+ /* no need to protect selinux_inode_setsecurity() by
+ * inode_lock. Taking it would lead to a client deadlock
+ * LU-13617
+ */
+ rc = security_inode_notifysecctx(inode, secctx, secctxlen);
+ if (rc)
+ CWARN("%s: cannot set security context for "DFID": rc = %d\n",
+ sbi->ll_fsname, PFID(ll_inode2fid(inode)), rc);
+
+ return rc;
+}
+
+/**
+ * Free the security context xattr name used by policy
+ */
+void ll_secctx_name_free(struct ll_sb_info *sbi)
+{
+ OBD_FREE(sbi->ll_secctx_name, sbi->ll_secctx_name_size + 1);
+ sbi->ll_secctx_name = NULL;
+ sbi->ll_secctx_name_size = 0;
+}
+
+/**
+ * Get security context xattr name used by policy and save it.
+ *
+ * \retval > 0 length of xattr name
+ * \retval == 0 no LSM module registered supporting security contexts
+ * \retval <= 0 failure to get xattr name or xattr is not supported
+ */
+int ll_secctx_name_store(struct inode *in)
+{
+ struct ll_sb_info *sbi = ll_i2sbi(in);
+ int rc = 0;
+
+ if (!ll_security_xattr_wanted(in))
+ return 0;
+
+ /* get size of xattr name */
+ rc = security_inode_listsecurity(in, NULL, 0);
+ if (rc <= 0)
+ return rc;
+
+ if (sbi->ll_secctx_name)
+ ll_secctx_name_free(sbi);
+
+ OBD_ALLOC(sbi->ll_secctx_name, rc + 1);
+ if (!sbi->ll_secctx_name)
+ return -ENOMEM;
+
+ /* save the xattr name */
+ sbi->ll_secctx_name_size = rc;
+ rc = security_inode_listsecurity(in, sbi->ll_secctx_name,
+ sbi->ll_secctx_name_size);
+ if (rc <= 0)
+ goto err_free;
+
+ if (rc > sbi->ll_secctx_name_size) {