]> git.apps.os.sepia.ceph.com Git - ceph.git/commitdiff
projects / ceph.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3511e5a)
client: don't allow access to MDS-private inodes
authorXiubo Li <xiubli@redhat.com>
Wed, 7 Apr 2021 11:37:26 +0000 (19:37 +0800)
committerNathan Cutler <ncutler@suse.com>
Wed, 12 May 2021 09:03:53 +0000 (11:03 +0200)
Fixes: https://tracker.ceph.com/issues/50112
Signed-off-by: Xiubo Li <xiubli@redhat.com>
(cherry picked from commit 89c511356125f892477ef42bd14c0b447ff06106)

Conflicts:
src/client/Client.cc
- nautilus wants ESTALE instead of CEPHFS_ESTALE

src/client/Client.cc patch | blob | history
src/client/Client.h patch | blob | history

diff --git a/src/client/Client.cc b/src/client/Client.cc
index abfc49434ac5bc2500d895e92c36cc01ceae2ed1..dfe2a23a6a78eb8488c80d3a83c3768218a5b6a7 100755 (executable)
--- a/src/client/Client.cc
+++ b/src/client/Client.cc
@@ -131,6 +131,14 @@ void client_flush_set_callback(void *p, ObjectCacher::ObjectSet *oset)
   client->flush_set_callback(oset);
 }
 
+bool Client::is_reserved_vino(vinodeno_t &vino) {
+  if (vino.ino < MDS_INO_SYSTEM_BASE && vino.ino != MDS_INO_ROOT) {
+    ldout(cct, -1) << __func__ << "attempt to access reserved inode number " << vino << dendl;
+    return true;
+  }
+  return false;
+}
+
 
 // -------------
 
@@ -8654,6 +8662,9 @@ int Client::_lookup_vino(vinodeno_t vino, const UserPerm& perms, Inode **inode)
   if (unmounting)
     return -ENOTCONN;
 
+  if (is_reserved_vino(vino))
+    return -ESTALE;
+
   MetaRequest *req = new MetaRequest(CEPH_MDS_OP_LOOKUPINO);
   filepath path(vino.ino);
   req->set_filepath(path);
@@ -10811,6 +10822,9 @@ int Client::ll_lookup_vino(
   if (unmounting)
     return -ENOTCONN;
 
+  if (is_reserved_vino(vino))
+    return -ESTALE;
+
   std::lock_guard lock(client_lock);
   ldout(cct, 3) << __func__ << vino << dendl;
    
@@ -11062,6 +11076,9 @@ Inode *Client::ll_get_inode(vinodeno_t vino)
   if (unmounting)
     return NULL;
 
+  if (is_reserved_vino(vino))
+    return NULL;
+
   unordered_map<vinodeno_t,Inode*>::iterator p = inode_map.find(vino);
   if (p == inode_map.end())
     return NULL;
diff --git a/src/client/Client.h b/src/client/Client.h
index 91e93e61aa9620efa16d083a64f5c58caa3f65b5..bf3e39f349fe44b0ef24028551cf23f57fe50bf7 100644 (file)
--- a/src/client/Client.h
+++ b/src/client/Client.h
@@ -1012,6 +1012,7 @@ private:
   static const VXattr _common_vxattrs[];
 
 
+  bool is_reserved_vino(vinodeno_t &vino);
 
   void fill_dirent(struct dirent *de, const char *name, int type, uint64_t ino, loff_t next_off);
 
Unnamed repository; edit this file 'description' to name the repository.