162306a36Sopenharmony_ci// SPDX-License-Identifier: GPL-2.0-only
262306a36Sopenharmony_ci#include <linux/fs.h>
362306a36Sopenharmony_ci#include <linux/fs_struct.h>
462306a36Sopenharmony_ci#include <linux/kernel_read_file.h>
562306a36Sopenharmony_ci#include <linux/security.h>
662306a36Sopenharmony_ci#include <linux/vmalloc.h>
762306a36Sopenharmony_ci
862306a36Sopenharmony_ci/**
962306a36Sopenharmony_ci * kernel_read_file() - read file contents into a kernel buffer
1062306a36Sopenharmony_ci *
1162306a36Sopenharmony_ci * @file:	file to read from
1262306a36Sopenharmony_ci * @offset:	where to start reading from (see below).
1362306a36Sopenharmony_ci * @buf:	pointer to a "void *" buffer for reading into (if
1462306a36Sopenharmony_ci *		*@buf is NULL, a buffer will be allocated, and
1562306a36Sopenharmony_ci *		@buf_size will be ignored)
1662306a36Sopenharmony_ci * @buf_size:	size of buf, if already allocated. If @buf not
1762306a36Sopenharmony_ci *		allocated, this is the largest size to allocate.
1862306a36Sopenharmony_ci * @file_size:	if non-NULL, the full size of @file will be
1962306a36Sopenharmony_ci *		written here.
2062306a36Sopenharmony_ci * @id:		the kernel_read_file_id identifying the type of
2162306a36Sopenharmony_ci *		file contents being read (for LSMs to examine)
2262306a36Sopenharmony_ci *
2362306a36Sopenharmony_ci * @offset must be 0 unless both @buf and @file_size are non-NULL
2462306a36Sopenharmony_ci * (i.e. the caller must be expecting to read partial file contents
2562306a36Sopenharmony_ci * via an already-allocated @buf, in at most @buf_size chunks, and
2662306a36Sopenharmony_ci * will be able to determine when the entire file was read by
2762306a36Sopenharmony_ci * checking @file_size). This isn't a recommended way to read a
2862306a36Sopenharmony_ci * file, though, since it is possible that the contents might
2962306a36Sopenharmony_ci * change between calls to kernel_read_file().
3062306a36Sopenharmony_ci *
3162306a36Sopenharmony_ci * Returns number of bytes read (no single read will be bigger
3262306a36Sopenharmony_ci * than SSIZE_MAX), or negative on error.
3362306a36Sopenharmony_ci *
3462306a36Sopenharmony_ci */
3562306a36Sopenharmony_cissize_t kernel_read_file(struct file *file, loff_t offset, void **buf,
3662306a36Sopenharmony_ci			 size_t buf_size, size_t *file_size,
3762306a36Sopenharmony_ci			 enum kernel_read_file_id id)
3862306a36Sopenharmony_ci{
3962306a36Sopenharmony_ci	loff_t i_size, pos;
4062306a36Sopenharmony_ci	ssize_t copied;
4162306a36Sopenharmony_ci	void *allocated = NULL;
4262306a36Sopenharmony_ci	bool whole_file;
4362306a36Sopenharmony_ci	int ret;
4462306a36Sopenharmony_ci
4562306a36Sopenharmony_ci	if (offset != 0 && (!*buf || !file_size))
4662306a36Sopenharmony_ci		return -EINVAL;
4762306a36Sopenharmony_ci
4862306a36Sopenharmony_ci	if (!S_ISREG(file_inode(file)->i_mode))
4962306a36Sopenharmony_ci		return -EINVAL;
5062306a36Sopenharmony_ci
5162306a36Sopenharmony_ci	ret = deny_write_access(file);
5262306a36Sopenharmony_ci	if (ret)
5362306a36Sopenharmony_ci		return ret;
5462306a36Sopenharmony_ci
