[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-id: <53AC1FE2.50705@samsung.com>
Date: Thu, 26 Jun 2014 16:28:02 +0300
From: Dmitry Kasatkin <d.kasatkin@...sung.com>
To: Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc: linux-ima-devel@...ts.sourceforge.net,
linux-security-module@...r.kernel.org, viro@...iv.linux.org.uk,
linux-kernel@...r.kernel.org, dmitry.kasatkin@...il.com
Subject: Re: [PATCH 1/1] ima: fix fallback to use new_sync_read()
On 26/06/14 16:20, Dmitry Kasatkin wrote:
> On 26/06/14 15:49, Mimi Zohar wrote:
>> On Tue, 2014-06-24 at 16:27 +0300, Dmitry Kasatkin wrote:
>>> 3.16 commit aad4f8bb42af06371aa0e85bf0cd9d52c0494985
>>> 'switch simple generic_file_aio_read() users to ->read_iter()'
>>> replaced ->aio_read with ->read_iter in most of the file systems
>>> and introduced new_sync_read() as a replacement for do_sync_read().
>>>
>>> Most of file systems set '->read' and ima_kernel_read is not affected.
>>> When ->read is not set, this patch adopts fallback call changes from the
>>> vfs_read.
>> So every time there are changes in vfs_read(), we're going to have to
>> play catch up. A better solution would be to refactor vfs_read() so
>> that we could call it.
>>
>> Mimi
> vfs_read was stable for decade.
> And next will be the same.
>
> I followed the same approach we took to have an own version.
>
> Refactoring vfs_read is not the best approach as we have set_fs things
> there.
>
> I would prefer to have "kernel_read_nosec" function along with
> kernel_read/vfs_read, so changes could be
> made noticeably together..
Another thing is that we do not increment system counters.
That is may be not what public "__kernel_read" want to do...
- Dmitry
> - Dmitry
>
>
>>> Signed-off-by: Dmitry Kasatkin <d.kasatkin@...sung.com>
>>> ---
>>> security/integrity/ima/ima_crypto.c | 8 ++++----
>>> 1 file changed, 4 insertions(+), 4 deletions(-)
>>>
>>> diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
>>> index ccd0ac8..b126a78 100644
>>> --- a/security/integrity/ima/ima_crypto.c
>>> +++ b/security/integrity/ima/ima_crypto.c
>>> @@ -40,19 +40,19 @@ static int ima_kernel_read(struct file *file, loff_t offset,
>>> {
>>> mm_segment_t old_fs;
>>> char __user *buf = addr;
>>> - ssize_t ret;
>>> + ssize_t ret = -EINVAL;
>>>
>>> if (!(file->f_mode & FMODE_READ))
>>> return -EBADF;
>>> - if (!file->f_op->read && !file->f_op->aio_read)
>>> - return -EINVAL;
>>>
>>> old_fs = get_fs();
>>> set_fs(get_ds());
>>> if (file->f_op->read)
>>> ret = file->f_op->read(file, buf, count, &offset);
>>> - else
>>> + else if (file->f_op->aio_read)
>>> ret = do_sync_read(file, buf, count, &offset);
>>> + else if (file->f_op->read_iter)
>>> + ret = new_sync_read(file, buf, count, &offset);
>>> set_fs(old_fs);
>>> return ret;
>>> }
>>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists