gfs2: Invalid security labels of inodes when they go invalid

When gfs2 releases the glock of an inode, it must invalidate all
information cached for that inode, including the page cache and acls.
Use the new security_inode_invalidate_secctx hook to also invalidate
security labels in that case.  These items will be reread from disk
when needed after reacquiring the glock.

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Acked-by: Bob Peterson <rpeterso@redhat.com>
Acked-by: Steven Whitehouse <swhiteho@redhat.com>
Cc: cluster-devel@redhat.com
[PM: fixed spelling errors and description line lengths]
Signed-off-by: Paul Moore <pmoore@redhat.com>

diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c
index f348cfb6b69a245bb869d7d51584441d1b20b8c4..437fd73e381e224063742284fd8f825d35b0e9db 100644 (file)
--- a/fs/gfs2/glops.c
+++ b/fs/gfs2/glops.c
@@ -13,6 +13,7 @@
 #include <linux/gfs2_ondisk.h>
 #include <linux/bio.h>
 #include <linux/posix_acl.h>
+#include <linux/security.h>
 
 #include "gfs2.h"
 #include "incore.h"
@@ -262,6 +263,7 @@ static void inode_go_inval(struct gfs2_glock *gl, int flags)
                if (ip) {
                        set_bit(GIF_INVALID, &ip->i_flags);
                        forget_all_cached_acls(&ip->i_inode);
+                       security_inode_invalidate_secctx(&ip->i_inode);
                        gfs2_dir_hash_inval(ip);
                }
        }