On Wed, Oct 06, 2021 at 09:57:22AM -0400, Theodore Ts'o wrote: > On Wed, Oct 06, 2021 at 01:17:32PM +0100, Matthew Wilcox wrote: > > finit_module() is not the only caller of kernel_read_file_from_fd() > > which passes it a fd that userspace passed in, for example > > kexec_file_load() doesn't validate the fd either. We could validate > > the fd in individual syscalls, in kernel_read_file_from_fd() > > or just do what vfs_read() does and return -EBADF without warning. > > My suggestion would be to do both, and keep a WARN() in > __kernel_read(), since that should never happen (and we want a stack > trace if it does). Agreed. -- Kees Cook
