Revert "FROMLIST: Add flags option to get xattr method paired to..."

Revert submission 1881578

Reason for revert: broken build in CI
Reverted Changes:
Id2c6fa6ee:FROMLIST: Add flags option to get xattr method pai...
Ifa966dabd:FROMLIST: overlayfs: inode_owner_or_capable called...
I46e6c74ff:FROMLIST: overlayfs: override_creds=off option byp...
I0b8fe9f1f:FROMLIST: overlayfs: handle XATTR_NOSECURITY flag ...

Change-Id: Ic4f9a8dd92dc492ed0a474c783497ec525f1c762
Signed-off-by: David Anderson <dvander@google.com>

Documentation/filesystems/locking.rst

@@ -130,7 +130,7 @@ prototypes::
 	bool (*list)(struct dentry *dentry);
 	int (*get)(const struct xattr_handler *handler, struct dentry *dentry,
 		   struct inode *inode, const char *name, void *buffer,
-		   size_t size, int flags);
+		   size_t size);
 	int (*set)(const struct xattr_handler *handler,
                    struct user_namespace *mnt_userns,
                    struct dentry *dentry, struct inode *inode, const char *name,

fs/9p/acl.c

@@ -217,8 +217,7 @@ int v9fs_acl_mode(struct inode *dir, umode_t *modep,
 
 static int v9fs_xattr_get_acl(const struct xattr_handler *handler,
 			      struct dentry *dentry, struct inode *inode,
-			      const char *name, void *buffer, size_t size,
-			      int flags)
+			      const char *name, void *buffer, size_t size)
 {
 	struct v9fs_session_info *v9ses;
 	struct posix_acl *acl;

fs/9p/xattr.c

@@ -149,8 +149,7 @@ ssize_t v9fs_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size)
 
 static int v9fs_xattr_handler_get(const struct xattr_handler *handler,
 				  struct dentry *dentry, struct inode *inode,
-				  const char *name, void *buffer, size_t size,
-				  int flags)
+				  const char *name, void *buffer, size_t size)
 {
 	const char *full_name = xattr_full_name(handler, name);
 

fs/afs/xattr.c

@@ -36,7 +36,7 @@ static const struct afs_operation_ops afs_fetch_acl_operation = {
 static int afs_xattr_get_acl(const struct xattr_handler *handler,
 			     struct dentry *dentry,
 			     struct inode *inode, const char *name,
-			     void *buffer, size_t size, int flags)
+			     void *buffer, size_t size)
 {
 	struct afs_operation *op;
 	struct afs_vnode *vnode = AFS_FS_I(inode);
@@ -138,7 +138,7 @@ static const struct afs_operation_ops yfs_fetch_opaque_acl_operation = {
 static int afs_xattr_get_yfs(const struct xattr_handler *handler,
 			     struct dentry *dentry,
 			     struct inode *inode, const char *name,
-			     void *buffer, size_t size, int flags)
+			     void *buffer, size_t size)
 {
 	struct afs_operation *op;
 	struct afs_vnode *vnode = AFS_FS_I(inode);
@@ -268,7 +268,7 @@ static const struct xattr_handler afs_xattr_yfs_handler = {
 static int afs_xattr_get_cell(const struct xattr_handler *handler,
 			      struct dentry *dentry,
 			      struct inode *inode, const char *name,
-			      void *buffer, size_t size, int flags)
+			      void *buffer, size_t size)
 {
 	struct afs_vnode *vnode = AFS_FS_I(inode);
 	struct afs_cell *cell = vnode->volume->cell;
@@ -295,7 +295,7 @@ static const struct xattr_handler afs_xattr_afs_cell_handler = {
 static int afs_xattr_get_fid(const struct xattr_handler *handler,
 			     struct dentry *dentry,
 			     struct inode *inode, const char *name,
-			     void *buffer, size_t size, int flags)
+			     void *buffer, size_t size)
 {
 	struct afs_vnode *vnode = AFS_FS_I(inode);
 	char text[16 + 1 + 24 + 1 + 8 + 1];
@@ -333,7 +333,7 @@ static const struct xattr_handler afs_xattr_afs_fid_handler = {
 static int afs_xattr_get_volume(const struct xattr_handler *handler,
 			      struct dentry *dentry,
 			      struct inode *inode, const char *name,
-			      void *buffer, size_t size, int flags)
+			      void *buffer, size_t size)
 {
 	struct afs_vnode *vnode = AFS_FS_I(inode);
 	const char *volname = vnode->volume->name;

fs/attr.c

@@ -342,7 +342,7 @@ int notify_change(struct user_namespace *mnt_userns, struct dentry *dentry,
 		attr->ia_mtime = timestamp_truncate(attr->ia_mtime, inode);
 
 	if (ia_valid & ATTR_KILL_PRIV) {
-		error = security_inode_need_killpriv(mnt_userns, dentry);
+		error = security_inode_need_killpriv(dentry);
 		if (error < 0)
 			return error;
 		if (error == 0)

fs/btrfs/xattr.c

@@ -378,8 +378,7 @@ ssize_t btrfs_listxattr(struct dentry *dentry, char *buffer, size_t size)
 
 static int btrfs_xattr_handler_get(const struct xattr_handler *handler,
 				   struct dentry *unused, struct inode *inode,
-				   const char *name, void *buffer, size_t size,
-				   int flags)
+				   const char *name, void *buffer, size_t size)
 {
 	name = xattr_full_name(handler, name);
 	return btrfs_getxattr(inode, name, buffer, size);

fs/ceph/xattr.c

@@ -1256,8 +1256,7 @@ int __ceph_setxattr(struct inode *inode, const char *name,
 
 static int ceph_get_xattr_handler(const struct xattr_handler *handler,
 				  struct dentry *dentry, struct inode *inode,
-				  const char *name, void *value, size_t size,
-				  int flags)
+				  const char *name, void *value, size_t size)
 {
 	if (!ceph_is_valid_xattr(name))
 		return -EOPNOTSUPP;

