1 | // SPDX-License-Identifier: GPL-2.0 |
---|---|
2 | /* |
3 | * linux/fs/ioctl.c |
4 | * |
5 | * Copyright (C) 1991, 1992 Linus Torvalds |
6 | */ |
7 | |
8 | #include <linux/syscalls.h> |
9 | #include <linux/mm.h> |
10 | #include <linux/capability.h> |
11 | #include <linux/compat.h> |
12 | #include <linux/file.h> |
13 | #include <linux/fs.h> |
14 | #include <linux/security.h> |
15 | #include <linux/export.h> |
16 | #include <linux/uaccess.h> |
17 | #include <linux/writeback.h> |
18 | #include <linux/buffer_head.h> |
19 | #include <linux/falloc.h> |
20 | #include <linux/sched/signal.h> |
21 | #include <linux/fiemap.h> |
22 | #include <linux/mount.h> |
23 | #include <linux/fscrypt.h> |
24 | #include <linux/fileattr.h> |
25 | |
26 | #include "internal.h" |
27 | |
28 | #include <asm/ioctls.h> |
29 | |
30 | /* So that the fiemap access checks can't overflow on 32 bit machines. */ |
31 | #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent)) |
32 | |
33 | /** |
34 | * vfs_ioctl - call filesystem specific ioctl methods |
35 | * @filp: open file to invoke ioctl method on |
36 | * @cmd: ioctl command to execute |
37 | * @arg: command-specific argument for ioctl |
38 | * |
39 | * Invokes filesystem specific ->unlocked_ioctl, if one exists; otherwise |
40 | * returns -ENOTTY. |
41 | * |
42 | * Returns 0 on success, -errno on error. |
43 | */ |
44 | int vfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) |
45 | { |
46 | int error = -ENOTTY; |
47 | |
48 | if (!filp->f_op->unlocked_ioctl) |
49 | goto out; |
50 | |
51 | error = filp->f_op->unlocked_ioctl(filp, cmd, arg); |
52 | if (error == -ENOIOCTLCMD) |
53 | error = -ENOTTY; |
54 | out: |
55 | return error; |
56 | } |
57 | EXPORT_SYMBOL(vfs_ioctl); |
58 | |
59 | static int ioctl_fibmap(struct file *filp, int __user *p) |
60 | { |
61 | struct inode *inode = file_inode(f: filp); |
62 | struct super_block *sb = inode->i_sb; |
63 | int error, ur_block; |
64 | sector_t block; |
65 | |
66 | if (!capable(CAP_SYS_RAWIO)) |
67 | return -EPERM; |
68 | |
69 | error = get_user(ur_block, p); |
70 | if (error) |
71 | return error; |
72 | |
73 | if (ur_block < 0) |
74 | return -EINVAL; |
75 | |
76 | block = ur_block; |
77 | error = bmap(inode, block: &block); |
78 | |
79 | if (block > INT_MAX) { |
80 | error = -ERANGE; |
81 | pr_warn_ratelimited("[%s/%d] FS: %s File: %pD4 would truncate fibmap result\n", |
82 | current->comm, task_pid_nr(current), |
83 | sb->s_id, filp); |
84 | } |
85 | |
86 | if (error) |
87 | ur_block = 0; |
88 | else |
89 | ur_block = block; |
90 | |
91 | if (put_user(ur_block, p)) |
92 | error = -EFAULT; |
93 | |
94 | return error; |
95 | } |
96 | |
97 | /** |
98 | * fiemap_fill_next_extent - Fiemap helper function |
99 | * @fieinfo: Fiemap context passed into ->fiemap |
100 | * @logical: Extent logical start offset, in bytes |
101 | * @phys: Extent physical start offset, in bytes |
102 | * @len: Extent length, in bytes |
103 | * @flags: FIEMAP_EXTENT flags that describe this extent |
104 | * |
105 | * Called from file system ->fiemap callback. Will populate extent |
106 | * info as passed in via arguments and copy to user memory. On |
107 | * success, extent count on fieinfo is incremented. |
108 | * |
109 | * Returns 0 on success, -errno on error, 1 if this was the last |
110 | * extent that will fit in user array. |
111 | */ |
112 | int fiemap_fill_next_extent(struct fiemap_extent_info *fieinfo, u64 logical, |
113 | u64 phys, u64 len, u32 flags) |
114 | { |
115 | struct fiemap_extent extent; |
116 | struct fiemap_extent __user *dest = fieinfo->fi_extents_start; |
117 | |
118 | /* only count the extents */ |
119 | if (fieinfo->fi_extents_max == 0) { |
120 | fieinfo->fi_extents_mapped++; |
121 | return (flags & FIEMAP_EXTENT_LAST) ? 1 : 0; |
122 | } |
123 | |
124 | if (fieinfo->fi_extents_mapped >= fieinfo->fi_extents_max) |
125 | return 1; |
126 | |
127 | #define SET_UNKNOWN_FLAGS (FIEMAP_EXTENT_DELALLOC) |
128 | #define SET_NO_UNMOUNTED_IO_FLAGS (FIEMAP_EXTENT_DATA_ENCRYPTED) |
129 | #define SET_NOT_ALIGNED_FLAGS (FIEMAP_EXTENT_DATA_TAIL|FIEMAP_EXTENT_DATA_INLINE) |
130 | |
131 | if (flags & SET_UNKNOWN_FLAGS) |
132 | flags |= FIEMAP_EXTENT_UNKNOWN; |
