lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 16 Sep 2017 11:20:47 -0700
From:   Linus Torvalds <>
To:     Mimi Zohar <>
Cc:     LSM List <>,
        Christoph Hellwig <>,,
        Christoph Hellwig <>,
        James Morris <>,
        Linux Kernel Mailing List <>,
        Matthew Garrett <>,
        Jan Kara <>, "Theodore Ts'o" <>,
        Andreas Dilger <>,
        Jaegeuk Kim <>, Chao Yu <>,
        Steven Whitehouse <>,
        Bob Peterson <>,
        David Woodhouse <>,
        Dave Kleikamp <>,
        Ryusuke Konishi <>,
        Mark Fasheh <>,
        Joel Becker <>,
        Richard Weinberger <>,
        "Darrick J. Wong" <>,
        Hugh Dickins <>, Chris Mason <>
Subject: Re: [PATCH 3/3] ima: use fs method to read integrity data (updated
 patch description)

On Fri, Sep 15, 2017 at 1:25 PM, Mimi Zohar <> wrote:
> To resolve this locking problem, this patch defines a new
> ->integrity_read file operation method, which is equivalent to
> ->read_iter, except that it will not take the i_rwsem lock, but will
> be called with the i_rwsem held exclusively.
> Since taking the i_rwsem exclusively is not required for reading the
> file in order to calculate the file hash, the code only verifies
> that the lock has been taken.

Ok, so I'm onboard with the commit message now, but realized that I'm
not actually convinced that i_rwsem is even meaningful.

Sure, generic_file_write_iter() does take that lock exclusively, but
not everybody uses generic_file_write_iter() at all for writing.

For example, xfs still uses that i_rwsem, but for block-aligned writes
it will only get it shared. And I'm not convinced some other
filesystem might not end up using some other lock entirely.

So I'm basically not entirely convinced that these i_rwsem games make
any sense at all.

The filesystem can do its own locking, and I'm starting to think that
it would be better to just pass this "this is an integrity read" down
to the filesystem, and expect the filesystem to do the locking based
on that.


Powered by blists - more mailing lists