mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/fs/btrfs
History
Jann Horn b93441c312 btrfs: send: ensure send_fd is writable 
commit 0ac1d13a55 upstream.

kernel_write() requires the caller to ensure that the file is writable.
Let's do that directly after looking up the ->send_fd.

We don't need a separate bailout path because the "out" path already
does fput() if ->send_filp is non-NULL.

This has no security impact for two reasons:

 - the ioctl requires CAP_SYS_ADMIN
 - __kernel_write() bails out on read-only files - but only since 5.8,
   see commit a01ac27be4 ("fs: check FMODE_WRITE in __kernel_write")

Reported-and-tested-by: syzbot+12e098239d20385264d3@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=12e098239d20385264d3
Fixes: 31db9f7c23 ("Btrfs: introduce BTRFS_IOC_SEND for btrfs send/receive")
CC: stable@vger.kernel.org # 4.14+
Signed-off-by: Jann Horn <jannh@google.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2023-12-08 08:42:00 +01:00
..
tests btrfs: selftests: fix wrong error check in btrfs_free_dummy_root() 2022-11-25 17:36:47 +01:00
Kconfig btrfs: disable build on platforms having page size 256K 2021-07-20 16:17:32 +02:00
Makefile btrfs: Move leaf and node validation checker to tree-checker.c 2018-12-05 19:41:12 +01:00
acl.c Btrfs: setup a nofs context for memory allocation at __btrfs_set_acl 2019-03-23 14:35:21 +01:00
async-thread.c btrfs: fix memory ordering between normal and ordered work functions 2021-11-26 11:40:40 +01:00
async-thread.h Btrfs: fix crash during unmount due to race with delayed inode workers 2020-04-24 08:00:48 +02:00
backref.c btrfs: fix inode list leak during backref walking at resolve_indirect_refs() 2022-11-10 15:47:21 +01:00
backref.h
btrfs_inode.h Btrfs: fix fsync of files with multiple hard links in new directories 2019-01-09 17:14:50 +01:00
check-integrity.c btrfs: fix possible NULL-pointer dereference in integrity checks 2020-02-28 16:36:05 +01:00
check-integrity.h
compression.c btrfs: mark compressed range uptodate only if all bio succeed 2021-08-08 08:53:29 +02:00
compression.h btrfs: correctly validate compression type 2019-09-19 09:08:03 +02:00
ctree.c btrfs: fix btrfs_prev_leaf() to not return the same key twice 2023-05-17 11:11:49 +02:00
ctree.h Btrfs: fix unexpected failure of nocow buffered writes after snapshotting when low on space 2020-10-14 09:51:11 +02:00
dedupe.h
delayed-inode.c btrfs: fix lockdep splat and potential deadlock after failure running delayed items 2023-09-23 10:47:05 +02:00
delayed-inode.h
delayed-ref.c Btrfs: fix race between adding and putting tree mod seq elements and nodes 2020-02-14 16:32:19 -05:00
delayed-ref.h
dev-replace.c btrfs: Ensure replaced device doesn't have pending chunk allocation 2019-07-10 09:54:41 +02:00
dev-replace.h
dir-item.c
disk-io.c btrfs: reject log replay if there is unsupported RO compat flag 2022-08-25 11:11:29 +02:00
disk-io.h
export.c btrfs: fix type of parameter generation in btrfs_get_dentry 2022-11-10 15:47:22 +01:00
export.h btrfs: fix type of parameter generation in btrfs_get_dentry 2022-11-10 15:47:22 +01:00
extent-tree.c btrfs: output extra debug info if we failed to find an inline backref 2023-09-23 10:47:03 +02:00
extent_io.c btrfs: don't stop integrity writeback too early 2023-08-16 18:10:54 +02:00
extent_io.h btrfs: fix qgroup reserve overflow the qgroup limit 2022-04-20 09:08:30 +02:00
