From: Jan Kara <jack@suse.cz>
To: Roberto Sassu <roberto.sassu@huaweicloud.com>
Cc: viro@zeniv.linux.org.uk, brauner@kernel.org, jack@suse.cz,
zohar@linux.ibm.com, dmitry.kasatkin@gmail.com,
eric.snowberg@oracle.com, paul@paul-moore.com, jmorris@namei.org,
serge@hallyn.com, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
Roberto Sassu <roberto.sassu@huawei.com>,
Shu Han <ebpqwerty472123@gmail.com>
Subject: Re: [PATCH v2 1/7] fs: ima: Remove S_IMA and IS_IMA()
Date: Thu, 28 Nov 2024 12:40:59 +0100 [thread overview]
Message-ID: <20241128114059.h7hrq6sma2ckyrjn@quack3> (raw)
In-Reply-To: <20241128100621.461743-2-roberto.sassu@huaweicloud.com>
On Thu 28-11-24 11:06:14, Roberto Sassu wrote:
> From: Roberto Sassu <roberto.sassu@huawei.com>
>
> Commit 196f518128d2e ("IMA: explicit IMA i_flag to remove global lock on
> inode_delete") introduced the new S_IMA inode flag to determine whether or
> not an inode was processed by IMA. In that way, it was not necessary to
> take the global lock on inode delete.
>
> Since commit 4de2f084fbff ("ima: Make it independent from 'integrity'
> LSM"), the pointer of the inode integrity metadata managed by IMA has been
> moved to the inode security blob, from the rb-tree. The pointer is not NULL
> only if the inode has been processed by IMA, i.e. ima_inode_get() has been
> called for that inode.
>
> Thus, since the IS_IMA() check can be now implemented by trivially testing
> whether or not the pointer of inode integrity metadata is NULL, remove the
> S_IMA definition in include/linux/fs.h and also the IS_IMA() macro.
>
> Remove also the IS_IMA() invocation in ima_rdwr_violation_check(), since
> whether the inode was processed by IMA will be anyway detected by a
> subsequent call to ima_iint_find(). It does not have an additional overhead
> since the decision can be made in constant time, as opposed to logarithm
> when the inode integrity metadata was stored in the rb-tree.
>
> Suggested-by: Shu Han <ebpqwerty472123@gmail.com>
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> ---
> include/linux/fs.h | 3 +--
> security/integrity/ima/ima_iint.c | 5 -----
> security/integrity/ima/ima_main.c | 2 +-
> 3 files changed, 2 insertions(+), 8 deletions(-)
>
> diff --git a/include/linux/fs.h b/include/linux/fs.h
> index 3559446279c1..b33363becbdd 100644
> --- a/include/linux/fs.h
> +++ b/include/linux/fs.h
> @@ -2261,7 +2261,7 @@ struct super_operations {
> #define S_NOCMTIME (1 << 7) /* Do not update file c/mtime */
> #define S_SWAPFILE (1 << 8) /* Do not truncate: swapon got its bmaps */
> #define S_PRIVATE (1 << 9) /* Inode is fs-internal */
> -#define S_IMA (1 << 10) /* Inode has an associated IMA struct */
> +/* #define S_IMA (1 << 10) Inode has an associated IMA struct (unused) */
Well, I guess you can just delete this line. These are internal kernel
flags so we can do whatever we want with them. Otherwise the patch looks
good. Feel free to add:
Acked-by: Jan Kara <jack@suse.cz>
Honza
> #define S_AUTOMOUNT (1 << 11) /* Automount/referral quasi-directory */
> #define S_NOSEC (1 << 12) /* no suid or xattr security attributes */
> #ifdef CONFIG_FS_DAX
> @@ -2319,7 +2319,6 @@ static inline bool sb_rdonly(const struct super_block *sb) { return sb->s_flags
> #endif
>
> #define IS_PRIVATE(inode) ((inode)->i_flags & S_PRIVATE)
> -#define IS_IMA(inode) ((inode)->i_flags & S_IMA)
