[PATCH 1/3] btrfs: return -EINVAL if some user wants to remove uuid/data_reloc tree

[PATCH 0/3] btrfs: allow BTRFS_IOC_SNAP_DESTROY_V2 to remove ghost subvolume · Qu Wenruo <hidden> · 2021-06-28
[PATCH 1/3] btrfs: return -EINVAL if some user wants to remove uuid/data_reloc tree · Qu Wenruo <hidden> · 2021-06-28
Re: [PATCH 1/3] btrfs: return -EINVAL if some user wants to remove uuid/data_reloc tree · Anand Jain <hidden> · 2021-06-28
[PATCH 2/3] btrfs: remove dead comment on btrfs_add_dead_root() · Qu Wenruo <hidden> · 2021-06-28
Re: [PATCH 2/3] btrfs: remove dead comment on btrfs_add_dead_root() · Anand Jain <hidden> · 2021-06-28
[PATCH 3/3] btrfs: allow BTRFS_IOC_SNAP_DESTROY_V2 to remove ghost subvolume · Qu Wenruo <hidden> · 2021-06-28
Re: [PATCH 3/3] btrfs: allow BTRFS_IOC_SNAP_DESTROY_V2 to remove ghost subvolume · kernel test robot <hidden> · 2021-06-28
Re: [PATCH 3/3] btrfs: allow BTRFS_IOC_SNAP_DESTROY_V2 to remove ghost subvolume · kernel test robot <hidden> · 2021-06-28
[kbuild] Re: [PATCH 3/3] btrfs: allow BTRFS_IOC_SNAP_DESTROY_V2 to remove ghost subvolume · Dan Carpenter <hidden> · 2021-06-29
Re: [PATCH 3/3] btrfs: allow BTRFS_IOC_SNAP_DESTROY_V2 to remove ghost subvolume · David Sterba <hidden> · 2021-06-30
Re: [PATCH 3/3] btrfs: allow BTRFS_IOC_SNAP_DESTROY_V2 to remove ghost subvolume · Qu Wenruo <hidden> · 2021-06-30
Re: [PATCH 3/3] btrfs: allow BTRFS_IOC_SNAP_DESTROY_V2 to remove ghost subvolume · David Sterba <hidden> · 2021-06-30
Re: [PATCH 3/3] btrfs: allow BTRFS_IOC_SNAP_DESTROY_V2 to remove ghost subvolume · Qu Wenruo <hidden> · 2021-06-30
Re: [PATCH 0/3] btrfs: allow BTRFS_IOC_SNAP_DESTROY_V2 to remove ghost subvolume · Zygo Blaxell <hidden> · 2021-07-20
Re: [PATCH 0/3] btrfs: allow BTRFS_IOC_SNAP_DESTROY_V2 to remove ghost subvolume · Qu Wenruo <hidden> · 2021-07-20
Re: [PATCH 0/3] btrfs: allow BTRFS_IOC_SNAP_DESTROY_V2 to remove ghost subvolume · Zygo Blaxell <hidden> · 2021-07-20
Re: [PATCH 0/3] btrfs: allow BTRFS_IOC_SNAP_DESTROY_V2 to remove ghost subvolume · Qu Wenruo <hidden> · 2021-07-20
Re: [PATCH 0/3] btrfs: allow BTRFS_IOC_SNAP_DESTROY_V2 to remove ghost subvolume · Qu Wenruo <hidden> · 2021-08-20

STALE1768d

From: Qu Wenruo <hidden>
Date: 2021-06-28 10:16:49
Subsystem: btrfs file system, filesystems (vfs and infrastructure), the rest · Maintainers: Chris Mason, David Sterba, Alexander Viro, Christian Brauner, Linus Torvalds

Ioctl BTRFS_IOC_SNAP_DESTROY_V2 supports a flag to delete a subvolume
using root id directly.

We check the target root id against BTRFS_FIRST_FREE_OBJECTID, but not
again BTRFS_LAST_FREE_OBJECTID.

This means if user passes rootid like DATA_RELOC (-9) or TREE_RELOC
(-8), we can pass the check, then get caught by later dentry check and
got error number -ENOENT, other than -EINVAL.

It's not a big deal as we have extra safe nets to prevent those
trees get removed, it's still better to do the extra check and return
proper -EINVAL error.

Signed-off-by: Qu Wenruo <redacted>
---
 fs/btrfs/ioctl.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 0ba98e08a029..889e27c24e3a 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c

@@ -2932,7 +2932,8 @@ static noinline int btrfs_ioctl_snap_destroy(struct file *file,
 			if (err)
 				goto out;
 		} else {
-			if (vol_args2->subvolid < BTRFS_FIRST_FREE_OBJECTID) {
+			if (vol_args2->subvolid < BTRFS_FIRST_FREE_OBJECTID ||
+			    vol_args2->subvolid > BTRFS_LAST_FREE_OBJECTID) {
 				err = -EINVAL;
 				goto out;
 			}

-- 
2.32.0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help