extent_map.c Btrfs: fix race between using extent maps and merging them 2020-02-28 16:35:53 +01:00
extent_map.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
file-item.c btrfs: fix error handling in btrfs_del_csums 2021-06-10 12:43:51 +02:00
file.c btrfs: always wait on ordered extents at fsync time 2021-10-27 09:51:39 +02:00
free-space-cache.c btrfs: clarify error returns values in __load_free_space_cache 2021-03-03 18:22:43 +01:00
free-space-cache.h
free-space-tree.c btrfs: pass fs_info to btrfs_del_root instead of tree_root 2017-08-21 17:49:54 +02:00
free-space-tree.h btrfs: expose internal free space tree routine only if sanity tests are enabled 2017-08-18 16:36:29 +02:00
hash.c
hash.h
inode-item.c
inode-map.c Btrfs: fix inode cache waiters hanging on path allocation failure 2020-01-27 14:46:46 +01:00
inode-map.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
inode.c Revert "btrfs: compression: don't try to compress if we don't have enough pages" 2021-09-22 11:45:16 +02:00
ioctl.c btrfs: use u64 for buffer sizes in the tree search ioctls 2023-11-20 10:27:35 +01:00
locking.c
locking.h
lzo.c
math.h
ordered-data.c Btrfs: fix btrfs_wait_ordered_range() so that it waits for all ordered extents 2020-02-28 16:36:14 +01:00
ordered-data.h
orphan.c
print-tree.c btrfs: print-tree: parent bytenr must be aligned to sector size 2023-05-17 11:11:49 +02:00
print-tree.h
props.c btrfs: correctly validate compression type 2019-09-19 09:08:03 +02:00
props.h
qgroup.c btrfs: fix race when deleting quota root from the dirty cow roots list 2023-08-11 11:33:42 +02:00
qgroup.h btrfs: qgroup: Avoid calling qgroup functions if qgroup is not enabled 2018-11-13 11:15:13 -08:00
raid56.c btrfs: raid56: don't trust any cached sector in __raid56_parity_recover() 2022-08-25 11:11:35 +02:00
raid56.h
rcu-string.h
reada.c btrfs: fix use-after-free on readahead extent after failure to create it 2020-11-05 11:07:00 +01:00
relocation.c btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() 2023-06-14 10:35:26 +02:00
root-tree.c btrfs: Don't panic when we can't find a root key 2019-05-31 06:47:20 -07:00
scrub.c btrfs: don't prematurely free work in scrub_missing_raid56_worker() 2019-12-31 12:37:53 +01:00
send.c btrfs: send: ensure send_fd is writable 2023-12-08 08:42:00 +01:00
send.h
struct-funcs.c
super.c btrfs: properly report 0 avail for very full file systems 2023-10-10 21:43:40 +02:00
sysfs.c btrfs: sysfs: use NOFS for device creation 2020-08-26 10:29:54 +02:00
sysfs.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
transaction.c btrfs: clear defrag status of a root if starting transaction fails 2021-07-20 16:17:28 +02:00
transaction.h
tree-checker.c btrfs: tree-checker: Don't check max block group size as current max chunk size limit is unreliable 2018-12-08 13:03:39 +01:00
tree-checker.h btrfs: tree-checker: Fix false panic for sanity test 2018-12-05 19:41:12 +01:00
tree-defrag.c
tree-log.c btrfs: initialize start_slot in btrfs_log_prealloc_extents 2023-10-25 11:13:32 +02:00
tree-log.h
ulist.c
ulist.h
uuid-tree.c btrfs: handle ENOENT in btrfs_uuid_tree_iterate 2019-12-31 12:36:44 +01:00
volumes.c btrfs: fix off-by-one when checking chunk map includes logical address 2023-12-08 08:42:00 +01:00
volumes.h btrfs: Remove btrfs_bio::flags member 2019-12-17 20:39:16 +01:00
xattr.c btrfs: check if root is readonly while setting security xattr 2022-09-05 10:25:04 +02:00
xattr.h
zlib.c
zstd.c