Linux 3.2 compat, security_inode_init_security()

The security_inode_init_security() API has been changed to include
a filesystem specific callback to write security extended attributes.
This was done to support the initialization of multiple LSM xattrs
and the EVM xattr.

This change updates the code to use the new API when it's available.
Otherwise it falls back to the previous implementation.

In addition, the ZFS_AC_KERNEL_6ARGS_SECURITY_INODE_INIT_SECURITY
autoconf test has been made more rigerous by passing the expected
types.  This is done to ensure we always properly the detect the
correct form for the security_inode_init_security() API.

Signed-off-by: Brian Behlendorf <[email protected]>
Closes #516

2 files changed, 39 insertions, 1 deletions

diff --git a/config/kernel-security-inode-init.m4 b/config/kernel-security-inode-init.m4
index a26de9fd6..c21588af7 100644
--- a/config/kernel-security-inode-init.m4
+++ b/config/kernel-security-inode-init.m4
@@ -12,7 +12,14 @@ AC_DEFUN([ZFS_AC_KERNEL_6ARGS_SECURITY_INODE_INIT_SECURITY], [
 	ZFS_LINUX_TRY_COMPILE([
 		#include <linux/security.h>
 	],[
-		security_inode_init_security(NULL,NULL,NULL,NULL,NULL,NULL);
+		struct inode *ip __attribute__ ((unused)) = NULL;
+		struct inode *dip __attribute__ ((unused)) = NULL;
+		const struct qstr *str __attribute__ ((unused)) = NULL;
+		char *name __attribute__ ((unused)) = NULL;
+		void *value __attribute__ ((unused)) = NULL;
+		size_t len __attribute__ ((unused)) = 0;
+
+		security_inode_init_security(ip, dip, str, &name, &value, &len);
 	],[
 		AC_MSG_RESULT(yes)
 		AC_DEFINE(HAVE_6ARGS_SECURITY_INODE_INIT_SECURITY, 1,
@@ -22,3 +29,33 @@ AC_DEFUN([ZFS_AC_KERNEL_6ARGS_SECURITY_INODE_INIT_SECURITY], [
 	])
 	EXTRA_KCFLAGS="$tmp_flags"
 ])
+
+dnl #
+dnl # 3.2 API change
+dnl # The security_inode_init_security() API has been changed to include
+dnl # a filesystem specific callback to write security extended attributes.
+dnl # This was done to support the initialization of multiple LSM xattrs
+dnl # and the EVM xattr.
+dnl #
+AC_DEFUN([ZFS_AC_KERNEL_CALLBACK_SECURITY_INODE_INIT_SECURITY], [
+	AC_MSG_CHECKING([whether security_inode_init_security wants callback])
+	tmp_flags="$EXTRA_KCFLAGS"
+	EXTRA_KCFLAGS="-Werror"
+	ZFS_LINUX_TRY_COMPILE([
+		#include <linux/security.h>
+	],[
+		struct inode *ip __attribute__ ((unused)) = NULL;
+		struct inode *dip __attribute__ ((unused)) = NULL;
+		const struct qstr *str __attribute__ ((unused)) = NULL;
+		initxattrs func __attribute__ ((unused)) = NULL;
+
+		security_inode_init_security(ip, dip, str, func, NULL);
+	],[
+		AC_MSG_RESULT(yes)
+		AC_DEFINE(HAVE_CALLBACK_SECURITY_INODE_INIT_SECURITY, 1,
+		          [security_inode_init_security wants callback])
+	],[
+		AC_MSG_RESULT(no)
+	])
+	EXTRA_KCFLAGS="$tmp_flags"
+])
diff --git a/config/kernel.m4 b/config/kernel.m4
index 2afe77e63..45e9b149a 100644
--- a/config/kernel.m4
+++ b/config/kernel.m4
@@ -41,6 +41,7 @@ AC_DEFUN([ZFS_AC_CONFIG_KERNEL], [
 	ZFS_AC_KERNEL_CHECK_DISK_SIZE_CHANGE
 	ZFS_AC_KERNEL_TRUNCATE_SETSIZE
 	ZFS_AC_KERNEL_6ARGS_SECURITY_INODE_INIT_SECURITY
+	ZFS_AC_KERNEL_CALLBACK_SECURITY_INODE_INIT_SECURITY
 	ZFS_AC_KERNEL_MOUNT_NODEV
 	ZFS_AC_KERNEL_SHRINK
 	ZFS_AC_KERNEL_BDI