Commit 7d8a4c39 authored by Eric Sandeen's avatar Eric Sandeen Committed by Jialin Zhang
Browse files

xfs: add selinux labels to whiteout inodes 

mainline inclusion
from mainline-v6.0-rc1
commit 70b589a3
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4KIAO
CVE: NA

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=70b589a37e1aba892c1e5d41957b0042f9eb031b



--------------------------------

We got a report that "renameat2() with flags=RENAME_WHITEOUT doesn't
apply an SELinux label on xfs" as it does on other filesystems
(for example, ext4 and tmpfs.)  While I'm not quite sure how labels
may interact w/ whiteout files, leaving them as unlabeled seems
inconsistent at best. Now that xfs_init_security is not static,
rename it to xfs_inode_init_security per dchinner's suggestion.

Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
Reviewed-by: default avatarDave Chinner <dchinner@redhat.com>
Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>

Conflicts:
	fs/xfs/xfs_inode.c
	fs/xfs/xfs_iops.h

Signed-off-by: default avataryangerkun <yangerkun@huawei.com>
Reviewed-by: default avatarZhang Yi <yi.zhang@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parent cb02d6fe

fs/xfs/xfs_inode.c

+12 −1
Original line number Diff line number Diff line
@@ -3183,16 +3183,27 @@ xfs_cross_rename( 
 */

static int

xfs_rename_alloc_whiteout(

	struct xfs_name		*src_name,

	struct xfs_inode	*dp,

	struct xfs_inode	**wip)

{

	struct xfs_inode	*tmpfile;

	struct qstr		name;

	int			error;



	error = xfs_create_tmpfile(dp, S_IFCHR | WHITEOUT_MODE, &tmpfile);

	if (error)

		return error;



	name.name = src_name->name;

	name.len = src_name->len;

	error = xfs_inode_init_security(VFS_I(tmpfile), VFS_I(dp), &name);

	if (error) {

		xfs_finish_inode_setup(tmpfile);

		xfs_irele(tmpfile);

		return error;

	}



	/*

	 * Prepare the tmpfile inode as if it were created through the VFS.

	 * Complete the inode setup and flag it as linkable.  nlink is already
@@ -3241,7 +3252,7 @@ xfs_rename( 
	 * appropriately.

	 */

	if (flags & RENAME_WHITEOUT) {

		error = xfs_rename_alloc_whiteout(target_dp, &wip);

		error = xfs_rename_alloc_whiteout(src_name, target_dp, &wip);

		if (error)

			return error;

fs/xfs/xfs_iops.c

+5 −6
Original line number Diff line number Diff line
@@ -71,9 +71,8 @@ xfs_initxattrs( 
 * these attrs can be journalled at inode creation time (along with the

 * inode, of course, such that log replay can't cause these to be lost).

 */



STATIC int

xfs_init_security(

int

xfs_inode_init_security(

	struct inode	*inode,

	struct inode	*dir,

	const struct qstr *qstr)
@@ -118,7 +117,7 @@ xfs_cleanup_inode( 


	/* Oh, the horror.

	 * If we can't add the ACL or we fail in

	 * xfs_init_security we must back out.

	 * xfs_inode_init_security we must back out.

	 * ENOSPC can hit here, among other things.

	 */

	xfs_dentry_to_name(&teardown, dentry);
@@ -170,7 +169,7 @@ xfs_generic_create( 


	inode = VFS_I(ip);



	error = xfs_init_security(inode, dir, &dentry->d_name);

	error = xfs_inode_init_security(inode, dir, &dentry->d_name);

	if (unlikely(error))

		goto out_cleanup_inode;
@@ -385,7 +384,7 @@ xfs_vn_symlink( 


	inode = VFS_I(cip);



	error = xfs_init_security(inode, dir, &dentry->d_name);

	error = xfs_inode_init_security(inode, dir, &dentry->d_name);

	if (unlikely(error))

		goto out_cleanup_inode;

fs/xfs/xfs_iops.h

+3 −0
Original line number Diff line number Diff line
@@ -24,4 +24,7 @@ extern int xfs_setattr_nonsize(struct xfs_inode *ip, struct iattr *vap, 
extern int xfs_vn_setattr_nonsize(struct dentry *dentry, struct iattr *vap);

extern int xfs_vn_setattr_size(struct dentry *dentry, struct iattr *vap);



int xfs_inode_init_security(struct inode *inode, struct inode *dir,

		const struct qstr *qstr);



#endif /* __XFS_IOPS_H__ */