From: Andreas Gruenbacher <agruenba@redhat.com>
To: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Andreas Gruenbacher <agruenba@redhat.com>,
linux-fsdevel@vger.kernel.org,
Tyler Hicks <tyhicks@canonical.com>,
ecryptfs@vger.kernel.org, Miklos Szeredi <miklos@szeredi.hu>,
linux-unionfs@vger.kernel.org,
David Howells <dhowells@redhat.com>,
Serge Hallyn <serge.hallyn@canonical.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-ima-devel@lists.sourceforge.net,
Paul Moore <paul@paul-moore.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
Eric Paris <eparis@parisplace.org>,
Casey Schaufler <casey@schaufler-ca.com>,
Oleg Drokin <oleg.drokin@intel.com>,
Andreas Dilger <andreas.dilger@intel.com>
Subject: [PATCH v4 18/20] vfs: Check for the IOP_XATTR flag in listxattr
Date: Mon, 22 Aug 2016 23:22:06 +0200 [thread overview]
Message-ID: <1471900928-21588-19-git-send-email-agruenba@redhat.com> (raw)
In-Reply-To: <1471900928-21588-1-git-send-email-agruenba@redhat.com>
When an inode doesn't support xattrs, turn listxattr off as well.
(When xattrs are "turned off", the VFS still passes security xattr
operations through to security modules, which can still expose inode
security labels that way.)
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
---
fs/xattr.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/fs/xattr.c b/fs/xattr.c
index 54a4115..e1ccf2b 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -326,18 +326,19 @@ nolsm:
EXPORT_SYMBOL_GPL(vfs_getxattr);
ssize_t
-vfs_listxattr(struct dentry *d, char *list, size_t size)
+vfs_listxattr(struct dentry *dentry, char *list, size_t size)
{
+ struct inode *inode = d_inode(dentry);
ssize_t error;
- error = security_inode_listxattr(d);
+ error = security_inode_listxattr(dentry);
if (error)
return error;
- error = -EOPNOTSUPP;
- if (d->d_inode->i_op->listxattr) {
- error = d->d_inode->i_op->listxattr(d, list, size);
+ if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
+ error = -EOPNOTSUPP;
+ error = inode->i_op->listxattr(dentry, list, size);
} else {
- error = security_inode_listsecurity(d->d_inode, list, size);
+ error = security_inode_listsecurity(inode, list, size);
if (size && error > size)
error = -ERANGE;
}
--
2.7.4
next prev parent reply other threads:[~2016-08-22 21:24 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-22 21:21 [PATCH v4 00/20] Xattr inode operation removal Andreas Gruenbacher
2016-08-22 21:21 ` [PATCH v4 01/20] ovl: Fix OVL_XATTR_PREFIX Andreas Gruenbacher
2016-08-22 21:21 ` [PATCH v4 02/20] ovl: Get rid of ovl_xattr_noacl_handlers array Andreas Gruenbacher
2016-08-22 21:21 ` [PATCH v4 03/20] ovl: Switch to generic_removexattr Andreas Gruenbacher
2016-08-22 21:21 ` [PATCH v4 04/20] ovl: Switch to generic_getxattr Andreas Gruenbacher
2016-08-22 21:21 ` [PATCH v4 05/20] xattr: Remove unnecessary NULL attribute name check Andreas Gruenbacher
2016-08-22 21:21 ` [PATCH v4 06/20] jffs2: Remove jffs2_{get,set,remove}xattr macros Andreas Gruenbacher
2016-08-22 21:21 ` [PATCH v4 07/20] hfs: Switch to generic xattr handlers Andreas Gruenbacher
2016-08-22 21:21 ` [PATCH v4 08/20] kernfs: " Andreas Gruenbacher
2016-08-22 21:21 ` [PATCH v4 09/20] sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names Andreas Gruenbacher
2016-08-22 21:21 ` [PATCH v4 10/20] sockfs: Get rid of getxattr iop Andreas Gruenbacher
2016-08-22 21:21 ` [PATCH v4 11/20] ecryptfs: Switch to generic xattr handlers Andreas Gruenbacher
2016-08-22 21:22 ` [PATCH v4 12/20] fuse: " Andreas Gruenbacher
2016-08-22 21:22 ` [PATCH v4 13/20] vfs: Move xattr_resolve_name to the front of fs/xattr.c Andreas Gruenbacher
2016-08-22 21:22 ` [PATCH v4 14/20] vfs: Add IOP_XATTR inode operations flag Andreas Gruenbacher
2016-08-22 21:22 ` [PATCH v4 15/20] vfs: Use IOP_XATTR flag for bad-inode handling Andreas Gruenbacher
2016-08-22 21:22 ` [PATCH v4 16/20] libfs: Use IOP_XATTR flag for empty directory handling Andreas Gruenbacher
2016-08-22 21:22 ` [PATCH v4 17/20] xattr: Add __vfs_{get,set,remove}xattr helpers Andreas Gruenbacher
2016-08-22 21:22 ` Andreas Gruenbacher [this message]
2016-08-22 21:22 ` [PATCH v4 19/20] xattr: Stop calling {get,set,remove}xattr inode operations Andreas Gruenbacher
2016-08-22 21:22 ` [PATCH v4 20/20] vfs: Remove " Andreas Gruenbacher
2016-08-23 0:34 ` kbuild test robot
2016-08-23 9:57 ` [PATCH] lustre: Switch to generic xattr handlers Andreas Gruenbacher
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1471900928-21588-19-git-send-email-agruenba@redhat.com \
--to=agruenba@redhat.com \
--cc=andreas.dilger@intel.com \
--cc=casey@schaufler-ca.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=ecryptfs@vger.kernel.org \
--cc=eparis@parisplace.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-ima-devel@lists.sourceforge.net \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=oleg.drokin@intel.com \
--cc=paul@paul-moore.com \
--cc=sds@tycho.nsa.gov \
--cc=serge.hallyn@canonical.com \
--cc=tyhicks@canonical.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).