11da177e4SLinus Torvalds /* 21da177e4SLinus Torvalds * linux/fs/attr.c 31da177e4SLinus Torvalds * 41da177e4SLinus Torvalds * Copyright (C) 1991, 1992 Linus Torvalds 51da177e4SLinus Torvalds * changes by Thomas Schoebel-Theuer 61da177e4SLinus Torvalds */ 71da177e4SLinus Torvalds 81da177e4SLinus Torvalds #include <linux/module.h> 91da177e4SLinus Torvalds #include <linux/time.h> 101da177e4SLinus Torvalds #include <linux/mm.h> 111da177e4SLinus Torvalds #include <linux/string.h> 1216f7e0feSRandy Dunlap #include <linux/capability.h> 130eeca283SRobert Love #include <linux/fsnotify.h> 141da177e4SLinus Torvalds #include <linux/fcntl.h> 151da177e4SLinus Torvalds #include <linux/security.h> 161da177e4SLinus Torvalds 171da177e4SLinus Torvalds /* Taken over from the old code... */ 181da177e4SLinus Torvalds 191da177e4SLinus Torvalds /* POSIX UID/GID verification for setting inode attributes. */ 2025d9e2d1Snpiggin@suse.de int inode_change_ok(const struct inode *inode, struct iattr *attr) 211da177e4SLinus Torvalds { 221da177e4SLinus Torvalds int retval = -EPERM; 231da177e4SLinus Torvalds unsigned int ia_valid = attr->ia_valid; 241da177e4SLinus Torvalds 251da177e4SLinus Torvalds /* If force is set do it anyway. */ 261da177e4SLinus Torvalds if (ia_valid & ATTR_FORCE) 271da177e4SLinus Torvalds goto fine; 281da177e4SLinus Torvalds 291da177e4SLinus Torvalds /* Make sure a caller can chown. */ 301da177e4SLinus Torvalds if ((ia_valid & ATTR_UID) && 31da9592edSDavid Howells (current_fsuid() != inode->i_uid || 321da177e4SLinus Torvalds attr->ia_uid != inode->i_uid) && !capable(CAP_CHOWN)) 331da177e4SLinus Torvalds goto error; 341da177e4SLinus Torvalds 351da177e4SLinus Torvalds /* Make sure caller can chgrp. */ 361da177e4SLinus Torvalds if ((ia_valid & ATTR_GID) && 37da9592edSDavid Howells (current_fsuid() != inode->i_uid || 381da177e4SLinus Torvalds (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) && 391da177e4SLinus Torvalds !capable(CAP_CHOWN)) 401da177e4SLinus Torvalds goto error; 411da177e4SLinus Torvalds 421da177e4SLinus Torvalds /* Make sure a caller can chmod. */ 431da177e4SLinus Torvalds if (ia_valid & ATTR_MODE) { 443bd858abSSatyam Sharma if (!is_owner_or_cap(inode)) 451da177e4SLinus Torvalds goto error; 461da177e4SLinus Torvalds /* Also check the setgid bit! */ 471da177e4SLinus Torvalds if (!in_group_p((ia_valid & ATTR_GID) ? attr->ia_gid : 481da177e4SLinus Torvalds inode->i_gid) && !capable(CAP_FSETID)) 491da177e4SLinus Torvalds attr->ia_mode &= ~S_ISGID; 501da177e4SLinus Torvalds } 511da177e4SLinus Torvalds 521da177e4SLinus Torvalds /* Check for setting the inode time. */ 539767d749SMiklos Szeredi if (ia_valid & (ATTR_MTIME_SET | ATTR_ATIME_SET | ATTR_TIMES_SET)) { 543bd858abSSatyam Sharma if (!is_owner_or_cap(inode)) 551da177e4SLinus Torvalds goto error; 561da177e4SLinus Torvalds } 571da177e4SLinus Torvalds fine: 