[PATCH] xfs: also reject BULKSTAT_SINGLE in a mount user namespace

[PATCH] xfs: also reject BULKSTAT_SINGLE in a mount user namespace

[Christoph Hellwig]

BULKSTAT_SINGLE exposed the ondisk uids/gids just like bulkstat, and can
be called on any inode, including ones not visible in the current mount.

Fixes: f736d93d76d3 ("xfs: support idmapped mounts")
Signed-off-by: Christoph Hellwig <hch@lst.de>
---
 fs/xfs/xfs_itable.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/fs/xfs/xfs_itable.c b/fs/xfs/xfs_itable.c
index ca310a125d1e14..3498b97fb06d31 100644
--- a/fs/xfs/xfs_itable.c
+++ b/fs/xfs/xfs_itable.c
@@ -168,6 +168,12 @@ xfs_bulkstat_one(
 	};
 	int			error;
 
+	if (breq->mnt_userns != &init_user_ns) {
+		xfs_warn_ratelimited(breq->mp,
+			"bulkstat not supported inside of idmapped mounts.");
+		return -EINVAL;
+	}
+
 	ASSERT(breq->icount == 1);
 
 	bc.buf = kmem_zalloc(sizeof(struct xfs_bulkstat),
-- 
2.30.1

Re: [PATCH] xfs: also reject BULKSTAT_SINGLE in a mount user namespace

[Darrick J. Wong]

On Fri, Mar 12, 2021 at 07:19:41AM +0100, Christoph Hellwig wrote:
> BULKSTAT_SINGLE exposed the ondisk uids/gids just like bulkstat, and can
> be called on any inode, including ones not visible in the current mount.
> 
> Fixes: f736d93d76d3 ("xfs: support idmapped mounts")
> Signed-off-by: Christoph Hellwig <hch@lst.de>

Looks good to me,
Reviewed-by: Darrick J. Wong <djwong@kernel.org>

--D

> ---
>  fs/xfs/xfs_itable.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/fs/xfs/xfs_itable.c b/fs/xfs/xfs_itable.c
> index ca310a125d1e14..3498b97fb06d31 100644
> --- a/fs/xfs/xfs_itable.c
> +++ b/fs/xfs/xfs_itable.c
> @@ -168,6 +168,12 @@ xfs_bulkstat_one(
>  	};
>  	int			error;
>  
> +	if (breq->mnt_userns != &init_user_ns) {
> +		xfs_warn_ratelimited(breq->mp,
> +			"bulkstat not supported inside of idmapped mounts.");
> +		return -EINVAL;
> +	}
> +
>  	ASSERT(breq->icount == 1);
>  
>  	bc.buf = kmem_zalloc(sizeof(struct xfs_bulkstat),
> -- 
> 2.30.1
>