[PATCH] r/o bind mounts: elevate write count for ioctls()
Some ioctl()s can cause writes to the filesystem. Take these, and make them use mnt_want/drop_write() instead. [AV: updated] Acked-by: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Dave Hansen <haveblue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
20ddee2c75
commit
42a74f206b
@ -12,6 +12,7 @@
|
||||
#include <linux/time.h>
|
||||
#include <linux/sched.h>
|
||||
#include <linux/compat.h>
|
||||
#include <linux/mount.h>
|
||||
#include <linux/smp_lock.h>
|
||||
#include <asm/current.h>
|
||||
#include <asm/uaccess.h>
|
||||
@ -23,6 +24,7 @@ long ext2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
struct ext2_inode_info *ei = EXT2_I(inode);
|
||||
unsigned int flags;
|
||||
unsigned short rsv_window_size;
|
||||
int ret;
|
||||
|
||||
ext2_debug ("cmd = %u, arg = %lu\n", cmd, arg);
|
||||
|
||||
@ -34,14 +36,19 @@ long ext2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
case EXT2_IOC_SETFLAGS: {
|
||||
unsigned int oldflags;
|
||||
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
ret = mnt_want_write(filp->f_path.mnt);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
return -EACCES;
|
||||
if (!is_owner_or_cap(inode)) {
|
||||
ret = -EACCES;
|
||||
goto setflags_out;
|
||||
}
|
||||
|
||||
if (get_user(flags, (int __user *) arg))
|
||||
return -EFAULT;
|
||||
if (get_user(flags, (int __user *) arg)) {
|
||||
ret = -EFAULT;
|
||||
goto setflags_out;
|
||||
}
|
||||
|
||||
if (!S_ISDIR(inode->i_mode))
|
||||
flags &= ~EXT2_DIRSYNC_FL;
|
||||
@ -50,7 +57,8 @@ long ext2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
/* Is it quota file? Do not allow user to mess with it */
|
||||
if (IS_NOQUOTA(inode)) {
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return -EPERM;
|
||||
ret = -EPERM;
|
||||
goto setflags_out;
|
||||
}
|
||||
oldflags = ei->i_flags;
|
||||
|
||||
@ -63,7 +71,8 @@ long ext2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
if ((flags ^ oldflags) & (EXT2_APPEND_FL | EXT2_IMMUTABLE_FL)) {
|
||||
if (!capable(CAP_LINUX_IMMUTABLE)) {
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return -EPERM;
|
||||
ret = -EPERM;
|
||||
goto setflags_out;
|
||||
}
|
||||
}
|
||||
|
||||
@ -75,20 +84,26 @@ long ext2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
ext2_set_inode_flags(inode);
|
||||
inode->i_ctime = CURRENT_TIME_SEC;
|
||||
mark_inode_dirty(inode);
|
||||
return 0;
|
||||
setflags_out:
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return ret;
|
||||
}
|
||||
case EXT2_IOC_GETVERSION:
|
||||
return put_user(inode->i_generation, (int __user *) arg);
|
||||
case EXT2_IOC_SETVERSION:
|
||||
if (!is_owner_or_cap(inode))
|
||||
return -EPERM;
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
if (get_user(inode->i_generation, (int __user *) arg))
|
||||
return -EFAULT;
|
||||
inode->i_ctime = CURRENT_TIME_SEC;
|
||||
mark_inode_dirty(inode);
|
||||
return 0;
|
||||
ret = mnt_want_write(filp->f_path.mnt);
|
||||
if (ret)
|
||||
return ret;
|
||||
if (get_user(inode->i_generation, (int __user *) arg)) {
|
||||
ret = -EFAULT;
|
||||
} else {
|
||||
inode->i_ctime = CURRENT_TIME_SEC;
|
||||
mark_inode_dirty(inode);
|
||||
}
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return ret;
|
||||
case EXT2_IOC_GETRSVSZ:
|
||||
