From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754824AbdIHHJs (ORCPT ); Fri, 8 Sep 2017 03:09:48 -0400 Received: from bombadil.infradead.org ([65.50.211.133]:49233 "EHLO bombadil.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754178AbdIHHJq (ORCPT ); Fri, 8 Sep 2017 03:09:46 -0400 Date: Fri, 8 Sep 2017 00:09:43 -0700 From: Christoph Hellwig To: James Morris Cc: Linus Torvalds , Linux Kernel Mailing List , LSM List , Mimi Zohar , Christoph Hellwig Subject: Re: [GIT PULL] Security subsystem updates for 4.14 Message-ID: <20170908070943.GA26549@infradead.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.8.3 (2017-05-23) X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The reason why I send out the original version of this patch is because IMA used to call ->read under i_rwsem, and that deadlocked on XFS and NFS, or ext3/4 with DAX. The call path for that is process_measurement (takes i_rwsem) -> ima_collect_measurement -> ima_calc_file_hash -> ima_calc_file_ahash / ima_calc_file_shash -> ima_calc_file_hash_atfm / ima_calc_file_hash_tfm -> integrity_kernel_read ima_check_last_writer (takes i_rwsem) -> ima_update_xattr -> ima_collect_measurement -> (as above) But yes, for the init-time integrity_read_file this is incorrect. It never tripped up, and I explicitly added the lockdep annotations so that anything would show up, and it's been half a year since I sent that first RFC patch..