5562306a36Sopenharmony_ci	i_size = i_size_read(file_inode(file));
5662306a36Sopenharmony_ci	if (i_size <= 0) {
5762306a36Sopenharmony_ci		ret = -EINVAL;
5862306a36Sopenharmony_ci		goto out;
5962306a36Sopenharmony_ci	}
6062306a36Sopenharmony_ci	/* The file is too big for sane activities. */
6162306a36Sopenharmony_ci	if (i_size > SSIZE_MAX) {
6262306a36Sopenharmony_ci		ret = -EFBIG;
6362306a36Sopenharmony_ci		goto out;
6462306a36Sopenharmony_ci	}
6562306a36Sopenharmony_ci	/* The entire file cannot be read in one buffer. */
6662306a36Sopenharmony_ci	if (!file_size && offset == 0 && i_size > buf_size) {
6762306a36Sopenharmony_ci		ret = -EFBIG;
6862306a36Sopenharmony_ci		goto out;
6962306a36Sopenharmony_ci	}
7062306a36Sopenharmony_ci
7162306a36Sopenharmony_ci	whole_file = (offset == 0 && i_size <= buf_size);
7262306a36Sopenharmony_ci	ret = security_kernel_read_file(file, id, whole_file);
7362306a36Sopenharmony_ci	if (ret)
7462306a36Sopenharmony_ci		goto out;
7562306a36Sopenharmony_ci
7662306a36Sopenharmony_ci	if (file_size)
7762306a36Sopenharmony_ci		*file_size = i_size;
7862306a36Sopenharmony_ci
7962306a36Sopenharmony_ci	if (!*buf)
8062306a36Sopenharmony_ci		*buf = allocated = vmalloc(i_size);
8162306a36Sopenharmony_ci	if (!*buf) {
8262306a36Sopenharmony_ci		ret = -ENOMEM;
8362306a36Sopenharmony_ci		goto out;
8462306a36Sopenharmony_ci	}
8562306a36Sopenharmony_ci
8662306a36Sopenharmony_ci	pos = offset;
8762306a36Sopenharmony_ci	copied = 0;
8862306a36Sopenharmony_ci	while (copied < buf_size) {
8962306a36Sopenharmony_ci		ssize_t bytes;
9062306a36Sopenharmony_ci		size_t wanted = min_t(size_t, buf_size - copied,
9162306a36Sopenharmony_ci					      i_size - pos);
9262306a36Sopenharmony_ci
9362306a36Sopenharmony_ci		bytes = kernel_read(file, *buf + copied, wanted, &pos);
9462306a36Sopenharmony_ci		if (bytes < 0) {
9562306a36Sopenharmony_ci			ret = bytes;
9662306a36Sopenharmony_ci			goto out_free;
9762306a36Sopenharmony_ci		}
9862306a36Sopenharmony_ci
9962306a36Sopenharmony_ci		if (bytes == 0)
10062306a36Sopenharmony_ci			break;
10162306a36Sopenharmony_ci		copied += bytes;
10262306a36Sopenharmony_ci	}
10362306a36Sopenharmony_ci
10462306a36Sopenharmony_ci	if (whole_file) {
10562306a36Sopenharmony_ci		if (pos != i_size) {
10662306a36Sopenharmony_ci			ret = -EIO;
10762306a36Sopenharmony_ci			goto out_free;
10862306a36Sopenharmony_ci		}
10962306a36Sopenharmony_ci
11062306a36Sopenharmony_ci		ret = security_kernel_post_read_file(file, *buf, i_size, id);
11162306a36Sopenharmony_ci	}
11262306a36Sopenharmony_ci
11362306a36Sopenharmony_ciout_free:
11462306a36Sopenharmony_ci	if (ret < 0) {
11562306a36Sopenharmony_ci		if (allocated) {
11662306a36Sopenharmony_ci			vfree(*buf);
11762306a36Sopenharmony_ci			*buf = NULL;
11862306a36Sopenharmony_ci		}
11962306a36Sopenharmony_ci	}
12062306a36Sopenharmony_ci
12162306a36Sopenharmony_ciout:
12262306a36Sopenharmony_ci	allow_write_access(file);
12362306a36Sopenharmony_ci	return ret == 0 ? copied : ret;
12462306a36Sopenharmony_ci}
12562306a36Sopenharmony_ciEXPORT_SYMBOL_GPL(kernel_read_file);
12662306a36Sopenharmony_ci
