vfs: Check for the IOP_XATTR flag in listxattr

When an inode doesn't support xattrs, turn listxattr off as well.

(When xattrs are "turned off", the VFS still passes security xattr
operations through to security modules, which can still expose inode
security labels that way.)

Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Andreas Gruenbacher 2016-09-29 17:48:43 +02:00 committed by Al Viro
parent 5d6c31910b
commit bf3ee71363
1 changed files with 7 additions and 6 deletions

View File

@ -326,18 +326,19 @@ nolsm:
EXPORT_SYMBOL_GPL(vfs_getxattr);
ssize_t
vfs_listxattr(struct dentry *d, char *list, size_t size)
vfs_listxattr(struct dentry *dentry, char *list, size_t size)
{
struct inode *inode = d_inode(dentry);
ssize_t error;
error = security_inode_listxattr(d);
error = security_inode_listxattr(dentry);
if (error)
return error;
error = -EOPNOTSUPP;
if (d->d_inode->i_op->listxattr) {
error = d->d_inode->i_op->listxattr(d, list, size);
if (inode->i_op->listxattr && (inode->i_opflags & IOP_XATTR)) {
error = -EOPNOTSUPP;
error = inode->i_op->listxattr(dentry, list, size);
} else {
error = security_inode_listsecurity(d->d_inode, list, size);
error = security_inode_listsecurity(inode, list, size);
if (size && error > size)
error = -ERANGE;
}