NFSv4.2: another fix for listxattr

Currently, when the server supports NFS4.1 security labels then
security.selinux label in included twice. Instead, only add it
when the server doesn't possess security label support.

Fixes: 243fea134633 ("NFSv4.2: fix listxattr to return selinux security label")
Signed-off-by: Olga Kornievskaia <okorniev@redhat.com>
Link: https://lore.kernel.org/r/20250722205641.79394-1-okorniev@redhat.com
Signed-off-by: Trond Myklebust <trond.myklebust@hammerspace.com>

diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
index d8bebd757af3df0efe67c257db8b38bca127a2ea..d7dc669d84c5b3581596257932b1a86c1bc84ab9 100644 (file)
--- a/fs/nfs/nfs4proc.c
+++ b/fs/nfs/nfs4proc.c
@@ -10883,7 +10883,7 @@ const struct nfs4_minor_version_ops *nfs_v4_minor_ops[] = {
 
 static ssize_t nfs4_listxattr(struct dentry *dentry, char *list, size_t size)
 {
-       ssize_t error, error2, error3, error4;
+       ssize_t error, error2, error3, error4 = 0;
        size_t left = size;
 
        error = generic_listxattr(dentry, list, left);
@@ -10911,9 +10911,11 @@ static ssize_t nfs4_listxattr(struct dentry *dentry, char *list, size_t size)
                left -= error3;
        }
 
-       error4 = security_inode_listsecurity(d_inode(dentry), list, left);
-       if (error4 < 0)
-               return error4;
+       if (!nfs_server_capable(d_inode(dentry), NFS_CAP_SECURITY_LABEL)) {
+               error4 = security_inode_listsecurity(d_inode(dentry), list, left);
+               if (error4 < 0)
+                       return error4;
+       }
 
        error += error2 + error3 + error4;
        if (size && error > size)