From 9029e0d27f256bc75de1d2afc4bab31200020d74 Mon Sep 17 00:00:00 2001 From: Jian Yu Date: Tue, 4 May 2021 16:55:34 -0700 Subject: [PATCH] LU-13783 libcfs: use lsmcontext in security_release_secctx Kernel linux-hwe-5.8 (5.8.0-22.23~20.04.1) introduces struct lsmcontext and uses it in security_release_secctx(), which reduces the argruments from 2 to 1. Change-Id: I37e185493001d335b40ea0a6102db593cb18beb3 Signed-off-by: Jian Yu Reviewed-on: https://review.whamcloud.com/43284 Reviewed-by: Sebastien Buisson Tested-by: jenkins Reviewed-by: James Simmons Tested-by: Maloo Reviewed-by: Oleg Drokin --- libcfs/autoconf/lustre-libcfs.m4 | 18 ++++++++++++++++++ lustre/include/lustre_compat.h | 13 +++++++++++++ lustre/llite/llite_lib.c | 5 ++--- lustre/llite/namei.c | 3 +-- 4 files changed, 34 insertions(+), 5 deletions(-) diff --git a/libcfs/autoconf/lustre-libcfs.m4 b/libcfs/autoconf/lustre-libcfs.m4 index e6bfe10..386166b 100644 --- a/libcfs/autoconf/lustre-libcfs.m4 +++ b/libcfs/autoconf/lustre-libcfs.m4 @@ -1405,6 +1405,23 @@ EXTRA_KCFLAGS="$tmp_flags" ]) # LIBCFS_KERNEL_SETSOCKOPT # +# LIBCFS_SEC_RELEASE_SECCTX +# +# kernel linux-hwe-5.8 (5.8.0-22.23~20.04.1) +# LSM: Use lsmcontext in security_release_secctx +AC_DEFUN([LIBCFS_SEC_RELEASE_SECCTX], [ +LB_CHECK_COMPILE([if security_release_secctx has 1 arg], +security_release_secctx_1arg, [ + #include +],[ + security_release_secctx(NULL); +],[ + AC_DEFINE(HAVE_SEC_RELEASE_SECCTX_1ARG, 1, + [security_release_secctx has 1 arg.]) +]) +]) # LIBCFS_SEC_RELEASE_SECCTX + +# # LIBCFS_HAVE_KFREE_SENSITIVE # # kernel v5.10-rc1~3 @@ -1547,6 +1564,7 @@ LIBCFS_KALLSYMS_LOOKUP LIBCFS_HAVE_MMAP_LOCK LIBCFS_KERNEL_SETSOCKOPT LIBCFS_VMALLOC_2ARGS +LIBCFS_SEC_RELEASE_SECCTX # 5.10 LIBCFS_HAVE_KFREE_SENSITIVE ]) # LIBCFS_PROG_LINUX diff --git a/lustre/include/lustre_compat.h b/lustre/include/lustre_compat.h index b5a704b..ac80bde 100644 --- a/lustre/include/lustre_compat.h +++ b/lustre/include/lustre_compat.h @@ -42,6 +42,7 @@ #include #include #include +#include #include #include @@ -594,4 +595,16 @@ static inline bool is_root_inode(struct inode *inode) #define register_shrinker(_s) (register_shrinker(_s), 0) #endif +static inline void ll_security_release_secctx(char *secdata, u32 seclen) +{ +#ifdef HAVE_SEC_RELEASE_SECCTX_1ARG + struct lsmcontext context = { }; + + lsmcontext_init(&context, secdata, seclen, 0); + return security_release_secctx(&context); +#else + return security_release_secctx(secdata, seclen); +#endif +} + #endif /* _LUSTRE_COMPAT_H */ diff --git a/lustre/llite/llite_lib.c b/lustre/llite/llite_lib.c index f7c4c0d..2b0bd62 100644 --- a/lustre/llite/llite_lib.c +++ b/lustre/llite/llite_lib.c @@ -47,7 +47,6 @@ #include #include #include -#include #include #ifndef HAVE_CPUS_READ_LOCK @@ -3134,8 +3133,8 @@ struct md_op_data *ll_prep_md_op_data(struct md_op_data *op_data, void ll_finish_md_op_data(struct md_op_data *op_data) { ll_unlock_md_op_lsm(op_data); - security_release_secctx(op_data->op_file_secctx, - op_data->op_file_secctx_size); + ll_security_release_secctx(op_data->op_file_secctx, + op_data->op_file_secctx_size); llcrypt_free_ctx(op_data->op_file_encctx, op_data->op_file_encctx_size); OBD_FREE_PTR(op_data); } diff --git a/lustre/llite/namei.c b/lustre/llite/namei.c index 9d7eab3..ce1569f 100644 --- a/lustre/llite/namei.c +++ b/lustre/llite/namei.c @@ -35,7 +35,6 @@ #include #include #include -#include #include #include @@ -1180,7 +1179,7 @@ static int ll_atomic_open(struct inode *dir, struct dentry *dentry, /* Dentry instantiated in ll_create_it. */ rc = ll_create_it(dir, dentry, it, secctx, secctxlen, encrypt, encctx, encctxlen); - security_release_secctx(secctx, secctxlen); + ll_security_release_secctx(secctx, secctxlen); llcrypt_free_ctx(encctx, encctxlen); if (rc) { /* We dget in ll_splice_alias. */ -- 1.8.3.1