From: Chunwei Chen <david.chen@osnexus.com>
Date: Wed, 6 Jul 2016 23:54:19 +0000 (-0700)
Subject: Don't allow accessing XATTR via export handle
X-Git-Tag: zfs-0.7.12~995
X-Git-Url: https://git.proxmox.com/?a=commitdiff_plain;h=7938c2aca741f350921377d0f939e177bc7e84ad;p=mirror_zfs.git

Don't allow accessing XATTR via export handle

Allow accessing XATTR through export handle is a very bad idea. It
would allow user to write whatever they want in fields where they
otherwise could not.

Signed-off-by: Chunwei Chen <david.chen@osnexus.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Issue #4828
---

diff --git a/module/zfs/zfs_vfsops.c b/module/zfs/zfs_vfsops.c
index ef04b203d..e05448b9f 100644
--- a/module/zfs/zfs_vfsops.c
+++ b/module/zfs/zfs_vfsops.c
@@ -1540,6 +1540,14 @@ zfs_vget(struct super_block *sb, struct inode **ipp, fid_t *fidp)
 		ZFS_EXIT(zsb);
 		return (err);
 	}
+
+	/* Don't export xattr stuff */
+	if (zp->z_pflags & ZFS_XATTR) {
+		iput(ZTOI(zp));
+		ZFS_EXIT(zsb);
+		return (SET_ERROR(ENOENT));
+	}
+
 	(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_GEN(zsb), &zp_gen,
 	    sizeof (uint64_t));
 	zp_gen = zp_gen & gen_mask;