mirror of
https://github.com/torvalds/linux.git
synced 2024-11-24 21:21:41 +00:00
xfs: hide private inodes from bulkstat and handle functions
We're about to start adding functionality that uses internal inodes that are private to XFS. What this means is that userspace should never be able to access any information about these files, and should not be able to open these files by handle. To prevent users from ever finding the file or mis-interactions with the security apparatus, set S_PRIVATE on the inode. Don't allow bulkstat, open-by-handle, or linking of S_PRIVATE files into the directory tree. This should keep private inodes actually private. Signed-off-by: Darrick J. Wong <djwong@kernel.org> Reviewed-by: Christoph Hellwig <hch@lst.de>
This commit is contained in:
parent
0730e8d8ba
commit
cab23a4233
@ -160,7 +160,7 @@ xfs_nfs_get_inode(
|
||||
}
|
||||
}
|
||||
|
||||
if (VFS_I(ip)->i_generation != generation) {
|
||||
if (VFS_I(ip)->i_generation != generation || IS_PRIVATE(VFS_I(ip))) {
|
||||
xfs_irele(ip);
|
||||
return ERR_PTR(-ESTALE);
|
||||
}
|
||||
|
@ -365,6 +365,9 @@ xfs_vn_link(
|
||||
if (unlikely(error))
|
||||
return error;
|
||||
|
||||
if (IS_PRIVATE(inode))
|
||||
return -EPERM;
|
||||
|
||||
error = xfs_link(XFS_I(dir), XFS_I(inode), &name);
|
||||
if (unlikely(error))
|
||||
return error;
|
||||
|
@ -97,6 +97,14 @@ xfs_bulkstat_one_int(
|
||||
vfsuid = i_uid_into_vfsuid(idmap, inode);
|
||||
vfsgid = i_gid_into_vfsgid(idmap, inode);
|
||||
|
||||
/* If this is a private inode, don't leak its details to userspace. */
|
||||
if (IS_PRIVATE(inode)) {
|
||||
xfs_iunlock(ip, XFS_ILOCK_SHARED);
|
||||
xfs_irele(ip);
|
||||
error = -EINVAL;
|
||||
goto out_advance;
|
||||
}
|
||||
|
||||
/* xfs_iget returns the following without needing
|
||||
* further change.
|
||||
*/
|
||||
|
Loading…
Reference in New Issue
Block a user