6 files changed, 49 insertions, 228 deletions
diff --git a/fs/Kconfig b/fs/Kconfig
index e54be7058359..ed78d24ee426 100644
--- a/fs/Kconfig
+++ b/fs/Kconfig
@@ -783,28 +783,6 @@ config SYSFS
        Designers of embedded systems may wish to say N here to conserve space.
-config DEVPTS_FS_XATTR
-        bool "/dev/pts Extended Attributes"
-        depends on UNIX98_PTYS
-        help
-          Extended attributes are name:value pairs associated with inodes by
-          the kernel or by users (see the attr(5) manual page, or visit
-          <http://acl.bestbits.at/> for details).
-          If unsure, say N.
-config DEVPTS_FS_SECURITY
-        bool "/dev/pts Security Labels"
-        depends on DEVPTS_FS_XATTR
-        help
-          Security labels support alternative access control models
-          implemented by security modules like SELinux.  This option
-          enables an extended attribute handler for file security
-          labels in the /dev/pts filesystem.
-          If you are not using a security module that requires using
-          extended attributes for file security labels, say N.
 config TMPFS
        bool "Virtual memory file system support (former shm fs)"
        help
@@ -817,27 +795,6 @@ config TMPFS
          See <file:Documentation/filesystems/tmpfs.txt> for details.
-config TMPFS_XATTR
-        bool "tmpfs Extended Attributes"
-        depends on TMPFS
-        help
-          Extended attributes are name:value pairs associated with inodes by
-          the kernel or by users (see the attr(5) manual page, or visit
-          <http://acl.bestbits.at/> for details).
-          If unsure, say N.
-config TMPFS_SECURITY
-        bool "tmpfs Security Labels"
-        depends on TMPFS_XATTR
-        help
-          Security labels support alternative access control models
-          implemented by security modules like SELinux.  This option
-          enables an extended attribute handler for file security
-          labels in the tmpfs filesystem.
-          If you are not using a security module that requires using
-          extended attributes for file security labels, say N.
 config HUGETLBFS
        bool "HugeTLB file system support"
        depends X86 || IA64 || PPC64 || SPARC64 || SUPERH || X86_64 || BROKEN
diff --git a/fs/devpts/Makefile b/fs/devpts/Makefile
index 5800df2e50c8..236696efcbac 100644
--- a/fs/devpts/Makefile
+++ b/fs/devpts/Makefile
@@ -5,4 +5,3 @@
 obj-$(CONFIG_UNIX98_PTYS)               += devpts.o
 devpts-$(CONFIG_UNIX98_PTYS)            := inode.o
-devpts-$(CONFIG_DEVPTS_FS_SECURITY)     += xattr_security.o
diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c
index 1571c8d6c232..f2be44d4491f 100644
--- a/fs/devpts/inode.c
+++ b/fs/devpts/inode.c
@@ -18,28 +18,9 @@
 #include <linux/mount.h>
 #include <linux/tty.h>
 #include <linux/devpts_fs.h>
-#include <linux/xattr.h>
 #define DEVPTS_SUPER_MAGIC 0x1cd1
-extern struct xattr_handler devpts_xattr_security_handler;
-static struct xattr_handler *devpts_xattr_handlers[] = {
-#ifdef CONFIG_DEVPTS_FS_SECURITY
-        &devpts_xattr_security_handler,
-#endif
-        NULL
-};
-static struct inode_operations devpts_file_inode_operations = {
-#ifdef CONFIG_DEVPTS_FS_XATTR
-        .setxattr       = generic_setxattr,
-        .getxattr       = generic_getxattr,
-        .listxattr      = generic_listxattr,
-        .removexattr    = generic_removexattr,
-#endif
-};
 static struct vfsmount *devpts_mnt;
 static struct dentry *devpts_root;
@@ -102,7 +83,6 @@ devpts_fill_super(struct super_block *s, void *data, int silent)
        s->s_blocksize_bits = 10;
        s->s_magic = DEVPTS_SUPER_MAGIC;
        s->s_op = &devpts_sops;
-        s->s_xattr = devpts_xattr_handlers;
        s->s_time_gran = 1;
        inode = new_inode(s);
@@ -175,7 +155,6 @@ int devpts_pty_new(struct tty_struct *tty)
        inode->i_gid = config.setgid ? config.gid : current->fsgid;
        inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
        init_special_inode(inode, S_IFCHR|config.mode, device);
-        inode->i_op = &devpts_file_inode_operations;
        inode->u.generic_ip = tty;
        dentry = get_node(number);
diff --git a/fs/devpts/xattr_security.c b/fs/devpts/xattr_security.c
deleted file mode 100644
index 864cb5c79baa..000000000000
--- a/fs/devpts/xattr_security.c
+++ /dev/null
@@ -1,47 +0,0 @@
-/*
- * Security xattr support for devpts.
