diff options
author | Etienne Dechamps <[email protected]> | 2011-09-02 09:37:53 +0200 |
---|---|---|
committer | Brian Behlendorf <[email protected]> | 2012-02-09 15:20:37 -0800 |
commit | aec69371a6a2e94534809c5e9ba22e7b0e276937 (patch) | |
tree | bac20a647918ac6f517dae45e4d4fe1352a380e2 | |
parent | 5cb63a57f8d2d1a94e65b4710bfbb221b1a71700 (diff) |
Check permissions in zfs_space().
This isn't done on Solaris because on this OS zfs_space() can
only be called with an opened file handle. Since the addition of
zpl_truncate_range() this isn't the case anymore, so we need to
enforce access rights.
Signed-off-by: Brian Behlendorf <[email protected]>
Issue #334
-rw-r--r-- | module/zfs/zfs_vnops.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/module/zfs/zfs_vnops.c b/module/zfs/zfs_vnops.c index c1391984a..74b96b8d7 100644 --- a/module/zfs/zfs_vnops.c +++ b/module/zfs/zfs_vnops.c @@ -4155,6 +4155,17 @@ zfs_space(struct inode *ip, int cmd, flock64_t *bfp, int flag, return (EINVAL); } + /* + * Permissions aren't checked on Solaris because on this OS + * zfs_space() can only be called with an opened file handle. + * On Linux we can get here through truncate_range() which + * operates directly on inodes, so we need to check access rights. + */ + if ((error = zfs_zaccess(zp, ACE_WRITE_DATA, 0, B_FALSE, cr))) { + ZFS_EXIT(zsb); + return (error); + } + off = bfp->l_start; len = bfp->l_len; /* 0 means from off to end of file */ |