On Wed, 2024-10-09 at 23:59 +0800, Shu Han wrote: > > Finally, expand the critical region in process_measurement() > > guarded by > > iint->mutex up to where the inode was locked, use only one iint > > lock in > > __ima_inode_hash(), since the mutex is now in the inode security > > blob, and > > replace the inode_lock()/inode_unlock() calls in > > ima_check_last_writer(). > > I am not familiar with this, so the following statement may be > inaccurate: > > I suspect that modifying the `i_flags` field through > `inode->i_flags |= S_IMA;` in `ima_inode_get` may cause a > race, as this patch removes the write lock for inodes in > process_measurement(). > > For example, swapon() adds the S_SWAPFILE tag under inode write > lock's > protection. > > Perhaps this initialization tag(`S_IMA`) can also be moved into > inode's > security blob. It would not even be necessary, since after making IMA as a regular LSM the S_IMA check can be replaced by testing whether or not the pointer of inode integrity metadata in the security blob is NULL. Will remove S_IMA. Thanks Roberto
