Google Git
Sign in
kernel/pub/scm/linux/kernel/git/jmorris/linux-security/refs/heads/next^!/.
commit
10e3781dda776f9bccb8aab31daa251dc149dd00
[log] [tgz]
author
James Morris <james.l.morris@oracle.com>
Sat Sep 09 19:10:44 2017 -0700
committer
James Morris <james.l.morris@oracle.com>
Sat Sep 09 19:10:44 2017 -0700
tree
61e1a97209730fb2ab27ccc3546c3864e147dbb1
parent
9d927f7bac9ec9b3a9500b393901b88cd140b111 [diff]
Revert "ima: use fs method to read integrity data"

This reverts commit d6cca80c54f826c410d237b2feee458356d72c3d.

This patch is broken and needs to be reworked, per report
from Linus.  Reverting this will restore existing behavior
where xfs locks up with IMA.

Signed-off-by: James Morris <james.l.morris@oracle.com>

diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index 2542dc6..9e75d8a 100644
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c

@@ -3125,7 +3125,6 @@ const struct file_operations btrfs_file_operations = {
 #endif
 	.clone_file_range = btrfs_clone_file_range,
 	.dedupe_file_range = btrfs_dedupe_file_range,
-	.integrity_read = generic_file_read_iter,
 };
 
 void btrfs_auto_defrag_exit(void)

diff --git a/fs/efivarfs/file.c b/fs/efivarfs/file.c
index 17955a9..863f1b1 100644
--- a/fs/efivarfs/file.c
+++ b/fs/efivarfs/file.c

@@ -179,5 +179,4 @@ const struct file_operations efivarfs_file_operations = {
 	.write	= efivarfs_file_write,
 	.llseek	= no_llseek,
 	.unlocked_ioctl = efivarfs_file_ioctl,
-	.integrity_read	= efivarfs_file_read_iter,
 };

diff --git a/fs/ext2/file.c b/fs/ext2/file.c
index 111069d..d34d32b 100644
--- a/fs/ext2/file.c
+++ b/fs/ext2/file.c

@@ -192,22 +192,6 @@ static ssize_t ext2_file_read_iter(struct kiocb *iocb, struct iov_iter *to)
 	return generic_file_read_iter(iocb, to);
 }
 
-static ssize_t ext2_file_integrity_read_iter(struct kiocb *iocb,
-					     struct iov_iter *to)
-{
-	struct inode *inode = file_inode(iocb->ki_filp);
-
-	lockdep_assert_held(&inode->i_rwsem);
-#ifdef CONFIG_FS_DAX
-	if (!iov_iter_count(to))
-		return 0; /* skip atime */
-
-	if (IS_DAX(iocb->ki_filp->f_mapping->host))
-		return dax_iomap_rw(iocb, to, &ext2_iomap_ops);
-#endif
-	return generic_file_read_iter(iocb, to);
-}
-
 static ssize_t ext2_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
 {
 #ifdef CONFIG_FS_DAX
@@ -232,7 +216,6 @@ const struct file_operations ext2_file_operations = {
 	.get_unmapped_area = thp_get_unmapped_area,
 	.splice_read	= generic_file_splice_read,
 	.splice_write	= iter_file_splice_write,
-	.integrity_read	= ext2_file_integrity_read_iter,
 };
 
 const struct inode_operations ext2_file_inode_operations = {

diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index 3ab4105..58294c9 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c

@@ -74,25 +74,6 @@ static ssize_t ext4_file_read_iter(struct kiocb *iocb, struct iov_iter *to)
 	return generic_file_read_iter(iocb, to);
 }
 
