xfs: add capability check to free eofblocks ioctl

Check for CAP_SYS_ADMIN since the caller can truncate preallocated blocks from files they do not own nor have write access to. A more fine grained access check was considered: require the caller to specify their own uid/gid and to use inode_permission to check for write, but this would not catch the case of an inode not reachable via path traversal from the callers mount namespace. Add check for read-only filesystem to free eofblocks ioctl. Reviewed-by: N Brian Foster <bfoster@redhat.com> Reviewed-by: N Dave Chinner <dchinner@redhat.com> Reviewed-by: N Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: N Dwight Engen <dwight.engen@oracle.com> Signed-off-by: N Ben Myers <bpm@sgi.com>

xfs: add capability check to free eofblocks ioctl
Check for CAP_SYS_ADMIN since the caller can truncate preallocated blocks from files they do not own nor have write access to. A more fine grained access check was considered: require the caller to specify their own uid/gid and to use inode_permission to check for write, but this would not catch the case of an inode not reachable via path traversal from the callers mount namespace. Add check for read-only filesystem to free eofblocks ioctl. Reviewed-by: N Brian Foster <bfoster@redhat.com> Reviewed-by: N Dave Chinner <dchinner@redhat.com> Reviewed-by: N Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: N Dwight Engen <dwight.engen@oracle.com> Signed-off-by: N Ben Myers <bpm@sgi.com>
8c567a7f · Dwight Engen · Ben Myers · b9fe5052 · 8c567a7f
显示空白变更内容
内联并排

Showing with 6 addition and 0 deletion

fs/xfs/xfs_ioctl.c fs/xfs/xfs_ioctl.c +6 -0

未找到文件。
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -1723,6 +1723,12 @@ xfs_file_ioctl(
 		struct xfs_fs_eofblocks eofb;
 		struct xfs_eofblocks keofb;
+		if (!capable(CAP_SYS_ADMIN))
+			return -EPERM;
+		if (mp->m_flags & XFS_MOUNT_RDONLY)
+			return -XFS_ERROR(EROFS);
 		if (copy_from_user(&eofb, arg, sizeof(eofb)))
 			return -XFS_ERROR(EFAULT);