linux/fs/kernel_read_file.c
Kees Cook 113eeb5177 fs/kernel_read_file: Switch buffer size arg to size_t
In preparation for further refactoring of kernel_read_file*(), rename
the "max_size" argument to the more accurate "buf_size", and correct
its type to size_t. Add kerndoc to explain the specifics of how the
arguments will be used. Note that with buf_size now size_t, it can no
longer be negative (and was never called with a negative value). Adjust
callers to use it as a "maximum size" when *buf is NULL.

Signed-off-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
Reviewed-by: James Morris <jamorris@linux.microsoft.com>
Acked-by: Scott Branden <scott.branden@broadcom.com>
Link: https://lore.kernel.org/r/20201002173828.2099543-7-keescook@chromium.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-10-05 13:34:19 +02:00

153 lines
3.1 KiB
C

// SPDX-License-Identifier: GPL-2.0-only
#include <linux/fs.h>
#include <linux/fs_struct.h>
#include <linux/kernel_read_file.h>
#include <linux/security.h>
#include <linux/vmalloc.h>
/**
* kernel_read_file() - read file contents into a kernel buffer
*
* @file file to read from
* @buf pointer to a "void *" buffer for reading into (if
* *@buf is NULL, a buffer will be allocated, and
* @buf_size will be ignored)
* @buf_size size of buf, if already allocated. If @buf not
* allocated, this is the largest size to allocate.
* @id the kernel_read_file_id identifying the type of
* file contents being read (for LSMs to examine)
*
* Returns number of bytes read (no single read will be bigger
* than INT_MAX), or negative on error.
*
*/
int kernel_read_file(struct file *file, void **buf,
size_t buf_size, enum kernel_read_file_id id)
{
loff_t i_size, pos;
ssize_t bytes = 0;
void *allocated = NULL;
int ret;
if (!S_ISREG(file_inode(file)->i_mode))
return -EINVAL;
ret = deny_write_access(file);
if (ret)
return ret;
ret = security_kernel_read_file(file, id);
if (ret)
goto out;
i_size = i_size_read(file_inode(file));
if (i_size <= 0) {
ret = -EINVAL;
goto out;
}
if (i_size > INT_MAX || i_size > buf_size) {
ret = -EFBIG;
goto out;
}
if (!*buf)
*buf = allocated = vmalloc(i_size);
if (!*buf) {
ret = -ENOMEM;
goto out;
}
pos = 0;
while (pos < i_size) {
bytes = kernel_read(file, *buf + pos, i_size - pos, &pos);
if (bytes < 0) {
ret = bytes;
goto out_free;
}
if (bytes == 0)
break;
}
if (pos != i_size) {
ret = -EIO;
goto out_free;
}
ret = security_kernel_post_read_file(file, *buf, i_size, id);
out_free:
if (ret < 0) {
if (allocated) {
vfree(*buf);
*buf = NULL;
}
}
out:
allow_write_access(file);
return ret == 0 ? pos : ret;
}
EXPORT_SYMBOL_GPL(kernel_read_file);
int kernel_read_file_from_path(const char *path, void **buf,
size_t buf_size, enum kernel_read_file_id id)
{
struct file *file;
int ret;
if (!path || !*path)
return -EINVAL;
file = filp_open(path, O_RDONLY, 0);
if (IS_ERR(file))
return PTR_ERR(file);
ret = kernel_read_file(file, buf, buf_size, id);
fput(file);
return ret;
}
EXPORT_SYMBOL_GPL(kernel_read_file_from_path);
int kernel_read_file_from_path_initns(const char *path, void **buf,
size_t buf_size,
enum kernel_read_file_id id)
{
struct file *file;
struct path root;
int ret;
if (!path || !*path)
return -EINVAL;
task_lock(&init_task);
get_fs_root(init_task.fs, &root);
task_unlock(&init_task);
file = file_open_root(root.dentry, root.mnt, path, O_RDONLY, 0);
path_put(&root);
if (IS_ERR(file))
return PTR_ERR(file);
ret = kernel_read_file(file, buf, buf_size, id);
fput(file);
return ret;
}
EXPORT_SYMBOL_GPL(kernel_read_file_from_path_initns);
int kernel_read_file_from_fd(int fd, void **buf, size_t buf_size,
enum kernel_read_file_id id)
{
struct fd f = fdget(fd);
int ret = -EBADF;
if (!f.file)
goto out;
ret = kernel_read_file(f.file, buf, buf_size, id);
out:
fdput(f);
return ret;
}
EXPORT_SYMBOL_GPL(kernel_read_file_from_fd);