- *
- * Author: Stephen Smalley <sds@epoch.ncsc.mil>
- * Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
- *
- * This program is free software; you can redistribute it and/or modify it
- * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- */
-#include <linux/string.h>
-#include <linux/fs.h>
-#include <linux/security.h>
-#include <linux/xattr.h>
-static size_t
-devpts_xattr_security_list(struct inode *inode, char *list, size_t list_len,
-                           const char *name, size_t name_len)
-{
-        return security_inode_listsecurity(inode, list, list_len);
-}
-static int
-devpts_xattr_security_get(struct inode *inode, const char *name,
-                          void *buffer, size_t size)
-{
-        if (strcmp(name, "") == 0)
-                return -EINVAL;
-        return security_inode_getsecurity(inode, name, buffer, size);
-}
-static int
-devpts_xattr_security_set(struct inode *inode, const char *name,
-                          const void *value, size_t size, int flags)
-{
-        if (strcmp(name, "") == 0)
-                return -EINVAL;
-        return security_inode_setsecurity(inode, name, value, size, flags);
-}
-struct xattr_handler devpts_xattr_security_handler = {
-        .prefix = XATTR_SECURITY_PREFIX,
-        .list   = devpts_xattr_security_list,
-        .get    = devpts_xattr_security_get,
-        .set    = devpts_xattr_security_set,
-};
diff --git a/fs/xattr.c b/fs/xattr.c
index 6acd5c63da91..dc8bc7624f26 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -51,20 +51,29 @@ setxattr(struct dentry *d, char __user *name, void __user *value,
                }
        }
+        down(&d->d_inode->i_sem);
+        error = security_inode_setxattr(d, kname, kvalue, size, flags);
+        if (error)
+                goto out;
        error = -EOPNOTSUPP;
        if (d->d_inode->i_op && d->d_inode->i_op->setxattr) {
-                down(&d->d_inode->i_sem);
+                error = d->d_inode->i_op->setxattr(d, kname, kvalue,
-                error = security_inode_setxattr(d, kname, kvalue, size, flags);
+                                                   size, flags);
-                if (error)
-                        goto out;
-                error = d->d_inode->i_op->setxattr(d, kname, kvalue, size, flags);
                if (!error) {
                        fsnotify_xattr(d);
-                        security_inode_post_setxattr(d, kname, kvalue, size, flags);
+                        security_inode_post_setxattr(d, kname, kvalue,
+                                                     size, flags);
                }
-out:
+        } else if (!strncmp(kname, XATTR_SECURITY_PREFIX,
-                up(&d->d_inode->i_sem);
+                            sizeof XATTR_SECURITY_PREFIX - 1)) {
+                const char *suffix = kname + sizeof XATTR_SECURITY_PREFIX - 1;
+                error = security_inode_setsecurity(d->d_inode, suffix, kvalue,
+                                                   size, flags);
+                if (!error)
+                        fsnotify_xattr(d);
        }
+out:
+        up(&d->d_inode->i_sem);
        if (kvalue)
                kfree(kvalue);
        return error;
@@ -139,20 +148,25 @@ getxattr(struct dentry *d, char __user *name, void __user *value, size_t size)
                        return -ENOMEM;
        }
+        error = security_inode_getxattr(d, kname);
+        if (error)
+                goto out;
        error = -EOPNOTSUPP;
-        if (d->d_inode->i_op && d->d_inode->i_op->getxattr) {
+        if (d->d_inode->i_op && d->d_inode->i_op->getxattr)
-                error = security_inode_getxattr(d, kname);
-                if (error)
-                        goto out;
                error = d->d_inode->i_op->getxattr(d, kname, kvalue, size);
-                if (error > 0) {
+        else if (!strncmp(kname, XATTR_SECURITY_PREFIX,
-                        if (size && copy_to_user(value, kvalue, error))
+                          sizeof XATTR_SECURITY_PREFIX - 1)) {
-                                error = -EFAULT;
+                const char *suffix = kname + sizeof XATTR_SECURITY_PREFIX - 1;
-                } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
+                error = security_inode_getsecurity(d->d_inode, suffix, kvalue,
-                        /* The file system tried to returned a value bigger
+                                                   size);
-                           than XATTR_SIZE_MAX bytes. Not possible. */
+        }
-                        error = -E2BIG;
+        if (error > 0) {
-                }
+                if (size && copy_to_user(value, kvalue, error))
+                        error = -EFAULT;
+        } else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
