From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:53281 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751232AbdH1Sao (ORCPT ); Mon, 28 Aug 2017 14:30:44 -0400 Received: from pps.filterd (m0098421.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id v7SITJjU048443 for ; Mon, 28 Aug 2017 14:30:44 -0400 Received: from e23smtp07.au.ibm.com (e23smtp07.au.ibm.com [202.81.31.140]) by mx0a-001b2d01.pphosted.com with ESMTP id 2cmnjpje6d-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Mon, 28 Aug 2017 14:30:43 -0400 Received: from localhost by e23smtp07.au.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Tue, 29 Aug 2017 04:30:41 +1000 Subject: Re: [PATCH v6 4/6] ima: use fs method to read integrity data From: Mimi Zohar To: Al Viro Cc: Christoph Hellwig , Matthew Garrett , James Morris , linux-fsdevel@vger.kernel.org, linux-ima-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, Matthew Garrett , Jan Kara , "Theodore Ts'o" , Andreas Dilger , Jaegeuk Kim , Chao Yu , Steven Whitehouse , Bob Peterson , David Woodhouse , Dave Kleikamp , Ryusuke Konishi , Mark Fasheh , Joel Becker , Richard Weinberger , "Darrick J. Wong" , Hugh Dickins , Chris Mason Date: Mon, 28 Aug 2017 14:30:25 -0400 In-Reply-To: <20170828041301.GA21125@ZenIV.linux.org.uk> References: <1502808237-2035-1-git-send-email-zohar@linux.vnet.ibm.com> <1502808237-2035-5-git-send-email-zohar@linux.vnet.ibm.com> <20170828041301.GA21125@ZenIV.linux.org.uk> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: <1503945025.5847.91.camel@linux.vnet.ibm.com> Sender: linux-fsdevel-owner@vger.kernel.org List-ID: On Mon, 2017-08-28 at 05:13 +0100, Al Viro wrote: > On Tue, Aug 15, 2017 at 10:43:55AM -0400, Mimi Zohar wrote: > > From: Christoph Hellwig > > > > Add a new ->integrity_read file operation to read data for integrity > > hash collection. This is defined to be equivalent to ->read_iter, > > except that it will be called with the i_rwsem held exclusively. > > Hmm... I'm really tempted to add default_integrity_read() that would > just call ->read_iter(), with boilerplate part becoming > .integrity_read = default_integrity_read How can it automatically call the fs read_iter() without knowing if the fs read_iter() takes the i_rwsem?  Or are you suggesting that the default_integrity_read is defined as generic_file_read_iter()? Mimi > Note that all stuff accessed in it would be fresh in caches, so > it's not as if we had serious overhead there. And we are going > to be reading from file, anyway... > > I agree that it should be an opt-in from filesystem; default is still > "don't know how to read, sod off". It's just that telling at the > glance whether it's supposed to be a simple case or something tricky > is needed would be simpler that way and it might turn out to be > more robust that way... > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > From mboxrd@z Thu Jan 1 00:00:00 1970 From: zohar@linux.vnet.ibm.com (Mimi Zohar) Date: Mon, 28 Aug 2017 14:30:25 -0400 Subject: [PATCH v6 4/6] ima: use fs method to read integrity data In-Reply-To: <20170828041301.GA21125@ZenIV.linux.org.uk> References: <1502808237-2035-1-git-send-email-zohar@linux.vnet.ibm.com> <1502808237-2035-5-git-send-email-zohar@linux.vnet.ibm.com> <20170828041301.GA21125@ZenIV.linux.org.uk> Message-ID: <1503945025.5847.91.camel@linux.vnet.ibm.com> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Mon, 2017-08-28 at 05:13 +0100, Al Viro wrote: > On Tue, Aug 15, 2017 at 10:43:55AM -0400, Mimi Zohar wrote: > > From: Christoph Hellwig > > > > Add a new ->integrity_read file operation to read data for integrity > > hash collection. This is defined to be equivalent to ->read_iter, > > except that it will be called with the i_rwsem held exclusively. > > Hmm... I'm really tempted to add default_integrity_read() that would > just call ->read_iter(), with boilerplate part becoming > .integrity_read = default_integrity_read How can it automatically call the fs read_iter() without knowing if the fs read_iter() takes the i_rwsem? ?Or are you suggesting that the default_integrity_read is defined as generic_file_read_iter()? Mimi > Note that all stuff accessed in it would be fresh in caches, so > it's not as if we had serious overhead there. And we are going > to be reading from file, anyway... > > I agree that it should be an opt-in from filesystem; default is still > "don't know how to read, sod off". It's just that telling at the > glance whether it's supposed to be a simple case or something tricky > is needed would be simpler that way and it might turn out to be > more robust that way... > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo at vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html