Menu
▾
▴
Re: [Linux-ima-devel] Write a file into nfs will get stucked
|
From: Rock L. <roc...@gm...> - 2017-09-12 10:20:19
|
On Tue, Sep 12, 2017 at 4:31 PM, Rock Lee <roc...@gm...> wrote: > Hi, > > I enabled IMA, but when I write a file into nfs, the process will get > stucked. I've trace the code, it seems it never return in > ima_calc_file_shash(). Could IMA work with nfs ?? > > BTW, I am using raspberrypi3, linux-4.13, with IMA enabled. And my > kernel cmdline uses "ima_tcb ima_appraise=fix ima_appraise_tcb". > Actually, the process get stucked at ima_check_last_writer() -> ima_update_xattr() -> ima_collect_measurement() -> ima_calc_file_hash() -> ima_calc_file_shash() -> ima_calc_file_hash_tfm()->integrity_kernel_read(). ima_check_last_writer() holds inode_lock, I suppose the read function in nfs may also hold inode_lock. Since after I unlocked inode lock in ima_check_last_writer() before ima_update_xattr(), process won't be stucked. -- Cheers, Rock |
