NFS: Client implementation of Labeled-NFS

	struct dentry *alias;

	struct inode *dir = parent->d_inode;

	struct inode *inode;

	int status;

	if (filename.name[0] == '.') {

		if (filename.len == 1)

	dentry = d_lookup(parent, &filename);

	if (dentry != NULL) {

		if (nfs_same_file(dentry, entry)) {

			nfs_refresh_inode(dentry->d_inode, entry->fattr);

			status = nfs_refresh_inode(dentry->d_inode, entry->fattr);

			if (!status)

				nfs_setsecurity(dentry->d_inode, entry->fattr, entry->label);

			goto out;

		} else {

			if (d_invalidate(dentry) != 0)

	if ((error = nfs_refresh_inode(inode, fattr)) != 0)

		goto out_bad;

	nfs_setsecurity(inode, fattr, label);

	nfs_free_fattr(fattr);

	nfs_free_fhandle(fhandle);

	nfs4_label_free(label);

	memset(NFS_I(inode)->cookieverf, 0, sizeof(NFS_I(inode)->cookieverf));

	if (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)) {

		nfsi->cache_validity |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_DATA|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL|NFS_INO_REVAL_PAGECACHE;

		nfs_fscache_invalidate(inode);

	} else {

		nfsi->cache_validity |= NFS_INO_INVALID_ATTR|NFS_INO_INVALID_ACCESS|NFS_INO_INVALID_ACL|NFS_INO_REVAL_PAGECACHE;

	}

		nfsi->cache_validity |= NFS_INO_INVALID_ATTR

					| NFS_INO_INVALID_LABEL

					| NFS_INO_INVALID_DATA

					| NFS_INO_INVALID_ACCESS

					| NFS_INO_INVALID_ACL

					| NFS_INO_REVAL_PAGECACHE;

	} else

		nfsi->cache_validity |= NFS_INO_INVALID_ATTR

					| NFS_INO_INVALID_LABEL

					| NFS_INO_INVALID_ACCESS

					| NFS_INO_INVALID_ACL

					| NFS_INO_REVAL_PAGECACHE;

}

void nfs_zap_caches(struct inode *inode)

}

#ifdef CONFIG_NFS_V4_SECURITY_LABEL

void nfs_setsecurity(struct inode *inode, struct nfs_fattr *fattr,

					struct nfs4_label *label)

{

	int error;

	if (label == NULL)

		return;

	if (nfs_server_capable(inode, NFS_CAP_SECURITY_LABEL) == 0)

		return;

	if (NFS_SERVER(inode)->nfs_client->cl_minorversion < 2)

		return;

	if ((fattr->valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL) && inode->i_security) {

		error = security_inode_notifysecctx(inode, label->label,

				label->len);

		if (error)

			printk(KERN_ERR "%s() %s %d "

					"security_inode_notifysecctx() %d\n",

					__func__,

					(char *)label->label,

					label->len, error);

	}

}

struct nfs4_label *nfs4_label_alloc(struct nfs_server *server, gfp_t flags)

{

	struct nfs4_label *label = NULL;

	return label;

}

EXPORT_SYMBOL_GPL(nfs4_label_alloc);

#else

void inline nfs_setsecurity(struct inode *inode, struct nfs_fattr *fattr,

					struct nfs4_label *label)

{

}

#endif

EXPORT_SYMBOL_GPL(nfs_setsecurity);

/*

 * This is our front-end to iget that looks up inodes by file handle

			 */

			inode->i_blocks = nfs_calc_block_size(fattr->du.nfs3.used);

		}

		nfs_setsecurity(inode, fattr, label);

		nfsi->attrtimeo = NFS_MINATTRTIMEO(inode);

		nfsi->attrtimeo_timestamp = now;

		nfsi->access_cache = RB_ROOT;

		unlock_new_inode(inode);

