diff for duplicates of <1501880831.27872.153.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index 868c623..9c35ee4 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -58,7 +58,7 @@ On Thu, 2017-08-03 at 12:56 +0200, Jan Kara wrote: > > > > This failure happens when opening a file with O_DIRECT on a block > > device that does not support dax (eg. loop). xfs makes it to here too, -> > but the call to generic_file_read_iter() fails properly with -EINVAL.? +> > but the call to generic_file_read_iter() fails properly with -EINVAL. > > (Only tested on those filesystems included that support dax (eg. ext2, > > ext4, and xfs).) > @@ -67,24 +67,19 @@ On Thu, 2017-08-03 at 12:56 +0200, Jan Kara wrote: > should care (which is probably due to my lack of knowledge about IMA). > Is O_DIRECT somehow excepted from IMA? But then why it is not for DAX? -Thank you for the explanation! ?(I was confused about the relationship -between O_DIRECT and DAX.) ?You're correct. ?IMA does not support +Thank you for the explanation! (I was confused about the relationship +between O_DIRECT and DAX.) You're correct. IMA does not support O_DIRECT in the buffered case for two reasons, locking and updating -the file hash, which are described in commit?f9b2a735bddd "ima: audit -log files opened with O_DIRECT flag". ?After reverting this commit, +the file hash, which are described in commit f9b2a735bddd "ima: audit +log files opened with O_DIRECT flag". After reverting this commit, the O_DIRECT check is needed before calling generic_file_read_iter(). -?Most likely the same would need to be done for other filesystems that -support O_DIRECT. ?Probably a generic_integrity_file_read_iter() + Most likely the same would need to be done for other filesystems that +support O_DIRECT. Probably a generic_integrity_file_read_iter() should be defined. -? + For DAX, unlike do_blockdev_direct_IO() which takes the lock, reading the file with O_DIRECT is fine, as dax_iomap_rw() only checks that the -lock has been taken. ?Assuming the file system is mounted with +lock has been taken. Assuming the file system is mounted with i_version, the file hash is updated properly. Mimi - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 7515915..a35e46f 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -4,10 +4,33 @@ "ref\020170802080108.GB2732@quack2.suse.cz\0" "ref\01501693912.20268.29.camel@linux.vnet.ibm.com\0" "ref\020170803105631.GB2579@quack2.suse.cz\0" - "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" - "Subject\0[PATCH v4 2/5] ima: use fs method to read integrity data [updated]\0" + "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" + "Subject\0Re: [PATCH v4 2/5] ima: use fs method to read integrity data [updated]\0" "Date\0Fri, 04 Aug 2017 17:07:11 -0400\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Jan Kara <jack@suse.cz>\0" + "Cc\0Christoph Hellwig <hch@lst.de>" + Al Viro <viro@zeniv.linux.org.uk> + James Morris <jmorris@namei.org> + linux-fsdevel@vger.kernel.org + linux-ima-devel@lists.sourceforge.net + linux-security-module@vger.kernel.org + Matthew Garrett <matthew.garrett@nebula.com> + Jan Kara <jack@suse.com> + Theodore Ts'o <tytso@mit.edu> + Andreas Dilger <adilger.kernel@dilger.ca> + Jaegeuk Kim <jaegeuk@kernel.org> + Chao Yu <yuchao0@huawei.com> + Steven Whitehouse <swhiteho@redhat.com> + Bob Peterson <rpeterso@redhat.com> + David Woodhouse <dwmw2@infradead.org> + Dave Kleikamp <shaggy@kernel.org> + Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> + Mark Fasheh <mfasheh@versity.com> + Joel Becker <jlbec@evilplan.org> + Richard Weinberger <richard@nod.at> + Darrick J. Wong <darrick.wong@oracle.com> + Hugh Dickins <hughd@google.com> + " Chris Mason <clm@fb.com>\0" "\00:1\0" "b\0" "On Thu, 2017-08-03 at 12:56 +0200, Jan Kara wrote:\n" @@ -70,7 +93,7 @@ "> > \n" "> > This failure happens when opening a file with O_DIRECT on a block\n" "> > device that does not support dax (eg. loop). xfs makes it to here too,\n" - "> > but the call to generic_file_read_iter() fails properly with -EINVAL.?\n" + "> > but the call to generic_file_read_iter() fails properly with -EINVAL.\302\240\n" "> > (Only tested on those filesystems included that support dax (eg. ext2,\n" "> > ext4, and xfs).)\n" "> \n" @@ -79,26 +102,21 @@ "> should care (which is probably due to my lack of knowledge about IMA).\n" "> Is O_DIRECT somehow excepted from IMA? But then why it is not for DAX?\n" "\n" - "Thank you for the explanation! ?(I was confused about the relationship\n" - "between O_DIRECT and DAX.) ?You're correct. ?IMA does not support\n" + "Thank you for the explanation! \302\240(I was confused about the relationship\n" + "between O_DIRECT and DAX.) \302\240You're correct. \302\240IMA does not support\n" "O_DIRECT in the buffered case for two reasons, locking and updating\n" - "the file hash, which are described in commit?f9b2a735bddd \"ima: audit\n" - "log files opened with O_DIRECT flag\". ?After reverting this commit,\n" + "the file hash, which are described in commit\302\240f9b2a735bddd \"ima: audit\n" + "log files opened with O_DIRECT flag\". \302\240After reverting this commit,\n" "the O_DIRECT check is needed before calling generic_file_read_iter().\n" - "?Most likely the same would need to be done for other filesystems that\n" - "support O_DIRECT. ?Probably a generic_integrity_file_read_iter()\n" + "\302\240Most likely the same would need to be done for other filesystems that\n" + "support O_DIRECT. \302\240Probably a generic_integrity_file_read_iter()\n" "should be defined.\n" - "?\n" + "\302\240\n" "For DAX, unlike do_blockdev_direct_IO() which takes the lock, reading\n" "the file with O_DIRECT is fine, as dax_iomap_rw() only checks that the\n" - "lock has been taken. ?Assuming the file system is mounted with\n" + "lock has been taken. \302\240Assuming the file system is mounted with\n" "i_version, the file hash is updated properly.\n" "\n" - "Mimi\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Mimi -6f137405a6cec27f257ee8cf3d0cdb2a493e0aed7e1a43854e9d5cca03e442a0 +61ea7355566a58315bba5303844c33565dddad4443f658582a27d1d379375d3a
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.