On Thu, Sep 01, 2022 at 05:26:30PM +0200, Ondrej Mosnacek wrote: > The goal of these patches is to avoid calling capable() unconditionally > in simple_xattr_list(), which causes issues under SELinux (see > explanation in the second patch). > > The first patch tries to make this change safer by converting > simple_xattrs to use the RCU mechanism, so that capable() is not called > while the xattrs->lock is held. I didn't find evidence that this is an > issue in the current code, but it can't hurt to make that change > either way (and it was quite straightforward). Hey Ondrey, There's another patchset I'd like to see first which switches from a linked list to an rbtree to get rid of performance issues in this code that can be used to dos tmpfs in containers: https://lore.kernel.org/lkml/d73bd478-e373-f759-2acb-2777f6bba06f@xxxxxxxxxx I don't think Vasily has time to continue with this so I'll just pick it up hopefully this or the week after LPC. Christian
