11da177e4SLinus Torvalds /* 21da177e4SLinus Torvalds * linux/fs/attr.c 31da177e4SLinus Torvalds * 41da177e4SLinus Torvalds * Copyright (C) 1991, 1992 Linus Torvalds 51da177e4SLinus Torvalds * changes by Thomas Schoebel-Theuer 61da177e4SLinus Torvalds */ 71da177e4SLinus Torvalds 81da177e4SLinus Torvalds #include <linux/module.h> 91da177e4SLinus Torvalds #include <linux/time.h> 101da177e4SLinus Torvalds #include <linux/mm.h> 111da177e4SLinus Torvalds #include <linux/string.h> 1216f7e0feSRandy Dunlap #include <linux/capability.h> 130eeca283SRobert Love #include <linux/fsnotify.h> 141da177e4SLinus Torvalds #include <linux/fcntl.h> 151da177e4SLinus Torvalds #include <linux/quotaops.h> 161da177e4SLinus Torvalds #include <linux/security.h> 171da177e4SLinus Torvalds 181da177e4SLinus Torvalds /* Taken over from the old code... */ 191da177e4SLinus Torvalds 201da177e4SLinus Torvalds /* POSIX UID/GID verification for setting inode attributes. */ 21*25d9e2d1Snpiggin@suse.de int inode_change_ok(const struct inode *inode, struct iattr *attr) 221da177e4SLinus Torvalds { 231da177e4SLinus Torvalds int retval = -EPERM; 241da177e4SLinus Torvalds unsigned int ia_valid = attr->ia_valid; 251da177e4SLinus Torvalds 261da177e4SLinus Torvalds /* If force is set do it anyway. */ 271da177e4SLinus Torvalds if (ia_valid & ATTR_FORCE) 281da177e4SLinus Torvalds goto fine; 291da177e4SLinus Torvalds 301da177e4SLinus Torvalds /* Make sure a caller can chown. */ 311da177e4SLinus Torvalds if ((ia_valid & ATTR_UID) && 32da9592edSDavid Howells (current_fsuid() != inode->i_uid || 331da177e4SLinus Torvalds attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN)) 341da177e4SLinus Torvalds goto error; 351da177e4SLinus Torvalds 361da177e4SLinus Torvalds /* Make sure caller can chgrp. */ 371da177e4SLinus Torvalds if ((ia_valid & ATTR_GID) && 38da9592edSDavid Howells (current_fsuid() != inode->i_uid || 391da177e4SLinus Torvalds (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && 401da177e4SLinus Torvalds !capable(CAP_CHOWN)) 411da177e4SLinus Torvalds goto error; 421da177e4SLinus Torvalds 431da177e4SLinus Torvalds /* Make sure a caller can chmod. */ 441da177e4SLinus Torvalds if (ia_valid & ATTR_MODE) { 453bd858abSSatyam Sharma if (!is_owner_or_cap(inode)) 461da177e4SLinus Torvalds goto error; 471da177e4SLinus Torvalds /* Also check the setgid bit! */ 481da177e4SLinus Torvalds if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid : 491da177e4SLinus Torvalds inode->i_gid) && !capable(CAP_FSETID)) 501da177e4SLinus Torvalds attr->ia_mode &= ~S_ISGID; 511da177e4SLinus Torvalds } 521da177e4SLinus Torvalds 531da177e4SLinus Torvalds /* Check for setting the inode time. */ 549767d749SMiklos Szeredi if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET | ATTR_TIMES_SET)) { 553bd858abSSatyam Sharma if (!is_owner_or_cap(inode)) 561da177e4SLinus Torvalds goto error; 571da177e4SLinus Torvalds } 581da177e4SLinus Torvalds fine: 591da177e4SLinus Torvalds retval = 0; 601da177e4SLinus Torvalds error: 