client: don't allow access to MDS-private inodes

Fixes: https://tracker.ceph.com/issues/50112
Signed-off-by: Xiubo Li <xiubli@redhat.com>

diff --git a/src/client/Client.cc b/src/client/Client.cc
index d155341fdc3a6d61453b53ed7904f6281d1336c6..33399629c5556ab7e4d2b26b96d0d5f31343ae4c 100644 (file)
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -156,6 +156,14 @@ void client_flush_set_callback(void *p, ObjectCacher::ObjectSet *oset)
   client->flush_set_callback(oset);
 }
 
+bool Client::is_reserved_vino(vinodeno_t &vino) {
+  if (vino.ino < MDS_INO_SYSTEM_BASE && vino.ino != MDS_INO_ROOT) {
+    ldout(cct, -1) << __func__ << "attempt to access reserved inode number " << vino << dendl;
+    return true;
+  }
+  return false;
+}
+
 
 // -------------
 
@@ -9150,6 +9158,9 @@ int Client::_lookup_vino(vinodeno_t vino, const UserPerm& perms, Inode **inode)
   if (!mref_reader.is_state_satisfied())
     return -CEPHFS_ENOTCONN;
 
+  if (is_reserved_vino(vino))
+    return -CEPHFS_ESTALE;
+
   MetaRequest *req = new MetaRequest(CEPH_MDS_OP_LOOKUPINO);
   filepath path(vino.ino);
   req->set_filepath(path);
@@ -11406,6 +11417,9 @@ int Client::ll_lookup_vino(
   if (!mref_reader.is_state_satisfied())
     return -CEPHFS_ENOTCONN;
 
+  if (is_reserved_vino(vino))
+    return -CEPHFS_ESTALE;
+
   std::scoped_lock lock(client_lock);
   ldout(cct, 3) << __func__ << " " << vino << dendl;
 
@@ -11660,6 +11674,9 @@ Inode *Client::ll_get_inode(vinodeno_t vino)
   if (!mref_reader.is_state_satisfied())
     return NULL;
 
+  if (is_reserved_vino(vino))
+    return NULL;
+
   std::scoped_lock lock(client_lock);
 
   unordered_map<vinodeno_t,Inode*>::iterator p = inode_map.find(vino);

diff --git a/src/client/Client.h b/src/client/Client.h
index 011ff1ad07b9a3bcbb638c1cc80c59f2b5fc48c4..48fad7f61ba963b590336b1cb9f8d4ee1b1b1d16 100644 (file)
--- a/src/client/Client.h
+++ b/src/client/Client.h
@@ -1223,6 +1223,7 @@ private:
   static const VXattr _common_vxattrs[];
 
 
+  bool is_reserved_vino(vinodeno_t &vino);
 
   void fill_dirent(struct dirent *de, const char *name, int type, uint64_t ino, loff_t next_off);