Commit 113eeb51 authored by Kees Cook's avatar Kees Cook Committed by Greg Kroah-Hartman
Browse files

fs/kernel_read_file: Switch buffer size arg to size_t 



In preparation for further refactoring of kernel_read_file*(), rename
the "max_size" argument to the more accurate "buf_size", and correct
its type to size_t. Add kerndoc to explain the specifics of how the
arguments will be used. Note that with buf_size now size_t, it can no
longer be negative (and was never called with a negative value). Adjust
callers to use it as a "maximum size" when *buf is NULL.

Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarMimi Zohar <zohar@linux.ibm.com>
Reviewed-by: default avatarLuis Chamberlain <mcgrof@kernel.org>
Reviewed-by: default avatarJames Morris <jamorris@linux.microsoft.com>
Acked-by: default avatarScott Branden <scott.branden@broadcom.com>
Link: https://lore.kernel.org/r/20201002173828.2099543-7-keescook@chromium.org


Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent f7a4f689

fs/kernel_read_file.c

+25 −9
Original line number Diff line number Diff line
@@ -5,15 +5,31 @@ 
#include <linux/security.h>

#include <linux/vmalloc.h>



/**

 * kernel_read_file() - read file contents into a kernel buffer

 *

 * @file	file to read from

 * @buf		pointer to a "void *" buffer for reading into (if

 *		*@buf is NULL, a buffer will be allocated, and

 *		@buf_size will be ignored)

 * @buf_size	size of buf, if already allocated. If @buf not

 *		allocated, this is the largest size to allocate.

 * @id		the kernel_read_file_id identifying the type of

 *		file contents being read (for LSMs to examine)

 *

 * Returns number of bytes read (no single read will be bigger

 * than INT_MAX), or negative on error.

 *

 */

int kernel_read_file(struct file *file, void **buf,

		     loff_t max_size, enum kernel_read_file_id id)

		     size_t buf_size, enum kernel_read_file_id id)

{

	loff_t i_size, pos;

	ssize_t bytes = 0;

	void *allocated = NULL;

	int ret;



	if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0)

	if (!S_ISREG(file_inode(file)->i_mode))

		return -EINVAL;



	ret = deny_write_access(file);
@@ -29,7 +45,7 @@ int kernel_read_file(struct file *file, void **buf, 
		ret = -EINVAL;

		goto out;

	}

	if (i_size > INT_MAX || (max_size > 0 && i_size > max_size)) {

	if (i_size > INT_MAX || i_size > buf_size) {

		ret = -EFBIG;

		goto out;

	}
@@ -75,7 +91,7 @@ out: 
EXPORT_SYMBOL_GPL(kernel_read_file);



int kernel_read_file_from_path(const char *path, void **buf,

			       loff_t max_size, enum kernel_read_file_id id)

			       size_t buf_size, enum kernel_read_file_id id)

{

	struct file *file;

	int ret;
@@ -87,14 +103,14 @@ int kernel_read_file_from_path(const char *path, void **buf, 
	if (IS_ERR(file))

		return PTR_ERR(file);



	ret = kernel_read_file(file, buf, max_size, id);

	ret = kernel_read_file(file, buf, buf_size, id);

	fput(file);

	return ret;

}

EXPORT_SYMBOL_GPL(kernel_read_file_from_path);



int kernel_read_file_from_path_initns(const char *path, void **buf,

				      loff_t max_size,

				      size_t buf_size,

				      enum kernel_read_file_id id)

{

	struct file *file;
@@ -113,13 +129,13 @@ int kernel_read_file_from_path_initns(const char *path, void **buf, 
	if (IS_ERR(file))

		return PTR_ERR(file);



	ret = kernel_read_file(file, buf, max_size, id);

	ret = kernel_read_file(file, buf, buf_size, id);

	fput(file);

	return ret;

}

EXPORT_SYMBOL_GPL(kernel_read_file_from_path_initns);



int kernel_read_file_from_fd(int fd, void **buf, loff_t max_size,

int kernel_read_file_from_fd(int fd, void **buf, size_t buf_size,

			     enum kernel_read_file_id id)

{

	struct fd f = fdget(fd);
@@ -128,7 +144,7 @@ int kernel_read_file_from_fd(int fd, void **buf, loff_t max_size, 
	if (!f.file)

		goto out;



	ret = kernel_read_file(f.file, buf, max_size, id);

	ret = kernel_read_file(f.file, buf, buf_size, id);

out:

	fdput(f);

	return ret;

include/linux/kernel_read_file.h

+4 −4
Original line number Diff line number Diff line
@@ -36,16 +36,16 @@ static inline const char *kernel_read_file_id_str(enum kernel_read_file_id id) 
}



int kernel_read_file(struct file *file,

		     void **buf, loff_t max_size,

		     void **buf, size_t buf_size,

		     enum kernel_read_file_id id);

int kernel_read_file_from_path(const char *path,

			       void **buf, loff_t max_size,

			       void **buf, size_t buf_size,

			       enum kernel_read_file_id id);

int kernel_read_file_from_path_initns(const char *path,

				      void **buf, loff_t max_size,

				      void **buf, size_t buf_size,

				      enum kernel_read_file_id id);

int kernel_read_file_from_fd(int fd,

			     void **buf, loff_t max_size,

			     void **buf, size_t buf_size,

			     enum kernel_read_file_id id);



#endif /* _LINUX_KERNEL_READ_FILE_H */

security/integrity/digsig.c

+1 −1
Original line number Diff line number Diff line
@@ -175,7 +175,7 @@ int __init integrity_load_x509(const unsigned int id, const char *path) 
	int rc;

	key_perm_t perm;



	rc = kernel_read_file_from_path(path, &data, 0,

	rc = kernel_read_file_from_path(path, &data, INT_MAX,

					READING_X509_CERTIFICATE);

	if (rc < 0) {

		pr_err("Unable to open file: %s (%d)", path, rc);

security/integrity/ima/ima_fs.c

+1 −1
Original line number Diff line number Diff line
@@ -284,7 +284,7 @@ static ssize_t ima_read_policy(char *path) 
	datap = path;

	strsep(&datap, "\n");



	rc = kernel_read_file_from_path(path, &data, 0, READING_POLICY);

	rc = kernel_read_file_from_path(path, &data, INT_MAX, READING_POLICY);

	if (rc < 0) {

		pr_err("Unable to open file: %s (%d)", path, rc);

		return rc;

CRA Git | Maintained and supported by SUSTech CRA and CCSE