On Thu 03-10-24 00:38:05, Christoph Hellwig wrote: > On Thu, Oct 03, 2024 at 12:23:41AM -0700, Christoph Hellwig wrote: > > On Wed, Oct 02, 2024 at 11:33:21AM +1000, Dave Chinner wrote: > > > --- a/security/landlock/fs.c > > > +++ b/security/landlock/fs.c > > > @@ -1223,109 +1223,60 @@ static void hook_inode_free_security_rcu(void *inode_security) > > > > > > /* > > > * Release the inodes used in a security policy. > > > - * > > > - * Cf. fsnotify_unmount_inodes() and invalidate_inodes() > > > */ > > > +static int release_inode_fn(struct inode *inode, void *data) > > > > Looks like this is called from the sb_delete LSM hook, which > > is only implemented by landlock, and only called from > > generic_shutdown_super, separated from evict_inodes only by call > > to fsnotify_sb_delete. Why did LSM not hook into that and instead > > An the main thing that fsnotify_sb_delete does is yet another inode > iteration.. > > Ay chance you all could get together an figure out how to get down > to a single sb inode iteration per unmount? Fair enough. If we go with the iterator variant I've suggested to Dave in [1], we could combine the evict_inodes(), fsnotify_unmount_inodes() and Landlocks hook_sb_delete() into a single iteration relatively easily. But I'd wait with that convertion until this series lands. Honza [1] https://lore.kernel.org/all/20241003114555.bl34fkqsja4s5tok@quack3 -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
