On 2024/10/11 19:12, Tetsuo Handa wrote: > On 2024/10/11 0:26, Mickaël Salaün wrote: >> When a filesystem manages its own inode numbers, like NFS's fileid shown >> to user space with getattr(), other part of the kernel may still expose >> the private inode->ino through kernel logs and audit. > > I can't catch what you are trying to do. What is wrong with that? > >> Another issue is on 32-bit architectures, on which ino_t is 32 bits, >> whereas the user space's view of an inode number can still be 64 bits. > > Currently, ino_t is 32bits on 32-bit architectures, isn't it? > Why do you need to use 64bits on 32-bit architectures? Changing from 32bits to 64bits for communicating with userspace programs breaks userspace programs using "ino_t" (or "unsigned long") for handling inode numbers, doesn't it? Attempt to change from %lu to %llu will not be acceptable unless the upper 32bits are guaranteed to be 0 on 32-bit architectures. Since syslogd/auditd are not the only programs that parse kernel logs and audit logs, updating only syslogd/auditd is not sufficient. We must not break existing userspace programs, and thus we can't change the format string. > >> Add a new inode_get_ino() helper calling the new struct >> inode_operations' get_ino() when set, to get the user space's view of an >> inode number. inode_get_ino() is called by generic_fillattr(). > > What does the user space's view of an inode number mean? > What does the kernel space's view of an inode number mean? >