133 | if (flags & SET_NO_UNMOUNTED_IO_FLAGS) |
134 | flags |= FIEMAP_EXTENT_ENCODED; |
135 | if (flags & SET_NOT_ALIGNED_FLAGS) |
136 | flags |= FIEMAP_EXTENT_NOT_ALIGNED; |
137 | |
138 | memset(&extent, 0, sizeof(extent)); |
139 | extent.fe_logical = logical; |
140 | extent.fe_physical = phys; |
141 | extent.fe_length = len; |
142 | extent.fe_flags = flags; |
143 | |
144 | dest += fieinfo->fi_extents_mapped; |
145 | if (copy_to_user(to: dest, from: &extent, n: sizeof(extent))) |
146 | return -EFAULT; |
147 | |
148 | fieinfo->fi_extents_mapped++; |
149 | if (fieinfo->fi_extents_mapped == fieinfo->fi_extents_max) |
150 | return 1; |
151 | return (flags & FIEMAP_EXTENT_LAST) ? 1 : 0; |
152 | } |
153 | EXPORT_SYMBOL(fiemap_fill_next_extent); |
154 | |
155 | /** |
156 | * fiemap_prep - check validity of requested flags for fiemap |
157 | * @inode: Inode to operate on |
158 | * @fieinfo: Fiemap context passed into ->fiemap |
159 | * @start: Start of the mapped range |
160 | * @len: Length of the mapped range, can be truncated by this function. |
161 | * @supported_flags: Set of fiemap flags that the file system understands |
162 | * |
163 | * This function must be called from each ->fiemap instance to validate the |
164 | * fiemap request against the file system parameters. |
165 | * |
166 | * Returns 0 on success, or a negative error on failure. |
167 | */ |
168 | int fiemap_prep(struct inode *inode, struct fiemap_extent_info *fieinfo, |
169 | u64 start, u64 *len, u32 supported_flags) |
170 | { |
171 | u64 maxbytes = inode->i_sb->s_maxbytes; |
172 | u32 incompat_flags; |
173 | int ret = 0; |
174 | |
175 | if (*len == 0) |
176 | return -EINVAL; |
177 | if (start >= maxbytes) |
178 | return -EFBIG; |
179 | |
180 | /* |
181 | * Shrink request scope to what the fs can actually handle. |
182 | */ |
183 | if (*len > maxbytes || (maxbytes - *len) < start) |
184 | *len = maxbytes - start; |
185 | |
186 | supported_flags |= FIEMAP_FLAG_SYNC; |
187 | supported_flags &= FIEMAP_FLAGS_COMPAT; |
188 | incompat_flags = fieinfo->fi_flags & ~supported_flags; |
189 | if (incompat_flags) { |
190 | fieinfo->fi_flags = incompat_flags; |
191 | return -EBADR; |
192 | } |
193 | |
194 | if (fieinfo->fi_flags & FIEMAP_FLAG_SYNC) |
195 | ret = filemap_write_and_wait(mapping: inode->i_mapping); |
196 | return ret; |
197 | } |
198 | EXPORT_SYMBOL(fiemap_prep); |
199 | |
200 | static int ioctl_fiemap(struct file *filp, struct fiemap __user *ufiemap) |
201 | { |
202 | struct fiemap fiemap; |
203 | struct fiemap_extent_info fieinfo = { 0, }; |
204 | struct inode *inode = file_inode(f: filp); |
205 | int error; |
206 | |
207 | if (!inode->i_op->fiemap) |
208 | return -EOPNOTSUPP; |
209 | |
210 | if (copy_from_user(to: &fiemap, from: ufiemap, n: sizeof(fiemap))) |
211 | return -EFAULT; |
212 | |
213 | if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS) |
214 | return -EINVAL; |
215 | |
216 | fieinfo.fi_flags = fiemap.fm_flags; |
217 | fieinfo.fi_extents_max = fiemap.fm_extent_count; |
218 | fieinfo.fi_extents_start = ufiemap->fm_extents; |
219 | |
220 | error = inode->i_op->fiemap(inode, &fieinfo, fiemap.fm_start, |
221 | fiemap.fm_length); |
222 | |
223 | fiemap.fm_flags = fieinfo.fi_flags; |
224 | fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped; |
225 | if (copy_to_user(to: ufiemap, from: &fiemap, n: sizeof(fiemap))) |
226 | error = -EFAULT; |
227 | |
228 | return error; |
229 | } |
230 | |
231 | static int ioctl_file_clone(struct file *dst_file, unsigned long srcfd, |
232 | u64 off, u64 olen, u64 destoff) |
233 | { |
234 | CLASS(fd, src_file)(fd: srcfd); |
235 | loff_t cloned; |
236 | int ret; |
237 | |
238 | if (fd_empty(f: src_file)) |
239 | return -EBADF; |
240 | cloned = vfs_clone_file_range(fd_file(src_file), pos_in: off, file_out: dst_file, pos_out: destoff, |
241 | len: olen, remap_flags: 0); |
242 | if (cloned < 0) |
243 | ret = cloned; |
244 | else if (olen && cloned != olen) |
245 | ret = -EINVAL; |
246 | else |
247 | ret = 0; |
248 | return ret; |
249 | } |
250 | |
251 | static int ioctl_file_clone_range(struct file *file, |
252 | struct file_clone_range __user *argp) |
253 | { |
254 | struct file_clone_range args; |
255 | |
256 | if (copy_from_user(to: &args, from: argp, n: sizeof(args))) |
257 | return -EFAULT; |
258 | return ioctl_file_clone(dst_file: file, srcfd: args.src_fd, off: args.src_offset, |
259 | olen: args.src_length, destoff: args.dest_offset); |
260 | } |
261 | |
262 | /* |
263 | * This provides compatibility with legacy XFS pre-allocation ioctls |
264 | * which predate the fallocate syscall. |
265 | * |
266 | * Only the l_start, l_len and l_whence fields of the 'struct space_resv' |
267 | * are used here, rest are ignored. |
268 | */ |
269 | static int ioctl_preallocate(struct file *filp, int mode, void __user *argp) |
270 | { |
271 | struct inode *inode = file_inode(f: filp); |
272 | struct space_resv sr; |
273 | |
274 | if (copy_from_user(to: &sr, from: argp, n: sizeof(sr))) |
275 | return -EFAULT; |
276 | |
277 | switch (sr.l_whence) { |
278 | case SEEK_SET: |
279 | break; |
280 | case SEEK_CUR: |
281 | sr.l_start += filp->f_pos; |
282 | break; |
283 | case SEEK_END: |
284 | sr.l_start += i_size_read(inode); |
285 | break; |
286 | default: |
287 | return -EINVAL; |
288 | } |
289 | |
290 | return vfs_fallocate(file: filp, mode: mode | FALLOC_FL_KEEP_SIZE, offset: sr.l_start, |
291 | len: sr.l_len); |
292 | } |
293 | |
294 | /* on ia32 l_start is on a 32-bit boundary */ |
295 | #if defined CONFIG_COMPAT && defined(CONFIG_X86_64) |
296 | /* just account for different alignment */ |
297 | static int compat_ioctl_preallocate(struct file *file, int mode, |
298 | struct space_resv_32 __user *argp) |
299 | { |
300 | struct inode *inode = file_inode(f: file); |
301 | struct space_resv_32 sr; |
302 | |
303 | if (copy_from_user(to: &sr, from: argp, n: sizeof(sr))) |
304 | return -EFAULT; |
305 | |
306 | switch (sr.l_whence) { |
307 | case SEEK_SET: |
308 | break; |
309 | case SEEK_CUR: |
310 | sr.l_start += file->f_pos; |
311 | break; |
312 | case SEEK_END: |
313 | sr.l_start += i_size_read(inode); |
314 | break; |
315 | default: |
316 | return -EINVAL; |
317 | } |
318 | |
319 | return vfs_fallocate(file, mode: mode | FALLOC_FL_KEEP_SIZE, offset: sr.l_start, len: sr.l_len); |
320 | } |
321 | #endif |
322 | |
323 | static int file_ioctl(struct file *filp, unsigned int cmd, int __user *p) |
324 | { |
325 | switch (cmd) { |
326 | case FIBMAP: |
327 | return ioctl_fibmap(filp, p); |
328 | case FS_IOC_RESVSP: |
329 | case FS_IOC_RESVSP64: |
330 | return ioctl_preallocate(filp, mode: 0, argp: p); |
331 | case FS_IOC_UNRESVSP: |
332 | case FS_IOC_UNRESVSP64: |
333 | return ioctl_preallocate(filp, FALLOC_FL_PUNCH_HOLE, argp: p); |
334 | case FS_IOC_ZERO_RANGE: |
335 | return ioctl_preallocate(filp, FALLOC_FL_ZERO_RANGE, argp: p); |
336 | } |
337 | |
338 | return -ENOIOCTLCMD; |
339 | } |
340 | |
341 | static int ioctl_fionbio(struct file *filp, int __user *argp) |
342 | { |
343 | unsigned int flag; |
344 | int on, error; |
345 | |
346 | error = get_user(on, argp); |
347 | if (error) |
348 | return error; |
349 | flag = O_NONBLOCK; |
350 | #ifdef __sparc__ |
351 | /* SunOS compatibility item. */ |
352 | if (O_NONBLOCK != O_NDELAY) |
353 | flag |= O_NDELAY; |
354 | #endif |
355 | spin_lock(lock: &filp->f_lock); |
356 | if (on) |
357 | filp->f_flags |= flag; |
358 | else |
359 | filp->f_flags &= ~flag; |
360 | spin_unlock(lock: &filp->f_lock); |
361 | return error; |
362 | } |
363 | |
364 | static int ioctl_fioasync(unsigned int fd, struct file *filp, |
365 | int __user *argp) |
366 | { |
367 | unsigned int flag; |
368 | int on, error; |
369 | |
370 | error = get_user(on, argp); |
371 | if (error) |
372 | return error; |
373 | flag = on ? FASYNC : 0; |
374 | |
375 | /* Did FASYNC state change ? */ |
376 | if ((flag ^ filp->f_flags) & FASYNC) { |
377 | if (filp->f_op->fasync) |
378 | /* fasync() adjusts filp->f_flags */ |
379 | error = filp->f_op->fasync(fd, filp, on); |
380 | else |
381 | error = -ENOTTY; |
382 | } |
383 | return error < 0 ? error : 0; |
384 | } |
385 | |
386 | static int ioctl_fsfreeze(struct file *filp) |
387 | { |
388 | struct super_block *sb = file_inode(f: filp)->i_sb; |
389 | |
390 | if (!ns_capable(ns: sb->s_user_ns, CAP_SYS_ADMIN)) |
391 | return -EPERM; |
392 | |
393 | /* If filesystem doesn't support freeze feature, return. */ |
