1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ioctl.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 */ 7 8 #include <linux/syscalls.h> 9 #include <linux/mm.h> 10 #include <linux/capability.h> 11 #include <linux/compat.h> 12 #include <linux/file.h> 13 #include <linux/fs.h> 14 #include <linux/security.h> 15 #include <linux/export.h> 16 #include <linux/uaccess.h> 17 #include <linux/writeback.h> 18 #include <linux/buffer_head.h> 19 #include <linux/falloc.h> 20 #include <linux/sched/signal.h> 21 #include <linux/fiemap.h> 22 #include <linux/mount.h> 23 #include <linux/fscrypt.h> 24 #include <linux/fileattr.h> 25 26 #include "internal.h" 27 28 #include <asm/ioctls.h> 29 30 /* So that the fiemap access checks can't overflow on 32 bit machines. */ 31 #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent)) 32 33 /** 34 * vfs_ioctl - call filesystem specific ioctl methods 35 * @filp: open file to invoke ioctl method on 36 * @cmd: ioctl command to execute 37 * @arg: command-specific argument for ioctl 38 * 39 * Invokes filesystem specific ->unlocked_ioctl, if one exists; otherwise 40 * returns -ENOTTY. 41 * 42 * Returns 0 on success, -errno on error. 43 */ 44 long vfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 45 { 46 int error = -ENOTTY; 47 48 if (!filp->f_op->unlocked_ioctl) 49 goto out; 50 51 error = filp->f_op->unlocked_ioctl(filp, cmd, arg); 52 if (error == -ENOIOCTLCMD) 53 error = -ENOTTY; 54 out: 55 return error; 56 } 57 EXPORT_SYMBOL(vfs_ioctl); 58 59 static int ioctl_fibmap(struct file *filp, int __user *p) 60 { 61 struct inode *inode = file_inode(filp); 62 struct super_block *sb = inode->i_sb; 63 int error, ur_block; 64 sector_t block; 65 66 if (!capable(CAP_SYS_RAWIO)) 67 return -EPERM; 68 69 error = get_user(ur_block, p); 70 if (error) 71 return error; 72 73 if (ur_block < 0) 74 return -EINVAL; 75 76 block = ur_block; 77 error = bmap(inode, &block); 78 79 if (block > INT_MAX) { 80 error = -ERANGE; 81 pr_warn_ratelimited("[%s/%d] FS: %s File: %pD4 would truncate fibmap result\n", 82 current->comm, task_pid_nr(current), 83 sb->s_id, filp); 84 } 85 86 if (error) 87 ur_block = 0; 88 else 89 ur_block = block; 90 91 if (put_user(ur_block, p)) 92 error = -EFAULT; 93 94 return error; 95 } 96 97 /** 98 * fiemap_fill_next_extent - Fiemap helper function 99 * @fieinfo: Fiemap context passed into ->fiemap 100 * @logical: Extent logical start offset, in bytes 101 * @phys: Extent physical start offset, in bytes 102 * @len: Extent length, in bytes 103 * @flags: FIEMAP_EXTENT flags that describe this extent 104 * 105 * Called from file system ->fiemap callback. Will populate extent 106 * info as passed in via arguments and copy to user memory. On 107 * success, extent count on fieinfo is incremented. 108 * 109 * Returns 0 on success, -errno on error, 1 if this was the last 110 * extent that will fit in user array. 111 */ 112 #define SET_UNKNOWN_FLAGS (FIEMAP_EXTENT_DELALLOC) 113 #define SET_NO_UNMOUNTED_IO_FLAGS (FIEMAP_EXTENT_DATA_ENCRYPTED) 114 #define SET_NOT_ALIGNED_FLAGS (FIEMAP_EXTENT_DATA_TAIL|FIEMAP_EXTENT_DATA_INLINE) 115 int fiemap_fill_next_extent(struct fiemap_extent_info *fieinfo, u64 logical, 116 u64 phys, u64 len, u32 flags) 117 { 118 struct fiemap_extent extent; 119 struct fiemap_extent __user *dest = fieinfo->fi_extents_start; 120 121 /* only count the extents */ 122 if (fieinfo->fi_extents_max == 0) { 123 fieinfo->fi_extents_mapped++; 124 return (flags & FIEMAP_EXTENT_LAST) ? 