lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:   Fri, 15 Sep 2017 11:05:31 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Mimi Zohar <zohar@...ux.vnet.ibm.com>
Cc:     Dave Kleikamp <shaggy@...nel.org>,
        Bob Peterson <rpeterso@...hat.com>,
        David Woodhouse <dwmw2@...radead.org>,
        Chao Yu <yuchao0@...wei.com>, Hugh Dickins <hughd@...gle.com>,
        "Darrick J. Wong" <darrick.wong@...cle.com>,
        Matthew Garrett <mjg59@...f.ucam.org>,
        Joel Becker <jlbec@...lplan.org>, Jan Kara <jack@...e.com>,
        Chris Mason <clm@...com>,
        Ryusuke Konishi <konishi.ryusuke@....ntt.co.jp>,
        Steven Whitehouse <swhiteho@...hat.com>,
        Christoph Hellwig <hch@...radead.org>,
        Andreas Dilger <adilger.kernel@...ger.ca>,
        "Theodore Ts'o" <tytso@....edu>, Mark Fasheh <mfasheh@...sity.com>,
        LSM List <linux-security-module@...r.kernel.org>,
        linux-ima-devel@...ts.sourceforge.net,
        James Morris <jmorris@...ei.org>,
        Richard Weinberger <richard@....at>,
        Jaegeuk Kim <jaegeuk@...nel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Christoph Hellwig <hch@....de>
Subject: Re: [PATCH 3/3] ima: use fs method to read integrity data

On Fri, Sep 15, 2017 at 2:04 AM, Mimi Zohar <zohar@...ux.vnet.ibm.com> wrote:
> On Thu, 2017-09-14 at 22:50 -0700, Linus Torvalds wrote:
>> This is still wrong.
>>
>> (a) there is no explanation for why we need that exclusive lock in the
>> first place
>
>> Why should a read need exclusive access? You'd think shared is sufficient.
>
> True, reading a file shouldn't require an exclusive lock.  The
> exclusive lock is taken to prevent the file from changing while the
> file hash is being calculated.

That really shouldn't need an exclusive lock either. The whole point
is that you're just reading the file, so a shared lock should be fine.

There may be other *higher* level reasons why the caller then might
want an exclusive lock for other reasons, but that should have nothing
to do with the reading part.

So this is the thing I want explained. Right now there are no
explanations, and the few comments there are about exclusive locking
don't make sense, and don't match the lockdep tests.

So the patch itself may be fine, but the commentary and explanations
are broken and/or missing.

                     Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