From aec69371a6a2e94534809c5e9ba22e7b0e276937 Mon Sep 17 00:00:00 2001 From: Etienne Dechamps Date: Fri, 2 Sep 2011 09:37:53 +0200 Subject: [PATCH] Check permissions in zfs_space(). This isn't done on Solaris because on this OS zfs_space() can only be called with an opened file handle. Since the addition of zpl_truncate_range() this isn't the case anymore, so we need to enforce access rights. Signed-off-by: Brian Behlendorf Issue #334 --- module/zfs/zfs_vnops.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/module/zfs/zfs_vnops.c b/module/zfs/zfs_vnops.c index c1391984a8..74b96b8d74 100644 --- a/module/zfs/zfs_vnops.c +++ b/module/zfs/zfs_vnops.c @@ -4155,6 +4155,17 @@ zfs_space(struct inode *ip, int cmd, flock64_t *bfp, int flag, return (EINVAL); } + /* + * Permissions aren't checked on Solaris because on this OS + * zfs_space() can only be called with an opened file handle. + * On Linux we can get here through truncate_range() which + * operates directly on inodes, so we need to check access rights. + */ + if ((error = zfs_zaccess(zp, ACE_WRITE_DATA, 0, B_FALSE, cr))) { + ZFS_EXIT(zsb); + return (error); + } + off = bfp->l_start; len = bfp->l_len; /* 0 means from off to end of file */