Re: [PATCH v3 04/10] evm: Use the metadata inode to calculate metadata hash

From: Mimi Zohar
Date: Tue Mar 19 2024 - 18:55:10 EST


On Fri, 2024-02-23 at 12:25 -0500, Stefan Berger wrote:
> Changes to file attributes (mode bits, uid, gid) on the lower layer are
> not taken into account when d_backing_inode() is used when a file is
> accessed on the overlay layer and this file has not yet been copied up.
> This is because d_backing_inode() does not return the real inode of the
> lower layer but instead returns the backing inode which in this case
> holds wrong file attributes. Further, when CONFIG_OVERLAY_FS_METACOPY is
> enabled and a copy-up is triggered due to file metadata changes, then
> the metadata are held by the backing inode while the data are still held
> by the real inode. Therefore, use d_inode(d_real(dentry, D_REAL_METADATA))
> to get to the file's metadata inode and use it to calculate the metadata
> hash with.
>
> Co-developed-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
> Acked-by: Amir Goldstein <amir73il@xxxxxxxxx>

Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>