fs/cifs/xattr.c

@@ -279,7 +279,7 @@ static int cifs_creation_time_get(struct dentry *dentry, struct inode *inode,
 
 static int cifs_xattr_get(const struct xattr_handler *handler,
 			  struct dentry *dentry, struct inode *inode,
-			  const char *name, void *value, size_t size, int flags)
+			  const char *name, void *value, size_t size)
 {
 	ssize_t rc = -EOPNOTSUPP;
 	unsigned int xid;

fs/ecryptfs/inode.c

@@ -1050,8 +1050,7 @@ ecryptfs_getxattr_lower(struct dentry *lower_dentry, struct inode *lower_inode,
 		goto out;
 	}
 	inode_lock(lower_inode);
-	rc = __vfs_getxattr(&init_user_ns, lower_dentry, lower_inode, name,
-			    value, size, XATTR_NOSECURITY);
+	rc = __vfs_getxattr(lower_dentry, lower_inode, name, value, size);
 	inode_unlock(lower_inode);
 out:
 	return rc;
@@ -1157,8 +1156,7 @@ const struct inode_operations ecryptfs_main_iops = {
 
 static int ecryptfs_xattr_get(const struct xattr_handler *handler,
 			      struct dentry *dentry, struct inode *inode,
-			      const char *name, void *buffer, size_t size,
-			      int flags)
+			      const char *name, void *buffer, size_t size)
 {
 	return ecryptfs_getxattr(dentry, inode, name, buffer, size);
 }

fs/ecryptfs/mmap.c

@@ -422,9 +422,8 @@ static int ecryptfs_write_inode_size_to_xattr(struct inode *ecryptfs_inode)
 		goto out;
 	}
 	inode_lock(lower_inode);
-	size = __vfs_getxattr(&init_user_ns, lower_dentry, lower_inode,
-			      ECRYPTFS_XATTR_NAME, xattr_virt, PAGE_SIZE,
-			      XATTR_NOSECURITY);
+	size = __vfs_getxattr(lower_dentry, lower_inode, ECRYPTFS_XATTR_NAME,
+			      xattr_virt, PAGE_SIZE);
 	if (size < 0)
 		size = 8;
 	put_unaligned_be64(i_size_read(ecryptfs_inode), xattr_virt);

fs/erofs/xattr.c

@@ -470,8 +470,7 @@ int erofs_getxattr(struct inode *inode, int index,
 
 static int erofs_xattr_generic_get(const struct xattr_handler *handler,
 				   struct dentry *unused, struct inode *inode,
-				   const char *name, void *buffer, size_t size,
-				   int flags)
+				   const char *name, void *buffer, size_t size)
 {
 	struct erofs_sb_info *const sbi = EROFS_I_SB(inode);
 

fs/ext2/xattr_security.c

@@ -11,7 +11,7 @@
 static int
 ext2_xattr_security_get(const struct xattr_handler *handler,
 			struct dentry *unused, struct inode *inode,
-			const char *name, void *buffer, size_t size, int flags)
+			const char *name, void *buffer, size_t size)
 {
 	return ext2_xattr_get(inode, EXT2_XATTR_INDEX_SECURITY, name,
 			      buffer, size);

fs/ext2/xattr_trusted.c

@@ -18,7 +18,7 @@ ext2_xattr_trusted_list(struct dentry *dentry)
 static int
 ext2_xattr_trusted_get(const struct xattr_handler *handler,
 		       struct dentry *unused, struct inode *inode,
-		       const char *name, void *buffer, size_t size, int flags)
+		       const char *name, void *buffer, size_t size)
 {
 	return ext2_xattr_get(inode, EXT2_XATTR_INDEX_TRUSTED, name,
 			      buffer, size);

fs/ext2/xattr_user.c

@@ -20,7 +20,7 @@ ext2_xattr_user_list(struct dentry *dentry)
 static int
 ext2_xattr_user_get(const struct xattr_handler *handler,
 		    struct dentry *unused, struct inode *inode,
-		    const char *name, void *buffer, size_t size, int flags)
+		    const char *name, void *buffer, size_t size)
 {
 	if (!test_opt(inode->i_sb, XATTR_USER))
 		return -EOPNOTSUPP;

fs/ext4/xattr_hurd.c

@@ -21,7 +21,7 @@ ext4_xattr_hurd_list(struct dentry *dentry)
 static int
 ext4_xattr_hurd_get(const struct xattr_handler *handler,
 		    struct dentry *unused, struct inode *inode,
-		    const char *name, void *buffer, size_t size, int flags)
+		    const char *name, void *buffer, size_t size)
 {
 	if (!test_opt(inode->i_sb, XATTR_USER))
 		return -EOPNOTSUPP;

fs/ext4/xattr_security.c

@@ -15,7 +15,7 @@
 static int
 ext4_xattr_security_get(const struct xattr_handler *handler,
 			struct dentry *unused, struct inode *inode,
-			const char *name, void *buffer, size_t size, int flags)
+			const char *name, void *buffer, size_t size)
 {
 	return ext4_xattr_get(inode, EXT4_XATTR_INDEX_SECURITY,
 			      name, buffer, size);

fs/ext4/xattr_trusted.c

@@ -22,7 +22,7 @@ ext4_xattr_trusted_list(struct dentry *dentry)
 static int
 ext4_xattr_trusted_get(const struct xattr_handler *handler,
 		       struct dentry *unused, struct inode *inode,
-		       const char *name, void *buffer, size_t size, int flags)
+		       const char *name, void *buffer, size_t size)
 {
 	return ext4_xattr_get(inode, EXT4_XATTR_INDEX_TRUSTED,
 			      name, buffer, size);

fs/ext4/xattr_user.c

@@ -21,7 +21,7 @@ ext4_xattr_user_list(struct dentry *dentry)
 static int
 ext4_xattr_user_get(const struct xattr_handler *handler,
 		    struct dentry *unused, struct inode *inode,
-		    const char *name, void *buffer, size_t size, int flags)
+		    const char *name, void *buffer, size_t size)
 {
 	if (!test_opt(inode->i_sb, XATTR_USER))
 		return -EOPNOTSUPP;

fs/f2fs/xattr.c

@@ -45,7 +45,7 @@ static void xattr_free(struct f2fs_sb_info *sbi, void *xattr_addr,
 
 static int f2fs_xattr_generic_get(const struct xattr_handler *handler,
 		struct dentry *unused, struct inode *inode,
-		const char *name, void *buffer, size_t size, int flags)
+		const char *name, void *buffer, size_t size)
 {
 	struct f2fs_sb_info *sbi = F2FS_SB(inode->i_sb);
 
