ext4: implement extended attribute reading

Add GetXattr(path) public method that reads both inline (ibody) and
external block xattrs.

Support all standard name index prefixes (user, trusted, security,
system, posix_acl).

Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>

Author: vvoland

filesystem/ext4/ext4.go

@@ -1630,29 +1630,11 @@ func (fs *FileSystem) readInode(inodeNumber uint32) (*inode, error) {
 	if inodeNumber == 0 {
 		return nil, fmt.Errorf("cannot read inode 0")
 	}
-	sb := fs.superblock
-	inodeSize := sb.inodeSize
-	inodesPerGroup := sb.inodesPerGroup
-	// figure out which block group the inode is on
-	bg := (inodeNumber - 1) / inodesPerGroup
-	// read the group descriptor to find out the location of the inode table
-	gd := fs.groupDescriptors.descriptors[bg]
-	inodeTableBlock := gd.inodeTableLocation
-	inodeBytes := make([]byte, inodeSize)
-	// bytesStart is beginning byte for the inodeTableBlock
-	byteStart := inodeTableBlock * uint64(sb.blockSize)
-	// offsetInode is how many inodes in our inode is
-	offsetInode := (inodeNumber - 1) % inodesPerGroup
-	// offset is how many bytes in our inode is
-	offset := offsetInode * uint32(inodeSize)
-	read, err := fs.backend.ReadAt(inodeBytes, int64(byteStart)+int64(offset))
+	inodeBytes, err := fs.readInodeRaw(inodeNumber)
 	if err != nil {
-		return nil, fmt.Errorf("failed to read inode %d from offset %d of block %d from block group %d: %v", inodeNumber, offset, inodeTableBlock, bg, err)
-	}
-	if read != int(inodeSize) {
-		return nil, fmt.Errorf("read %d bytes for inode %d instead of inode size of %d", read, inodeNumber, inodeSize)
+		return nil, fmt.Errorf("could not read inode %d: %w", inodeNumber, err)
 	}
-	inode, err := inodeFromBytes(inodeBytes, sb, inodeNumber)
+	inode, err := inodeFromBytes(inodeBytes, fs.superblock, inodeNumber)
 	if err != nil {
 		return nil, fmt.Errorf("could not interpret inode data: %v", err)
 	}
@@ -3393,3 +3375,157 @@ func validatePath(name string) error {
 	}
 	return nil
 }
+
+// GetXattr reads extended attributes for the file at path p.
+//
+// Extended attributes are stored either inline in the inode (ibody) or in a
+// separate block referenced by inode.i_file_acl. This method reads both locations
+// and merges the results, with ibody xattrs taking precedence.
+//
+// References:
+//   - Kernel source: https://github.com/torvalds/linux/blob/master/fs/ext4/xattr.c (ext4_xattr_get)
+//   - Disk layout: https://www.kernel.org/doc/html/latest/filesystems/ext4/dynamic.html#extended-attributes
+func (fs *FileSystem) GetXattr(p string) (map[string][]byte, error) {
+	_, entry, err := fs.getEntryAndParent(p)
+	if err != nil {
+		return nil, err
+	}
+	if entry == nil {
+		return nil, fmt.Errorf("file does not exist: %s", p)
+	}
+	inodeBytes, err := fs.readInodeRaw(entry.inode)
+	if err != nil {
+		return nil, fmt.Errorf("could not read inode %d: %w", entry.inode, err)
+	}
+	in, err := inodeFromBytes(inodeBytes, fs.superblock, entry.inode)
+	if err != nil {
+		return nil, fmt.Errorf("could not interpret inode data: %w", err)
+	}
+	return fs.readXattrs(in, inodeBytes)
+}
+
+// readXattrs reads all extended attributes from an inode.
+//
+// Extended attributes can be stored in two locations:
+// 1. Inline in the inode body (ibody) - stored after i_extra_isize
+// 2. In a dedicated block referenced by inode.i_file_acl
+//
+// Both locations are read and merged. The same key should not exist in both
+// locations, but if it does, the ibody value is kept.
+func (fs *FileSystem) readXattrs(in *inode, inodeBytes []byte) (map[string][]byte, error) {
+	result := make(map[string][]byte)
+
+	ibodyXattrs, err := fs.readIbodyXattrs(inodeBytes)
+	if err != nil {
+		return nil, fmt.Errorf("error reading ibody xattrs: %w", err)