1 : 0; 125 } 126 127 if (fieinfo->fi_extents_mapped >= fieinfo->fi_extents_max) 128 return 1; 129 130 if (flags & SET_UNKNOWN_FLAGS) 131 flags |= FIEMAP_EXTENT_UNKNOWN; 132 if (flags & SET_NO_UNMOUNTED_IO_FLAGS) 133 flags |= FIEMAP_EXTENT_ENCODED; 134 if (flags & SET_NOT_ALIGNED_FLAGS) 135 flags |= FIEMAP_EXTENT_NOT_ALIGNED; 136 137 memset(&extent, 0, sizeof(extent)); 138 extent.fe_logical = logical; 139 extent.fe_physical = phys; 140 extent.fe_length = len; 141 extent.fe_flags = flags; 142 143 dest += fieinfo->fi_extents_mapped; 144 if (copy_to_user(dest, &extent, sizeof(extent))) 145 return -EFAULT; 146 147 fieinfo->fi_extents_mapped++; 148 if (fieinfo->fi_extents_mapped == fieinfo->fi_extents_max) 149 return 1; 150 return (flags & FIEMAP_EXTENT_LAST) ? 1 : 0; 151 } 152 EXPORT_SYMBOL(fiemap_fill_next_extent); 153 154 /** 155 * fiemap_prep - check validity of requested flags for fiemap 156 * @inode: Inode to operate on 157 * @fieinfo: Fiemap context passed into ->fiemap 158 * @start: Start of the mapped range 159 * @len: Length of the mapped range, can be truncated by this function. 160 * @supported_flags: Set of fiemap flags that the file system understands 161 * 162 * This function must be called from each ->fiemap instance to validate the 163 * fiemap request against the file system parameters. 164 * 165 * Returns 0 on success, or a negative error on failure. 166 */ 167 int fiemap_prep(struct inode *inode, struct fiemap_extent_info *fieinfo, 168 u64 start, u64 *len, u32 supported_flags) 169 { 170 u64 maxbytes = inode->i_sb->s_maxbytes; 171 u32 incompat_flags; 172 int ret = 0; 173 174 if (*len == 0) 175 return -EINVAL; 176 if (start > maxbytes) 177 return -EFBIG; 178 179 /* 180 * Shrink request scope to what the fs can actually handle. 181 */ 182 if (*len > maxbytes || (maxbytes - *len) < start) 183 *len = maxbytes - start; 184 185 supported_flags |= FIEMAP_FLAG_SYNC; 186 supported_flags &= FIEMAP_FLAGS_COMPAT; 187 incompat_flags = fieinfo->fi_flags & ~supported_flags; 188 if (incompat_flags) { 189 fieinfo->fi_flags = incompat_flags; 190 return -EBADR; 191 } 192 193 if (fieinfo->fi_flags & FIEMAP_FLAG_SYNC) 194 ret = filemap_write_and_wait(inode->i_mapping); 195 return ret; 196 } 197 EXPORT_SYMBOL(fiemap_prep); 198 199 static int ioctl_fiemap(struct file *filp, struct fiemap __user *ufiemap) 200 { 201 struct fiemap fiemap; 202 struct fiemap_extent_info fieinfo = { 0, }; 203 struct inode *inode = file_inode(filp); 204 int error; 205 206 if (!inode->i_op->fiemap) 207 return -EOPNOTSUPP; 208 209 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap))) 210 return -EFAULT; 211 212 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS) 213 return -EINVAL; 214 215 fieinfo.fi_flags = fiemap.fm_flags; 216 fieinfo.fi_extents_max = fiemap.fm_extent_count; 217 fieinfo.fi_extents_start = ufiemap->fm_extents; 218 219 error = inode->i_op->fiemap(inode, &fieinfo, fiemap.fm_start, 220 fiemap.fm_length); 221 222 fiemap.fm_flags = fieinfo.fi_flags; 223 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped; 224 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap))) 225 error = -EFAULT; 226 227 return error; 228 } 229 230 static long ioctl_file_clone(struct file *dst_file, unsigned long srcfd, 231 u64 off, u64 olen, u64 destoff) 232 { 233 struct fd src_file = fdget(srcfd); 234 loff_t cloned; 235 int ret; 236 237 if (!src_file.file) 238 return -EBADF; 239 ret = -EXDEV; 240 if (src_file.file->f_path.mnt != dst_file->f_path.mnt) 241 goto fdput; 242 cloned = vfs_clone_file_range(src_file.file, off, dst_file, destoff, 243 olen, 0); 244 if (cloned < 0) 245 ret = cloned; 246 else if (olen && cloned != olen) 247 ret = -EINVAL; 248 else 249 ret = 0; 250 fdput: 251 fdput(src_file); 252 return ret; 253 } 254 255 static long ioctl_file_clone_range(struct file *file, 256 struct file_clone_range __user *argp) 257 { 258 struct file_clone_range args; 259 260 if (copy_from_user(&args, argp, sizeof(args))) 261 return -EFAULT; 262 return ioctl_file_clone(file, args.src_fd, args.src_offset, 263 args.src_length, args.dest_offset); 264 } 265 266 /* 267 * This provides compatibility with legacy XFS pre-allocation ioctls 268 * which predate the fallocate syscall. 269 * 270 * Only the l_start, l_len and l_whence fields of the 'struct space_resv' 271 * are used here, rest are ignored. 272 */ 273 static int ioctl_preallocate(struct file *filp, int mode, void __user *argp) 274 { 275 struct inode *inode = file_inode(filp); 276 struct space_resv sr; 277 278 if (copy_from_user(&sr, argp, sizeof(sr))) 279 return -EFAULT; 280 281 switch (sr.l_whence) { 282 case SEEK_SET: 283 break; 284 case SEEK_CUR: 285 sr.l_start += filp->f_pos; 286 break; 287 case SEEK_END: 288 sr.l_start += i_size_read(inode); 289 break; 290 default: 291 return -EINVAL; 292 } 293 294 return vfs_fallocate(filp, mode | FALLOC_FL_KEEP_SIZE, sr.l_start, 295 sr.l_len); 296 } 297 298 /* on ia32 l_start is on a 32-bit boundary */ 299 #if defined CONFIG_COMPAT && defined(CONFIG_X86_64) 300 /* just account for different alignment */ 301 static int compat_ioctl_preallocate(struct file *file, int mode, 302 struct space_resv_32 __user *argp) 303 { 304 struct inode *inode = file_inode(file); 305 struct space_resv_32 sr; 306 307 if (copy_from_user(&sr, argp, sizeof(sr))) 308 return -EFAULT; 309 310 switch (sr.l_whence) { 311 case SEEK_SET: 312 break; 313 case SEEK_CUR: 314 sr.l_start += file->f_pos; 315 break; 316 case SEEK_END: 317 sr.l_start += i_size_read(inode); 318 break; 319 default: 320 return -EINVAL; 321 } 322 323 return vfs_fallocate(file, mode | FALLOC_FL_KEEP_SIZE, sr.l_start, sr.l_len); 324 } 325 #endif 326 327 static int file_ioctl(struct file *filp, unsigned int cmd, int __user *p) 328 { 329 switch (cmd) { 330 case FIBMAP: 331 return ioctl_fibmap(filp, p); 332 case FS_IOC_RESVSP: 333 case FS_IOC_RESVSP64: 334 return ioctl_preallocate(filp, 0, p); 335 case FS_IOC_UNRESVSP: 336 case FS_IOC_UNRESVSP64: 337 return ioctl_preallocate(filp, FALLOC_FL_PUNCH_HOLE, p); 338 case FS_IOC_ZERO_RANGE: 339 return ioctl_preallocate(filp, FALLOC_FL_ZERO_RANGE, p); 340 } 341 342 return -ENOIOCTLCMD; 343 } 344 345 static int ioctl_fionbio(struct file *filp, int __user *argp) 346 { 347 unsigned int flag; 348 int on, error; 349 350 error = get_user(on, argp); 351 if (error) 352 return error; 353 flag = O_NONBLOCK; 354 #ifdef __sparc__ 355 /* SunOS compatibility item. */ 356 if (O_NONBLOCK != O_NDELAY) 357 flag |= O_NDELAY; 358 #endif 359 spin_lock(&filp->f_lock); 360 if (on) 361 filp->f_flags |= flag; 362 else 363 filp->f_flags &= ~flag; 364 spin_unlock(&filp->f_lock); 365 return error; 366 } 367 368 static int ioctl_fioasync(unsigned int fd, struct file *filp, 369 int __user *argp) 370 { 