if (test_opt(inode->i_sb, RESERVATION)
|
||||
&& S_ISREG(inode->i_mode)
|
||||
@ -102,15 +117,16 @@ long ext2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
if (!test_opt(inode->i_sb, RESERVATION) ||!S_ISREG(inode->i_mode))
|
||||
return -ENOTTY;
|
||||
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
|
||||
if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))
|
||||
if (!is_owner_or_cap(inode))
|
||||
return -EACCES;
|
||||
|
||||
if (get_user(rsv_window_size, (int __user *)arg))
|
||||
return -EFAULT;
|
||||
|
||||
ret = mnt_want_write(filp->f_path.mnt);
|
||||
if (ret)
|
||||
return ret;
|
||||
|
||||
if (rsv_window_size > EXT2_MAX_RESERVE_BLOCKS)
|
||||
rsv_window_size = EXT2_MAX_RESERVE_BLOCKS;
|
||||
|
||||
@ -131,6 +147,7 @@ long ext2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
rsv->rsv_goal_size = rsv_window_size;
|
||||
}
|
||||
mutex_unlock(&ei->truncate_mutex);
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return 0;
|
||||
}
|
||||
default:
|
||||
|
103
fs/ext3/ioctl.c
103
fs/ext3/ioctl.c
@ -12,6 +12,7 @@
|
||||
#include <linux/capability.h>
|
||||
#include <linux/ext3_fs.h>
|
||||
#include <linux/ext3_jbd.h>
|
||||
#include <linux/mount.h>
|
||||
#include <linux/time.h>
|
||||
#include <linux/compat.h>
|
||||
#include <linux/smp_lock.h>
|
||||
@ -38,14 +39,19 @@ int ext3_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
|
||||
unsigned int oldflags;
|
||||
unsigned int jflag;
|
||||
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
return -EACCES;
|
||||
if (!is_owner_or_cap(inode)) {
|
||||
err = -EACCES;
|
||||
goto flags_out;
|
||||
}
|
||||
|
||||
if (get_user(flags, (int __user *) arg))
|
||||
return -EFAULT;
|
||||
if (get_user(flags, (int __user *) arg)) {
|
||||
err = -EFAULT;
|
||||
goto flags_out;
|
||||
}
|
||||
|
||||
if (!S_ISDIR(inode->i_mode))
|
||||
flags &= ~EXT3_DIRSYNC_FL;
|
||||
@ -54,7 +60,8 @@ int ext3_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
|
||||
/* Is it quota file? Do not allow user to mess with it */
|
||||
if (IS_NOQUOTA(inode)) {
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return -EPERM;
|
||||
err = -EPERM;
|
||||
goto flags_out;
|
||||
}
|
||||
oldflags = ei->i_flags;
|
||||
|
||||
@ -70,7 +77,8 @@ int ext3_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
|
||||
if ((flags ^ oldflags) & (EXT3_APPEND_FL | EXT3_IMMUTABLE_FL)) {
|
||||
if (!capable(CAP_LINUX_IMMUTABLE)) {
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return -EPERM;
|
||||
err = -EPERM;
|
||||
goto flags_out;
|
||||
}
|
||||
}
|
||||
|
||||
@ -81,7 +89,8 @@ int ext3_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
|
||||
if ((jflag ^ oldflags) & (EXT3_JOURNAL_DATA_FL)) {
|
||||
if (!capable(CAP_SYS_RESOURCE)) {
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return -EPERM;
|
||||
err = -EPERM;
|
||||
goto flags_out;
|
||||
}
|
||||
}
|
||||
|
||||
@ -89,7 +98,8 @@ int ext3_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
|
||||
handle = ext3_journal_start(inode, 1);
|
||||
if (IS_ERR(handle)) {
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return PTR_ERR(handle);
|
||||
err = PTR_ERR(handle);
|
||||
goto flags_out;
|
||||
}
|
||||
if (IS_SYNC(inode))
|
||||
handle->h_sync = 1;
|
||||
@ -115,6 +125,8 @@ flags_err:
|
||||
if ((jflag ^ oldflags) & (EXT3_JOURNAL_DATA_FL))
