1 // SPDX-License-Identifier: GPL-2.0 2 #include <linux/capability.h> 3 #include <linux/compat.h> 4 #include <linux/blkdev.h> 5 #include <linux/export.h> 6 #include <linux/gfp.h> 7 #include <linux/blkpg.h> 8 #include <linux/hdreg.h> 9 #include <linux/backing-dev.h> 10 #include <linux/fs.h> 11 #include <linux/blktrace_api.h> 12 #include <linux/pr.h> 13 #include <linux/uaccess.h> 14 #include "blk.h" 15 16 static int blkpg_do_ioctl(struct block_device *bdev, 17 struct blkpg_partition __user *upart, int op) 18 { 19 struct gendisk *disk = bdev->bd_disk; 20 struct blkpg_partition p; 21 sector_t start, length; 22 23 if (disk->flags & GENHD_FL_NO_PART) 24 return -EINVAL; 25 if (!capable(CAP_SYS_ADMIN)) 26 return -EACCES; 27 if (copy_from_user(&p, upart, sizeof(struct blkpg_partition))) 28 return -EFAULT; 29 if (bdev_is_partition(bdev)) 30 return -EINVAL; 31 32 if (p.pno <= 0) 33 return -EINVAL; 34 35 if (op == BLKPG_DEL_PARTITION) 36 return bdev_del_partition(disk, p.pno); 37 38 if (p.start < 0 || p.length <= 0 || p.start + p.length < 0) 39 return -EINVAL; 40 /* Check that the partition is aligned to the block size */ 41 if (!IS_ALIGNED(p.start | p.length, bdev_logical_block_size(bdev))) 42 return -EINVAL; 43 44 start = p.start >> SECTOR_SHIFT; 45 length = p.length >> SECTOR_SHIFT; 46 47 switch (op) { 48 case BLKPG_ADD_PARTITION: 49 return bdev_add_partition(disk, p.pno, start, length); 50 case BLKPG_RESIZE_PARTITION: 51 return bdev_resize_partition(disk, p.pno, start, length); 52 default: 53 return -EINVAL; 54 } 55 } 56 57 static int blkpg_ioctl(struct block_device *bdev, 58 struct blkpg_ioctl_arg __user *arg) 59 { 60 struct blkpg_partition __user *udata; 61 int op; 62 63 if (get_user(op, &arg->op) || get_user(udata, &arg->data)) 64 return -EFAULT; 65 66 return blkpg_do_ioctl(bdev, udata, op); 67 } 68 69 #ifdef CONFIG_COMPAT 70 struct compat_blkpg_ioctl_arg { 71 compat_int_t op; 72 compat_int_t flags; 73 compat_int_t datalen; 74 compat_caddr_t data; 75 }; 76 77 static int compat_blkpg_ioctl(struct block_device *bdev, 78 struct compat_blkpg_ioctl_arg __user *arg) 79 { 80 compat_caddr_t udata; 81 int op; 82 83 if (get_user(op, &arg->op) || get_user(udata, &arg->data)) 84 return -EFAULT; 85 86 return blkpg_do_ioctl(bdev, compat_ptr(udata), op); 87 } 88 #endif 89 90 static int blk_ioctl_discard(struct block_device *bdev, blk_mode_t mode, 91 unsigned long arg) 92 { 93 uint64_t range[2]; 94 uint64_t start, len; 95 struct inode *inode = bdev->bd_inode; 96 int err; 97 98 if (!(mode & BLK_OPEN_WRITE)) 99 return -EBADF; 100 101 if (!bdev_max_discard_sectors(bdev)) 102 return -EOPNOTSUPP; 103 104 if (copy_from_user(range, (void __user *)arg, sizeof(range))) 105 return -EFAULT; 106 107 start = range[0]; 108 len = range[1]; 109 110 if (start & 511) 111 return -EINVAL; 112 if (len & 511) 113 return -EINVAL; 114 115 if (start + len > bdev_nr_bytes(bdev)) 116 return -EINVAL; 117 118 filemap_invalidate_lock(inode->i_mapping); 119 err = truncate_bdev_range(bdev, mode, start, start + len - 1); 120 if (err) 121 goto fail; 122 err = blkdev_issue_discard(bdev, start >> 9, len >> 9, GFP_KERNEL); 123 fail: 124 filemap_invalidate_unlock(inode->i_mapping); 125 return err; 126 } 127 128 static int blk_ioctl_secure_erase(struct block_device *bdev, blk_mode_t mode, 129 void __user *argp) 130 { 131 uint64_t start, len; 132 uint64_t range[2]; 133 int err; 134 135 if (!