+                /* The file system tried to returned a value bigger
+                   than XATTR_SIZE_MAX bytes. Not possible. */
+                error = -E2BIG;
        }
 out:
        if (kvalue)
@@ -221,20 +235,24 @@ listxattr(struct dentry *d, char __user *list, size_t size)
                        return -ENOMEM;
        }
+        error = security_inode_listxattr(d);
+        if (error)
+                goto out;
        error = -EOPNOTSUPP;
        if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {
-                error = security_inode_listxattr(d);
-                if (error)
-                        goto out;
                error = d->d_inode->i_op->listxattr(d, klist, size);
-                if (error > 0) {
+        } else {
-                        if (size && copy_to_user(list, klist, error))
+                error = security_inode_listsecurity(d->d_inode, klist, size);
-                                error = -EFAULT;
+                if (size && error >= size)
-                } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
+                        error = -ERANGE;
-                        /* The file system tried to returned a list bigger
+        }
-                           than XATTR_LIST_MAX bytes. Not possible. */
+        if (error > 0) {
-                        error = -E2BIG;
+                if (size && copy_to_user(list, klist, error))
-                }
+                        error = -EFAULT;
+        } else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
+                /* The file system tried to returned a list bigger
+                   than XATTR_LIST_MAX bytes. Not possible. */
+                error = -E2BIG;
        }
 out:
        if (klist)
diff --git a/mm/shmem.c b/mm/shmem.c
index 08a3bc2fba61..bdc4bbb6ddbb 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -45,7 +45,6 @@
 #include <linux/swapops.h>
 #include <linux/mempolicy.h>
 #include <linux/namei.h>
-#include <linux/xattr.h>
 #include <asm/uaccess.h>
 #include <asm/div64.h>
 #include <asm/pgtable.h>
@@ -179,7 +178,6 @@ static struct address_space_operations shmem_aops;
 static struct file_operations shmem_file_operations;
 static struct inode_operations shmem_inode_operations;
 static struct inode_operations shmem_dir_inode_operations;
-static struct inode_operations shmem_special_inode_operations;
 static struct vm_operations_struct shmem_vm_ops;
 static struct backing_dev_info shmem_backing_dev_info = {
@@ -1300,7 +1298,6 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev)
                switch (mode & S_IFMT) {
                default:
-                        inode->i_op = &shmem_special_inode_operations;
                        init_special_inode(inode, mode, dev);
                        break;
                case S_IFREG:
@@ -1804,12 +1801,6 @@ static void shmem_put_link(struct dentry *dentry, struct nameidata *nd, void *co
 static struct inode_operations shmem_symlink_inline_operations = {
        .readlink       = generic_readlink,
        .follow_link    = shmem_follow_link_inline,
-#ifdef CONFIG_TMPFS_XATTR
-        .setxattr       = generic_setxattr,
-        .getxattr       = generic_getxattr,
-        .listxattr      = generic_listxattr,
-        .removexattr    = generic_removexattr,
-#endif
 };
 static struct inode_operations shmem_symlink_inode_operations = {
@@ -1817,12 +1808,6 @@ static struct inode_operations shmem_symlink_inode_operations = {
        .readlink       = generic_readlink,
        .follow_link    = shmem_follow_link,
        .put_link       = shmem_put_link,
-#ifdef CONFIG_TMPFS_XATTR
-        .setxattr       = generic_setxattr,
-        .getxattr       = generic_getxattr,
-        .listxattr      = generic_listxattr,
-        .removexattr    = generic_removexattr,
-#endif
 };
 static int shmem_parse_options(char *options, int *mode, uid_t *uid, gid_t *gid, unsigned long *blocks, unsigned long *inodes)
@@ -1942,12 +1927,6 @@ static void shmem_put_super(struct super_block *sb)
        sb->s_fs_info = NULL;
 }
-#ifdef CONFIG_TMPFS_XATTR
-static struct xattr_handler *shmem_xattr_handlers[];
-#else
-#define shmem_xattr_handlers NULL
-#endif
 static int shmem_fill_super(struct super_block *sb,
                            void *data, int silent)
 {
@@ -1998,7 +1977,6 @@ static int shmem_fill_super(struct super_block *sb,
        sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
        sb->s_magic = TMPFS_MAGIC;
        sb->s_op = &shmem_ops;
-        sb->s_xattr = shmem_xattr_handlers;
        inode = shmem_get_inode(sb, S_IFDIR | mode, 0);
        if (!inode)
@@ -2087,12 +2065,6 @@ static struct file_operations shmem_file_operations = {
 static struct inode_operations shmem_inode_operations = {
        .truncate       = shmem_truncate,
        .setattr        = shmem_notify_change,
-#ifdef CONFIG_TMPFS_XATTR
-        .setxattr       = generic_setxattr,
-        .getxattr       = generic_getxattr,
-        .listxattr      = generic_listxattr,
-        .removexattr    = generic_removexattr,
-#endif
 };
 static struct inode_operations shmem_dir_inode_operations = {
@@ -2106,21 +2078,6 @@ static struct inode_operations shmem_dir_inode_operations = {
        .rmdir          = shmem_rmdir,
        .mknod          = shmem_mknod,
        .rename         = shmem_rename,
-#ifdef CONFIG_TMPFS_XATTR
-        .setxattr       = generic_setxattr,
-        .getxattr       = generic_getxattr,
-        .listxattr      = generic_listxattr,
-        .removexattr    = generic_removexattr,
-#endif
-#endif
-};
-static struct inode_operations shmem_special_inode_operations = {
-#ifdef CONFIG_TMPFS_XATTR
-        .setxattr       = generic_setxattr,
-        .getxattr       = generic_getxattr,
-        .listxattr      = generic_listxattr,
-        .removexattr    = generic_removexattr,
 #endif
 };
@@ -2146,48 +2103,6 @@ static struct vm_operations_struct shmem_vm_ops = {
 };
-#ifdef CONFIG_TMPFS_SECURITY
-static size_t shmem_xattr_security_list(struct inode *inode, char *list, size_t list_len,
-                                        const char *name, size_t name_len)
-{
-        return security_inode_listsecurity(inode, list, list_len);
-}
-static int shmem_xattr_security_get(struct inode *inode, const char *name, void *buffer, size_t size)
-{
-        if (strcmp(name, "") == 0)
-                return -EINVAL;
-        return security_inode_getsecurity(inode, name, buffer, size);
-}
-static int shmem_xattr_security_set(struct inode *inode, const char *name, const void *value, size_t size, int flags)
-{
-        if (strcmp(name, "") == 0)
-                return -EINVAL;
-        return security_inode_setsecurity(inode, name, value, size, flags);
-}
-static struct xattr_handler shmem_xattr_security_handler = {
-        .prefix = XATTR_SECURITY_PREFIX,
-        .list   = shmem_xattr_security_list,
-        .get    = shmem_xattr_security_get,
-        .set    = shmem_xattr_security_set,
-};
-#endif  /* CONFIG_TMPFS_SECURITY */
-#ifdef CONFIG_TMPFS_XATTR
-static struct xattr_handler *shmem_xattr_handlers[] = {
-#ifdef CONFIG_TMPFS_SECURITY
-        &shmem_xattr_security_handler,
-#endif
-        NULL
-};
-#endif  /* CONFIG_TMPFS_XATTR */
 static struct super_block *shmem_get_sb(struct file_system_type *fs_type,
        int flags, const char *dev_name, void *data)
 {

diff --git a/fs/Kconfig b/fs/Kconfig index e54be7058359..ed78d24ee426 100644 --- a/fs/Kconfig +++ b/fs/Kconfig
@@ -783,28 +783,6 @@ config SYSFS
783		783
784	Designers of embedded systems may wish to say N here to conserve space.	784	Designers of embedded systems may wish to say N here to conserve space.
785		785
786	config DEVPTS_FS_XATTR
787	bool "/dev/pts Extended Attributes"
788	depends on UNIX98_PTYS
789	help
790	Extended attributes are name:value pairs associated with inodes by
791	the kernel or by users (see the attr(5) manual page, or visit
792	<http://acl.bestbits.at/> for details).
793
794	If unsure, say N.
795
796	config DEVPTS_FS_SECURITY
797	bool "/dev/pts Security Labels"
798	depends on DEVPTS_FS_XATTR
799	help
800	Security labels support alternative access control models
801	implemented by security modules like SELinux. This option
802	enables an extended attribute handler for file security
803	labels in the /dev/pts filesystem.
804
805	If you are not using a security module that requires using
806	extended attributes for file security labels, say N.
807
808	config TMPFS	786	config TMPFS
809	bool "Virtual memory file system support (former shm fs)"	787	bool "Virtual memory file system support (former shm fs)"
810	help	788	help
@@ -817,27 +795,6 @@ config TMPFS
817		795
818	See <file:Documentation/filesystems/tmpfs.txt> for details.	796	See <file:Documentation/filesystems/tmpfs.txt> for details.
819		797
820	config TMPFS_XATTR
821	bool "tmpfs Extended Attributes"
822	depends on TMPFS
823	help
824	Extended attributes are name:value pairs associated with inodes by
825	the kernel or by users (see the attr(5) manual page, or visit
826	<http://acl.bestbits.at/> for details).
827
828	If unsure, say N.
829
830	config TMPFS_SECURITY
831	bool "tmpfs Security Labels"
832	depends on TMPFS_XATTR
833	help
834	Security labels support alternative access control models
835	implemented by security modules like SELinux. This option
836	enables an extended attribute handler for file security
837	labels in the tmpfs filesystem.
838	If you are not using a security module that requires using
839	extended attributes for file security labels, say N.