+	}
+	for k, v := range ibodyXattrs {
+		result[k] = v
+	}
+
+	if in.extendedAttributeBlock != 0 {
+		blockXattrs, err := fs.readBlockXattrs(in.extendedAttributeBlock)
+		if err != nil {
+			return nil, fmt.Errorf("error reading xattr block: %w", err)
+		}
+		for k, v := range blockXattrs {
+			if _, exists := result[k]; !exists {
+				result[k] = v
+			}
+		}
+	}
+
+	return result, nil
+}
+
+// readIbodyXattrs reads extended attributes stored inline in the inode.
+//
+// For inodes larger than 128 bytes, the extra space after i_extra_isize can be
+// used to store extended attributes. The layout is:
+//
+//	[128-byte base inode][i_extra_isize bytes][xattr magic][xattr entries]
+//
+// The inline storage is indicated by the ext4_xattr_ibody_header magic number
+// (0xEA020000). If not present, the inode has no inline xattrs.
+//
+// Reference: ext4_xattr_ibody_find in fs/ext4/xattr.c
+func (fs *FileSystem) readIbodyXattrs(inodeBytes []byte) (map[string][]byte, error) {
+	sb := fs.superblock
+	if sb.inodeSize <= ext2InodeSize {
+		return nil, nil
+	}
+
+	if len(inodeBytes) < int(ext2InodeSize)+4 {
+		return nil, nil
+	}
+	extraIsize := binary.LittleEndian.Uint16(inodeBytes[ext2InodeSize : ext2InodeSize+2])
+
+	xattrStart := int(ext2InodeSize) + int(extraIsize)
+	xattrEnd := int(sb.inodeSize)
+	if xattrStart >= xattrEnd || xattrEnd-xattrStart < 4 {
+		return nil, nil
+	}
+
+	magic := binary.LittleEndian.Uint32(inodeBytes[xattrStart : xattrStart+4])
+	if magic != xattrMagic {
+		return nil, nil
+	}
+
+	data := inodeBytes[xattrStart+4 : xattrEnd]
+	return parseXattrEntries(data, data)
+}
+
+// readBlockXattrs reads extended attributes from a dedicated block.
+//
+// The block format is:
+//
+//	[ext4_xattr_header (32 bytes)][xattr entries][xattr values]
+//
+// The ext4_xattr_header contains a magic number (0xEA020000), reference count,
+// and checksums. Entries are stored in sorted order (by name_index, then name).
+//
+// Reference: ext4_xattr_block_find in fs/ext4/xattr.c
+func (fs *FileSystem) readBlockXattrs(block uint64) (map[string][]byte, error) {
+	blockSize := int(fs.superblock.blockSize)
+	data := make([]byte, blockSize)
+	offset := int64(block) * int64(blockSize)
+	_, err := fs.backend.ReadAt(data, offset)
+	if err != nil {
+		return nil, fmt.Errorf("could not read xattr block at %d: %w", block, err)
+	}
+
+	magic := binary.LittleEndian.Uint32(data[0:4])
+	if magic != xattrMagic {
+		return nil, fmt.Errorf("invalid xattr block magic: %x", magic)
+	}
+
+	entryData := data[xattrHeaderSize:]
+	return parseXattrEntries(entryData, data)
+}
+
+// readInodeRaw reads the raw bytes of an inode from disk.
+//
+// This is a helper function extracted from readInode to allow reading the full
+// inode structure including the extended area (i_extra_isize) which may contain
+// inline extended attributes.
+func (fs *FileSystem) readInodeRaw(inodeNumber uint32) ([]byte, error) {
+	sb := fs.superblock
+	inodeSize := sb.inodeSize
+	inodesPerGroup := sb.inodesPerGroup
+	bg := (inodeNumber - 1) / inodesPerGroup
+	gd := fs.groupDescriptors.descriptors[bg]
+	inodeTableBlock := gd.inodeTableLocation
+	byteStart := inodeTableBlock * uint64(sb.blockSize)
+	offsetInode := (inodeNumber - 1) % inodesPerGroup
+	offset := offsetInode * uint32(inodeSize)
+
+	inodeBytes := make([]byte, inodeSize)
+	read, err := fs.backend.ReadAt(inodeBytes, int64(byteStart)+int64(offset))
+	if err != nil {
+		return nil, fmt.Errorf("failed to read inode %d from offset %d of block %d from block group %d: %w", inodeNumber, offset, inodeTableBlock, bg, err)
+	}
+	if read != int(inodeSize) {
+		return nil, fmt.Errorf("read %d bytes for inode %d instead of inode size of %d", read, inodeNumber, inodeSize)
+	}
+	return inodeBytes, nil
+}