(mode & BLK_OPEN_WRITE)) 136 return -EBADF; 137 if (!bdev_max_secure_erase_sectors(bdev)) 138 return -EOPNOTSUPP; 139 if (copy_from_user(range, argp, sizeof(range))) 140 return -EFAULT; 141 142 start = range[0]; 143 len = range[1]; 144 if ((start & 511) || (len & 511)) 145 return -EINVAL; 146 if (start + len > bdev_nr_bytes(bdev)) 147 return -EINVAL; 148 149 filemap_invalidate_lock(bdev->bd_inode->i_mapping); 150 err = truncate_bdev_range(bdev, mode, start, start + len - 1); 151 if (!err) 152 err = blkdev_issue_secure_erase(bdev, start >> 9, len >> 9, 153 GFP_KERNEL); 154 filemap_invalidate_unlock(bdev->bd_inode->i_mapping); 155 return err; 156 } 157 158 159 static int blk_ioctl_zeroout(struct block_device *bdev, blk_mode_t mode, 160 unsigned long arg) 161 { 162 uint64_t range[2]; 163 uint64_t start, end, len; 164 struct inode *inode = bdev->bd_inode; 165 int err; 166 167 if (!(mode & BLK_OPEN_WRITE)) 168 return -EBADF; 169 170 if (copy_from_user(range, (void __user *)arg, sizeof(range))) 171 return -EFAULT; 172 173 start = range[0]; 174 len = range[1]; 175 end = start + len - 1; 176 177 if (start & 511) 178 return -EINVAL; 179 if (len & 511) 180 return -EINVAL; 181 if (end >= (uint64_t)bdev_nr_bytes(bdev)) 182 return -EINVAL; 183 if (end < start) 184 return -EINVAL; 185 186 /* Invalidate the page cache, including dirty pages */ 187 filemap_invalidate_lock(inode->i_mapping); 188 err = truncate_bdev_range(bdev, mode, start, end); 189 if (err) 190 goto fail; 191 192 err = blkdev_issue_zeroout(bdev, start >> 9, len >> 9, GFP_KERNEL, 193 BLKDEV_ZERO_NOUNMAP); 194 195 fail: 196 filemap_invalidate_unlock(inode->i_mapping); 197 return err; 198 } 199 200 static int put_ushort(unsigned short __user *argp, unsigned short val) 201 { 202 return put_user(val, argp); 203 } 204 205 static int put_int(int __user *argp, int val) 206 { 207 return put_user(val, argp); 208 } 209 210 static int put_uint(unsigned int __user *argp, unsigned int val) 211 { 212 return put_user(val, argp); 213 } 214 215 static int put_long(long __user *argp, long val) 216 { 217 return put_user(val, argp); 218 } 219 220 static int put_ulong(unsigned long __user *argp, unsigned long val) 221 { 222 return put_user(val, argp); 223 } 224 225 static int put_u64(u64 __user *argp, u64 val) 226 { 227 return put_user(val, argp); 228 } 229 230 #ifdef CONFIG_COMPAT 231 static int compat_put_long(compat_long_t __user *argp, long val) 232 { 233 return put_user(val, argp); 234 } 235 236 static int compat_put_ulong(compat_ulong_t __user *argp, compat_ulong_t val) 237 { 238 return put_user(val, argp); 239 } 240 #endif 241 242 #ifdef CONFIG_COMPAT 243 /* 244 * This is the equivalent of compat_ptr_ioctl(), to be used by block 245 * drivers that implement only commands that are completely compatible 246 * between 32-bit and 64-bit user space 247 */ 248 int blkdev_compat_ptr_ioctl(struct block_device *bdev, blk_mode_t mode, 249 unsigned cmd, unsigned long arg) 250 { 251 struct gendisk *disk = bdev->bd_disk; 252 253 if (disk->fops->ioctl) 254 return disk->fops->ioctl(bdev, mode, cmd, 255 (unsigned long)compat_ptr(arg)); 256 257 return -ENOIOCTLCMD; 258 } 259 EXPORT_SYMBOL(blkdev_compat_ptr_ioctl); 260 #endif 261 262 static bool blkdev_pr_allowed(struct block_device *bdev, blk_mode_t mode) 263 { 264 /* no sense to make reservations for partitions */ 265 if (bdev_is_partition(bdev)) 266 return false; 267 268 if (capable(CAP_SYS_ADMIN)) 269 return true; 270 /* 271 * Only allow unprivileged reservations if the file descriptor is open 272 * for writing. 273 */ 274 return mode & BLK_OPEN_WRITE; 275 } 276 277 static int blkdev_pr_register(struct block_device *bdev, blk_mode_t mode, 278 struct pr_registration __user *arg) 279 { 280 const struct pr_ops *ops = bdev->bd_disk->fops->pr_ops; 281 struct pr_registration reg; 282 283 if (!blkdev_pr_allowed(bdev, mode)) 284 return -EPERM; 285 if (!ops || !ops->pr_register) 286 return -EOPNOTSUPP; 287 if (copy_from_user(®, arg, sizeof(reg))) 288 return -EFAULT; 289 290 if (reg.flags & ~PR_FL_IGNORE_KEY) 291 return -EOPNOTSUPP; 292 return ops->pr_register(bdev, reg.old_key, reg.new_key, reg.flags); 293 } 294 295 static int blkdev_pr_reserve(struct block_device *bdev, blk_mode_t mode, 296 struct pr_reservation __user *arg) 297 { 298 const struct pr_ops *ops = bdev->bd_disk->fops->pr_ops; 299 struct pr_reservation rsv; 300 301 if (!blkdev_pr_allowed(bdev, mode)) 302 return -EPERM; 303 if (!ops || !ops->pr_reserve) 304 return -EOPNOTSUPP; 305 if (copy_from_user(&rsv, arg, sizeof(rsv))) 306 return -EFAULT; 307 308 if (rsv.flags & ~PR_FL_IGNORE_KEY) 309 return -EOPNOTSUPP; 310 return ops->pr_reserve(bdev, rsv.key, rsv.type, rsv.flags); 311 } 312 313 static int blkdev_pr_release(struct block_device *bdev, blk_mode_t mode, 314 struct pr_reservation __user *arg) 315 { 316 const struct pr_ops *ops = bdev->bd_disk->fops->pr_ops; 317 struct pr_reservation rsv; 318 319 if (!blkdev_pr_allowed(bdev, mode)) 320 return -EPERM; 321 if (!ops || !ops->pr_release) 322 return -EOPNOTSUPP; 323 if (copy_from_user(&rsv, arg, sizeof(rsv))) 324 return -EFAULT; 325 326 if (rsv.flags) 327 return -EOPNOTSUPP; 328 return ops->pr_release(bdev, rsv.key, rsv.type); 329 } 330 331 static int blkdev_pr_preempt(struct block_device *bdev, blk_mode_t mode, 332 struct pr_preempt __user *arg, bool abort) 333 { 334 const struct pr_ops *ops = bdev->bd_disk->fops->pr_ops; 335 struct pr_preempt p; 336 337 if (!blkdev_pr_allowed(bdev, mode)) 338 return -EPERM; 339 if (!ops || !ops->pr_preempt) 340 return -EOPNOTSUPP; 341 if (copy_from_user(&p, arg, sizeof(p))) 342 return -EFAULT; 343 344 if (p.flags) 345 return -EOPNOTSUPP; 346 return ops->pr_preempt(bdev, p.old_key, p.new_key, p.type, abort); 347 } 348 349 static int blkdev_pr_clear(struct block_device *bdev, blk_mode_t mode, 350 struct pr_clear __user *arg) 351 { 352 const struct pr_ops *ops = bdev->bd_disk->fops->pr_ops; 353 struct pr_clear c; 354 355 if (!blkdev_pr_allowed(bdev, mode)) 356 return -EPERM; 357 if (!ops || !ops->pr_clear) 358 return -EOPNOTSUPP; 359 if (copy_from_user(&c, arg, sizeof(c))) 360 return -EFAULT; 361 362 if (c.flags) 363 return -EOPNOTSUPP; 364 return