840
841	config HUGETLBFS	798	config HUGETLBFS
842	bool "HugeTLB file system support"	799	bool "HugeTLB file system support"
843	depends X86 \|\| IA64 \|\| PPC64 \|\| SPARC64 \|\| SUPERH \|\| X86_64 \|\| BROKEN	800	depends X86 \|\| IA64 \|\| PPC64 \|\| SPARC64 \|\| SUPERH \|\| X86_64 \|\| BROKEN


diff --git a/fs/devpts/Makefile b/fs/devpts/Makefile index 5800df2e50c8..236696efcbac 100644 --- a/fs/devpts/Makefile +++ b/fs/devpts/Makefile
@@ -5,4 +5,3 @@
5	obj-$(CONFIG_UNIX98_PTYS) += devpts.o	5	obj-$(CONFIG_UNIX98_PTYS) += devpts.o
6		6
7	devpts-$(CONFIG_UNIX98_PTYS) := inode.o	7	devpts-$(CONFIG_UNIX98_PTYS) := inode.o
8	devpts-$(CONFIG_DEVPTS_FS_SECURITY) += xattr_security.o


diff --git a/fs/devpts/inode.c b/fs/devpts/inode.c index 1571c8d6c232..f2be44d4491f 100644 --- a/fs/devpts/inode.c +++ b/fs/devpts/inode.c
@@ -18,28 +18,9 @@
18	#include <linux/mount.h>	18	#include <linux/mount.h>
19	#include <linux/tty.h>	19	#include <linux/tty.h>
20	#include <linux/devpts_fs.h>	20	#include <linux/devpts_fs.h>
21	#include <linux/xattr.h>
22		21
23	#define DEVPTS_SUPER_MAGIC 0x1cd1	22	#define DEVPTS_SUPER_MAGIC 0x1cd1
24		23
25	extern struct xattr_handler devpts_xattr_security_handler;
26
27	static struct xattr_handler *devpts_xattr_handlers[] = {
28	#ifdef CONFIG_DEVPTS_FS_SECURITY
29	&devpts_xattr_security_handler,
30	#endif
31	NULL
32	};
33
34	static struct inode_operations devpts_file_inode_operations = {
35	#ifdef CONFIG_DEVPTS_FS_XATTR
36	.setxattr = generic_setxattr,
37	.getxattr = generic_getxattr,
38	.listxattr = generic_listxattr,
39	.removexattr = generic_removexattr,
40	#endif
41	};
42
43	static struct vfsmount *devpts_mnt;	24	static struct vfsmount *devpts_mnt;
44	static struct dentry *devpts_root;	25	static struct dentry *devpts_root;
45		26
@@ -102,7 +83,6 @@ devpts_fill_super(struct super_block s, void data, int silent)
102	s->s_blocksize_bits = 10;	83	s->s_blocksize_bits = 10;
103	s->s_magic = DEVPTS_SUPER_MAGIC;	84	s->s_magic = DEVPTS_SUPER_MAGIC;
104	s->s_op = &devpts_sops;	85	s->s_op = &devpts_sops;
105	s->s_xattr = devpts_xattr_handlers;
106	s->s_time_gran = 1;	86	s->s_time_gran = 1;
107		87
108	inode = new_inode(s);	88	inode = new_inode(s);
@@ -175,7 +155,6 @@ int devpts_pty_new(struct tty_struct *tty)
175	inode->i_gid = config.setgid ? config.gid : current->fsgid;	155	inode->i_gid = config.setgid ? config.gid : current->fsgid;
176	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;	156	inode->i_mtime = inode->i_atime = inode->i_ctime = CURRENT_TIME;
177	init_special_inode(inode, S_IFCHR\|config.mode, device);	157	init_special_inode(inode, S_IFCHR\|config.mode, device);
178	inode->i_op = &devpts_file_inode_operations;
179	inode->u.generic_ip = tty;	158	inode->u.generic_ip = tty;
180		159
181	dentry = get_node(number);	160	dentry = get_node(number);


diff --git a/fs/devpts/xattr_security.c b/fs/devpts/xattr_security.c deleted file mode 100644 index 864cb5c79baa..000000000000 --- a/fs/devpts/xattr_security.c +++ /dev/null
@@ -1,47 +0,0 @@
1	/*
2	* Security xattr support for devpts.
3	*
4	* Author: Stephen Smalley <sds@epoch.ncsc.mil>
5	* Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
6	*
7	* This program is free software; you can redistribute it and/or modify it
8	* under the terms of the GNU General Public License as published by the Free
9	* Software Foundation; either version 2 of the License, or (at your option)
10	* any later version.
