Re: [Linux-ima-devel] Write a file into nfs will get stucked

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Tue, Sep 12, 2017 at 4:31 PM, Rock Lee <roc...@gm...> wrote:
> Hi,
>
> I enabled IMA, but when I write a file into nfs, the process will get
> stucked. I've trace the code, it seems it never return in
> ima_calc_file_shash(). Could IMA work with nfs ??
>
> BTW, I am using raspberrypi3, linux-4.13, with IMA enabled. And my
> kernel cmdline uses "ima_tcb ima_appraise=fix ima_appraise_tcb".
>

Actually, the process get stucked at ima_check_last_writer() ->
ima_update_xattr() -> ima_collect_measurement() ->
ima_calc_file_hash() -> ima_calc_file_shash()  ->
ima_calc_file_hash_tfm()->integrity_kernel_read().
ima_check_last_writer() holds inode_lock, I suppose the read function
in nfs may also hold inode_lock. Since after I unlocked inode lock in
ima_check_last_writer()  before  ima_update_xattr(), process won't be
stucked.

-- 
Cheers,
Rock