394 | if (sb->s_op->freeze_fs == NULL && sb->s_op->freeze_super == NULL) |
395 | return -EOPNOTSUPP; |
396 | |
397 | /* Freeze */ |
398 | if (sb->s_op->freeze_super) |
399 | return sb->s_op->freeze_super(sb, FREEZE_HOLDER_USERSPACE, NULL); |
400 | return freeze_super(super: sb, who: FREEZE_HOLDER_USERSPACE, NULL); |
401 | } |
402 | |
403 | static int ioctl_fsthaw(struct file *filp) |
404 | { |
405 | struct super_block *sb = file_inode(f: filp)->i_sb; |
406 | |
407 | if (!ns_capable(ns: sb->s_user_ns, CAP_SYS_ADMIN)) |
408 | return -EPERM; |
409 | |
410 | /* Thaw */ |
411 | if (sb->s_op->thaw_super) |
412 | return sb->s_op->thaw_super(sb, FREEZE_HOLDER_USERSPACE, NULL); |
413 | return thaw_super(super: sb, who: FREEZE_HOLDER_USERSPACE, NULL); |
414 | } |
415 | |
416 | static int ioctl_file_dedupe_range(struct file *file, |
417 | struct file_dedupe_range __user *argp) |
418 | { |
419 | struct file_dedupe_range *same = NULL; |
420 | int ret; |
421 | unsigned long size; |
422 | u16 count; |
423 | |
424 | if (get_user(count, &argp->dest_count)) { |
425 | ret = -EFAULT; |
426 | goto out; |
427 | } |
428 | |
429 | size = offsetof(struct file_dedupe_range, info[count]); |
430 | if (size > PAGE_SIZE) { |
431 | ret = -ENOMEM; |
432 | goto out; |
433 | } |
434 | |
435 | same = memdup_user(argp, size); |
436 | if (IS_ERR(ptr: same)) { |
437 | ret = PTR_ERR(ptr: same); |
438 | same = NULL; |
439 | goto out; |
440 | } |
441 | |
442 | same->dest_count = count; |
443 | ret = vfs_dedupe_file_range(file, same); |
444 | if (ret) |
445 | goto out; |
446 | |
447 | ret = copy_to_user(to: argp, from: same, n: size); |
448 | if (ret) |
449 | ret = -EFAULT; |
450 | |
451 | out: |
452 | kfree(objp: same); |
453 | return ret; |
454 | } |
455 | |
456 | /** |
457 | * fileattr_fill_xflags - initialize fileattr with xflags |
458 | * @fa: fileattr pointer |
459 | * @xflags: FS_XFLAG_* flags |
460 | * |
461 | * Set ->fsx_xflags, ->fsx_valid and ->flags (translated xflags). All |
462 | * other fields are zeroed. |
463 | */ |
464 | void fileattr_fill_xflags(struct fileattr *fa, u32 xflags) |
465 | { |
466 | memset(fa, 0, sizeof(*fa)); |
467 | fa->fsx_valid = true; |
468 | fa->fsx_xflags = xflags; |
469 | if (fa->fsx_xflags & FS_XFLAG_IMMUTABLE) |
470 | fa->flags |= FS_IMMUTABLE_FL; |
471 | if (fa->fsx_xflags & FS_XFLAG_APPEND) |
472 | fa->flags |= FS_APPEND_FL; |
473 | if (fa->fsx_xflags & FS_XFLAG_SYNC) |
474 | fa->flags |= FS_SYNC_FL; |
475 | if (fa->fsx_xflags & FS_XFLAG_NOATIME) |
476 | fa->flags |= FS_NOATIME_FL; |
477 | if (fa->fsx_xflags & FS_XFLAG_NODUMP) |
478 | fa->flags |= FS_NODUMP_FL; |
479 | if (fa->fsx_xflags & FS_XFLAG_DAX) |
480 | fa->flags |= FS_DAX_FL; |
481 | if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT) |
482 | fa->flags |= FS_PROJINHERIT_FL; |
483 | } |
484 | EXPORT_SYMBOL(fileattr_fill_xflags); |
485 | |
486 | /** |
487 | * fileattr_fill_flags - initialize fileattr with flags |
488 | * @fa: fileattr pointer |
489 | * @flags: FS_*_FL flags |
490 | * |
491 | * Set ->flags, ->flags_valid and ->fsx_xflags (translated flags). |
492 | * All other fields are zeroed. |
493 | */ |
494 | void fileattr_fill_flags(struct fileattr *fa, u32 flags) |
495 | { |
496 | memset(fa, 0, sizeof(*fa)); |
497 | fa->flags_valid = true; |
498 | fa->flags = flags; |
499 | if (fa->flags & FS_SYNC_FL) |
500 | fa->fsx_xflags |= FS_XFLAG_SYNC; |
501 | if (fa->flags & FS_IMMUTABLE_FL) |
502 | fa->fsx_xflags |= FS_XFLAG_IMMUTABLE; |
503 | if (fa->flags & FS_APPEND_FL) |
504 | fa->fsx_xflags |= FS_XFLAG_APPEND; |
505 | if (fa->flags & FS_NODUMP_FL) |
506 | fa->fsx_xflags |= FS_XFLAG_NODUMP; |
507 | if (fa->flags & FS_NOATIME_FL) |
508 | fa->fsx_xflags |= FS_XFLAG_NOATIME; |
509 | if (fa->flags & FS_DAX_FL) |
510 | fa->fsx_xflags |= FS_XFLAG_DAX; |
511 | if (fa->flags & FS_PROJINHERIT_FL) |
512 | fa->fsx_xflags |= FS_XFLAG_PROJINHERIT; |
513 | } |
514 | EXPORT_SYMBOL(fileattr_fill_flags); |
515 | |
516 | /** |
517 | * vfs_fileattr_get - retrieve miscellaneous file attributes |
518 | * @dentry: the object to retrieve from |
519 | * @fa: fileattr pointer |
520 | * |
521 | * Call i_op->fileattr_get() callback, if exists. |
522 | * |
523 | * Return: 0 on success, or a negative error on failure. |
524 | */ |
525 | int vfs_fileattr_get(struct dentry *dentry, struct fileattr *fa) |
526 | { |
527 | struct inode *inode = d_inode(dentry); |
528 | |
529 | if (!inode->i_op->fileattr_get) |
530 | return -ENOIOCTLCMD; |
531 | |
532 | return inode->i_op->fileattr_get(dentry, fa); |
533 | } |
534 | EXPORT_SYMBOL(vfs_fileattr_get); |
535 | |
536 | /** |
537 | * copy_fsxattr_to_user - copy fsxattr to userspace. |
538 | * @fa: fileattr pointer |
539 | * @ufa: fsxattr user pointer |
540 | * |
541 | * Return: 0 on success, or -EFAULT on failure. |
542 | */ |
543 | int copy_fsxattr_to_user(const struct fileattr *fa, struct fsxattr __user *ufa) |
544 | { |
545 | struct fsxattr xfa; |
546 | |
547 | memset(&xfa, 0, sizeof(xfa)); |
548 | xfa.fsx_xflags = fa->fsx_xflags; |
549 | xfa.fsx_extsize = fa->fsx_extsize; |
550 | xfa.fsx_nextents = fa->fsx_nextents; |
551 | xfa.fsx_projid = fa->fsx_projid; |
552 | xfa.fsx_cowextsize = fa->fsx_cowextsize; |
553 | |
554 | if (copy_to_user(to: ufa, from: &xfa, n: sizeof(xfa))) |
555 | return -EFAULT; |
556 | |
557 | return 0; |
558 | } |
559 | EXPORT_SYMBOL(copy_fsxattr_to_user); |
560 | |
561 | static int copy_fsxattr_from_user(struct fileattr *fa, |
562 | struct fsxattr __user *ufa) |
563 | { |
564 | struct fsxattr xfa; |
565 | |
566 | if (copy_from_user(to: &xfa, from: ufa, n: sizeof(xfa))) |
567 | return -EFAULT; |
568 | |
569 | fileattr_fill_xflags(fa, xfa.fsx_xflags); |
570 | fa->fsx_extsize = xfa.fsx_extsize; |
571 | fa->fsx_nextents = xfa.fsx_nextents; |
572 | fa->fsx_projid = xfa.fsx_projid; |
573 | fa->fsx_cowextsize = xfa.fsx_cowextsize; |
574 | |
575 | return 0; |
576 | } |
577 | |
578 | /* |
579 | * Generic function to check FS_IOC_FSSETXATTR/FS_IOC_SETFLAGS values and reject |
580 | * any invalid configurations. |
581 | * |
582 | * Note: must be called with inode lock held. |
583 | */ |
584 | static int fileattr_set_prepare(struct inode *inode, |
585 | const struct fileattr *old_ma, |
586 | struct fileattr *fa) |
587 | { |
588 | int err; |
589 | |
590 | /* |
591 | * The IMMUTABLE and APPEND_ONLY flags can only be changed by |
592 | * the relevant capability. |
593 | */ |
594 | if ((fa->flags ^ old_ma->flags) & (FS_APPEND_FL | FS_IMMUTABLE_FL) && |
595 | !capable(CAP_LINUX_IMMUTABLE)) |
596 | return -EPERM; |
597 | |
598 | err = fscrypt_prepare_setflags(inode, oldflags: old_ma->flags, flags: fa->flags); |
599 | if (err) |
600 | return err; |
601 | |
602 | /* |
603 | * Project Quota ID state is only allowed to change from within the init |
604 | * namespace. Enforce that restriction only if we are trying to change |
605 | * the quota ID state. Everything else is allowed in user namespaces. |
606 | */ |
607 | if (current_user_ns() != &init_user_ns) { |
608 | if (old_ma->fsx_projid != fa->fsx_projid) |
609 | return -EINVAL; |
610 | if ((old_ma->fsx_xflags ^ fa->fsx_xflags) & |
611 | FS_XFLAG_PROJINHERIT) |
612 | return -EINVAL; |
613 | } else { |
614 | /* |
615 | * Caller is allowed to change the project ID. If it is being |
616 | * changed, make sure that the new value is valid. |
617 | */ |
618 | if (old_ma->fsx_projid != fa->fsx_projid && |
619 | !projid_valid(projid: make_kprojid(from: &init_user_ns, projid: fa->fsx_projid))) |
620 | return -EINVAL; |
621 | } |
622 | |
623 | /* Check extent size hints. */ |
624 | if ((fa->fsx_xflags & FS_XFLAG_EXTSIZE) && !S_ISREG(inode->i_mode)) |
625 | return -EINVAL; |
626 | |
627 | if ((fa->fsx_xflags & FS_XFLAG_EXTSZINHERIT) && |
628 | !S_ISDIR(inode->i_mode)) |
629 | return -EINVAL; |
630 | |
631 | if ((fa->fsx_xflags & FS_XFLAG_COWEXTSIZE) && |
632 | !S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) |
633 | return -EINVAL; |
634 | |
635 | /* |
636 | * It is only valid to set the DAX flag on regular files and |
637 | * directories on filesystems. |
638 | */ |
639 | if ((fa->fsx_xflags & FS_XFLAG_DAX) && |
640 | !(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode))) |
641 | return -EINVAL; |
642 | |
643 | /* Extent size hints of zero turn off the flags. */ |
644 | if (fa->fsx_extsize == 0) |
645 | fa->fsx_xflags &= ~(FS_XFLAG_EXTSIZE | FS_XFLAG_EXTSZINHERIT); |
646 | if (fa->fsx_cowextsize == 0) |
647 | fa->fsx_xflags &= ~FS_XFLAG_COWEXTSIZE; |
648 | |
649 | return 0; |
650 | } |
651 | |
652 | /** |
653 | * vfs_fileattr_set - change miscellaneous file attributes |
654 | * @idmap: idmap of the mount |
655 | * @dentry: the object to change |
656 | * @fa: fileattr pointer |
657 | * |
658 | * After verifying permissions, call i_op->fileattr_set() callback, if |
659 | * exists. |
660 | * |
661 | * Verifying attributes involves retrieving current attributes with |
662 | * i_op->fileattr_get(), this also allows initializing attributes that have |
663 | * not been set by the caller to current values. Inode lock is held |
664 | * thoughout to prevent racing with another instance. |
665 | * |
666 | * Return: 0 on success, or a negative error on failure. |
667 | */ |
668 | int vfs_fileattr_set(struct mnt_idmap *idmap, struct dentry *dentry, |
669 | struct fileattr *fa) |
670 | { |
671 | struct inode *inode = d_inode(dentry); |
672 | struct fileattr old_ma = {}; |
673 | int err; |
674 | |
675 | if (!inode->i_op->fileattr_set) |
676 | return -ENOIOCTLCMD; |
677 | |
678 | if (!inode_owner_or_capable(idmap, inode)) |
679 | return -EPERM; |
680 | |
681 | inode_lock(inode); |
682 | err = vfs_fileattr_get(dentry, &old_ma); |
683 | if (!err) { |
684 | /* initialize missing bits from old_ma */ |
685 | if (fa->flags_valid) { |
686 | fa->fsx_xflags |= old_ma.fsx_xflags & ~FS_XFLAG_COMMON; |
687 | fa->fsx_extsize = old_ma.fsx_extsize; |
688 | fa->fsx_nextents = old_ma.fsx_nextents; |
689 | fa->fsx_projid = old_ma.fsx_projid; |
690 | fa->fsx_cowextsize = old_ma.fsx_cowextsize; |
691 | } else { |
692 | fa->flags |= old_ma.flags & ~FS_COMMON_FL; |
693 | } |
694 | err = fileattr_set_prepare(inode, old_ma: &old_ma, fa); |
695 | if (!err) |
696 | err = inode->i_op->fileattr_set(idmap, dentry, fa); |
697 | } |
698 | inode_unlock(inode); |
699 | |
700 | return err; |
701 | } |
702 | EXPORT_SYMBOL(vfs_fileattr_set); |
703 | |
704 | static int ioctl_getflags(struct file *file, unsigned int __user *argp) |
705 | { |
706 | struct fileattr fa = { .flags_valid = true }; /* hint only */ |
707 | int err; |
708 | |
709 | err = vfs_fileattr_get(file->f_path.dentry, &fa); |
710 | if (!err) |
711 | err = put_user(fa.flags, argp); |
712 | return err; |
713 | } |
714 | |
715 | static int ioctl_setflags(struct file *file, unsigned int __user *argp) |
716 | { |
717 | struct mnt_idmap *idmap = file_mnt_idmap(file); |
718 | struct dentry *dentry = file->f_path.dentry; |
719 | struct fileattr fa; |
720 | unsigned int flags; |
721 | int err; |
722 | |
723 | err = get_user(flags, argp); |
724 | if (!err) { |
725 | err = mnt_want_write_file(file); |
726 | if (!err) { |
727 | fileattr_fill_flags(&fa, flags); |
728 | err = vfs_fileattr_set(idmap, dentry, &fa); |
729 | mnt_drop_write_file(file); |
730 | } |
731 | } |
732 | return err; |
733 | } |
734 | |
735 | static int ioctl_fsgetxattr(struct file *file, void __user *argp) |
736 | { |
737 | struct fileattr fa = { .fsx_valid = true }; /* hint only */ |
738 | int err; |
739 | |
740 | err = vfs_fileattr_get(file->f_path.dentry, &fa); |
741 | if (!err) |
742 | err = copy_fsxattr_to_user(&fa, argp); |
743 | |
744 | return err; |
745 | } |
746 | |
747 | static int ioctl_fssetxattr(struct file *file, void __user *argp) |
748 | { |
749 | struct mnt_idmap *idmap = file_mnt_idmap(file); |
750 | struct dentry *dentry = file->f_path.dentry; |
751 | struct fileattr fa; |
752 | int err; |
753 | |
754 | err = copy_fsxattr_from_user(fa: &fa, ufa: argp); |
755 | if (!err) { |
756 | err = mnt_want_write_file(file); |
757 | if (!err) { |
758 | err = vfs_fileattr_set(idmap, dentry, &fa); |
759 | mnt_drop_write_file(file); |
760 | } |
761 | } |
762 | return err; |
763 | } |
764 | |
765 | static int ioctl_getfsuuid(struct file *file, void __user *argp) |
766 | { |
767 | struct super_block *sb = file_inode(f: file)->i_sb; |
768 | struct fsuuid2 u = { .len = sb->s_uuid_len, }; |
769 | |
770 | if (!sb->s_uuid_len) |
771 | return -ENOTTY; |
772 | |
773 | memcpy(&u.uuid[0], &sb->s_uuid, sb->s_uuid_len); |
774 | |
775 | return copy_to_user(to: argp, from: &u, n: sizeof(u)) ? -EFAULT : 0; |
776 | } |
777 | |
778 | static int ioctl_get_fs_sysfs_path(struct file *file, void __user *argp) |
779 | { |
