7 files changed, 100 insertions, 21 deletions
diff --git a/fs/f2fs/Kconfig b/fs/f2fs/Kconfig
index fd27e7e6326e..e06e0995e00f 100644
--- a/fs/f2fs/Kconfig
+++ b/fs/f2fs/Kconfig
@@ -51,3 +51,15 @@ config F2FS_FS_POSIX_ACL
          Linux website <http://acl.bestbits.at/>.
          If you don't know what Access Control Lists are, say N
+config F2FS_FS_SECURITY
+        bool "F2FS Security Labels"
+        depends on F2FS_FS_XATTR
+        help
+          Security labels provide an access control facility to support Linux
+          Security Models (LSMs) accepted by AppArmor, SELinux, Smack and TOMOYO
+          Linux. This option enables an extended attribute handler for file
+          security labels in the f2fs filesystem, so that it requires enabling
+          the extended attribute support in advance.
+          If you are not using a security module, say N.
diff --git a/fs/f2fs/acl.c b/fs/f2fs/acl.c
index 44abc2f286e0..b7826ec1b470 100644
--- a/fs/f2fs/acl.c
+++ b/fs/f2fs/acl.c
@@ -250,7 +250,7 @@ static int f2fs_set_acl(struct inode *inode, int type, struct posix_acl *acl)
                }
        }
-        error = f2fs_setxattr(inode, name_index, "", value, size);
+        error = f2fs_setxattr(inode, name_index, "", value, size, NULL);
        kfree(value);
        if (!error)
diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
index 67e2d1361fa2..eaea5b50d9c1 100644
--- a/fs/f2fs/dir.c
+++ b/fs/f2fs/dir.c
@@ -13,6 +13,7 @@
 #include "f2fs.h"
 #include "node.h"
 #include "acl.h"
+#include "xattr.h"
 static unsigned long dir_blocks(struct inode *inode)
 {
@@ -334,6 +335,10 @@ static struct page *init_inode_metadata(struct inode *inode,
                if (err)
                        goto error;
+                err = f2fs_init_security(inode, dir, name, page);
+                if (err)
+                        goto error;
                wait_on_page_writeback(page);
        } else {
                page = get_node_page(F2FS_SB(dir->i_sb), inode->i_ino);
diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h
index d6e63da513cf..4f2c209ae8c1 100644
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@@ -968,7 +968,7 @@ int get_dnode_of_data(struct dnode_of_data *, pgoff_t, int);
 int truncate_inode_blocks(struct inode *, pgoff_t);
 int remove_inode_page(struct inode *);
 struct page *new_inode_page(struct inode *, const struct qstr *);
-struct page *new_node_page(struct dnode_of_data *, unsigned int);
+struct page *new_node_page(struct dnode_of_data *, unsigned int, struct page *);
 void ra_node_page(struct f2fs_sb_info *, nid_t);
 struct page *get_node_page(struct f2fs_sb_info *, pgoff_t);
 struct page *get_node_page_ra(struct page *, int);
diff --git a/fs/f2fs/node.c b/fs/f2fs/node.c
index 5a59780b22d0..b02440c5b2eb 100644
--- a/fs/f2fs/node.c
+++ b/fs/f2fs/node.c
@@ -433,7 +433,7 @@ int get_dnode_of_data(struct dnode_of_data *dn, pgoff_t index, int mode)
                        }
                        dn->nid = nids[i];
-                        npage[i] = new_node_page(dn, noffset[i]);
+                        npage[i] = new_node_page(dn, noffset[i], NULL);
                        if (IS_ERR(npage[i])) {
                                alloc_nid_failed(sbi, nids[i]);
                                err = PTR_ERR(npage[i]);
@@ -814,10 +814,11 @@ struct page *new_inode_page(struct inode *inode, const struct qstr *name)
        set_new_dnode(&dn, inode, NULL, NULL, inode->i_ino);
        /* caller should f2fs_put_page(page, 1); */
-        return new_node_page(&dn, 0);
+        return new_node_page(&dn, 0, NULL);
 }
-struct page *new_node_page(struct dnode_of_data *dn, unsigned int ofs)
+struct page *new_node_page(struct dnode_of_data *dn,
+                                unsigned int ofs, struct page *ipage)
 {
        struct f2fs_sb_info *sbi = F2FS_SB(dn->inode->i_sb);
        struct address_space *mapping = sbi->node_inode->i_mapping;
@@ -850,7 +851,10 @@ struct page *new_node_page(struct dnode_of_data *dn, unsigned int ofs)
        set_cold_node(dn->inode, page);
        dn->node_page = page;
-        sync_inode_page(dn);
