8 files changed, 412 insertions, 23 deletions
diff --git a/include/linux/errno.h b/include/linux/errno.h
index 3cba627577d6..d73f597a2484 100644
--- a/include/linux/errno.h
+++ b/include/linux/errno.h
@@ -18,6 +18,7 @@
 #define ERESTART_RESTARTBLOCK 516 /* restart by calling sys_restart_syscall */
 #define EPROBE_DEFER    517     /* Driver requests probe retry */
 #define EOPENSTALE      518     /* open found a stale dentry */
+#define ENOPARAM        519     /* Parameter not supported */
 /* Defined for the NFSv3 protocol */
 #define EBADHANDLE      521     /* Illegal NFS file handle */
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 80c6a4093b46..8b42df09b04c 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -64,6 +64,8 @@ struct workqueue_struct;
 struct iov_iter;
 struct fscrypt_info;
 struct fscrypt_operations;
+struct fs_context;
+struct fs_parameter_description;
 extern void __init inode_init(void);
 extern void __init inode_init_early(void);
@@ -1349,6 +1351,7 @@ extern int send_sigurg(struct fown_struct *fown);
 /* These sb flags are internal to the kernel */
 #define SB_SUBMOUNT     (1<<26)
+#define SB_FORCE        (1<<27)
 #define SB_NOSEC        (1<<28)
 #define SB_BORN         (1<<29)
 #define SB_ACTIVE       (1<<30)
@@ -1459,7 +1462,7 @@ struct super_block {
         * Filesystem subtype.  If non-empty the filesystem type field
         * in /proc/mounts will be "type.subtype"
         */
-        char *s_subtype;
+        const char *s_subtype;
        const struct dentry_operations *s_d_op; /* default d_op for dentries */
@@ -2170,6 +2173,8 @@ struct file_system_type {
 #define FS_HAS_SUBTYPE          4
 #define FS_USERNS_MOUNT         8       /* Can be mounted by userns root */
 #define FS_RENAME_DOES_D_MOVE   32768   /* FS will handle d_move() during rename() internally. */
+        int (*init_fs_context)(struct fs_context *);
+        const struct fs_parameter_description *parameters;
        struct dentry *(*mount) (struct file_system_type *, int,
                       const char *, void *);
        void (*kill_sb) (struct super_block *);
@@ -2225,8 +2230,12 @@ void kill_litter_super(struct super_block *sb);
 void deactivate_super(struct super_block *sb);
 void deactivate_locked_super(struct super_block *sb);
 int set_anon_super(struct super_block *s, void *data);
+int set_anon_super_fc(struct super_block *s, struct fs_context *fc);
 int get_anon_bdev(dev_t *);
 void free_anon_bdev(dev_t);
+struct super_block *sget_fc(struct fs_context *fc,
+                            int (*test)(struct super_block *, struct fs_context *),
+                            int (*set)(struct super_block *, struct fs_context *));
 struct super_block *sget_userns(struct file_system_type *type,
                        int (*test)(struct super_block *,void *),
                        int (*set)(struct super_block *,void *),
@@ -2269,8 +2278,7 @@ mount_pseudo(struct file_system_type *fs_type, char *name,
 extern int register_filesystem(struct file_system_type *);
 extern int unregister_filesystem(struct file_system_type *);
-extern struct vfsmount *kern_mount_data(struct file_system_type *, void *data);
+extern struct vfsmount *kern_mount(struct file_system_type *);
-#define kern_mount(type) kern_mount_data(type, NULL)
 extern void kern_unmount(struct vfsmount *mnt);
 extern int may_umount_tree(struct vfsmount *);
 extern int may_umount(struct vfsmount *);
diff --git a/include/linux/fs_context.h b/include/linux/fs_context.h
new file mode 100644
index 000000000000..eaca452088fa
--- /dev/null
+++ b/include/linux/fs_context.h
@@ -0,0 +1,188 @@
+/* Filesystem superblock creation and reconfiguration context.
