On Mon, Jul 29, 2013 at 11:07:05PM -0400, Dwight Engen wrote:
> Check for CAP_SYS_ADMIN since the caller can truncate preallocated
> blocks from files they do not own nor have write access to. A more
> fine grained access check was considered: require the caller to
> specify their own uid/gid and to use inode_permission to check for
> write, but this would not catch the case of an inode not reachable
> via path traversal from the callers mount namespace.
>
> Add check for read-only filesystem to free eofblocks ioctl.
>
> Signed-off-by: Dwight Engen <dwight.engen@xxxxxxxxxx>
> ---
> fs/xfs/xfs_ioctl.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
> index 6e72eff..b1990ac 100644
> --- a/fs/xfs/xfs_ioctl.c
> +++ b/fs/xfs/xfs_ioctl.c
> @@ -1613,6 +1613,12 @@ xfs_file_ioctl(
> struct xfs_fs_eofblocks eofb;
> struct xfs_eofblocks keofb;
>
> + if (!capable(CAP_SYS_ADMIN))
> + return -EPERM;
> +
> + if (IS_RDONLY(inode))
> + return -XFS_ERROR(EROFS);
> +
> if (copy_from_user(&eofb, arg, sizeof(eofb)))
> return -XFS_ERROR(EFAULT);
Looks fine.
Reviewed-by: Dave Chinner <dchinner@xxxxxxxxxx>
--
Dave Chinner
david@xxxxxxxxxxxxx
|