371 unsigned int flag; 372 int on, error; 373 374 error = get_user(on, argp); 375 if (error) 376 return error; 377 flag = on ? FASYNC : 0; 378 379 /* Did FASYNC state change ? */ 380 if ((flag ^ filp->f_flags) & FASYNC) { 381 if (filp->f_op->fasync) 382 /* fasync() adjusts filp->f_flags */ 383 error = filp->f_op->fasync(fd, filp, on); 384 else 385 error = -ENOTTY; 386 } 387 return error < 0 ? error : 0; 388 } 389 390 static int ioctl_fsfreeze(struct file *filp) 391 { 392 struct super_block *sb = file_inode(filp)->i_sb; 393 394 if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) 395 return -EPERM; 396 397 /* If filesystem doesn't support freeze feature, return. */ 398 if (sb->s_op->freeze_fs == NULL && sb->s_op->freeze_super == NULL) 399 return -EOPNOTSUPP; 400 401 /* Freeze */ 402 if (sb->s_op->freeze_super) 403 return sb->s_op->freeze_super(sb); 404 return freeze_super(sb); 405 } 406 407 static int ioctl_fsthaw(struct file *filp) 408 { 409 struct super_block *sb = file_inode(filp)->i_sb; 410 411 if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) 412 return -EPERM; 413 414 /* Thaw */ 415 if (sb->s_op->thaw_super) 416 return sb->s_op->thaw_super(sb); 417 return thaw_super(sb); 418 } 419 420 static int ioctl_file_dedupe_range(struct file *file, 421 struct file_dedupe_range __user *argp) 422 { 423 struct file_dedupe_range *same = NULL; 424 int ret; 425 unsigned long size; 426 u16 count; 427 428 if (get_user(count, &argp->dest_count)) { 429 ret = -EFAULT; 430 goto out; 431 } 432 433 size = offsetof(struct file_dedupe_range __user, info[count]); 434 if (size > PAGE_SIZE) { 435 ret = -ENOMEM; 436 goto out; 437 } 438 439 same = memdup_user(argp, size); 440 if (IS_ERR(same)) { 441 ret = PTR_ERR(same); 442 same = NULL; 443 goto out; 444 } 445 446 same->dest_count = count; 447 ret = vfs_dedupe_file_range(file, same); 448 if (ret) 449 goto out; 450 451 ret = copy_to_user(argp, same, size); 452 if (ret) 453 ret = -EFAULT; 454 455 out: 456 kfree(same); 457 return ret; 458 } 459 460 /** 461 * fileattr_fill_xflags - initialize fileattr with xflags 462 * @fa: fileattr pointer 463 * @xflags: FS_XFLAG_* flags 464 * 465 * Set ->fsx_xflags, ->fsx_valid and ->flags (translated xflags). All 466 * other fields are zeroed. 467 */ 468 void fileattr_fill_xflags(struct fileattr *fa, u32 xflags) 469 { 470 memset(fa, 0, sizeof(*fa)); 471 fa->fsx_valid = true; 472 fa->fsx_xflags = xflags; 473 if (fa->fsx_xflags & FS_XFLAG_IMMUTABLE) 474 fa->flags |= FS_IMMUTABLE_FL; 475 if (fa->fsx_xflags & FS_XFLAG_APPEND) 476 fa->flags |= FS_APPEND_FL; 477 if (fa->fsx_xflags & FS_XFLAG_SYNC) 478 fa->flags |= FS_SYNC_FL; 479 if (fa->fsx_xflags & FS_XFLAG_NOATIME) 480 fa->flags |= FS_NOATIME_FL; 481 if (fa->fsx_xflags & FS_XFLAG_NODUMP) 482 fa->flags |= FS_NODUMP_FL; 483 if (fa->fsx_xflags & FS_XFLAG_DAX) 484 fa->flags |= FS_DAX_FL; 485 if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT) 486 fa->flags |= FS_PROJINHERIT_FL; 487 } 488 EXPORT_SYMBOL(fileattr_fill_xflags); 489 490 /** 491 * fileattr_fill_flags - initialize fileattr with flags 492 * @fa: fileattr pointer 493 * @flags: FS_*_FL flags 494 * 495 * Set ->flags, ->flags_valid and ->fsx_xflags (translated flags). 496 * All other fields are zeroed. 