Re: [PATCH 3/3] ima: use fs method to read integrity data

From: Mimi Zohar
Date: Fri Sep 15 2017 - 11:21:45 EST

Next message: Roman Gushchin: "Re: [v8 0/4] cgroup-aware OOM killer"
Previous message: Jarkko Sakkinen: "Re: [PATCH v2 2/4] tpm: define __wait_for_tpm_stat to specify variable polling sleep time"
In reply to: Christoph Hellwig: "Re: [PATCH 3/3] ima: use fs method to read integrity data"
Next in thread: Mimi Zohar: "Re: [PATCH 3/3] ima: use fs method to read integrity data (updated patch description)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2017-09-15 at 07:49 -0700, Christoph Hellwig wrote:
> On Thu, Sep 14, 2017 at 10:50:27PM -0700, Linus Torvalds wrote:
> > This is still wrong.
> >
> > (a) there is no explanation for why we need that exclusive lock in the
> > first place
> >
> > Why should a read need exclusive access? You'd think shared is sufficient.
> > But regardless, it needs *explanation*.
>
> Shared is sufficient, and nothing in the patch (except for the
> description) actually requires an exclusive lock. It just happens that
> ima holds it exclusive for other internal reasons.

Although reading the file to calculate the file hash doesn't require
taking the lock exclusively, in either "fix" mode or called from
__fput, immediately after calculating the file hash, the file hash is
written out as an xattr. ÂWriting the xattr requires taking the lock
exclusively.

Mimi

Next message: Roman Gushchin: "Re: [v8 0/4] cgroup-aware OOM killer"
Previous message: Jarkko Sakkinen: "Re: [PATCH v2 2/4] tpm: define __wait_for_tpm_stat to specify variable polling sleep time"
In reply to: Christoph Hellwig: "Re: [PATCH 3/3] ima: use fs method to read integrity data"
Next in thread: Mimi Zohar: "Re: [PATCH 3/3] ima: use fs method to read integrity data (updated patch description)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]