-static ssize_t ext4_file_integrity_read_iter(struct kiocb *iocb,
-					     struct iov_iter *to)
-{
-	struct inode *inode = file_inode(iocb->ki_filp);
-
-	lockdep_assert_held(&inode->i_rwsem);
-	if (unlikely(ext4_forced_shutdown(EXT4_SB(inode->i_sb))))
-		return -EIO;
-
-	if (!iov_iter_count(to))
-		return 0; /* skip atime */
-
-#ifdef CONFIG_FS_DAX
-	if (IS_DAX(inode))
-		return dax_iomap_rw(iocb, to, &ext4_iomap_ops);
-#endif
-	return generic_file_read_iter(iocb, to);
-}
-
 /*
  * Called when an inode is released. Note that this is different
  * from ext4_file_open: open gets called at every open, but release
@@ -766,7 +747,6 @@ const struct file_operations ext4_file_operations = {
 	.splice_read	= generic_file_splice_read,
 	.splice_write	= iter_file_splice_write,
 	.fallocate	= ext4_fallocate,
-	.integrity_read	= ext4_file_integrity_read_iter,
 };
 
 const struct inode_operations ext4_file_inode_operations = {

diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 82ea81d..2706130 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c

@@ -2514,5 +2514,4 @@ const struct file_operations f2fs_file_operations = {
 #endif
 	.splice_read	= generic_file_splice_read,
 	.splice_write	= iter_file_splice_write,
-	.integrity_read	= generic_file_read_iter,
 };

diff --git a/fs/jffs2/file.c b/fs/jffs2/file.c
index 5a63034..c12476e 100644
--- a/fs/jffs2/file.c
+++ b/fs/jffs2/file.c

@@ -57,7 +57,6 @@ const struct file_operations jffs2_file_operations =
 	.mmap =		generic_file_readonly_mmap,
 	.fsync =	jffs2_fsync,
 	.splice_read =	generic_file_splice_read,
-	.integrity_read = generic_file_read_iter,
 };
 
 /* jffs2_file_inode_operations */

diff --git a/fs/jfs/file.c b/fs/jfs/file.c
index 423512a..739492c 100644
--- a/fs/jfs/file.c
+++ b/fs/jfs/file.c

@@ -162,5 +162,4 @@ const struct file_operations jfs_file_operations = {
 #ifdef CONFIG_COMPAT
 	.compat_ioctl	= jfs_compat_ioctl,
 #endif
-	.integrity_read	= generic_file_read_iter,
 };

diff --git a/fs/nilfs2/file.c b/fs/nilfs2/file.c
index 55e058a..c5fa3de 100644
--- a/fs/nilfs2/file.c
+++ b/fs/nilfs2/file.c

@@ -150,7 +150,6 @@ const struct file_operations nilfs_file_operations = {
 	/* .release	= nilfs_release_file, */
 	.fsync		= nilfs_sync_file,
 	.splice_read	= generic_file_splice_read,
-	.integrity_read	= generic_file_read_iter,
 };
 
 const struct inode_operations nilfs_file_inode_operations = {

diff --git a/fs/ramfs/file-mmu.c b/fs/ramfs/file-mmu.c
index 4f24d1b..12af049 100644
--- a/fs/ramfs/file-mmu.c
+++ b/fs/ramfs/file-mmu.c

@@ -47,7 +47,6 @@ const struct file_operations ramfs_file_operations = {
 	.splice_write	= iter_file_splice_write,
 	.llseek		= generic_file_llseek,
 	.get_unmapped_area	= ramfs_mmu_get_unmapped_area,
-	.integrity_read	= generic_file_read_iter,
 };
 
 const struct inode_operations ramfs_file_inode_operations = {

diff --git a/fs/ramfs/file-nommu.c b/fs/ramfs/file-nommu.c
index 5ee704f..2ef7ce7 100644
--- a/fs/ramfs/file-nommu.c
+++ b/fs/ramfs/file-nommu.c

@@ -50,7 +50,6 @@ const struct file_operations ramfs_file_operations = {
 	.splice_read		= generic_file_splice_read,
 	.splice_write		= iter_file_splice_write,
 	.llseek			= generic_file_llseek,
-	.integrity_read		= generic_file_read_iter,
 };
 
 const struct inode_operations ramfs_file_inode_operations = {

diff --git a/fs/ubifs/file.c b/fs/ubifs/file.c
index 5e52a31..8cad0b1 100644
--- a/fs/ubifs/file.c
+++ b/fs/ubifs/file.c

