Skip to content

Commit

Permalink
vfs: Check for the IOP_XATTR flag in listxattr
Browse files Browse the repository at this point in the history 
When an inode doesn't support xattrs, turn listxattr off as well.

(When xattrs are "turned off", the VFS still passes security xattr
operations through to security modules, which can still expose inode
security labels that way.)

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
  • Loading branch information
Andreas Gruenbacher authored and Al Viro committed Oct 8, 2016
1 parent 5d6c319 commit bf3ee71
Showing 1 changed file with 7 additions and 6 deletions.
13 changes: 7 additions & 6 deletions fs/xattr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -326,18 +326,19 @@ vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
EXPORT_SYMBOL_GPL(vfs_getxattr);

ssize_t
vfs_listxattr(struct dentry *d, char *list, size_t size)
vfs_listxattr(struct dentry *dentry, char *list, size_t size)
{
struct inode *inode = d_inode(dentry);
ssize_t error;

error = security_inode_listxattr(d);
error = security_inode_listxattr(dentry);
if (error)
return error;
error = -EOPNOTSUPP;
if (d->d_inode->i_op->listxattr) {
error = d->d_inode->i_op->listxattr(d, list, size);
if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
error = -EOPNOTSUPP;
error = inode->i_op->listxattr(dentry, list, size);
} else {
error = security_inode_listsecurity(d->d_inode, list, size);
error = security_inode_listsecurity(inode, list, size);
if (size && error > size)
error = -ERANGE;
}
Expand Down

0 comments on commit bf3ee71

Please sign in to comment.