[PATCH 093/437] integrity: convert to read/write iterators

From: Jens Axboe
Date: Thu Apr 11 2024 - 12:00:21 EST


Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
---
security/integrity/evm/evm_secfs.c | 60 +++++++++++++-----------------
security/integrity/ima/ima_fs.c | 41 ++++++++++----------
2 files changed, 44 insertions(+), 57 deletions(-)

diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index 9b907c2fee60..2ff3b5d04eae 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -29,50 +29,45 @@ static int evm_xattrs_locked;
/**
* evm_read_key - read() for <securityfs>/evm
*
- * @filp: file pointer, not actually used
- * @buf: where to put the result
- * @count: maximum to send along
- * @ppos: where to start
+ * @iocb: metadata for IO
+ * @to: where to put the result
*
* Returns number of bytes read or error code, as appropriate
*/
-static ssize_t evm_read_key(struct file *filp, char __user *buf,
- size_t count, loff_t *ppos)
+static ssize_t evm_read_key(struct kiocb *iocb, struct iov_iter *to)
{
char temp[80];
ssize_t rc;

- if (*ppos != 0)
+ if (iocb->ki_pos != 0)
return 0;

sprintf(temp, "%d", (evm_initialized & ~EVM_SETUP_COMPLETE));
- rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
+ rc = simple_copy_to_iter(temp, &iocb->ki_pos, strlen(temp), to);

return rc;
}

/**
* evm_write_key - write() for <securityfs>/evm
- * @file: file pointer, not actually used
- * @buf: where to get the data from
- * @count: bytes sent
- * @ppos: where to start
+ * @iocb: metadata for IO
+ * @from: where to get the data from
*
* Used to signal that key is on the kernel key ring.
* - get the integrity hmac key from the kernel key ring
* - create list of hmac protected extended attributes
* Returns number of bytes written or error code, as appropriate
*/
-static ssize_t evm_write_key(struct file *file, const char __user *buf,
- size_t count, loff_t *ppos)
+static ssize_t evm_write_key(struct kiocb *iocb, struct iov_iter *from)
{
+ size_t count = iov_iter_count(from);
unsigned int i;
int ret;

if (!capable(CAP_SYS_ADMIN) || (evm_initialized & EVM_SETUP_COMPLETE))
return -EPERM;

- ret = kstrtouint_from_user(buf, count, 0, &i);
+ ret = kstrtouint_from_iter(from, count, 0, &i);

if (ret)
return ret;
@@ -109,30 +104,27 @@ static ssize_t evm_write_key(struct file *file, const char __user *buf,
}

static const struct file_operations evm_key_ops = {
- .read = evm_read_key,
- .write = evm_write_key,
+ .read_iter = evm_read_key,
+ .write_iter = evm_write_key,
};

#ifdef CONFIG_EVM_ADD_XATTRS
/**
* evm_read_xattrs - read() for <securityfs>/evm_xattrs
*
- * @filp: file pointer, not actually used
- * @buf: where to put the result
- * @count: maximum to send along
- * @ppos: where to start
+ * @iocb: metadata for IO
+ * @to: where to put the result
*
* Returns number of bytes read or error code, as appropriate
*/
-static ssize_t evm_read_xattrs(struct file *filp, char __user *buf,
- size_t count, loff_t *ppos)
+static ssize_t evm_read_xattrs(struct kiocb *iocb, struct iov_iter *to)
{
char *temp;
int offset = 0;
ssize_t rc, size = 0;
struct xattr_list *xattr;

- if (*ppos != 0)
+ if (iocb->ki_pos != 0)
return 0;

rc = mutex_lock_interruptible(&xattr_list_mutex);
@@ -161,7 +153,7 @@ static ssize_t evm_read_xattrs(struct file *filp, char __user *buf,
}

mutex_unlock(&xattr_list_mutex);
- rc = simple_read_from_buffer(buf, count, ppos, temp, strlen(temp));
+ rc = simple_copy_to_iter(temp, &iocb->ki_pos, strlen(temp), to);

kfree(temp);

@@ -170,26 +162,24 @@ static ssize_t evm_read_xattrs(struct file *filp, char __user *buf,

/**
* evm_write_xattrs - write() for <securityfs>/evm_xattrs
- * @file: file pointer, not actually used
- * @buf: where to get the data from
- * @count: bytes sent
- * @ppos: where to start
+ * @iocb: metadata for IO
+ * @from: where to get the data from
*
* Returns number of bytes written or error code, as appropriate
*/
-static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
- size_t count, loff_t *ppos)
+static ssize_t evm_write_xattrs(struct kiocb *iocb, struct iov_iter *from)
{
int len, err;
struct xattr_list *xattr, *tmp;
struct audit_buffer *ab;
struct iattr newattrs;
struct inode *inode;
+ size_t count = iov_iter_count(from);

if (!capable(CAP_SYS_ADMIN) || evm_xattrs_locked)
return -EPERM;

