From 2ab92474111bf43e4af127514b54948678522647 Mon Sep 17 00:00:00 2001
From: Chunwei Chen <david.chen@osnexus.com>
Date: Wed, 6 Jul 2016 16:54:19 -0700
Subject: [PATCH] Don't allow accessing XATTR via export handle

Allow accessing XATTR through export handle is a very bad idea. It
would allow user to write whatever they want in fields where they
otherwise could not.

Signed-off-by: Chunwei Chen <david.chen@osnexus.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Issue #4828
---
 module/zfs/zfs_vfsops.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/module/zfs/zfs_vfsops.c b/module/zfs/zfs_vfsops.c
index 5cdb511992..cc0cb0a523 100644
--- a/module/zfs/zfs_vfsops.c
+++ b/module/zfs/zfs_vfsops.c
@@ -1614,6 +1614,14 @@ zfs_vget(struct super_block *sb, struct inode **ipp, fid_t *fidp)
 		ZFS_EXIT(zsb);
 		return (err);
 	}
+
+	/* Don't export xattr stuff */
+	if (zp->z_pflags & ZFS_XATTR) {
+		iput(ZTOI(zp));
+		ZFS_EXIT(zsb);
+		return (SET_ERROR(ENOENT));
+	}
+
 	(void) sa_lookup(zp->z_sa_hdl, SA_ZPL_GEN(zsb), &zp_gen,
 	    sizeof (uint64_t));
 	zp_gen = zp_gen & gen_mask;