Skip to content

Commit c43e259

Browse files
author
James Morris
committed
security: call security_file_permission from rw_verify_area
All instances of rw_verify_area() are followed by a call to security_file_permission(), so just call the latter from the former. Acked-by: Eric Paris <[email protected]> Signed-off-by: James Morris <[email protected]>
1 parent bced952 commit c43e259

File tree

3 files changed

+24
-51
lines changed

3 files changed

+24
-51
lines changed

fs/compat.c

Lines changed: 0 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1104,10 +1104,6 @@ static ssize_t compat_do_readv_writev(int type, struct file *file,
11041104
if (ret < 0)
11051105
goto out;
11061106

1107-
ret = security_file_permission(file, type == READ ? MAY_READ:MAY_WRITE);
1108-
if (ret)
1109-
goto out;
1110-
11111107
fnv = NULL;
11121108
if (type == READ) {
11131109
fn = file->f_op->read;

fs/read_write.c

Lines changed: 24 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -197,25 +197,27 @@ int rw_verify_area(int read_write, struct file *file, loff_t *ppos, size_t count
197197
{
198198
struct inode *inode;
199199
loff_t pos;
200+
int retval = -EINVAL;
200201

201202
inode = file->f_path.dentry->d_inode;
202203
if (unlikely((ssize_t) count < 0))
203-
goto Einval;
204+
return retval;
204205
pos = *ppos;
205206
if (unlikely((pos < 0) || (loff_t) (pos + count) < 0))
206-
goto Einval;
207+
return retval;
207208

208209
if (unlikely(inode->i_flock && mandatory_lock(inode))) {
209-
int retval = locks_mandatory_area(
210+
retval = locks_mandatory_area(
210211
read_write == READ ? FLOCK_VERIFY_READ : FLOCK_VERIFY_WRITE,
211212
inode, file, pos, count);
212213
if (retval < 0)
213214
return retval;
214215
}
216+
retval = security_file_permission(file,
217+
read_write == READ ? MAY_READ : MAY_WRITE);
218+
if (retval)
219+
return retval;
215220
return count > MAX_RW_COUNT ? MAX_RW_COUNT : count;
216-
217-
Einval:
218-
return -EINVAL;
219221
}
220222

221223
static void wait_on_retry_sync_kiocb(struct kiocb *iocb)
@@ -267,18 +269,15 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
267269
ret = rw_verify_area(READ, file, pos, count);
268270
if (ret >= 0) {
269271
count = ret;
270-
ret = security_file_permission (file, MAY_READ);
271-
if (!ret) {
272-
if (file->f_op->read)
273-
ret = file->f_op->read(file, buf, count, pos);
274-
else
275-
ret = do_sync_read(file, buf, count, pos);
276-
if (ret > 0) {
277-
fsnotify_access(file->f_path.dentry);
278-
add_rchar(current, ret);
279-
}
280-
inc_syscr(current);
272+
if (file->f_op->read)
273+
ret = file->f_op->read(file, buf, count, pos);
274+
else
275+
ret = do_sync_read(file, buf, count, pos);
276+
if (ret > 0) {
277+
fsnotify_access(file->f_path.dentry);
278+
add_rchar(current, ret);
281279
}
280+
inc_syscr(current);
282281
}
283282

284283
return ret;
@@ -325,18 +324,15 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_
325324
ret = rw_verify_area(WRITE, file, pos, count);
326325
if (ret >= 0) {
327326
count = ret;
328-
ret = security_file_permission (file, MAY_WRITE);
329-
if (!ret) {
330-
if (file->f_op->write)
331-
ret = file->f_op->write(file, buf, count, pos);
332-
else
333-
ret = do_sync_write(file, buf, count, pos);
334-
if (ret > 0) {
335-
fsnotify_modify(file->f_path.dentry);
336-
add_wchar(current, ret);
337-
}
338-
inc_syscw(current);
327+
if (file->f_op->write)
328+
ret = file->f_op->write(file, buf, count, pos);
329+
else
330+
ret = do_sync_write(file, buf, count, pos);
331+
if (ret > 0) {
332+
fsnotify_modify(file->f_path.dentry);
333+
add_wchar(current, ret);
339334
}
335+
inc_syscw(current);
340336
}
341337

342338
return ret;
@@ -603,9 +599,6 @@ static ssize_t do_readv_writev(int type, struct file *file,
603599
ret = rw_verify_area(type, file, pos, tot_len);
604600
if (ret < 0)
605601
goto out;
606-
ret = security_file_permission(file, type == READ ? MAY_READ : MAY_WRITE);
607-
if (ret)
608-
goto out;
609602

610603
fnv = NULL;
611604
if (type == READ) {
@@ -737,10 +730,6 @@ static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos,
737730
goto fput_in;
738731
count = retval;
739732

740-
retval = security_file_permission (in_file, MAY_READ);
741-
if (retval)
742-
goto fput_in;
743-
744733
/*
745734
* Get output file, and verify that it is ok..
746735
*/
@@ -759,10 +748,6 @@ static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos,
759748
goto fput_out;
760749
count = retval;
761750

762-
retval = security_file_permission (out_file, MAY_WRITE);
763-
if (retval)
764-
goto fput_out;
765-
766751
if (!max)
767752
max = min(in_inode->i_sb->s_maxbytes, out_inode->i_sb->s_maxbytes);
768753

fs/splice.c

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -908,10 +908,6 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
908908
if (unlikely(ret < 0))
909909
return ret;
910910

911-
ret = security_file_permission(out, MAY_WRITE);
912-
if (unlikely(ret < 0))
913-
return ret;
914-
915911
return out->f_op->splice_write(pipe, out, ppos, len, flags);
916912
}
917913

@@ -934,10 +930,6 @@ static long do_splice_to(struct file *in, loff_t *ppos,
934930
if (unlikely(ret < 0))
935931
return ret;
936932

937-
ret = security_file_permission(in, MAY_READ);
938-
if (unlikely(ret < 0))
939-
return ret;
940-
941933
return in->f_op->splice_read(in, ppos, pipe, len, flags);
942934
}
943935

0 commit comments

Comments
 (0)