Cache xattr security drop check for write v2
[linux-2.6/x86.git] / fs / ext4 / ioctl.c
blob808c554e773fdc2658c4708f1697edabab665acc
1 /*
2 * linux/fs/ext4/ioctl.c
4 * Copyright (C) 1993, 1994, 1995
5 * Remy Card (card@masi.ibp.fr)
6 * Laboratoire MASI - Institut Blaise Pascal
7 * Universite Pierre et Marie Curie (Paris VI)
8 */
10 #include <linux/fs.h>
11 #include <linux/jbd2.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <asm/uaccess.h>
18 #include "ext4_jbd2.h"
19 #include "ext4.h"
21 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
23 struct inode *inode = filp->f_dentry->d_inode;
24 struct ext4_inode_info *ei = EXT4_I(inode);
25 unsigned int flags;
27 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
29 switch (cmd) {
30 case EXT4_IOC_GETFLAGS:
31 ext4_get_inode_flags(ei);
32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
33 return put_user(flags, (int __user *) arg);
34 case EXT4_IOC_SETFLAGS: {
35 handle_t *handle = NULL;
36 int err, migrate = 0;
37 struct ext4_iloc iloc;
38 unsigned int oldflags;
39 unsigned int jflag;
41 if (!inode_owner_or_capable(inode))
42 return -EACCES;
44 if (get_user(flags, (int __user *) arg))
45 return -EFAULT;
47 err = mnt_want_write(filp->f_path.mnt);
48 if (err)
49 return err;
51 flags = ext4_mask_flags(inode->i_mode, flags);
53 err = -EPERM;
54 mutex_lock(&inode->i_mutex);
55 /* Is it quota file? Do not allow user to mess with it */
56 if (IS_NOQUOTA(inode))
57 goto flags_out;
59 oldflags = ei->i_flags;
61 /* The JOURNAL_DATA flag is modifiable only by root */
62 jflag = flags & EXT4_JOURNAL_DATA_FL;
65 * The IMMUTABLE and APPEND_ONLY flags can only be changed by
66 * the relevant capability.
68 * This test looks nicer. Thanks to Pauline Middelink
70 if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
71 if (!capable(CAP_LINUX_IMMUTABLE))
72 goto flags_out;
76 * The JOURNAL_DATA flag can only be changed by
77 * the relevant capability.
79 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
80 if (!capable(CAP_SYS_RESOURCE))
81 goto flags_out;
83 if (oldflags & EXT4_EXTENTS_FL) {
84 /* We don't support clearning extent flags */
85 if (!(flags & EXT4_EXTENTS_FL)) {
86 err = -EOPNOTSUPP;
87 goto flags_out;
89 } else if (flags & EXT4_EXTENTS_FL) {
90 /* migrate the file */
91 migrate = 1;
92 flags &= ~EXT4_EXTENTS_FL;
95 if (flags & EXT4_EOFBLOCKS_FL) {
96 /* we don't support adding EOFBLOCKS flag */
97 if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
98 err = -EOPNOTSUPP;
99 goto flags_out;
101 } else if (oldflags & EXT4_EOFBLOCKS_FL)
102 ext4_truncate(inode);
104 handle = ext4_journal_start(inode, 1);
105 if (IS_ERR(handle)) {
106 err = PTR_ERR(handle);
107 goto flags_out;
109 if (IS_SYNC(inode))
110 ext4_handle_sync(handle);
111 err = ext4_reserve_inode_write(handle, inode, &iloc);
112 if (err)
113 goto flags_err;
115 flags = flags & EXT4_FL_USER_MODIFIABLE;
116 flags |= oldflags & ~EXT4_FL_USER_MODIFIABLE;
117 ei->i_flags = flags;
119 ext4_set_inode_flags(inode);
120 inode->i_ctime = ext4_current_time(inode);
122 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
123 flags_err:
124 ext4_journal_stop(handle);
125 if (err)
126 goto flags_out;
128 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL))
129 err = ext4_change_inode_journal_flag(inode, jflag);
130 if (err)
131 goto flags_out;
132 if (migrate)
133 err = ext4_ext_migrate(inode);
134 flags_out:
135 mutex_unlock(&inode->i_mutex);
136 mnt_drop_write(filp->f_path.mnt);
137 return err;
139 case EXT4_IOC_GETVERSION:
140 case EXT4_IOC_GETVERSION_OLD:
141 return put_user(inode->i_generation, (int __user *) arg);
142 case EXT4_IOC_SETVERSION:
143 case EXT4_IOC_SETVERSION_OLD: {
144 handle_t *handle;
145 struct ext4_iloc iloc;
146 __u32 generation;
147 int err;
149 if (!inode_owner_or_capable(inode))
150 return -EPERM;
152 err = mnt_want_write(filp->f_path.mnt);
153 if (err)
154 return err;
155 if (get_user(generation, (int __user *) arg)) {
156 err = -EFAULT;
157 goto setversion_out;
160 handle = ext4_journal_start(inode, 1);
161 if (IS_ERR(handle)) {
162 err = PTR_ERR(handle);
163 goto setversion_out;
165 err = ext4_reserve_inode_write(handle, inode, &iloc);
166 if (err == 0) {
167 inode->i_ctime = ext4_current_time(inode);
168 inode->i_generation = generation;
169 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
171 ext4_journal_stop(handle);
172 setversion_out:
173 mnt_drop_write(filp->f_path.mnt);
174 return err;
176 #ifdef CONFIG_JBD2_DEBUG
177 case EXT4_IOC_WAIT_FOR_READONLY:
179 * This is racy - by the time we're woken up and running,
180 * the superblock could be released. And the module could
181 * have been unloaded. So sue me.