ops->pr_clear(bdev, c.key); 365 } 366 367 static int blkdev_flushbuf(struct block_device *bdev, unsigned cmd, 368 unsigned long arg) 369 { 370 if (!capable(CAP_SYS_ADMIN)) 371 return -EACCES; 372 373 mutex_lock(&bdev->bd_holder_lock); 374 if (bdev->bd_holder_ops && bdev->bd_holder_ops->sync) 375 bdev->bd_holder_ops->sync(bdev); 376 else { 377 mutex_unlock(&bdev->bd_holder_lock); 378 sync_blockdev(bdev); 379 } 380 381 invalidate_bdev(bdev); 382 return 0; 383 } 384 385 static int blkdev_roset(struct block_device *bdev, unsigned cmd, 386 unsigned long arg) 387 { 388 int ret, n; 389 390 if (!capable(CAP_SYS_ADMIN)) 391 return -EACCES; 392 393 if (get_user(n, (int __user *)arg)) 394 return -EFAULT; 395 if (bdev->bd_disk->fops->set_read_only) { 396 ret = bdev->bd_disk->fops->set_read_only(bdev, n); 397 if (ret) 398 return ret; 399 } 400 bdev->bd_read_only = n; 401 return 0; 402 } 403 404 static int blkdev_getgeo(struct block_device *bdev, 405 struct hd_geometry __user *argp) 406 { 407 struct gendisk *disk = bdev->bd_disk; 408 struct hd_geometry geo; 409 int ret; 410 411 if (!argp) 412 return -EINVAL; 413 if (!disk->fops->getgeo) 414 return -ENOTTY; 415 416 /* 417 * We need to set the startsect first, the driver may 418 * want to override it. 419 */ 420 memset(&geo, 0, sizeof(geo)); 421 geo.start = get_start_sect(bdev); 422 ret = disk->fops->getgeo(bdev, &geo); 423 if (ret) 424 return ret; 425 if (copy_to_user(argp, &geo, sizeof(geo))) 426 return -EFAULT; 427 return 0; 428 } 429 430 #ifdef CONFIG_COMPAT 431 struct compat_hd_geometry { 432 unsigned char heads; 433 unsigned char sectors; 434 unsigned short cylinders; 435 u32 start; 436 }; 437 438 static int compat_hdio_getgeo(struct block_device *bdev, 439 struct compat_hd_geometry __user *ugeo) 440 { 441 struct gendisk *disk = bdev->bd_disk; 442 struct hd_geometry geo; 443 int ret; 444 445 if (!ugeo) 446 return -EINVAL; 447 if (!disk->fops->getgeo) 448 return -ENOTTY; 449 450 memset(&geo, 0, sizeof(geo)); 451 /* 452 * We need to set the startsect first, the driver may 453 * want to override it. 454 */ 455 geo.start = get_start_sect(bdev); 456 ret = disk->fops->getgeo(bdev, &geo); 457 if (ret) 458 return ret; 459 460 ret = copy_to_user(ugeo, &geo, 4); 461 ret |= put_user(geo.start, &ugeo->start); 462 if (ret) 463 ret = -EFAULT; 464 465 return ret; 466 } 467 #endif 468 469 /* set the logical block size */ 470 static int blkdev_bszset(struct block_device *bdev, blk_mode_t mode, 471 int __user *argp) 472 { 473 int ret, n; 474 struct bdev_handle *handle; 475 476 if (!capable(CAP_SYS_ADMIN)) 477 return -EACCES; 478 if (!argp) 479 return -EINVAL; 480 if (get_user(n, argp)) 481 return -EFAULT; 482 483 if (mode & BLK_OPEN_EXCL) 484 return set_blocksize(bdev, n); 485 486 handle = bdev_open_by_dev(bdev->bd_dev, mode, &bdev, NULL); 487 if (IS_ERR(handle)) 488 return -EBUSY; 489 ret = set_blocksize(bdev, n); 490 bdev_release(handle); 491 492 return ret; 493 } 494 495 /* 496 * Common commands that are handled the same way on native and compat 497 * user space. Note the separate arg/argp parameters that are needed 498 * to deal with the compat_ptr() conversion. 499 */ 500 static int blkdev_common_ioctl(struct block_device *bdev, blk_mode_t mode, 501 unsigned int cmd, unsigned long arg, 502 void __user *argp) 503 { 504 unsigned int max_sectors; 505 506 switch (cmd) { 507 case BLKFLSBUF: 508 return blkdev_flushbuf(bdev, cmd, arg); 509 case BLKROSET: 510 return blkdev_roset(bdev, cmd, arg); 511 case BLKDISCARD: 512 return blk_ioctl_discard(bdev, mode, arg); 513 case BLKSECDISCARD: 514 return blk_ioctl_secure_erase(bdev, mode, argp); 515 case BLKZEROOUT: 516 return blk_ioctl_zeroout(bdev, mode, arg); 517 case BLKGETDISKSEQ: 518 return put_u64(argp, bdev->bd_disk->diskseq); 519 case BLKREPORTZONE: 520 return blkdev_report_zones_ioctl(bdev, cmd, arg); 521 case BLKRESETZONE: 522 case BLKOPENZONE: 523 case BLKCLOSEZONE: 524 case BLKFINISHZONE: 525 return blkdev_zone_mgmt_ioctl(bdev, mode, cmd, arg); 526 case BLKGETZONESZ: 527 return put_uint(argp, bdev_zone_sectors(bdev)); 528 case BLKGETNRZONES: 529 return put_uint(argp, bdev_nr_zones(bdev)); 530 case BLKROGET: 531 return put_int(argp, bdev_read_only(bdev) != 0); 532 case BLKSSZGET: /* get block device logical block size */ 533 return put_int(argp, bdev_logical_block_size(bdev)); 534 case BLKPBSZGET: /* get block device physical block size */ 535 return put_uint(argp, bdev_physical_block_size(bdev)); 536 case BLKIOMIN: 537 return put_uint(argp, bdev_io_min(bdev)); 538 case BLKIOOPT: 539 return put_uint(argp, bdev_io_opt(bdev)); 540 case BLKALIGNOFF: 541 return put_int(argp, bdev_alignment_offset(bdev)); 542 case BLKDISCARDZEROES: 543 return put_uint(argp, 0); 544 case BLKSECTGET: 545 max_sectors = min_t(unsigned int, USHRT_MAX, 546 queue_max_sectors(bdev_get_queue(bdev))); 547 return put_ushort(argp, max_sectors); 548 case BLKROTATIONAL: 549 return put_ushort(argp, !bdev_nonrot(bdev)); 550 case BLKRASET: 551 case BLKFRASET: 552 if(!capable(CAP_SYS_ADMIN)) 553 return -EACCES; 554 bdev->bd_disk->bdi->ra_pages = (arg * 512) / PAGE_SIZE; 555 return 0; 556 case BLKRRPART: 557 if (!capable(CAP_SYS_ADMIN)) 558 return -EACCES; 559 if (bdev_is_partition(bdev)) 560 return -EINVAL; 561 return disk_scan_partitions(bdev->bd_disk, mode); 562 case BLKTRACESTART: 563 case BLKTRACESTOP: 564 case BLKTRACETEARDOWN: 565 return blk_trace_ioctl(bdev, cmd, argp); 566 case IOC_PR_REGISTER: 567 return blkdev_pr_register(bdev, mode, argp); 568 case IOC_PR_RESERVE: 569 return blkdev_pr_reserve(bdev, mode, argp); 570 case IOC_PR_RELEASE: 571 return blkdev_pr_release(bdev, mode, argp); 572 case IOC_PR_PREEMPT: 573 return blkdev_pr_preempt(bdev, mode, argp, false); 574 case IOC_PR_PREEMPT_ABORT: 575 return blkdev_pr_preempt(bdev, mode, argp, true); 576 case IOC_PR_CLEAR: 577 return blkdev_pr_clear(bdev, mode, argp); 578 default: 579 return -ENOIOCTLCMD; 580 } 581 } 582 583 /* 584 * Always keep this in sync with compat_blkdev_ioctl() 585 * to handle all incompatible commands in both functions. 