fs: don't allow kernel reads and writes without iter ops
Don't allow calling ->read or ->write with set_fs as a preparation for killing off set_fs. All the instances that we use kernel_read/write on are using the iter ops already. If a file has both the regular ->read/->write methods and the iter variants those could have different semantics for messed up enough drivers. Also fails the kernel access to them in that case. Signed-off-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Родитель
4bd6a7353e
Коммит
4d03e3cc59
|
@ -419,27 +419,41 @@ static ssize_t new_sync_read(struct file *filp, char __user *buf, size_t len, lo
|
|||
return ret;
|
||||
}
|
||||
|
||||
static int warn_unsupported(struct file *file, const char *op)
|
||||
{
|
||||
pr_warn_ratelimited(
|
||||
"kernel %s not supported for file %pD4 (pid: %d comm: %.20s)\n",
|
||||
op, file, current->pid, current->comm);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
ssize_t __kernel_read(struct file *file, void *buf, size_t count, loff_t *pos)
|
||||
{
|
||||
mm_segment_t old_fs = get_fs();
|
||||
struct kvec iov = {
|
||||
.iov_base = buf,
|
||||
.iov_len = min_t(size_t, count, MAX_RW_COUNT),
|
||||
};
|
||||
struct kiocb kiocb;
|
||||
struct iov_iter iter;
|
||||
ssize_t ret;
|
||||
|
||||
if (WARN_ON_ONCE(!(file->f_mode & FMODE_READ)))
|
||||
return -EINVAL;
|
||||
if (!(file->f_mode & FMODE_CAN_READ))
|
||||
return -EINVAL;
|
||||
/*
|
||||
* Also fail if ->read_iter and ->read are both wired up as that
|
||||
* implies very convoluted semantics.
|
||||
*/
|
||||
if (unlikely(!file->f_op->read_iter || file->f_op->read))
|
||||
return warn_unsupported(file, "read");
|
||||
|
||||
if (count > MAX_RW_COUNT)
|
||||
count = MAX_RW_COUNT;
|
||||
set_fs(KERNEL_DS);
|
||||
if (file->f_op->read)
|
||||
ret = file->f_op->read(file, (void __user *)buf, count, pos);
|
||||
else if (file->f_op->read_iter)
|
||||
ret = new_sync_read(file, (void __user *)buf, count, pos);
|
||||
else
|
||||
ret = -EINVAL;
|
||||
set_fs(old_fs);
|
||||
init_sync_kiocb(&kiocb, file);
|
||||
kiocb.ki_pos = *pos;
|
||||
iov_iter_kvec(&iter, READ, &iov, 1, iov.iov_len);
|
||||
ret = file->f_op->read_iter(&kiocb, &iter);
|
||||
if (ret > 0) {
|
||||
*pos = kiocb.ki_pos;
|
||||
fsnotify_access(file);
|
||||
add_rchar(current, ret);
|
||||
}
|
||||
|
@ -510,28 +524,31 @@ static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t
|
|||
/* caller is responsible for file_start_write/file_end_write */
|
||||
ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos)
|
||||
{
|
||||
mm_segment_t old_fs;
|
||||
const char __user *p;
|
||||
struct kvec iov = {
|
||||
.iov_base = (void *)buf,
|
||||
.iov_len = min_t(size_t, count, MAX_RW_COUNT),
|
||||
};
|
||||
struct kiocb kiocb;
|
||||
struct iov_iter iter;
|
||||
ssize_t ret;
|
||||
|
||||
if (WARN_ON_ONCE(!(file->f_mode & FMODE_WRITE)))
|
||||
return -EBADF;
|
||||
if (!(file->f_mode & FMODE_CAN_WRITE))
|
||||
return -EINVAL;
|
||||
/*
|
||||
* Also fail if ->write_iter and ->write are both wired up as that
|
||||
* implies very convoluted semantics.
|
||||
*/
|
||||
if (unlikely(!file->f_op->write_iter || file->f_op->write))
|
||||
return warn_unsupported(file, "write");
|
||||
|
||||
old_fs = get_fs();
|
||||
set_fs(KERNEL_DS);
|
||||
p = (__force const char __user *)buf;
|
||||
if (count > MAX_RW_COUNT)
|
||||
count = MAX_RW_COUNT;
|
||||
if (file->f_op->write)
|
||||
ret = file->f_op->write(file, p, count, pos);
|
||||
else if (file->f_op->write_iter)
|
||||
ret = new_sync_write(file, p, count, pos);
|
||||
else
|
||||
ret = -EINVAL;
|
||||
set_fs(old_fs);
|
||||
init_sync_kiocb(&kiocb, file);
|
||||
kiocb.ki_pos = *pos;
|
||||
iov_iter_kvec(&iter, WRITE, &iov, 1, iov.iov_len);
|
||||
ret = file->f_op->write_iter(&kiocb, &iter);
|
||||
if (ret > 0) {
|
||||
*pos = kiocb.ki_pos;
|
||||
fsnotify_modify(file);
|
||||
add_wchar(current, ret);
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче