lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-id: <53AC1E1E.8040903@samsung.com>
Date:	Thu, 26 Jun 2014 16:20:30 +0300
From:	Dmitry Kasatkin <d.kasatkin@...sung.com>
To:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc:	linux-ima-devel@...ts.sourceforge.net,
	linux-security-module@...r.kernel.org, viro@...iv.linux.org.uk,
	linux-kernel@...r.kernel.org, dmitry.kasatkin@...il.com
Subject: Re: [PATCH 1/1] ima: fix fallback to use new_sync_read()

On 26/06/14 15:49, Mimi Zohar wrote:
> On Tue, 2014-06-24 at 16:27 +0300, Dmitry Kasatkin wrote: 
>> 3.16 commit aad4f8bb42af06371aa0e85bf0cd9d52c0494985
>> 'switch simple generic_file_aio_read() users to ->read_iter()'
>> replaced ->aio_read with ->read_iter in most of the file systems
>> and introduced new_sync_read() as a replacement for do_sync_read().
>>
>> Most of file systems set '->read' and ima_kernel_read is not affected.
>> When ->read is not set, this patch adopts fallback call changes from the
>> vfs_read.
> So every time there are changes in vfs_read(), we're going to have to
> play catch up.  A better solution would be to refactor vfs_read() so
> that we could call it.
>
> Mimi

vfs_read was stable for decade.
And next will be the same.

I followed the same approach we took to have an own version.

Refactoring vfs_read is not the best approach as we have set_fs things
there.

I would prefer to have "kernel_read_nosec" function along with
kernel_read/vfs_read, so changes could be
made noticeably together..

- Dmitry


>
>> Signed-off-by: Dmitry Kasatkin <d.kasatkin@...sung.com>
>> ---
>>  security/integrity/ima/ima_crypto.c | 8 ++++----
>>  1 file changed, 4 insertions(+), 4 deletions(-)
>>
>> diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
>> index ccd0ac8..b126a78 100644
>> --- a/security/integrity/ima/ima_crypto.c
>> +++ b/security/integrity/ima/ima_crypto.c
>> @@ -40,19 +40,19 @@ static int ima_kernel_read(struct file *file, loff_t offset,
>>  {
>>  	mm_segment_t old_fs;
>>  	char __user *buf = addr;
>> -	ssize_t ret;
>> +	ssize_t ret = -EINVAL;
>>
>>  	if (!(file->f_mode & FMODE_READ))
>>  		return -EBADF;
>> -	if (!file->f_op->read && !file->f_op->aio_read)
>> -		return -EINVAL;
>>
>>  	old_fs = get_fs();
>>  	set_fs(get_ds());
>>  	if (file->f_op->read)
>>  		ret = file->f_op->read(file, buf, count, &offset);
>> -	else
>> +	else if (file->f_op->aio_read)
>>  		ret = do_sync_read(file, buf, count, &offset);
>> +	else if (file->f_op->read_iter)
>> +		ret = new_sync_read(file, buf, count, &offset);
>>  	set_fs(old_fs);
>>  	return ret;
>>  }
>
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