|           Line data    Source code 
       1             : // SPDX-License-Identifier: GPL-2.0-only
       2             : #include <linux/fs.h>
       3             : #include <linux/fs_struct.h>
       4             : #include <linux/kernel_read_file.h>
       5             : #include <linux/security.h>
       6             : #include <linux/vmalloc.h>
       7             : 
       8             : /**
       9             :  * kernel_read_file() - read file contents into a kernel buffer
      10             :  *
      11             :  * @file        file to read from
      12             :  * @offset      where to start reading from (see below).
      13             :  * @buf         pointer to a "void *" buffer for reading into (if
      14             :  *              *@buf is NULL, a buffer will be allocated, and
      15             :  *              @buf_size will be ignored)
      16             :  * @buf_size    size of buf, if already allocated. If @buf not
      17             :  *              allocated, this is the largest size to allocate.
      18             :  * @file_size   if non-NULL, the full size of @file will be
      19             :  *              written here.
      20             :  * @id          the kernel_read_file_id identifying the type of
      21             :  *              file contents being read (for LSMs to examine)
      22             :  *
      23             :  * @offset must be 0 unless both @buf and @file_size are non-NULL
      24             :  * (i.e. the caller must be expecting to read partial file contents
      25             :  * via an already-allocated @buf, in at most @buf_size chunks, and
      26             :  * will be able to determine when the entire file was read by
      27             :  * checking @file_size). This isn't a recommended way to read a
      28             :  * file, though, since it is possible that the contents might
      29             :  * change between calls to kernel_read_file().
      30             :  *
      31             :  * Returns number of bytes read (no single read will be bigger
      32             :  * than INT_MAX), or negative on error.
      33             :  *
      34             :  */
      35           0 : int kernel_read_file(struct file *file, loff_t offset, void **buf,
      36             :                      size_t buf_size, size_t *file_size,
      37             :                      enum kernel_read_file_id id)
      38             : {
      39             :         loff_t i_size, pos;
      40             :         size_t copied;
      41           0 :         void *allocated = NULL;
      42             :         bool whole_file;
      43             :         int ret;
      44             : 
      45           0 :         if (offset != 0 && (!*buf || !file_size))
      46             :                 return -EINVAL;
      47             : 
      48           0 :         if (!S_ISREG(file_inode(file)->i_mode))
      49             :                 return -EINVAL;
      50             : 
      51           0 :         ret = deny_write_access(file);
      52           0 :         if (ret)
      53             :                 return ret;
      54             : 
      55           0 :         i_size = i_size_read(file_inode(file));
      56           0 :         if (i_size <= 0) {
      57             :                 ret = -EINVAL;
      58             :                 goto out;
      59             :         }
      60             :         /* The file is too big for sane activities. */
      61           0 :         if (i_size > INT_MAX) {
      62             :                 ret = -EFBIG;
      63             :                 goto out;
      64             :         }
      65             :         /* The entire file cannot be read in one buffer. */
      66           0 :         if (!file_size && offset == 0 && i_size > buf_size) {
      67             :                 ret = -EFBIG;
      68             :                 goto out;
      69             :         }
      70             : 
      71           0 :         whole_file = (offset == 0 && i_size <= buf_size);
      72           0 :         ret = security_kernel_read_file(file, id, whole_file);
      73             :         if (ret)
      74             :                 goto out;
      75             : 
      76           0 :         if (file_size)
      77           0 :                 *file_size = i_size;
      78             : 
      79           0 :         if (!*buf)
      80           0 :                 *buf = allocated = vmalloc(i_size);
      81           0 :         if (!*buf) {
      82             :                 ret = -ENOMEM;
      83             :                 goto out;
      84             :         }
      85             : 
      86           0 :         pos = offset;
      87           0 :         copied = 0;
      88           0 :         while (copied < buf_size) {
      89             :                 ssize_t bytes;
      90           0 :                 size_t wanted = min_t(size_t, buf_size - copied,
