ext3: tighten restrictions on inode flags
[pandora-kernel.git] / fs / ext3 / ioctl.c
1 /*
2  * linux/fs/ext3/ioctl.c
3  *
4  * Copyright (C) 1993, 1994, 1995
5  * Remy Card (card@masi.ibp.fr)
6  * Laboratoire MASI - Institut Blaise Pascal
7  * Universite Pierre et Marie Curie (Paris VI)
8  */
9
10 #include <linux/fs.h>
11 #include <linux/jbd.h>
12 #include <linux/capability.h>
13 #include <linux/ext3_fs.h>
14 #include <linux/ext3_jbd.h>
15 #include <linux/mount.h>
16 #include <linux/time.h>
17 #include <linux/compat.h>
18 #include <linux/smp_lock.h>
19 #include <asm/uaccess.h>
20
21 int ext3_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,
22                 unsigned long arg)
23 {
24         struct ext3_inode_info *ei = EXT3_I(inode);
25         unsigned int flags;
26         unsigned short rsv_window_size;
27
28         ext3_debug ("cmd = %u, arg = %lu\n", cmd, arg);
29
30         switch (cmd) {
31         case EXT3_IOC_GETFLAGS:
32                 ext3_get_inode_flags(ei);
33                 flags = ei->i_flags & EXT3_FL_USER_VISIBLE;
34                 return put_user(flags, (int __user *) arg);
35         case EXT3_IOC_SETFLAGS: {
36                 handle_t *handle = NULL;
37                 int err;
38                 struct ext3_iloc iloc;
39                 unsigned int oldflags;
40                 unsigned int jflag;
41
42                 err = mnt_want_write(filp->f_path.mnt);
43                 if (err)
44                         return err;
45
46                 if (!is_owner_or_cap(inode)) {
47                         err = -EACCES;
48                         goto flags_out;
49                 }
50
51                 if (get_user(flags, (int __user *) arg)) {
52                         err = -EFAULT;
53                         goto flags_out;
54                 }
55
56                 flags = ext3_mask_flags(inode->i_mode, flags);
57
58                 mutex_lock(&inode->i_mutex);
59                 /* Is it quota file? Do not allow user to mess with it */
60                 if (IS_NOQUOTA(inode)) {
61                         mutex_unlock(&inode->i_mutex);
62                         err = -EPERM;
63                         goto flags_out;
64                 }
65                 oldflags = ei->i_flags;
66
67                 /* The JOURNAL_DATA flag is modifiable only by root */
68                 jflag = flags & EXT3_JOURNAL_DATA_FL;
69
70                 /*
71                  * The IMMUTABLE and APPEND_ONLY flags can only be changed by
72                  * the relevant capability.
73                  *
74                  * This test looks nicer. Thanks to Pauline Middelink
75                  */
76                 if ((flags ^ oldflags) & (EXT3_APPEND_FL | EXT3_IMMUTABLE_FL)) {
77                         if (!capable(CAP_LINUX_IMMUTABLE)) {
78                                 mutex_unlock(&inode->i_mutex);
79                                 err = -EPERM;
80                                 goto flags_out;
81                         }
82                 }
83
84                 /*
85                  * The JOURNAL_DATA flag can only be changed by
86                  * the relevant capability.