@@ -101,7 +101,7 @@ static bool f2fs_xattr_trusted_list(struct dentry *dentry)
 
 static int f2fs_xattr_advise_get(const struct xattr_handler *handler,
 		struct dentry *unused, struct inode *inode,
-		const char *name, void *buffer, size_t size, int flags)
+		const char *name, void *buffer, size_t size)
 {
 	if (buffer)
 		*((char *)buffer) = F2FS_I(inode)->i_advise;

fs/fuse/xattr.c

@@ -182,7 +182,7 @@ int fuse_removexattr(struct inode *inode, const char *name)
 
 static int fuse_xattr_get(const struct xattr_handler *handler,
 			 struct dentry *dentry, struct inode *inode,
-			 const char *name, void *value, size_t size, int flags)
+			 const char *name, void *value, size_t size)
 {
 	if (fuse_is_bad(inode))
 		return -EIO;
@@ -212,7 +212,7 @@ static bool no_xattr_list(struct dentry *dentry)
 
 static int no_xattr_get(const struct xattr_handler *handler,
 			struct dentry *dentry, struct inode *inode,
-			const char *name, void *value, size_t size, int flags)
+			const char *name, void *value, size_t size)
 {
 	return -EOPNOTSUPP;
 }

fs/gfs2/xattr.c

@@ -602,8 +602,7 @@ static int __gfs2_xattr_get(struct inode *inode, const char *name,
 
 static int gfs2_xattr_get(const struct xattr_handler *handler,
 			  struct dentry *unused, struct inode *inode,
-			  const char *name, void *buffer, size_t size,
-			  int flags)
+			  const char *name, void *buffer, size_t size)
 {
 	struct gfs2_inode *ip = GFS2_I(inode);
 	struct gfs2_holder gh;

fs/hfs/attr.c

@@ -115,7 +115,7 @@ static ssize_t __hfs_getxattr(struct inode *inode, enum hfs_xattr_type type,
 
 static int hfs_xattr_get(const struct xattr_handler *handler,
 			 struct dentry *unused, struct inode *inode,
-			 const char *name, void *value, size_t size, int flags)
+			 const char *name, void *value, size_t size)
 {
 	return __hfs_getxattr(inode, handler->flags, value, size);
 }

fs/hfsplus/xattr.c

@@ -838,8 +838,7 @@ static int hfsplus_removexattr(struct inode *inode, const char *name)
 
 static int hfsplus_osx_getxattr(const struct xattr_handler *handler,
 				struct dentry *unused, struct inode *inode,
-				const char *name, void *buffer, size_t size,
-				int flags)
+				const char *name, void *buffer, size_t size)
 {
 	/*
 	 * Don't allow retrieving properly prefixed attributes

fs/hfsplus/xattr_security.c

@@ -15,8 +15,7 @@
 
 static int hfsplus_security_getxattr(const struct xattr_handler *handler,
 				     struct dentry *unused, struct inode *inode,
-				     const char *name, void *buffer,
-				     size_t size, int flags)
+				     const char *name, void *buffer, size_t size)
 {
 	return hfsplus_getxattr(inode, name, buffer, size,
 				XATTR_SECURITY_PREFIX,

fs/hfsplus/xattr_trusted.c

@@ -14,8 +14,7 @@
 
 static int hfsplus_trusted_getxattr(const struct xattr_handler *handler,
 				    struct dentry *unused, struct inode *inode,
-				    const char *name, void *buffer,
-				    size_t size, int flags)
+				    const char *name, void *buffer, size_t size)
 {
 	return hfsplus_getxattr(inode, name, buffer, size,
 				XATTR_TRUSTED_PREFIX,

fs/hfsplus/xattr_user.c

@@ -14,8 +14,7 @@
 
 static int hfsplus_user_getxattr(const struct xattr_handler *handler,
 				 struct dentry *unused, struct inode *inode,
-				 const char *name, void *buffer, size_t size,
-				 int flags)
+				 const char *name, void *buffer, size_t size)
 {
 
 	return hfsplus_getxattr(inode, name, buffer, size,

fs/incfs/vfs.c

@@ -163,7 +163,7 @@ const struct inode_operations incfs_file_inode_ops = {
 
 static int incfs_handler_getxattr(const struct xattr_handler *xh,
 				  struct dentry *d, struct inode *inode,
-				  const char *name, void *buffer, size_t size, int flags)
+				  const char *name, void *buffer, size_t size)
 {
 	return incfs_getxattr(d, name, buffer, size);
 }

fs/inode.c

@@ -1898,8 +1898,7 @@ EXPORT_SYMBOL(should_remove_suid);
  * response to write or truncate. Return 0 if nothing has to be changed.
  * Negative value on error (change should be denied).
  */
-int dentry_needs_remove_privs(struct user_namespace *mnt_userns,
-			      struct dentry *dentry)
+int dentry_needs_remove_privs(struct dentry *dentry)
 {
 	struct inode *inode = d_inode(dentry);
 	int mask = 0;
@@ -1909,7 +1908,7 @@ int dentry_needs_remove_privs(struct user_namespace *mnt_userns,
 		return 0;
 
 	mask = should_remove_suid(dentry);
-	ret = security_inode_need_killpriv(mnt_userns, dentry);
+	ret = security_inode_need_killpriv(dentry);
 	if (ret < 0)
 		return ret;
 	if (ret)
@@ -1950,7 +1949,7 @@ int file_remove_privs(struct file *file)
 	if (IS_NOSEC(inode) || !S_ISREG(inode->i_mode))
 		return 0;
 