+        if (ipage)
+                update_inode(dn->inode, ipage);
+        else
+                sync_inode_page(dn);
        set_page_dirty(page);
        if (ofs == 0)
                inc_valid_inode_count(sbi);
diff --git a/fs/f2fs/xattr.c b/fs/f2fs/xattr.c
index ae61f359554f..3ab07ecd86ca 100644
--- a/fs/f2fs/xattr.c
+++ b/fs/f2fs/xattr.c
@@ -20,6 +20,7 @@
 */
 #include <linux/rwsem.h>
 #include <linux/f2fs_fs.h>
+#include <linux/security.h>
 #include "f2fs.h"
 #include "xattr.h"
@@ -43,6 +44,10 @@ static size_t f2fs_xattr_generic_list(struct dentry *dentry, char *list,
                prefix = XATTR_TRUSTED_PREFIX;
                prefix_len = XATTR_TRUSTED_PREFIX_LEN;
                break;
+        case F2FS_XATTR_INDEX_SECURITY:
+                prefix = XATTR_SECURITY_PREFIX;
+                prefix_len = XATTR_SECURITY_PREFIX_LEN;
+                break;
        default:
                return -EINVAL;
        }
@@ -50,7 +55,7 @@ static size_t f2fs_xattr_generic_list(struct dentry *dentry, char *list,
        total_len = prefix_len + name_len + 1;
        if (list && total_len <= list_size) {
                memcpy(list, prefix, prefix_len);
-                memcpy(list+prefix_len, name, name_len);
+                memcpy(list + prefix_len, name, name_len);
                list[prefix_len + name_len] = '\0';
        }
        return total_len;
@@ -70,13 +75,14 @@ static int f2fs_xattr_generic_get(struct dentry *dentry, const char *name,
                if (!capable(CAP_SYS_ADMIN))
                        return -EPERM;
                break;
+        case F2FS_XATTR_INDEX_SECURITY:
+                break;
        default:
                return -EINVAL;
        }
        if (strcmp(name, "") == 0)
                return -EINVAL;
-        return f2fs_getxattr(dentry->d_inode, type, name,
+        return f2fs_getxattr(dentry->d_inode, type, name, buffer, size);
-                        buffer, size);
 }
 static int f2fs_xattr_generic_set(struct dentry *dentry, const char *name,
@@ -93,13 +99,15 @@ static int f2fs_xattr_generic_set(struct dentry *dentry, const char *name,
                if (!capable(CAP_SYS_ADMIN))
                        return -EPERM;
                break;
+        case F2FS_XATTR_INDEX_SECURITY:
+                break;
        default:
                return -EINVAL;
        }
        if (strcmp(name, "") == 0)
                return -EINVAL;
-        return f2fs_setxattr(dentry->d_inode, type, name, value, size);
+        return f2fs_setxattr(dentry->d_inode, type, name, value, size, NULL);
 }
 static size_t f2fs_xattr_advise_list(struct dentry *dentry, char *list,
@@ -145,6 +153,31 @@ static int f2fs_xattr_advise_set(struct dentry *dentry, const char *name,
        return 0;
 }
+#ifdef CONFIG_F2FS_FS_SECURITY
+static int f2fs_initxattrs(struct inode *inode, const struct xattr *xattr_array,
+                void *page)
+{
+        const struct xattr *xattr;
+        int err = 0;
+        for (xattr = xattr_array; xattr->name != NULL; xattr++) {
+                err = f2fs_setxattr(inode, F2FS_XATTR_INDEX_SECURITY,
+                                xattr->name, xattr->value,
+                                xattr->value_len, (struct page *)page);
+                if (err < 0)
+                        break;
+        }
+        return err;
+}
+int f2fs_init_security(struct inode *inode, struct inode *dir,
+                                const struct qstr *qstr, struct page *ipage)
+{
+        return security_inode_init_security(inode, dir, qstr,
+                                &f2fs_initxattrs, ipage);
+}
+#endif
 const struct xattr_handler f2fs_xattr_user_handler = {
        .prefix = XATTR_USER_PREFIX,
        .flags  = F2FS_XATTR_INDEX_USER,
@@ -169,6 +202,14 @@ const struct xattr_handler f2fs_xattr_advise_handler = {
        .set    = f2fs_xattr_advise_set,
 };
+const struct xattr_handler f2fs_xattr_security_handler = {
+        .prefix = XATTR_SECURITY_PREFIX,
+        .flags  = F2FS_XATTR_INDEX_SECURITY,
+        .list   = f2fs_xattr_generic_list,
+        .get    = f2fs_xattr_generic_get,
+        .set    = f2fs_xattr_generic_set,
