diff for duplicates of <1502136771.24050.30.camel@linux.vnet.ibm.com> diff --git a/a/1.txt b/N1/1.txt index aeb9a26..2ddd724 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -60,7 +60,7 @@ On Mon, 2017-08-07 at 12:04 +0200, Jan Kara wrote: > > > > > > > > This failure happens when opening a file with O_DIRECT on a block > > > > device that does not support dax (eg. loop). xfs makes it to here too, -> > > > but the call to generic_file_read_iter() fails properly with -EINVAL.? +> > > > but the call to generic_file_read_iter() fails properly with -EINVAL. > > > > (Only tested on those filesystems included that support dax (eg. ext2, > > > > ext4, and xfs).) > > > @@ -69,19 +69,19 @@ On Mon, 2017-08-07 at 12:04 +0200, Jan Kara wrote: > > > should care (which is probably due to my lack of knowledge about IMA). > > > Is O_DIRECT somehow excepted from IMA? But then why it is not for DAX? > > -> > Thank you for the explanation! ?(I was confused about the relationship -> > between O_DIRECT and DAX.) ?You're correct. ?IMA does not support +> > Thank you for the explanation! (I was confused about the relationship +> > between O_DIRECT and DAX.) You're correct. IMA does not support > > O_DIRECT in the buffered case for two reasons, locking and updating -> > the file hash, which are described in commit?f9b2a735bddd "ima: audit -> > log files opened with O_DIRECT flag". ?After reverting this commit, +> > the file hash, which are described in commit f9b2a735bddd "ima: audit +> > log files opened with O_DIRECT flag". After reverting this commit, > > the O_DIRECT check is needed before calling generic_file_read_iter(). > > Thanks for the pointer. This cleaned up the issue for me. Great! -> > ?Most likely the same would need to be done for other filesystems that -> > support O_DIRECT. ?Probably a generic_integrity_file_read_iter() +> > Most likely the same would need to be done for other filesystems that +> > support O_DIRECT. Probably a generic_integrity_file_read_iter() > > should be defined. > > Yeah, then please define some common helper that takes care of refusing @@ -92,26 +92,21 @@ Agreed. > > For DAX, unlike do_blockdev_direct_IO() which takes the lock, reading > > the file with O_DIRECT is fine, as dax_iomap_rw() only checks that the -> > lock has been taken. ?Assuming the file system is mounted with +> > lock has been taken. Assuming the file system is mounted with > > i_version, the file hash is updated properly. > > Yes, for DAX direct IO is basically no different but frankly I would just > refuse O_DIRECT on DAX inodes as well just for the consistency sake. -Ok. ?So I shouldn't revert the original commit, which fails the -O_DIRECT open for either the buffered read or DAX. ?I'll just move the +Ok. So I shouldn't revert the original commit, which fails the +O_DIRECT open for either the buffered read or DAX. I'll just move the code to a bit later, so that the failure is added to the measurement list. -The original commit returned -EACCES.??On xfs, the open for direct IO -buffer read fails with -EINVAL.??Do you have a preference IMA should +The original commit returned -EACCES. On xfs, the open for direct IO +buffer read fails with -EINVAL. Do you have a preference IMA should return? thanks! Mimi - --- -To unsubscribe from this list: send the line "unsubscribe linux-security-module" in -the body of a message to majordomo at vger.kernel.org -More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 02e5a65..f19fe13 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -6,10 +6,33 @@ "ref\020170803105631.GB2579@quack2.suse.cz\0" "ref\01501880831.27872.153.camel@linux.vnet.ibm.com\0" "ref\020170807100445.GB6470@quack2.suse.cz\0" - "From\0zohar@linux.vnet.ibm.com (Mimi Zohar)\0" - "Subject\0[PATCH v4 2/5] ima: use fs method to read integrity data [updated]\0" + "From\0Mimi Zohar <zohar@linux.vnet.ibm.com>\0" + "Subject\0Re: [PATCH v4 2/5] ima: use fs method to read integrity data [updated]\0" "Date\0Mon, 07 Aug 2017 16:12:51 -0400\0" - "To\0linux-security-module@vger.kernel.org\0" + "To\0Jan Kara <jack@suse.cz>\0" + "Cc\0Christoph Hellwig <hch@lst.de>" + Al Viro <viro@zeniv.linux.org.uk> + James Morris <jmorris@namei.org> + linux-fsdevel@vger.kernel.org + linux-ima-devel@lists.sourceforge.net + linux-security-module@vger.kernel.org + Matthew Garrett <matthew.garrett@nebula.com> + Jan Kara <jack@suse.com> + Theodore