11	*/
12	#include <linux/string.h>
13	#include <linux/fs.h>
14	#include <linux/security.h>
15	#include <linux/xattr.h>
16
17	static size_t
18	devpts_xattr_security_list(struct inode inode, char list, size_t list_len,
19	const char *name, size_t name_len)
20	{
21	return security_inode_listsecurity(inode, list, list_len);
22	}
23
24	static int
25	devpts_xattr_security_get(struct inode inode, const char name,
26	void *buffer, size_t size)
27	{
28	if (strcmp(name, "") == 0)
29	return -EINVAL;
30	return security_inode_getsecurity(inode, name, buffer, size);
31	}
32
33	static int
34	devpts_xattr_security_set(struct inode inode, const char name,
35	const void *value, size_t size, int flags)
36	{
37	if (strcmp(name, "") == 0)
38	return -EINVAL;
39	return security_inode_setsecurity(inode, name, value, size, flags);
40	}
41
42	struct xattr_handler devpts_xattr_security_handler = {
43	.prefix = XATTR_SECURITY_PREFIX,
44	.list = devpts_xattr_security_list,
45	.get = devpts_xattr_security_get,
46	.set = devpts_xattr_security_set,
47	};


diff --git a/fs/xattr.c b/fs/xattr.c index 6acd5c63da91..dc8bc7624f26 100644 --- a/fs/xattr.c +++ b/fs/xattr.c
@@ -51,20 +51,29 @@ setxattr(struct dentry d, char __user name, void __user *value,
51	}	51	}
52	}	52	}
53		53
		54	down(&d->d_inode->i_sem);
		55	error = security_inode_setxattr(d, kname, kvalue, size, flags);
		56	if (error)
		57	goto out;
54	error = -EOPNOTSUPP;	58	error = -EOPNOTSUPP;
55	if (d->d_inode->i_op && d->d_inode->i_op->setxattr) {	59	if (d->d_inode->i_op && d->d_inode->i_op->setxattr) {
56	down(&d->d_inode->i_sem);	60	error = d->d_inode->i_op->setxattr(d, kname, kvalue,
57	error = security_inode_setxattr(d, kname, kvalue, size, flags);	61	size, flags);
58	if (error)
59	goto out;
60	error = d->d_inode->i_op->setxattr(d, kname, kvalue, size, flags);
61	if (!error) {	62	if (!error) {
62	fsnotify_xattr(d);	63	fsnotify_xattr(d);
63	security_inode_post_setxattr(d, kname, kvalue, size, flags);	64	security_inode_post_setxattr(d, kname, kvalue,
		65	size, flags);
64	}	66	}
65	out:	67	} else if (!strncmp(kname, XATTR_SECURITY_PREFIX,
66	up(&d->d_inode->i_sem);	68	sizeof XATTR_SECURITY_PREFIX - 1)) {
		69	const char *suffix = kname + sizeof XATTR_SECURITY_PREFIX - 1;
		70	error = security_inode_setsecurity(d->d_inode, suffix, kvalue,
		71	size, flags);
		72	if (!error)
		73	fsnotify_xattr(d);
67	}	74	}
		75	out:
		76	up(&d->d_inode->i_sem);
68	if (kvalue)	77	if (kvalue)
69	kfree(kvalue);	78	kfree(kvalue);
70	return error;	79	return error;
@@ -139,20 +148,25 @@ getxattr(struct dentry d, char __user name, void __user *value, size_t size)
139	return -ENOMEM;	148	return -ENOMEM;
140	}	149	}
141		150
		151	error = security_inode_getxattr(d, kname);
		152	if (error)
		153	goto out;
142	error = -EOPNOTSUPP;	154	error = -EOPNOTSUPP;
143	if (d->d_inode->i_op && d->d_inode->i_op->getxattr) {	155	if (d->d_inode->i_op && d->d_inode->i_op->getxattr)
144	error = security_inode_getxattr(d, kname);
145	if (error)
146	goto out;
147	error = d->d_inode->i_op->getxattr(d, kname, kvalue, size);	156	error = d->d_inode->i_op->getxattr(d, kname, kvalue, size);
148	if (error > 0) {	157	else if (!strncmp(kname, XATTR_SECURITY_PREFIX,
149	if (size && copy_to_user(value, kvalue, error))	158	sizeof XATTR_SECURITY_PREFIX - 1)) {
150	error = -EFAULT;	159	const char *suffix = kname + sizeof XATTR_SECURITY_PREFIX - 1;
151	} else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {	160	error = security_inode_getsecurity(d->d_inode, suffix, kvalue,
152	/* The file system tried to returned a value bigger	161	size);
153	than XATTR_SIZE_MAX bytes. Not possible. */	162	}
154	error = -E2BIG;	163	if (error > 0) {
155	}	164	if (size && copy_to_user(value, kvalue, error))
		165	error = -EFAULT;
		166	} else if (error == -ERANGE && size >= XATTR_SIZE_MAX) {
		167	/* The file system tried to returned a value bigger
		168	than XATTR_SIZE_MAX bytes. Not possible. */
		169	error = -E2BIG;
156	}	170	}
157	out:	171	out:
158	if (kvalue)	172	if (kvalue)
@@ -221,20 +235,24 @@ listxattr(struct dentry d, char __user list, size_t size)
221	return -ENOMEM;	235	return -ENOMEM;
222	}	236	}
223		237
		238	error = security_inode_listxattr(d);
		239	if (error)
