AC_DEFINE(HAVE_CURRENT_TIME, 1,
[current_time() has replaced CURRENT_TIME])
])
-]) # LIBCFS_CURRENT_TIME
+]) # LC_CURRENT_TIME
#
# LC_HAVE_GET_INODE_USAGE
]) # LC_HAVE_ADDRESS_SPACE_OPERATIONS_RELEASE_FOLIO
#
+# LC_HAVE_LSMCONTEXT_INIT
+#
+# repo: git://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy
+# kernel linux-hwe-5.19 commit fef1deb99dad87dd700afae76b35c5b5750e33a8
+# LSM: Removed scaffolding function lsmcontext_init
+#
+AC_DEFUN([LC_SRC_HAVE_LSMCONTEXT_INIT], [
+ LB2_LINUX_TEST_SRC([lsmcontext_init], [
+ #include <linux/security.h>
+ ],[
+ struct lsmcontext ctx = {};
+
+ lsmcontext_init(&ctx, "", 0, 0);
+ ],[])
+])
+AC_DEFUN([LC_HAVE_LSMCONTEXT_INIT], [
+ AC_MSG_CHECKING([if lsmcontext_init is available])
+ LB2_LINUX_TEST_RESULT([lsmcontext_init], [
+ AC_DEFINE(HAVE_LSMCONTEXT_INIT, 1,
+ [lsmcontext_init is available])
+ ])
+]) # LC_HAVE_LSMCONTEXT_INIT
+
+#
+# LC_SECURITY_DENTRY_INIT_SECURTY_WITH_CTX
+#
+# repo: git://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy
+# kernel linux-hwe-5.19 commit 57d0004bc811254916be30f94c86d9607867deb0
+# LSM: Use lsmcontext in security_dentry_init_security
+#
+AC_DEFUN([LC_SRC_SECURITY_DENTRY_INIT_SECURTY_WITH_CTX], [
+ LB2_LINUX_TEST_SRC([security_dentry_init_security_with_ctx], [
+ #include <linux/security.h>
+ ],[
+ struct dentry *dentry = NULL;
+ const struct qstr *name = NULL;
+ struct lsmcontext *ctx = NULL;
+ const char *xattr_name = "";
+
+ (void)security_dentry_init_security(dentry, 0, name,
+ &xattr_name, ctx);
+ ],[-Werror])
+])
+AC_DEFUN([LC_SECURITY_DENTRY_INIT_SECURTY_WITH_CTX], [
+ AC_MSG_CHECKING([if security_dentry_init_security needs lsmcontext])
+ LB2_LINUX_TEST_RESULT([security_dentry_init_security_with_ctx], [
+ AC_DEFINE(HAVE_SECURITY_DENTRY_INIT_SECURTY_WITH_CTX, 1,
+ [security_dentry_init_security needs lsmcontext])
+ ])
+]) # LC_SECURITY_DENTRY_INIT_SECURTY_WITH_CTX
+
+#
# LC_HAVE_NO_LLSEEK
#
# Linux commit v5.19-rc2-6-g868941b14441
LC_SRC_HAVE_ADDRESS_SPACE_OPERATIONS_READ_FOLIO
LC_SRC_HAVE_READ_CACHE_PAGE_FILLER_WITH_FILE
LC_SRC_HAVE_ADDRESS_SPACE_OPERATIONS_RELEASE_FOLIO
+ LC_SRC_HAVE_LSMCONTEXT_INIT
+ LC_SRC_SECURITY_DENTRY_INIT_SECURTY_WITH_CTX
# 6.0
LC_SRC_HAVE_NO_LLSEEK
LC_HAVE_ADDRESS_SPACE_OPERATIONS_READ_FOLIO
LC_HAVE_READ_CACHE_PAGE_FILLER_WITH_FILE
LC_HAVE_ADDRESS_SPACE_OPERATIONS_RELEASE_FOLIO
+ LC_HAVE_LSMCONTEXT_INIT
+ LC_SECURITY_DENTRY_INIT_SECURTY_WITH_CTX
# 6.0
LC_HAVE_NO_LLSEEK
#define ll_access_ok(ptr, len) access_ok(ptr, len)
#endif
-static inline void ll_security_release_secctx(char *secdata, u32 seclen)
+#ifdef HAVE_SEC_RELEASE_SECCTX_1ARG
+#ifndef HAVE_LSMCONTEXT_INIT
+/* Ubuntu 5.19 */
+static inline void lsmcontext_init(struct lsmcontext *cp, char *context,
+ u32 size, int slot)
+{
+ cp->slot = slot;
+ cp->context = context;
+ cp->len = size;
+}
+#endif
+#endif
+
+static inline void ll_security_release_secctx(char *secdata, u32 seclen,
+ int slot)
{
#ifdef HAVE_SEC_RELEASE_SECCTX_1ARG
struct lsmcontext context = { };
- lsmcontext_init(&context, secdata, seclen, 0);
+ lsmcontext_init(&context, secdata, seclen, slot);
return security_release_secctx(&context);
#else
return security_release_secctx(secdata, seclen);
__u32 op_file_secctx_name_size;
void *op_file_secctx;
__u32 op_file_secctx_size;
+ int op_file_secctx_slot;
/* File encryption context, for creates/metadata ops */
void *op_file_encctx;
&op_data->op_file_secctx_name,
&op_data->op_file_secctx_name_size,
&op_data->op_file_secctx,
- &op_data->op_file_secctx_size);
+ &op_data->op_file_secctx_size,
+ &op_data->op_file_secctx_slot);
if (err < 0)
GOTO(out_op_data, err);
}
int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name,
const char **secctx_name, __u32 *secctx_name_size,
- void **secctx, __u32 *secctx_size);
+ void **secctx, __u32 *secctx_size,
+ int *secctx_slot);
+
