From: Christoph Hellwig <hch@infradead.org>
To: Roberto Sassu <roberto.sassu@huawei.com>
Cc: zohar@linux.ibm.com, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, silviu.vlasceanu@huawei.com,
stable@vger.kernel.org, torvalds@linux-foundation.org,
viro@zeniv.linux.org.uk, linux-fsdevel@vger.kernel.org
Subject: Re: [RESEND][PATCH] ima: Set and clear FMODE_CAN_READ in ima_calc_file_hash()
Date: Sat, 14 Nov 2020 11:10:57 +0000 [thread overview]
Message-ID: <20201114111057.GA16415@infradead.org> (raw)
In-Reply-To: <20201113080132.16591-1-roberto.sassu@huawei.com>
On Fri, Nov 13, 2020 at 09:01:32AM +0100, Roberto Sassu wrote:
> Commit a1f9b1c0439db ("integrity/ima: switch to using __kernel_read")
> replaced the __vfs_read() call in integrity_kernel_read() with
> __kernel_read(), a new helper introduced by commit 61a707c543e2a ("fs: add
> a __kernel_read helper").
>
> Since the new helper requires that also the FMODE_CAN_READ flag is set in
> file->f_mode, this patch saves the original f_mode and sets the flag if the
> the file descriptor has the necessary file operation. Lastly, it restores
> the original f_mode at the end of ima_calc_file_hash().
This looks bogus. FMODE_CAN_READ has a pretty clear definition and
you can't just go and read things if it is not set. Also f_mode
manipulations on a life file are racy.
>
> Cc: stable@vger.kernel.org # 5.8.x
> Fixes: a1f9b1c0439db ("integrity/ima: switch to using __kernel_read")
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
> security/integrity/ima/ima_crypto.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
> index 21989fa0c107..22ed86a0c964 100644
> --- a/security/integrity/ima/ima_crypto.c
> +++ b/security/integrity/ima/ima_crypto.c
> @@ -537,6 +537,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
> loff_t i_size;
> int rc;
> struct file *f = file;
> + fmode_t saved_mode;
> bool new_file_instance = false, modified_mode = false;
>
> /*
> @@ -550,7 +551,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
> }
>
> /* Open a new file instance in O_RDONLY if we cannot read */
> - if (!(file->f_mode & FMODE_READ)) {
> + if (!(file->f_mode & FMODE_READ) || !(file->f_mode & FMODE_CAN_READ)) {
> int flags = file->f_flags & ~(O_WRONLY | O_APPEND |
> O_TRUNC | O_CREAT | O_NOCTTY | O_EXCL);
> flags |= O_RDONLY;
> @@ -562,7 +563,10 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
> */
> pr_info_ratelimited("Unable to reopen file for reading.\n");
> f = file;
> + saved_mode = f->f_mode;
> f->f_mode |= FMODE_READ;
> + if (likely(file->f_op->read || file->f_op->read_iter))
> + f->f_mode |= FMODE_CAN_READ;
> modified_mode = true;
> } else {
> new_file_instance = true;
> @@ -582,7 +586,7 @@ int ima_calc_file_hash(struct file *file, struct ima_digest_data *hash)
> if (new_file_instance)
> fput(f);
> else if (modified_mode)
> - f->f_mode &= ~FMODE_READ;
> + f->f_mode = saved_mode;
> return rc;
> }
>
> --
> 2.27.GIT
>
---end quoted text---
next prev parent reply other threads:[~2020-11-14 11:11 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-13 8:01 [RESEND][PATCH] ima: Set and clear FMODE_CAN_READ in ima_calc_file_hash() Roberto Sassu
2020-11-13 15:53 ` Mimi Zohar
2020-11-14 11:10 ` Christoph Hellwig [this message]
2020-11-16 8:52 ` Roberto Sassu
2020-11-16 16:22 ` Christoph Hellwig
2020-11-16 16:46 ` Mimi Zohar
2020-11-16 17:37 ` Linus Torvalds
2020-11-16 17:41 ` Christoph Hellwig
2020-11-16 18:09 ` Linus Torvalds
2020-11-16 18:35 ` Mimi Zohar
2020-11-17 18:23 ` Linus Torvalds
2020-11-17 18:54 ` Theodore Y. Ts'o
2020-11-17 23:23 ` Mimi Zohar
2020-11-17 23:29 ` Linus Torvalds
2020-11-17 23:36 ` Linus Torvalds
2020-11-18 18:28 ` Mimi Zohar
2020-11-20 12:52 ` Roberto Sassu
2020-11-16 18:21 ` Mimi Zohar
2020-11-16 18:08 ` Al Viro
2020-11-16 18:49 ` Mimi Zohar
2020-11-17 12:29 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201114111057.GA16415@infradead.org \
--to=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=roberto.sassu@huawei.com \
--cc=silviu.vlasceanu@huawei.com \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.