On Tue, Jul 9, 2024 at 10:40 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > The LSM framework has an existing inode_free_security() hook which > is used by LSMs that manage state associated with an inode, but > due to the use of RCU to protect the inode, special care must be > taken to ensure that the LSMs do not fully release the inode state > until it is safe from a RCU perspective. > > This patch implements a new inode_free_security_rcu() implementation > hook which is called when it is safe to free the LSM's internal inode > state. Unfortunately, this new hook does not have access to the inode > itself as it may already be released, so the existing > inode_free_security() hook is retained for those LSMs which require > access to the inode. > > Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx> > --- > include/linux/lsm_hook_defs.h | 1 + > security/integrity/ima/ima.h | 2 +- > security/integrity/ima/ima_iint.c | 20 ++++++++------------ > security/integrity/ima/ima_main.c | 2 +- > security/landlock/fs.c | 9 ++++++--- > security/security.c | 26 +++++++++++++------------- > 6 files changed, 30 insertions(+), 30 deletions(-) FYI, this has only received "light" testing, and even that is fairly generous. I booted up a system with IMA set to measure the TCB and ran through the audit and SELinux test suites; IMA seemed to be working just fine but I didn't poke at it too hard. I didn't have an explicit Landlock test handy, but I'm hoping that the Landlock enablement on a modern Rawhide system hit it a little :) -- paul-moore.com
