LU-13783 libcfs: use lsmcontext in security_release_secctx

Kernel linux-hwe-5.8 (5.8.0-22.23~20.04.1) introduces
struct lsmcontext and uses it in security_release_secctx(),
which reduces the argruments from 2 to 1.

Change-Id: I37e185493001d335b40ea0a6102db593cb18beb3
Signed-off-by: Jian Yu <yujian@whamcloud.com>
Reviewed-on: https://review.whamcloud.com/43284
Reviewed-by: Sebastien Buisson <sbuisson@ddn.com>
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/libcfs/autoconf/lustre-libcfs.m4 b/libcfs/autoconf/lustre-libcfs.m4
index e6bfe10..386166b 100644 (file)
--- a/libcfs/autoconf/lustre-libcfs.m4
+++ b/libcfs/autoconf/lustre-libcfs.m4
@@ -1405,6 +1405,23 @@ EXTRA_KCFLAGS="$tmp_flags"
 ]) # LIBCFS_KERNEL_SETSOCKOPT
 
 #
+# LIBCFS_SEC_RELEASE_SECCTX
+#
+# kernel linux-hwe-5.8 (5.8.0-22.23~20.04.1)
+# LSM: Use lsmcontext in security_release_secctx
+AC_DEFUN([LIBCFS_SEC_RELEASE_SECCTX], [
+LB_CHECK_COMPILE([if security_release_secctx has 1 arg],
+security_release_secctx_1arg, [
+       #include <linux/security.h>
+],[
+       security_release_secctx(NULL);
+],[
+       AC_DEFINE(HAVE_SEC_RELEASE_SECCTX_1ARG, 1,
+               [security_release_secctx has 1 arg.])
+])
+]) # LIBCFS_SEC_RELEASE_SECCTX
+
+#
 # LIBCFS_HAVE_KFREE_SENSITIVE
 #
 # kernel v5.10-rc1~3
@@ -1547,6 +1564,7 @@ LIBCFS_KALLSYMS_LOOKUP
 LIBCFS_HAVE_MMAP_LOCK
 LIBCFS_KERNEL_SETSOCKOPT
 LIBCFS_VMALLOC_2ARGS
+LIBCFS_SEC_RELEASE_SECCTX
 # 5.10
 LIBCFS_HAVE_KFREE_SENSITIVE
 ]) # LIBCFS_PROG_LINUX

diff --git a/lustre/include/lustre_compat.h b/lustre/include/lustre_compat.h
index b5a704b..ac80bde 100644 (file)
--- a/lustre/include/lustre_compat.h
+++ b/lustre/include/lustre_compat.h
@@ -42,6 +42,7 @@
 #include <linux/workqueue.h>
 #include <linux/blkdev.h>
 #include <linux/slab.h>
+#include <linux/security.h>
 
 #include <libcfs/linux/linux-fs.h>
 #include <obd_support.h>
@@ -594,4 +595,16 @@ static inline bool is_root_inode(struct inode *inode)
 #define register_shrinker(_s) (register_shrinker(_s), 0)
 #endif
 
+static inline void ll_security_release_secctx(char *secdata, u32 seclen)
+{
+#ifdef HAVE_SEC_RELEASE_SECCTX_1ARG
+       struct lsmcontext context = { };
+
+       lsmcontext_init(&context, secdata, seclen, 0);
+       return security_release_secctx(&context);
+#else
+       return security_release_secctx(secdata, seclen);
+#endif
+}
+
 #endif /* _LUSTRE_COMPAT_H */

diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c
index f7c4c0d..2b0bd62 100644 (file)
--- a/lustre/llite/llite_lib.c
+++ b/lustre/llite/llite_lib.c
@@ -47,7 +47,6 @@
 #include <linux/user_namespace.h>
 #include <linux/delay.h>
 #include <linux/uidgid.h>
-#include <linux/security.h>
 #include <linux/fs_struct.h>
 
 #ifndef HAVE_CPUS_READ_LOCK
@@ -3134,8 +3133,8 @@ struct md_op_data *ll_prep_md_op_data(struct md_op_data *op_data,
 void ll_finish_md_op_data(struct md_op_data *op_data)
 {
        ll_unlock_md_op_lsm(op_data);
-       security_release_secctx(op_data->op_file_secctx,
-                               op_data->op_file_secctx_size);
+       ll_security_release_secctx(op_data->op_file_secctx,
+                                  op_data->op_file_secctx_size);
        llcrypt_free_ctx(op_data->op_file_encctx, op_data->op_file_encctx_size);
        OBD_FREE_PTR(op_data);
 }

diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c
index 9d7eab3..ce1569f 100644 (file)
--- a/lustre/llite/namei.c
+++ b/lustre/llite/namei.c
@@ -35,7 +35,6 @@
 #include <linux/quotaops.h>
 #include <linux/highmem.h>
 #include <linux/pagemap.h>
-#include <linux/security.h>
 #include <linux/user_namespace.h>
 #include <linux/uidgid.h>
 
@@ -1180,7 +1179,7 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry,
                        /* Dentry instantiated in ll_create_it. */
                        rc = ll_create_it(dir, dentry, it, secctx, secctxlen,
                                          encrypt, encctx, encctxlen);
-                       security_release_secctx(secctx, secctxlen);
+                       ll_security_release_secctx(secctx, secctxlen);
                        llcrypt_free_ctx(encctx, encctxlen);
                        if (rc) {
                                /* We dget in ll_splice_alias. */