	} else

		nfs_refresh_inode(inode, fattr);

		nfs_setsecurity(inode, fattr, label);

	dprintk("NFS: nfs_fhget(%s/%Ld fh_crc=0x%08x ct=%d)\n",

		inode->i_sb->s_id,

		(long long)NFS_FILEID(inode),

		NFS_PROTO(inode)->return_delegation(inode);

	error = NFS_PROTO(inode)->setattr(dentry, fattr, attr);

	if (error == 0)

		nfs_refresh_inode(inode, fattr);

		error = nfs_refresh_inode(inode, fattr);

	nfs_free_fattr(fattr);

out:

	return error;

 */

int nfs_revalidate_inode(struct nfs_server *server, struct inode *inode)

{

	if (!(NFS_I(inode)->cache_validity & NFS_INO_INVALID_ATTR)

	if (!(NFS_I(inode)->cache_validity &

			(NFS_INO_INVALID_ATTR|NFS_INO_INVALID_LABEL))

			&& !nfs_attribute_cache_expired(inode))

		return NFS_STALE(inode) ? -ESTALE : 0;

	return __nfs_revalidate_inode(server, inode);

	spin_lock(&inode->i_lock);

	status = nfs_post_op_update_inode_locked(inode, fattr);

	spin_unlock(&inode->i_lock);

	return status;

}

EXPORT_SYMBOL_GPL(nfs_post_op_update_inode);

		inode->i_blocks = fattr->du.nfs2.blocks;

	/* Update attrtimeo value if we're out of the unstable period */

	if (invalid & NFS_INO_INVALID_ATTR) {

	if (invalid & (NFS_INO_INVALID_ATTR|NFS_INO_INVALID_LABEL)) {

		nfs_inc_stats(inode, NFSIOS_ATTRINVALIDATE);

		nfsi->attrtimeo = NFS_MINATTRTIMEO(inode);

		nfsi->attrtimeo_timestamp = now;

		}

	}

	invalid &= ~NFS_INO_INVALID_ATTR;

	invalid &= ~NFS_INO_INVALID_LABEL;

	/* Don't invalidate the data if we were to blame */

	if (!(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode)

				|| S_ISLNK(inode->i_mode)))

static int nfs41_test_stateid(struct nfs_server *, nfs4_stateid *);

static int nfs41_free_stateid(struct nfs_server *, nfs4_stateid *);

#endif

#ifdef CONFIG_NFS_V4_SECURITY_LABEL

static inline struct nfs4_label *

nfs4_label_init_security(struct inode *dir, struct dentry *dentry,

	struct iattr *sattr, struct nfs4_label *label)

{

	int err;

	if (label == NULL)

		return NULL;

	if (nfs_server_capable(dir, NFS_CAP_SECURITY_LABEL) == 0)

		return NULL;

	if (NFS_SERVER(dir)->nfs_client->cl_minorversion < 2)

		return NULL;

	err = security_dentry_init_security(dentry, sattr->ia_mode,

				&dentry->d_name, (void **)&label->label, &label->len);

	if (err == 0)

		return label;

	return NULL;

}

static inline void

nfs4_label_release_security(struct nfs4_label *label)

{

	if (label)

		security_release_secctx(label->label, label->len);

}

static inline u32 *nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label)

{

	if (label)

		return server->attr_bitmask;

	return server->attr_bitmask_nl;

}

#else

static inline struct nfs4_label *

nfs4_label_init_security(struct inode *dir, struct dentry *dentry,

	struct iattr *sattr, struct nfs4_label *l)

{ return NULL; }

static inline void

nfs4_label_release_security(struct nfs4_label *label)

{ return; }

static inline u32 *

nfs4_bitmask(struct nfs_server *server, struct nfs4_label *label)

{ return server->attr_bitmask; }

#endif

/* Prevent leaks of NFSv4 errors into userland */

static int nfs4_map_errors(int err)

