[PATCH 3/3] ima: use fs method to read integrity data
From: Mimi Zohar <hidden>
Date: 2017-09-15 15:21:39
Also in:
lkml
Possibly related (same subject, not in this thread)
- 2017-09-15 · Re: [PATCH 3/3] ima: use fs method to read integrity data · Linus Torvalds <torvalds@linux-foundation.org>
- 2017-09-15 · Re: [PATCH 3/3] ima: use fs method to read integrity data · Mimi Zohar <hidden>
- 2017-09-15 · Re: [PATCH 3/3] ima: use fs method to read integrity data · Mimi Zohar <hidden>
- 2017-09-15 · [PATCH 3/3] ima: use fs method to read integrity data · Mimi Zohar <hidden>
On Fri, 2017-09-15 at 07:49 -0700, Christoph Hellwig wrote:
On Thu, Sep 14, 2017 at 10:50:27PM -0700, Linus Torvalds wrote:quoted
This is still wrong. (a) there is no explanation for why we need that exclusive lock in the first place Why should a read need exclusive access? You'd think shared is sufficient. But regardless, it needs *explanation*.Shared is sufficient, and nothing in the patch (except for the description) actually requires an exclusive lock. It just happens that ima holds it exclusive for other internal reasons.
Although reading the file to calculate the file hash doesn't require taking the lock exclusively, in either "fix" mode or called from __fput, immediately after calculating the file hash, the file hash is written out as an xattr. ?Writing the xattr requires taking the lock exclusively. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html