static int ll_lookup_it_finish(struct ptlrpc_request *request,
struct lookup_intent *it,
- struct inode *parent, struct dentry **de)
+ struct inode *parent, struct dentry **de,
+ void *secctx, __u32 secctxlen)
{
struct inode *inode = NULL;
__u64 bits = 0;
CDEBUG(D_DENTRY, "it %p it_disposition %x\n", it,
it->it_disposition);
if (!it_disposition(it, DISP_LOOKUP_NEG)) {
+ struct req_capsule *pill = &request->rq_pill;
+ struct mdt_body *body = req_capsule_server_get(pill,
+ &RMF_MDT_BODY);
+
rc = ll_prep_inode(&inode, request, (*de)->d_sb, it);
if (rc)
RETURN(rc);
* ll_glimpse_size or some equivalent themselves anyway.
* Also see bug 7198.
*/
+
+ /* If security context was returned by MDT, put it in
+ * inode now to save an extra getxattr from security hooks,
+ * and avoid deadlock.
+ */
+ if (body->mbo_valid & OBD_MD_SECCTX) {
+ secctx = req_capsule_server_get(pill, &RMF_FILE_SECCTX);
+ secctxlen = req_capsule_get_size(pill,
+ &RMF_FILE_SECCTX,
+ RCL_SERVER);
+
+ if (secctxlen)
+ CDEBUG(D_SEC, "server returned security context"
+ " for "DFID"\n",
+ PFID(ll_inode2fid(inode)));
+ }
+
+ if (secctx != NULL && secctxlen != 0) {
+ inode_lock(inode);
+ rc = security_inode_notifysecctx(inode, secctx,
+ secctxlen);
+ inode_unlock(inode);
+ if (rc)
+ CWARN("cannot set security context for "
+ DFID": rc = %d\n",
+ PFID(ll_inode2fid(inode)), rc);
+ }
}
/* Only hash *de if it is unhashed (new dentry).
struct dentry *save = dentry, *retval;
struct ptlrpc_request *req = NULL;
struct md_op_data *op_data = NULL;
- __u32 opc;
- int rc;
- ENTRY;
+ __u32 opc;
+ int rc;
+ char secctx_name[XATTR_NAME_MAX + 1];
+
+ ENTRY;
if (dentry->d_name.len > ll_i2sbi(parent)->ll_namelen)
RETURN(ERR_PTR(-ENAMETOOLONG));
*secctx = op_data->op_file_secctx;
if (secctxlen != NULL)
*secctxlen = op_data->op_file_secctx_size;
+ } else {
+ if (secctx != NULL)
+ *secctx = NULL;
+ if (secctxlen != NULL)
+ *secctxlen = 0;
+ }
+
+ /* ask for security context upon intent */
+ if (it->it_op & (IT_LOOKUP | IT_GETATTR | IT_OPEN)) {
+ /* get name of security xattr to request to server */
+ rc = ll_listsecurity(parent, secctx_name,
+ sizeof(secctx_name));
+ if (rc < 0) {
+ CDEBUG(D_SEC, "cannot get security xattr name for "
+ DFID": rc = %d\n",
+ PFID(ll_inode2fid(parent)), rc);
+ } else if (rc > 0) {
+ op_data->op_file_secctx_name = secctx_name;
+ op_data->op_file_secctx_name_size = rc;
+ CDEBUG(D_SEC, "'%.*s' is security xattr for "DFID"\n",
+ rc, secctx_name, PFID(ll_inode2fid(parent)));
+ }
}
rc = md_intent_lock(ll_i2mdexp(parent), op_data, it, &req,
/* dir layout may change */
ll_unlock_md_op_lsm(op_data);
- rc = ll_lookup_it_finish(req, it, parent, &dentry);
+ rc = ll_lookup_it_finish(req, it, parent, &dentry,
+ secctx != NULL ? *secctx : NULL,
+ secctxlen != NULL ? *secctxlen : 0);
if (rc != 0) {
ll_intent_release(it);
GOTO(out, retval = ERR_PTR(rc));