+ *
+ * Copyright (C) 2018 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+#ifndef _LINUX_FS_CONTEXT_H
+#define _LINUX_FS_CONTEXT_H
+#include <linux/kernel.h>
+#include <linux/errno.h>
+#include <linux/security.h>
+struct cred;
+struct dentry;
+struct file_operations;
+struct file_system_type;
+struct mnt_namespace;
+struct net;
+struct pid_namespace;
+struct super_block;
+struct user_namespace;
+struct vfsmount;
+struct path;
+enum fs_context_purpose {
+        FS_CONTEXT_FOR_MOUNT,           /* New superblock for explicit mount */
+        FS_CONTEXT_FOR_SUBMOUNT,        /* New superblock for automatic submount */
+        FS_CONTEXT_FOR_RECONFIGURE,     /* Superblock reconfiguration (remount) */
+};
+/*
+ * Type of parameter value.
+ */
+enum fs_value_type {
+        fs_value_is_undefined,
+        fs_value_is_flag,               /* Value not given a value */
+        fs_value_is_string,             /* Value is a string */
+        fs_value_is_blob,               /* Value is a binary blob */
+        fs_value_is_filename,           /* Value is a filename* + dirfd */
+        fs_value_is_filename_empty,     /* Value is a filename* + dirfd + AT_EMPTY_PATH */
+        fs_value_is_file,               /* Value is a file* */
+};
+/*
+ * Configuration parameter.
+ */
+struct fs_parameter {
+        const char              *key;           /* Parameter name */
+        enum fs_value_type      type:8;         /* The type of value here */
+        union {
+                char            *string;
+                void            *blob;
+                struct filename *name;
+                struct file     *file;
+        };
+        size_t  size;
+        int     dirfd;
+};
+/*
+ * Filesystem context for holding the parameters used in the creation or
+ * reconfiguration of a superblock.
+ *
+ * Superblock creation fills in ->root whereas reconfiguration begins with this
+ * already set.
+ *
+ * See Documentation/filesystems/mounting.txt
+ */
+struct fs_context {
+        const struct fs_context_operations *ops;
+        struct file_system_type *fs_type;
+        void                    *fs_private;    /* The filesystem's context */
+        struct dentry           *root;          /* The root and superblock */
+        struct user_namespace   *user_ns;       /* The user namespace for this mount */
+        struct net              *net_ns;        /* The network namespace for this mount */
+        const struct cred       *cred;          /* The mounter's credentials */
+        const char              *source;        /* The source name (eg. dev path) */
+        const char              *subtype;       /* The subtype to set on the superblock */
+        void                    *security;      /* Linux S&M options */
+        void                    *s_fs_info;     /* Proposed s_fs_info */
+        unsigned int            sb_flags;       /* Proposed superblock flags (SB_*) */
+        unsigned int            sb_flags_mask;  /* Superblock flags that were changed */
+        unsigned int            lsm_flags;      /* Information flags from the fs to the LSM */
+        enum fs_context_purpose purpose:8;
+        bool                    need_free:1;    /* Need to call ops->free() */
+        bool                    global:1;       /* Goes into &init_user_ns */
+};
+struct fs_context_operations {
+        void (*free)(struct fs_context *fc);
+        int (*dup)(struct fs_context *fc, struct fs_context *src_fc);
+        int (*parse_param)(struct fs_context *fc, struct fs_parameter *param);
+        int (*parse_monolithic)(struct fs_context *fc, void *data);
+        int (*get_tree)(struct fs_context *fc);
+        int (*reconfigure)(struct fs_context *fc);
+};
+/*
+ * fs_context manipulation functions.
+ */
+extern struct fs_context *fs_context_for_mount(struct file_system_type *fs_type,
+                                                unsigned int sb_flags);
+extern struct fs_context *fs_context_for_reconfigure(struct dentry *dentry,
+                                                unsigned int sb_flags,
+                                                unsigned int sb_flags_mask);
+extern struct fs_context *fs_context_for_submount(struct file_system_type *fs_type,
+                                                struct dentry *reference);
+extern struct fs_context *vfs_dup_fs_context(struct fs_context *fc);
+extern int vfs_parse_fs_param(struct fs_context *fc, struct fs_parameter *param);
+extern int vfs_parse_fs_string(struct fs_context *fc, const char *key,
+                               const char *value, size_t v_size);
+extern int generic_parse_monolithic(struct fs_context *fc, void *data);
+extern int vfs_get_tree(struct fs_context *fc);
+extern void put_fs_context(struct fs_context *fc);
+/*
+ * sget() wrapper to be called from the ->get_tree() op.
+ */
+enum vfs_get_super_keying {
+        vfs_get_single_super,   /* Only one such superblock may exist */
+        vfs_get_keyed_super,    /* Superblocks with different s_fs_info keys may exist */
+        vfs_get_independent_super, /* Multiple independent superblocks may exist */
+};
+extern int vfs_get_super(struct fs_context *fc,
+                         enum vfs_get_super_keying keying,
+                         int (*fill_super)(struct super_block *sb,
+                                           struct fs_context *fc));
+extern const struct file_operations fscontext_fops;
+#ifdef CONFIG_PRINTK
+extern __attribute__((format(printf, 2, 3)))
+void logfc(struct fs_context *fc, const char *fmt, ...);
+#else
+static inline __attribute__((format(printf, 2, 3)))
+void logfc(struct fs_context *fc, const char *fmt, ...)
+{
+}
+#endif
+/**
+ * infof - Store supplementary informational message
+ * @fc: The context in which to log the informational message
+ * @fmt: The format string
+ *
+ * Store the supplementary informational message for the process if the process
+ * has enabled the facility.
+ */
+#define infof(fc, fmt, ...) ({ logfc(fc, "i "fmt, ## __VA_ARGS__); })
+/**
+ * warnf - Store supplementary warning message
+ * @fc: The context in which to log the error message
+ * @fmt: The format string
+ *
+ * Store the supplementary warning message for the process if the process has
+ * enabled the facility.
+ */
+#define warnf(fc, fmt, ...) ({ logfc(fc, "w "fmt, ## __VA_ARGS__); })
+/**
+ * errorf - Store supplementary error message
+ * @fc: The context in which to log the error message
+ * @fmt: The format string
+ *
+ * Store the supplementary error message for the process if the process has
+ * enabled the facility.
+ */
+#define errorf(fc, fmt, ...) ({ logfc(fc, "e "fmt, ## __VA_ARGS__); })
+/**
+ * invalf - Store supplementary invalid argument error message
+ * @fc: The context in which to log the error message
+ * @fmt: The format string
+ *
+ * Store the supplementary error message for the process if the process has
+ * enabled the facility and return -EINVAL.
+ */
+#define invalf(fc, fmt, ...) ({ errorf(fc, fmt, ## __VA_ARGS__); -EINVAL; })
+#endif /* _LINUX_FS_CONTEXT_H */
diff --git a/include/linux/fs_parser.h b/include/linux/fs_parser.h
new file mode 100644
index 000000000000..d966f96ffe62
--- /dev/null
+++ b/include/linux/fs_parser.h
@@ -0,0 +1,151 @@
+/* Filesystem parameter description and parser
+ *
+ * Copyright (C) 2018 Red Hat, Inc. All Rights Reserved.
+ * Written by David Howells (dhowells@redhat.com)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public Licence
+ * as published by the Free Software Foundation; either version
+ * 2 of the Licence, or (at your option) any later version.
+ */
+#ifndef _LINUX_FS_PARSER_H
+#define _LINUX_FS_PARSER_H
+#include <linux/fs_context.h>
+struct path;
+struct constant_table {
+        const char      *name;
+        int             value;
+};
+/*
+ * The type of parameter expected.
+ */
+enum fs_parameter_type {
+        __fs_param_wasnt_defined,
+        fs_param_is_flag,
+        fs_param_is_bool,
+        fs_param_is_u32,
+        fs_param_is_u32_octal,
+        fs_param_is_u32_hex,
+        fs_param_is_s32,
+        fs_param_is_u64,
+        fs_param_is_enum,
+        fs_param_is_string,
+        fs_param_is_blob,
+        fs_param_is_blockdev,
+        fs_param_is_path,
+        fs_param_is_fd,
+        nr__fs_parameter_type,
+};
+/*
+ * Specification of the type of value a parameter wants.
+ *
+ * Note that the fsparam_flag(), fsparam_string(), fsparam_u32(), ... macros
+ * should be used to generate elements of this type.
