lsm sb_delete hook, was Re: [PATCH 4/7] vfs: Convert sb->s_inodes iteration to super_iter_inodes()
Christoph Hellwig
hch at infradead.org
Thu Oct 3 13:04:38 UTC 2024
On Thu, Oct 03, 2024 at 02:56:50PM +0200, Jan Kara wrote:
> > + if (atomic_read(&inode->i_count)) {
> > + spin_unlock(&inode->i_lock);
> > +
> > + /* for each watch, send FS_UNMOUNT and then remove it */
> > + if (post_unmount && fsnotify_sb_info(sb)) {
> > + fsnotify_inode(inode, FS_UNMOUNT);
> > + fsnotify_inode_delete(inode);
> > + }
>
> This will not work because you are in unsafe iterator holding
> sb->s_inode_list_lock. To be able to call into fsnotify, you need to do the
> iget / iput dance and releasing of s_inode_list_lock which does not work
> when a filesystem has its own inodes iterator AFAICT... That's why I've
> called it a layering violation.
Ah, yes. So we'll need to special case it some way either way. Still
feels saner to do it in one iteration and make the inode eviction not
use the unsafe version, but maybe that's indeed better postponed until
after Dave's series.
More information about the Linux-security-module-archive
mailing list