Are names attributes different from extended attributes here? Do we need the additional flag?

ZSB_XATTR and z_xattr_sa might change in run time, with the xattr property. It is not read-only. The extended attributes code checks both locations on read, so switching it live is not fatal for already existing ones. With names attributes only accessing directories the two KPIs may start returning different values if the property value is changed live. May need consideration.

Will this list attributes with "forbidden" prefixes? Should it?

is_nameddir said twice.

More accurately, the mechanism used to manipulate
the extended attributes is different.
This flag indicates that the "Solaris style mechanism"
(called named attributes in the NFSv4 RFCs) is being used.

Maybe the name should be changed somewhat. Any suggestions?
(LOOKUP_XATTR_NAMED_ATTR maybe??)

Btw, the main purpose of the flag is to indicate that the other
related flag V_NAMEDATTR gets set for the zfs_zaccess() call.

Yep. Flipping back and forth between "dir" and "sa" is a little
weird. "setextattr system ..." can only be done if xattr is set to "sa".
Attributes created via setextattr when xattr=sa are invisible to
named attributes (the Solaris mechanism), but ones created when
xattr=dir are visible as named attributes and via lsextattr and friends.

There is also some weirdness w.r.t. "zfs get xattr" I do not understand.
Sometimes it reports "sa" or "dir". Others it reports "on". I need to look
at that at some point.

If you think this will be too confusing, I could create a new setting for
xattr (maybe xattr=named) and then this setting would only take effect during
startup or remount and would disallow lsextattr and friends.
--> But that sounds confusing too.

So, I'm not sure what the right answer is for this?

I think it currently does list them.
However, since they are created via Linux, I don't have
any way to test it. (The FreeBSD system space ones can
only be done when xattr=sa and don't show up when
xattr=dir, as noted in the other reply.)

Should it list them?
I don't know, since Solaris lists everything,
but assumes that there won't be any weird/forbidden
ones.

Since zfs_listextattr_dir() strips out the forbidden ones,
I am thinking that zfs_readdir() should do so as well
for the named attribute dir, for consistency.

What do you think?

Good catch, btw. I filtered out the forbidden ones in
zfs_has_namedattr(), but did not add code to zfs_readdir()
to do so and I am now thinking it should filter them out?

For emphasis;-)

I'll fix it.

This version of the patch allows "setextattr system ..." to work
for xattr=dir. Not allowing it was a bug in my previous patch.

I think that "setextattr system" needs to work, since some
applications may set "system" attributes and those cannot
be done via the named attribute mechanism.

This version of the patch skips over forbidden names,
which I now believe is correct, since it is consistent
with what "lsextattr user ..." does.

There is also some weirdness w.r.t. "zfs get xattr" I do not understand.
Sometimes it reports "sa" or "dir". Others it reports "on". I need to look
at that at some point.

Unfortunately, unlike "on" for "compression", which is a separate value, "on" for "xattr" is just another name for one of explicit options. Originally it mapped to "dir", but lately was changed to "sa", which only increased the confusion.

If you think this will be too confusing, I could create a new setting for
xattr (maybe xattr=named) and then this setting would only take effect during
startup or remount and would disallow lsextattr and friends.

I don't think adding more options would make it any cleaner. I am trying to think towards any possible better integration between "sa" and "dir". For the existing xattr API it is not very important what way "xattr" property is set -- on get it can get any available (expecting only one to exist), and on set, it makes sure to wipe possible other variant. Sure having some of attributes stores in "sa" via old API invisible via new is annoying, but I think having two variants stored same time may be even worse. I wonder if we could delete "sa" attributes when creating "dir" with the same name via the new API. Though if some attributes are not visible in some way, it may create difficulties and uncertainty for some copy/replication software.

All I can think of is documenting that switching back and forth
will cause grief and, if a file system is going to use the Solaris
way (or named attributes, if you prefer), xattr=dir needs to be
set right away and left that way.

Something like this could go in the zfsprops man page.
(I haven't patched it yet, but assumed I would at some point.)

I don't think copying the sa attributes into dir attributes will work
well, given the prefixes on the sa attributes and the case where there
are two attributes (one sa and one dir) with the same name.

Since for xattr=sa there can be dir attributes (ones too big to fit in
the sa block), I suspect the software will work now. I haven't played
with tar yet, but so long as it works for large ones (using the current
Linux style model), it should get everything.

The problematic case occurs when a small attribute is created when
xattr=sa and then an attribute of the same name is created after
changing to xattr=dir.
Maybe the Solaris style create should check to see if the same name
already exists in the sa block and if it does, refuse to create it?
(Or would that just create more confusion?)