|
||||
err = ext3_change_inode_journal_flag(inode, jflag);
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
flags_out:
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return err;
|
||||
}
|
||||
case EXT3_IOC_GETVERSION:
|
||||
@ -129,14 +141,18 @@ flags_err:
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
return -EPERM;
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
if (get_user(generation, (int __user *) arg))
|
||||
return -EFAULT;
|
||||
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
return err;
|
||||
if (get_user(generation, (int __user *) arg)) {
|
||||
err = -EFAULT;
|
||||
goto setversion_out;
|
||||
}
|
||||
handle = ext3_journal_start(inode, 1);
|
||||
if (IS_ERR(handle))
|
||||
return PTR_ERR(handle);
|
||||
if (IS_ERR(handle)) {
|
||||
err = PTR_ERR(handle);
|
||||
goto setversion_out;
|
||||
}
|
||||
err = ext3_reserve_inode_write(handle, inode, &iloc);
|
||||
if (err == 0) {
|
||||
inode->i_ctime = CURRENT_TIME_SEC;
|
||||
@ -144,6 +160,8 @@ flags_err:
|
||||
err = ext3_mark_iloc_dirty(handle, inode, &iloc);
|
||||
}
|
||||
ext3_journal_stop(handle);
|
||||
setversion_out:
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return err;
|
||||
}
|
||||
#ifdef CONFIG_JBD_DEBUG
|
||||
@ -179,18 +197,24 @@ flags_err:
|
||||
}
|
||||
return -ENOTTY;
|
||||
case EXT3_IOC_SETRSVSZ: {
|
||||
int err;
|
||||
|
||||
if (!test_opt(inode->i_sb, RESERVATION) ||!S_ISREG(inode->i_mode))
|
||||
return -ENOTTY;
|
||||
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
return -EACCES;
|
||||
if (!is_owner_or_cap(inode)) {
|
||||
err = -EACCES;
|
||||
goto setrsvsz_out;
|
||||
}
|
||||
|
||||
if (get_user(rsv_window_size, (int __user *)arg))
|
||||
return -EFAULT;
|
||||
if (get_user(rsv_window_size, (int __user *)arg)) {
|
||||
err = -EFAULT;
|
||||
goto setrsvsz_out;
|
||||
}
|
||||
|
||||
if (rsv_window_size > EXT3_MAX_RESERVE_BLOCKS)
|
||||
rsv_window_size = EXT3_MAX_RESERVE_BLOCKS;
|
||||
@ -208,7 +232,9 @@ flags_err:
|
||||
rsv->rsv_goal_size = rsv_window_size;
|
||||
}
|
||||
mutex_unlock(&ei->truncate_mutex);
|
||||
return 0;
|
||||
setrsvsz_out:
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return err;
|
||||
}
|
||||
case EXT3_IOC_GROUP_EXTEND: {
|
||||
ext3_fsblk_t n_blocks_count;
|
||||
@ -218,17 +244,20 @@ flags_err:
|
||||
if (!capable(CAP_SYS_RESOURCE))
|
||||
return -EPERM;
|
||||
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
|
||||
if (get_user(n_blocks_count, (__u32 __user *)arg))
|
||||
return -EFAULT;
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
if (get_user(n_blocks_count, (__u32 __user *)arg)) {
|
||||
err = -EFAULT;
|
||||
goto group_extend_out;
|
||||
}
|
||||
err = ext3_group_extend(sb, EXT3_SB(sb)->s_es, n_blocks_count);
|
||||
journal_lock_updates(EXT3_SB(sb)->s_journal);
|
||||
journal_flush(EXT3_SB(sb)->s_journal);
|
||||
journal_unlock_updates(EXT3_SB(sb)->s_journal);
|
||||
|
||||
group_extend_out:
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return err;
|
||||
}
|
||||
case EXT3_IOC_GROUP_ADD: {
|
||||
@ -239,18 +268,22 @@ flags_err:
|
||||
if (!capable(CAP_SYS_RESOURCE))
|
||||
return -EPERM;
|
||||
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
if (copy_from_user(&input, (struct ext3_new_group_input __user *)arg,
|
||||
sizeof(input)))
|
||||
return -EFAULT;