+};
 static const struct xattr_handler *f2fs_xattr_handler_map[] = {
        [F2FS_XATTR_INDEX_USER] = &f2fs_xattr_user_handler,
 #ifdef CONFIG_F2FS_FS_POSIX_ACL
@@ -176,6 +217,9 @@ static const struct xattr_handler *f2fs_xattr_handler_map[] = {
        [F2FS_XATTR_INDEX_POSIX_ACL_DEFAULT] = &f2fs_xattr_acl_default_handler,
 #endif
        [F2FS_XATTR_INDEX_TRUSTED] = &f2fs_xattr_trusted_handler,
+#ifdef CONFIG_F2FS_FS_SECURITY
+        [F2FS_XATTR_INDEX_SECURITY] = &f2fs_xattr_security_handler,
+#endif
        [F2FS_XATTR_INDEX_ADVISE] = &f2fs_xattr_advise_handler,
 };
@@ -186,6 +230,9 @@ const struct xattr_handler *f2fs_xattr_handlers[] = {
        &f2fs_xattr_acl_default_handler,
 #endif
        &f2fs_xattr_trusted_handler,
+#ifdef CONFIG_F2FS_FS_SECURITY
+        &f2fs_xattr_security_handler,
+#endif
        &f2fs_xattr_advise_handler,
        NULL,
 };
@@ -300,7 +347,7 @@ cleanup:
 }
 int f2fs_setxattr(struct inode *inode, int name_index, const char *name,
-                                        const void *value, size_t value_len)
+                        const void *value, size_t value_len, struct page *ipage)
 {
        struct f2fs_sb_info *sbi = F2FS_SB(inode->i_sb);
        struct f2fs_inode_info *fi = F2FS_I(inode);
@@ -339,7 +386,7 @@ int f2fs_setxattr(struct inode *inode, int name_index, const char *name,
                set_new_dnode(&dn, inode, NULL, NULL, fi->i_xattr_nid);
                mark_inode_dirty(inode);
-                page = new_node_page(&dn, XATTR_NODE_OFFSET);
+                page = new_node_page(&dn, XATTR_NODE_OFFSET, ipage);
                if (IS_ERR(page)) {
                        alloc_nid_failed(sbi, fi->i_xattr_nid);
                        fi->i_xattr_nid = 0;
@@ -439,7 +486,10 @@ int f2fs_setxattr(struct inode *inode, int name_index, const char *name,
                inode->i_ctime = CURRENT_TIME;
                clear_inode_flag(fi, FI_ACL_MODE);
        }
-        update_inode_page(inode);
+        if (ipage)
+                update_inode(inode, ipage);
+        else
+                update_inode_page(inode);
        mutex_unlock_op(sbi, ilock);
        return 0;
diff --git a/fs/f2fs/xattr.h b/fs/f2fs/xattr.h
index 49c9558305e3..3c0817bef25d 100644
--- a/fs/f2fs/xattr.h
+++ b/fs/f2fs/xattr.h
@@ -112,21 +112,19 @@ extern const struct xattr_handler f2fs_xattr_trusted_handler;
 extern const struct xattr_handler f2fs_xattr_acl_access_handler;
 extern const struct xattr_handler f2fs_xattr_acl_default_handler;
 extern const struct xattr_handler f2fs_xattr_advise_handler;
+extern const struct xattr_handler f2fs_xattr_security_handler;
 extern const struct xattr_handler *f2fs_xattr_handlers[];
-extern int f2fs_setxattr(struct inode *inode, int name_index, const char *name,
+extern int f2fs_setxattr(struct inode *, int, const char *,
-                const void *value, size_t value_len);
+                                const void *, size_t, struct page *);
-extern int f2fs_getxattr(struct inode *inode, int name_index, const char *name,
+extern int f2fs_getxattr(struct inode *, int, const char *, void *, size_t);
-                void *buffer, size_t buffer_size);
+extern ssize_t f2fs_listxattr(struct dentry *, char *, size_t);
-extern ssize_t f2fs_listxattr(struct dentry *dentry, char *buffer,
-                size_t buffer_size);
 #else
 #define f2fs_xattr_handlers     NULL
 static inline int f2fs_setxattr(struct inode *inode, int name_index,
-        const char *name, const void *value, size_t value_len)
+                const char *name, const void *value, size_t value_len)
 {
        return -EOPNOTSUPP;
 }
@@ -142,4 +140,14 @@ static inline ssize_t f2fs_listxattr(struct dentry *dentry, char *buffer,
 }
 #endif
+#ifdef CONFIG_F2FS_FS_SECURITY
+extern int f2fs_init_security(struct inode *, struct inode *,
+                                const struct qstr *, struct page *);
+#else
+static inline int f2fs_init_security(struct inode *inode, struct inode *dir,
+                                const struct qstr *qstr, struct page *ipage)
+{
+        return 0;
+}
+#endif
 #endif /* __F2FS_XATTR_H__ */