xref: /linux-6.15/fs/kernel_read_file.c (revision 6348be02) 
15287b07fSKees Cook // SPDX-License-Identifier: GPL-2.0-only
25287b07fSKees Cook #include <linux/fs.h>
35287b07fSKees Cook #include <linux/fs_struct.h>
45287b07fSKees Cook #include <linux/kernel_read_file.h>
55287b07fSKees Cook #include <linux/security.h>
65287b07fSKees Cook #include <linux/vmalloc.h>
75287b07fSKees Cook 
8113eeb51SKees Cook /**
9113eeb51SKees Cook  * kernel_read_file() - read file contents into a kernel buffer
10113eeb51SKees Cook  *
1135931eb3SMatthew Wilcox (Oracle)  * @file:	file to read from
1235931eb3SMatthew Wilcox (Oracle)  * @offset:	where to start reading from (see below).
1335931eb3SMatthew Wilcox (Oracle)  * @buf:	pointer to a "void *" buffer for reading into (if
14113eeb51SKees Cook  *		*@buf is NULL, a buffer will be allocated, and
15113eeb51SKees Cook  *		@buf_size will be ignored)
1635931eb3SMatthew Wilcox (Oracle)  * @buf_size:	size of buf, if already allocated. If @buf not
17113eeb51SKees Cook  *		allocated, this is the largest size to allocate.
1835931eb3SMatthew Wilcox (Oracle)  * @file_size:	if non-NULL, the full size of @file will be
1988535288SKees Cook  *		written here.
2035931eb3SMatthew Wilcox (Oracle)  * @id:		the kernel_read_file_id identifying the type of
21113eeb51SKees Cook  *		file contents being read (for LSMs to examine)
22113eeb51SKees Cook  *
230fa8e084SKees Cook  * @offset must be 0 unless both @buf and @file_size are non-NULL
240fa8e084SKees Cook  * (i.e. the caller must be expecting to read partial file contents
250fa8e084SKees Cook  * via an already-allocated @buf, in at most @buf_size chunks, and
260fa8e084SKees Cook  * will be able to determine when the entire file was read by
270fa8e084SKees Cook  * checking @file_size). This isn't a recommended way to read a
280fa8e084SKees Cook  * file, though, since it is possible that the contents might
290fa8e084SKees Cook  * change between calls to kernel_read_file().
300fa8e084SKees Cook  *
31113eeb51SKees Cook  * Returns number of bytes read (no single read will be bigger
32dabba872SPasha Tatashin  * than SSIZE_MAX), or negative on error.
33113eeb51SKees Cook  *
34113eeb51SKees Cook  */
kernel_read_file(struct file * file,loff_t offset,void ** buf,size_t buf_size,size_t * file_size,enum kernel_read_file_id id)35dabba872SPasha Tatashin ssize_t kernel_read_file(struct file *file, loff_t offset, void **buf,
3688535288SKees Cook 			 size_t buf_size, size_t *file_size,
3788535288SKees Cook 			 enum kernel_read_file_id id)
385287b07fSKees Cook {
395287b07fSKees Cook 	loff_t i_size, pos;
40dabba872SPasha Tatashin 	ssize_t copied;
415287b07fSKees Cook 	void *allocated = NULL;
420fa8e084SKees Cook 	bool whole_file;
435287b07fSKees Cook 	int ret;
445287b07fSKees Cook 
450fa8e084SKees Cook 	if (offset != 0 && (!*buf || !file_size))
460fa8e084SKees Cook 		return -EINVAL;
470fa8e084SKees Cook 
48113eeb51SKees Cook 	if (!S_ISREG(file_inode(file)->i_mode))
495287b07fSKees Cook 		return -EINVAL;
505287b07fSKees Cook 
