On Mon, Dec 16, 2024 at 6:43 PM Song Liu <song@xxxxxxxxxx> wrote: > > inode->i_security needes to be freed from RCU callback. A rcu_head was > added to i_security to call the RCU callback. However, since struct inode > already has i_rcu, the extra rcu_head is wasteful. Specifically, when any > LSM uses i_security, a rcu_head (two pointers) is allocated for each > inode. > > Add security_inode_free_rcu() to i_callback to free i_security so that > a rcu_head is saved for each inode. Special care are needed for file > systems that provide a destroy_inode() callback, but not a free_inode() > callback. Specifically, the following logic are added to handle such > cases: > > - XFS recycles inode after destroy_inode. The inodes are freed from > recycle logic. Let xfs_inode_free_callback() and xfs_inode_alloc() > call security_inode_free_rcu() before freeing the inode. > - Let pipe free inode from a RCU callback. > - Let btrfs-test free inode from a RCU callback. If I recall correctly, historically the vfs devs have pushed back on filesystem specific changes such as this, requiring LSM hooks to operate at the VFS layer unless there was absolutely no other choice.
