Re: [PATCH 3/3] ima: use fs method to read integrity data (updated patch description)

From: Linus Torvalds
Date: Sat Sep 16 2017 - 14:20:56 EST

On Fri, Sep 15, 2017 at 1:25 PM, Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx> wrote:
> To resolve this locking problem, this patch defines a new
> ->integrity_read file operation method, which is equivalent to
> ->read_iter, except that it will not take the i_rwsem lock, but will
> be called with the i_rwsem held exclusively.
> Since taking the i_rwsem exclusively is not required for reading the
> file in order to calculate the file hash, the code only verifies
> that the lock has been taken.

Ok, so I'm onboard with the commit message now, but realized that I'm
not actually convinced that i_rwsem is even meaningful.

Sure, generic_file_write_iter() does take that lock exclusively, but
not everybody uses generic_file_write_iter() at all for writing.

For example, xfs still uses that i_rwsem, but for block-aligned writes
it will only get it shared. And I'm not convinced some other
filesystem might not end up using some other lock entirely.

So I'm basically not entirely convinced that these i_rwsem games make
any sense at all.

The filesystem can do its own locking, and I'm starting to think that
it would be better to just pass this "this is an integrity read" down
to the filesystem, and expect the filesystem to do the locking based
on that.