summaryrefslogtreecommitdiffstats
path: root/module
diff options
context:
space:
mode:
authorEtienne Dechamps <[email protected]>2011-09-02 09:37:53 +0200
committerBrian Behlendorf <[email protected]>2012-02-09 15:20:37 -0800
commitaec69371a6a2e94534809c5e9ba22e7b0e276937 (patch)
treebac20a647918ac6f517dae45e4d4fe1352a380e2 /module
parent5cb63a57f8d2d1a94e65b4710bfbb221b1a71700 (diff)
Check permissions in zfs_space().
This isn't done on Solaris because on this OS zfs_space() can only be called with an opened file handle. Since the addition of zpl_truncate_range() this isn't the case anymore, so we need to enforce access rights. Signed-off-by: Brian Behlendorf <[email protected]> Issue #334
Diffstat (limited to 'module')
-rw-r--r--module/zfs/zfs_vnops.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/module/zfs/zfs_vnops.c b/module/zfs/zfs_vnops.c
index c1391984a..74b96b8d7 100644
--- a/module/zfs/zfs_vnops.c
+++ b/module/zfs/zfs_vnops.c
@@ -4155,6 +4155,17 @@ zfs_space(struct inode *ip, int cmd, flock64_t *bfp, int flag,
return (EINVAL);
}
+ /*
+ * Permissions aren't checked on Solaris because on this OS
+ * zfs_space() can only be called with an opened file handle.
+ * On Linux we can get here through truncate_range() which
+ * operates directly on inodes, so we need to check access rights.
+ */
+ if ((error = zfs_zaccess(zp, ACE_WRITE_DATA, 0, B_FALSE, cr))) {
+ ZFS_EXIT(zsb);
+ return (error);
+ }
+
off = bfp->l_start;
len = bfp->l_len; /* 0 means from off to end of file */