[PATCH 2/2] integrity: replace call to integrity_read_file with kernel version

Christoph Hellwig hch at infradead.org
Thu Sep 14 20:49:54 UTC 2017

On Fri, Sep 15, 2017 at 06:21:28AM +1000, James Morris wrote:
> So, to be clear, this patch solves the XFS deadlock using a different 
> approach (to the now reverted integrity_read approach), which Christoph 
> also says is more correct generally.  Correct?

No.  It is in addition to the previous patches - the patches were
correct for the IMA interaction with the I/O path.  It just turns
out that the function was also reused for reading certificates
at initialization time, for which that change was incorrect.

If this series is applied first the integrity_read code is not
used for that path any more.
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the Linux-security-module-archive mailing list