{

	| FATTR4_WORD1_SPACE_USED

	| FATTR4_WORD1_TIME_ACCESS

	| FATTR4_WORD1_TIME_METADATA

	| FATTR4_WORD1_TIME_MODIFY

	| FATTR4_WORD1_TIME_MODIFY,

#ifdef CONFIG_NFS_V4_SECURITY_LABEL

	FATTR4_WORD2_SECURITY_LABEL

#endif

};

static const u32 nfs4_pnfs_open_bitmap[3] = {

	p->o_arg.id.uniquifier = sp->so_seqid.owner_id;

	p->o_arg.name = &dentry->d_name;

	p->o_arg.server = server;

	p->o_arg.bitmask = server->attr_bitmask;

	p->o_arg.bitmask = nfs4_bitmask(server, label);

	p->o_arg.open_bitmap = &nfs4_fattr_bitmap[0];

	p->o_arg.label = label;

	p->o_arg.claim = nfs4_map_atomic_open_claim(server, claim);

	if (ret)

		goto err;

	nfs_setsecurity(inode, &data->f_attr, data->f_label);

	if (data->o_res.delegation_type != 0)

		nfs4_opendata_check_deleg(data, state);

	update_open_stateid(state, &data->o_res.stateid, NULL,

		if (status == 0) {

			nfs_setattr_update_inode(state->inode, sattr);

			nfs_post_op_update_inode(state->inode, opendata->o_res.f_attr);

			nfs_setsecurity(state->inode, opendata->o_res.f_attr, olabel);

		}

	}

	bool truncate;

	int status;

	arg.bitmask = nfs4_bitmask(server, ilabel);

	if (ilabel)

		arg.bitmask = nfs4_bitmask(server, olabel);

	nfs_fattr_init(fattr);

	/* Servers should only apply open mode checks for file size changes */

nfs4_atomic_open(struct inode *dir, struct nfs_open_context *ctx, int open_flags, struct iattr *attr)

{

	struct nfs4_state *state;

	struct nfs4_label *label = NULL;

	struct nfs4_label l = {0, 0, 0, NULL}, *label = NULL;

	label = nfs4_label_init_security(dir, ctx->dentry, attr, &l);

	/* Protect against concurrent sillydeletes */

	state = nfs4_do_open(dir, ctx->dentry, ctx->mode, open_flags, attr, label,

			     ctx->cred, &ctx->mdsthreshold);

	nfs4_label_release_security(label);

	if (IS_ERR(state))

		return ERR_CAST(state);

	ctx->state = state;

			server->caps |= NFS_CAP_CTIME;

		if (res.attr_bitmask[1] & FATTR4_WORD1_TIME_MODIFY)

			server->caps |= NFS_CAP_MTIME;

#ifdef CONFIG_NFS_V4_SECURITY_LABEL

		if (res.attr_bitmask[2] & FATTR4_WORD2_SECURITY_LABEL)

			server->caps |= NFS_CAP_SECURITY_LABEL;

#endif

		memcpy(server->attr_bitmask_nl, res.attr_bitmask,

				sizeof(server->attr_bitmask));

		if (server->caps & NFS_CAP_SECURITY_LABEL) {

			server->attr_bitmask_nl[2] &= ~FATTR4_WORD2_SECURITY_LABEL;

			res.attr_bitmask[2] &= ~FATTR4_WORD2_SECURITY_LABEL;

		}

		memcpy(server->cache_consistency_bitmask, res.attr_bitmask, sizeof(server->cache_consistency_bitmask));

		server->cache_consistency_bitmask[0] &= FATTR4_WORD0_CHANGE|FATTR4_WORD0_SIZE;

		server->cache_consistency_bitmask[1] &= FATTR4_WORD1_TIME_METADATA|FATTR4_WORD1_TIME_MODIFY;

static int _nfs4_lookup_root(struct nfs_server *server, struct nfs_fh *fhandle,

		struct nfs_fsinfo *info)

{

	u32 bitmask[3];

	struct nfs4_lookup_root_arg args = {

		.bitmask = nfs4_fattr_bitmap,

		.bitmask = bitmask,

	};

	struct nfs4_lookup_res res = {

		.server = server,

		.rpc_resp = &res,

	};

	bitmask[0] = nfs4_fattr_bitmap[0];

	bitmask[1] = nfs4_fattr_bitmap[1];