|
||||
sizeof(input))) {
|
||||
err = -EFAULT;
|
||||
goto group_add_out;
|
||||
}
|
||||
|
||||
err = ext3_group_add(sb, &input);
|
||||
journal_lock_updates(EXT3_SB(sb)->s_journal);
|
||||
journal_flush(EXT3_SB(sb)->s_journal);
|
||||
journal_unlock_updates(EXT3_SB(sb)->s_journal);
|
||||
|
||||
group_add_out:
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return err;
|
||||
}
|
||||
|
||||
|
@ -15,6 +15,7 @@
|
||||
#include <linux/time.h>
|
||||
#include <linux/compat.h>
|
||||
#include <linux/smp_lock.h>
|
||||
#include <linux/mount.h>
|
||||
#include <asm/uaccess.h>
|
||||
|
||||
int ext4_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
|
||||
@ -38,24 +39,25 @@ int ext4_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
|
||||
unsigned int oldflags;
|
||||
unsigned int jflag;
|
||||
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
return -EACCES;
|
||||
|
||||
if (get_user(flags, (int __user *) arg))
|
||||
return -EFAULT;
|
||||
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
if (!S_ISDIR(inode->i_mode))
|
||||
flags &= ~EXT4_DIRSYNC_FL;
|
||||
|
||||
err = -EPERM;
|
||||
mutex_lock(&inode->i_mutex);
|
||||
/* Is it quota file? Do not allow user to mess with it */
|
||||
if (IS_NOQUOTA(inode)) {
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return -EPERM;
|
||||
}
|
||||
if (IS_NOQUOTA(inode))
|
||||
goto flags_out;
|
||||
|
||||
oldflags = ei->i_flags;
|
||||
|
||||
/* The JOURNAL_DATA flag is modifiable only by root */
|
||||
@ -68,10 +70,8 @@ int ext4_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
|
||||
* This test looks nicer. Thanks to Pauline Middelink
|
||||
*/
|
||||
if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
|
||||
if (!capable(CAP_LINUX_IMMUTABLE)) {
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return -EPERM;
|
||||
}
|
||||
if (!capable(CAP_LINUX_IMMUTABLE))
|
||||
goto flags_out;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -79,17 +79,14 @@ int ext4_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
|
||||
* the relevant capability.
|
||||
*/
|
||||
if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
|
||||
if (!capable(CAP_SYS_RESOURCE)) {
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return -EPERM;
|
||||
}
|
||||
if (!capable(CAP_SYS_RESOURCE))
|
||||
goto flags_out;
|
||||
}
|
||||
|
||||
|
||||
handle = ext4_journal_start(inode, 1);
|
||||
if (IS_ERR(handle)) {
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return PTR_ERR(handle);
|
||||
err = PTR_ERR(handle);
|
||||
goto flags_out;
|
||||
}
|
||||
if (IS_SYNC(inode))
|
||||
handle->h_sync = 1;
|
||||
@ -107,14 +104,14 @@ int ext4_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
|
||||
err = ext4_mark_iloc_dirty(handle, inode, &iloc);
|
||||
flags_err:
|
||||
ext4_journal_stop(handle);
|
||||
if (err) {
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return err;
|
||||
}
|
||||
if (err)
|
||||
goto flags_out;
|
||||
|
||||
if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL))
|
||||
err = ext4_change_inode_journal_flag(inode, jflag);
|
||||
flags_out:
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return err;
|
||||
}
|
||||
case EXT4_IOC_GETVERSION:
|
||||
@ -129,14 +126,20 @@ flags_err:
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
return -EPERM;
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
if (get_user(generation, (int __user *) arg))
|
||||
return -EFAULT;
|
||||
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
return err;
|
||||
if (get_user(generation, (int __user *) arg)) {
|
||||
err = -EFAULT;
|
||||
goto setversion_out;
|
||||
}
|
||||
|
||||
handle = ext4_journal_start(inode, 1);
|
||||
if (IS_ERR(handle))
|
||||
return PTR_ERR(handle);
|
||||
if (IS_ERR(handle)) {
|
||||
err = PTR_ERR(handle);
|
||||
goto setversion_out;
|
||||
}
|
||||
err = ext4_reserve_inode_write(handle, inode, &iloc);
|
||||
if (err == 0) {
|
||||
inode->i_ctime = ext4_current_time(inode);
|
||||
@ -144,6 +147,8 @@ flags_err:
|
||||
err = ext4_mark_iloc_dirty(handle, inode, &iloc);
|
||||
}
|
||||
ext4_journal_stop(handle);
|
||||
setversion_out:
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return err;
|
||||
}
|
||||
#ifdef CONFIG_JBD2_DEBUG
|
||||
@ -179,19 +184,21 @@ flags_err:
|
||||
}
|
||||
return -ENOTTY;
|
||||
case EXT4_IOC_SETRSVSZ: {
|
||||
int err;
|
||||
|
||||
if (!test_opt(inode->i_sb, RESERVATION) ||!S_ISREG(inode->i_mode))
|
||||
return -ENOTTY;
|
||||
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
return -EACCES;
|
||||
|
||||
if (get_user(rsv_window_size, (int __user *)arg))
|
||||
return -EFAULT;
|
||||
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
if (rsv_window_size > EXT4_MAX_RESERVE_BLOCKS)
|
||||
rsv_window_size = EXT4_MAX_RESERVE_BLOCKS;
|
||||
|
||||
@ -208,6 +215,7 @@ flags_err:
|
||||
rsv->rsv_goal_size = rsv_window_size;
|
||||
}
|
||||
up_write(&ei->i_data_sem);
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return 0;
|
||||
}
|
||||
case EXT4_IOC_GROUP_EXTEND: {
|
||||
@ -218,16 +226,18 @@ flags_err:
|
||||
if (!capable(CAP_SYS_RESOURCE))
|
||||
return -EPERM;
|
||||
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
|
||||
if (get_user(n_blocks_count, (__u32 __user *)arg))
|
||||
return -EFAULT;
|
||||
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
|
||||
jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
|
||||
jbd2_journal_flush(EXT4_SB(sb)->s_journal);
|
||||
jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
|
||||
return err;
|
||||
}
|
||||
@ -239,17 +249,19 @@ flags_err:
|
||||
if (!capable(CAP_SYS_RESOURCE))
|
||||
return -EPERM;
|
||||
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
|
||||
if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
|
||||
sizeof(input)))
|
||||
return -EFAULT;
|
||||
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
err = ext4_group_add(sb, &input);
|
||||
jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
|
||||
jbd2_journal_flush(EXT4_SB(sb)->s_journal);
|
||||
jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
|
||||
return err;
|
||||
}
|
||||
|
@ -8,6 +8,7 @@
|
||||
|
||||
#include <linux/capability.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/mount.h>
|
||||
#include <linux/time.h>
|
||||
#include <linux/msdos_fs.h>
|
||||
#include <linux/smp_lock.h>
|
||||
@ -46,10 +47,9 @@ int fat_generic_ioctl(struct inode *inode, struct file *filp,
|
||||
|
||||
mutex_lock(&inode->i_mutex);
|
||||
|
||||
if (IS_RDONLY(inode)) {
|
||||
err = -EROFS;
|
||||
goto up;
|
||||
}
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
goto up_no_drop_write;
|
||||
|
||||
/*
|
||||
