lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240411153126.16201-94-axboe@kernel.dk>
Date: Thu, 11 Apr 2024 09:13:53 -0600
From: Jens Axboe <axboe@...nel.dk>
To: linux-kernel@...r.kernel.org
Cc: Jens Axboe <axboe@...nel.dk>
Subject: [PATCH 093/437] integrity: convert to read/write iterators

Signed-off-by: Jens Axboe <axboe@...nel.dk>
---
 security/integrity/evm/evm_secfs.c | 60 +++++++++++++-----------------
 security/integrity/ima/ima_fs.c    | 41 ++++++++++----------
 2 files changed, 44 insertions(+), 57 deletions(-)

diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index 9b907c2fee60..2ff3b5d04eae 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -29,50 +29,45 @@ static int evm_xattrs_locked;
 /**
  * evm_read_key - read() for <securityfs>/evm
  *
- * @filp: file pointer, not actually used
- * @buf: where to put the result
- * @count: maximum to send along
- * @ppos: where to start
+ * @iocb: metadata for IO
+ * @to: where to put the result
  *
  * Returns number of bytes read or error code, as appropriate
  */
-static ssize_t evm_read_key(struct file *filp, char __user *buf,
-			    size_t count, loff_t *ppos)
+static ssize_t evm_read_key(struct kiocb *iocb, struct iov_iter *to)
 {
 	char temp[80];
 	ssize_t rc;
 
-	if (*ppos != 0)
+	if (iocb->ki_pos != 0)
 		return 0;
 
 	sprintf(temp, "%d", (evm_initialized & ~EVM_SETUP_COMPLETE));
-	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
+	rc = simple_copy_to_iter(temp, &iocb->ki_pos, strlen(temp), to);
 
 	return rc;
 }
 
 /**
  * evm_write_key - write() for <securityfs>/evm
- * @file: file pointer, not actually used
- * @buf: where to get the data from
- * @count: bytes sent
- * @ppos: where to start
+ * @iocb: metadata for IO
+ * @from: where to get the data from
  *
  * Used to signal that key is on the kernel key ring.
  * - get the integrity hmac key from the kernel key ring
  * - create list of hmac protected extended attributes
  * Returns number of bytes written or error code, as appropriate
  */
-static ssize_t evm_write_key(struct file *file, const char __user *buf,
-			     size_t count, loff_t *ppos)
+static ssize_t evm_write_key(struct kiocb *iocb, struct iov_iter *from)
 {
+	size_t count = iov_iter_count(from);
 	unsigned int i;
 	int ret;
 
 	if (!capable(CAP_SYS_ADMIN) || (evm_initialized & EVM_SETUP_COMPLETE))
 		return -EPERM;
 
-	ret = kstrtouint_from_user(buf, count, 0, &i);
+	ret = kstrtouint_from_iter(from, count, 0, &i);
 
 	if (ret)
 		return ret;
@@ -109,30 +104,27 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf,
 }
 
 static const struct file_operations evm_key_ops = {
-	.read		= evm_read_key,
-	.write		= evm_write_key,
+	.read_iter	= evm_read_key,
+	.write_iter	= evm_write_key,
 };
 
 #ifdef CONFIG_EVM_ADD_XATTRS
 /**
  * evm_read_xattrs - read() for <securityfs>/evm_xattrs
  *
- * @filp: file pointer, not actually used
- * @buf: where to put the result
- * @count: maximum to send along
- * @ppos: where to start
+ * @iocb: metadata for IO
+ * @to: where to put the result
  *
  * Returns number of bytes read or error code, as appropriate
  */
-static ssize_t evm_read_xattrs(struct file *filp, char __user *buf,
-			       size_t count, loff_t *ppos)
+static ssize_t evm_read_xattrs(struct kiocb *iocb, struct iov_iter *to)
 {
 	char *temp;
 	int offset = 0;
 	ssize_t rc, size = 0;
 	struct xattr_list *xattr;
 
-	if (*ppos != 0)
+	if (iocb->ki_pos != 0)
 		return 0;
 
 	rc = mutex_lock_interruptible(&xattr_list_mutex);
@@ -161,7 +153,7 @@ static ssize_t evm_read_xattrs(struct file *filp, char __user *buf,
 	}
 
 	mutex_unlock(&xattr_list_mutex);
-	rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
+	rc = simple_copy_to_iter(temp, &iocb->ki_pos, strlen(temp), to);
 
 	kfree(temp);
 
@@ -170,26 +162,24 @@ static ssize_t evm_read_xattrs(struct file *filp, char __user *buf,
 
 /**
  * evm_write_xattrs - write() for <securityfs>/evm_xattrs
- * @file: file pointer, not actually used
- * @buf: where to get the data from
- * @count: bytes sent
- * @ppos: where to start
+ * @iocb: metadata for IO
+ * @from: where to get the data from
  *
  * Returns number of bytes written or error code, as appropriate
  */
-static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
-				size_t count, loff_t *ppos)
+static ssize_t evm_write_xattrs(struct kiocb *iocb, struct iov_iter *from)
 {
 	int len, err;
 	struct xattr_list *xattr, *tmp;
 	struct audit_buffer *ab;
 	struct iattr newattrs;
 	struct inode *inode;
+	size_t count = iov_iter_count(from);
 
 	if (!capable(CAP_SYS_ADMIN) || evm_xattrs_locked)
 		return -EPERM;
 
