On Fri, 2017-09-15 at 07:49 -0700, Christoph Hellwig wrote: > On Thu, Sep 14, 2017 at 10:50:27PM -0700, Linus Torvalds wrote: > > This is still wrong. > > > > (a) there is no explanation for why we need that exclusive lock in the > > first place > > > > Why should a read need exclusive access? You'd think shared is sufficient. > > But regardless, it needs *explanation*. > > Shared is sufficient, and nothing in the patch (except for the > description) actually requires an exclusive lock. It just happens that > ima holds it exclusive for other internal reasons.
Although reading the file to calculate the file hash doesn't require taking the lock exclusively, in either "fix" mode or called from __fput, immediately after calculating the file hash, the file hash is written out as an xattr. Writing the xattr requires taking the lock exclusively. Mimi
