summaryrefslogtreecommitdiff
path: root/security/integrity
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2020-10-02 20:38:25 +0300
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2020-10-05 14:37:04 +0300
commit0fa8e084648779eeb8929ae004301b3acf3bad84 (patch)
treeebfed647c8f2a43a0967ba127c7e75df36909cba /security/integrity
parent34736daeecd1608bee21e3bf5170cd4c95143109 (diff)
downloadlinux-0fa8e084648779eeb8929ae004301b3acf3bad84.tar.xz
fs/kernel_file_read: Add "offset" arg for partial reads
To perform partial reads, callers of kernel_read_file*() must have a non-NULL file_size argument and a preallocated buffer. The new "offset" argument can then be used to seek to specific locations in the file to fill the buffer to, at most, "buf_size" per call. Where possible, the LSM hooks can report whether a full file has been read or not so that the contents can be reasoned about. Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20201002173828.2099543-14-keescook@chromium.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security/integrity')
-rw-r--r--security/integrity/digsig.c2
-rw-r--r--security/integrity/ima/ima_fs.c3
2 files changed, 3 insertions, 2 deletions
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 8a523dfd7fd7..0f518dcfde05 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -175,7 +175,7 @@ int __init integrity_load_x509(const unsigned int id, const char *path)
int rc;
key_perm_t perm;
- rc = kernel_read_file_from_path(path, &data, INT_MAX, NULL,
+ rc = kernel_read_file_from_path(path, 0, &data, INT_MAX, NULL,
READING_X509_CERTIFICATE);
if (rc < 0) {
pr_err("Unable to open file: %s (%d)", path, rc);
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 5fc56ccb6678..ea8ff8a07b36 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -284,7 +284,8 @@ static ssize_t ima_read_policy(char *path)
datap = path;
strsep(&datap, "\n");
- rc = kernel_read_file_from_path(path, &data, INT_MAX, NULL, READING_POLICY);
+ rc = kernel_read_file_from_path(path, 0, &data, INT_MAX, NULL,
+ READING_POLICY);
if (rc < 0) {
pr_err("Unable to open file: %s (%d)", path, rc);
return rc;