From 84e7987d3958bfdc366c2a3bc452356f521fc082 Mon Sep 17 00:00:00 2001 From: Jian Yu Date: Tue, 11 May 2021 00:02:23 -0700 Subject: [PATCH] LU-13783 libcfs: use lsmcontext in security_release_secctx Kernel linux-hwe-5.8 (5.8.0-22.23~20.04.1) introduces struct lsmcontext and uses it in security_release_secctx(), which reduces the argruments from 2 to 1. Lustre-change: https://review.whamcloud.com/43284 Lustre-commit: c9e644add7091299d030a96e46384912ac2bef50 Change-Id: I37e185493001d335b40ea0a6102db593cb18beb3 Signed-off-by: Jian Yu Reviewed-on: https://review.whamcloud.com/43649 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Andreas Dilger Reviewed-by: Sebastien Buisson Reviewed-by: Li Xi --- libcfs/autoconf/lustre-libcfs.m4 | 18 ++++++++++++++++++ lustre/include/lustre_compat.h | 13 +++++++++++++ lustre/llite/llite_lib.c | 5 ++--- lustre/llite/namei.c | 3 +-- 4 files changed, 34 insertions(+), 5 deletions(-) diff --git a/libcfs/autoconf/lustre-libcfs.m4 b/libcfs/autoconf/lustre-libcfs.m4 index 44150ec0..d62fd03 100644 --- a/libcfs/autoconf/lustre-libcfs.m4 +++ b/libcfs/autoconf/lustre-libcfs.m4 @@ -1404,6 +1404,23 @@ kernel_setsockopt_exists, [ EXTRA_KCFLAGS="$tmp_flags" ]) # LIBCFS_KERNEL_SETSOCKOPT +# +# LIBCFS_SEC_RELEASE_SECCTX +# +# kernel linux-hwe-5.8 (5.8.0-22.23~20.04.1) +# LSM: Use lsmcontext in security_release_secctx +AC_DEFUN([LIBCFS_SEC_RELEASE_SECCTX], [ +LB_CHECK_COMPILE([if security_release_secctx has 1 arg], +security_release_secctx_1arg, [ + #include +],[ + security_release_secctx(NULL); +],[ + AC_DEFINE(HAVE_SEC_RELEASE_SECCTX_1ARG, 1, + [security_release_secctx has 1 arg.]) +]) +]) # LIBCFS_SEC_RELEASE_SECCTX + AC_DEFUN([LIBCFS_PROG_LINUX_SRC], [ LIBCFS_SRC_HAVE_PROC_OPS @@ -1527,6 +1544,7 @@ LIBCFS_KALLSYMS_LOOKUP LIBCFS_HAVE_MMAP_LOCK LIBCFS_KERNEL_SETSOCKOPT LIBCFS_VMALLOC_2ARGS +LIBCFS_SEC_RELEASE_SECCTX ]) # LIBCFS_PROG_LINUX # diff --git a/lustre/include/lustre_compat.h b/lustre/include/lustre_compat.h index 50b0399..dd02db3 100644 --- a/lustre/include/lustre_compat.h +++ b/lustre/include/lustre_compat.h @@ -43,6 +43,7 @@ #include #include #include +#include #include #include @@ -580,4 +581,16 @@ static inline int ll_vfs_removexattr(struct dentry *dentry, struct inode *inode, #define raw_cpu_ptr(p) __this_cpu_ptr(p) #endif +static inline void ll_security_release_secctx(char *secdata, u32 seclen) +{ +#ifdef HAVE_SEC_RELEASE_SECCTX_1ARG + struct lsmcontext context = { }; + + lsmcontext_init(&context, secdata, seclen, 0); + return security_release_secctx(&context); +#else + return security_release_secctx(secdata, seclen); +#endif +} + #endif /* _LUSTRE_COMPAT_H */ diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c index a4b517f..87953e0 100644 --- a/lustre/llite/llite_lib.c +++ b/lustre/llite/llite_lib.c @@ -48,7 +48,6 @@ #include #include #include -#include #include #ifndef HAVE_CPUS_READ_LOCK @@ -3029,8 +3028,8 @@ struct md_op_data *ll_prep_md_op_data(struct md_op_data *op_data, void ll_finish_md_op_data(struct md_op_data *op_data) { ll_unlock_md_op_lsm(op_data); - security_release_secctx(op_data->op_file_secctx, - op_data->op_file_secctx_size); + ll_security_release_secctx(op_data->op_file_secctx, + op_data->op_file_secctx_size); llcrypt_free_ctx(op_data->op_file_encctx, op_data->op_file_encctx_size); OBD_FREE_PTR(op_data); } diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c index 7ab8b45..63a1373 100644 --- a/lustre/llite/namei.c +++ b/lustre/llite/namei.c @@ -36,7 +36,6 @@ #include #include #include -#include #include #include @@ -1155,7 +1154,7 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry, /* Dentry instantiated in ll_create_it. */ rc = ll_create_it(dir, dentry, it, secctx, secctxlen, encrypt, encctx, encctxlen); - security_release_secctx(secctx, secctxlen); + ll_security_release_secctx(secctx, secctxlen); llcrypt_free_ctx(encctx, encctxlen); if (rc) { /* We dget in ll_splice_alias. */ -- 1.8.3.1