From: Mimi Zohar <zohar@linux.vnet.ibm.com> To: Christoph Hellwig <hch@lst.de>, Al Viro <viro@zeniv.linux.org.uk> Cc: James Morris <jmorris@namei.org>, linux-fsdevel@vger.kernel.org, linux-ima-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, Mimi Zohar <zohar@linux.vnet.ibm.com> Subject: [PATCH v2 02/10] ima: use fs method to read integrity data Date: Wed, 21 Jun 2017 14:18:22 -0400 [thread overview] Message-ID: <1498069110-10009-3-git-send-email-zohar@linux.vnet.ibm.com> (raw) In-Reply-To: <1498069110-10009-1-git-send-email-zohar@linux.vnet.ibm.com> From: Christoph Hellwig <hch@lst.de> Add a new ->integrity_read file operation to read data for integrity hash collection. This is defined to be equivalent to ->read_iter, except that it will be called with the i_rwsem held exclusively. Changelog v2: - change iovec to kvec Changelog v1: - update the patch description, removing the concept that the presence of ->integrity_read indicates that the file system can support IMA. (Mimi) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> --- fs/btrfs/file.c | 1 + fs/ext4/file.c | 1 + fs/xfs/xfs_file.c | 21 +++++++++++++++++++++ include/linux/fs.h | 1 + security/integrity/iint.c | 20 ++++++++++++++------ 5 files changed, 38 insertions(+), 6 deletions(-) diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index da1096eb1a40..003e859b56c4 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -3087,6 +3087,7 @@ const struct file_operations btrfs_file_operations = { #endif .clone_file_range = btrfs_clone_file_range, .dedupe_file_range = btrfs_dedupe_file_range, + .integrity_read = generic_file_read_iter, }; void btrfs_auto_defrag_exit(void) diff --git a/fs/ext4/file.c b/fs/ext4/file.c index 831fd6beebf0..e7b2bd43cdc4 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -753,6 +753,7 @@ const struct file_operations ext4_file_operations = { .splice_read = generic_file_splice_read, .splice_write = iter_file_splice_write, .fallocate = ext4_fallocate, + .integrity_read = ext4_file_read_iter, }; const struct inode_operations ext4_file_inode_operations = { diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index 35703a801372..3d6ace2a79bc 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -288,6 +288,26 @@ xfs_file_read_iter( return ret; } +static ssize_t +xfs_integrity_read( + struct kiocb *iocb, + struct iov_iter *to) +{ + struct inode *inode = file_inode(iocb->ki_filp); + struct xfs_mount *mp = XFS_I(inode)->i_mount; + + lockdep_assert_held(&inode->i_rwsem); + + XFS_STATS_INC(mp, xs_read_calls); + + if (XFS_FORCED_SHUTDOWN(mp)) + return -EIO; + + if (IS_DAX(inode)) + return dax_iomap_rw(iocb, to, &xfs_iomap_ops); + return generic_file_read_iter(iocb, to); +} + /* * Zero any on disk space between the current EOF and the new, larger EOF. * @@ -1534,6 +1554,7 @@ const struct file_operations xfs_file_operations = { .fallocate = xfs_file_fallocate, .clone_file_range = xfs_file_clone_range, .dedupe_file_range = xfs_file_dedupe_range, + .integrity_read = xfs_integrity_read, }; const struct file_operations xfs_dir_file_operations = { diff --git a/include/linux/fs.h b/include/linux/fs.h index 803e5a9b2654..36edfe84c4bf 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1690,6 +1690,7 @@ struct file_operations { u64); ssize_t (*dedupe_file_range)(struct file *, u64, u64, struct file *, u64); + ssize_t (*integrity_read)(struct kiocb *, struct iov_iter *); }; struct inode_operations { diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 6fc888ca468e..df04f35a1d40 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -21,6 +21,7 @@ #include <linux/rbtree.h> #include <linux/file.h> #include <linux/uaccess.h> +#include <linux/uio.h> #include "integrity.h" static struct rb_root integrity_iint_tree = RB_ROOT; @@ -184,18 +185,25 @@ security_initcall(integrity_iintcache_init); int integrity_kernel_read(struct file *file, loff_t offset, void *addr, unsigned long count) { - mm_segment_t old_fs; - char __user *buf = (char __user *)addr; + struct inode *inode = file_inode(file); + struct kvec iov = { .iov_base = addr, .iov_len = count }; + struct kiocb kiocb; + struct iov_iter iter; ssize_t ret; + lockdep_assert_held(&inode->i_rwsem); + if (!