87                  */
88                 if ((jflag ^ oldflags) & (EXT3_JOURNAL_DATA_FL)) {
89                         if (!capable(CAP_SYS_RESOURCE)) {
90                                 mutex_unlock(&inode->i_mutex);
91                                 err = -EPERM;
92                                 goto flags_out;
93                         }
94                 }
95
96
97                 handle = ext3_journal_start(inode, 1);
98                 if (IS_ERR(handle)) {
99                         mutex_unlock(&inode->i_mutex);
100                         err = PTR_ERR(handle);
101                         goto flags_out;
102                 }
103                 if (IS_SYNC(inode))
104                         handle->h_sync = 1;
105                 err = ext3_reserve_inode_write(handle, inode, &iloc);
106                 if (err)
107                         goto flags_err;
108
109                 flags = flags & EXT3_FL_USER_MODIFIABLE;
110                 flags |= oldflags & ~EXT3_FL_USER_MODIFIABLE;
111                 ei->i_flags = flags;
112
113                 ext3_set_inode_flags(inode);
114                 inode->i_ctime = CURRENT_TIME_SEC;
115
116                 err = ext3_mark_iloc_dirty(handle, inode, &iloc);
117 flags_err:
118                 ext3_journal_stop(handle);
119                 if (err) {
120                         mutex_unlock(&inode->i_mutex);
121                         return err;
122                 }
123
124                 if ((jflag ^ oldflags) & (EXT3_JOURNAL_DATA_FL))
125                         err = ext3_change_inode_journal_flag(inode, jflag);
126                 mutex_unlock(&inode->i_mutex);
127 flags_out:
128                 mnt_drop_write(filp->f_path.mnt);
129                 return err;
130         }
131         case EXT3_IOC_GETVERSION:
132         case EXT3_IOC_GETVERSION_OLD:
133                 return put_user(inode->i_generation, (int __user *) arg);
134         case EXT3_IOC_SETVERSION:
135         case EXT3_IOC_SETVERSION_OLD: {
136                 handle_t *handle;
137                 struct ext3_iloc iloc;
138                 __u32 generation;
139                 int err;
140
141                 if (!is_owner_or_cap(inode))
142                         return -EPERM;
143                 err = mnt_want_write(filp->f_path.mnt);
144                 if (err)
145                         return err;
146                 if (get_user(generation, (int __user *) arg)) {
147                         err = -EFAULT;
148                         goto setversion_out;
149                 }
150                 handle = ext3_journal_start(inode, 1);
151                 if (IS_ERR(handle)) {
152                         err = PTR_ERR(handle);
153                         goto setversion_out;
154                 }
155                 err = ext3_reserve_inode_write(handle, inode, &iloc);
156                 if (err == 0) {
157                         inode->i_ctime = CURRENT_TIME_SEC;
158                         inode->i_generation = generation;
159                         err = ext3_mark_iloc_dirty(handle, inode, &iloc);
160                 }
161                 ext3_journal_stop(handle);
162 setversion_out:
163                 mnt_drop_write(filp->f_path.mnt);
164                 return err;
165         }
166 #ifdef CONFIG_JBD_DEBUG
167         case EXT3_IOC_WAIT_FOR_READONLY:
168                 /*
169                  * This is racy - by the time we're woken up and running,
170                  * the superblock could be released.  And the module could
171                  * have been unloaded.  So sue me.
172                  *
173                  * Returns 1 if it slept, else zero.
174                  */
175                 {
176                         struct super_block *sb = inode->i_sb;
177                         DECLARE_WAITQUEUE(wait, current);
178                         int ret = 0;
179
180                         set_current_state(TASK_INTERRUPTIBLE);
181                         add_wait_queue(&EXT3_SB(sb)->ro_wait_queue, &wait);
182                         if (timer_pending(&EXT3_SB(sb)->turn_ro_timer)) {
183                                 schedule();
184                                 ret = 1;
185                         }
186                         remove_wait_queue(&EXT3_SB(sb)->ro_wait_queue, &wait);
187                         return ret;
188                 }
189 #endif
190         case EXT3_IOC_GETRSVSZ:
191                 if (test_opt(inode->i_sb, RESERVATION)
192                         && S_ISREG(inode->i_mode)
193                         && ei->i_block_alloc_info) {
194                         rsv_window_size = ei->i_block_alloc_info->rsv_window_node.rsv_goal_size;
195                         return put_user(rsv_window_size, (int __user *)arg);
196                 }
197                 return -ENOTTY;
198         case EXT3_IOC_SETRSVSZ: {
199                 int err;
200
201                 if (!test_opt(inode->i_sb, RESERVATION) ||!S_ISREG(inode->i_mode))
202                         return -ENOTTY;
203
204                 err = mnt_want_write(filp->f_path.mnt);
205                 if (err)
206                         return err;
207
208                 if (!is_owner_or_cap(inode)) {
209                         err = -EACCES;
