From: Scott Branden <scott.branden@broadcom.com>
To: Mimi Zohar <zohar@kernel.org>,
Luis Chamberlain <mcgrof@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
David Brown <david.brown@linaro.org>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Shuah Khan <shuah@kernel.org>,
bjorn.andersson@linaro.org,
Shuah Khan <skhan@linuxfoundation.org>,
Arnd Bergmann <arnd@arndb.de>
Cc: "Rafael J . Wysocki" <rafael@kernel.org>,
linux-kernel@vger.kernel.org, linux-arm-msm@vger.kernel.org,
linux-fsdevel@vger.kernel.org,
BCM Kernel Feedback <bcm-kernel-feedback-list@broadcom.com>,
Olof Johansson <olof@lixom.net>,
Andrew Morton <akpm@linux-foundation.org>,
Dan Carpenter <dan.carpenter@oracle.com>,
Colin Ian King <colin.king@canonical.com>,
Kees Cook <keescook@chromium.org>, Takashi Iwai <tiwai@suse.de>,
linux-kselftest@vger.kernel.org, Andy Gross <agross@kernel.org>,
linux-security-module <linux-security-module@vger.kernel.org>,
linux-integrity <linux-integrity@vger.kernel.org>
Subject: Re: [PATCH v5 1/7] fs: introduce kernel_pread_file* support
Date: Wed, 13 May 2020 11:53:23 -0700 [thread overview]
Message-ID: <0e6b5f65-8c61-b02e-7d35-b4ae52aebcf3@broadcom.com> (raw)
In-Reply-To: <1589395153.5098.158.camel@kernel.org>
Hi Mimi,
On 2020-05-13 11:39 a.m., Mimi Zohar wrote:
> [Cc'ing linux-security-module, linux-integrity]
>
> On Thu, 2020-05-07 at 17:27 -0700, Scott Branden wrote:
>> Add kernel_pread_file* support to kernel to allow for partial read
>> of files with an offset into the file. Existing kernel_read_file
>> functions call new kernel_pread_file functions with offset=0 and
>> flags=KERNEL_PREAD_FLAG_WHOLE.
>>
>> Signed-off-by: Scott Branden <scott.branden@broadcom.com>
>> ---
> <snip>
>
>> @@ -941,14 +955,16 @@ int kernel_read_file(struct file *file, void **buf, loff_t *size,
The checkpatch shows this as kernel_read_file when it is actually the
new function kernel_pread_file.
Please see the call to kernel_pread_file from kernel_read_file in the
complete patch rather this snippet.
>>
>> if (bytes == 0)
>> break;
>> +
>> + buf_pos += bytes;
>> }
>>
>> - if (pos != i_size) {
>> + if (pos != read_end) {
>> ret = -EIO;
>> goto out_free;
>> }
>>
>> - ret = security_kernel_post_read_file(file, *buf, i_size, id);
>> + ret = security_kernel_post_read_file(file, *buf, alloc_size, id);
>> if (!ret)
>> *size = pos;
> Prior to the patch set that introduced this security hook, firmware
> would be read twice, once for measuring/appraising the firmware and
> again reading the file contents into memory. Partial reads will break
> both IMA's measuring the file and appraising the file signatures.
The partial file read support is needed for request_firmware_into_buf
from drivers. The EXPORT_SYMBOL_GPL is being removed so that
there can be no abuse of the partial file read support. Such file
integrity checks are not needed for this use case. The partial file
(firmware image) is actually downloaded in portions and verified on the
device it is loaded to.
Regards,
Scott
next prev parent reply other threads:[~2020-05-13 18:53 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20200508002739.19360-1-scott.branden@broadcom.com>
[not found] ` <20200508002739.19360-2-scott.branden@broadcom.com>
2020-05-13 18:39 ` [PATCH v5 1/7] fs: introduce kernel_pread_file* support Mimi Zohar
2020-05-13 18:53 ` Scott Branden [this message]
2020-05-13 18:57 ` Scott Branden
2020-05-13 19:03 ` Mimi Zohar
2020-05-13 19:18 ` Scott Branden
2020-05-13 19:39 ` Mimi Zohar
2020-05-13 19:41 ` Scott Branden
2020-05-13 21:20 ` Mimi Zohar
2020-05-13 21:28 ` Luis Chamberlain
2020-05-13 22:12 ` Mimi Zohar
2020-05-13 22:48 ` Scott Branden
2020-05-13 23:00 ` Mimi Zohar
2020-05-13 23:34 ` Kees Cook
2020-05-13 23:58 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0e6b5f65-8c61-b02e-7d35-b4ae52aebcf3@broadcom.com \
--to=scott.branden@broadcom.com \
--cc=agross@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=arnd@arndb.de \
--cc=bcm-kernel-feedback-list@broadcom.com \
--cc=bjorn.andersson@linaro.org \
--cc=colin.king@canonical.com \
--cc=dan.carpenter@oracle.com \
--cc=david.brown@linaro.org \
--cc=gregkh@linuxfoundation.org \
--cc=keescook@chromium.org \
--cc=linux-arm-msm@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=olof@lixom.net \
--cc=rafael@kernel.org \
--cc=shuah@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=tiwai@suse.de \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).