mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-24 03:24:55 +08:00
e47776a0a4
Forbid user from changing file flags on quota files. User has no bussiness in playing with these flags when quota is on. Furthermore there is a remote possibility of deadlock due to a lock inversion between quota file's i_mutex and transaction's start (i_mutex for quota file is locked only when trasaction is started in quota operations) in ext3 and ext4. Signed-off-by: Jan Kara <jack@suse.cz> Cc: LIOU Payphone <lioupayphone@gmail.com> Cc: <linux-ext4@vger.kernel.org> Acked-by: Dave Kleikamp <shaggy@austin.ibm.com> Cc: <reiserfs-dev@namesys.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
170 lines
4.1 KiB
C
170 lines
4.1 KiB
C
/*
|
|
* linux/fs/ext2/ioctl.c
|
|
*
|
|
* Copyright (C) 1993, 1994, 1995
|
|
* Remy Card (card@masi.ibp.fr)
|
|
* Laboratoire MASI - Institut Blaise Pascal
|
|
* Universite Pierre et Marie Curie (Paris VI)
|
|
*/
|
|
|
|
#include "ext2.h"
|
|
#include <linux/capability.h>
|
|
#include <linux/time.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/compat.h>
|
|
#include <linux/smp_lock.h>
|
|
#include <asm/current.h>
|
|
#include <asm/uaccess.h>
|
|
|
|
|
|
int ext2_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
|
|
unsigned long arg)
|
|
{
|
|
struct ext2_inode_info *ei = EXT2_I(inode);
|
|
unsigned int flags;
|
|
unsigned short rsv_window_size;
|
|
|
|
ext2_debug ("cmd = %u, arg = %lu\n", cmd, arg);
|
|
|
|
switch (cmd) {
|
|
case EXT2_IOC_GETFLAGS:
|
|
ext2_get_inode_flags(ei);
|
|
flags = ei->i_flags & EXT2_FL_USER_VISIBLE;
|
|
return put_user(flags, (int __user *) arg);
|
|
case EXT2_IOC_SETFLAGS: {
|
|
unsigned int oldflags;
|
|
|
|
if (IS_RDONLY(inode))
|
|
return -EROFS;
|
|
|
|
if (!is_owner_or_cap(inode))
|
|
return -EACCES;
|
|
|
|
if (get_user(flags, (int __user *) arg))
|
|
return -EFAULT;
|
|
|
|
if (!S_ISDIR(inode->i_mode))
|
|
flags &= ~EXT2_DIRSYNC_FL;
|
|
|
|
mutex_lock(&inode->i_mutex);
|
|
/* Is it quota file? Do not allow user to mess with it */
|
|
if (IS_NOQUOTA(inode)) {
|
|
mutex_unlock(&inode->i_mutex);
|
|
return -EPERM;
|
|
}
|
|
oldflags = ei->i_flags;
|
|
|
|
/*
|
|
* The IMMUTABLE and APPEND_ONLY flags can only be changed by
|
|
* the relevant capability.
|
|
*
|
|
* This test looks nicer. Thanks to Pauline Middelink
|
|
*/
|
|
if ((flags ^ oldflags) & (EXT2_APPEND_FL | EXT2_IMMUTABLE_FL)) {
|
|
if (!capable(CAP_LINUX_IMMUTABLE)) {
|
|
mutex_unlock(&inode->i_mutex);
|
|
return -EPERM;
|
|
}
|
|
}
|
|
|
|
flags = flags & EXT2_FL_USER_MODIFIABLE;
|
|
flags |= oldflags & ~EXT2_FL_USER_MODIFIABLE;
|
|
ei->i_flags = flags;
|
|
mutex_unlock(&inode->i_mutex);
|
|
|
|
ext2_set_inode_flags(inode);
|
|
inode->i_ctime = CURRENT_TIME_SEC;
|
|
mark_inode_dirty(inode);
|
|
return 0;
|
|
}
|
|
case EXT2_IOC_GETVERSION:
|
|
return put_user(inode->i_generation, (int __user *) arg);
|
|
case EXT2_IOC_SETVERSION:
|
|
if (!is_owner_or_cap(inode))
|
|
return -EPERM;
|
|
if (IS_RDONLY(inode))
|
|
return -EROFS;
|
|
if (get_user(inode->i_generation, (int __user *) arg))
|
|
return -EFAULT;
|
|
inode->i_ctime = CURRENT_TIME_SEC;
|
|
mark_inode_dirty(inode);
|
|
return 0;
|
|
case EXT2_IOC_GETRSVSZ:
|
|
if (test_opt(inode->i_sb, RESERVATION)
|
|
&& S_ISREG(inode->i_mode)
|
|
&& ei->i_block_alloc_info) {
|
|
rsv_window_size = ei->i_block_alloc_info->rsv_window_node.rsv_goal_size;
|
|
return put_user(rsv_window_size, (int __user *)arg);
|
|
}
|
|
return -ENOTTY;
|
|
case EXT2_IOC_SETRSVSZ: {
|
|
|
|
if (!test_opt(inode->i_sb, RESERVATION) ||!S_ISREG(inode->i_mode))
|
|
return -ENOTTY;
|
|
|
|
if (IS_RDONLY(inode))
|
|
return -EROFS;
|
|
|
|
if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
|
|
return -EACCES;
|
|
|
|
if (get_user(rsv_window_size, (int __user *)arg))
|
|
return -EFAULT;
|
|
|
|
if (rsv_window_size > EXT2_MAX_RESERVE_BLOCKS)
|
|
rsv_window_size = EXT2_MAX_RESERVE_BLOCKS;
|
|
|
|
/*
|
|
* need to allocate reservation structure for this inode
|
|
* before set the window size
|
|
*/
|
|
/*
|
|
* XXX What lock should protect the rsv_goal_size?
|
|
* Accessed in ext2_get_block only. ext3 uses i_truncate.
|
|
*/
|
|
mutex_lock(&ei->truncate_mutex);
|
|
if (!ei->i_block_alloc_info)
|
|
ext2_init_block_alloc_info(inode);
|
|
|
|
if (ei->i_block_alloc_info){
|
|
struct ext2_reserve_window_node *rsv = &ei->i_block_alloc_info->rsv_window_node;
|
|
rsv->rsv_goal_size = rsv_window_size;
|
|
}
|
|
mutex_unlock(&ei->truncate_mutex);
|
|
return 0;
|
|
}
|
|
default:
|
|
return -ENOTTY;
|
|
}
|
|
}
|
|
|
|
#ifdef CONFIG_COMPAT
|
|
long ext2_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
|
|
{
|
|
struct inode *inode = file->f_path.dentry->d_inode;
|
|
int ret;
|
|
|
|
/* These are just misnamed, they actually get/put from/to user an int */
|
|
switch (cmd) {
|
|
case EXT2_IOC32_GETFLAGS:
|
|
cmd = EXT2_IOC_GETFLAGS;
|
|
break;
|
|
case EXT2_IOC32_SETFLAGS:
|
|
cmd = EXT2_IOC_SETFLAGS;
|
|
break;
|
|
case EXT2_IOC32_GETVERSION:
|
|
cmd = EXT2_IOC_GETVERSION;
|
|
break;
|
|
case EXT2_IOC32_SETVERSION:
|
|
cmd = EXT2_IOC_SETVERSION;
|
|
break;
|
|
default:
|
|
return -ENOIOCTLCMD;
|
|
}
|
|
lock_kernel();
|
|
ret = ext2_ioctl(inode, file, cmd, (unsigned long) compat_ptr(arg));
|
|
unlock_kernel();
|
|
return ret;
|
|
}
|
|
#endif
|