- if (*ppos != 0)
+ if (iocb->ki_pos != 0)
return -EINVAL;

if (count > XATTR_NAME_MAX)
@@ -207,7 +197,7 @@ static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
}

xattr->enabled = true;
- xattr->name = memdup_user_nul(buf, count);
+ xattr->name = iterdup_nul(from, count);
if (IS_ERR(xattr->name)) {
err = PTR_ERR(xattr->name);
xattr->name = NULL;
@@ -278,8 +268,8 @@ static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
}

static const struct file_operations evm_xattr_ops = {
- .read = evm_read_xattrs,
- .write = evm_write_xattrs,
+ .read_iter = evm_read_xattrs,
+ .write_iter = evm_write_xattrs,
};

static int evm_init_xattrs(void)
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index cd1683dad3bf..e33896afec46 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -38,38 +38,35 @@ __setup("ima_canonical_fmt", default_canonical_fmt_setup);

static int valid_policy = 1;

-static ssize_t ima_show_htable_value(char __user *buf, size_t count,
- loff_t *ppos, atomic_long_t *val)
+static ssize_t ima_show_htable_value(struct kiocb *iocb, struct iov_iter *to,
+ atomic_long_t *val)
{
char tmpbuf[32]; /* greater than largest 'long' string value */
ssize_t len;

len = scnprintf(tmpbuf, sizeof(tmpbuf), "%li\n", atomic_long_read(val));
- return simple_read_from_buffer(buf, count, ppos, tmpbuf, len);
+ return simple_copy_to_iter(tmpbuf, &iocb->ki_pos, len, to);
}

-static ssize_t ima_show_htable_violations(struct file *filp,
- char __user *buf,
- size_t count, loff_t *ppos)
+static ssize_t ima_show_htable_violations(struct kiocb *iocb,
+ struct iov_iter *to)
{
- return ima_show_htable_value(buf, count, ppos, &ima_htable.violations);
+ return ima_show_htable_value(iocb, to, &ima_htable.violations);
}

static const struct file_operations ima_htable_violations_ops = {
- .read = ima_show_htable_violations,
+ .read_iter = ima_show_htable_violations,
.llseek = generic_file_llseek,
};

-static ssize_t ima_show_measurements_count(struct file *filp,
- char __user *buf,
- size_t count, loff_t *ppos)
+static ssize_t ima_show_measurements_count(struct kiocb *iocb,
+ struct iov_iter *to)
{
- return ima_show_htable_value(buf, count, ppos, &ima_htable.len);
-
+ return ima_show_htable_value(iocb, to, &ima_htable.len);
}

static const struct file_operations ima_measurements_count_ops = {
- .read = ima_show_measurements_count,
+ .read_iter = ima_show_measurements_count,
.llseek = generic_file_llseek,
};

@@ -200,7 +197,7 @@ static int ima_measurements_open(struct inode *inode, struct file *file)

static const struct file_operations ima_measurements_ops = {
.open = ima_measurements_open,
- .read = seq_read,
+ .read_iter = seq_read_iter,
.llseek = seq_lseek,
.release = seq_release,
};
@@ -266,7 +263,7 @@ static int ima_ascii_measurements_open(struct inode *inode, struct file *file)

static const struct file_operations ima_ascii_measurements_ops = {
.open = ima_ascii_measurements_open,
- .read = seq_read,
+ .read_iter = seq_read_iter,
.llseek = seq_lseek,
.release = seq_release,
};
@@ -311,9 +308,9 @@ static ssize_t ima_read_policy(char *path)
return pathlen;
}

-static ssize_t ima_write_policy(struct file *file, const char __user *buf,
- size_t datalen, loff_t *ppos)
+static ssize_t ima_write_policy(struct kiocb *iocb, struct iov_iter *from)
{
+ size_t datalen = iov_iter_count(from);
char *data;
ssize_t result;

@@ -322,10 +319,10 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf,

/* No partial writes. */
result = -EINVAL;
- if (*ppos != 0)
+ if (iocb->ki_pos != 0)
goto out;

- data = memdup_user_nul(buf, datalen);
+ data = iterdup_nul(from, datalen);
if (IS_ERR(data)) {
result = PTR_ERR(data);
goto out;
@@ -444,8 +441,8 @@ static int ima_release_policy(struct inode *inode, struct file *file)

static const struct file_operations ima_measure_policy_ops = {
.open = ima_open_policy,
- .write = ima_write_policy,
- .read = seq_read,
+ .write_iter = ima_write_policy,
+ .read_iter = seq_read_iter,
.release = ima_release_policy,
.llseek = generic_file_llseek,
};
--
2.43.0