From 69fba62b74408c3978a07f2886662b9f4d1e4182 Mon Sep 17 00:00:00 2001
From: Bob Glossman <bogl@whamcloud.com>
Date: Thu, 17 May 2012 11:41:59 -0700
Subject: [PATCH] LU-532 llite: trusted. xattr is invisible to non-root

Filter out all invalid xattrs in listxattr.
This includes trusted. xattrs that can cause
unnecessary "EPERM" in subsequent getxattr operations.

Signed-off-by: Fan Yong <yong.fan@whamcloud.com>
Signed-off-by: Bob Glossman <bogl@whamcloud.com>
Change-Id: Ic32fe262772370cd837bef878c9bfd9eefc0ec3c
Reviewed-on: http://review.whamcloud.com/2490
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Hudson
Tested-by: Maloo <whamcloud.maloo@gmail.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lustre/llite/xattr.c   | 39 +++++++++++++++++++++++++++++++--------
 lustre/tests/sanity.sh | 16 ++++++++++++++++
 2 files changed, 47 insertions(+), 8 deletions(-)

diff --git a/lustre/llite/xattr.c b/lustre/llite/xattr.c
index 1caee22..aaa7631 100644
--- a/lustre/llite/xattr.c
+++ b/lustre/llite/xattr.c
@@ -512,6 +512,29 @@ ssize_t ll_listxattr(struct dentry *dentry, char *buffer, size_t size)
         if (rc < 0)
                 GOTO(out, rc);
 
+	if (buffer != NULL) {
+		struct ll_sb_info *sbi = ll_i2sbi(inode);
+		char *xattr_name = buffer;
+		int xlen, rem = rc;
+
+		while (rem > 0) {
+			xlen = strnlen(xattr_name, rem - 1) + 1;
+			rem -= xlen;
+			if (xattr_type_filter(sbi,
+					get_xattr_type(xattr_name)) == 0) {
+				/* skip OK xattr type
+				 * leave it in buffer
+				 */
+				xattr_name += xlen;
+				continue;
+			}
+			/* move up remaining xattrs in buffer
+			 * removing the xattr that is not OK
+			 */
+			memmove(xattr_name, xattr_name + xlen, rem);
+			rc -= xlen;
+		}
+	}
         if (S_ISREG(inode->i_mode)) {
                 if (ll_i2info(inode)->lli_smd == NULL)
                         rc2 = -1;
@@ -526,14 +549,14 @@ ssize_t ll_listxattr(struct dentry *dentry, char *buffer, size_t size)
                 const size_t name_len   = sizeof("lov") - 1;
                 const size_t total_len  = prefix_len + name_len + 1;
 
-                if (buffer && (rc + total_len) <= size) {
-                        buffer += rc;
-                        memcpy(buffer,XATTR_LUSTRE_PREFIX, prefix_len);
-                        memcpy(buffer+prefix_len, "lov", name_len);
-                        buffer[prefix_len + name_len] = '\0';
-                }
-                rc2 = total_len;
-        }
+		if (buffer && (rc + total_len) <= size) {
+			buffer += rc;
+			memcpy(buffer, XATTR_LUSTRE_PREFIX, prefix_len);
+			memcpy(buffer + prefix_len, "lov", name_len);
+			buffer[prefix_len + name_len] = '\0';
+		}
+		rc2 = total_len;
+	}
 out:
         ptlrpc_req_finished(request);
         rc = rc + rc2;
diff --git a/lustre/tests/sanity.sh b/lustre/tests/sanity.sh
index 76c2a36..ae63acb 100644
--- a/lustre/tests/sanity.sh
+++ b/lustre/tests/sanity.sh
@@ -5525,6 +5525,22 @@ test_102k() {
 }
 run_test 102k "setfattr without parameter of value shouldn't cause a crash"
 
+test_102l() {
+	# LU-532 trusted. xattr is invisible to non-root
+	local testfile=$DIR/$tfile
+
+	touch $testfile
+
+	echo "listxattr as user..."
+	chown $RUNAS_ID $testfile
+	$RUNAS getfattr -d -m '.*' $testfile 2>&1 |
+	    grep -q "trusted" &&
+		error "$testfile trusted xattrs are user visible"
+
+	return 0;
+}
+run_test 102l "listxattr filter test =================================="
+
 cleanup_test102
 
 run_acl_subtest()
-- 
1.8.3.1