[PATCH v6 4/6] ima: use fs method to read integrity data

Mimi Zohar zohar at linux.vnet.ibm.com
Mon Aug 28 18:30:25 UTC 2017


On Mon, 2017-08-28 at 05:13 +0100, Al Viro wrote:
> On Tue, Aug 15, 2017 at 10:43:55AM -0400, Mimi Zohar wrote:
> > From: Christoph Hellwig <hch at lst.de>
> > 
> > Add a new ->integrity_read file operation to read data for integrity
> > hash collection.  This is defined to be equivalent to ->read_iter,
> > except that it will be called with the i_rwsem held exclusively.
> 
> Hmm...  I'm really tempted to add default_integrity_read() that would
> just call ->read_iter(), with boilerplate part becoming
> 	.integrity_read = default_integrity_read

How can it automatically call the fs read_iter() without knowing if
the fs read_iter() takes the i_rwsem?  Or are you suggesting that the
default_integrity_read is defined as generic_file_read_iter()?

Mimi

> Note that all stuff accessed in it would be fresh in caches, so
> it's not as if we had serious overhead there.  And we are going
> to be reading from file, anyway...
> 
> I agree that it should be an opt-in from filesystem; default is still
> "don't know how to read, sod off".  It's just that telling at the
> glance whether it's supposed to be a simple case or something tricky
> is needed would be simpler that way and it might turn out to be
> more robust that way...
> --
> To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list