From: Matthew Wilcox <willy@infradead.org>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc: linux-security-module@vger.kernel.org,
linux-fsdevel@vger.kernel.org, linux-integrity@vger.kernel.org,
Christoph Hellwig <hch@infradead.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Jan Kara <jack@suse.cz>, Theodore Ts'o <tytso@mit.edu>
Subject: Re: [RFC PATCH 1/3] fs: define new read_iter rwf flag
Date: Thu, 28 Sep 2017 06:54:16 -0700 [thread overview]
Message-ID: <20170928135416.GA30859@bombadil.infradead.org> (raw)
In-Reply-To: <1506602373-4799-2-git-send-email-zohar@linux.vnet.ibm.com>
On Thu, Sep 28, 2017 at 08:39:31AM -0400, Mimi Zohar wrote:
> Writing extended attributes requires exclusively taking the i_rwsem
> lock. To synchronize the file hash calculation and writing the file
> hash as security.ima xattr, IMA-appraisal takes the i_rwsem lock
> exclusively before calculating the file hash. (Once the file hash
> is calculated, the result is cached. Taking the lock exclusively
> prevents calculating the file hash multiple times.)
>
> Some filesystems have recently replaced their filesystem dependent
> lock with the global i_rwsem to read a file. As a result, when IMA
> attempts to calculate the file hash, reading the file attempts to
> take the i_rwsem again.
>
> To resolve this problem, this patch defines a new read_iter flag
> named "rwf" to indicate that the i_rwsem has already been taken
> exclusively. Subsequent patches will set or test the "rwf" flag.
I don't like adding a bool parameter everywhere. Why not add a flag
to the kiocb ki_flags?
#define IOCB_RWSEM_HELD (1 << 8)
next prev parent reply other threads:[~2017-09-28 13:54 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-09-28 12:39 [RFC PATCH 0/3] define new read_iter file operation rwf flag Mimi Zohar
2017-09-28 12:39 ` [RFC PATCH 1/3] fs: define new read_iter " Mimi Zohar
2017-09-28 13:54 ` Matthew Wilcox [this message]
2017-09-28 14:33 ` Mimi Zohar
2017-09-28 15:51 ` Linus Torvalds
2017-09-28 12:39 ` [RFC PATCH 2/3] integrity: use call_read_iter to calculate the file hash Mimi Zohar
2017-09-28 12:39 ` [RFC PATCH 3/3] fs: detect that the i_rwsem has already been taken exclusively Mimi Zohar
2017-09-28 22:02 ` Dave Chinner
2017-09-28 23:39 ` Linus Torvalds
2017-09-29 0:12 ` Mimi Zohar
2017-09-29 0:33 ` Linus Torvalds
2017-09-29 1:53 ` Mimi Zohar
2017-09-29 3:26 ` Linus Torvalds
2017-10-01 1:33 ` Eric W. Biederman
[not found] ` <CA+55aFx726wT4VprN-sHm6s8Q_PV_VjhTBC4goEbMcerYU1Tig@mail.gmail.com>
2017-10-01 12:08 ` Mimi Zohar
2017-10-01 18:41 ` Linus Torvalds
2017-10-01 22:34 ` Dave Chinner
2017-10-01 23:15 ` Linus Torvalds
2017-10-02 3:54 ` Dave Chinner
2017-10-01 23:42 ` Mimi Zohar
2017-10-02 3:25 ` Eric W. Biederman
2017-10-02 12:25 ` Mimi Zohar
2017-10-02 4:35 ` Dave Chinner
2017-10-02 12:09 ` Mimi Zohar
2017-10-02 12:43 ` Jeff Layton
2017-10-01 22:06 ` Eric W. Biederman
2017-10-01 22:20 ` Linus Torvalds
2017-10-01 23:54 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170928135416.GA30859@bombadil.infradead.org \
--to=willy@infradead.org \
--cc=hch@infradead.org \
--cc=jack@suse.cz \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).