From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andrew Morton Subject: Re: [PATCH 1/1] do_truncate needs to increment iversion Date: Thu, 15 Dec 2011 13:55:50 -0800 Message-ID: <20111215135550.748e9aee.akpm@linux-foundation.org> References: <09b6266e3209433bac9b57baf39e073945533d5a.1323880769.git.dmitry.kasatkin@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Cc: linux-fsdevel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, zohar@linux.vnet.ibm.com, Al Viro To: Dmitry Kasatkin Return-path: In-Reply-To: <09b6266e3209433bac9b57baf39e073945533d5a.1323880769.git.dmitry.kasatkin@intel.com> Sender: linux-security-module-owner@vger.kernel.org List-Id: linux-fsdevel.vger.kernel.org On Wed, 14 Dec 2011 18:44:57 +0200 Dmitry Kasatkin wrote: > IMA/EVM uses iversion to identify if file content has been changed. > It has been found that when file is opened, truncated with ftruncate() > and then closed, iversion is not updated. > > This patch adds iversion incrementation to do_truncate(). I confess that I've never really fully understood what i_version is supposed to do, so I'm not in any position to comment on where, when and why the thing should be updated. At present it gets updated in file_update_time() so I suppose that we're not calling file_update_time() in the ftruncate case, which sounds wrong? It's notable that file_update_time() will not update i_version if the inode has NOCMTIME. This might be wrong, but one would need to know the intent of i_version to be able to say. Do your files have S_NOCMTIME set? > --- a/fs/open.c > +++ b/fs/open.c > @@ -56,6 +56,8 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, > newattrs.ia_valid |= ret | ATTR_FORCE; > > mutex_lock(&dentry->d_inode->i_mutex); > + if (IS_I_VERSION(dentry->d_inode)) > + inode_inc_iversion(dentry->d_inode); > ret = notify_change(dentry, &newattrs); > mutex_unlock(&dentry->d_inode->i_mutex); > return ret; With four evaluations, it is time to cache dentry->d_inode in a local.