From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mimi Zohar Subject: Re: [PATCH v1.1 2/5] IMA: define readcount functions Date: Tue, 02 Nov 2010 08:22:05 -0400 Message-ID: <1288700525.16939.25.camel@localhost.localdomain> References: <1288640739-3246-1-git-send-email-zohar@linux.vnet.ibm.com> <1288640739-3246-3-git-send-email-zohar@linux.vnet.ibm.com> <20101102004545.GQ2715@dastard> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Cc: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, jmorris@namei.org, akpm@linux-foundation.org, torvalds@linux-foundation.org, eparis@redhat.com, viro@zeniv.linux.org.uk, Mimi Zohar To: Dave Chinner Return-path: In-Reply-To: <20101102004545.GQ2715@dastard> Sender: linux-security-module-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Tue, 2010-11-02 at 11:45 +1100, Dave Chinner wrote: > On Mon, Nov 01, 2010 at 03:45:36PM -0400, Mimi Zohar wrote: > > Define iget/iput_readcount() functions to be called from the VFS layer. > > Can't say I like the function names. i_readcount_{inc,dec} seem more > appropriate, especially so they don't get confused with inode > reference counting... > > Cheers, > > Dave. Definitely better naming. thanks! > > +void iput_readcount(struct inode *inode) > > +{ > > + spin_lock(&inode->i_lock); > > + if (unlikely((atomic_read(&inode->i_readcount) == 0))) > > + printk(KERN_INFO "i_readcount: imbalance ino %ld\n", > > + inode->i_ino); > > + else > > + atomic_dec(&inode->i_readcount); > > + spin_unlock(&inode->i_lock); > > +} > > No need for the lock just to indicate an imbalance. You could just > use: > > if (atomic_dec_return(&inode->i_readcount) < 0) { > ..... > } > > Given this is an integrity subsystem, I suspect the correct thing to > do here is BUG(), not just issue an informational message that > something is wrong with the integrity tracking.... > > Cheers, > > Dave. Yes, as Eric explained, the testing is a remnant from IMA, when it wasn't fully integrated in the kernel. thanks, Mimi