      91             :                                               i_size - pos);
      92             : 
      93           0 :                 bytes = kernel_read(file, *buf + copied, wanted, &pos);
      94           0 :                 if (bytes < 0) {
      95           0 :                         ret = bytes;
      96           0 :                         goto out_free;
      97             :                 }
      98             : 
      99           0 :                 if (bytes == 0)
     100             :                         break;
     101           0 :                 copied += bytes;
     102             :         }
     103             : 
     104           0 :         if (whole_file) {
     105           0 :                 if (pos != i_size) {
     106             :                         ret = -EIO;
     107             :                         goto out_free;
     108             :                 }
     109             : 
     110           0 :                 ret = security_kernel_post_read_file(file, *buf, i_size, id);
     111             :         }
     112             : 
     113             : out_free:
     114           0 :         if (ret < 0) {
     115           0 :                 if (allocated) {
     116           0 :                         vfree(*buf);
     117           0 :                         *buf = NULL;
     118             :                 }
     119             :         }
     120             : 
     121             : out:
     122           0 :         allow_write_access(file);
     123           0 :         return ret == 0 ? copied : ret;
     124             : }
     125             : EXPORT_SYMBOL_GPL(kernel_read_file);
     126             : 
     127           0 : int kernel_read_file_from_path(const char *path, loff_t offset, void **buf,
     128             :                                size_t buf_size, size_t *file_size,
     129             :                                enum kernel_read_file_id id)
     130             : {
     131             :         struct file *file;
     132             :         int ret;
     133             : 
     134           0 :         if (!path || !*path)
     135             :                 return -EINVAL;
     136             : 
     137           0 :         file = filp_open(path, O_RDONLY, 0);
     138           0 :         if (IS_ERR(file))
     139           0 :                 return PTR_ERR(file);
     140             : 
     141           0 :         ret = kernel_read_file(file, offset, buf, buf_size, file_size, id);
     142           0 :         fput(file);
     143           0 :         return ret;
     144             : }
     145             : EXPORT_SYMBOL_GPL(kernel_read_file_from_path);
     146             : 
     147           0 : int kernel_read_file_from_path_initns(const char *path, loff_t offset,
     148             :                                       void **buf, size_t buf_size,
     149             :                                       size_t *file_size,
     150             :                                       enum kernel_read_file_id id)
     151             : {
     152             :         struct file *file;
     153             :         struct path root;
     154             :         int ret;
     155             : 
     156           0 :         if (!path || !*path)
     157             :                 return -EINVAL;
     158             : 
     159           0 :         task_lock(&init_task);
     160           0 :         get_fs_root(init_task.fs, &root);
     161           0 :         task_unlock(&init_task);
     162             : 
     163           0 :         file = file_open_root(&root, path, O_RDONLY, 0);
     164           0 :         path_put(&root);
     165           0 :         if (IS_ERR(file))
     166           0 :                 return PTR_ERR(file);
     167             : 
     168           0 :         ret = kernel_read_file(file, offset, buf, buf_size, file_size, id);
     169           0 :         fput(file);
     170           0 :         return ret;
     171             : }
     172             : EXPORT_SYMBOL_GPL(kernel_read_file_from_path_initns);
     173             : 
     174           0 : int kernel_read_file_from_fd(int fd, loff_t offset, void **buf,
     175             :                              size_t buf_size, size_t *file_size,
     176             :                              enum kernel_read_file_id id)
     177             : {
     178           0 :         struct fd f = fdget(fd);
     179           0 :         int ret = -EBADF;
     180             : 
     181           0 :         if (!f.file || !(f.file->f_mode & FMODE_READ))
     182             :                 goto out;
     183             : 
     184           0 :         ret = kernel_read_file(f.file, offset, buf, buf_size, file_size, id);
     185             : out:
     186           0 :         fdput(f);
     187           0 :         return ret;
     188             : }
     189             : EXPORT_SYMBOL_GPL(kernel_read_file_from_fd);
 |