On Mon, Dec 03, 2018 at 07:34:10PM +1100, Dave Chinner wrote:
> From: Dave Chinner <dchinner@xxxxxxxxxx>
>
> Similar to FI_DEDUPERANGE, make copy_file_range() check that we have
> write permissions to the destination inode.
>
> Signed-off-by: Dave Chinner <dchinner@xxxxxxxxxx>
> ---
> mm/filemap.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/mm/filemap.c b/mm/filemap.c
> index 0a170425935b..876df5275514 100644
> --- a/mm/filemap.c
> +++ b/mm/filemap.c
> @@ -3013,6 +3013,11 @@ int generic_copy_file_checks(struct file *file_in, loff_t pos_in,
> (file_out->f_flags & O_APPEND))
> return -EBADF;
>
> + /* may sure we really are allowed to write to the destination inode */
> + ret = inode_permission(inode_out, MAY_WRITE);
> + if (ret < 0)
> + return ret;
> +
> /* Ensure offsets don't wrap. */
> if (pos_in + count < pos_in || pos_out + count < pos_out)
> return -EOVERFLOW;
> --
> 2.19.1
>
Why? The file descriptor was already checked for write permission above:
if (!(file_in->f_mode & FMODE_READ) ||
!(file_out->f_mode & FMODE_WRITE) ||
(file_out->f_flags & O_APPEND))
return -EBADF;
Yes, that doesn't detect removing write permission from the *inode*, but write()
doesn't either.
- Eric
