On Sat, 2017-09-30 at 18:56 -0700, Linus Torvalds wrote: > On Sep 30, 2017 18:33, "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> wrote:. > > > That would require a task_work or another kind of work callback so that > the writes of the xattr are not synchronous with the vfs callback > correct? > > > No, why? > > You should just invalidate the IMA on xattr write or other operations that > make the measurement invalid. You only need the inner lock. Right, re-introducing the iint->mutex and a new i_generation field in the iint struct with a separate set of locks should work. It will be reset if the file metadata changes (eg. setxattr, chown, chmod). (We need i_generation for namespacing IMA as well.) thanks, Mimi
