aboutsummaryrefslogtreecommitdiffstats
path: root/fs/btrfs/ioctl.c
diff options
context:
space:
mode:
authorLi Zefan <lizf@cn.fujitsu.com>2011-02-16 06:06:34 +0000
committerChris Mason <chris.mason@oracle.com>2011-02-16 15:37:58 -0500
commitb4dc2b8c694ead005b828f5fb7fa1134db5b6275 (patch)
treeba01c2bb5381ab9a34c4152ed4dd83c1797f780c /fs/btrfs/ioctl.c
parentc87f08ca44e83b2c8d28f63f9c33f3a270a04bbe (diff)
downloadkernel_samsung_aries-b4dc2b8c694ead005b828f5fb7fa1134db5b6275.zip
kernel_samsung_aries-b4dc2b8c694ead005b828f5fb7fa1134db5b6275.tar.gz
kernel_samsung_aries-b4dc2b8c694ead005b828f5fb7fa1134db5b6275.tar.bz2
Btrfs: Fix BTRFS_IOC_SUBVOL_SETFLAGS ioctl
- Check user-specified flags correctly - Check the inode owership - Search root item in root tree but not fs tree Reported-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: Li Zefan <lizf@cn.fujitsu.com> Signed-off-by: Chris Mason <chris.mason@oracle.com>
Diffstat (limited to 'fs/btrfs/ioctl.c')
-rw-r--r--fs/btrfs/ioctl.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index be2d4f6..5fdb2ab 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -1071,12 +1071,15 @@ static noinline int btrfs_ioctl_subvol_setflags(struct file *file,
if (copy_from_user(&flags, arg, sizeof(flags)))
return -EFAULT;
- if (flags & ~BTRFS_SUBVOL_CREATE_ASYNC)
+ if (flags & BTRFS_SUBVOL_CREATE_ASYNC)
return -EINVAL;
if (flags & ~BTRFS_SUBVOL_RDONLY)
return -EOPNOTSUPP;
+ if (!is_owner_or_cap(inode))
+ return -EACCES;
+
down_write(&root->fs_info->subvol_sem);
/* nothing to do */
@@ -1097,7 +1100,7 @@ static noinline int btrfs_ioctl_subvol_setflags(struct file *file,
goto out_reset;
}
- ret = btrfs_update_root(trans, root,
+ ret = btrfs_update_root(trans, root->fs_info->tree_root,
&root->root_key, &root->root_item);
btrfs_commit_transaction(trans, root);