611da177e4SLinus Torvalds return retval; 621da177e4SLinus Torvalds } 631da177e4SLinus Torvalds EXPORT_SYMBOL(inode_change_ok); 641da177e4SLinus Torvalds 65*25d9e2d1Snpiggin@suse.de /** 66*25d9e2d1Snpiggin@suse.de * inode_newsize_ok - may this inode be truncated to a given size 67*25d9e2d1Snpiggin@suse.de * @inode: the inode to be truncated 68*25d9e2d1Snpiggin@suse.de * @offset: the new size to assign to the inode 69*25d9e2d1Snpiggin@suse.de * @Returns: 0 on success, -ve errno on failure 70*25d9e2d1Snpiggin@suse.de * 71*25d9e2d1Snpiggin@suse.de * inode_newsize_ok will check filesystem limits and ulimits to check that the 72*25d9e2d1Snpiggin@suse.de * new inode size is within limits. inode_newsize_ok will also send SIGXFSZ 73*25d9e2d1Snpiggin@suse.de * when necessary. Caller must not proceed with inode size change if failure is 74*25d9e2d1Snpiggin@suse.de * returned. @inode must be a file (not directory), with appropriate 75*25d9e2d1Snpiggin@suse.de * permissions to allow truncate (inode_newsize_ok does NOT check these 76*25d9e2d1Snpiggin@suse.de * conditions). 77*25d9e2d1Snpiggin@suse.de * 78*25d9e2d1Snpiggin@suse.de * inode_newsize_ok must be called with i_mutex held. 79*25d9e2d1Snpiggin@suse.de */ 80*25d9e2d1Snpiggin@suse.de int inode_newsize_ok(const struct inode *inode, loff_t offset) 81*25d9e2d1Snpiggin@suse.de { 82*25d9e2d1Snpiggin@suse.de if (inode->i_size < offset) { 83*25d9e2d1Snpiggin@suse.de unsigned long limit; 84*25d9e2d1Snpiggin@suse.de 85*25d9e2d1Snpiggin@suse.de limit = current->signal->rlim[RLIMIT_FSIZE].rlim_cur; 86*25d9e2d1Snpiggin@suse.de if (limit != RLIM_INFINITY && offset > limit) 87*25d9e2d1Snpiggin@suse.de goto out_sig; 88*25d9e2d1Snpiggin@suse.de if (offset > inode->i_sb->s_maxbytes) 89*25d9e2d1Snpiggin@suse.de goto out_big; 90*25d9e2d1Snpiggin@suse.de } else { 91*25d9e2d1Snpiggin@suse.de /* 92*25d9e2d1Snpiggin@suse.de * truncation of in-use swapfiles is disallowed - it would 93*25d9e2d1Snpiggin@suse.de * cause subsequent swapout to scribble on the now-freed 94*25d9e2d1Snpiggin@suse.de * blocks. 95*25d9e2d1Snpiggin@suse.de */ 96*25d9e2d1Snpiggin@suse.de if (IS_SWAPFILE(inode)) 97*25d9e2d1Snpiggin@suse.de return -ETXTBSY; 98*25d9e2d1Snpiggin@suse.de } 99*25d9e2d1Snpiggin@suse.de 100*25d9e2d1Snpiggin@suse.de return 0; 101*25d9e2d1Snpiggin@suse.de out_sig: 102*25d9e2d1Snpiggin@suse.de send_sig(SIGXFSZ, current, 0); 103*25d9e2d1Snpiggin@suse.de out_big: 104*25d9e2d1Snpiggin@suse.de return -EFBIG; 105*25d9e2d1Snpiggin@suse.de } 106*25d9e2d1Snpiggin@suse.de EXPORT_SYMBOL(inode_newsize_ok); 107*25d9e2d1Snpiggin@suse.de 1081da177e4SLinus Torvalds int inode_setattr(struct inode * inode, struct iattr * attr) 1091da177e4SLinus Torvalds { 1101da177e4SLinus Torvalds unsigned int ia_valid = attr->ia_valid; 1111da177e4SLinus Torvalds 1124a30131eSNeilBrown if (ia_valid & ATTR_SIZE && 1134a30131eSNeilBrown attr->ia_size != i_size_read(inode)) { 1144a30131eSNeilBrown int error = vmtruncate(inode, attr->ia_size); 1154a30131eSNeilBrown if (error) 