mirror of
https://github.com/torvalds/linux.git
synced 2026-06-01 02:53:36 +02:00
87f2c46003
If the set received ioctl fails due to an item overflow when attempting to
add the BTRFS_UUID_KEY_RECEIVED_SUBVOL we have to abort the transaction
since we did some metadata updates before.
This means that if a user calls this ioctl with the same received UUID
field for a lot of subvolumes, we will hit the overflow, trigger the
transaction abort and turn the filesystem into RO mode. A malicious user
could exploit this, and this ioctl does not even requires that a user
has admin privileges (CAP_SYS_ADMIN), only that he/she owns the subvolume.
Fix this by doing an early check for item overflow before starting a
transaction. This is also race safe because we are holding the subvol_sem
semaphore in exclusive (write) mode.
A test case for fstests will follow soon.
Fixes: dd5f9615fc ("Btrfs: maintain subvolume items in the UUID tree")
CC: stable@vger.kernel.org # 3.12+
Reviewed-by: Anand Jain <asj@kernel.org>
Signed-off-by: Filipe Manana <fdmanana@suse.com>
Reviewed-by: David Sterba <dsterba@suse.com>
Signed-off-by: David Sterba <dsterba@suse.com>
22 lines
635 B
C
22 lines
635 B
C
/* SPDX-License-Identifier: GPL-2.0 */
|
|
|
|
#ifndef BTRFS_UUID_TREE_H
|
|
#define BTRFS_UUID_TREE_H
|
|
|
|
#include <linux/types.h>
|
|
|
|
struct btrfs_trans_handle;
|
|
struct btrfs_fs_info;
|
|
|
|
int btrfs_uuid_tree_add(struct btrfs_trans_handle *trans, const u8 *uuid, u8 type,
|
|
u64 subid);
|
|
int btrfs_uuid_tree_remove(struct btrfs_trans_handle *trans, const u8 *uuid, u8 type,
|
|
u64 subid);
|
|
int btrfs_uuid_tree_check_overflow(struct btrfs_fs_info *fs_info,
|
|
const u8 *uuid, u8 type);
|
|
int btrfs_uuid_tree_iterate(struct btrfs_fs_info *fs_info);
|
|
int btrfs_create_uuid_tree(struct btrfs_fs_info *fs_info);
|
|
int btrfs_uuid_scan_kthread(void *data);
|
|
|
|
#endif
|