Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751453AbeACED2 (ORCPT + 1 other); Tue, 2 Jan 2018 23:03:28 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:43030 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751049AbeACED0 (ORCPT ); Tue, 2 Jan 2018 23:03:26 -0500 Subject: Re: [PATCHv6 1/1] ima: re-introduce own integrity cache lock From: Mimi Zohar To: Dave Chinner Cc: "Darrick J. Wong" , Dmitry Kasatkin , linux-integrity , linux-security-module , Jan Kara , "Theodore Ts'o" , Chris Mason , Christoph Hellwig , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Dmitry Kasatkin , xfs Date: Tue, 02 Jan 2018 23:03:16 -0500 In-Reply-To: <20180103031621.GK5858@dastard> References: <20180103014048.GE5146@magnolia> <1514947923.3493.2.camel@linux.vnet.ibm.com> <20180103031621.GK5858@dastard> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 18010304-0012-0000-0000-0000059F10B1 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18010304-0013-0000-0000-0000191A59C4 Message-Id: <1514952196.3493.57.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-01-03_02:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=4 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1801030052 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Wed, 2018-01-03 at 14:16 +1100, Dave Chinner wrote: > On Tue, Jan 02, 2018 at 09:52:03PM -0500, Mimi Zohar wrote: > > On Tue, 2018-01-02 at 17:40 -0800, Darrick J. Wong wrote: > > > [might as well cc linux-xfs] > > > > > > On Thu, Dec 14, 2017 at 12:22:37AM +0200, Dmitry Kasatkin wrote: > > > > Hi, > > > > > > > > Could I ask FS maintainers to test IMA with this patch additionally > > > > and provide ack/tested. > > > > We tested but may be you have and some special testing. > > > > > > Super-late to this party, but unless xfstests has automated tests to > > > set up IMA on top of an existing filesystem then I most likely have no > > > idea /how/ to test IMA. I did a quick grep of xfstests git and I don't > > > see anything IMA-related. > > > > Back in June I posted a simple xfstests IMA-appraisal test (https://ma > > rc.info/?l=linux-fsdevel&m=149703820814885&w=4). > > That's a really, really basic test and it doesn't exercise the > problematic direct IO path this patch fixes problems with. nor does > it exercise the chmod path, or try to trigger deadlocks or other > conditions through all the other paths that can trigger IMA actions > and or failures (e.g. ENOSPC). IOWs, we need a lot more than a > "hello world" test to be able to verify filesystems interact with > IMA properly. e.g. how does it behave at ENOSPC? True, but for now we were looking for some basic testing - opening a file and calculating the file hash - on different filesystems, not the direct-IO path in particular.  Expanding the IMA-appraisal xfstests is high on my "todo" list. Mimi