Commit f39814f6 authored by Andreas Gruenbacher's avatar Andreas Gruenbacher Committed by Paul Moore

gfs2: Invalid security labels of inodes when they go invalid

When gfs2 releases the glock of an inode, it must invalidate all
information cached for that inode, including the page cache and acls.
Use the new security_inode_invalidate_secctx hook to also invalidate
security labels in that case.  These items will be reread from disk
when needed after reacquiring the glock.
Signed-off-by: default avatarAndreas Gruenbacher <agruenba@redhat.com>
Acked-by: default avatarBob Peterson <rpeterso@redhat.com>
Acked-by: default avatarSteven Whitehouse <swhiteho@redhat.com>
Cc: cluster-devel@redhat.com
[PM: fixed spelling errors and description line lengths]
Signed-off-by: default avatarPaul Moore <pmoore@redhat.com>
parent 5d226df4
...@@ -13,6 +13,7 @@ ...@@ -13,6 +13,7 @@
#include <linux/gfs2_ondisk.h> #include <linux/gfs2_ondisk.h>
#include <linux/bio.h> #include <linux/bio.h>
#include <linux/posix_acl.h> #include <linux/posix_acl.h>
#include <linux/security.h>
#include "gfs2.h" #include "gfs2.h"
#include "incore.h" #include "incore.h"
...@@ -262,6 +263,7 @@ static void inode_go_inval(struct gfs2_glock *gl, int flags) ...@@ -262,6 +263,7 @@ static void inode_go_inval(struct gfs2_glock *gl, int flags)
if (ip) { if (ip) {
set_bit(GIF_INVALID, &ip->i_flags); set_bit(GIF_INVALID, &ip->i_flags);
forget_all_cached_acls(&ip->i_inode); forget_all_cached_acls(&ip->i_inode);
security_inode_invalidate_secctx(&ip->i_inode);
gfs2_dir_hash_inval(ip); gfs2_dir_hash_inval(ip);
} }
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment