Chapter 11: Extended Attributes and Access Control Lists
Array ofpointersxattr_handlers_xattrstruct super_blockFigure 11-1: Data structures used for the
generic xattr implementation.SystemCalls
Recall that there are three system calls for each extended attribute operation (get, set, and list), which
differ in how the destination is specified. To avoid code duplication, the system calls are structured into
two parts:- Find the instance ofdentryassociated with the target object.
- Delegate further processing to a function common to all three calls.
Looking up thedentryinstance is performed byuser_path_walk,byuser_path_walk_link,orbyread-
ing thedentrypointer contained in thefileinstance, depending on which system call was used. After
this, a common basis for all three system call variants has been established.In the case ofsetxattr, the common function used for further processing issetxattr; the associated
code flow diagram is shown in Figure 11-2.Copy name and value from userspacesetxattrvfs_setxattrFigure 11-2: Code flow diagram for
setxattr.First, the routine copies both the name and the attribute value from userspace to kernel space. Since the
value of the extended attribute can have arbitrary contents, the size is not predetermined. The system call
has an explicit size parameter to indicate how many bytes are supposed to be read in. To avoid abuse of
kernel memory, it is ensured that the size of name and value does not exceed the limits imposed by the
following quantities:limits.h
#define XATTR_NAME_MAX 255 /* # chars in an extended attribute name */
#define XATTR_SIZE_MAX 65536 /* size of an extended attribute value (64k) */After this preparation step, further processing is delegated tovfs_setxattr. The associated code flow
diagram is shown in Figure 11-3.