210                         goto setrsvsz_out;
211                 }
212
213                 if (get_user(rsv_window_size, (int __user *)arg)) {
214                         err = -EFAULT;
215                         goto setrsvsz_out;
216                 }
217
218                 if (rsv_window_size > EXT3_MAX_RESERVE_BLOCKS)
219                         rsv_window_size = EXT3_MAX_RESERVE_BLOCKS;
220
221                 /*
222                  * need to allocate reservation structure for this inode
223                  * before set the window size
224                  */
225                 mutex_lock(&ei->truncate_mutex);
226                 if (!ei->i_block_alloc_info)
227                         ext3_init_block_alloc_info(inode);
228
229                 if (ei->i_block_alloc_info){
230                         struct ext3_reserve_window_node *rsv = &ei->i_block_alloc_info->rsv_window_node;
231                         rsv->rsv_goal_size = rsv_window_size;
232                 }
233                 mutex_unlock(&ei->truncate_mutex);
234 setrsvsz_out:
235                 mnt_drop_write(filp->f_path.mnt);
236                 return err;
237         }
238         case EXT3_IOC_GROUP_EXTEND: {
239                 ext3_fsblk_t n_blocks_count;
240                 struct super_block *sb = inode->i_sb;
241                 int err, err2;
242
243                 if (!capable(CAP_SYS_RESOURCE))
244                         return -EPERM;
245
246                 err = mnt_want_write(filp->f_path.mnt);
247                 if (err)
248                         return err;
249
250                 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
251                         err = -EFAULT;
252                         goto group_extend_out;
253                 }
254                 err = ext3_group_extend(sb, EXT3_SB(sb)->s_es, n_blocks_count);
255                 journal_lock_updates(EXT3_SB(sb)->s_journal);
256                 err2 = journal_flush(EXT3_SB(sb)->s_journal);
257                 journal_unlock_updates(EXT3_SB(sb)->s_journal);
258                 if (err == 0)
259                         err = err2;
260 group_extend_out:
261                 mnt_drop_write(filp->f_path.mnt);
262                 return err;
263         }
264         case EXT3_IOC_GROUP_ADD: {
265                 struct ext3_new_group_data input;
266                 struct super_block *sb = inode->i_sb;
267                 int err, err2;
268
269                 if (!capable(CAP_SYS_RESOURCE))
270                         return -EPERM;
271
272                 err = mnt_want_write(filp->f_path.mnt);
273                 if (err)
274                         return err;
275
276                 if (copy_from_user(&input, (struct ext3_new_group_input __user *)arg,
277                                 sizeof(input))) {
278                         err = -EFAULT;
279                         goto group_add_out;
280                 }
281
282                 err = ext3_group_add(sb, &input);
283                 journal_lock_updates(EXT3_SB(sb)->s_journal);
284                 err2 = journal_flush(EXT3_SB(sb)->s_journal);
285                 journal_unlock_updates(EXT3_SB(sb)->s_journal);
286                 if (err == 0)
287                         err = err2;
288 group_add_out:
289                 mnt_drop_write(filp->f_path.mnt);
290                 return err;
291         }
292
293
294         default:
295                 return -ENOTTY;
296         }
297 }
298
299 #ifdef CONFIG_COMPAT
300 long ext3_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
301 {
302         struct inode *inode = file->f_path.dentry->d_inode;
303         int ret;
304
305         /* These are just misnamed, they actually get/put from/to user an int */
306         switch (cmd) {
307         case EXT3_IOC32_GETFLAGS:
308                 cmd = EXT3_IOC_GETFLAGS;
309                 break;
310         case EXT3_IOC32_SETFLAGS:
311                 cmd = EXT3_IOC_SETFLAGS;
312                 break;
313         case EXT3_IOC32_GETVERSION:
314                 cmd = EXT3_IOC_GETVERSION;
315                 break;
316         case EXT3_IOC32_SETVERSION:
317                 cmd = EXT3_IOC_SETVERSION;
318                 break;
319         case EXT3_IOC32_GROUP_EXTEND:
320                 cmd = EXT3_IOC_GROUP_EXTEND;
321                 break;
322         case EXT3_IOC32_GETVERSION_OLD:
323                 cmd = EXT3_IOC_GETVERSION_OLD;
324                 break;
325         case EXT3_IOC32_SETVERSION_OLD:
326                 cmd = EXT3_IOC_SETVERSION_OLD;
327                 break;
328 #ifdef CONFIG_JBD_DEBUG
329         case EXT3_IOC32_WAIT_FOR_READONLY:
330                 cmd = EXT3_IOC_WAIT_FOR_READONLY;
331                 break;
332 #endif
333         case EXT3_IOC32_GETRSVSZ:
334                 cmd = EXT3_IOC_GETRSVSZ;
335                 break;
336         case EXT3_IOC32_SETRSVSZ:
337                 cmd = EXT3_IOC_SETRSVSZ;
338                 break;
339         case EXT3_IOC_GROUP_ADD:
340                 break;
341         default:
342                 return -ENOIOCTLCMD;
343         }
344         lock_kernel();
345         ret = ext3_ioctl(inode, file, cmd, (unsigned long) compat_ptr(arg));
346         unlock_kernel();
347         return ret;
348 }
349 #endif