* ATTR_VOLUME and ATTR_DIR cannot be changed; this also
|
||||
@ -105,7 +105,9 @@ int fat_generic_ioctl(struct inode *inode, struct file *filp,
|
||||
|
||||
MSDOS_I(inode)->i_attrs = attr & ATTR_UNUSED;
|
||||
mark_inode_dirty(inode);
|
||||
up:
|
||||
up:
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
up_no_drop_write:
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return err;
|
||||
}
|
||||
|
@ -14,6 +14,7 @@
|
||||
|
||||
#include <linux/capability.h>
|
||||
#include <linux/fs.h>
|
||||
#include <linux/mount.h>
|
||||
#include <linux/sched.h>
|
||||
#include <linux/xattr.h>
|
||||
#include <asm/uaccess.h>
|
||||
@ -35,25 +36,32 @@ int hfsplus_ioctl(struct inode *inode, struct file *filp, unsigned int cmd,
|
||||
flags |= FS_NODUMP_FL; /* EXT2_NODUMP_FL */
|
||||
return put_user(flags, (int __user *)arg);
|
||||
case HFSPLUS_IOC_EXT2_SETFLAGS: {
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
return -EACCES;
|
||||
|
||||
if (get_user(flags, (int __user *)arg))
|
||||
return -EFAULT;
|
||||
int err = 0;
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
if (!is_owner_or_cap(inode)) {
|
||||
err = -EACCES;
|
||||
goto setflags_out;
|
||||
}
|
||||
if (get_user(flags, (int __user *)arg)) {
|
||||
err = -EFAULT;
|
||||
goto setflags_out;
|
||||
}
|
||||
if (flags & (FS_IMMUTABLE_FL|FS_APPEND_FL) ||
|
||||
HFSPLUS_I(inode).rootflags & (HFSPLUS_FLG_IMMUTABLE|HFSPLUS_FLG_APPEND)) {
|
||||
if (!capable(CAP_LINUX_IMMUTABLE))
|
||||
return -EPERM;
|
||||
if (!capable(CAP_LINUX_IMMUTABLE)) {
|
||||
err = -EPERM;
|
||||
goto setflags_out;
|
||||
}
|
||||
}
|
||||
|
||||
/* don't silently ignore unsupported ext2 flags */
|
||||
if (flags & ~(FS_IMMUTABLE_FL|FS_APPEND_FL|FS_NODUMP_FL))
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
if (flags & ~(FS_IMMUTABLE_FL|FS_APPEND_FL|FS_NODUMP_FL)) {
|
||||
err = -EOPNOTSUPP;
|
||||
goto setflags_out;
|
||||
}
|
||||
if (flags & FS_IMMUTABLE_FL) { /* EXT2_IMMUTABLE_FL */
|
||||
inode->i_flags |= S_IMMUTABLE;
|
||||
HFSPLUS_I(inode).rootflags |= HFSPLUS_FLG_IMMUTABLE;
|
||||
@ -75,7 +83,9 @@ int hfsplus_ioctl(struct inode *inode, struct file *filp, unsigned int cmd,
|
||||
|
||||
inode->i_ctime = CURRENT_TIME_SEC;
|
||||
mark_inode_dirty(inode);
|
||||
return 0;
|
||||
setflags_out:
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return err;
|
||||
}
|
||||
default:
|
||||
return -ENOTTY;
|
||||
|
@ -8,6 +8,7 @@
|
||||
#include <linux/fs.h>
|
||||
#include <linux/ctype.h>
|
||||
#include <linux/capability.h>
|
||||
#include <linux/mount.h>
|
||||
#include <linux/time.h>
|
||||
#include <linux/sched.h>
|
||||
#include <asm/current.h>
|
||||
@ -65,23 +66,30 @@ long jfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
return put_user(flags, (int __user *) arg);
|
||||
case JFS_IOC_SETFLAGS: {
|
||||
unsigned int oldflags;
|
||||
int err;
|
||||
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
return -EACCES;
|
||||
|
||||
if (get_user(flags, (int __user *) arg))
|
||||
return -EFAULT;
|
||||
if (!is_owner_or_cap(inode)) {
|
||||
err = -EACCES;
|
||||
goto setflags_out;
|
||||
}
|
||||
if (get_user(flags, (int __user *) arg)) {
|
||||
err = -EFAULT;
|
||||
goto setflags_out;
|
||||
}
|
||||
|
||||
flags = jfs_map_ext2(flags, 1);
|
||||
if (!S_ISDIR(inode->i_mode))
|
||||
flags &= ~JFS_DIRSYNC_FL;
|
||||
|