183 * Returns 1 if it slept, else zero.
186 struct super_block *sb = inode->i_sb;
187 DECLARE_WAITQUEUE(wait, current);
188 int ret = 0;
190 set_current_state(TASK_INTERRUPTIBLE);
191 add_wait_queue(&EXT4_SB(sb)->ro_wait_queue, &wait);
192 if (timer_pending(&EXT4_SB(sb)->turn_ro_timer)) {
193 schedule();
194 ret = 1;
196 remove_wait_queue(&EXT4_SB(sb)->ro_wait_queue, &wait);
197 return ret;
199 #endif
200 case EXT4_IOC_GROUP_EXTEND: {
201 ext4_fsblk_t n_blocks_count;
202 struct super_block *sb = inode->i_sb;
203 int err, err2=0;
205 if (!capable(CAP_SYS_RESOURCE))
206 return -EPERM;
208 if (get_user(n_blocks_count, (__u32 __user *)arg))
209 return -EFAULT;
211 err = mnt_want_write(filp->f_path.mnt);
212 if (err)
213 return err;
215 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
216 if (EXT4_SB(sb)->s_journal) {
217 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
218 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
219 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
221 if (err == 0)
222 err = err2;
223 mnt_drop_write(filp->f_path.mnt);
225 return err;
228 case EXT4_IOC_MOVE_EXT: {
229 struct move_extent me;
230 struct file *donor_filp;
231 int err;
233 if (!(filp->f_mode & FMODE_READ) ||
234 !(filp->f_mode & FMODE_WRITE))
235 return -EBADF;
237 if (copy_from_user(&me,
238 (struct move_extent __user *)arg, sizeof(me)))
239 return -EFAULT;
240 me.moved_len = 0;
242 donor_filp = fget(me.donor_fd);
243 if (!donor_filp)
244 return -EBADF;
246 if (!(donor_filp->f_mode & FMODE_WRITE)) {
247 err = -EBADF;
248 goto mext_out;
251 err = mnt_want_write(filp->f_path.mnt);
252 if (err)
253 goto mext_out;
255 err = ext4_move_extents(filp, donor_filp, me.orig_start,
256 me.donor_start, me.len, &me.moved_len);
257 mnt_drop_write(filp->f_path.mnt);
258 if (me.moved_len > 0)
259 file_remove_suid(donor_filp);
261 if (copy_to_user((struct move_extent __user *)arg,
262 &me, sizeof(me)))
263 err = -EFAULT;
264 mext_out:
265 fput(donor_filp);
266 return err;
269 case EXT4_IOC_GROUP_ADD: {
270 struct ext4_new_group_data input;
271 struct super_block *sb = inode->i_sb;
272 int err, err2=0;
274 if (!capable(CAP_SYS_RESOURCE))
275 return -EPERM;
277 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
278 sizeof(input)))
279 return -EFAULT;
281 err = mnt_want_write(filp->f_path.mnt);
282 if (err)
283 return err;
285 err = ext4_group_add(sb, &input);
286 if (EXT4_SB(sb)->s_journal) {
287 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
288 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
289 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
291 if (err == 0)
292 err = err2;
293 mnt_drop_write(filp->f_path.mnt);
295 return err;
298 case EXT4_IOC_MIGRATE:
300 int err;
301 if (!inode_owner_or_capable(inode))
302 return -EACCES;
304 err = mnt_want_write(filp->f_path.mnt);
305 if (err)
306 return err;
308 * inode_mutex prevent write and truncate on the file.
309 * Read still goes through. We take i_data_sem in
310 * ext4_ext_swap_inode_data before we switch the
311 * inode format to prevent read.
313 mutex_lock(&(inode->i_mutex));
314 err = ext4_ext_migrate(inode);
315 mutex_unlock(&(inode->i_mutex));
316 mnt_drop_write(filp->f_path.mnt);
317 return err;
320 case EXT4_IOC_ALLOC_DA_BLKS:
322 int err;
323 if (!inode_owner_or_capable(inode))
324 return -EACCES;
326 err = mnt_want_write(filp->f_path.mnt);
327 if (err)
328 return err;
329 err = ext4_alloc_da_blocks(inode);
330 mnt_drop_write(filp->f_path.mnt);
331 return err;
334 case FITRIM:
336 struct super_block *sb = inode->i_sb;
337 struct request_queue *q = bdev_get_queue(sb->s_bdev);
338 struct fstrim_range range;
339 int ret = 0;
341 if (!capable(CAP_SYS_ADMIN))
342 return -EPERM;
344 if (!blk_queue_discard(q))
345 return -EOPNOTSUPP;
347 if (copy_from_user(&range, (struct fstrim_range *)arg,
348 sizeof(range)))
349 return -EFAULT;
351 range.minlen = max((unsigned int)range.minlen,
352 q->limits.discard_granularity);
353 ret = ext4_trim_fs(sb, &range);
354 if (ret < 0)
355 return ret;
357 if (copy_to_user((struct fstrim_range *)arg, &range,
358 sizeof(range)))
359 return -EFAULT;
361 return 0;
364 default:
365 return -ENOTTY;
369 #ifdef CONFIG_COMPAT
370 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
372 /* These are just misnamed, they actually get/put from/to user an int */
373 switch (cmd) {
374 case EXT4_IOC32_GETFLAGS:
375 cmd = EXT4_IOC_GETFLAGS;
376 break;
377 case EXT4_IOC32_SETFLAGS:
378 cmd = EXT4_IOC_SETFLAGS;
379 break;
380 case EXT4_IOC32_GETVERSION:
381 cmd = EXT4_IOC_GETVERSION;
382 break;
383 case EXT4_IOC32_SETVERSION:
384 cmd = EXT4_IOC_SETVERSION;
385 break;
386 case EXT4_IOC32_GROUP_EXTEND:
387 cmd = EXT4_IOC_GROUP_EXTEND;
388 break;
389 case EXT4_IOC32_GETVERSION_OLD:
390 cmd = EXT4_IOC_GETVERSION_OLD;
391 break;
392 case EXT4_IOC32_SETVERSION_OLD:
393 cmd = EXT4_IOC_SETVERSION_OLD;
394 break;
395 #ifdef CONFIG_JBD2_DEBUG
396 case EXT4_IOC32_WAIT_FOR_READONLY:
397 cmd = EXT4_IOC_WAIT_FOR_READONLY;
398 break;
399 #endif
400 case EXT4_IOC32_GETRSVSZ:
401 cmd = EXT4_IOC_GETRSVSZ;
402 break;
403 case EXT4_IOC32_SETRSVSZ:
404 cmd = EXT4_IOC_SETRSVSZ;
405 break;
406 case EXT4_IOC32_GROUP_ADD: {
407 struct compat_ext4_new_group_input __user *uinput;
408 struct ext4_new_group_input input;
409 mm_segment_t old_fs;
410 int err;
412 uinput = compat_ptr(arg);
413 err = get_user(input.group, &uinput->group);
414 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
415 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
416 err |= get_user(input.inode_table, &uinput->inode_table);
417 err |= get_user(input.blocks_count, &uinput->blocks_count);
418 err |= get_user(input.reserved_blocks,
419 &uinput->reserved_blocks);
420 if (err)
421 return -EFAULT;
422 old_fs = get_fs();
423 set_fs(KERNEL_DS);
424 err = ext4_ioctl(file, EXT4_IOC_GROUP_ADD,
425 (unsigned long) &input);
426 set_fs(old_fs);
427 return err;
429 case EXT4_IOC_MOVE_EXT:
430 case FITRIM:
431 break;
432 default:
433 return -ENOIOCTLCMD;
435 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
437 #endif