On Wed, Jan 17, 2024 at 03:51:37PM -0500, Phillip Susi wrote: > Matthew Wilcox <willy@xxxxxxxxxxxxx> writes: > > > We have numerous ways to intercept file reads and make them either > > block or fail. The obvious one to me is security_file_permission() > > called from rw_verify_area(). Can we do everything we need with an LSM? > > I like the idea. That runs when someone opens a file right? What about Every read() and write() call goes through there. eg ksys_read -> vfs_read -> rw_verify_area -> security_file_permission It wouldn't cover mmap accesses. So if you had the file mmaped before suspend, you'd still be able to load from the mmap. There's no security_ hook for that right now, afaik. > Is that in addition to, or instead of throwing out the key and > suspending IO at the block layer? If it is in addition, then that would > mean that trying to open a file would fail cleanly, but accessing a page > that is already mapped could hang the task. In an unkillable state. > For a long time. Even the OOM killer can't kill a task blocked like > that can it? Or did that get fixed at some point? TASK_KILLABLE was added in 2008, but it's up to each individual call site whether to use killable or uninterruptible sleep.