||||
/* Is it quota file? Do not allow user to mess with it */
|
||||
if (IS_NOQUOTA(inode))
|
||||
return -EPERM;
|
||||
if (IS_NOQUOTA(inode)) {
|
||||
err = -EPERM;
|
||||
goto setflags_out;
|
||||
}
|
||||
|
||||
/* Lock against other parallel changes of flags */
|
||||
mutex_lock(&inode->i_mutex);
|
||||
@ -98,7 +106,8 @@ long jfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
(JFS_APPEND_FL | JFS_IMMUTABLE_FL))) {
|
||||
if (!capable(CAP_LINUX_IMMUTABLE)) {
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
return -EPERM;
|
||||
err = -EPERM;
|
||||
goto setflags_out;
|
||||
}
|
||||
}
|
||||
|
||||
@ -110,7 +119,9 @@ long jfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
mutex_unlock(&inode->i_mutex);
|
||||
inode->i_ctime = CURRENT_TIME_SEC;
|
||||
mark_inode_dirty(inode);
|
||||
return 0;
|
||||
setflags_out:
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return err;
|
||||
}
|
||||
default:
|
||||
return -ENOTTY;
|
||||
|
@ -60,10 +60,6 @@ static int ocfs2_set_inode_attr(struct inode *inode, unsigned flags,
|
||||
goto bail;
|
||||
}
|
||||
|
||||
status = -EROFS;
|
||||
if (IS_RDONLY(inode))
|
||||
goto bail_unlock;
|
||||
|
||||
status = -EACCES;
|
||||
if (!is_owner_or_cap(inode))
|
||||
goto bail_unlock;
|
||||
@ -134,8 +130,13 @@ long ocfs2_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
|
||||
if (get_user(flags, (int __user *) arg))
|
||||
return -EFAULT;
|
||||
|
||||
return ocfs2_set_inode_attr(inode, flags,
|
||||
status = mnt_want_write(filp->f_path.mnt);
|
||||
if (status)
|
||||
return status;
|
||||
status = ocfs2_set_inode_attr(inode, flags,
|
||||
OCFS2_FL_MODIFIABLE);
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return status;
|
||||
case OCFS2_IOC_RESVSP:
|
||||
case OCFS2_IOC_RESVSP64:
|
||||
case OCFS2_IOC_UNRESVSP:
|
||||
|
@ -4,6 +4,7 @@
|
||||
|
||||
#include <linux/capability.h>
|
||||
#include <linux/fs.h>
|
||||
#include <linux/mount.h>
|
||||
#include <linux/reiserfs_fs.h>
|
||||
#include <linux/time.h>
|
||||
#include <asm/uaccess.h>
|
||||
@ -25,6 +26,7 @@ int reiserfs_ioctl(struct inode *inode, struct file *filp, unsigned int cmd,
|
||||
unsigned long arg)
|
||||
{
|
||||
unsigned int flags;
|
||||
int err = 0;
|
||||
|
||||
switch (cmd) {
|
||||
case REISERFS_IOC_UNPACK:
|
||||
@ -48,50 +50,67 @@ int reiserfs_ioctl(struct inode *inode, struct file *filp, unsigned int cmd,
|
||||
if (!reiserfs_attrs(inode->i_sb))
|
||||
return -ENOTTY;
|
||||
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
return err;
|
||||
|
||||
if (!is_owner_or_cap(inode))
|
||||
return -EPERM;
|
||||
|
||||
if (get_user(flags, (int __user *)arg))
|
||||
return -EFAULT;
|
||||
|
||||
/* Is it quota file? Do not allow user to mess with it. */
|
||||
if (IS_NOQUOTA(inode))
|
||||
return -EPERM;
|
||||
if (!is_owner_or_cap(inode)) {
|
||||
err = -EPERM;
|
||||
goto setflags_out;
|
||||
}
|
||||
if (get_user(flags, (int __user *)arg)) {
|
||||
err = -EFAULT;
|
||||
goto setflags_out;
|
||||
}
|
||||
/*
|
||||
* Is it quota file? Do not allow user to mess with it
|
||||
*/
|
||||
if (IS_NOQUOTA(inode)) {
|
||||
err = -EPERM;
|
||||
goto setflags_out;
|
||||
}
|
||||
if (((flags ^ REISERFS_I(inode)->
|
||||
i_attrs) & (REISERFS_IMMUTABLE_FL |
|
||||
REISERFS_APPEND_FL))
|
||||
&& !capable(CAP_LINUX_IMMUTABLE))
|
||||
return -EPERM;
|
||||
|
||||
&& !capable(CAP_LINUX_IMMUTABLE)) {
|
||||
err = -EPERM;
|
||||
goto setflags_out;
|
||||
}
|
||||
if ((flags & REISERFS_NOTAIL_FL) &&
|
||||
S_ISREG(inode->i_mode)) {
|
||||
int result;
|
||||
|
||||
result = reiserfs_unpack(inode, filp);
|
||||
if (result)
|
||||
return result;
|
||||
if (result) {
|
||||
err = result;
|
||||
goto setflags_out;
|
||||
}
|
||||
}
|
||||
sd_attrs_to_i_attrs(flags, inode);
|
||||
REISERFS_I(inode)->i_attrs = flags;
|
||||
inode->i_ctime = CURRENT_TIME_SEC;
|
||||
mark_inode_dirty(inode);
|
||||
return 0;
|
||||
setflags_out:
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return err;
|
||||
}
|
||||
case REISERFS_IOC_GETVERSION:
|
||||
return put_user(inode->i_generation, (int __user *)arg);
|
||||
case REISERFS_IOC_SETVERSION:
|
||||
if (!is_owner_or_cap(inode))
|
||||
return -EPERM;
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
if (get_user(inode->i_generation, (int __user *)arg))
|
||||
return -EFAULT;
|
||||
err = mnt_want_write(filp->f_path.mnt);
|
||||
if (err)
|
||||
return err;
|
||||
if (get_user(inode->i_generation, (int __user *)arg)) {
|
||||
err = -EFAULT;
|
||||
goto setversion_out;
|
||||
}
|
||||
inode->i_ctime = CURRENT_TIME_SEC;
|
||||
mark_inode_dirty(inode);
|
||||
return 0;
|
||||
setversion_out:
|
||||
mnt_drop_write(filp->f_path.mnt);
|
||||
return err;
|
||||
default:
|
||||
return -ENOTTY;
|
||||
}
|
||||
|
@ -535,8 +535,6 @@ xfs_attrmulti_attr_set(
|
||||
char *kbuf;
|
||||
int error = EFAULT;
|
||||
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
|
||||
return EPERM;
|
||||
if (len > XATTR_SIZE_MAX)
|
||||
@ -562,8 +560,6 @@ xfs_attrmulti_attr_remove(
|
||||
char *name,
|
||||
__uint32_t flags)
|
||||
{
|
||||
if (IS_RDONLY(inode))
|
||||
return -EROFS;
|
||||
if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
|
||||
return EPERM;
|
||||
return xfs_attr_remove(XFS_I(inode), name, flags);
|
||||
@ -573,6 +569,7 @@ STATIC int
|
||||
xfs_attrmulti_by_handle(
|
||||
xfs_mount_t *mp,
|
||||
void __user *arg,
|
||||
struct file *parfilp,
|
||||
struct inode *parinode)
|
||||
{
|
||||
int error;
|
||||
@ -626,13 +623,21 @@ xfs_attrmulti_by_handle(
|
||||
&ops[i].am_length, ops[i].am_flags);
|
||||
break;
|
||||
case ATTR_OP_SET:
|
||||
ops[i].am_error = mnt_want_write(parfilp->f_path.mnt);
|
||||
if (ops[i].am_error)
|
||||
break;
|
||||
ops[i].am_error = xfs_attrmulti_attr_set(inode,
|
||||
attr_name, ops[i].am_attrvalue,
|
||||
ops[i].am_length, ops[i].am_flags);
|
||||
mnt_drop_write(parfilp->f_path.mnt);
|
||||
break;
|
||||
case ATTR_OP_REMOVE:
|
||||
ops[i].am_error = mnt_want_write(parfilp->f_path.mnt);
|
||||
if (ops[i].am_error)
|
||||
break;
|
||||
ops[i].am_error = xfs_attrmulti_attr_remove(inode,
|
||||
attr_name, ops[i].am_flags);
|
||||
mnt_drop_write(parfilp->f_path.mnt);
|
||||
break;
|
||||
default:
|
||||
ops[i].am_error = EINVAL;
|
||||
@ -1133,7 +1138,7 @@ xfs_ioctl(
|
||||
return xfs_attrlist_by_handle(mp, arg, inode);
|
||||
|
||||
case XFS_IOC_ATTRMULTI_BY_HANDLE:
|
||||
return xfs_attrmulti_by_handle(mp, arg, inode);
|
||||
return xfs_attrmulti_by_handle(mp, arg, filp, inode);
|
||||
|
||||
case XFS_IOC_SWAPEXT: {
|
||||
error = xfs_swapext((struct xfs_swapext __user *)arg);
|
||||
|
Loading…
Reference in New Issue
Block a user