Commit cab23a42 authored by Darrick J. Wong's avatar Darrick J. Wong

xfs: hide private inodes from bulkstat and handle functions

We're about to start adding functionality that uses internal inodes that
are private to XFS.  What this means is that userspace should never be
able to access any information about these files, and should not be able
to open these files by handle.

To prevent users from ever finding the file or mis-interactions with the
security apparatus, set S_PRIVATE on the inode.  Don't allow bulkstat,
open-by-handle, or linking of S_PRIVATE files into the directory tree.
This should keep private inodes actually private.
Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
parent 0730e8d8
...@@ -160,7 +160,7 @@ xfs_nfs_get_inode( ...@@ -160,7 +160,7 @@ xfs_nfs_get_inode(
} }
} }
if (VFS_I(ip)->i_generation != generation) { if (VFS_I(ip)->i_generation != generation || IS_PRIVATE(VFS_I(ip))) {
xfs_irele(ip); xfs_irele(ip);
return ERR_PTR(-ESTALE); return ERR_PTR(-ESTALE);
} }
......
...@@ -365,6 +365,9 @@ xfs_vn_link( ...@@ -365,6 +365,9 @@ xfs_vn_link(
if (unlikely(error)) if (unlikely(error))
return error; return error;
if (IS_PRIVATE(inode))
return -EPERM;
error = xfs_link(XFS_I(dir), XFS_I(inode), &name); error = xfs_link(XFS_I(dir), XFS_I(inode), &name);
if (unlikely(error)) if (unlikely(error))
return error; return error;
......
...@@ -97,6 +97,14 @@ xfs_bulkstat_one_int( ...@@ -97,6 +97,14 @@ xfs_bulkstat_one_int(
vfsuid = i_uid_into_vfsuid(idmap, inode); vfsuid = i_uid_into_vfsuid(idmap, inode);
vfsgid = i_gid_into_vfsgid(idmap, inode); vfsgid = i_gid_into_vfsgid(idmap, inode);
/* If this is a private inode, don't leak its details to userspace. */
if (IS_PRIVATE(inode)) {
xfs_iunlock(ip, XFS_ILOCK_SHARED);
xfs_irele(ip);
error = -EINVAL;
goto out_advance;
}
/* xfs_iget returns the following without needing /* xfs_iget returns the following without needing
* further change. * further change.
*/ */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment