From: Al Viro <viro@ZenIV.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mimi Zohar <zohar@linux.vnet.ibm.com>,
Dave Chinner <david@fromorbit.com>,
linux-kernel@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org, hch@infradead.org,
warthog9@kernel.org, jmorris@namei.org, kyle@mcmartin.ca,
hpa@zytor.com, akpm@linux-foundation.org, mingo@elte.hu,
eparis@redhat.com, Matthew Wilcox <matthew@wil.cx>
Subject: Re: [PATCH 0/4] IMA: making i_readcount a first class inode citizen
Date: Fri, 29 Oct 2010 00:25:06 +0100 [thread overview]
Message-ID: <20101028232506.GL19804@ZenIV.linux.org.uk> (raw)
In-Reply-To: <AANLkTimvEAj2SL7RrwTdypGA_PYJcZyw8OMBGckWpVs7@mail.gmail.com>
On Thu, Oct 28, 2010 at 03:46:04PM -0700, Linus Torvalds wrote:
> On Thu, Oct 28, 2010 at 3:38 PM, Mimi Zohar <zohar@linux.vnet.ibm.com> wrote:
> >
> > Would making i_readcount atomic be enough in ima_rdwr_violation_check(),
> > or would it still need to take the spin_lock? IMA needs guarantees
> > that the i_readcount/i_writecount won't be updated in between.
>
> If i_writecount is always updated under the i_lock, then the fix is
> probably to make that one non-atomic instead. There's no point in
> having an atomic that is always updated under a spinlock, that just
> makes everything slower.
>
> Regardless, I don't think i_readcount should be different from i_writecount.
>
> Al? Comments?
Well... the rules for i_writecount had been "protect zero->non-zero
transitions with spinlock". Back then we had a single spinlock for that,
IIRC, and making it atomic had been an obvious solution. Note that we
have a bunch of places in VM where we need to adjust it (VMA merges and
splitting) and I really wanted to avoid contention on that lock.
BTW, I suspect that the right first step would be to kill open-coded
manipulations of i_writecount in mmap.c and fork.c; there are inlined
helpers for that.
I *really* don't like what add_dquot_ref() is doing; it checks i_writecount
under inode_lock and skips the inodes for which it's zero. It might be
OK if one of the quota locks held by callers will serialize it wrt the
relevant part of the open() path, but that needs a comment along those
lines, at the very least.
We probably can go for non-atomic; the lock is per-inode these days, so
it's less of a PITA. I wonder if IMA holding it over its policy checks
would be a good thing, though - it calls LSM hooks and hell knows what
shit gets done from those...
next prev parent reply other threads:[~2010-10-28 23:25 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-28 22:02 [PATCH 0/4] IMA: making i_readcount a first class inode citizen Mimi Zohar
2010-10-28 22:02 ` [PATCH 1/4] IMA: define readcount functions Mimi Zohar
2010-10-28 22:02 ` [PATCH 2/4] IMA: maintain i_readcount in the VFS layer Mimi Zohar
2010-10-29 14:13 ` Valdis.Kletnieks
2010-10-29 15:15 ` Valdis.Kletnieks
2010-10-28 22:02 ` [PATCH 3/4] IMA: remove IMA imbalance checking Mimi Zohar
2010-10-28 22:02 ` [PATCH 4/4] IMA: making i_readcount a first class inode citizen Mimi Zohar
2010-10-28 22:24 ` [PATCH 0/4] " Dave Chinner
2010-10-28 22:29 ` Linus Torvalds
2010-10-28 22:38 ` Mimi Zohar
2010-10-28 22:46 ` Linus Torvalds
2010-10-28 23:25 ` Al Viro [this message]
2010-10-28 22:45 ` Eric Paris
2010-10-29 0:30 ` Mimi Zohar
2010-11-06 10:44 ` Pavel Machek
2010-11-05 1:12 ` J. Bruce Fields
2010-11-05 11:08 ` Mimi Zohar
2010-11-05 16:28 ` J. Bruce Fields
2010-11-05 17:38 ` Mimi Zohar
2010-11-05 19:08 ` J. Bruce Fields
2010-11-05 20:58 ` J. Bruce Fields
2010-11-07 0:03 ` Mimi Zohar
-- strict thread matches above, loose matches on Subject: below --
2011-02-14 20:29 Mimi Zohar
2011-02-16 23:08 ` Mimi Zohar
2011-02-17 1:46 ` James Morris
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20101028232506.GL19804@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=david@fromorbit.com \
--cc=eparis@redhat.com \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=jmorris@namei.org \
--cc=kyle@mcmartin.ca \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthew@wil.cx \
--cc=mingo@elte.hu \
--cc=torvalds@linux-foundation.org \
--cc=warthog9@kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).