xfs
[Top] [All Lists]

Re: [PATCH] security: Delay freeing inode->i_security till the end of RC

To: Mimi Zohar <zohar@xxxxxxxxxxxxxxxxxx>
Subject: Re: [PATCH] security: Delay freeing inode->i_security till the end of RCU grace period
From: Chandra Seetharaman <sekharan@xxxxxxxxxx>
Date: Tue, 06 Dec 2011 16:28:49 -0600
Cc: Christoph Hellwig <hch@xxxxxxxxxxxxx>, Eric Paris <eparis@xxxxxxxxxxxxxx>, linux-security-module@xxxxxxxxxxxxxxx, sekharan@xxxxxxxxxxxxxxxxxx, XFS Mailing List <xfs@xxxxxxxxxxx>
In-reply-to: <1323200753.2165.69.camel@falcor>
Organization: IBM
References: <1323110541.31919.1451.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20111206151429.GB11874@xxxxxxxxxxxxx> <1323189102.2165.39.camel@falcor> <1323191093.31919.1475.camel@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <1323200753.2165.69.camel@falcor>
Reply-to: sekharan@xxxxxxxxxx
On Tue, 2011-12-06 at 14:45 -0500, Mimi Zohar wrote:
> On Tue, 2011-12-06 at 11:04 -0600, Chandra Seetharaman wrote:
> > On Tue, 2011-12-06 at 11:30 -0500, Mimi Zohar wrote:
> > > On Tue, 2011-12-06 at 10:14 -0500, Christoph Hellwig wrote:
> > > > On Mon, Dec 05, 2011 at 12:42:21PM -0600, Chandra Seetharaman wrote:
> > > > > while running test case 234 from xfstests test suite, I was getting an
> > > > > occational memory fault in inode_has_perm() with the following stack
> > > > 
> > > > Interesting.  Given that have no good way to free other data with the
> > > > normal inode callback it looks like we indeed need to do this
> > > > separately.
> > > > 
> > > > What about IMA or similar monsters?  Posix ACLs already are covered at
> > > > least.
> > > 
> > > Looks like a similar problem exists with the 'iint'.
> > 
> > I walked thru the code and saw integrity_iint_find() is the one that
> > would be used to see if a iint data structure is associated. And, all
> > all the invocations of integrity_iint_find() check for NULL and handle
> > it properly.
> > 
> > I might be wrong since I am not familiar with the code. Can you please
> > double check and let me know if I am wrong. 
> > 
> > Chandra
> 
> The assumption up to this point has been that the iint will be freed
> only after the last call to ima_file_free(). The lack of an iint's
> existence indicates that the file is not in the measurement policy.
> 
> As the iint is being freed, updating the iint flag is unnecessary for
> base IMA.  However, in addition to updating the iint flags, the
> IMA-appraisal patches (yet to be upstreamed) update the 'security.ima'
> xattr.  Without an iint, the xattr will not be updated.

Thanks for the explanation, Mimi.

IIUC, leaving it this way (i.e freeing immediately) will miss some final
updates to the xattr for IMA. Correct ?

Let me try to see if I can reproduce a similar memory fault (with iint)
with the current code.
> 
> Mimi
> 
> _______________________________________________
> xfs mailing list
> xfs@xxxxxxxxxxx
> http://oss.sgi.com/mailman/listinfo/xfs
> 


<Prev in Thread] Current Thread [Next in Thread>