From: Dan Rosenberg <dan.j.rosenberg@gmail.com>
Date: Sat, 15 May 2010 15:27:37 +0000 (-0400)
Subject: Btrfs: check for read permission on src file in the clone ioctl
X-Git-Tag: firefly_0821_release~10186^2~1599
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=cca8198578b62538e5d30efd94fd7b50a062dfb1;p=firefly-linux-kernel-4.4.55.git

Btrfs: check for read permission on src file in the clone ioctl

commit 5dc6416414fb3ec6e2825fd4d20c8bf1d7fe0395 upstream.

The existing code would have allowed you to clone a file that was
only open for writing

Signed-off-by: Chris Mason <chris.mason@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index cdbb054102b9..64f6b2f24232 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -959,12 +959,17 @@ static noinline long btrfs_ioctl_clone(struct file *file, unsigned long srcfd,
 		ret = -EBADF;
 		goto out_drop_write;
 	}
+
 	src = src_file->f_dentry->d_inode;
 
 	ret = -EINVAL;
 	if (src == inode)
 		goto out_fput;
 
+	/* the src must be open for reading */
+	if (!(src_file->f_mode & FMODE_READ))
+		goto out_fput;
+
 	ret = -EISDIR;
 	if (S_ISDIR(src->i_mode) || S_ISDIR(inode->i_mode))
 		goto out_fput;