forked from Minki/linux
Btrfs: Fix BTRFS_IOC_SUBVOL_SETFLAGS ioctl
- Check user-specified flags correctly - Check the inode owership - Search root item in root tree but not fs tree Reported-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Signed-off-by: Chris Mason <chris.mason@oracle.com>
This commit is contained in:
parent
c87f08ca44
commit
b4dc2b8c69
|
@ -1071,12 +1071,15 @@ static noinline int btrfs_ioctl_subvol_setflags(struct file *file,
|
||||||
if (copy_from_user(&flags, arg, sizeof(flags)))
|
if (copy_from_user(&flags, arg, sizeof(flags)))
|
||||||
return -EFAULT;
|
return -EFAULT;
|
||||||
|
|
||||||
if (flags & ~BTRFS_SUBVOL_CREATE_ASYNC)
|
if (flags & BTRFS_SUBVOL_CREATE_ASYNC)
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
|
|
||||||
if (flags & ~BTRFS_SUBVOL_RDONLY)
|
if (flags & ~BTRFS_SUBVOL_RDONLY)
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
|
if (!is_owner_or_cap(inode))
|
||||||
|
return -EACCES;
|
||||||
|
|
||||||
down_write(&root->fs_info->subvol_sem);
|
down_write(&root->fs_info->subvol_sem);
|
||||||
|
|
||||||
/* nothing to do */
|
/* nothing to do */
|
||||||
|
@ -1097,7 +1100,7 @@ static noinline int btrfs_ioctl_subvol_setflags(struct file *file,
|
||||||
goto out_reset;
|
goto out_reset;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = btrfs_update_root(trans, root,
|
ret = btrfs_update_root(trans, root->fs_info->tree_root,
|
||||||
&root->root_key, &root->root_item);
|
&root->root_key, &root->root_item);
|
||||||
|
|
||||||
btrfs_commit_transaction(trans, root);
|
btrfs_commit_transaction(trans, root);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user