[Top] [All Lists]

Re: [PATCH] security: Delay freeing inode->i_security till the end of RC

To: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Subject: Re: [PATCH] security: Delay freeing inode->i_security till the end of RCU grace period
From: Chandra Seetharaman <sekharan@xxxxxxxxxx>
Date: Tue, 06 Dec 2011 10:09:38 -0600
Cc: linux-security-module@xxxxxxxxxxxxxxx, Eric Paris <eparis@xxxxxxxxxxxxxx>, XFS Mailing List <xfs@xxxxxxxxxxx>
In-reply-to: <20111206151429.GB11874@xxxxxxxxxxxxx>
Organization: IBM
References: <1323110541.31919.1451.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20111206151429.GB11874@xxxxxxxxxxxxx>
Reply-to: sekharan@xxxxxxxxxx
On Tue, 2011-12-06 at 10:14 -0500, Christoph Hellwig wrote:
> On Mon, Dec 05, 2011 at 12:42:21PM -0600, Chandra Seetharaman wrote:
> > while running test case 234 from xfstests test suite, I was getting an
> > occational memory fault in inode_has_perm() with the following stack
> Interesting.  Given that have no good way to free other data with the
> normal inode callback it looks like we indeed need to do this
> separately.
> What about IMA or similar monsters?  Posix ACLs already are covered at
> least.

Hi Christoph,

The problem is pretty much located in the function
fs/inode.c:destroy_inode(), which calls __destroy_inode(), which does
the freeing, and then does the call_rcu() on the inode.

I looked at all the functions in __destroy_inode() and found only
security_inode_free() to be problematic. Others would handle the
situation gracefully.

Sorry for the lack of knowledge. what is IMA ?


<Prev in Thread] Current Thread [Next in Thread>