lsm sb_delete hook, was Re: [PATCH 4/7] vfs: Convert sb->s_inodes iteration to super_iter_inodes()
Christoph Hellwig
hch at infradead.org
Thu Oct 3 07:23:41 UTC 2024
On Wed, Oct 02, 2024 at 11:33:21AM +1000, Dave Chinner wrote:
> --- a/security/landlock/fs.c
> +++ b/security/landlock/fs.c
> @@ -1223,109 +1223,60 @@ static void hook_inode_free_security_rcu(void *inode_security)
>
> /*
> * Release the inodes used in a security policy.
> - *
> - * Cf. fsnotify_unmount_inodes() and invalidate_inodes()
> */
> +static int release_inode_fn(struct inode *inode, void *data)
Looks like this is called from the sb_delete LSM hook, which
is only implemented by landlock, and only called from
generic_shutdown_super, separated from evict_inodes only by call
to fsnotify_sb_delete. Why did LSM not hook into that and instead
added another iteration of the per-sb inode list?
(Note that this is not tying to get Dave to fix this, just noticed
it when reviewing this series)
More information about the Linux-security-module-archive
mailing list