[src/trunk]: src/sys/ufs/ffs - Allow root to set system attributes, samba doe...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/ba2d6676ec92
branches:  trunk
changeset: 971295:ba2d6676ec92
user:      christos <christos%NetBSD.org@localhost>
date:      Mon Apr 20 18:10:10 2020 +0000

description:
- Allow root to set system attributes, samba does this
- Fix locking issue, perhaps we should use our own mutex; does not seem worth
  it for this simple case.

diffstat:

 sys/ufs/ffs/ffs_extattr.c |  13 ++++++++-----
 1 files changed, 8 insertions(+), 5 deletions(-)

diffs (58 lines):

diff -r 0030a33b55fc -r ba2d6676ec92 sys/ufs/ffs/ffs_extattr.c
--- a/sys/ufs/ffs/ffs_extattr.c Mon Apr 20 16:32:03 2020 +0000
+++ b/sys/ufs/ffs/ffs_extattr.c Mon Apr 20 18:10:10 2020 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: ffs_extattr.c,v 1.2 2020/04/19 13:59:13 christos Exp $ */
+/*     $NetBSD: ffs_extattr.c,v 1.3 2020/04/20 18:10:10 christos Exp $ */
 
 /*-
  * SPDX-License-Identifier: (BSD-2-Clause-FreeBSD AND BSD-3-Clause)
@@ -66,7 +66,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ffs_extattr.c,v 1.2 2020/04/19 13:59:13 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ffs_extattr.c,v 1.3 2020/04/20 18:10:10 christos Exp $");
 
 #if defined(_KERNEL_OPT)
 #include "opt_ffs.h"
@@ -153,8 +153,8 @@
         */
        switch (attrnamespace) {
        case EXTATTR_NAMESPACE_SYSTEM:
-               /* Potentially with privs */
-               return EPERM;
+               return kauth_authorize_system(cred, KAUTH_SYSTEM_FS_EXTATTR,
+                   0, vp->v_mount, NULL, NULL);
        case EXTATTR_NAMESPACE_USER:
                return VOP_ACCESS(vp, accmode, cred);
        default:
@@ -392,8 +392,10 @@
        }
        if (error) {
                if (ioflag & IO_UNIT) {
+                       genfs_node_unlock(vp);  // XXX: need our own lock
                        (void)ffs_truncate(vp, osize,
                            IO_EXT | (ioflag&IO_SYNC), ucred);
+                       genfs_node_wrlock(vp);
                        uio->uio_offset -= resid - uio->uio_resid;
                        uio->uio_resid = resid;
                }
@@ -559,7 +561,9 @@
                                ffs_unlock_ea(vp);
                                return error;
                        }
+                       genfs_node_unlock(vp);  // XXX: need our own lock
                        error = ffs_truncate(vp, 0, IO_EXT, cred);
+                       genfs_node_wrlock(vp);
                        UFS_WAPBL_END(vp->v_mount);
                }
                error = ffs_extwrite(vp, &luio, IO_EXT | IO_SYNC, cred);
@@ -935,7 +939,6 @@
        error = ffs_extattr_check_cred(ap->a_vp, ap->a_attrnamespace,
            ap->a_cred, VWRITE);
        if (error) {
-
                /*
                 * ffs_lock_ea is not needed there, because the vnode
                 * must be exclusively locked.