lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 17 Sep 2017 09:34:01 -0700
From:   Linus Torvalds <>
To:     Mimi Zohar <>
Cc:     Christoph Hellwig <>,
        LSM List <>,
        Christoph Hellwig <>,,
        James Morris <>,
        Linux Kernel Mailing List <>,
        Matthew Garrett <>,
        Jan Kara <>, "Theodore Ts'o" <>,
        Andreas Dilger <>,
        Jaegeuk Kim <>, Chao Yu <>,
        Steven Whitehouse <>,
        Bob Peterson <>,
        David Woodhouse <>,
        Dave Kleikamp <>,
        Ryusuke Konishi <>,
        Mark Fasheh <>,
        Joel Becker <>,
        Richard Weinberger <>,
        "Darrick J. Wong" <>,
        Hugh Dickins <>, Chris Mason <>
Subject: Re: [PATCH 3/3] ima: use fs method to read integrity data (updated
 patch description)

On Sun, Sep 17, 2017 at 9:15 AM, Mimi Zohar <> wrote:
> Unless I'm missing something, that would only be possible with an IMA
> policy rule that permits direct IO (eg. permit_directio).  Otherwise
> the direct IO is denied.

Note that the "XFS and directio" was only an example.

There is absolutely nothing that says that a  filesystem has to use
i_rwsem for IO serialization at all. Even for the regular write path.

Now, I suspect most (all?) do, but that's a historical artifact rather
than "design". In particular, the VFS layer used to do the locking for
the filesystems, to guarantee the POSIX requirements (POSIX requires
that writes be seen atomically).

But that lock was pushed down into the filesystems, since some
filesystems really wanted to have parallel writes (particularly for
direct IO, where that POSIX serialization requirement doesn't exist).

That's all many years ago, though. New filesystems are likely to have
copied the pattern from old ones, but even then..

Also, it's worth noting that "inode->i_rwlock" isn't even well-defined
as a lock. You can have the question of *which* inode gets talked
about when you have things like eoverlayfs etc. Normally it would be
obvious, but sometimes you'd use "file->f_mapping->host" (which is the
same thing in the simple cases), and sometimes it really wouldn't be
obvious at all..

So... I'm really not at all convinced that i_rwsem is sensible. It's
one of those things that are "mostly right for the simple cases",


Powered by blists - more mailing lists