On Wed, 2017-05-10 at 15:24 +0200, Christoph Hellwig wrote: > On Wed, May 10, 2017 at 03:20:41PM +0300, Boaz Harrosh wrote: > > Would you not want to call ->read_iter() in the NULL case > > and have all FSs supported as today? > > As IMA has particular requirements on the fs (e.g. that it can > read with i_rwsem held as seen in this patch, or useful i_version > which only the file systems converted in this patch do), having > an explicit opt-in seems much safer. This optional method is > a very easy way to provide this opt-in behavior. Without i_version support the file is measured/appraised once. With i_version support it will be re-measured/appraised. As a file system is mounted/remounted, some sort of message should be emitted indicating whether i_version is supported. That does not imply that there is no value in measuring/appraising the file only once. With this patch, the "opt-in" behavior, is only for measurement, not appraisal. For appraisal, it still enforces file hash/signature verification, as it should, based on policy. Christoph, could we call ->read_iter() in the NULL case as Boaz suggested? thanks! Mimi