780 | struct super_block *sb = file_inode(f: file)->i_sb; |
781 | |
782 | if (!strlen(sb->s_sysfs_name)) |
783 | return -ENOTTY; |
784 | |
785 | struct fs_sysfs_path u = {}; |
786 | |
787 | u.len = scnprintf(buf: u.name, size: sizeof(u.name), fmt: "%s/%s", sb->s_type->name, sb->s_sysfs_name); |
788 | |
789 | return copy_to_user(to: argp, from: &u, n: sizeof(u)) ? -EFAULT : 0; |
790 | } |
791 | |
792 | /* |
793 | * do_vfs_ioctl() is not for drivers and not intended to be EXPORT_SYMBOL()'d. |
794 | * It's just a simple helper for sys_ioctl and compat_sys_ioctl. |
795 | * |
796 | * When you add any new common ioctls to the switches above and below, |
797 | * please ensure they have compatible arguments in compat mode. |
798 | * |
799 | * The LSM mailing list should also be notified of any command additions or |
800 | * changes, as specific LSMs may be affected. |
801 | */ |
802 | static int do_vfs_ioctl(struct file *filp, unsigned int fd, |
803 | unsigned int cmd, unsigned long arg) |
804 | { |
805 | void __user *argp = (void __user *)arg; |
806 | struct inode *inode = file_inode(f: filp); |
807 | |
808 | switch (cmd) { |
809 | case FIOCLEX: |
810 | set_close_on_exec(fd, flag: 1); |
811 | return 0; |
812 | |
813 | case FIONCLEX: |
814 | set_close_on_exec(fd, flag: 0); |
815 | return 0; |
816 | |
817 | case FIONBIO: |
818 | return ioctl_fionbio(filp, argp); |
819 | |
820 | case FIOASYNC: |
821 | return ioctl_fioasync(fd, filp, argp); |
822 | |
823 | case FIOQSIZE: |
824 | if (S_ISDIR(inode->i_mode) || |
825 | (S_ISREG(inode->i_mode) && !IS_ANON_FILE(inode)) || |
826 | S_ISLNK(inode->i_mode)) { |
827 | loff_t res = inode_get_bytes(inode); |
828 | return copy_to_user(to: argp, from: &res, n: sizeof(res)) ? |
829 | -EFAULT : 0; |
830 | } |
831 | |
832 | return -ENOTTY; |
833 | |
834 | case FIFREEZE: |
835 | return ioctl_fsfreeze(filp); |
836 | |
837 | case FITHAW: |
838 | return ioctl_fsthaw(filp); |
839 | |
840 | case FS_IOC_FIEMAP: |
841 | return ioctl_fiemap(filp, ufiemap: argp); |
842 | |
843 | case FIGETBSZ: |
844 | /* anon_bdev filesystems may not have a block size */ |
845 | if (!inode->i_sb->s_blocksize) |
846 | return -EINVAL; |
847 | |
848 | return put_user(inode->i_sb->s_blocksize, (int __user *)argp); |
849 | |
850 | case FICLONE: |
851 | return ioctl_file_clone(dst_file: filp, srcfd: arg, off: 0, olen: 0, destoff: 0); |
852 | |
853 | case FICLONERANGE: |
854 | return ioctl_file_clone_range(file: filp, argp); |
855 | |
856 | case FIDEDUPERANGE: |
857 | return ioctl_file_dedupe_range(file: filp, argp); |
858 | |
859 | case FIONREAD: |
860 | if (!S_ISREG(inode->i_mode) || IS_ANON_FILE(inode)) |
861 | return vfs_ioctl(filp, cmd, arg); |
862 | |
863 | return put_user(i_size_read(inode) - filp->f_pos, |
864 | (int __user *)argp); |
865 | |
866 | case FS_IOC_GETFLAGS: |
867 | return ioctl_getflags(file: filp, argp); |
868 | |
869 | case FS_IOC_SETFLAGS: |
870 | return ioctl_setflags(file: filp, argp); |
871 | |
872 | case FS_IOC_FSGETXATTR: |
873 | return ioctl_fsgetxattr(file: filp, argp); |
874 | |
875 | case FS_IOC_FSSETXATTR: |
876 | return ioctl_fssetxattr(file: filp, argp); |
877 | |
878 | case FS_IOC_GETFSUUID: |
879 | return ioctl_getfsuuid(file: filp, argp); |
880 | |
881 | case FS_IOC_GETFSSYSFSPATH: |
882 | return ioctl_get_fs_sysfs_path(file: filp, argp); |
883 | |
884 | default: |
885 | if (S_ISREG(inode->i_mode) && !IS_ANON_FILE(inode)) |
886 | return file_ioctl(filp, cmd, p: argp); |
887 | break; |
888 | } |
889 | |
890 | return -ENOIOCTLCMD; |
891 | } |
892 | |
893 | SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd, unsigned long, arg) |
894 | { |
895 | CLASS(fd, f)(fd); |
896 | int error; |
897 | |
898 | if (fd_empty(f)) |
899 | return -EBADF; |
900 | |
901 | error = security_file_ioctl(fd_file(f), cmd, arg); |
902 | if (error) |
903 | return error; |
904 | |
905 | error = do_vfs_ioctl(fd_file(f), fd, cmd, arg); |
906 | if (error == -ENOIOCTLCMD) |
907 | error = vfs_ioctl(fd_file(f), cmd, arg); |
908 | |
909 | return error; |
910 | } |
911 | |
912 | #ifdef CONFIG_COMPAT |
913 | /** |
914 | * compat_ptr_ioctl - generic implementation of .compat_ioctl file operation |
915 | * @file: The file to operate on. |
