On Fri, Sep 15, 2017 at 06:21:28AM +1000, James Morris wrote: > So, to be clear, this patch solves the XFS deadlock using a different > approach (to the now reverted integrity_read approach), which Christoph > also says is more correct generally. Correct?
No. It is in addition to the previous patches - the patches were correct for the IMA interaction with the I/O path. It just turns out that the function was also reused for reading certificates at initialization time, for which that change was incorrect. If this series is applied first the integrity_read code is not used for that path any more.