		240	goto out;
224	error = -EOPNOTSUPP;	241	error = -EOPNOTSUPP;
225	if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {	242	if (d->d_inode->i_op && d->d_inode->i_op->listxattr) {
226	error = security_inode_listxattr(d);
227	if (error)
228	goto out;
229	error = d->d_inode->i_op->listxattr(d, klist, size);	243	error = d->d_inode->i_op->listxattr(d, klist, size);
230	if (error > 0) {	244	} else {
231	if (size && copy_to_user(list, klist, error))	245	error = security_inode_listsecurity(d->d_inode, klist, size);
232	error = -EFAULT;	246	if (size && error >= size)
233	} else if (error == -ERANGE && size >= XATTR_LIST_MAX) {	247	error = -ERANGE;
234	/* The file system tried to returned a list bigger	248	}
235	than XATTR_LIST_MAX bytes. Not possible. */	249	if (error > 0) {
236	error = -E2BIG;	250	if (size && copy_to_user(list, klist, error))
237	}	251	error = -EFAULT;
		252	} else if (error == -ERANGE && size >= XATTR_LIST_MAX) {
		253	/* The file system tried to returned a list bigger
		254	than XATTR_LIST_MAX bytes. Not possible. */
		255	error = -E2BIG;
238	}	256	}
239	out:	257	out:
240	if (klist)	258	if (klist)


diff --git a/mm/shmem.c b/mm/shmem.c index 08a3bc2fba61..bdc4bbb6ddbb 100644 --- a/mm/shmem.c +++ b/mm/shmem.c
@@ -45,7 +45,6 @@
45	#include <linux/swapops.h>	45	#include <linux/swapops.h>
46	#include <linux/mempolicy.h>	46	#include <linux/mempolicy.h>
47	#include <linux/namei.h>	47	#include <linux/namei.h>
48	#include <linux/xattr.h>
49	#include <asm/uaccess.h>	48	#include <asm/uaccess.h>
50	#include <asm/div64.h>	49	#include <asm/div64.h>
51	#include <asm/pgtable.h>	50	#include <asm/pgtable.h>
@@ -179,7 +178,6 @@ static struct address_space_operations shmem_aops;
179	static struct file_operations shmem_file_operations;	178	static struct file_operations shmem_file_operations;
180	static struct inode_operations shmem_inode_operations;	179	static struct inode_operations shmem_inode_operations;
181	static struct inode_operations shmem_dir_inode_operations;	180	static struct inode_operations shmem_dir_inode_operations;
182	static struct inode_operations shmem_special_inode_operations;
183	static struct vm_operations_struct shmem_vm_ops;	181	static struct vm_operations_struct shmem_vm_ops;
184		182
185	static struct backing_dev_info shmem_backing_dev_info = {	183	static struct backing_dev_info shmem_backing_dev_info = {
@@ -1300,7 +1298,6 @@ shmem_get_inode(struct super_block *sb, int mode, dev_t dev)
1300		1298
1301	switch (mode & S_IFMT) {	1299	switch (mode & S_IFMT) {
1302	default:	1300	default:
1303	inode->i_op = &shmem_special_inode_operations;
1304	init_special_inode(inode, mode, dev);	1301	init_special_inode(inode, mode, dev);
1305	break;	1302	break;
1306	case S_IFREG:	1303	case S_IFREG:
@@ -1804,12 +1801,6 @@ static void shmem_put_link(struct dentry dentry, struct nameidata nd, void *co
1804	static struct inode_operations shmem_symlink_inline_operations = {	1801	static struct inode_operations shmem_symlink_inline_operations = {
1805	.readlink = generic_readlink,	1802	.readlink = generic_readlink,
1806	.follow_link = shmem_follow_link_inline,	1803	.follow_link = shmem_follow_link_inline,
1807	#ifdef CONFIG_TMPFS_XATTR
1808	.setxattr = generic_setxattr,
1809	.getxattr = generic_getxattr,
1810	.listxattr = generic_listxattr,
1811	.removexattr = generic_removexattr,
1812	#endif
1813	};	1804	};
1814		1805
1815	static struct inode_operations shmem_symlink_inode_operations = {	1806	static struct inode_operations shmem_symlink_inode_operations = {
@@ -1817,12 +1808,6 @@ static struct inode_operations shmem_symlink_inode_operations = {
1817	.readlink = generic_readlink,	1808	.readlink = generic_readlink,
1818	.follow_link = shmem_follow_link,	1809	.follow_link = shmem_follow_link,
1819	.put_link = shmem_put_link,	1810	.put_link = shmem_put_link,
1820	#ifdef CONFIG_TMPFS_XATTR
1821	.setxattr = generic_setxattr,
1822	.getxattr = generic_getxattr,
1823	.listxattr = generic_listxattr,
1824	.removexattr = generic_removexattr,
1825	#endif
1826	};	1811	};
1827		1812
1828	static int shmem_parse_options(char options, int mode, uid_t uid, gid_t gid, unsigned long blocks, unsigned long inodes)	1813	static int shmem_parse_options(char options, int mode, uid_t uid, gid_t gid, unsigned long blocks, unsigned long inodes)