@@ -1747,5 +1747,4 @@ const struct file_operations ubifs_file_operations = {
 #ifdef CONFIG_COMPAT
 	.compat_ioctl   = ubifs_compat_ioctl,
 #endif
-	.integrity_read = generic_file_read_iter,
 };

diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
index 0a6704b..c4893e2 100644
--- a/fs/xfs/xfs_file.c
+++ b/fs/xfs/xfs_file.c

@@ -292,26 +292,6 @@ xfs_file_read_iter(
 	return ret;
 }
 
-static ssize_t
-xfs_integrity_read(
-	struct kiocb		*iocb,
-	struct iov_iter		*to)
-{
-	struct inode		*inode = file_inode(iocb->ki_filp);
-	struct xfs_mount	*mp = XFS_I(inode)->i_mount;
-
-	lockdep_assert_held(&inode->i_rwsem);
-
-	XFS_STATS_INC(mp, xs_read_calls);
-
-	if (XFS_FORCED_SHUTDOWN(mp))
-		return -EIO;
-
-	if (IS_DAX(inode))
-		return dax_iomap_rw(iocb, to, &xfs_iomap_ops);
-	return generic_file_read_iter(iocb, to);
-}
-
 /*
  * Zero any on disk space between the current EOF and the new, larger EOF.
  *
@@ -1195,7 +1175,6 @@ const struct file_operations xfs_file_operations = {
 	.fallocate	= xfs_file_fallocate,
 	.clone_file_range = xfs_file_clone_range,
 	.dedupe_file_range = xfs_file_dedupe_range,
-	.integrity_read	= xfs_integrity_read,
 };
 
 const struct file_operations xfs_dir_file_operations = {

diff --git a/include/linux/fs.h b/include/linux/fs.h
index 8d0d10e..fdec9b7 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h

@@ -1699,7 +1699,6 @@ struct file_operations {
 			u64);
 	ssize_t (*dedupe_file_range)(struct file *, u64, u64, struct file *,
 			u64);
-	ssize_t (*integrity_read)(struct kiocb *, struct iov_iter *);
 } __randomize_layout;
 
 struct inode_operations {

diff --git a/mm/shmem.c b/mm/shmem.c
index 805d990..b0aa607 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c

@@ -3849,7 +3849,6 @@ static const struct file_operations shmem_file_operations = {
 	.splice_read	= generic_file_splice_read,
 	.splice_write	= iter_file_splice_write,
 	.fallocate	= shmem_fallocate,
-	.integrity_read	= shmem_file_read_iter,
 #endif
 };
 

diff --git a/security/integrity/iint.c b/security/integrity/iint.c
index df04f35..6fc888c 100644
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c

@@ -21,7 +21,6 @@
 #include <linux/rbtree.h>
 #include <linux/file.h>
 #include <linux/uaccess.h>
-#include <linux/uio.h>
 #include "integrity.h"
 
 static struct rb_root integrity_iint_tree = RB_ROOT;
@@ -185,25 +184,18 @@ security_initcall(integrity_iintcache_init);
 int integrity_kernel_read(struct file *file, loff_t offset,
 			  void *addr, unsigned long count)
 {
-	struct inode *inode = file_inode(file);
-	struct kvec iov = { .iov_base = addr, .iov_len = count };
-	struct kiocb kiocb;
-	struct iov_iter iter;
+	mm_segment_t old_fs;
+	char __user *buf = (char __user *)addr;
 	ssize_t ret;
 
-	lockdep_assert_held(&inode->i_rwsem);
-
 	if (!(file->f_mode & FMODE_READ))
 		return -EBADF;
-	if (!file->f_op->integrity_read)
-		return -EBADF;
 
-	init_sync_kiocb(&kiocb, file);
-	kiocb.ki_pos = offset;
-	iov_iter_kvec(&iter, READ | ITER_KVEC, &iov, 1, count);
+	old_fs = get_fs();
+	set_fs(get_ds());
+	ret = __vfs_read(file, buf, count, &offset);
+	set_fs(old_fs);
 
-	ret = file->f_op->integrity_read(&kiocb, &iter);
-	BUG_ON(ret == -EIOCBQUEUED);
 	return ret;
 }