]> www.infradead.org Git - users/hch/uuid.git/commitdiff
btrfs: do not allow non subvolume root targets for snapshot
authorJosef Bacik <josef@toxicpanda.com>
Fri, 15 Dec 2023 15:01:44 +0000 (10:01 -0500)
committerDavid Sterba <dsterba@suse.com>
Fri, 15 Dec 2023 22:46:51 +0000 (23:46 +0100)
Our btrfs subvolume snapshot <source> <destination> utility enforces
that <source> is the root of the subvolume, however this isn't enforced
in the kernel.  Update the kernel to also enforce this limitation to
avoid problems with other users of this ioctl that don't have the
appropriate checks in place.

Reported-by: Martin Michaelis <code@mgjm.de>
CC: stable@vger.kernel.org # 4.14+
Reviewed-by: Neal Gompa <neal@gompa.dev>
Signed-off-by: Josef Bacik <josef@toxicpanda.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
fs/btrfs/ioctl.c

index 2429ae87ad44399d4a04578feeeea0e324a8b291..f70ee61dfb701f17f20287e87ad7a340b7e7bec3 100644 (file)
@@ -1290,6 +1290,15 @@ static noinline int __btrfs_ioctl_snap_create(struct file *file,
                         * are limited to own subvolumes only
                         */
                        ret = -EPERM;
+               } else if (btrfs_ino(BTRFS_I(src_inode)) != BTRFS_FIRST_FREE_OBJECTID) {
+                       /*
+                        * Snapshots must be made with the src_inode referring
+                        * to the subvolume inode, otherwise the permission
+                        * checking above is useless because we may have
+                        * permission on a lower directory but not the subvol
+                        * itself.
+                        */
+                       ret = -EINVAL;
                } else {
                        ret = btrfs_mksnapshot(&file->f_path, idmap,
                                               name, namelen,