497 */ 498 void fileattr_fill_flags(struct fileattr *fa, u32 flags) 499 { 500 memset(fa, 0, sizeof(*fa)); 501 fa->flags_valid = true; 502 fa->flags = flags; 503 if (fa->flags & FS_SYNC_FL) 504 fa->fsx_xflags |= FS_XFLAG_SYNC; 505 if (fa->flags & FS_IMMUTABLE_FL) 506 fa->fsx_xflags |= FS_XFLAG_IMMUTABLE; 507 if (fa->flags & FS_APPEND_FL) 508 fa->fsx_xflags |= FS_XFLAG_APPEND; 509 if (fa->flags & FS_NODUMP_FL) 510 fa->fsx_xflags |= FS_XFLAG_NODUMP; 511 if (fa->flags & FS_NOATIME_FL) 512 fa->fsx_xflags |= FS_XFLAG_NOATIME; 513 if (fa->flags & FS_DAX_FL) 514 fa->fsx_xflags |= FS_XFLAG_DAX; 515 if (fa->flags & FS_PROJINHERIT_FL) 516 fa->fsx_xflags |= FS_XFLAG_PROJINHERIT; 517 } 518 EXPORT_SYMBOL(fileattr_fill_flags); 519 520 /** 521 * vfs_fileattr_get - retrieve miscellaneous file attributes 522 * @dentry: the object to retrieve from 523 * @fa: fileattr pointer 524 * 525 * Call i_op->fileattr_get() callback, if exists. 526 * 527 * Return: 0 on success, or a negative error on failure. 528 */ 529 int vfs_fileattr_get(struct dentry *dentry, struct fileattr *fa) 530 { 531 struct inode *inode = d_inode(dentry); 532 533 if (!inode->i_op->fileattr_get) 534 return -ENOIOCTLCMD; 535 536 return inode->i_op->fileattr_get(dentry, fa); 537 } 538 EXPORT_SYMBOL(vfs_fileattr_get); 539 540 /** 541 * copy_fsxattr_to_user - copy fsxattr to userspace. 542 * @fa: fileattr pointer 543 * @ufa: fsxattr user pointer 544 * 545 * Return: 0 on success, or -EFAULT on failure. 546 */ 547 int copy_fsxattr_to_user(const struct fileattr *fa, struct fsxattr __user *ufa) 548 { 549 struct fsxattr xfa; 550 551 memset(&xfa, 0, sizeof(xfa)); 552 xfa.fsx_xflags = fa->fsx_xflags; 553 xfa.fsx_extsize = fa->fsx_extsize; 554 xfa.fsx_nextents = fa->fsx_nextents; 555 xfa.fsx_projid = fa->fsx_projid; 556 xfa.fsx_cowextsize = fa->fsx_cowextsize; 557 558 if (copy_to_user(ufa, &xfa, sizeof(xfa))) 559 return -EFAULT; 560 561 return 0; 562 } 563 EXPORT_SYMBOL(copy_fsxattr_to_user); 564 565 static int copy_fsxattr_from_user(struct fileattr *fa, 566 struct fsxattr __user *ufa) 567 { 568 struct fsxattr xfa; 569 570 if (copy_from_user(&xfa, ufa, sizeof(xfa))) 571 return -EFAULT; 572 573 fileattr_fill_xflags(fa, xfa.fsx_xflags); 574 fa->fsx_extsize = xfa.fsx_extsize; 575 fa->fsx_nextents = xfa.fsx_nextents; 576 fa->fsx_projid = xfa.fsx_projid; 577 fa->fsx_cowextsize = xfa.fsx_cowextsize; 578 579 return 0; 580 } 581 582 /* 583 * Generic function to check FS_IOC_FSSETXATTR/FS_IOC_SETFLAGS values and reject 584 * any invalid configurations. 585 * 586 * Note: must be called with inode lock held. 587 */ 588 static int fileattr_set_prepare(struct inode *inode, 589 const struct fileattr *old_ma, 590 struct fileattr *fa) 591 { 592 int err; 593 594 /* 595 * The IMMUTABLE and APPEND_ONLY flags can only be changed by 596 * the relevant capability. 597 */ 598 if ((fa->flags ^ old_ma->flags) & (FS_APPEND_FL | FS_IMMUTABLE_FL) && 599 !capable(CAP_LINUX_IMMUTABLE)) 600 return -EPERM; 601 602 err = fscrypt_prepare_setflags(inode, old_ma->flags, fa->flags); 603 if (err) 604 return err; 605 606 /* 607 * Project Quota ID state is only allowed to change from within the init 608 * namespace. Enforce that restriction only if we are trying to change 609 * the quota ID state. Everything else is allowed in user namespaces. 610 */ 611 if (current_user_ns() != &init_user_ns) { 612 if (old_ma->fsx_projid != fa->fsx_projid) 613 return -EINVAL; 614 if ((old_ma->fsx_xflags ^ fa->fsx_xflags) & 615 FS_XFLAG_PROJINHERIT) 616 return -EINVAL; 617 } else { 618 /* 619 * Caller is allowed to change the project ID. If it is being 620 * changed, make sure that the new value is valid. 621 */ 622 if (old_ma->fsx_projid != fa->fsx_projid && 623 !projid_valid(make_kprojid(&init_user_ns, fa->fsx_projid))) 624 return -EINVAL; 625 } 626 627 /* Check extent size hints. */ 628 if ((fa->fsx_xflags & FS_XFLAG_EXTSIZE) && !S_ISREG(inode->i_mode)) 629 return -EINVAL; 630 631 if ((fa->fsx_xflags & FS_XFLAG_EXTSZINHERIT) && 632 !S_ISDIR(inode->i_mode)) 633 return -EINVAL; 634 635 if ((fa->fsx_xflags & FS_XFLAG_COWEXTSIZE) && 636 !S_ISREG(inode->i_mode) && !S_ISDIR(inode->i_mode)) 637 return -EINVAL; 638 639 /* 640 * It is only valid to set the DAX flag on regular files and 641 * directories on filesystems. 642 */ 643 if ((fa->fsx_xflags & FS_XFLAG_DAX) && 644 !(S_ISREG(inode->i_mode) || S_ISDIR(inode->i_mode))) 645 return -EINVAL; 646 647 /* Extent size hints of zero turn off the flags. */ 648 if (fa->fsx_extsize == 0) 649 fa->fsx_xflags &= ~(FS_XFLAG_EXTSIZE | FS_XFLAG_EXTSZINHERIT); 650 if (fa->fsx_cowextsize == 0) 651 fa->fsx_xflags &= ~FS_XFLAG_COWEXTSIZE; 652 653 return 0; 654 } 655 656 /** 657 * vfs_fileattr_set - change miscellaneous file attributes 658 * @mnt_userns: user namespace of the mount 659 * @dentry: the object to change 660 * @fa: fileattr pointer 661 * 662 * After verifying permissions, call i_op->fileattr_set() callback, if 663 * exists. 664 * 665 * Verifying attributes involves retrieving current attributes with 666 * i_op->fileattr_get(), this also allows initializing attributes that have 667 * not been set by the caller to current values. Inode lock is held 668 * thoughout to prevent racing with another instance. 669 * 670 * Return: 0 on success, or a negative error on failure. 671 */ 672 int vfs_fileattr_set(struct user_namespace *mnt_userns, struct dentry *dentry, 673 struct fileattr *fa) 674 { 675 struct inode *inode = d_inode(dentry); 676 struct fileattr old_ma = {}; 677 int err; 678 679 if (!inode->i_op->fileattr_set) 680 return -ENOIOCTLCMD; 681 682 if (!inode_owner_or_capable(mnt_userns, inode)) 683 return -EPERM; 684 685 inode_lock(inode); 686 err = vfs_fileattr_get(dentry, &old_ma); 687 if (!err) { 688 /* initialize missing bits from old_ma */ 689 if (fa->flags_valid) { 690 fa->fsx_xflags |= old_ma.fsx_xflags & ~FS_XFLAG_COMMON; 691 fa->fsx_extsize = old_ma.fsx_extsize; 692 fa->fsx_nextents = old_ma.fsx_nextents; 693 fa->fsx_projid = old_ma.fsx_projid; 694 fa->fsx_cowextsize = old_ma.fsx_cowextsize; 695 } else { 696 fa->flags |= old_ma.flags & ~FS_COMMON_FL; 697 } 698 err = fileattr_set_prepare(inode, &old_ma, fa); 699 if (!err) 700 err = inode->i_op->fileattr_set(mnt_userns, dentry, fa); 701 } 702 inode_unlock(inode); 703 704 return err; 705 } 706 EXPORT_SYMBOL(vfs_fileattr_set); 707 708 static int ioctl_getflags(struct file *file, unsigned int __user *argp) 709 { 710 struct fileattr fa = { .flags_valid = true }; /* hint only */ 711 int err; 712 713 err = vfs_fileattr_get(file->f_path.dentry, &fa); 714 if (!err) 715 err = put_user(fa.flags, argp); 716 return err; 717 } 718 719 static int ioctl_setflags(struct file *file, unsigned int __user *argp) 720 { 721 struct user_namespace *mnt_userns = file_mnt_user_ns(file); 722 struct dentry *dentry = file->f_path.dentry; 723 struct fileattr fa; 724 unsigned int flags; 725 int err; 726 727 err = get_user(flags, argp); 728 if (!err) { 729 err = mnt_want_write_file(file); 730 if (!err) { 731 fileattr_fill_flags(&fa, flags); 732 err = vfs_fileattr_set(mnt_userns, dentry, &fa); 733 mnt_drop_write_file(file); 734 } 735 } 736 return err; 737 } 738 739 static int ioctl_fsgetxattr(struct file *file, void __user *argp) 740 { 741 struct fileattr fa = { .fsx_valid = true }; /* hint only */ 742 int err; 743 744 err = vfs_fileattr_get(file->f_path.dentry, &fa); 745 if (!err) 746 err = copy_fsxattr_to_user(&fa, argp); 747 748 return err; 749 } 750 751 static int ioctl_fssetxattr(struct file *file, void __user *argp) 752 { 753 struct user_namespace *mnt_userns = file_mnt_user_ns(file); 754 struct dentry *dentry = file->f_path.dentry; 755 struct fileattr fa; 756 int err; 757 758 err = copy_fsxattr_from_user(&fa, argp); 759 if (!err) { 760 err = mnt_want_write_file(file); 761 if (!err) { 762 err = vfs_fileattr_set(mnt_userns, dentry, &fa); 763 mnt_drop_write_file(file); 764 } 765 } 766 return err; 767 } 768 769 /* 770 * do_vfs_ioctl() is not for drivers and not intended to be EXPORT_SYMBOL()'d. 771 * It's just a simple helper for sys_ioctl and compat_sys_ioctl. 772 * 773 * When you add any new common ioctls to the switches above and below, 774 * please ensure they have compatible arguments in compat mode. 775 */ 776 static int do_vfs_ioctl(struct file *filp, unsigned int fd, 777 unsigned int cmd, unsigned long arg) 778 { 779 void __user *argp = (void __user *)arg; 780 struct inode *inode = file_inode(filp); 781 782 switch (cmd) { 783 case FIOCLEX: 784 set_close_on_exec(fd, 1); 785 return 0; 786 787 case FIONCLEX: 788 set_close_on_exec(fd, 0); 789 return 0; 790 791 case FIONBIO: 792 return ioctl_fionbio(filp, argp); 793 794 case FIOASYNC: 795 return ioctl_fioasync(fd, filp, argp); 796 797 case FIOQSIZE: 798 if (S_ISDIR(inode->i_mode) || S_ISREG(inode->i_mode) || 799 S_ISLNK(inode->i_mode)) { 800 loff_t res = inode_get_bytes(inode); 801 return copy_to_user(argp, &res, sizeof(res)) ? 802 -EFAULT : 0; 803 } 804 805 return -ENOTTY; 806 807 case FIFREEZE: 808 return ioctl_fsfreeze(filp); 809 810 case FITHAW: 811 return ioctl_fsthaw(filp); 812 813 case FS_IOC_FIEMAP: 814 return ioctl_fiemap(filp, argp); 815 816 case FIGETBSZ: 817 /* anon_bdev filesystems may not have a block size */ 818 if (!inode->i_sb->s_blocksize) 819 return -EINVAL; 820 821 return put_user(inode->i_sb->s_blocksize, (int __user *)argp); 822 823 case FICLONE: 824 return ioctl_file_clone(filp, arg, 0, 0, 0); 825 826 case FICLONERANGE: 827 return ioctl_file_clone_range(filp, argp); 828 829 case FIDEDUPERANGE: 830 return ioctl_file_dedupe_range(filp, argp); 831 832 case FIONREAD: 833 if (!S_ISREG(inode->i_mode)) 834 return vfs_ioctl(filp, cmd, arg); 835 836 return put_user(i_size_read(inode) - filp->f_pos, 837 (int __user *)argp); 838 839 case FS_IOC_GETFLAGS: 840 return ioctl_getflags(filp, argp); 841 842 case FS_IOC_SETFLAGS: 843 return ioctl_setflags(filp, argp); 844 845 case FS_IOC_FSGETXATTR: 846 return ioctl_fsgetxattr(filp, argp); 847 848 case FS_IOC_FSSETXATTR: 849 return ioctl_fssetxattr(filp, argp); 850 851 default: 852 if (S_ISREG(inode->i_mode)) 853 return file_ioctl(filp, cmd, argp); 854 break; 855 } 856 857 return -ENOIOCTLCMD; 858 } 859 860 SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd, unsigned long, arg) 861 { 862 struct fd f = fdget(fd); 863 int error; 864 865 if (!f.file) 866 return -EBADF; 867 868 error = security_file_ioctl(f.file, cmd, arg); 869 if (error) 870 goto out; 871 872 error = do_vfs_ioctl(f.file, fd, cmd, arg); 873 if (error == -ENOIOCTLCMD) 874 error = vfs_ioctl(f.file, cmd, arg); 875 876 out: 877 fdput(f); 878 return error; 879 } 880 881 #ifdef CONFIG_COMPAT 882 /** 883 * compat_ptr_ioctl - generic implementation of .compat_ioctl file operation 884 * 885 * This is not normally called as a function, but instead set in struct 886 * file_operations as 887 * 888 * .compat_ioctl = compat_ptr_ioctl, 889 * 890 * On most architectures, the compat_ptr_ioctl() just passes all arguments 891 * to the corresponding ->ioctl handler. The exception is arch/s390, where 892 * compat_ptr() clears the top bit of a 32-bit pointer value, so user space 893 * pointers to the second 2GB alias the first 2GB, as is the case for 894 * native 32-bit s390 user space. 895 * 896 * The compat_ptr_ioctl() function must therefore be used only with ioctl 897 * functions that either ignore the argument or pass a pointer to a 898 * compatible data type. 899 * 900 * If any ioctl command handled by fops->unlocked_ioctl passes a plain 901 * integer instead of a pointer, or any of the passed data types 902 * is incompatible between 32-bit and 64-bit architectures, a proper 903 * handler is required instead of compat_ptr_ioctl. 904 */ 905 long compat_ptr_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 906 { 907 if (!file->f_op->unlocked_ioctl) 908 return -ENOIOCTLCMD; 909 910 return file->f_op->unlocked_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 911 } 912 EXPORT_SYMBOL(compat_ptr_ioctl); 913 914 COMPAT_SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd, 915 compat_ulong_t, arg) 916 { 917 struct fd f = fdget(fd); 918 int error; 919 920 if (!f.file) 921 return -EBADF; 922 923 /* RED-PEN how should LSM module know it's handling 32bit? */ 924 error = security_file_ioctl(f.file, cmd, arg); 925 if (error) 926 goto out; 927 928 switch (cmd) { 929 /* FICLONE takes an int argument, so don't use compat_ptr() */ 930 case FICLONE: 931 error = ioctl_file_clone(f.file, arg, 0, 0, 0); 932 break; 933 934 #if defined(CONFIG_X86_64) 935 /* these get messy on amd64 due to alignment differences */ 936 case FS_IOC_RESVSP_32: 937 case FS_IOC_RESVSP64_32: 938 error = compat_ioctl_preallocate(f.file, 0, compat_ptr(arg)); 939 break; 940 case FS_IOC_UNRESVSP_32: 941 case FS_IOC_UNRESVSP64_32: 942 error = compat_ioctl_preallocate(f.file, FALLOC_FL_PUNCH_HOLE, 943 compat_ptr(arg)); 944 break; 945 case FS_IOC_ZERO_RANGE_32: 946 error = compat_ioctl_preallocate(f.file, FALLOC_FL_ZERO_RANGE, 947 compat_ptr(arg)); 948 break; 949 #endif 950 951 /* 952 * These access 32-bit values anyway so no further handling is 953 * necessary. 954 */ 955 case FS_IOC32_GETFLAGS: 956 case FS_IOC32_SETFLAGS: 957 cmd = (cmd == FS_IOC32_GETFLAGS) ? 958 FS_IOC_GETFLAGS : FS_IOC_SETFLAGS; 959 fallthrough; 960 /* 961 * everything else in do_vfs_ioctl() takes either a compatible 962 * pointer argument or no argument -- call it with a modified 963 * argument. 964 */ 965 default: 966 error = do_vfs_ioctl(f.file, fd, cmd, 967 (unsigned long)compat_ptr(arg)); 968 if (error != -ENOIOCTLCMD) 969 break; 970 971 if (f.file->f_op->compat_ioctl) 972 error = f.file->f_op->compat_ioctl(f.file, cmd, arg); 973 if (error == -ENOIOCTLCMD) 974 error = -ENOTTY; 975 break; 976 } 977 978 out: 979 fdput(f); 980 981 return error; 982 } 983 #endif 984