> #define IS_AUTOMOUNT(inode) ((inode)->i_flags & S_AUTOMOUNT)
> #define IS_NOSEC(inode) ((inode)->i_flags & S_NOSEC)
> #define IS_DAX(inode) ((inode)->i_flags & S_DAX)
> diff --git a/security/integrity/ima/ima_iint.c b/security/integrity/ima/ima_iint.c
> index 00b249101f98..9d9fc7a911ad 100644
> --- a/security/integrity/ima/ima_iint.c
> +++ b/security/integrity/ima/ima_iint.c
> @@ -26,9 +26,6 @@ static struct kmem_cache *ima_iint_cache __ro_after_init;
> */
> struct ima_iint_cache *ima_iint_find(struct inode *inode)
> {
> - if (!IS_IMA(inode))
> - return NULL;
> -
> return ima_inode_get_iint(inode);
> }
>
> @@ -102,7 +99,6 @@ struct ima_iint_cache *ima_inode_get(struct inode *inode)
>
> ima_iint_init_always(iint, inode);
>
> - inode->i_flags |= S_IMA;
> ima_inode_set_iint(inode, iint);
>
> return iint;
> @@ -118,7 +114,6 @@ void ima_inode_free_rcu(void *inode_security)
> {
> struct ima_iint_cache **iint_p = inode_security + ima_blob_sizes.lbs_inode;
>
> - /* *iint_p should be NULL if !IS_IMA(inode) */
> if (*iint_p)
> ima_iint_free(*iint_p);
> }
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 06132cf47016..cea0afbbc28d 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -126,7 +126,7 @@ static void ima_rdwr_violation_check(struct file *file,
> bool send_tomtou = false, send_writers = false;
>
> if (mode & FMODE_WRITE) {
> - if (atomic_read(&inode->i_readcount) && IS_IMA(inode)) {
> + if (atomic_read(&inode->i_readcount)) {
> if (!iint)
> iint = ima_iint_find(inode);
> /* IMA_MEASURE is set from reader side */
> --
> 2.47.0.118.gfd3785337b
>
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2024-11-28 11:41 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-28 10:06 [PATCH v2 0/7] ima: Remove unnecessary inode locks Roberto Sassu
2024-11-28 10:06 ` [PATCH v2 1/7] fs: ima: Remove S_IMA and IS_IMA() Roberto Sassu
2024-11-28 11:40 ` Jan Kara [this message]
2024-11-28 13:30 ` Christian Brauner
2024-11-28 10:06 ` [PATCH v2 2/7] ima: Remove inode lock Roberto Sassu
2025-01-14 13:35 ` Mimi Zohar
2025-01-15 10:45 ` Roberto Sassu
2024-11-28 10:06 ` [PATCH v2 3/7] ima: Ensure lock is held when setting iint pointer in inode security blob Roberto Sassu
2025-01-14 14:20 ` Mimi Zohar
2025-01-15 10:51 ` Roberto Sassu
2024-11-28 10:06 ` [PATCH v2 4/7] ima: Mark concurrent accesses to the iint pointer in the " Roberto Sassu
2025-01-14 14:32 ` Mimi Zohar
2024-11-28 10:06 ` [PATCH v2 5/7] ima: Set security.ima on file close when ima_appraise=fix Roberto Sassu
2025-01-15 13:46 ` Mimi Zohar
2025-01-17 17:06 ` Roberto Sassu
2024-11-28 10:06 ` [PATCH v2 6/7] ima: Discard files opened with O_PATH Roberto Sassu
2024-11-28 16:22 ` Christian Brauner
2024-11-28 16:25 ` Roberto Sassu
2025-01-16 11:52 ` Mimi Zohar
2024-11-28 10:06 ` [PATCH v2 7/7] ima: Reset IMA_NONACTION_RULE_FLAGS after post_setattr Roberto Sassu
2025-01-16 13:12 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241128114059.h7hrq6sma2ckyrjn@quack3 \
--to=jack@suse.cz \
--cc=brauner@kernel.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=ebpqwerty472123@gmail.com \
--cc=eric.snowberg@oracle.com \
--cc=jmorris@namei.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=roberto.sassu@huawei.com \
--cc=roberto.sassu@huaweicloud.com \
--cc=serge@hallyn.com \
--cc=viro@zeniv.linux.org.uk \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox