提交 b4dc2b8c 编写于 作者: L Li Zefan 提交者: Chris Mason

Btrfs: Fix BTRFS_IOC_SUBVOL_SETFLAGS ioctl

- Check user-specified flags correctly
- Check the inode owership
- Search root item in root tree but not fs tree
Reported-by: NDan Rosenberg <drosenberg@vsecurity.com>
Signed-off-by: NLi Zefan <lizf@cn.fujitsu.com>
Signed-off-by: NChris Mason <chris.mason@oracle.com>
上级 c87f08ca
...@@ -1071,12 +1071,15 @@ static noinline int btrfs_ioctl_subvol_setflags(struct file *file, ...@@ -1071,12 +1071,15 @@ static noinline int btrfs_ioctl_subvol_setflags(struct file *file,
if (copy_from_user(&flags, arg, sizeof(flags))) if (copy_from_user(&flags, arg, sizeof(flags)))
return -EFAULT; return -EFAULT;
if (flags & ~BTRFS_SUBVOL_CREATE_ASYNC) if (flags & BTRFS_SUBVOL_CREATE_ASYNC)
return -EINVAL; return -EINVAL;
if (flags & ~BTRFS_SUBVOL_RDONLY) if (flags & ~BTRFS_SUBVOL_RDONLY)
return -EOPNOTSUPP; return -EOPNOTSUPP;
if (!is_owner_or_cap(inode))
return -EACCES;
down_write(&root->fs_info->subvol_sem); down_write(&root->fs_info->subvol_sem);
/* nothing to do */ /* nothing to do */
...@@ -1097,7 +1100,7 @@ static noinline int btrfs_ioctl_subvol_setflags(struct file *file, ...@@ -1097,7 +1100,7 @@ static noinline int btrfs_ioctl_subvol_setflags(struct file *file,
goto out_reset; goto out_reset;
} }
ret = btrfs_update_root(trans, root, ret = btrfs_update_root(trans, root->fs_info->tree_root,
&root->root_key, &root->root_item); &root->root_key, &root->root_item);
btrfs_commit_transaction(trans, root); btrfs_commit_transaction(trans, root);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册