli

> > Cc: stable@vger.kernel.org # 5.8.x
> > Fixes: a1f9b1c0439db ("integrity/ima: switch to using __kernel_read")
> > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > ---
> >  security/integrity/ima/ima_crypto.c | 8 ++++++--
> >  1 file changed, 6 insertions(+), 2 deletions(-)
> >
> > diff --git a/security/integrity/ima/ima_crypto.c
> b/security/integrity/ima/ima_crypto.c
> > index 21989fa0c107..22ed86a0c964 100644
> > --- a/security/integrity/ima/ima_crypto.c
> > +++ b/security/integrity/ima/ima_crypto.c
> > @@ -537,6 +537,7 @@ int ima_calc_file_hash(struct file *file, struct
> ima_digest_data *hash)
> >  	loff_t i_size;
> >  	int rc;
> >  	struct file *f = file;
> > +	fmode_t saved_mode;
> >  	bool new_file_instance = false, modified_mode = false;
> >
> >  	/*
> > @@ -550,7 +551,7 @@ int ima_calc_file_hash(struct file *file, struct
> ima_digest_data *hash)
> >  	}
> >
> >  	/* Open a new file instance in O_RDONLY if we cannot read */
> > -	if (!(file->f_mode & FMODE_READ)) {
> > +	if (!(file->f_mode & FMODE_READ) || !(file->f_mode &
> FMODE_CAN_READ)) {
> >  		int flags = file->f_flags & ~(O_WRONLY | O_APPEND |
> >  				O_TRUNC | O_CREAT | O_NOCTTY |
> O_EXCL);
> >  		flags |= O_RDONLY;
> > @@ -562,7 +563,10 @@ int ima_calc_file_hash(struct file *file, struct
> ima_digest_data *hash)
> >  			 */
> >  			pr_info_ratelimited("Unable to reopen file for
> reading.\n");
> >  			f = file;
> > +			saved_mode = f->f_mode;
> >  			f->f_mode |= FMODE_READ;
> > +			if (likely(file->f_op->read || file->f_op->read_iter))
> > +				f->f_mode |= FMODE_CAN_READ;
> >  			modified_mode = true;
> >  		} else {
> >  			new_file_instance = true;
> > @@ -582,7 +586,7 @@ int ima_calc_file_hash(struct file *file, struct
> ima_digest_data *hash)
> >  	if (new_file_instance)
> >  		fput(f);
> >  	else if (modified_mode)
> > -		f->f_mode &= ~FMODE_READ;
> > +		f->f_mode = saved_mode;
> >  	return rc;
> >  }
> >
> > --
> > 2.27.GIT
> >
> ---end quoted text---