(file->f_mode & FMODE_READ)) return -EBADF; + if (!file->f_op->integrity_read) + return -EBADF; - old_fs = get_fs(); - set_fs(get_ds()); - ret = __vfs_read(file, buf, count, &offset); - set_fs(old_fs); + init_sync_kiocb(&kiocb, file); + kiocb.ki_pos = offset; + iov_iter_kvec(&iter, READ | ITER_KVEC, &iov, 1, count); + ret = file->f_op->integrity_read(&kiocb, &iter); + BUG_ON(ret == -EIOCBQUEUED); return ret; } -- 2.7.4
WARNING: multiple messages have this Message-ID (diff)
From: zohar@linux.vnet.ibm.com (Mimi Zohar) To: linux-security-module@vger.kernel.org Subject: [PATCH v2 02/10] ima: use fs method to read integrity data Date: Wed, 21 Jun 2017 14:18:22 -0400 [thread overview] Message-ID: <1498069110-10009-3-git-send-email-zohar@linux.vnet.ibm.com> (raw) In-Reply-To: <1498069110-10009-1-git-send-email-zohar@linux.vnet.ibm.com> From: Christoph Hellwig <hch@lst.de> Add a new ->integrity_read file operation to read data for integrity hash collection. This is defined to be equivalent to ->read_iter, except that it will be called with the i_rwsem held exclusively. Changelog v2: - change iovec to kvec Changelog v1: - update the patch description, removing the concept that the presence of ->integrity_read indicates that the file system can support IMA. (Mimi) Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> --- fs/btrfs/file.c | 1 + fs/ext4/file.c | 1 + fs/xfs/xfs_file.c | 21 +++++++++++++++++++++ include/linux/fs.h | 1 + security/integrity/iint.c | 20 ++++++++++++++------ 5 files changed, 38 insertions(+), 6 deletions(-) diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index da1096eb1a40..003e859b56c4 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -3087,6 +3087,7 @@ const struct file_operations btrfs_file_operations = { #endif .clone_file_range = btrfs_clone_file_range, .dedupe_file_range = btrfs_dedupe_file_range, + .integrity_read = generic_file_read_iter, }; void btrfs_auto_defrag_exit(void) diff --git a/fs/ext4/file.c b/fs/ext4/file.c index 831fd6beebf0..e7b2bd43cdc4 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -753,6 +753,7 @@ const struct file_operations ext4_file_operations = { .splice_read = generic_file_splice_read, .splice_write = iter_file_splice_write, .fallocate = ext4_fallocate, + .integrity_read = ext4_file_read_iter, }; const struct inode_operations ext4_file_inode_operations = { diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index 35703a801372..3d6ace2a79bc 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c @@ -288,6 +288,26 @@ xfs_file_read_iter( return ret; } +static ssize_t +xfs_integrity_read( + struct kiocb *iocb, + struct iov_iter *to) +{ + struct inode *inode = file_inode(iocb->ki_filp); + struct xfs_mount *mp = XFS_I(inode)->i_mount; + + lockdep_assert_held(&inode->i_rwsem); + + XFS_STATS_INC(mp, xs_read_calls); + + if (XFS_FORCED_SHUTDOWN(mp)) + return -EIO; + + if (IS_DAX(inode)) + return dax_iomap_rw(iocb, to, &xfs_iomap_ops); + return generic_file_read_iter(iocb, to); +} + /* * Zero any on disk space between the current EOF and the new, larger EOF. * @@ -1534,6 +1554,7 @@ const struct file_operations xfs_file_operations = { .fallocate = xfs_file_fallocate, .clone_file_range = xfs_file_clone_range, .dedupe_file_range = xfs_file_dedupe_range, + .integrity_read = xfs_integrity_read, }; const struct file_operations xfs_dir_file_operations = { diff --git a/include/linux/fs.h b/include/linux/fs.h index 803e5a9b2654..36edfe84c4bf 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1690,6 +1690,7 @@ struct file_operations { u64); ssize_t (*dedupe_file_range)(struct file *, u64, u64, struct file *, u64); + ssize_t (*integrity_read)(struct kiocb *, struct iov_iter *); }; struct inode_operations { diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 6fc888ca468e..df04f35a1d40 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -21,6 +21,7 @@ #include <linux/rbtree.h> #include <linux/file.h> #include <linux/uaccess.h> +#include <linux/uio.h> #include "integrity.h" static struct rb_root integrity_iint_tree = RB_ROOT; @@ -184,18 +185,25 @@ security_initcall(integrity_iintcache_init); int integrity_kernel_read(struct file *file, loff_t offset, void *addr, unsigned long count) { - mm_segment_t old_fs; - char __user *buf = (char __user *)addr; + struct inode *inode = file_inode(file); + struct kvec iov = { .iov_base = addr, .iov_len = count }; + struct kiocb kiocb; + struct iov_iter iter; ssize_t ret; + lockdep_assert_held(&inode->i_rwsem); + if (!(file->f_mode & FMODE_READ)) return -EBADF; + if (!file->f_op->integrity_read) + return -EBADF; - old_fs = get_fs(); - set_fs(get_ds()); - ret = __vfs_read(file, buf, count, &offset); - set_fs(old_fs); + init_sync_kiocb(&kiocb, file); + kiocb.ki_pos = offset; + iov_iter_kvec(&iter, READ | ITER_KVEC, &iov, 1, count); + ret = file->f_op->integrity_read(&kiocb, &iter); + BUG_ON(ret == -EIOCBQUEUED); return ret; } -- 2.7.4 -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-06-21 18:19 UTC|newest] Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-06-21 18:18 [PATCH v2 00/10] define new fs integrity_read method Mimi Zohar 2017-06-21 18:18 ` Mimi Zohar 2017-06-21 18:18 ` [PATCH v2 01/10] ima: always measure and audit files in policy Mimi Zohar 2017-06-21 18:18 ` Mimi Zohar 2017-06-21 18:18 ` Mimi Zohar [this message] 2017-06-21 18:18 ` [PATCH v2 02/10] ima: use fs method to read integrity data Mimi Zohar 2017-06-28 14:38 ` Christoph Hellwig 2017-06-28 14:38 ` Christoph Hellwig 2017-06-21 18:18 ` [PATCH v2 03/10] ima: define "dont_failsafe" policy action rule Mimi Zohar 2017-06-21 18:18 ` Mimi Zohar 2017-06-21 18:18 ` [PATCH v2 04/10] ima: define "fs_unsafe" builtin policy Mimi Zohar 2017-06-21 18:18 ` Mimi Zohar 2017-06-21 18:18 ` [PATCH v2 05/10] tmpfs: define integrity_read method Mimi Zohar 2017-06-21 18:18 ` Mimi Zohar 2017-06-28 14:38 ` Christoph Hellwig 2017-06-28 14:38 ` Christoph Hellwig 2017-07-06 11:55 ` Mimi Zohar 2017-07-06 11:55 ` Mimi Zohar 2017-07-06 11:55 ` Mimi Zohar 2017-06-21 18:18 ` [PATCH v2 06/10] fs: define integrity_read method for ext2, gfs2, f2fs, jfs, ramfs Mimi Zohar 2017-06-21 18:18 ` Mimi Zohar 2017-06-28 14:39 ` Christoph Hellwig 2017-06-28 14:39 ` Christoph Hellwig 2017-06-21 18:18 ` [PATCH v2 07/10] ocfs2: define integrity_read method Mimi Zohar 2017-06-21 18:18 ` [Ocfs2-devel] " Mimi Zohar 2017-06-21 18:18 ` Mimi Zohar 2017-06-28 14:39 ` Christoph Hellwig 2017-06-28 14:39 ` [Ocfs2-devel] " Christoph Hellwig 2017-06-28 14:39 ` Christoph Hellwig 2017-06-21 18:18 ` [PATCH v2 08/10] jffs2: " Mimi Zohar 2017-06-21 18:18 ` Mimi Zohar 2017-06-28 14:39 ` Christoph Hellwig 2017-06-28 14:39 ` Christoph Hellwig 2017-06-21 18:18 ` [PATCH v2 09/10] ubifs: " Mimi Zohar 2017-06-21 18:18 ` Mimi Zohar 2017-06-28 14:39 ` Christoph Hellwig 2017-06-28 14:39 ` Christoph Hellwig 2017-06-21 18:18 ` [PATCH v2 10/10] ima: use existing read file operation method to calculate file hash Mimi Zohar 2017-06-21 18:18 ` Mimi Zohar 2017-06-28 14:41 ` Christoph Hellwig 2017-06-28 14:41 ` Christoph Hellwig 2017-07-05 14:50 ` Mimi Zohar 2017-07-05 14:50 ` Mimi Zohar 2017-07-05 17:02 ` Matthew Garrett 2017-07-05 17:02 ` Matthew Garrett 2017-07-05 17:18 ` Christoph Hellwig 2017-07-05 17:18 ` Christoph Hellwig
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1498069110-10009-3-git-send-email-zohar@linux.vnet.ibm.com \ --to=zohar@linux.vnet.ibm.com \ --cc=hch@lst.de \ --cc=jmorris@namei.org \ --cc=linux-fsdevel@vger.kernel.org \ --cc=linux-ima-devel@lists.sourceforge.net \ --cc=linux-security-module@vger.kernel.org \ --cc=viro@zeniv.linux.org.uk \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.