From: Mimi Zohar <zohar@linux.ibm.com>
To: Danny Hu <dannyhu@arista.com>
Cc: Sahil Gupta <s.gupta@arista.com>,
linux-integrity@vger.kernel.org, Julien Gomes <julien@arista.com>,
Pierre De Abreu <pierre@arista.com>,
Kunal Bharathi <kbharathi@arista.com>
Subject: Re: IMA: Avoid redundant rehashing on stacked filesystems backed by structurally immutable filesystems
Date: Fri, 01 May 2026 15:48:08 -0400 [thread overview]
Message-ID: <027d076e3ef0b22b648d024aaa7d8dd27746a624.camel@linux.ibm.com> (raw)
In-Reply-To: <CAFn2k5BciHURkQS9p-vZ70GP==1S_4GmoE=sMhA+WQXOA8nfoA@mail.gmail.com>
On Fri, 2026-05-01 at 09:16 -0700, Danny Hu wrote:
> On Fri, May 1, 2026 at 4:42 AM Mimi Zohar <zohar@linux.ibm.com> wrote:
> >
> > On Thu, 2026-04-30 at 21:32 -0500, Sahil Gupta wrote:
> > > > Have you considered using IS_RDONLY(real_inode)?
> > >
> > > OOC are ima caches invalidated on fs reconfigure? If that is the case,
> > > then IS_RDONLY ought to do the trick.
> >
> > Per-inode IMA integrity status (iint) is now stored directly in the inode's LSM
> > security blob rather than in a red-black tree cache. By "fs reconfiguration",
> > do you mean remounting the filesystem? If so, the iint stored in the LSM
> > security blob should be freed when the filesystem is unmounted.
> >
>
> We considered using IS_RDONLY(), but the concern involved the remount
> path rather than an explicit unmount and subsequent mount. From my
> understanding, userspace can toggle the read only flag using "mount -o
> remount,rw" without freeing the inodes from memory. A malicious user
> could then exploit this by caching the appraisal result, modifying the
> file, remounting fs as read-only, and then IMA would trust the cached
> appraisal result.
Thank you for the explanation. Just be aware that IS_IMMUTABLE is already
defined. Otherwise your suggestion is plausible.
Mimi
next prev parent reply other threads:[~2026-05-01 19:48 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-30 23:55 IMA: Avoid redundant rehashing on stacked filesystems backed by structurally immutable filesystems Danny Hu
2026-05-01 2:29 ` Mimi Zohar
2026-05-01 2:32 ` Sahil Gupta
2026-05-01 11:42 ` Mimi Zohar
2026-05-01 16:02 ` Sahil Gupta
2026-05-01 16:16 ` Danny Hu
2026-05-01 19:48 ` Mimi Zohar [this message]
2026-05-01 20:05 ` Sahil Gupta
2026-05-01 20:22 ` Danny Hu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=027d076e3ef0b22b648d024aaa7d8dd27746a624.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=dannyhu@arista.com \
--cc=julien@arista.com \
--cc=kbharathi@arista.com \
--cc=linux-integrity@vger.kernel.org \
--cc=pierre@arista.com \
--cc=s.gupta@arista.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox