1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ioctl.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 */ 7 8 #include <linux/syscalls.h> 9 #include <linux/mm.h> 10 #include <linux/capability.h> 11 #include <linux/compat.h> 12 #include <linux/file.h> 13 #include <linux/fs.h> 14 #include <linux/security.h> 15 #include <linux/export.h> 16 #include <linux/uaccess.h> 17 #include <linux/writeback.h> 18 #include <linux/buffer_head.h> 19 #include <linux/falloc.h> 20 #include <linux/sched/signal.h> 21 #include <linux/fiemap.h> 22 #include <linux/mount.h> 23 #include <linux/fscrypt.h> 24 #include <linux/fileattr.h> 25 26 #include "internal.h" 27 28 #include <asm/ioctls.h> 29 30 /* So that the fiemap access checks can't overflow on 32 bit machines. */ 31 #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent)) 32 33 /** 34 * vfs_ioctl - call filesystem specific ioctl methods 35 * @filp: open file to invoke ioctl method on 36 * @cmd: ioctl command to execute 37 * @arg: command-specific argument for ioctl 38 * 39 * Invokes filesystem specific ->unlocked_ioctl, if one exists; otherwise 40 * returns -ENOTTY. 41 * 42 * Returns 0 on success, -errno on error. 43 */ 44 int vfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 45 { 46 int error = -ENOTTY; 47 48 if (!filp->f_op->unlocked_ioctl) 49 goto out; 50 51 error = filp->f_op->unlocked_ioctl(filp, cmd, arg); 52 if (error == -ENOIOCTLCMD) 53 error = -ENOTTY; 54 out: 55 return error; 56 } 57 EXPORT_SYMBOL(vfs_ioctl); 58 59 static int ioctl_fibmap(struct file *filp, int __user *p) 60 { 61 struct inode *inode = file_inode(filp); 62 struct super_block *sb = inode->i_sb; 63 int error, ur_block; 64 sector_t block; 65 66 if (!capable(CAP_SYS_RAWIO)) 67 return -EPERM; 68 69 error = get_user(ur_block, p); 70 if (error) 71 return error; 72 73 if (ur_block < 0) 74 return -EINVAL; 75 76 block = ur_block; 77 error = bmap(inode, &block); 78 79 if (block > INT_MAX) { 80 error = -ERANGE; 81 pr_warn_ratelimited("[%s/%d] FS: %s File: %pD4 would truncate fibmap result\n", 82 current->comm, task_pid_nr(current), 83 sb->s_id, filp); 84 } 85 86 if (error) 87 ur_block = 0; 88 else 89 ur_block = block; 90 91 if (put_user(ur_block, p)) 92 error = -EFAULT; 93 94 return error; 95 } 96 97 /** 98 * fiemap_fill_next_extent - Fiemap helper function 99 * @fieinfo: Fiemap context passed into ->fiemap 100 * @logical: Extent logical start offset, in bytes 101 * @phys: Extent physical start offset, in bytes 102 * @len: Extent length, in bytes 103 * @flags: FIEMAP_EXTENT flags that describe this extent 104 * 105 * Called from file system ->fiemap callback. Will populate extent 106 * info as passed in via arguments and copy to user memory. On 107 * success, extent count on fieinfo is incremented. 108 * 109 * Returns 0 on success, -errno on error, 1 if this was the last 110 * extent that will fit in user array. 111 */ 112 int fiemap_fill_next_extent(struct fiemap_extent_info *fieinfo, u64 logical, 113 u64 phys, u64 len, u32 flags) 114 { 115 struct fiemap_extent extent; 116 struct fiemap_extent __user *dest = fieinfo->fi_extents_start; 117 118 /* only count the extents */ 119 if (fieinfo->fi_extents_max == 0) { 120 fieinfo->fi_extents_mapped++; 121 return (flags & FIEMAP_EXTENT_LAST) ? 1 : 0; 122 } 123 124 if (fieinfo->fi_extents_mapped >= fieinfo->fi_extents_max) 125 return 1; 126 127 #define SET_UNKNOWN_FLAGS (FIEMAP_EXTENT_DELALLOC) 128 #define SET_NO_UNMOUNTED_IO_FLAGS (FIEMAP_EXTENT_DATA_ENCRYPTED) 129 #define SET_NOT_ALIGNED_FLAGS (FIEMAP_EXTENT_DATA_TAIL|FIEMAP_EXTENT_DATA_INLINE) 130 131 if (flags & SET_UNKNOWN_FLAGS) 132 flags |= FIEMAP_EXTENT_UNKNOWN; 133 if (flags & SET_NO_UNMOUNTED_IO_FLAGS) 134 flags |= FIEMAP_EXTENT_ENCODED; 135 if (flags & SET_NOT_ALIGNED_FLAGS) 136 flags |= FIEMAP_EXTENT_NOT_ALIGNED; 137 138 memset(&extent, 0, sizeof(extent)); 139 extent.fe_logical = logical; 140 extent.fe_physical = phys; 141 extent.fe_length = len; 142 extent.fe_flags = flags; 143 144 dest += fieinfo->fi_extents_mapped; 145 if (copy_to_user(dest, &extent, sizeof(extent))) 146 return -EFAULT; 147 148 fieinfo->fi_extents_mapped++; 149 if (fieinfo->fi_extents_mapped == fieinfo->fi_extents_max) 150 return 1; 151 return (flags & FIEMAP_EXTENT_LAST) ? 1 : 0; 152 } 153 EXPORT_SYMBOL(fiemap_fill_next_extent); 154 155 /** 156 * fiemap_prep - check validity of requested flags for fiemap 157 * @inode: Inode to operate on 158 * @fieinfo: Fiemap context passed into ->fiemap 159 * @start: Start of the mapped range 160 * @len: Length of the mapped range, can be truncated by this function. 161 * @supported_flags: Set of fiemap flags that the file system understands 162 * 163 * This function must be called from each ->fiemap instance to validate the 164 * fiemap request against the file system parameters. 165 * 166 * Returns 0 on success, or a negative error on failure. 167 */ 168 int fiemap_prep(struct inode *inode, struct fiemap_extent_info *fieinfo, 169 u64 start, u64 *len, u32 supported_flags) 170 { 171 u64 maxbytes = inode->i_sb->s_maxbytes; 172 u32 incompat_flags; 173 int ret = 0; 174 175 if (*len == 0) 176 return -EINVAL; 177 if (start >= maxbytes) 178 return -EFBIG; 179 180 /* 181 * Shrink request scope to what the fs can actually handle. 182 */ 183 if (*len > maxbytes || (maxbytes - *len) < start) 184 *len = maxbytes - start; 185 186 supported_flags |= FIEMAP_FLAG_SYNC; 187 supported_flags &= FIEMAP_FLAGS_COMPAT; 188 incompat_flags = fieinfo->fi_flags & ~supported_flags; 189 if (incompat_flags) { 190 fieinfo->fi_flags = incompat_flags; 191 return -EBADR; 192 } 193 194 if (fieinfo->fi_flags & FIEMAP_FLAG_SYNC) 195 ret = filemap_write_and_wait(inode->i_mapping); 196 return ret; 197 } 198 EXPORT_SYMBOL(fiemap_prep); 199 200 static int ioctl_fiemap(struct file *filp, struct fiemap __user *ufiemap) 201 { 202 struct fiemap fiemap; 203 struct fiemap_extent_info fieinfo = { 0, }; 204 struct inode *inode = file_inode(filp); 205 int error; 206 207 if (!inode->i_op->fiemap) 208 return -EOPNOTSUPP; 209 210 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap))) 211 return -EFAULT; 212 213 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS) 214 return -EINVAL; 215 216 fieinfo.fi_flags = fiemap.fm_flags; 217 fieinfo.fi_extents_max = fiemap.fm_extent_count; 218 fieinfo.fi_extents_start = ufiemap->fm_extents; 219 220 error = inode->i_op->fiemap(inode, &fieinfo, fiemap.fm_start, 221 fiemap.fm_length); 222 223 fiemap.fm_flags = fieinfo.fi_flags; 224 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped; 225 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap))) 226 error = -EFAULT; 227 228 return error; 229 } 230 231 static int ioctl_file_clone(struct file *dst_file, unsigned long srcfd, 232 u64 off, u64 olen, u64 destoff) 233 { 234 CLASS(fd, src_file)(srcfd); 235 loff_t cloned; 236 int ret; 237 238 if (fd_empty(src_file)) 239 return -EBADF; 240 cloned = vfs_clone_file_range(fd_file(src_file), off, dst_file, destoff, 241 olen, 0); 242 if (cloned < 0) 243 ret = cloned; 244 else if (olen && cloned != olen) 245 ret = -EINVAL; 246 else 247 ret = 0; 248 return ret; 249 } 250 251 static int ioctl_file_clone_range(struct file *file, 252 struct file_clone_range __user *argp) 253 { 254 struct file_clone_range args; 255 256 if (copy_from_user(&args, argp, sizeof(args))) 257 return -EFAULT; 258 return ioctl_file_clone(file, args.src_fd, args.src_offset, 259 args.src_length, args.dest_offset); 260 } 261 262 /* 263 * This provides compatibility with legacy XFS pre-allocation ioctls 264 * which predate the fallocate syscall. 265 * 266 * Only the l_start, l_len and l_whence fields of the 'struct space_resv' 267 * are used here, rest are ignored. 268 */ 269 static int ioctl_preallocate(struct file *filp, int mode, void __user *argp) 270 { 271 struct inode *inode = file_inode(filp); 272 struct space_resv sr; 273 274 if (copy_from_user(&sr, argp, sizeof(sr))) 275 return -EFAULT; 276 277 switch (sr.l_whence) { 278 case SEEK_SET: 279 break; 280 case SEEK_CUR: 281 sr.l_start += filp->f_pos; 282 break; 283 case SEEK_END: 284 sr.l_start += i_size_read(inode); 285 break; 286 default: 287 return -EINVAL; 288 } 289 290 return vfs_fallocate(filp, mode | FALLOC_FL_KEEP_SIZE, sr.l_start, 291 sr.l_len); 292 } 293 294 /* on ia32 l_start is on a 32-bit boundary */ 295 #if defined CONFIG_COMPAT && defined(CONFIG_X86_64) 296 /* just account for different alignment */ 297 static int compat_ioctl_preallocate(struct file *file, int mode, 298 struct space_resv_32 __user *argp) 299 { 300 struct inode *inode = file_inode(file); 301 struct space_resv_32 sr; 302 303 if (copy_from_user(&sr, argp, sizeof(sr))) 304 return -EFAULT; 305 306 switch (sr.l_whence) { 307 case SEEK_SET: 308 break; 309 case SEEK_CUR: 310 sr.l_start += file->f_pos; 311 break; 312 case SEEK_END: 313 sr.l_start += i_size_read(inode); 314 break; 315 default: 316 return -EINVAL; 317 } 318 319 return vfs_fallocate(file, mode | FALLOC_FL_KEEP_SIZE, sr.l_start, sr.l_len); 320 } 321 #endif 322 323 static int file_ioctl(struct file *filp, unsigned int cmd, int __user *p) 324 { 325 switch (cmd) { 326 case FIBMAP: 327 return ioctl_fibmap(filp, p); 328 case FS_IOC_RESVSP: 329 case FS_IOC_RESVSP64: 330 return ioctl_preallocate(filp, 0, p); 331 case FS_IOC_UNRESVSP: 332 case FS_IOC_UNRESVSP64: 333 return ioctl_preallocate(filp, FALLOC_FL_PUNCH_HOLE, p); 334 case FS_IOC_ZERO_RANGE: 335 return ioctl_preallocate(filp, FALLOC_FL_ZERO_RANGE, p); 336 } 337 338 return -ENOIOCTLCMD; 339 } 340 341 static int ioctl_fionbio(struct file *filp, int __user *argp) 342 { 343 unsigned int flag; 344 int on, error; 345 346 error = get_user(on, argp); 347 if (error) 348 return error; 349 flag = O_NONBLOCK; 350 #ifdef __sparc__ 351 /* SunOS compatibility item. */ 352 if (O_NONBLOCK != O_NDELAY) 353 flag |= O_NDELAY; 354 #endif 355 spin_lock(&filp->f_lock); 356 if (on) 357 filp->f_flags |= flag; 358 else 359 filp->f_flags &= ~flag; 360 spin_unlock(&filp->f_lock); 361 return error; 362 } 363 364 static int ioctl_fioasync(unsigned int fd, struct file *filp, 365 int __user *argp) 366 { 367 unsigned int flag; 368 int on, error; 369 370 error = get_user(on, argp); 371 if (error) 372 return error; 373 flag = on ? FASYNC : 0; 374 375 /* Did FASYNC state change ? */ 376 if ((flag ^ filp->f_flags) & FASYNC) { 377 if (filp->f_op->fasync) 378 /* fasync() adjusts filp->f_flags */ 379 error = filp->f_op->fasync(fd, filp, on); 380 else 381 error = -ENOTTY; 382 } 383 return error < 0 ? error : 0; 384 } 385 386 static int ioctl_fsfreeze(struct file *filp) 387 { 388 struct super_block *sb = file_inode(filp)->i_sb; 389 390 if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) 391 return -EPERM; 392 393 /* If filesystem doesn't support freeze feature, return. */ 394 if (sb->s_op->freeze_fs == NULL && sb->s_op->freeze_super == NULL) 395 return -EOPNOTSUPP; 396 397 /* Freeze */ 398 if (sb->s_op->freeze_super) 399 return sb->s_op->freeze_super(sb, FREEZE_HOLDER_USERSPACE, NULL); 400 return freeze_super(sb, FREEZE_HOLDER_USERSPACE, NULL); 401 } 402 403 static int ioctl_fsthaw(struct file *filp) 404 { 405 struct super_block *sb = file_inode(filp)->i_sb; 406 407 if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) 408 return -EPERM; 409 410 /* Thaw */ 411 if (sb->s_op->thaw_super) 412 return sb->s_op->thaw_super(sb, FREEZE_HOLDER_USERSPACE, NULL); 413 return thaw_super(sb, FREEZE_HOLDER_USERSPACE, NULL); 414 } 415 416 static int ioctl_file_dedupe_range(struct file *file, 417 struct file_dedupe_range __user *argp) 418 { 419 struct file_dedupe_range *same = NULL; 420 int ret; 421 unsigned long size; 422 u16 count; 423 424 if (get_user(count, &argp->dest_count)) { 425 ret = -EFAULT; 426 goto out; 427 } 428 429 size = offsetof(struct file_dedupe_range, info[count]); 430 if (size > PAGE_SIZE) { 431 ret = -ENOMEM; 432 goto out; 433 } 434 435 same = memdup_user(argp, size); 436 if (IS_ERR(same)) { 437 ret = PTR_ERR(same); 438 same = NULL; 439 goto out; 440 } 441 442 same->dest_count = count; 443 ret = vfs_dedupe_file_range(file, same); 444 if (ret) 445 goto out; 446 447 ret = copy_to_user(argp, same, size); 448 if (ret) 449 ret = -EFAULT; 450 451 out: 452 kfree(same); 453 return ret; 454 } 455 456 static int ioctl_getfsuuid(struct file *file, void __user *argp) 457 { 458 struct super_block *sb = file_inode(file)->i_sb; 459 struct fsuuid2 u = { .len = sb->s_uuid_len, }; 460 461 if (!sb->s_uuid_len) 462 return -ENOTTY; 463 464 memcpy(&u.uuid[0], &sb->s_uuid, sb->s_uuid_len); 465 466 return copy_to_user(argp, &u, sizeof(u)) ? -EFAULT : 0; 467 } 468 469 static int ioctl_get_fs_sysfs_path(struct file *file, void __user *argp) 470 { 471 struct super_block *sb = file_inode(file)->i_sb; 472 473 if (!strlen(sb->s_sysfs_name)) 474 return -ENOTTY; 475 476 struct fs_sysfs_path u = {}; 477 478 u.len = scnprintf(u.name, sizeof(u.name), "%s/%s", sb->s_type->name, sb->s_sysfs_name); 479 480 return copy_to_user(argp, &u, sizeof(u)) ? -EFAULT : 0; 481 } 482 483 /* 484 * do_vfs_ioctl() is not for drivers and not intended to be EXPORT_SYMBOL()'d. 485 * It's just a simple helper for sys_ioctl and compat_sys_ioctl. 486 * 487 * When you add any new common ioctls to the switches above and below, 488 * please ensure they have compatible arguments in compat mode. 489 * 490 * The LSM mailing list should also be notified of any command additions or 491 * changes, as specific LSMs may be affected. 492 */ 493 static int do_vfs_ioctl(struct file *filp, unsigned int fd, 494 unsigned int cmd, unsigned long arg) 495 { 496 void __user *argp = (void __user *)arg; 497 struct inode *inode = file_inode(filp); 498 499 switch (cmd) { 500 case FIOCLEX: 501 set_close_on_exec(fd, 1); 502 return 0; 503 504 case FIONCLEX: 505 set_close_on_exec(fd, 0); 506 return 0; 507 508 case FIONBIO: 509 return ioctl_fionbio(filp, argp); 510 511 case FIOASYNC: 512 return ioctl_fioasync(fd, filp, argp); 513 514 case FIOQSIZE: 515 if (S_ISDIR(inode->i_mode) || 516 (S_ISREG(inode->i_mode) && !IS_ANON_FILE(inode)) || 517 S_ISLNK(inode->i_mode)) { 518 loff_t res = inode_get_bytes(inode); 519 return copy_to_user(argp, &res, sizeof(res)) ? 520 -EFAULT : 0; 521 } 522 523 return -ENOTTY; 524 525 case FIFREEZE: 526 return ioctl_fsfreeze(filp); 527 528 case FITHAW: 529 return ioctl_fsthaw(filp); 530 531 case FS_IOC_FIEMAP: 532 return ioctl_fiemap(filp, argp); 533 534 case FIGETBSZ: 535 /* anon_bdev filesystems may not have a block size */ 536 if (!inode->i_sb->s_blocksize) 537 return -EINVAL; 538 539 return put_user(inode->i_sb->s_blocksize, (int __user *)argp); 540 541 case FICLONE: 542 return ioctl_file_clone(filp, arg, 0, 0, 0); 543 544 case FICLONERANGE: 545 return ioctl_file_clone_range(filp, argp); 546 547 case FIDEDUPERANGE: 548 return ioctl_file_dedupe_range(filp, argp); 549 550 case FIONREAD: 551 if (!S_ISREG(inode->i_mode) || IS_ANON_FILE(inode)) 552 return vfs_ioctl(filp, cmd, arg); 553 554 return put_user(i_size_read(inode) - filp->f_pos, 555 (int __user *)argp); 556 557 case FS_IOC_GETFLAGS: 558 return ioctl_getflags(filp, argp); 559 560 case FS_IOC_SETFLAGS: 561 return ioctl_setflags(filp, argp); 562 563 case FS_IOC_FSGETXATTR: 564 return ioctl_fsgetxattr(filp, argp); 565 566 case FS_IOC_FSSETXATTR: 567 return ioctl_fssetxattr(filp, argp); 568 569 case FS_IOC_GETFSUUID: 570 return ioctl_getfsuuid(filp, argp); 571 572 case FS_IOC_GETFSSYSFSPATH: 573 return ioctl_get_fs_sysfs_path(filp, argp); 574 575 default: 576 if (S_ISREG(inode->i_mode) && !IS_ANON_FILE(inode)) 577 return file_ioctl(filp, cmd, argp); 578 break; 579 } 580 581 return -ENOIOCTLCMD; 582 } 583 584 SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd, unsigned long, arg) 585 { 586 CLASS(fd, f)(fd); 587 int error; 588 589 if (fd_empty(f)) 590 return -EBADF; 591 592 error = security_file_ioctl(fd_file(f), cmd, arg); 593 if (error) 594 return error; 595 596 error = do_vfs_ioctl(fd_file(f), fd, cmd, arg); 597 if (error == -ENOIOCTLCMD) 598 error = vfs_ioctl(fd_file(f), cmd, arg); 599 600 return error; 601 } 602 603 #ifdef CONFIG_COMPAT 604 /** 605 * compat_ptr_ioctl - generic implementation of .compat_ioctl file operation 606 * @file: The file to operate on. 607 * @cmd: The ioctl command number. 608 * @arg: The argument to the ioctl. 609 * 610 * This is not normally called as a function, but instead set in struct 611 * file_operations as 612 * 613 * .compat_ioctl = compat_ptr_ioctl, 614 * 615 * On most architectures, the compat_ptr_ioctl() just passes all arguments 616 * to the corresponding ->ioctl handler. The exception is arch/s390, where 617 * compat_ptr() clears the top bit of a 32-bit pointer value, so user space 618 * pointers to the second 2GB alias the first 2GB, as is the case for 619 * native 32-bit s390 user space. 620 * 621 * The compat_ptr_ioctl() function must therefore be used only with ioctl 622 * functions that either ignore the argument or pass a pointer to a 623 * compatible data type. 624 * 625 * If any ioctl command handled by fops->unlocked_ioctl passes a plain 626 * integer instead of a pointer, or any of the passed data types 627 * is incompatible between 32-bit and 64-bit architectures, a proper 628 * handler is required instead of compat_ptr_ioctl. 629 */ 630 long compat_ptr_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 631 { 632 if (!file->f_op->unlocked_ioctl) 633 return -ENOIOCTLCMD; 634 635 return file->f_op->unlocked_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 636 } 637 EXPORT_SYMBOL(compat_ptr_ioctl); 638 639 COMPAT_SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd, 640 compat_ulong_t, arg) 641 { 642 CLASS(fd, f)(fd); 643 int error; 644 645 if (fd_empty(f)) 646 return -EBADF; 647 648 error = security_file_ioctl_compat(fd_file(f), cmd, arg); 649 if (error) 650 return error; 651 652 switch (cmd) { 653 /* FICLONE takes an int argument, so don't use compat_ptr() */ 654 case FICLONE: 655 error = ioctl_file_clone(fd_file(f), arg, 0, 0, 0); 656 break; 657 658 #if defined(CONFIG_X86_64) 659 /* these get messy on amd64 due to alignment differences */ 660 case FS_IOC_RESVSP_32: 661 case FS_IOC_RESVSP64_32: 662 error = compat_ioctl_preallocate(fd_file(f), 0, compat_ptr(arg)); 663 break; 664 case FS_IOC_UNRESVSP_32: 665 case FS_IOC_UNRESVSP64_32: 666 error = compat_ioctl_preallocate(fd_file(f), FALLOC_FL_PUNCH_HOLE, 667 compat_ptr(arg)); 668 break; 669 case FS_IOC_ZERO_RANGE_32: 670 error = compat_ioctl_preallocate(fd_file(f), FALLOC_FL_ZERO_RANGE, 671 compat_ptr(arg)); 672 break; 673 #endif 674 675 /* 676 * These access 32-bit values anyway so no further handling is 677 * necessary. 678 */ 679 case FS_IOC32_GETFLAGS: 680 case FS_IOC32_SETFLAGS: 681 cmd = (cmd == FS_IOC32_GETFLAGS) ? 682 FS_IOC_GETFLAGS : FS_IOC_SETFLAGS; 683 fallthrough; 684 /* 685 * everything else in do_vfs_ioctl() takes either a compatible 686 * pointer argument or no argument -- call it with a modified 687 * argument. 688 */ 689 default: 690 error = do_vfs_ioctl(fd_file(f), fd, cmd, 691 (unsigned long)compat_ptr(arg)); 692 if (error != -ENOIOCTLCMD) 693 break; 694 695 if (fd_file(f)->f_op->compat_ioctl) 696 error = fd_file(f)->f_op->compat_ioctl(fd_file(f), cmd, arg); 697 if (error == -ENOIOCTLCMD) 698 error = -ENOTTY; 699 break; 700 } 701 return error; 702 } 703 #endif 704