-	kill = dentry_needs_remove_privs(file_mnt_user_ns(file), dentry);
+	kill = dentry_needs_remove_privs(dentry);
 	if (kill < 0)
 		return kill;
 	if (kill)

fs/internal.h

@@ -150,8 +150,7 @@ extern int vfs_open(const struct path *, struct file *);
  */
 extern long prune_icache_sb(struct super_block *sb, struct shrink_control *sc);
 extern void inode_add_lru(struct inode *inode);
-extern int dentry_needs_remove_privs(struct user_namespace *mnt_userns,
-				     struct dentry *dentry);
+extern int dentry_needs_remove_privs(struct dentry *dentry);
 
 /*
  * fs-writeback.c

fs/jffs2/security.c

@@ -50,8 +50,7 @@ int jffs2_init_security(struct inode *inode, struct inode *dir,
 /* ---- XATTR Handler for "security.*" ----------------- */
 static int jffs2_security_getxattr(const struct xattr_handler *handler,
 				   struct dentry *unused, struct inode *inode,
-				   const char *name, void *buffer, size_t size,
-				   int flags)
+				   const char *name, void *buffer, size_t size)
 {
 	return do_jffs2_getxattr(inode, JFFS2_XPREFIX_SECURITY,
 				 name, buffer, size);

fs/jffs2/xattr_trusted.c

@@ -18,8 +18,7 @@
 
 static int jffs2_trusted_getxattr(const struct xattr_handler *handler,
 				  struct dentry *unused, struct inode *inode,
-				  const char *name, void *buffer, size_t size,
-				  int flags)
+				  const char *name, void *buffer, size_t size)
 {
 	return do_jffs2_getxattr(inode, JFFS2_XPREFIX_TRUSTED,
 				 name, buffer, size);

fs/jffs2/xattr_user.c

@@ -18,8 +18,7 @@
 
 static int jffs2_user_getxattr(const struct xattr_handler *handler,
 			       struct dentry *unused, struct inode *inode,
-			       const char *name, void *buffer, size_t size,
-			       int flags)
+			       const char *name, void *buffer, size_t size)
 {
 	return do_jffs2_getxattr(inode, JFFS2_XPREFIX_USER,
 				 name, buffer, size);

fs/jfs/xattr.c

@@ -925,7 +925,7 @@ static int __jfs_xattr_set(struct inode *inode, const char *name,
 
 static int jfs_xattr_get(const struct xattr_handler *handler,
 			 struct dentry *unused, struct inode *inode,
-			 const char *name, void *value, size_t size, int flags)
+			 const char *name, void *value, size_t size)
 {
 	name = xattr_full_name(handler, name);
 	return __jfs_getxattr(inode, name, value, size);
@@ -943,8 +943,7 @@ static int jfs_xattr_set(const struct xattr_handler *handler,
 
 static int jfs_xattr_get_os2(const struct xattr_handler *handler,
 			     struct dentry *unused, struct inode *inode,
-			     const char *name, void *value, size_t size,
-			     int flags)
+			     const char *name, void *value, size_t size)
 {
 	if (is_known_namespace(name))
 		return -EOPNOTSUPP;

fs/kernfs/inode.c

@@ -313,8 +313,7 @@ int kernfs_xattr_set(struct kernfs_node *kn, const char *name,
 
 static int kernfs_vfs_xattr_get(const struct xattr_handler *handler,
 				struct dentry *unused, struct inode *inode,
-				const char *suffix, void *value, size_t size,
-				int flags)
+				const char *suffix, void *value, size_t size)
 {
 	const char *name = xattr_full_name(handler, suffix);
 	struct kernfs_node *kn = inode->i_private;

fs/nfs/nfs4proc.c

@@ -7608,8 +7608,7 @@ static int nfs4_xattr_set_nfs4_acl(const struct xattr_handler *handler,
 
 static int nfs4_xattr_get_nfs4_acl(const struct xattr_handler *handler,
 				   struct dentry *unused, struct inode *inode,
-				   const char *key, void *buf, size_t buflen,
-				   int flags)
+				   const char *key, void *buf, size_t buflen)
 {
 	return nfs4_proc_get_acl(inode, buf, buflen);
 }
@@ -7635,8 +7634,7 @@ static int nfs4_xattr_set_nfs4_label(const struct xattr_handler *handler,
 
 static int nfs4_xattr_get_nfs4_label(const struct xattr_handler *handler,
 				     struct dentry *unused, struct inode *inode,
-				     const char *key, void *buf, size_t buflen,
-				     int flags)
+				     const char *key, void *buf, size_t buflen)
 {
 	if (security_ismaclabel(key))
 		return nfs4_get_security_label(inode, buf, buflen);
@@ -7714,8 +7712,7 @@ static int nfs4_xattr_set_nfs4_user(const struct xattr_handler *handler,
 
 static int nfs4_xattr_get_nfs4_user(const struct xattr_handler *handler,
 				    struct dentry *unused, struct inode *inode,
-				    const char *key, void *buf, size_t buflen,
-				    int flags)
+				    const char *key, void *buf, size_t buflen)
 {
 	struct nfs_access_entry cache;
 	ssize_t ret;

fs/ntfs3/xattr.c

@@ -710,7 +710,7 @@ ssize_t ntfs_listxattr(struct dentry *dentry, char *buffer, size_t size)
 
 static int ntfs_getxattr(const struct xattr_handler *handler, struct dentry *de,
 			 struct inode *inode, const char *name, void *buffer,
-			 size_t size, int flags)
+			 size_t size)
 {
 	int err;
 	struct ntfs_inode *ni = ntfs_i(inode);

fs/ocfs2/xattr.c

@@ -7240,8 +7240,7 @@ int ocfs2_init_security_and_acl(struct inode *dir,
  */
 static int ocfs2_xattr_security_get(const struct xattr_handler *handler,
 				    struct dentry *unused, struct inode *inode,
-				    const char *name, void *buffer, size_t size,
-				    int flags)
+				    const char *name, void *buffer, size_t size)
 {
 	return ocfs2_xattr_get(inode, OCFS2_XATTR_INDEX_SECURITY,
 			       name, buffer, size);
@@ -7314,8 +7313,7 @@ const struct xattr_handler ocfs2_xattr_security_handler = {
  */
 static int ocfs2_xattr_trusted_get(const struct xattr_handler *handler,
 				   struct dentry *unused, struct inode *inode,
-				   const char *name, void *buffer, size_t size,
-				   int flags)
+				   const char *name, void *buffer, size_t size)
 {
 	return ocfs2_xattr_get(inode, OCFS2_XATTR_INDEX_TRUSTED,
 			       name, buffer, size);
@@ -7342,8 +7340,7 @@ const struct xattr_handler ocfs2_xattr_trusted_handler = {
  */
 static int ocfs2_xattr_user_get(const struct xattr_handler *handler,
 				struct dentry *unused, struct inode *inode,
-				const char *name, void *buffer, size_t size,
-				int flags)
+				const char *name, void *buffer, size_t size)
 {
 	struct ocfs2_super *osb = OCFS2_SB(inode->i_sb);
 

fs/open.c

@@ -54,7 +54,7 @@ int do_truncate(struct user_namespace *mnt_userns, struct dentry *dentry,
 	}
 
 	/* Remove suid, sgid, and file capabilities on truncate too */
-	ret = dentry_needs_remove_privs(mnt_userns, dentry);
+	ret = dentry_needs_remove_privs(dentry);
 	if (ret < 0)
 		return ret;
 	if (ret)

fs/orangefs/xattr.c

@@ -542,8 +542,7 @@ static int orangefs_xattr_get_default(const struct xattr_handler *handler,
 				      struct inode *inode,
 				      const char *name,
 				      void *buffer,
-				      size_t size,
-				      int flags)
+				      size_t size)
 {
 	return orangefs_inode_getxattr(inode, name, buffer, size);
 

fs/overlayfs/super.c

@@ -1000,7 +1000,7 @@ static unsigned int ovl_split_lowerdirs(char *str)
 static int __maybe_unused
 ovl_posix_acl_xattr_get(const struct xattr_handler *handler,
 			struct dentry *dentry, struct inode *inode,
-			const char *name, void *buffer, size_t size, int flags)
+			const char *name, void *buffer, size_t size)
 {
 	return ovl_xattr_get(dentry, inode, handler->name, buffer, size);
 }
@@ -1063,8 +1063,7 @@ ovl_posix_acl_xattr_set(const struct xattr_handler *handler,
 
 static int ovl_own_xattr_get(const struct xattr_handler *handler,
 			     struct dentry *dentry, struct inode *inode,
-			     const char *name, void *buffer, size_t size,
-			     int flags)
+			     const char *name, void *buffer, size_t size)
 {
 	return -EOPNOTSUPP;
 }
@@ -1080,8 +1079,7 @@ static int ovl_own_xattr_set(const struct xattr_handler *handler,
 
 static int ovl_other_xattr_get(const struct xattr_handler *handler,
 			       struct dentry *dentry, struct inode *inode,
-			       const char *name, void *buffer, size_t size,
-			       int flags)
+			       const char *name, void *buffer, size_t size)
 {
 	return ovl_xattr_get(dentry, inode, name, buffer, size);
 }

fs/posix_acl.c

@@ -888,7 +888,7 @@ EXPORT_SYMBOL (posix_acl_to_xattr);
 static int
 posix_acl_xattr_get(const struct xattr_handler *handler,
 		    struct dentry *unused, struct inode *inode,
-		    const char *name, void *value, size_t size, int flags)
+		    const char *name, void *value, size_t size)
 {
 	struct posix_acl *acl;
 	int error;

fs/reiserfs/xattr_security.c

@@ -11,8 +11,7 @@
 
 static int
 security_get(const struct xattr_handler *handler, struct dentry *unused,
-	     struct inode *inode, const char *name, void *buffer, size_t size,
-	     int flags)
+	     struct inode *inode, const char *name, void *buffer, size_t size)
 {
 	if (IS_PRIVATE(inode))
 		return -EPERM;

fs/reiserfs/xattr_trusted.c

@@ -10,8 +10,7 @@
 
 static int
 trusted_get(const struct xattr_handler *handler, struct dentry *unused,
-	    struct inode *inode, const char *name, void *buffer, size_t size,
-	    int flags)
+	    struct inode *inode, const char *name, void *buffer, size_t size)
 {
 	if (!capable(CAP_SYS_ADMIN) || IS_PRIVATE(inode))
 		return -EPERM;

fs/reiserfs/xattr_user.c

@@ -9,8 +9,7 @@
 
 static int
 user_get(const struct xattr_handler *handler, struct dentry *unused,
-	 struct inode *inode, const char *name, void *buffer, size_t size,
-	 int flags)
+	 struct inode *inode, const char *name, void *buffer, size_t size)
 {
 	if (!reiserfs_xattrs_user(inode->i_sb))
 		return -EOPNOTSUPP;

fs/squashfs/xattr.c

@@ -204,7 +204,7 @@ static int squashfs_xattr_handler_get(const struct xattr_handler *handler,
 				      struct dentry *unused,
 				      struct inode *inode,
 				      const char *name,
-				      void *buffer, size_t size, int flags)
+				      void *buffer, size_t size)
 {
 	return squashfs_xattr_get(inode, handler->flags, name,
 		buffer, size);

fs/ubifs/xattr.c

@@ -689,8 +689,7 @@ int ubifs_init_security(struct inode *dentry, struct inode *inode,
 
 static int xattr_get(const struct xattr_handler *handler,
 			   struct dentry *dentry, struct inode *inode,
-			   const char *name, void *buffer, size_t size,
-			   int flags)
+			   const char *name, void *buffer, size_t size)
 {
 	dbg_gen("xattr '%s', ino %lu ('%pd'), buf size %zd", name,
 		inode->i_ino, dentry, size);

fs/xattr.c

@@ -369,7 +369,7 @@ vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry,
 		return PTR_ERR(handler);
 	if (!handler->get)
 		return -EOPNOTSUPP;
-	error = handler->get(handler, dentry, inode, name, NULL, 0, 0);
+	error = handler->get(handler, dentry, inode, name, NULL, 0);
 	if (error < 0)
 		return error;
 
@@ -380,21 +380,32 @@ vfs_getxattr_alloc(struct user_namespace *mnt_userns, struct dentry *dentry,
 		memset(value, 0, error + 1);
 	}
 
-	error = handler->get(handler, dentry, inode, name, value, error, 0);
+	error = handler->get(handler, dentry, inode, name, value, error);
 	*xattr_value = value;
 	return error;
 }
 
 ssize_t
-__vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
-	       struct inode *inode, const char *name, void *value,
-	       size_t size, int flags)
+__vfs_getxattr(struct dentry *dentry, struct inode *inode, const char *name,
+	       void *value, size_t size)
 {
 	const struct xattr_handler *handler;
-	int error;
 
-	if (flags & XATTR_NOSECURITY)
-		goto nolsm;
+	handler = xattr_resolve_name(inode, &name);
+	if (IS_ERR(handler))
+		return PTR_ERR(handler);
+	if (!handler->get)
+		return -EOPNOTSUPP;
+	return handler->get(handler, dentry, inode, name, value, size);
+}
+EXPORT_SYMBOL(__vfs_getxattr);
+
+ssize_t
+vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
+	     const char *name, void *value, size_t size)
+{
+	struct inode *inode = dentry->d_inode;
+	int error;
 
 	error = xattr_permission(mnt_userns, inode, name, MAY_READ);
 	if (error)
@@ -418,20 +429,7 @@ __vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
 		return ret;
 	}
 nolsm:
-	handler = xattr_resolve_name(inode, &name);
-	if (IS_ERR(handler))
-		return PTR_ERR(handler);
-	if (!handler->get)
-		return -EOPNOTSUPP;
-	return handler->get(handler, dentry, inode, name, value, size, flags);
-}
-EXPORT_SYMBOL(__vfs_getxattr);
-
-ssize_t
-vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
-	     const char *name, void *value, size_t size)
-{
-	return __vfs_getxattr(mnt_userns, dentry, dentry->d_inode, name, value, size, 0);
+	return __vfs_getxattr(dentry, inode, name, value, size);
 }
 EXPORT_SYMBOL_GPL(vfs_getxattr);
 

fs/xfs/xfs_xattr.c

@@ -21,8 +21,7 @@
 
 static int
 xfs_xattr_get(const struct xattr_handler *handler, struct dentry *unused,
-		struct inode *inode, const char *name, void *value, size_t size,
-		int flags)
+		struct inode *inode, const char *name, void *value, size_t size)
 {
 	struct xfs_da_args	args = {
 		.dp		= XFS_I(inode),

include/linux/lsm_hook_defs.h

@@ -146,8 +146,7 @@ LSM_HOOK(int, 0, inode_getxattr, struct dentry *dentry, const char *name)
 LSM_HOOK(int, 0, inode_listxattr, struct dentry *dentry)
 LSM_HOOK(int, 0, inode_removexattr, struct user_namespace *mnt_userns,
 	 struct dentry *dentry, const char *name)
-LSM_HOOK(int, 0, inode_need_killpriv, struct user_namespace *mnt_userns,
-	 struct dentry *dentry)
+LSM_HOOK(int, 0, inode_need_killpriv, struct dentry *dentry)
 LSM_HOOK(int, 0, inode_killpriv, struct user_namespace *mnt_userns,
 	 struct dentry *dentry)
 LSM_HOOK(int, -EOPNOTSUPP, inode_getsecurity, struct user_namespace *mnt_userns,

include/linux/security.h

@@ -150,8 +150,7 @@ int cap_inode_setxattr(struct dentry *dentry, const char *name,
 		       const void *value, size_t size, int flags);
 int cap_inode_removexattr(struct user_namespace *mnt_userns,
 			  struct dentry *dentry, const char *name);
-int cap_inode_need_killpriv(struct user_namespace *mnt_userns,
-			    struct dentry *dentry);
+int cap_inode_need_killpriv(struct dentry *dentry);
 int cap_inode_killpriv(struct user_namespace *mnt_userns,
 		       struct dentry *dentry);
 int cap_inode_getsecurity(struct user_namespace *mnt_userns,
@@ -364,8 +363,7 @@ int security_inode_getxattr(struct dentry *dentry, const char *name);
 int security_inode_listxattr(struct dentry *dentry);
 int security_inode_removexattr(struct user_namespace *mnt_userns,
 			       struct dentry *dentry, const char *name);
-int security_inode_need_killpriv(struct user_namespace *mnt_userns,
-				 struct dentry *dentry);
+int security_inode_need_killpriv(struct dentry *dentry);
 int security_inode_killpriv(struct user_namespace *mnt_userns,
 			    struct dentry *dentry);
 int security_inode_getsecurity(struct user_namespace *mnt_userns,

include/linux/xattr.h

@@ -34,7 +34,7 @@ struct xattr_handler {
 	bool (*list)(struct dentry *dentry);
 	int (*get)(const struct xattr_handler *, struct dentry *dentry,
 		   struct inode *inode, const char *name, void *buffer,
-		   size_t size, int flags);
+		   size_t size);
 	int (*set)(const struct xattr_handler *,
 		   struct user_namespace *mnt_userns, struct dentry *dentry,
 		   struct inode *inode, const char *name, const void *buffer,
@@ -49,9 +49,7 @@ struct xattr {
 	size_t value_len;
 };
 