Ts'o <tytso@mit.edu> + Andreas Dilger <adilger.kernel@dilger.ca> + Jaegeuk Kim <jaegeuk@kernel.org> + Chao Yu <yuchao0@huawei.com> + Steven Whitehouse <swhiteho@redhat.com> + Bob Peterson <rpeterso@redhat.com> + David Woodhouse <dwmw2@infradead.org> + Dave Kleikamp <shaggy@kernel.org> + Ryusuke Konishi <konishi.ryusuke@lab.ntt.co.jp> + Mark Fasheh <mfasheh@versity.com> + Joel Becker <jlbec@evilplan.org> + Richard Weinberger <richard@nod.at> + Darrick J. Wong <darrick.wong@oracle.com> + Hugh Dickins <hughd@google.com> + " Chris Mason <clm@fb.com>\0" "\00:1\0" "b\0" "On Mon, 2017-08-07 at 12:04 +0200, Jan Kara wrote:\n" @@ -74,7 +97,7 @@ "> > > > \n" "> > > > This failure happens when opening a file with O_DIRECT on a block\n" "> > > > device that does not support dax (eg. loop). xfs makes it to here too,\n" - "> > > > but the call to generic_file_read_iter() fails properly with -EINVAL.?\n" + "> > > > but the call to generic_file_read_iter() fails properly with -EINVAL.\302\240\n" "> > > > (Only tested on those filesystems included that support dax (eg. ext2,\n" "> > > > ext4, and xfs).)\n" "> > > \n" @@ -83,19 +106,19 @@ "> > > should care (which is probably due to my lack of knowledge about IMA).\n" "> > > Is O_DIRECT somehow excepted from IMA? But then why it is not for DAX?\n" "> > \n" - "> > Thank you for the explanation! ?(I was confused about the relationship\n" - "> > between O_DIRECT and DAX.) ?You're correct. ?IMA does not support\n" + "> > Thank you for the explanation! \302\240(I was confused about the relationship\n" + "> > between O_DIRECT and DAX.) \302\240You're correct. \302\240IMA does not support\n" "> > O_DIRECT in the buffered case for two reasons, locking and updating\n" - "> > the file hash, which are described in commit?f9b2a735bddd \"ima: audit\n" - "> > log files opened with O_DIRECT flag\". ?After reverting this commit,\n" + "> > the file hash, which are described in commit\302\240f9b2a735bddd \"ima: audit\n" + "> > log files opened with O_DIRECT flag\". \302\240After reverting this commit,\n" "> > the O_DIRECT check is needed before calling generic_file_read_iter().\n" "> \n" "> Thanks for the pointer. This cleaned up the issue for me.\n" "\n" "Great!\n" "\n" - "> > ?Most likely the same would need to be done for other filesystems that\n" - "> > support O_DIRECT. ?Probably a generic_integrity_file_read_iter()\n" + "> > \302\240Most likely the same would need to be done for other filesystems that\n" + "> > support O_DIRECT. \302\240Probably a generic_integrity_file_read_iter()\n" "> > should be defined.\n" "> \n" "> Yeah, then please define some common helper that takes care of refusing\n" @@ -106,28 +129,23 @@ "\n" "> > For DAX, unlike do_blockdev_direct_IO() which takes the lock, reading\n" "> > the file with O_DIRECT is fine, as dax_iomap_rw() only checks that the\n" - "> > lock has been taken. ?Assuming the file system is mounted with\n" + "> > lock has been taken. \302\240Assuming the file system is mounted with\n" "> > i_version, the file hash is updated properly.\n" "> \n" "> Yes, for DAX direct IO is basically no different but frankly I would just\n" "> refuse O_DIRECT on DAX inodes as well just for the consistency sake.\n" "\n" - "Ok. ?So I shouldn't revert the original commit, which fails the\n" - "O_DIRECT open for either the buffered read or DAX. ?I'll just move the\n" + "Ok. \302\240So I shouldn't revert the original commit, which fails the\n" + "O_DIRECT open for either the buffered read or DAX. \302\240I'll just move the\n" "code to a bit later, so that the failure is added to the measurement\n" "list.\n" "\n" - "The original commit returned -EACCES.??On xfs, the open for direct IO\n" - "buffer read fails with -EINVAL.??Do you have a preference IMA should\n" + "The original commit returned -EACCES.\302\240\302\240On xfs, the open for direct IO\n" + "buffer read fails with -EINVAL.\302\240\302\240Do you have a preference IMA should\n" "return?\n" "\n" "thanks!\n" "\n" - "Mimi\n" - "\n" - "--\n" - "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" - "the body of a message to majordomo at vger.kernel.org\n" - More majordomo info at http://vger.kernel.org/majordomo-info.html + Mimi -9ae75acbb7f0b5233584487659f63611d23aeeac756aab2f697eb140c3310d0a +f58aec3e6fe35d5c846df3af90215c06c51053d6ae52339d7e1ceeeb616f0a1b
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.