Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
tjh.dev
kernel
os
linux
xfs: prevent swapext from operating on write-only files
This patch prevents user "foo" from using the SWAPEXT ioctl to swap
a write-only file owned by user "bar" into a file owned by "foo" and
subsequently reading it. It does so by checking that the file
descriptors passed to the ioctl are also opened for reading.
Signed-off-by: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
authored by
Dan Rosenberg
and committed by
Dave Chinner
1817176a
7e27d6e7
+4
-1
fs/xfs/xfs_dfrag.c
+4
-1
fs/xfs/xfs_dfrag.c
···
69
69
goto out;
70
70
}
71
71
72
-
if (!(file->f_mode & FMODE_WRITE) || (file->f_flags & O_APPEND)) {
72
+
if (!(file->f_mode & FMODE_WRITE) ||
73
+
!(file->f_mode & FMODE_READ) ||
74
+
(file->f_flags & O_APPEND)) {
73
75
error = XFS_ERROR(EBADF);
74
76
goto out_put_file;
75
77
}
···
83
81
}
84
82
85
83
if (!(tmp_file->f_mode & FMODE_WRITE) ||
84
+
!(tmp_file->f_mode & FMODE_READ) ||
86
85
(tmp_file->f_flags & O_APPEND)) {
87
86
error = XFS_ERROR(EBADF);
88
87
goto out_put_tmp_file;