-ssize_t __vfs_getxattr(struct user_namespace *mnt_userns, struct dentry *dentry,
-		       struct inode *inode, const char *name, void *buffer,
-		       size_t size, int flags);
+ssize_t __vfs_getxattr(struct dentry *, struct inode *, const char *, void *, size_t);
 ssize_t vfs_getxattr(struct user_namespace *, struct dentry *, const char *,
 		     void *, size_t);
 ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);

include/uapi/linux/xattr.h

@@ -18,11 +18,8 @@
 #if __UAPI_DEF_XATTR
 #define __USE_KERNEL_XATTR_DEFS
 
-#define XATTR_CREATE	 0x1	/* set value, fail if attr already exists */
-#define XATTR_REPLACE	 0x2	/* set value, fail if attr does not exist */
-#ifdef __KERNEL__ /* following is kernel internal, colocated for maintenance */
-#define XATTR_NOSECURITY 0x4	/* get value, do not involve security check */
-#endif
+#define XATTR_CREATE	0x1	/* set value, fail if attr already exists */
+#define XATTR_REPLACE	0x2	/* set value, fail if attr does not exist */
 #endif
 
 /* Namespaces */

mm/shmem.c

@@ -3174,8 +3174,7 @@ static int shmem_initxattrs(struct inode *inode,
 
 static int shmem_xattr_handler_get(const struct xattr_handler *handler,
 				   struct dentry *unused, struct inode *inode,
-				   const char *name, void *buffer, size_t size,
-				   int flags)
+				   const char *name, void *buffer, size_t size)
 {
 	struct shmem_inode_info *info = SHMEM_I(inode);
 

net/socket.c

@@ -364,8 +364,7 @@ static const struct dentry_operations sockfs_dentry_operations = {
 
 static int sockfs_xattr_get(const struct xattr_handler *handler,
 			    struct dentry *dentry, struct inode *inode,
-			    const char *suffix, void *value, size_t size,
-			    int flags)
+			    const char *suffix, void *value, size_t size)
 {
 	if (value) {
 		if (dentry->d_name.len + 1 > size)

security/commoncap.c

@@ -292,14 +292,12 @@ int cap_capset(struct cred *new,
  * Return: 1 if security.capability has a value, meaning inode_killpriv()
  * is required, 0 otherwise, meaning inode_killpriv() is not required.
  */
-int cap_inode_need_killpriv(struct user_namespace *mnt_userns,
-			    struct dentry *dentry)
+int cap_inode_need_killpriv(struct dentry *dentry)
 {
 	struct inode *inode = d_backing_inode(dentry);
 	int error;
 
-	error = __vfs_getxattr(mnt_userns, dentry, inode, XATTR_NAME_CAPS,
-			       NULL, 0, XATTR_NOSECURITY);
+	error = __vfs_getxattr(dentry, inode, XATTR_NAME_CAPS, NULL, 0);
 	return error > 0;
 }
 
@@ -662,9 +660,8 @@ int get_vfs_caps_from_disk(struct user_namespace *mnt_userns,
 		return -ENODATA;
 
 	fs_ns = inode->i_sb->s_user_ns;
-	size = __vfs_getxattr(mnt_userns, (struct dentry *)dentry, inode,
-			      XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ,
-			      XATTR_NOSECURITY);
+	size = __vfs_getxattr((struct dentry *)dentry, inode,
+			      XATTR_NAME_CAPS, &data, XATTR_CAPS_SZ);
 	if (size == -ENODATA || size == -EOPNOTSUPP)
 		/* no data, that's ok */
 		return -ENODATA;

security/integrity/evm/evm_main.c

@@ -145,8 +145,7 @@ static int evm_find_protected_xattrs(struct dentry *dentry)
 		return -EOPNOTSUPP;
 
 	list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
-		error = __vfs_getxattr(&init_user_ns, dentry, inode,
-				       xattr->name, NULL, 0, XATTR_NOSECURITY);
+		error = __vfs_getxattr(dentry, inode, xattr->name, NULL, 0);
 		if (error < 0) {
 			if (error == -ENODATA)
 				continue;
@@ -344,9 +343,8 @@ int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
 	int rc, size, total_size = 0;
 
 	list_for_each_entry_lockless(xattr, &evm_config_xattrnames, list) {
-		rc = __vfs_getxattr(&init_user_ns, dentry,
-				    d_backing_inode(dentry), xattr->name, NULL,
-				    0, XATTR_NOSECURITY);
+		rc = __vfs_getxattr(dentry, d_backing_inode(dentry),
+				    xattr->name, NULL, 0);
 		if (rc < 0 && rc == -ENODATA)
 			continue;
 		else if (rc < 0)
@@ -374,11 +372,10 @@ int evm_read_protected_xattrs(struct dentry *dentry, u8 *buffer,
 		case 'v':
 			size = rc;
 			if (buffer) {
-				rc = __vfs_getxattr(&init_user_ns, dentry,
+				rc = __vfs_getxattr(dentry,
 					d_backing_inode(dentry), xattr->name,
 					buffer + total_size,
-					buffer_size - total_size,
-					XATTR_NOSECURITY);
+					buffer_size - total_size);
 				if (rc < 0)
 					return rc;
 			}

security/security.c

@@ -1403,10 +1403,9 @@ int security_inode_removexattr(struct user_namespace *mnt_userns,
 	return evm_inode_removexattr(mnt_userns, dentry, name);
 }
 
-int security_inode_need_killpriv(struct user_namespace *mnt_userns,
-				 struct dentry *dentry)
+int security_inode_need_killpriv(struct dentry *dentry)
 {
-	return call_int_hook(inode_need_killpriv, 0, mnt_userns, dentry);
+	return call_int_hook(inode_need_killpriv, 0, dentry);
 }
 
 int security_inode_killpriv(struct user_namespace *mnt_userns,

security/selinux/hooks.c

@@ -490,7 +490,7 @@ static int selinux_is_sblabel_mnt(struct super_block *sb)
 	}
 }
 