int ll_inode_init_security(struct dentry *dentry, struct inode *inode,
struct inode *dir);
{
ll_unlock_md_op_lsm(op_data);
ll_security_release_secctx(op_data->op_file_secctx,
- op_data->op_file_secctx_size);
+ op_data->op_file_secctx_size,
+ op_data->op_file_secctx_slot);
if (op_data->op_flags & MF_OPNAME_KMALLOCED)
/* allocated via ll_setup_filename called
* from ll_prep_md_op_data
static struct dentry *ll_lookup_it(struct inode *parent, struct dentry *dentry,
struct lookup_intent *it,
void **secctx, __u32 *secctxlen,
+ int *secctxslot,
struct pcc_create_attach *pca,
bool encrypt,
void **encctx, __u32 *encctxlen)
&op_data->op_file_secctx_name,
&op_data->op_file_secctx_name_size,
&op_data->op_file_secctx,
- &op_data->op_file_secctx_size);
+ &op_data->op_file_secctx_size,
+ &op_data->op_file_secctx_slot);
if (rc < 0)
GOTO(out, retval = ERR_PTR(rc));
if (secctx != NULL)
*secctx = op_data->op_file_secctx;
if (secctxlen != NULL)
*secctxlen = op_data->op_file_secctx_size;
+ if (secctxslot != NULL)
+ *secctxslot = op_data->op_file_secctx_slot;
} else {
if (secctx != NULL)
*secctx = NULL;
if (secctxlen != NULL)
*secctxlen = 0;
+ if (secctxslot != NULL)
+ *secctxslot = 0;
}
if (it->it_op & IT_CREAT && encrypt) {
if (unlikely(filename_is_volatile(dentry->d_name.name,
itp = NULL;
else
itp = ⁢
- de = ll_lookup_it(parent, dentry, itp, NULL, NULL, NULL, false,
+ de = ll_lookup_it(parent, dentry, itp, NULL, NULL, NULL, NULL, false,
NULL, NULL);
if (itp != NULL)
long long lookup_flags = LOOKUP_OPEN;
void *secctx = NULL;
__u32 secctxlen = 0;
+ int secctxslot = 0;
void *encctx = NULL;
__u32 encctxlen = 0;
struct ll_sb_info *sbi = NULL;
it->it_flags |= MDS_OPEN_LOCK;
/* Dentry added to dcache tree in ll_lookup_it */
- de = ll_lookup_it(dir, dentry, it, &secctx, &secctxlen, &pca, encrypt,
- &encctx, &encctxlen);
+ de = ll_lookup_it(dir, dentry, it, &secctx, &secctxlen, &secctxslot,
+ &pca, encrypt, &encctx, &encctxlen);
if (IS_ERR(de))
rc = PTR_ERR(de);
else if (de != NULL)
rc = ll_create_it(dir, dentry, it, secctx, secctxlen,
encrypt, encctx, encctxlen,
open_flags);
- ll_security_release_secctx(secctx, secctxlen);
+ ll_security_release_secctx(secctx, secctxlen,
+ secctxslot);
llcrypt_free_ctx(encctx, encctxlen);
if (rc) {
/* We dget in ll_splice_alias. */
&op_data->op_file_secctx_name,
&op_data->op_file_secctx_name_size,
&op_data->op_file_secctx,
- &op_data->op_file_secctx_size);
+ &op_data->op_file_secctx_size,
+ &op_data->op_file_secctx_slot);
if (err < 0)
GOTO(err_exit, err);
}
# define XATTR_NAME_SELINUX XATTR_SECURITY_PREFIX XATTR_SELINUX_SUFFIX
#endif
+#ifdef HAVE_SECURITY_DENTRY_INIT_SECURTY_WITH_CTX
+#define HAVE_SECURITY_DENTRY_INIT_WITH_XATTR_NAME_ARG 1
+#endif
+
/*
* Check for LL_SBI_FILE_SECCTX before calling.
*/
int ll_dentry_init_security(struct dentry *dentry, int mode, struct qstr *name,
const char **secctx_name, __u32 *secctx_name_size,
- void **secctx, __u32 *secctx_size)
+ void **secctx, __u32 *secctx_size, int *secctx_slot)
{
struct ll_sb_info *sbi = ll_s2sbi(dentry->d_sb);
#ifdef HAVE_SECURITY_DENTRY_INIT_WITH_XATTR_NAME_ARG
const char *secctx_name_lsm = NULL;
#endif
+#ifdef HAVE_SECURITY_DENTRY_INIT_SECURTY_WITH_CTX
+ struct lsmcontext ctx = {};
+#endif
int rc;
/*
#ifdef HAVE_SECURITY_DENTRY_INIT_WITH_XATTR_NAME_ARG
&secctx_name_lsm,
#endif
+#ifdef HAVE_SECURITY_DENTRY_INIT_SECURTY_WITH_CTX
+ &ctx);
+#else
secctx, secctx_size);
+#endif
/* ignore error if the hook is not supported by the LSM module */
if (rc == -EOPNOTSUPP)
return 0;
if (rc < 0)
return rc;
+#ifdef HAVE_SECURITY_DENTRY_INIT_SECURTY_WITH_CTX
+ *secctx = ctx.context;
+ *secctx_size = ctx.len;
+ *secctx_slot = ctx.slot;
+#endif
+
#ifdef HAVE_SECURITY_DENTRY_INIT_WITH_XATTR_NAME_ARG
if (strncmp(*secctx_name, secctx_name_lsm, *secctx_name_size) != 0) {
CERROR("%s: LSM secctx_name '%s' does not match the one stored by Lustre '%s'\n",