xfs: hide private inodes from bulkstat and handle functions

We're about to start adding functionality that uses internal inodes that are private to XFS. What this means is that userspace should never be able to access any information about these files, and should not be able to open these files by handle. To prevent users from ever finding the file or mis-interactions with the security apparatus, set S_PRIVATE on the inode. Don't allow bulkstat, open-by-handle, or linking of S_PRIVATE files into the directory tree. This should keep private inodes actually private. Signed-off-by: Darrick J. Wong <djwong@kernel.org> Reviewed-by: Christoph Hellwig <hch@lst.de>
author: Darrick J. Wong <djwong@kernel.org> 2024-04-15 14:54:27 -0700
committer: Darrick J. Wong <djwong@kernel.org> 2024-04-15 14:58:48 -0700
commit: cab23a4233c601668da51dd53776f1f83d0dccee (patch)
tree: c3d06a0c96adf86abaa732e752bcd8caa1ca4a5c /fs/xfs/xfs_export.c
parent: 0730e8d8ba1d1507f1d7fd719e1f835ce69961fe (diff)
download: lwn-cab23a4233c601668da51dd53776f1f83d0dccee.tar.gz
lwn-cab23a4233c601668da51dd53776f1f83d0dccee.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/xfs/xfs_export.c b/fs/xfs/xfs_export.c
index 7cd09c3a82cb..4b03221351c0 100644
--- a/fs/xfs/xfs_export.c
+++ b/fs/xfs/xfs_export.c
@@ -160,7 +160,7 @@ xfs_nfs_get_inode(
 		}
 	}
 
-	if (VFS_I(ip)->i_generation != generation) {
+	if (VFS_I(ip)->i_generation != generation || IS_PRIVATE(VFS_I(ip))) {
 		xfs_irele(ip);
 		return ERR_PTR(-ESTALE);
 	}
author	Darrick J. Wong <djwong@kernel.org>	2024-04-15 14:54:27 -0700
committer	Darrick J. Wong <djwong@kernel.org>	2024-04-15 14:58:48 -0700
commit	cab23a4233c601668da51dd53776f1f83d0dccee (patch)
tree	c3d06a0c96adf86abaa732e752bcd8caa1ca4a5c /fs/xfs/xfs_export.c
parent	0730e8d8ba1d1507f1d7fd719e1f835ce69961fe (diff)
download	lwn-cab23a4233c601668da51dd53776f1f83d0dccee.tar.gz lwn-cab23a4233c601668da51dd53776f1f83d0dccee.zip