586 * 587 * New commands must be compatible and go into blkdev_common_ioctl 588 */ 589 long blkdev_ioctl(struct file *file, unsigned cmd, unsigned long arg) 590 { 591 struct block_device *bdev = I_BDEV(file->f_mapping->host); 592 void __user *argp = (void __user *)arg; 593 blk_mode_t mode = file_to_blk_mode(file); 594 int ret; 595 596 switch (cmd) { 597 /* These need separate implementations for the data structure */ 598 case HDIO_GETGEO: 599 return blkdev_getgeo(bdev, argp); 600 case BLKPG: 601 return blkpg_ioctl(bdev, argp); 602 603 /* Compat mode returns 32-bit data instead of 'long' */ 604 case BLKRAGET: 605 case BLKFRAGET: 606 if (!argp) 607 return -EINVAL; 608 return put_long(argp, 609 (bdev->bd_disk->bdi->ra_pages * PAGE_SIZE) / 512); 610 case BLKGETSIZE: 611 if (bdev_nr_sectors(bdev) > ~0UL) 612 return -EFBIG; 613 return put_ulong(argp, bdev_nr_sectors(bdev)); 614 615 /* The data is compatible, but the command number is different */ 616 case BLKBSZGET: /* get block device soft block size (cf. BLKSSZGET) */ 617 return put_int(argp, block_size(bdev)); 618 case BLKBSZSET: 619 return blkdev_bszset(bdev, mode, argp); 620 case BLKGETSIZE64: 621 return put_u64(argp, bdev_nr_bytes(bdev)); 622 623 /* Incompatible alignment on i386 */ 624 case BLKTRACESETUP: 625 return blk_trace_ioctl(bdev, cmd, argp); 626 default: 627 break; 628 } 629 630 ret = blkdev_common_ioctl(bdev, mode, cmd, arg, argp); 631 if (ret != -ENOIOCTLCMD) 632 return ret; 633 634 if (!bdev->bd_disk->fops->ioctl) 635 return -ENOTTY; 636 return bdev->bd_disk->fops->ioctl(bdev, mode, cmd, arg); 637 } 638 639 #ifdef CONFIG_COMPAT 640 641 #define BLKBSZGET_32 _IOR(0x12, 112, int) 642 #define BLKBSZSET_32 _IOW(0x12, 113, int) 643 #define BLKGETSIZE64_32 _IOR(0x12, 114, int) 644 645 /* Most of the generic ioctls are handled in the normal fallback path. 646 This assumes the blkdev's low level compat_ioctl always returns 647 ENOIOCTLCMD for unknown ioctls. */ 648 long compat_blkdev_ioctl(struct file *file, unsigned cmd, unsigned long arg) 649 { 650 int ret; 651 void __user *argp = compat_ptr(arg); 652 struct block_device *bdev = I_BDEV(file->f_mapping->host); 653 struct gendisk *disk = bdev->bd_disk; 654 blk_mode_t mode = file_to_blk_mode(file); 655 656 switch (cmd) { 657 /* These need separate implementations for the data structure */ 658 case HDIO_GETGEO: 659 return compat_hdio_getgeo(bdev, argp); 660 case BLKPG: 661 return compat_blkpg_ioctl(bdev, argp); 662 663 /* Compat mode returns 32-bit data instead of 'long' */ 664 case BLKRAGET: 665 case BLKFRAGET: 666 if (!argp) 667 return -EINVAL; 668 return compat_put_long(argp, 669 (bdev->bd_disk->bdi->ra_pages * PAGE_SIZE) / 512); 670 case BLKGETSIZE: 671 if (bdev_nr_sectors(bdev) > ~(compat_ulong_t)0) 672 return -EFBIG; 673 return compat_put_ulong(argp, bdev_nr_sectors(bdev)); 674 675 /* The data is compatible, but the command number is different */ 676 case BLKBSZGET_32: /* get the logical block size (cf. BLKSSZGET) */ 677 return put_int(argp, bdev_logical_block_size(bdev)); 678 case BLKBSZSET_32: 679 return blkdev_bszset(bdev, mode, argp); 680 case BLKGETSIZE64_32: 681 return put_u64(argp, bdev_nr_bytes(bdev)); 682 683 /* Incompatible alignment on i386 */ 684 case BLKTRACESETUP32: 685 return blk_trace_ioctl(bdev, cmd, argp); 686 default: 687 break; 688 } 689 690 ret = blkdev_common_ioctl(bdev, mode, cmd, arg, argp); 691 if (ret == -ENOIOCTLCMD && disk->fops->compat_ioctl) 692 ret = disk->fops->compat_ioctl(bdev, mode, cmd, arg); 693 694 return ret; 695 } 696 #endif 697