-	if (*ppos != 0)
+	if (iocb->ki_pos != 0)
 		return -EINVAL;
 
 	if (count > XATTR_NAME_MAX)
@@ -207,7 +197,7 @@ static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
 	}
 
 	xattr->enabled = true;
-	xattr->name = memdup_user_nul(buf, count);
+	xattr->name = iterdup_nul(from, count);
 	if (IS_ERR(xattr->name)) {
 		err = PTR_ERR(xattr->name);
 		xattr->name = NULL;
@@ -278,8 +268,8 @@ static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
 }
 
 static const struct file_operations evm_xattr_ops = {
-	.read		= evm_read_xattrs,
-	.write		= evm_write_xattrs,
+	.read_iter	= evm_read_xattrs,
+	.write_iter	= evm_write_xattrs,
 };
 
 static int evm_init_xattrs(void)
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index cd1683dad3bf..e33896afec46 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -38,38 +38,35 @@ __setup("ima_canonical_fmt", default_canonical_fmt_setup);
 
 static int valid_policy = 1;
 
-static ssize_t ima_show_htable_value(char __user *buf, size_t count,
-				     loff_t *ppos, atomic_long_t *val)
+static ssize_t ima_show_htable_value(struct kiocb *iocb, struct iov_iter *to,
+				     atomic_long_t *val)
 {
 	char tmpbuf[32];	/* greater than largest 'long' string value */
 	ssize_t len;
 
 	len = scnprintf(tmpbuf, sizeof(tmpbuf), "%li\n", atomic_long_read(val));
-	return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
+	return simple_copy_to_iter(tmpbuf, &iocb->ki_pos, len, to);
 }
 
-static ssize_t ima_show_htable_violations(struct file *filp,
-					  char __user *buf,
-					  size_t count, loff_t *ppos)
+static ssize_t ima_show_htable_violations(struct kiocb *iocb,
+					  struct iov_iter *to)
 {
-	return ima_show_htable_value(buf, count, ppos, &ima_htable.violations);
+	return ima_show_htable_value(iocb, to, &ima_htable.violations);
 }
 
 static const struct file_operations ima_htable_violations_ops = {
-	.read = ima_show_htable_violations,
+	.read_iter = ima_show_htable_violations,
 	.llseek = generic_file_llseek,
 };
 
-static ssize_t ima_show_measurements_count(struct file *filp,
-					   char __user *buf,
-					   size_t count, loff_t *ppos)
+static ssize_t ima_show_measurements_count(struct kiocb *iocb,
+					   struct iov_iter *to)
 {
-	return ima_show_htable_value(buf, count, ppos, &ima_htable.len);
-
+	return ima_show_htable_value(iocb, to, &ima_htable.len);
 }
 
 static const struct file_operations ima_measurements_count_ops = {
-	.read = ima_show_measurements_count,
+	.read_iter = ima_show_measurements_count,
 	.llseek = generic_file_llseek,
 };
 
@@ -200,7 +197,7 @@ static int ima_measurements_open(struct inode *inode, struct file *file)
 
 static const struct file_operations ima_measurements_ops = {
 	.open = ima_measurements_open,
-	.read = seq_read,
+	.read_iter = seq_read_iter,
 	.llseek = seq_lseek,
 	.release = seq_release,
 };
@@ -266,7 +263,7 @@ static int ima_ascii_measurements_open(struct inode *inode, struct file *file)
 
 static const struct file_operations ima_ascii_measurements_ops = {
 	.open = ima_ascii_measurements_open,
-	.read = seq_read,
+	.read_iter = seq_read_iter,
 	.llseek = seq_lseek,
 	.release = seq_release,
 };
@@ -311,9 +308,9 @@ static ssize_t ima_read_policy(char *path)
 		return pathlen;
 }
 
-static ssize_t ima_write_policy(struct file *file, const char __user *buf,
-				size_t datalen, loff_t *ppos)
+static ssize_t ima_write_policy(struct kiocb *iocb, struct iov_iter *from)
 {
+	size_t datalen = iov_iter_count(from);
 	char *data;
 	ssize_t result;
 
@@ -322,10 +319,10 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf,
 
 	/* No partial writes. */
 	result = -EINVAL;
-	if (*ppos != 0)
+	if (iocb->ki_pos != 0)
 		goto out;
 
-	data = memdup_user_nul(buf, datalen);
+	data = iterdup_nul(from, datalen);
 	if (IS_ERR(data)) {
 		result = PTR_ERR(data);
 		goto out;
@@ -444,8 +441,8 @@ static int ima_release_policy(struct inode *inode, struct file *file)
 
 static const struct file_operations ima_measure_policy_ops = {
 	.open = ima_open_policy,
-	.write = ima_write_policy,
-	.read = seq_read,
+	.write_iter = ima_write_policy,
+	.read_iter = seq_read_iter,
 	.release = ima_release_policy,
 	.llseek = generic_file_llseek,
 };
-- 
2.43.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