-static int sb_check_xattr_support(struct user_namespace *mnt_userns, struct super_block *sb)
+static int sb_check_xattr_support(struct super_block *sb)
 {
 	struct superblock_security_struct *sbsec = sb->s_security;
 	struct dentry *root = sb->s_root;
@@ -511,8 +511,7 @@ static int sb_check_xattr_support(struct user_namespace *mnt_userns, struct supe
 		goto fallback;
 	}
 
-	rc = __vfs_getxattr(mnt_userns, root, root_inode, XATTR_NAME_SELINUX, NULL, 0,
-			    XATTR_NOSECURITY);
+	rc = __vfs_getxattr(root, root_inode, XATTR_NAME_SELINUX, NULL, 0);
 	if (rc < 0 && rc != -ENODATA) {
 		if (rc == -EOPNOTSUPP) {
 			pr_warn("SELinux: (dev %s, type %s) has no security xattr handler\n",
@@ -548,7 +547,7 @@ static int sb_finish_set_opts(struct super_block *sb)
 	int rc = 0;
 
 	if (sbsec->behavior == SECURITY_FS_USE_XATTR) {
-		rc = sb_check_xattr_support(sb->s_user_ns, sb);
+		rc = sb_check_xattr_support(sb);
 		if (rc)
 			return rc;
 	}
@@ -1371,15 +1370,12 @@ static int inode_doinit_use_xattr(struct inode *inode, struct dentry *dentry,
 		return -ENOMEM;
 
 	context[len] = '\0';
-	rc = __vfs_getxattr(&init_user_ns, dentry, inode, XATTR_NAME_SELINUX,
-			    context, len, XATTR_NOSECURITY);
+	rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, context, len);
 	if (rc == -ERANGE) {
 		kfree(context);
 
 		/* Need a larger buffer.  Query for the right size. */
-		rc = __vfs_getxattr(&init_user_ns, dentry, inode,
-				    XATTR_NAME_SELINUX, NULL, 0,
-				    XATTR_NOSECURITY);
+		rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX, NULL, 0);
 		if (rc < 0)
 			return rc;
 
@@ -1389,9 +1385,8 @@ static int inode_doinit_use_xattr(struct inode *inode, struct dentry *dentry,
 			return -ENOMEM;
 
 		context[len] = '\0';
-		rc = __vfs_getxattr(&init_user_ns, dentry, inode,
-				    XATTR_NAME_SELINUX, context, len,
-				    XATTR_NOSECURITY);
+		rc = __vfs_getxattr(dentry, inode, XATTR_NAME_SELINUX,
+				    context, len);
 	}
 	if (rc < 0) {
 		kfree(context);

security/smack/smack_lsm.c

@@ -275,9 +275,8 @@ static int smk_bu_credfile(const struct cred *cred, struct file *file,
  * Returns a pointer to the master list entry for the Smack label,
  * NULL if there was no label to fetch, or an error code.
  */
-static struct smack_known *smk_fetch(struct user_namespace *mnt_userns,
-				     const char *name, struct inode *ip,
-				     struct dentry *dp)
+static struct smack_known *smk_fetch(const char *name, struct inode *ip,
+					struct dentry *dp)
 {
 	int rc;
 	char *buffer;
@@ -290,8 +289,7 @@ static struct smack_known *smk_fetch(struct user_namespace *mnt_userns,
 	if (buffer == NULL)
 		return ERR_PTR(-ENOMEM);
 
-	rc = __vfs_getxattr(mnt_userns, dp, ip, name, buffer, SMK_LONGLABEL,
-			    XATTR_NOSECURITY);
+	rc = __vfs_getxattr(dp, ip, name, buffer, SMK_LONGLABEL);
 	if (rc < 0)
 		skp = ERR_PTR(rc);
 	else if (rc == 0)
@@ -3407,7 +3405,7 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
 		 * Get the dentry for xattr.
 		 */
 		dp = dget(opt_dentry);
-		skp = smk_fetch(&init_user_ns, XATTR_NAME_SMACK, inode, dp);
+		skp = smk_fetch(XATTR_NAME_SMACK, inode, dp);
 		if (!IS_ERR_OR_NULL(skp))
 			final = skp;
 
@@ -3431,9 +3429,9 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
 					TRANS_TRUE, TRANS_TRUE_SIZE,
 					0);
 			} else {
-				rc = __vfs_getxattr(&init_user_ns, dp, inode,
+				rc = __vfs_getxattr(dp, inode,
 					XATTR_NAME_SMACKTRANSMUTE, trattr,
-					TRANS_TRUE_SIZE, XATTR_NOSECURITY);
+					TRANS_TRUE_SIZE);
 				if (rc >= 0 && strncmp(trattr, TRANS_TRUE,
 						       TRANS_TRUE_SIZE) != 0)
 					rc = -EINVAL;
@@ -3444,13 +3442,13 @@ static void smack_d_instantiate(struct dentry *opt_dentry, struct inode *inode)
 		/*
 		 * Don't let the exec or mmap label be "*" or "@".
 		 */
-		skp = smk_fetch(&init_user_ns, XATTR_NAME_SMACKEXEC, inode, dp);
+		skp = smk_fetch(XATTR_NAME_SMACKEXEC, inode, dp);
 		if (IS_ERR(skp) || skp == &smack_known_star ||
 		    skp == &smack_known_web)
 			skp = NULL;
 		isp->smk_task = skp;
 
-		skp = smk_fetch(&init_user_ns, XATTR_NAME_SMACKMMAP, inode, dp);
+		skp = smk_fetch(XATTR_NAME_SMACKMMAP, inode, dp);
 		if (IS_ERR(skp) || skp == &smack_known_star ||
 		    skp == &smack_known_web)
 			skp = NULL;