916 | * @cmd: The ioctl command number. |
917 | * @arg: The argument to the ioctl. |
918 | * |
919 | * This is not normally called as a function, but instead set in struct |
920 | * file_operations as |
921 | * |
922 | * .compat_ioctl = compat_ptr_ioctl, |
923 | * |
924 | * On most architectures, the compat_ptr_ioctl() just passes all arguments |
925 | * to the corresponding ->ioctl handler. The exception is arch/s390, where |
926 | * compat_ptr() clears the top bit of a 32-bit pointer value, so user space |
927 | * pointers to the second 2GB alias the first 2GB, as is the case for |
928 | * native 32-bit s390 user space. |
929 | * |
930 | * The compat_ptr_ioctl() function must therefore be used only with ioctl |
931 | * functions that either ignore the argument or pass a pointer to a |
932 | * compatible data type. |
933 | * |
934 | * If any ioctl command handled by fops->unlocked_ioctl passes a plain |
935 | * integer instead of a pointer, or any of the passed data types |
936 | * is incompatible between 32-bit and 64-bit architectures, a proper |
937 | * handler is required instead of compat_ptr_ioctl. |
938 | */ |
939 | long compat_ptr_ioctl(struct file *file, unsigned int cmd, unsigned long arg) |
940 | { |
941 | if (!file->f_op->unlocked_ioctl) |
942 | return -ENOIOCTLCMD; |
943 | |
944 | return file->f_op->unlocked_ioctl(file, cmd, (unsigned long)compat_ptr(uptr: arg)); |
945 | } |
946 | EXPORT_SYMBOL(compat_ptr_ioctl); |
947 | |
948 | COMPAT_SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd, |
949 | compat_ulong_t, arg) |
950 | { |
951 | CLASS(fd, f)(fd); |
952 | int error; |
953 | |
954 | if (fd_empty(f)) |
955 | return -EBADF; |
956 | |
957 | error = security_file_ioctl_compat(fd_file(f), cmd, arg); |
958 | if (error) |
959 | return error; |
960 | |
961 | switch (cmd) { |
962 | /* FICLONE takes an int argument, so don't use compat_ptr() */ |
963 | case FICLONE: |
964 | error = ioctl_file_clone(fd_file(f), srcfd: arg, off: 0, olen: 0, destoff: 0); |
965 | break; |
966 | |
967 | #if defined(CONFIG_X86_64) |
968 | /* these get messy on amd64 due to alignment differences */ |
969 | case FS_IOC_RESVSP_32: |
970 | case FS_IOC_RESVSP64_32: |
971 | error = compat_ioctl_preallocate(fd_file(f), mode: 0, argp: compat_ptr(uptr: arg)); |
972 | break; |
973 | case FS_IOC_UNRESVSP_32: |
974 | case FS_IOC_UNRESVSP64_32: |
975 | error = compat_ioctl_preallocate(fd_file(f), FALLOC_FL_PUNCH_HOLE, |
976 | argp: compat_ptr(uptr: arg)); |
977 | break; |
978 | case FS_IOC_ZERO_RANGE_32: |
979 | error = compat_ioctl_preallocate(fd_file(f), FALLOC_FL_ZERO_RANGE, |
980 | argp: compat_ptr(uptr: arg)); |
981 | break; |
982 | #endif |
983 | |
984 | /* |
985 | * These access 32-bit values anyway so no further handling is |
986 | * necessary. |
987 | */ |
988 | case FS_IOC32_GETFLAGS: |
989 | case FS_IOC32_SETFLAGS: |
990 | cmd = (cmd == FS_IOC32_GETFLAGS) ? |
991 | FS_IOC_GETFLAGS : FS_IOC_SETFLAGS; |
992 | fallthrough; |
993 | /* |
994 | * everything else in do_vfs_ioctl() takes either a compatible |
995 | * pointer argument or no argument -- call it with a modified |
996 | * argument. |
997 | */ |
998 | default: |
999 | error = do_vfs_ioctl(fd_file(f), fd, cmd, |
1000 | arg: (unsigned long)compat_ptr(uptr: arg)); |
1001 | if (error != -ENOIOCTLCMD) |
1002 | break; |
1003 | |
1004 | if (fd_file(f)->f_op->compat_ioctl) |
1005 | error = fd_file(f)->f_op->compat_ioctl(fd_file(f), cmd, arg); |
1006 | if (error == -ENOIOCTLCMD) |
1007 | error = -ENOTTY; |
1008 | break; |
1009 | } |
1010 | return error; |
1011 | } |
1012 | #endif |
1013 |
Definitions
- vfs_ioctl
- ioctl_fibmap
- fiemap_fill_next_extent
- fiemap_prep
- ioctl_fiemap
- ioctl_file_clone
- ioctl_file_clone_range
- ioctl_preallocate
- compat_ioctl_preallocate
- file_ioctl
- ioctl_fionbio
- ioctl_fioasync
- ioctl_fsfreeze
- ioctl_fsthaw
- ioctl_file_dedupe_range
- fileattr_fill_xflags
- fileattr_fill_flags
- vfs_fileattr_get
- copy_fsxattr_to_user
- copy_fsxattr_from_user
- fileattr_set_prepare
- vfs_fileattr_set
- ioctl_getflags
- ioctl_setflags
- ioctl_fsgetxattr
- ioctl_fssetxattr
- ioctl_getfsuuid
- ioctl_get_fs_sysfs_path
- do_vfs_ioctl
Improve your Profiling and Debugging skills
Find out more