From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-fsdevel-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id EC420C433EF
	for <linux-fsdevel@archiver.kernel.org>; Wed,  6 Oct 2021 13:58:03 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by mail.kernel.org (Postfix) with ESMTP id C2B9261181
	for <linux-fsdevel@archiver.kernel.org>; Wed,  6 Oct 2021 13:58:03 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238273AbhJFN7y (ORCPT
        <rfc822;linux-fsdevel@archiver.kernel.org>);
        Wed, 6 Oct 2021 09:59:54 -0400
Received: from outgoing-auth-1.mit.edu ([18.9.28.11]:52176 "EHLO
        outgoing.mit.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S231384AbhJFN7y (ORCPT
        <rfc822;linux-fsdevel@vger.kernel.org>);
        Wed, 6 Oct 2021 09:59:54 -0400
Received: from cwcc.thunk.org (pool-72-74-133-215.bstnma.fios.verizon.net [72.74.133.215])
        (authenticated bits=0)
        (User authenticated as tytso@ATHENA.MIT.EDU)
        by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 196DvMuc023362
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Wed, 6 Oct 2021 09:57:23 -0400
Received: by cwcc.thunk.org (Postfix, from userid 15806)
        id 409F915C34DF; Wed,  6 Oct 2021 09:57:22 -0400 (EDT)
Date:   Wed, 6 Oct 2021 09:57:22 -0400
From:   "Theodore Ts'o" <tytso@mit.edu>
To:     Matthew Wilcox <willy@infradead.org>
Cc:     Hao Sun <sunhao.th@gmail.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        linux-fsdevel@vger.kernel.org, viro@zeniv.linux.org.uk,
        Christoph Hellwig <hch@lst.de>,
        Kees Cook <keescook@chromium.org>
Subject: Re: WARNING in __kernel_read
Message-ID: <YV2rQnl1kJ84C1RV@mit.edu>
References: <CACkBjsbPsmUiC7NFgOZcVcwPA7RLpiCFkgEA=LsnvcFsWFG34Q@mail.gmail.com>
 <YV2T3HVHHmQPHVYG@casper.infradead.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <YV2T3HVHHmQPHVYG@casper.infradead.org>
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org

On Wed, Oct 06, 2021 at 01:17:32PM +0100, Matthew Wilcox wrote:
> finit_module() is not the only caller of kernel_read_file_from_fd()
> which passes it a fd that userspace passed in, for example
> kexec_file_load() doesn't validate the fd either.  We could validate
> the fd in individual syscalls, in kernel_read_file_from_fd()
> or just do what vfs_read() does and return -EBADF without warning.

My suggestion would be to do both, and keep a WARN() in
__kernel_read(), since that should never happen (and we want a stack
trace if it does).

						- Ted