515287b07fSKees Cook 	ret = deny_write_access(file);
525287b07fSKees Cook 	if (ret)
535287b07fSKees Cook 		return ret;
545287b07fSKees Cook 
555287b07fSKees Cook 	i_size = i_size_read(file_inode(file));
565287b07fSKees Cook 	if (i_size <= 0) {
575287b07fSKees Cook 		ret = -EINVAL;
585287b07fSKees Cook 		goto out;
595287b07fSKees Cook 	}
600fa8e084SKees Cook 	/* The file is too big for sane activities. */
61dabba872SPasha Tatashin 	if (i_size > SSIZE_MAX) {
625287b07fSKees Cook 		ret = -EFBIG;
635287b07fSKees Cook 		goto out;
645287b07fSKees Cook 	}
650fa8e084SKees Cook 	/* The entire file cannot be read in one buffer. */
660fa8e084SKees Cook 	if (!file_size && offset == 0 && i_size > buf_size) {
670fa8e084SKees Cook 		ret = -EFBIG;
680fa8e084SKees Cook 		goto out;
690fa8e084SKees Cook 	}
700fa8e084SKees Cook 
710fa8e084SKees Cook 	whole_file = (offset == 0 && i_size <= buf_size);
720fa8e084SKees Cook 	ret = security_kernel_read_file(file, id, whole_file);
730fa8e084SKees Cook 	if (ret)
740fa8e084SKees Cook 		goto out;
750fa8e084SKees Cook 
7688535288SKees Cook 	if (file_size)
7788535288SKees Cook 		*file_size = i_size;
785287b07fSKees Cook 
795287b07fSKees Cook 	if (!*buf)
805287b07fSKees Cook 		*buf = allocated = vmalloc(i_size);
815287b07fSKees Cook 	if (!*buf) {
825287b07fSKees Cook 		ret = -ENOMEM;
835287b07fSKees Cook 		goto out;
845287b07fSKees Cook 	}
855287b07fSKees Cook 
860fa8e084SKees Cook 	pos = offset;
870fa8e084SKees Cook 	copied = 0;
880fa8e084SKees Cook 	while (copied < buf_size) {
890fa8e084SKees Cook 		ssize_t bytes;
900fa8e084SKees Cook 		size_t wanted = min_t(size_t, buf_size - copied,
910fa8e084SKees Cook 					      i_size - pos);
920fa8e084SKees Cook 
930fa8e084SKees Cook 		bytes = kernel_read(file, *buf + copied, wanted, &pos);
945287b07fSKees Cook 		if (bytes < 0) {
955287b07fSKees Cook 			ret = bytes;
965287b07fSKees Cook 			goto out_free;
975287b07fSKees Cook 		}
985287b07fSKees Cook 
995287b07fSKees Cook 		if (bytes == 0)
1005287b07fSKees Cook 			break;
1010fa8e084SKees Cook 		copied += bytes;
1025287b07fSKees Cook 	}
1035287b07fSKees Cook 
1040fa8e084SKees Cook 	if (whole_file) {
1055287b07fSKees Cook 		if (pos != i_size) {
1065287b07fSKees Cook 			ret = -EIO;
1075287b07fSKees Cook 			goto out_free;
1085287b07fSKees Cook 		}
1095287b07fSKees Cook 
1105287b07fSKees Cook 		ret = security_kernel_post_read_file(file, *buf, i_size, id);
1110fa8e084SKees Cook 	}
1125287b07fSKees Cook 
1135287b07fSKees Cook out_free:
1145287b07fSKees Cook 	if (ret < 0) {
1155287b07fSKees Cook 		if (allocated) {
1165287b07fSKees Cook 			vfree(*buf);
1175287b07fSKees Cook 			*buf = NULL;
1185287b07fSKees Cook 		}
1195287b07fSKees Cook 	}
1205287b07fSKees Cook 
1215287b07fSKees Cook out:
1225287b07fSKees Cook 	allow_write_access(file);
1230fa8e084SKees Cook 	return ret == 0 ? copied : ret;
1245287b07fSKees Cook }
1255287b07fSKees Cook EXPORT_SYMBOL_GPL(kernel_read_file);
1265287b07fSKees Cook 
