On Thu, Jan 28, 2021 at 09:35:27PM -0500, bfields@xxxxxxxxxxxx wrote:
> Note that this patch doesn't prevent an application from setting a
> zero-length ACL. The xattr format is XDR with the first four bytes
> representing the number of ACEs, so you'd set a zero-length ACL by
> passing down a 4-byte all-zero buffer as the new value of the
> system.nfs4_acl xattr.
>
> A zero-length NULL buffer is what's used to implement removexattr:
>
> int
> __vfs_removexattr(struct dentry *dentry, const char *name)
> {
> ...
> return handler->set(handler, dentry, inode, name, NULL, 0, XATTR_REPLACE);
> }
>
> That's the case this patch covers.
So, I should have said in the changelog, apologies--the behavior without
this patch is that when it gets a removexattr, the client sends a
SETATTR with a bitmap claiming there's an ACL attribute, but a
zero-length attribute value list, and the server (correctly) returns
BADXDR.
--b.