1164a30131eSNeilBrown return error; 1171da177e4SLinus Torvalds } 1181da177e4SLinus Torvalds 1191da177e4SLinus Torvalds if (ia_valid & ATTR_UID) 1201da177e4SLinus Torvalds inode->i_uid = attr->ia_uid; 1211da177e4SLinus Torvalds if (ia_valid & ATTR_GID) 1221da177e4SLinus Torvalds inode->i_gid = attr->ia_gid; 1231da177e4SLinus Torvalds if (ia_valid & ATTR_ATIME) 1241da177e4SLinus Torvalds inode->i_atime = timespec_trunc(attr->ia_atime, 1251da177e4SLinus Torvalds inode->i_sb->s_time_gran); 1261da177e4SLinus Torvalds if (ia_valid & ATTR_MTIME) 1271da177e4SLinus Torvalds inode->i_mtime = timespec_trunc(attr->ia_mtime, 1281da177e4SLinus Torvalds inode->i_sb->s_time_gran); 1291da177e4SLinus Torvalds if (ia_valid & ATTR_CTIME) 1301da177e4SLinus Torvalds inode->i_ctime = timespec_trunc(attr->ia_ctime, 1311da177e4SLinus Torvalds inode->i_sb->s_time_gran); 1321da177e4SLinus Torvalds if (ia_valid & ATTR_MODE) { 1331da177e4SLinus Torvalds umode_t mode = attr->ia_mode; 1341da177e4SLinus Torvalds 1351da177e4SLinus Torvalds if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID)) 1361da177e4SLinus Torvalds mode &= ~S_ISGID; 1371da177e4SLinus Torvalds inode->i_mode = mode; 1381da177e4SLinus Torvalds } 1391da177e4SLinus Torvalds mark_inode_dirty(inode); 1404a30131eSNeilBrown 1414a30131eSNeilBrown return 0; 1421da177e4SLinus Torvalds } 1431da177e4SLinus Torvalds EXPORT_SYMBOL(inode_setattr); 1441da177e4SLinus Torvalds 1451da177e4SLinus Torvalds int notify_change(struct dentry * dentry, struct iattr * attr) 1461da177e4SLinus Torvalds { 1471da177e4SLinus Torvalds struct inode *inode = dentry->d_inode; 1486de0ec00SJeff Layton mode_t mode = inode->i_mode; 1491da177e4SLinus Torvalds int error; 1501da177e4SLinus Torvalds struct timespec now; 1511da177e4SLinus Torvalds unsigned int ia_valid = attr->ia_valid; 1521da177e4SLinus Torvalds 153beb29e05SMiklos Szeredi if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) { 154beb29e05SMiklos Szeredi if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 155beb29e05SMiklos Szeredi return -EPERM; 156beb29e05SMiklos Szeredi } 157beb29e05SMiklos Szeredi 1581da177e4SLinus Torvalds now = current_fs_time(inode->i_sb); 1591da177e4SLinus Torvalds 1601da177e4SLinus Torvalds attr->ia_ctime = now; 1611da177e4SLinus Torvalds if (!(ia_valid & ATTR_ATIME_SET)) 1621da177e4SLinus Torvalds attr->ia_atime = now; 1631da177e4SLinus Torvalds if (!(ia_valid & ATTR_MTIME_SET)) 1641da177e4SLinus Torvalds attr->ia_mtime = now; 165b5376771SSerge E. Hallyn if (ia_valid & ATTR_KILL_PRIV) { 166b5376771SSerge E. Hallyn attr->ia_valid &= ~ATTR_KILL_PRIV; 167b5376771SSerge E. Hallyn ia_valid &= ~ATTR_KILL_PRIV; 168b5376771SSerge E. Hallyn error = security_inode_need_killpriv(dentry); 169b5376771SSerge E. Hallyn if (error > 0) 170b5376771SSerge E. Hallyn error = security_inode_killpriv(dentry); 171b5376771SSerge E. Hallyn if (error) 172b5376771SSerge E. Hallyn return error; 173b5376771SSerge E. Hallyn } 1746de0ec00SJeff Layton 1756de0ec00SJeff Layton /* 1766de0ec00SJeff Layton * We now pass ATTR_KILL_S*ID to the lower level setattr function so 1776de0ec00SJeff Layton * that the function has the ability to reinterpret a mode change 1786de0ec00SJeff Layton * that's due to these bits. This adds an implicit restriction that 1796de0ec00SJeff Layton * no function will ever call notify_change with both ATTR_MODE and 1806de0ec00SJeff Layton * ATTR_KILL_S*ID set. 1816de0ec00SJeff Layton */ 1826de0ec00SJeff Layton if ((ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID)) && 1836de0ec00SJeff Layton (ia_valid & ATTR_MODE)) 1846de0ec00SJeff Layton BUG(); 1856de0ec00SJeff Layton 1861da177e4SLinus Torvalds if (ia_valid & ATTR_KILL_SUID) { 1871da177e4SLinus Torvalds if (mode & S_ISUID) { 1881da177e4SLinus Torvalds ia_valid = attr->ia_valid |= ATTR_MODE; 1896de0ec00SJeff Layton attr->ia_mode = (inode->i_mode & ~S_ISUID); 1901da177e4SLinus Torvalds } 1911da177e4SLinus Torvalds } 1921da177e4SLinus Torvalds if (ia_valid & ATTR_KILL_SGID) { 1931da177e4SLinus Torvalds if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { 1941da177e4SLinus Torvalds if (!(ia_valid & ATTR_MODE)) { 1951da177e4SLinus Torvalds ia_valid = attr->ia_valid |= ATTR_MODE; 1961da177e4SLinus Torvalds attr->ia_mode = inode->i_mode; 1971da177e4SLinus Torvalds } 1981da177e4SLinus Torvalds attr->ia_mode &= ~S_ISGID; 1991da177e4SLinus Torvalds } 2001da177e4SLinus Torvalds } 2016de0ec00SJeff Layton if (!(attr->ia_valid & ~(ATTR_KILL_SUID | ATTR_KILL_SGID))) 2021da177e4SLinus Torvalds return 0; 2031da177e4SLinus Torvalds 204a77b72daSMiklos Szeredi error = security_inode_setattr(dentry, attr); 205a77b72daSMiklos Szeredi if (error) 206a77b72daSMiklos Szeredi return error; 207a77b72daSMiklos Szeredi 2081da177e4SLinus Torvalds if (ia_valid & ATTR_SIZE) 2091da177e4SLinus Torvalds down_write(&dentry->d_inode->i_alloc_sem); 2101da177e4SLinus Torvalds 2111da177e4SLinus Torvalds if (inode->i_op && inode->i_op->setattr) { 2121da177e4SLinus Torvalds error = inode->i_op->setattr(dentry, attr); 2131da177e4SLinus Torvalds } else { 2141da177e4SLinus Torvalds error = inode_change_ok(inode, attr); 2151da177e4SLinus Torvalds if (!error) { 2161da177e4SLinus Torvalds if ((ia_valid & ATTR_UID && attr->ia_uid != inode->i_uid) || 2171da177e4SLinus Torvalds (ia_valid & ATTR_GID && attr->ia_gid != inode->i_gid)) 2189e3509e2SJan Kara error = vfs_dq_transfer(inode, attr) ? 2199e3509e2SJan Kara -EDQUOT : 0; 2201da177e4SLinus Torvalds if (!error) 2211da177e4SLinus Torvalds error = inode_setattr(inode, attr); 2221da177e4SLinus Torvalds } 2231da177e4SLinus Torvalds } 2241da177e4SLinus Torvalds 2251da177e4SLinus Torvalds if (ia_valid & ATTR_SIZE) 2261da177e4SLinus Torvalds up_write(&dentry->d_inode->i_alloc_sem); 2271da177e4SLinus Torvalds 2280eeca283SRobert Love if (!error) 2290eeca283SRobert Love fsnotify_change(dentry, ia_valid); 2300eeca283SRobert Love 2311da177e4SLinus Torvalds return error; 2321da177e4SLinus Torvalds } 2331da177e4SLinus Torvalds 2341da177e4SLinus Torvalds EXPORT_SYMBOL(notify_change); 235