lsm sb_delete hook, was Re: [PATCH 4/7] vfs: Convert sb->s_inodes iteration to super_iter_inodes()
Jan Kara
jack at suse.cz
Thu Oct 3 11:57:21 UTC 2024
On Thu 03-10-24 00:38:05, Christoph Hellwig wrote:
> On Thu, Oct 03, 2024 at 12:23:41AM -0700, Christoph Hellwig wrote:
> > On Wed, Oct 02, 2024 at 11:33:21AM +1000, Dave Chinner wrote:
> > > --- a/security/landlock/fs.c
> > > +++ b/security/landlock/fs.c
> > > @@ -1223,109 +1223,60 @@ static void hook_inode_free_security_rcu(void *inode_security)
> > >
> > > /*
> > > * Release the inodes used in a security policy.
> > > - *
> > > - * Cf. fsnotify_unmount_inodes() and invalidate_inodes()
> > > */
> > > +static int release_inode_fn(struct inode *inode, void *data)
> >
> > Looks like this is called from the sb_delete LSM hook, which
> > is only implemented by landlock, and only called from
> > generic_shutdown_super, separated from evict_inodes only by call
> > to fsnotify_sb_delete. Why did LSM not hook into that and instead
>
> An the main thing that fsnotify_sb_delete does is yet another inode
> iteration..
>
> Ay chance you all could get together an figure out how to get down
> to a single sb inode iteration per unmount?
Fair enough. If we go with the iterator variant I've suggested to Dave in
[1], we could combine the evict_inodes(), fsnotify_unmount_inodes() and
Landlocks hook_sb_delete() into a single iteration relatively easily. But
I'd wait with that convertion until this series lands.
Honza
[1] https://lore.kernel.org/all/20241003114555.bl34fkqsja4s5tok@quack3
--
Jan Kara <jack at suse.com>
SUSE Labs, CR
More information about the Linux-security-module-archive
mailing list