From: Sasha Levin <sashal@kernel.org>
To: kernel-lts@openela.org
Cc: Josef Bacik <josef@toxicpanda.com>,
Martin Michaelis <code@mgjm.de>,
stable@vger.kernel.org, Neal Gompa <neal@gompa.dev>,
David Sterba <dsterba@suse.com>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.14-openela 028/190] btrfs: do not allow non subvolume root targets for snapshot
Date: Mon, 15 Apr 2024 06:49:18 -0400 [thread overview]
Message-ID: <20240415105208.3137874-29-sashal@kernel.org> (raw)
In-Reply-To: <20240415105208.3137874-1-sashal@kernel.org>
From: Josef Bacik <josef@toxicpanda.com>
[ Upstream commit a8892fd71933126ebae3d60aec5918d4dceaae76 ]
Our btrfs subvolume snapshot <source> <destination> utility enforces
that <source> is the root of the subvolume, however this isn't enforced
in the kernel. Update the kernel to also enforce this limitation to
avoid problems with other users of this ioctl that don't have the
appropriate checks in place.
Reported-by: Martin Michaelis <code@mgjm.de>
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Neal Gompa <neal@gompa.dev>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/btrfs/ioctl.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index c8bc8cf5a41f2..61ab4bc3ca1b5 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -1695,6 +1695,15 @@ static noinline int btrfs_ioctl_snap_create_transid(struct file *file,
* are limited to own subvolumes only
*/
ret = -EPERM;
+ } else if (btrfs_ino(BTRFS_I(src_inode)) != BTRFS_FIRST_FREE_OBJECTID) {
+ /*
+ * Snapshots must be made with the src_inode referring
+ * to the subvolume inode, otherwise the permission
+ * checking above is useless because we may have
+ * permission on a lower directory but not the subvol
+ * itself.
+ */
+ ret = -EINVAL;
} else {
ret = btrfs_mksubvol(&file->f_path, name, namelen,
BTRFS_I(src_inode)->root,
--
2.43.0
next prev parent reply other threads:[~2024-04-15 13:38 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20240415105208.3137874-1-sashal@kernel.org>
2024-04-15 10:48 ` [PATCH 4.14-openela 003/190] ALSA: jack: Fix mutex call in snd_jack_report() Sasha Levin
2024-04-15 10:48 ` [PATCH 4.14-openela 004/190] pinctrl: amd: Detect internal GPIO0 debounce handling Sasha Levin
2024-04-15 10:48 ` [PATCH 4.14-openela 005/190] btrfs: fix extent buffer leak after tree mod log failure at split_node() Sasha Levin
2024-04-15 10:48 ` [PATCH 4.14-openela 007/190] IMA: allow/fix UML builds Sasha Levin
2024-04-15 10:48 ` [PATCH 4.14-openela 008/190] iio: addac: stx104: Fix race condition for stx104_write_raw() Sasha Levin
2024-04-15 10:48 ` [PATCH 4.14-openela 009/190] block: fix signed int overflow in Amiga partition support Sasha Levin
2024-04-15 13:58 ` Geert Uytterhoeven
2024-04-15 10:49 ` [PATCH 4.14-openela 012/190] selftests/ftrace: Add new test case which checks non unique symbol Sasha Levin
2024-04-15 10:49 ` [PATCH 4.14-openela 013/190] iio: exynos-adc: request second interupt only when touchscreen mode is used Sasha Levin
2024-04-15 10:49 ` [PATCH 4.14-openela 021/190] MIPS: KVM: Fix a build warning about variable set but not used Sasha Levin
2024-04-15 10:49 ` [PATCH 4.14-openela 022/190] smb3: fix touch -h of symlink Sasha Levin
2024-04-15 10:49 ` [PATCH 4.14-openela 023/190] fbdev: stifb: Make the STI next font pointer a 32-bit signed offset Sasha Levin
2024-04-15 10:49 ` [PATCH 4.14-openela 025/190] arm64: dts: mediatek: mt8173-evb: Fix regulator-fixed node names Sasha Levin
2024-04-15 10:49 ` Sasha Levin [this message]
2024-04-15 10:49 ` [PATCH 4.14-openela 029/190] smb: client: fix OOB in smbCalcSize() Sasha Levin
2024-04-15 10:49 ` [PATCH 4.14-openela 031/190] IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Sasha Levin
2024-04-15 10:49 ` [PATCH 4.14-openela 032/190] pinctrl: amd: Only use special debounce behavior for GPIO 0 Sasha Levin
2024-04-15 10:49 ` [PATCH 4.14-openela 033/190] PCI: qcom: Disable write access to read only registers for IP v2.3.3 Sasha Levin
2024-04-15 10:49 ` [PATCH 4.14-openela 034/190] ASoC: cs42l51: fix driver to properly autoload with automatic module loading Sasha Levin
2024-04-15 10:49 ` [PATCH 4.14-openela 044/190] PCI: keystone: Don't discard .remove() callback Sasha Levin
2024-04-15 10:49 ` [PATCH 4.14-openela 045/190] PCI: keystone: Don't discard .probe() callback Sasha Levin
2024-04-15 10:49 ` [PATCH 4.14-openela 046/190] ksmbd: fix wrong name of SMB2_CREATE_ALLOCATION_SIZE Sasha Levin
2024-04-15 10:49 ` [PATCH 4.14-openela 049/190] usb: musb: fix MUSB_QUIRK_B_DISCONNECT_99 handling Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240415105208.3137874-29-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=code@mgjm.de \
--cc=dsterba@suse.com \
--cc=josef@toxicpanda.com \
--cc=kernel-lts@openela.org \
--cc=neal@gompa.dev \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox