vfs: Check for the IOP_XATTR flag in listxattr

When an inode doesn't support xattrs, turn listxattr off as well. (When xattrs are "turned off", the VFS still passes security xattr operations through to security modules, which can still expose inode security labels that way.) Signed-off-by: N Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: N Al Viro <viro@zeniv.linux.org.uk>

vfs: Check for the IOP_XATTR flag in listxattr
When an inode doesn't support xattrs, turn listxattr off as well. (When xattrs are "turned off", the VFS still passes security xattr operations through to security modules, which can still expose inode security labels that way.) Signed-off-by: N Andreas Gruenbacher <agruenba@redhat.com> Signed-off-by: N Al Viro <viro@zeniv.linux.org.uk>
bf3ee713 · Andreas Gruenbacher · Al Viro · 5d6c3191 · bf3ee713
隐藏空白更改
内联并排

Showing with 7 addition and 6 deletion

fs/xattr.c fs/xattr.c +7 -6

未找到文件。
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -326,18 +326,19 @@ vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
 EXPORT_SYMBOL_GPL(vfs_getxattr);
 ssize_t
-vfs_listxattr(struct dentry *d, char *list, size_t size)
+vfs_listxattr(struct dentry *dentry, char *list, size_t size)
 {
+	struct inode *inode = d_inode(dentry);
 	ssize_t error;
-	error = security_inode_listxattr(d);
+	error = security_inode_listxattr(dentry);
 	if (error)
 		return error;
-	error = -EOPNOTSUPP;
+	if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
-	if (d->d_inode->i_op->listxattr) {
+		error = -EOPNOTSUPP;
-		error = d->d_inode->i_op->listxattr(d, list, size);
+		error = inode->i_op->listxattr(dentry, list, size);
 	} else {
-		error = security_inode_listsecurity(d->d_inode, list, size);
+		error = security_inode_listsecurity(inode, list, size);
 		if (size && error > size)
 			error = -ERANGE;
 	}