All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Darrick J. Wong" <darrick.wong@oracle.com>
To: darrick.wong@oracle.com
Cc: linux-xfs@vger.kernel.org
Subject: [PATCH 09/13] xfs: enforce metadata inode flag
Date: Tue, 31 Dec 2019 17:15:47 -0800	[thread overview]
Message-ID: <157784134734.1366873.6655382977839344049.stgit@magnolia> (raw)
In-Reply-To: <157784129036.1366873.17175097590750371047.stgit@magnolia>

From: Darrick J. Wong <darrick.wong@oracle.com>

Add checks for the metadata inode flag so that we don't ever leak
metadata inodes out to userspace, and we don't ever try to read a
regular inode as metadata.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
 fs/xfs/libxfs/xfs_inode_buf.c |    5 +++++
 fs/xfs/scrub/common.c         |    3 ++-
 fs/xfs/scrub/inode_repair.c   |    3 +++
 fs/xfs/scrub/scrub.c          |    1 +
 fs/xfs/xfs_icache.c           |    4 +++-
 fs/xfs/xfs_inode.c            |   10 ++++++++++
 fs/xfs/xfs_itable.c           |   11 +++++++++++
 7 files changed, 35 insertions(+), 2 deletions(-)


diff --git a/fs/xfs/libxfs/xfs_inode_buf.c b/fs/xfs/libxfs/xfs_inode_buf.c
index d0084f47f246..6823e6eeec2c 100644
--- a/fs/xfs/libxfs/xfs_inode_buf.c
+++ b/fs/xfs/libxfs/xfs_inode_buf.c
@@ -548,6 +548,11 @@ xfs_dinode_verify(
 
 	flags2 = be64_to_cpu(dip->di_flags2);
 
+	/* don't allow the metadata iflag if we don't have metadir */
+	if ((flags2 & XFS_DIFLAG2_METADATA) &&
+	    !xfs_sb_version_hasmetadir(&mp->m_sb))
+		return __this_address;
+
 	/* don't allow reflink/cowextsize if we don't have reflink */
 	if ((flags2 & (XFS_DIFLAG2_REFLINK | XFS_DIFLAG2_COWEXTSIZE)) &&
 	     !xfs_sb_version_hasreflink(&mp->m_sb))
diff --git a/fs/xfs/scrub/common.c b/fs/xfs/scrub/common.c
index 71f49f2478d7..68fa5ab8c52b 100644
--- a/fs/xfs/scrub/common.c
+++ b/fs/xfs/scrub/common.c
@@ -732,7 +732,8 @@ xchk_get_inode(
 				error, __return_address);
 		return error;
 	}
-	if (VFS_I(ip)->i_generation != sc->sm->sm_gen) {
+	if (VFS_I(ip)->i_generation != sc->sm->sm_gen ||
+	    xfs_is_metadata_inode(ip)) {
 		xfs_irele(ip);
 		return -ENOENT;
 	}
diff --git a/fs/xfs/scrub/inode_repair.c b/fs/xfs/scrub/inode_repair.c
index bd4374f49035..0cd2e1e7616d 100644
--- a/fs/xfs/scrub/inode_repair.c
+++ b/fs/xfs/scrub/inode_repair.c
@@ -171,6 +171,9 @@ xrep_dinode_flags(
 		flags2 &= ~XFS_DIFLAG2_DAX;
 	if (!xfs_sb_version_hasbigtime(&mp->m_sb))
 		flags2 &= ~XFS_DIFLAG2_BIGTIME;
+	if (!xfs_sb_version_hasmetadir(&mp->m_sb) &&
+	    (flags2 & XFS_DIFLAG2_METADATA))
+		flags2 &= ~XFS_DIFLAG2_METADATA;
 	dip->di_flags = cpu_to_be16(flags);
 	dip->di_flags2 = cpu_to_be64(flags2);
 }
diff --git a/fs/xfs/scrub/scrub.c b/fs/xfs/scrub/scrub.c
index 9a7a040ab2c0..54a524d19948 100644
--- a/fs/xfs/scrub/scrub.c
+++ b/fs/xfs/scrub/scrub.c
@@ -166,6 +166,7 @@ xchk_teardown(
 		if (sc->ilock_flags)
 			xfs_iunlock(sc->ip, sc->ilock_flags);
 		if (sc->ip != ip_in &&
+		    !xfs_is_metadata_inode(sc->ip) &&
 		    !xfs_internal_inum(sc->mp, sc->ip->i_ino))
 			xfs_irele(sc->ip);
 		sc->ip = NULL;
diff --git a/fs/xfs/xfs_icache.c b/fs/xfs/xfs_icache.c
index adf5a63129c6..57f2f46afb13 100644
--- a/fs/xfs/xfs_icache.c
+++ b/fs/xfs/xfs_icache.c
@@ -891,7 +891,9 @@ xfs_imeta_iget(
 	if (error)
 		return error;
 
-	if (ftype == XFS_DIR3_FT_UNKNOWN ||
+	if ((xfs_sb_version_hasmetadir(&mp->m_sb) &&
+	     !xfs_is_metadata_inode(ip)) ||
+	    ftype == XFS_DIR3_FT_UNKNOWN ||
 	    xfs_mode_to_ftype(VFS_I(ip)->i_mode) != ftype) {
 		xfs_irele(ip);
 		return -EFSCORRUPTED;
diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
index 00c633ce1013..bac26f793746 100644
--- a/fs/xfs/xfs_inode.c
+++ b/fs/xfs/xfs_inode.c
@@ -605,8 +605,15 @@ xfs_lookup(
 	if (error)
 		goto out_free_name;
 
+	if (xfs_is_metadata_inode(*ipp)) {
+		error = -EINVAL;
+		goto out_irele;
+	}
+
 	return 0;
 
+out_irele:
+	xfs_irele(*ipp);
 out_free_name:
 	if (ci_name)
 		kmem_free(ci_name->name);
@@ -2912,6 +2919,9 @@ void
 xfs_imeta_irele(
 	struct xfs_inode	*ip)
 {
+	ASSERT(!xfs_sb_version_hasmetadir(&ip->i_mount->m_sb) ||
+	       xfs_is_metadata_inode(ip));
+
 	xfs_irele(ip);
 }
 
diff --git a/fs/xfs/xfs_itable.c b/fs/xfs/xfs_itable.c
index 4b31c29b7e6b..5d0612e35d18 100644
--- a/fs/xfs/xfs_itable.c
+++ b/fs/xfs/xfs_itable.c
@@ -75,6 +75,17 @@ xfs_bulkstat_one_int(
 	if (error)
 		goto out;
 
+	/*
+	 * Inodes marked as being metadata are treated the same as "internal"
+	 * metadata inodes (which are rooted in the superblock).
+	 */
+	if (xfs_is_metadata_inode(ip)) {
+		xfs_iunlock(ip, XFS_ILOCK_SHARED);
+		xfs_irele(ip);
+		error = -EINVAL;
+		goto out_advance;
+	}
+
 	ASSERT(ip != NULL);
 	ASSERT(ip->i_imap.im_blkno != 0);
 	inode = VFS_I(ip);


  parent reply	other threads:[~2020-01-01  1:15 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-01-01  1:14 [PATCH v2 00/13] xfs: metadata inode directories Darrick J. Wong
2020-01-01  1:14 ` [PATCH 01/13] xfs: create imeta abstractions to get and set metadata inodes Darrick J. Wong
2020-01-01  1:15 ` [PATCH 02/13] xfs: create transaction reservations for metadata inode operations Darrick J. Wong
2020-01-01  1:15 ` [PATCH 03/13] xfs: refactor the v4 group/project inode pointer switch Darrick J. Wong
2020-01-01  1:15 ` [PATCH 04/13] xfs: convert all users to xfs_imeta_log Darrick J. Wong
2020-01-01  1:15 ` [PATCH 05/13] xfs: iget for metadata inodes Darrick J. Wong
2020-01-01  1:15 ` [PATCH 06/13] xfs: define the on-disk format for the metadir feature Darrick J. Wong
2020-01-01  1:15 ` [PATCH 07/13] xfs: load metadata inode directory at mount time Darrick J. Wong
2020-01-01  1:15 ` [PATCH 08/13] xfs: convert metadata inode lookup keys to use paths Darrick J. Wong
2020-01-01  1:15 ` Darrick J. Wong [this message]
2020-01-01  1:15 ` [PATCH 10/13] xfs: read and write metadata inode directory Darrick J. Wong
2020-01-01  1:15 ` [PATCH 11/13] xfs: ensure metadata directory paths exist before creating files Darrick J. Wong
2020-01-01  1:16 ` [PATCH 12/13] xfs: disable the agi rotor for metadata inodes Darrick J. Wong
2020-01-01  1:16 ` [PATCH 13/13] xfs: enable metadata inode directory feature Darrick J. Wong
  -- strict thread matches above, loose matches on Subject: below --
2019-01-01  2:22 [PATCH 00/13] xfs: metadata inode directories Darrick J. Wong
2019-01-01  2:23 ` [PATCH 09/13] xfs: enforce metadata inode flag Darrick J. Wong

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=157784134734.1366873.6655382977839344049.stgit@magnolia \
    --to=darrick.wong@oracle.com \
    --cc=linux-xfs@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.