+ */
+struct fs_parameter_spec {
+        const char              *name;
+        u8                      opt;    /* Option number (returned by fs_parse()) */
+        enum fs_parameter_type  type:8; /* The desired parameter type */
+        unsigned short          flags;
+#define fs_param_v_optional     0x0001  /* The value is optional */
+#define fs_param_neg_with_no    0x0002  /* "noxxx" is negative param */
+#define fs_param_neg_with_empty 0x0004  /* "xxx=" is negative param */
+#define fs_param_deprecated     0x0008  /* The param is deprecated */
+};
+struct fs_parameter_enum {
+        u8              opt;            /* Option number (as fs_parameter_spec::opt) */
+        char            name[14];
+        u8              value;
+};
+struct fs_parameter_description {
+        const char      name[16];               /* Name for logging purposes */
+        const struct fs_parameter_spec *specs;  /* List of param specifications */
+        const struct fs_parameter_enum *enums;  /* Enum values */
+};
+/*
+ * Result of parse.
+ */
+struct fs_parse_result {
+        bool                    negated;        /* T if param was "noxxx" */
+        bool                    has_value;      /* T if value supplied to param */
+        union {
+                bool            boolean;        /* For spec_bool */
+                int             int_32;         /* For spec_s32/spec_enum */
+                unsigned int    uint_32;        /* For spec_u32{,_octal,_hex}/spec_enum */
+                u64             uint_64;        /* For spec_u64 */
+        };
+};
+extern int fs_parse(struct fs_context *fc,
+                    const struct fs_parameter_description *desc,
+                    struct fs_parameter *value,
+                    struct fs_parse_result *result);
+extern int fs_lookup_param(struct fs_context *fc,
+                           struct fs_parameter *param,
+                           bool want_bdev,
+                           struct path *_path);
+extern int __lookup_constant(const struct constant_table tbl[], size_t tbl_size,
+                             const char *name, int not_found);
+#define lookup_constant(t, n, nf) __lookup_constant(t, ARRAY_SIZE(t), (n), (nf))
+#ifdef CONFIG_VALIDATE_FS_PARSER
+extern bool validate_constant_table(const struct constant_table *tbl, size_t tbl_size,
+                                    int low, int high, int special);
+extern bool fs_validate_description(const struct fs_parameter_description *desc);
+#else
+static inline bool validate_constant_table(const struct constant_table *tbl, size_t tbl_size,
+                                           int low, int high, int special)
+{ return true; }
+static inline bool fs_validate_description(const struct fs_parameter_description *desc)
+{ return true; }
+#endif
+/*
+ * Parameter type, name, index and flags element constructors.  Use as:
+ *
+ *  fsparam_xxxx("foo", Opt_foo)
+ *
+ * If existing helpers are not enough, direct use of __fsparam() would
+ * work, but any such case is probably a sign that new helper is needed.
+ * Helpers will remain stable; low-level implementation may change.
+ */
+#define __fsparam(TYPE, NAME, OPT, FLAGS) \
+        { \
+                .name = NAME, \
+                .opt = OPT, \
+                .type = TYPE, \
+                .flags = FLAGS \
+        }
+#define fsparam_flag(NAME, OPT) __fsparam(fs_param_is_flag, NAME, OPT, 0)
+#define fsparam_flag_no(NAME, OPT) \
+                                __fsparam(fs_param_is_flag, NAME, OPT, \
+                                            fs_param_neg_with_no)
+#define fsparam_bool(NAME, OPT) __fsparam(fs_param_is_bool, NAME, OPT, 0)
+#define fsparam_u32(NAME, OPT)  __fsparam(fs_param_is_u32, NAME, OPT, 0)
+#define fsparam_u32oct(NAME, OPT) \
+                                __fsparam(fs_param_is_u32_octal, NAME, OPT, 0)
+#define fsparam_u32hex(NAME, OPT) \
+                                __fsparam(fs_param_is_u32_hex, NAME, OPT, 0)
+#define fsparam_s32(NAME, OPT)  __fsparam(fs_param_is_s32, NAME, OPT, 0)
+#define fsparam_u64(NAME, OPT)  __fsparam(fs_param_is_u64, NAME, OPT, 0)
+#define fsparam_enum(NAME, OPT) __fsparam(fs_param_is_enum, NAME, OPT, 0)
+#define fsparam_string(NAME, OPT) \
+                                __fsparam(fs_param_is_string, NAME, OPT, 0)
+#define fsparam_blob(NAME, OPT) __fsparam(fs_param_is_blob, NAME, OPT, 0)
+#define fsparam_bdev(NAME, OPT) __fsparam(fs_param_is_blockdev, NAME, OPT, 0)
+#define fsparam_path(NAME, OPT) __fsparam(fs_param_is_path, NAME, OPT, 0)
+#define fsparam_fd(NAME, OPT)   __fsparam(fs_param_is_fd, NAME, OPT, 0)
+#endif /* _LINUX_FS_PARSER_H */
diff --git a/include/linux/kernfs.h b/include/linux/kernfs.h
index 0cac1207bb00..c8893f663470 100644
--- a/include/linux/kernfs.h
+++ b/include/linux/kernfs.h
@@ -26,7 +26,9 @@ struct vm_area_struct;
 struct super_block;
 struct file_system_type;
 struct poll_table_struct;
+struct fs_context;
+struct kernfs_fs_context;
 struct kernfs_open_node;
 struct kernfs_iattrs;
@@ -168,7 +170,6 @@ struct kernfs_node {
 * kernfs_node parameter.
 */
 struct kernfs_syscall_ops {
-        int (*remount_fs)(struct kernfs_root *root, int *flags, char *data);
        int (*show_options)(struct seq_file *sf, struct kernfs_root *root);
        int (*mkdir)(struct kernfs_node *parent, const char *name,
@@ -272,6 +273,18 @@ struct kernfs_ops {
 #endif
 };
+/*
+ * The kernfs superblock creation/mount parameter context.
+ */
+struct kernfs_fs_context {
+        struct kernfs_root      *root;          /* Root of the hierarchy being mounted */
+        void                    *ns_tag;        /* Namespace tag of the mount (or NULL) */
+        unsigned long           magic;          /* File system specific magic number */
+        /* The following are set/used by kernfs_mount() */
+        bool                    new_sb_created; /* Set to T if we allocated a new sb */
+};
 #ifdef CONFIG_KERNFS
 static inline enum kernfs_node_type kernfs_type(struct kernfs_node *kn)
@@ -359,11 +372,9 @@ __poll_t kernfs_generic_poll(struct kernfs_open_file *of,
 void kernfs_notify(struct kernfs_node *kn);
 const void *kernfs_super_ns(struct super_block *sb);
-struct dentry *kernfs_mount_ns(struct file_system_type *fs_type, int flags,
+int kernfs_get_tree(struct fs_context *fc);
-                               struct kernfs_root *root, unsigned long magic,
+void kernfs_free_fs_context(struct fs_context *fc);
-                               bool *new_sb_created, const void *ns);
 void kernfs_kill_sb(struct super_block *sb);
-struct super_block *kernfs_pin_sb(struct kernfs_root *root, const void *ns);
 void kernfs_init(void);
@@ -465,11 +476,10 @@ static inline void kernfs_notify(struct kernfs_node *kn) { }
 static inline const void *kernfs_super_ns(struct super_block *sb)
 { return NULL; }
-static inline struct dentry *
+static inline int kernfs_get_tree(struct fs_context *fc)
-kernfs_mount_ns(struct file_system_type *fs_type, int flags,
+{ return -ENOSYS; }
-                struct kernfs_root *root, unsigned long magic,
-                bool *new_sb_created, const void *ns)
+static inline void kernfs_free_fs_context(struct fs_context *fc) { }
-{ return ERR_PTR(-ENOSYS); }
 static inline void kernfs_kill_sb(struct super_block *sb) { }
@@ -552,13 +562,4 @@ static inline int kernfs_rename(struct kernfs_node *kn,
        return kernfs_rename_ns(kn, new_parent, new_name, NULL);
 }
-static inline struct dentry *
-kernfs_mount(struct file_system_type *fs_type, int flags,
-                struct kernfs_root *root, unsigned long magic,
-                bool *new_sb_created)
-{
-        return kernfs_mount_ns(fs_type, flags, root,
-                                magic, new_sb_created, NULL);
-}
 #endif  /* __LINUX_KERNFS_H */
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 85a301632cf1..a9b8ff578b6b 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -76,6 +76,22 @@
 *      changes on the process such as clearing out non-inheritable signal
 *      state.  This is called immediately after commit_creds().
 *
+ * Security hooks for mount using fs_context.
+ *      [See also Documentation/filesystems/mounting.txt]
+ *
+ * @fs_context_dup:
+ *      Allocate and attach a security structure to sc->security.  This pointer
+ *      is initialised to NULL by the caller.
+ *      @fc indicates the new filesystem context.
+ *      @src_fc indicates the original filesystem context.
+ * @fs_context_parse_param:
+ *      Userspace provided a parameter to configure a superblock.  The LSM may
+ *      reject it with an error and may use it for itself, in which case it
+ *      should return 0; otherwise it should return -ENOPARAM to pass it on to
+ *      the filesystem.
+ *      @fc indicates the filesystem context.
+ *      @param The parameter
+ *
 * Security hooks for filesystem operations.
 *
 * @sb_alloc_security:
@@ -1460,6 +1476,9 @@ union security_list_options {
        void (*bprm_committing_creds)(struct linux_binprm *bprm);
        void (*bprm_committed_creds)(struct linux_binprm *bprm);
+        int (*fs_context_dup)(struct fs_context *fc, struct fs_context *src_sc);
+        int (*fs_context_parse_param)(struct fs_context *fc, struct fs_parameter *param);
        int (*sb_alloc_security)(struct super_block *sb);
        void (*sb_free_security)(struct super_block *sb);
        void (*sb_free_mnt_opts)(void *mnt_opts);
@@ -1800,6 +1819,8 @@ struct security_hook_heads {
        struct hlist_head bprm_check_security;
        struct hlist_head bprm_committing_creds;
        struct hlist_head bprm_committed_creds;
+        struct hlist_head fs_context_dup;
+        struct hlist_head fs_context_parse_param;
        struct hlist_head sb_alloc_security;
        struct hlist_head sb_free_security;
        struct hlist_head sb_free_mnt_opts;
diff --git a/include/linux/mount.h b/include/linux/mount.h
index 037eed52164b..9197ddbf35fb 100644
--- a/include/linux/mount.h
+++ b/include/linux/mount.h
@@ -21,6 +21,7 @@ struct super_block;
 struct vfsmount;
 struct dentry;
 struct mnt_namespace;
+struct fs_context;
 #define MNT_NOSUID      0x01
 #define MNT_NODEV       0x02
@@ -88,6 +89,8 @@ struct path;
 extern struct vfsmount *clone_private_mount(const struct path *path);
 struct file_system_type;
+extern struct vfsmount *fc_mount(struct fs_context *fc);
+extern struct vfsmount *vfs_create_mount(struct fs_context *fc);
 extern struct vfsmount *vfs_kern_mount(struct file_system_type *type,
                                      int flags, const char *name,
                                      void *data);
diff --git a/include/linux/security.h b/include/linux/security.h
index 2b35a43d11d6..49f2685324b0 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -53,6 +53,9 @@ struct msg_msg;
 struct xattr;
 struct xfrm_sec_ctx;
 struct mm_struct;
+struct fs_context;
+struct fs_parameter;
+enum fs_value_type;
 /* Default (no) options for the capable function */
 #define CAP_OPT_NONE 0x0
@@ -61,7 +64,7 @@ struct mm_struct;
 /* If capable is being called by a setid function */
 #define CAP_OPT_INSETID BIT(2)
-/* LSM Agnostic defines for sb_set_mnt_opts */
+/* LSM Agnostic defines for fs_context::lsm_flags */
 #define SECURITY_LSM_NATIVE_LABELS      1
 struct ctl_table;
@@ -223,6 +226,8 @@ int security_bprm_set_creds(struct linux_binprm *bprm);
 int security_bprm_check(struct linux_binprm *bprm);
 void security_bprm_committing_creds(struct linux_binprm *bprm);
 void security_bprm_committed_creds(struct linux_binprm *bprm);
+int security_fs_context_dup(struct fs_context *fc, struct fs_context *src_fc);
+int security_fs_context_parse_param(struct fs_context *fc, struct fs_parameter *param);
 int security_sb_alloc(struct super_block *sb);
 void security_sb_free(struct super_block *sb);
 void security_free_mnt_opts(void **mnt_opts);
@@ -519,6 +524,17 @@ static inline void security_bprm_committed_creds(struct linux_binprm *bprm)
 {
 }
+static inline int security_fs_context_dup(struct fs_context *fc,
+                                          struct fs_context *src_fc)
+{
+        return 0;
+}
+static inline int security_fs_context_parse_param(struct fs_context *fc,
+                                                  struct fs_parameter *param)
+{
+        return -ENOPARAM;
+}
 static inline int security_sb_alloc(struct super_block *sb)
 {
        return 0;