On Fri, Jul 17, 2020 at 12:04:18PM -0700, Scott Branden wrote:There is something wrong with this patch. I apply patches 1-5 and these pass the kernel self test.
On 2020-07-17 10:43 a.m., Kees Cook wrote:Yes; an entirely reasonable concern. This is why I add the file_size
In preparation for refactoring kernel_read_file*(), remove the redundantI don't think the size argument is redundant though.
"size" argument which is not needed: it can be included in the return
The existing kernel_read_file functions always read the whole file.
Now, what happens if the file is bigger than the buffer.
How does kernel_read_file know it read the whole file by looking at the
return value?
output argument later in the series.
No, for two reasons: then we need to change the return value and likelycode, with callers adjusted. (VFS reads already cannot be larger thanShould this be SSIZE_MAX?
INT_MAX.)
[...]
- if (i_size > SIZE_MAX || (max_size > 0 && i_size > max_size)) {
+ if (i_size > INT_MAX || (max_size > 0 && i_size > max_size)) {
the callers need more careful checks, and more importantly, because the
VFS already limits single read actions to INT_MAX, so limits above this
make no sense. Win win! :)