kernel_read_file_from_path(const char * path,loff_t offset,void ** buf,size_t buf_size,size_t * file_size,enum kernel_read_file_id id)127dabba872SPasha Tatashin ssize_t kernel_read_file_from_path(const char *path, loff_t offset, void **buf,
12888535288SKees Cook 				   size_t buf_size, size_t *file_size,
12988535288SKees Cook 				   enum kernel_read_file_id id)
1305287b07fSKees Cook {
1315287b07fSKees Cook 	struct file *file;
132dabba872SPasha Tatashin 	ssize_t ret;
1335287b07fSKees Cook 
1345287b07fSKees Cook 	if (!path || !*path)
1355287b07fSKees Cook 		return -EINVAL;
1365287b07fSKees Cook 
1375287b07fSKees Cook 	file = filp_open(path, O_RDONLY, 0);
1385287b07fSKees Cook 	if (IS_ERR(file))
1395287b07fSKees Cook 		return PTR_ERR(file);
1405287b07fSKees Cook 
1410fa8e084SKees Cook 	ret = kernel_read_file(file, offset, buf, buf_size, file_size, id);
1425287b07fSKees Cook 	fput(file);
1435287b07fSKees Cook 	return ret;
1445287b07fSKees Cook }
1455287b07fSKees Cook EXPORT_SYMBOL_GPL(kernel_read_file_from_path);
1465287b07fSKees Cook 
kernel_read_file_from_path_initns(const char * path,loff_t offset,void ** buf,size_t buf_size,size_t * file_size,enum kernel_read_file_id id)147dabba872SPasha Tatashin ssize_t kernel_read_file_from_path_initns(const char *path, loff_t offset,
1480fa8e084SKees Cook 					  void **buf, size_t buf_size,
1490fa8e084SKees Cook 					  size_t *file_size,
1505287b07fSKees Cook 					  enum kernel_read_file_id id)
1515287b07fSKees Cook {
1525287b07fSKees Cook 	struct file *file;
1535287b07fSKees Cook 	struct path root;
154dabba872SPasha Tatashin 	ssize_t ret;
1555287b07fSKees Cook 
1565287b07fSKees Cook 	if (!path || !*path)
1575287b07fSKees Cook 		return -EINVAL;
1585287b07fSKees Cook 
1595287b07fSKees Cook 	task_lock(&init_task);
1605287b07fSKees Cook 	get_fs_root(init_task.fs, &root);
1615287b07fSKees Cook 	task_unlock(&init_task);
1625287b07fSKees Cook 
163ffb37ca3SAl Viro 	file = file_open_root(&root, path, O_RDONLY, 0);
1645287b07fSKees Cook 	path_put(&root);
1655287b07fSKees Cook 	if (IS_ERR(file))
1665287b07fSKees Cook 		return PTR_ERR(file);
1675287b07fSKees Cook 
1680fa8e084SKees Cook 	ret = kernel_read_file(file, offset, buf, buf_size, file_size, id);
1695287b07fSKees Cook 	fput(file);
1705287b07fSKees Cook 	return ret;
1715287b07fSKees Cook }
1725287b07fSKees Cook EXPORT_SYMBOL_GPL(kernel_read_file_from_path_initns);
1735287b07fSKees Cook 
kernel_read_file_from_fd(int fd,loff_t offset,void ** buf,size_t buf_size,size_t * file_size,enum kernel_read_file_id id)174dabba872SPasha Tatashin ssize_t kernel_read_file_from_fd(int fd, loff_t offset, void **buf,
1750fa8e084SKees Cook 				 size_t buf_size, size_t *file_size,
1765287b07fSKees Cook 				 enum kernel_read_file_id id)
1775287b07fSKees Cook {
178*6348be02SAl Viro 	CLASS(fd, f)(fd);
1795287b07fSKees Cook 
180*6348be02SAl Viro 	if (fd_empty(f) || !(fd_file(f)->f_mode & FMODE_READ))
181*6348be02SAl Viro 		return -EBADF;
1825287b07fSKees Cook 
183*6348be02SAl Viro 	return kernel_read_file(fd_file(f), offset, buf, buf_size, file_size, id);
1845287b07fSKees Cook }
1855287b07fSKees Cook EXPORT_SYMBOL_GPL(kernel_read_file_from_fd);
186