@@ -1942,12 +1927,6 @@ static void shmem_put_super(struct super_block *sb)
1942	sb->s_fs_info = NULL;	1927	sb->s_fs_info = NULL;
1943	}	1928	}
1944		1929
1945	#ifdef CONFIG_TMPFS_XATTR
1946	static struct xattr_handler *shmem_xattr_handlers[];
1947	#else
1948	#define shmem_xattr_handlers NULL
1949	#endif
1950
1951	static int shmem_fill_super(struct super_block *sb,	1930	static int shmem_fill_super(struct super_block *sb,
1952	void *data, int silent)	1931	void *data, int silent)
1953	{	1932	{
@@ -1998,7 +1977,6 @@ static int shmem_fill_super(struct super_block *sb,
1998	sb->s_blocksize_bits = PAGE_CACHE_SHIFT;	1977	sb->s_blocksize_bits = PAGE_CACHE_SHIFT;
1999	sb->s_magic = TMPFS_MAGIC;	1978	sb->s_magic = TMPFS_MAGIC;
2000	sb->s_op = &shmem_ops;	1979	sb->s_op = &shmem_ops;
2001	sb->s_xattr = shmem_xattr_handlers;
2002		1980
2003	inode = shmem_get_inode(sb, S_IFDIR \| mode, 0);	1981	inode = shmem_get_inode(sb, S_IFDIR \| mode, 0);
2004	if (!inode)	1982	if (!inode)
@@ -2087,12 +2065,6 @@ static struct file_operations shmem_file_operations = {
2087	static struct inode_operations shmem_inode_operations = {	2065	static struct inode_operations shmem_inode_operations = {
2088	.truncate = shmem_truncate,	2066	.truncate = shmem_truncate,
2089	.setattr = shmem_notify_change,	2067	.setattr = shmem_notify_change,
2090	#ifdef CONFIG_TMPFS_XATTR
2091	.setxattr = generic_setxattr,
2092	.getxattr = generic_getxattr,
2093	.listxattr = generic_listxattr,
2094	.removexattr = generic_removexattr,
2095	#endif
2096	};	2068	};
2097		2069
2098	static struct inode_operations shmem_dir_inode_operations = {	2070	static struct inode_operations shmem_dir_inode_operations = {
@@ -2106,21 +2078,6 @@ static struct inode_operations shmem_dir_inode_operations = {
2106	.rmdir = shmem_rmdir,	2078	.rmdir = shmem_rmdir,
2107	.mknod = shmem_mknod,	2079	.mknod = shmem_mknod,
2108	.rename = shmem_rename,	2080	.rename = shmem_rename,
2109	#ifdef CONFIG_TMPFS_XATTR
2110	.setxattr = generic_setxattr,
2111	.getxattr = generic_getxattr,
2112	.listxattr = generic_listxattr,
2113	.removexattr = generic_removexattr,
2114	#endif
2115	#endif
2116	};
2117
2118	static struct inode_operations shmem_special_inode_operations = {
2119	#ifdef CONFIG_TMPFS_XATTR
2120	.setxattr = generic_setxattr,
2121	.getxattr = generic_getxattr,
2122	.listxattr = generic_listxattr,
2123	.removexattr = generic_removexattr,
2124	#endif	2081	#endif
2125	};	2082	};
2126		2083
@@ -2146,48 +2103,6 @@ static struct vm_operations_struct shmem_vm_ops = {
2146	};	2103	};
2147		2104
2148		2105
2149	#ifdef CONFIG_TMPFS_SECURITY
2150
2151	static size_t shmem_xattr_security_list(struct inode inode, char list, size_t list_len,
2152	const char *name, size_t name_len)
2153	{
2154	return security_inode_listsecurity(inode, list, list_len);
2155	}
2156
2157	static int shmem_xattr_security_get(struct inode inode, const char name, void *buffer, size_t size)
2158	{
2159	if (strcmp(name, "") == 0)
2160	return -EINVAL;
2161	return security_inode_getsecurity(inode, name, buffer, size);
2162	}
2163
2164	static int shmem_xattr_security_set(struct inode inode, const char name, const void *value, size_t size, int flags)
2165	{
2166	if (strcmp(name, "") == 0)
2167	return -EINVAL;
2168	return security_inode_setsecurity(inode, name, value, size, flags);
2169	}
2170
2171	static struct xattr_handler shmem_xattr_security_handler = {
2172	.prefix = XATTR_SECURITY_PREFIX,
2173	.list = shmem_xattr_security_list,
2174	.get = shmem_xattr_security_get,
2175	.set = shmem_xattr_security_set,
2176	};
2177
2178	#endif /* CONFIG_TMPFS_SECURITY */
2179
2180	#ifdef CONFIG_TMPFS_XATTR
2181
2182	static struct xattr_handler *shmem_xattr_handlers[] = {
2183	#ifdef CONFIG_TMPFS_SECURITY
2184	&shmem_xattr_security_handler,
2185	#endif
2186	NULL
2187	};
2188
2189	#endif /* CONFIG_TMPFS_XATTR */
2190
2191	static struct super_block shmem_get_sb(struct file_system_type fs_type,	2106	static struct super_block shmem_get_sb(struct file_system_type fs_type,
2192	int flags, const char dev_name, void data)	2107	int flags, const char dev_name, void data)
2193	{	2108	{