	/*

	 * Process the label in the upcoming getfattr

	 */

	bitmask[2] = nfs4_fattr_bitmap[2] & ~FATTR4_WORD2_SECURITY_LABEL;

	nfs_fattr_init(info->fattr);

	return nfs4_call_sync(server->client, server, &msg, &args.seq_args, &res.seq_res, 0);

}

		.rpc_resp = &res,

	};

	args.bitmask = nfs4_bitmask(server, label);

	nfs_fattr_init(fattr);

	return nfs4_call_sync(server->client, server, &msg, &args.seq_args, &res.seq_res, 0);

}

		return PTR_ERR(label);

	status = nfs4_do_setattr(inode, cred, fattr, sattr, state, NULL, label);

	if (status == 0)

	if (status == 0) {

		nfs_setattr_update_inode(inode, sattr);

		nfs_setsecurity(inode, fattr, label);

	}

	nfs4_label_free(label);

	return status;

}

	struct nfs4_lookup_res res = {

		.server = server,

		.fattr = fattr,

		.label = label,

		.fh = fhandle,

	};

	struct rpc_message msg = {

		.rpc_resp = &res,

	};

	args.bitmask = nfs4_bitmask(server, label);

	nfs_fattr_init(fattr);

	dprintk("NFS call  lookup %s\n", name->name);

		.rpc_cred = entry->cred,

	};

	int mode = entry->mask;

	int status;

	int status = 0;

	/*

	 * Determine which access bits we want to ask for...

nfs4_proc_create(struct inode *dir, struct dentry *dentry, struct iattr *sattr,

		 int flags)

{

	struct nfs4_label *ilabel = NULL;

	struct nfs4_label l, *ilabel = NULL;

	struct nfs_open_context *ctx;

	struct nfs4_state *state;

	int status = 0;

	if (IS_ERR(ctx))

		return PTR_ERR(ctx);

	ilabel = nfs4_label_init_security(dir, dentry, sattr, &l);

	sattr->ia_mode &= ~current_umask();

	state = nfs4_do_open(dir, dentry, ctx->mode,

			flags, sattr, ilabel, ctx->cred,

	nfs_set_verifier(dentry, nfs_save_change_attribute(dir));

	ctx->state = state;

out:

	nfs4_label_release_security(ilabel);

	put_nfs_open_context(ctx);

	return status;

}

	res->server = server;

	msg->rpc_proc = &nfs4_procedures[NFSPROC4_CLNT_REMOVE];

	nfs41_init_sequence(&args->seq_args, &res->seq_res, 1);

	nfs_fattr_init(res->dir_attr);

}

static void nfs4_proc_unlink_rpc_prepare(struct rpc_task *task, struct nfs_unlinkdata *data)

		status = PTR_ERR(res.label);

		goto out;

	}

	arg.bitmask = nfs4_bitmask(server, res.label);

	status = nfs4_call_sync(server->client, server, &msg, &arg.seq_args, &res.seq_res, 1);

	if (!status) {

		update_changeattr(dir, &res.cinfo);

		nfs_post_op_update_inode(inode, res.fattr);

		status = nfs_post_op_update_inode(inode, res.fattr);

		if (!status)

			nfs_setsecurity(inode, res.fattr, res.label);

	}

		data->arg.name = name;

		data->arg.attrs = sattr;

		data->arg.ftype = ftype;

		data->arg.bitmask = server->attr_bitmask;

		data->arg.bitmask = nfs4_bitmask(server, data->label);

		data->res.server = server;

		data->res.fh = &data->fh;

		data->res.fattr = &data->fattr;

		struct page *page, unsigned int len, struct iattr *sattr)

{

	struct nfs4_exception exception = { };

	struct nfs4_label *label = NULL;

	struct nfs4_label l, *label = NULL;

	int err;

	label = nfs4_label_init_security(dir, dentry, sattr, &l);

	do {

		err = nfs4_handle_exception(NFS_SERVER(dir),

				_nfs4_proc_symlink(dir, dentry, page,

							len, sattr, label),

				&exception);

	} while (exception.retry);

	nfs4_label_release_security(label);

	return err;