filesystem/ext4/xattr.go

@@ -0,0 +1,120 @@
+package ext4
+
+import (
+	"encoding/binary"
+	"fmt"
+)
+
+// Extended Attributes (xattrs) implementation.
+//
+// References:
+// - Kernel documentation: https://www.kernel.org/doc/html/latest/filesystems/ext4/dynamic.html#extended-attributes
+// - Legacy wiki: https://ext4.wiki.kernel.org/index.php/Ext4_Disk_Layout#Extended_Attributes
+// - Kernel source (structures): https://github.com/torvalds/linux/blob/master/fs/ext4/xattr.h
+// - Kernel source (implementation): https://github.com/torvalds/linux/blob/master/fs/ext4/xattr.c
+// - e2fsprogs implementation: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/tree/lib/ext2fs/ext_attr.c
+
+const (
+	// xattrMagic is the magic number identifying extended attribute blocks.
+	// See ext4_xattr_header in fs/ext4/xattr.h
+	xattrMagic = 0xEA020000
+
+	// xattrHeaderSize is the size of ext4_xattr_header (32 bytes).
+	xattrHeaderSize = 32
+
+	// xattrEntrySize is the fixed size of ext4_xattr_entry before the variable-length name.
+	// See struct ext4_xattr_entry in fs/ext4/xattr.h
+	xattrEntrySize = 16
+
+	// Attribute name index values from fs/ext4/xattr.h
+	xattrIndexUser            = 1 // EXT4_XATTR_INDEX_USER
+	xattrIndexPosixACLAccess  = 2 // EXT4_XATTR_INDEX_POSIX_ACL_ACCESS
+	xattrIndexPosixACLDefault = 3 // EXT4_XATTR_INDEX_POSIX_ACL_DEFAULT
+	xattrIndexTrusted         = 4 // EXT4_XATTR_INDEX_TRUSTED
+	xattrIndexSecurity        = 6 // EXT4_XATTR_INDEX_SECURITY
+	xattrIndexSystem          = 7 // EXT4_XATTR_INDEX_SYSTEM
+)
+
+// xattrPrefixes maps name index values to their corresponding key prefixes.
+// This reduces on-disk space consumption by storing only the index instead of
+// the full prefix string.
+//
+// POSIX ACL entries have no trailing dot because their e_name_len is always 0;
+// the full attribute name is exactly the prefix (e.g. "system.posix_acl_access").
+//
+// See ext4_xattr_prefix_type in fs/ext4/xattr.h
+var xattrPrefixes = map[uint8]string{
+	0:                         "",
+	xattrIndexUser:            "user.",
+	xattrIndexPosixACLAccess:  "system.posix_acl_access",
+	xattrIndexPosixACLDefault: "system.posix_acl_default",
+	xattrIndexTrusted:         "trusted.",
+	xattrIndexSecurity:        "security.",
+	xattrIndexSystem:          "system.",
+}
+
+// parseXattrEntries parses extended attribute entries from a byte slice.
+//
+// entries contains the ext4_xattr_entry structures; values is the region from which
+// e_value_offs is relative. For inline (ibody) xattrs, both point to the same region.
+// For block xattrs, entries points to the region after the header, and values points
+// to the entire block (including header).
+//
+// The on-disk format is defined in struct ext4_xattr_entry in fs/ext4/xattr.h:
+//
+//	struct ext4_xattr_entry {
+//	    __u8 e_name_len;      /* length of name */
+//	    __u8 e_name_index;    /* attribute name index */
+//	    __le16 e_value_offs;  /* offset in disk block of value */
+//	    __le32 e_value_inum;  /* inode in which the value is stored */
+//	    __le32 e_value_size;  /* size of attribute value */
+//	    __le32 e_hash;        /* hash value of name and value */
+//	    char e_name[];        /* attribute name */
+//	};
+func parseXattrEntries(entries, values []byte) (map[string][]byte, error) {
+	result := make(map[string][]byte)
+	pos := 0
+	for pos+xattrEntrySize <= len(entries) {
+		nameLen := entries[pos]
+		nameIndex := entries[pos+1]
+		// The entry list is terminated by a zero-filled entry (e_name_len == 0
+		// and e_name_index == 0). See EXT4_IS_LAST_ENTRY in fs/ext4/xattr.h.
+		// POSIX ACL entries have e_name_len == 0 but e_name_index != 0.
+		if nameLen == 0 && nameIndex == 0 {
+			break
+		}
+		valueOffs := binary.LittleEndian.Uint16(entries[pos+2 : pos+4])
+		valueInum := binary.LittleEndian.Uint32(entries[pos+4 : pos+8])
+		valueSize := binary.LittleEndian.Uint32(entries[pos+8 : pos+12])
+
+		nameStart := pos + xattrEntrySize
+		nameEnd := nameStart + int(nameLen)
+		if nameEnd > len(entries) {
+			return nil, fmt.Errorf("xattr entry name extends past buffer")
+		}
+
+		prefix, ok := xattrPrefixes[nameIndex]
+		if !ok {
+			prefix = fmt.Sprintf("unknown_%d.", nameIndex)
+		}
+		fullName := prefix + string(entries[nameStart:nameEnd])
+
+		if valueInum != 0 {
+			return nil, fmt.Errorf("xattr %q: ea_inode values not supported", fullName)
+		}
+		if valueSize > 0 {
+			vStart := int(valueOffs)
+			vEnd := vStart + int(valueSize)
+			if vEnd > len(values) {
+				return nil, fmt.Errorf("xattr value for %q extends past buffer", fullName)
+			}
+			val := make([]byte, valueSize)
+			copy(val, values[vStart:vEnd])
+			result[fullName] = val
+		}
+
+		// Advance to next entry, aligned to 4 bytes.
+		pos = (nameEnd + 3) &^ 3
+	}
+	return result, nil
+}