From: Kees Cook > Sent: 17 July 2020 18:43 > In preparation for further refactoring of kernel_read_file*(), rename > the "max_size" argument to the more accurate "buf_size", and correct > its type to size_t. Add kerndoc to explain the specifics of how the > arguments will be used. Note that with buf_size now size_t, it can no > longer be negative (and was never called with a negative value). Adjust > callers to use it as a "maximum size" when *buf is NULL. > > Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> > --- > fs/kernel_read_file.c | 34 +++++++++++++++++++++++--------- > include/linux/kernel_read_file.h | 8 ++++---- > security/integrity/digsig.c | 2 +- > security/integrity/ima/ima_fs.c | 2 +- > 4 files changed, 31 insertions(+), 15 deletions(-) > > diff --git a/fs/kernel_read_file.c b/fs/kernel_read_file.c > index dc28a8def597..e21a76001fff 100644 > --- a/fs/kernel_read_file.c > +++ b/fs/kernel_read_file.c > @@ -5,15 +5,31 @@ > #include <linux/security.h> > #include <linux/vmalloc.h> > > +/** > + * kernel_read_file() - read file contents into a kernel buffer > + * > + * @file file to read from > + * @buf pointer to a "void *" buffer for reading into (if > + * *@buf is NULL, a buffer will be allocated, and > + * @buf_size will be ignored) > + * @buf_size size of buf, if already allocated. If @buf not > + * allocated, this is the largest size to allocate. > + * @id the kernel_read_file_id identifying the type of > + * file contents being read (for LSMs to examine) > + * > + * Returns number of bytes read (no single read will be bigger > + * than INT_MAX), or negative on error. > + * > + */ That seems to be self-inconsistent. If '*buf' is NULL is both says that buf_size is ignored and is treated as a limit. To make life easier, zero should probably be treated as no-limit. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