}

		struct iattr *sattr)

{

	struct nfs4_exception exception = { };

	struct nfs4_label *label = NULL;

	struct nfs4_label l, *label = NULL;

	int err;

	label = nfs4_label_init_security(dir, dentry, sattr, &l);

	sattr->ia_mode &= ~current_umask();

	do {

		err = nfs4_handle_exception(NFS_SERVER(dir),

				_nfs4_proc_mkdir(dir, dentry, sattr, label),

				&exception);

	} while (exception.retry);

	nfs4_label_release_security(label);

	return err;

}

}

static int _nfs4_proc_mknod(struct inode *dir, struct dentry *dentry,

		struct iattr *sattr, dev_t rdev)

		struct iattr *sattr, struct nfs4_label *label, dev_t rdev)

{

	struct nfs4_createdata *data;

	int mode = sattr->ia_mode;

		goto out_free;

	}

	data->arg.label = label;

	status = nfs4_do_create(dir, dentry, data);

out_free:

	nfs4_free_createdata(data);

		struct iattr *sattr, dev_t rdev)

{

	struct nfs4_exception exception = { };

	struct nfs4_label l, *label = NULL;

	int err;

	label = nfs4_label_init_security(dir, dentry, sattr, &l);

	sattr->ia_mode &= ~current_umask();

	do {

		err = nfs4_handle_exception(NFS_SERVER(dir),

				_nfs4_proc_mknod(dir, dentry, sattr, rdev),

				_nfs4_proc_mknod(dir, dentry, sattr, label, rdev),

				&exception);

	} while (exception.retry);

	nfs4_label_release_security(label);

	return err;

}

	return err;

}

#ifdef CONFIG_NFS_V4_SECURITY_LABEL

static int _nfs4_get_security_label(struct inode *inode, void *buf,

					size_t buflen)

{

	struct nfs_server *server = NFS_SERVER(inode);

	struct nfs_fattr fattr;

	struct nfs4_label label = {0, 0, buflen, buf};

	u32 bitmask[3] = { 0, 0, FATTR4_WORD2_SECURITY_LABEL };

	struct nfs4_getattr_arg args = {

		.fh		= NFS_FH(inode),

		.bitmask	= bitmask,

	};

	struct nfs4_getattr_res res = {

		.fattr		= &fattr,

		.label		= &label,

		.server		= server,

	};

	struct rpc_message msg = {

		.rpc_proc	= &nfs4_procedures[NFSPROC4_CLNT_GETATTR],

		.rpc_argp	= &args,

		.rpc_resp	= &res,

	};

	int ret;

	nfs_fattr_init(&fattr);

	ret = rpc_call_sync(server->client, &msg, 0);

	if (ret)

		return ret;

	if (!(fattr.valid & NFS_ATTR_FATTR_V4_SECURITY_LABEL))

		return -ENOENT;

	if (buflen < label.len)

		return -ERANGE;

	return 0;

}

static int nfs4_get_security_label(struct inode *inode, void *buf,

					size_t buflen)

{

	struct nfs4_exception exception = { };

	int err;

	if (!nfs_server_capable(inode, NFS_CAP_SECURITY_LABEL))

		return -EOPNOTSUPP;

	do {

		err = nfs4_handle_exception(NFS_SERVER(inode),

				_nfs4_get_security_label(inode, buf, buflen),

				&exception);

	} while (exception.retry);

	return err;

}

static int _nfs4_do_set_security_label(struct inode *inode,

		struct nfs4_label *ilabel,

		struct nfs_fattr *fattr,

		struct nfs4_label *olabel)

{

	struct iattr sattr = {0};

	struct nfs_server *server = NFS_SERVER(inode);

	const u32 bitmask[3] = { 0, 0, FATTR4_WORD2_SECURITY_LABEL };

	struct nfs_setattrargs args = {

		.fh             = NFS_FH(inode),

		.iap            = &sattr,

		.server		= server,

		.bitmask	= bitmask,

		.label		= ilabel,

	};

	struct nfs_setattrres res = {

		.fattr		= fattr,