12762306a36Sopenharmony_cissize_t kernel_read_file_from_path(const char *path, loff_t offset, void **buf,
12862306a36Sopenharmony_ci				   size_t buf_size, size_t *file_size,
12962306a36Sopenharmony_ci				   enum kernel_read_file_id id)
13062306a36Sopenharmony_ci{
13162306a36Sopenharmony_ci	struct file *file;
13262306a36Sopenharmony_ci	ssize_t ret;
13362306a36Sopenharmony_ci
13462306a36Sopenharmony_ci	if (!path || !*path)
13562306a36Sopenharmony_ci		return -EINVAL;
13662306a36Sopenharmony_ci
13762306a36Sopenharmony_ci	file = filp_open(path, O_RDONLY, 0);
13862306a36Sopenharmony_ci	if (IS_ERR(file))
13962306a36Sopenharmony_ci		return PTR_ERR(file);
14062306a36Sopenharmony_ci
14162306a36Sopenharmony_ci	ret = kernel_read_file(file, offset, buf, buf_size, file_size, id);
14262306a36Sopenharmony_ci	fput(file);
14362306a36Sopenharmony_ci	return ret;
14462306a36Sopenharmony_ci}
14562306a36Sopenharmony_ciEXPORT_SYMBOL_GPL(kernel_read_file_from_path);
14662306a36Sopenharmony_ci
14762306a36Sopenharmony_cissize_t kernel_read_file_from_path_initns(const char *path, loff_t offset,
14862306a36Sopenharmony_ci					  void **buf, size_t buf_size,
14962306a36Sopenharmony_ci					  size_t *file_size,
15062306a36Sopenharmony_ci					  enum kernel_read_file_id id)
15162306a36Sopenharmony_ci{
15262306a36Sopenharmony_ci	struct file *file;
15362306a36Sopenharmony_ci	struct path root;
15462306a36Sopenharmony_ci	ssize_t ret;
15562306a36Sopenharmony_ci
15662306a36Sopenharmony_ci	if (!path || !*path)
15762306a36Sopenharmony_ci		return -EINVAL;
15862306a36Sopenharmony_ci
15962306a36Sopenharmony_ci	task_lock(&init_task);
16062306a36Sopenharmony_ci	get_fs_root(init_task.fs, &root);
16162306a36Sopenharmony_ci	task_unlock(&init_task);
16262306a36Sopenharmony_ci
16362306a36Sopenharmony_ci	file = file_open_root(&root, path, O_RDONLY, 0);
16462306a36Sopenharmony_ci	path_put(&root);
16562306a36Sopenharmony_ci	if (IS_ERR(file))
16662306a36Sopenharmony_ci		return PTR_ERR(file);
16762306a36Sopenharmony_ci
16862306a36Sopenharmony_ci	ret = kernel_read_file(file, offset, buf, buf_size, file_size, id);
16962306a36Sopenharmony_ci	fput(file);
17062306a36Sopenharmony_ci	return ret;
17162306a36Sopenharmony_ci}
17262306a36Sopenharmony_ciEXPORT_SYMBOL_GPL(kernel_read_file_from_path_initns);
17362306a36Sopenharmony_ci
17462306a36Sopenharmony_cissize_t kernel_read_file_from_fd(int fd, loff_t offset, void **buf,
17562306a36Sopenharmony_ci				 size_t buf_size, size_t *file_size,
17662306a36Sopenharmony_ci				 enum kernel_read_file_id id)
17762306a36Sopenharmony_ci{
17862306a36Sopenharmony_ci	struct fd f = fdget(fd);
17962306a36Sopenharmony_ci	ssize_t ret = -EBADF;
18062306a36Sopenharmony_ci
18162306a36Sopenharmony_ci	if (!f.file || !(f.file->f_mode & FMODE_READ))
18262306a36Sopenharmony_ci		goto out;
18362306a36Sopenharmony_ci
18462306a36Sopenharmony_ci	ret = kernel_read_file(f.file, offset, buf, buf_size, file_size, id);
18562306a36Sopenharmony_ciout:
18662306a36Sopenharmony_ci	fdput(f);
18762306a36Sopenharmony_ci	return ret;
18862306a36Sopenharmony_ci}
18962306a36Sopenharmony_ciEXPORT_SYMBOL_GPL(kernel_read_file_from_fd);
190