581da177e4SLinus Torvalds retval = 0; 591da177e4SLinus Torvalds error: 601da177e4SLinus Torvalds return retval; 611da177e4SLinus Torvalds } 621da177e4SLinus Torvalds EXPORT_SYMBOL(inode_change_ok); 631da177e4SLinus Torvalds 6425d9e2d1Snpiggin@suse.de /** 6525d9e2d1Snpiggin@suse.de * inode_newsize_ok - may this inode be truncated to a given size 6625d9e2d1Snpiggin@suse.de * @inode: the inode to be truncated 6725d9e2d1Snpiggin@suse.de * @offset: the new size to assign to the inode 6825d9e2d1Snpiggin@suse.de * @Returns: 0 on success, -ve errno on failure 6925d9e2d1Snpiggin@suse.de * 7025d9e2d1Snpiggin@suse.de * inode_newsize_ok will check filesystem limits and ulimits to check that the 7125d9e2d1Snpiggin@suse.de * new inode size is within limits. inode_newsize_ok will also send SIGXFSZ 7225d9e2d1Snpiggin@suse.de * when necessary. Caller must not proceed with inode size change if failure is 7325d9e2d1Snpiggin@suse.de * returned. @inode must be a file (not directory), with appropriate 7425d9e2d1Snpiggin@suse.de * permissions to allow truncate (inode_newsize_ok does NOT check these 7525d9e2d1Snpiggin@suse.de * conditions). 7625d9e2d1Snpiggin@suse.de * 7725d9e2d1Snpiggin@suse.de * inode_newsize_ok must be called with i_mutex held. 7825d9e2d1Snpiggin@suse.de */ 7925d9e2d1Snpiggin@suse.de int inode_newsize_ok(const struct inode *inode, loff_t offset) 8025d9e2d1Snpiggin@suse.de { 8125d9e2d1Snpiggin@suse.de if (inode->i_size < offset) { 8225d9e2d1Snpiggin@suse.de unsigned long limit; 8325d9e2d1Snpiggin@suse.de 84*d554ed89SJiri Slaby limit = rlimit(RLIMIT_FSIZE); 8525d9e2d1Snpiggin@suse.de if (limit != RLIM_INFINITY && offset > limit) 8625d9e2d1Snpiggin@suse.de goto out_sig; 8725d9e2d1Snpiggin@suse.de if (offset > inode->i_sb->s_maxbytes) 8825d9e2d1Snpiggin@suse.de goto out_big; 8925d9e2d1Snpiggin@suse.de } else { 9025d9e2d1Snpiggin@suse.de /* 9125d9e2d1Snpiggin@suse.de * truncation of in-use swapfiles is disallowed - it would 9225d9e2d1Snpiggin@suse.de * cause subsequent swapout to scribble on the now-freed 9325d9e2d1Snpiggin@suse.de * blocks. 9425d9e2d1Snpiggin@suse.de */ 9525d9e2d1Snpiggin@suse.de if (IS_SWAPFILE(inode)) 9625d9e2d1Snpiggin@suse.de return -ETXTBSY; 9725d9e2d1Snpiggin@suse.de } 9825d9e2d1Snpiggin@suse.de 9925d9e2d1Snpiggin@suse.de return 0; 10025d9e2d1Snpiggin@suse.de out_sig: 10125d9e2d1Snpiggin@suse.de send_sig(SIGXFSZ, current, 0); 10225d9e2d1Snpiggin@suse.de out_big: 10325d9e2d1Snpiggin@suse.de return -EFBIG; 10425d9e2d1Snpiggin@suse.de } 10525d9e2d1Snpiggin@suse.de EXPORT_SYMBOL(inode_newsize_ok); 10625d9e2d1Snpiggin@suse.de 1071da177e4SLinus Torvalds int inode_setattr(struct inode * inode, struct iattr * attr) 1081da177e4SLinus Torvalds { 1091da177e4SLinus Torvalds unsigned int ia_valid = attr->ia_valid; 1101da177e4SLinus Torvalds 1114a30131eSNeilBrown if (ia_valid & ATTR_SIZE && 1124a30131eSNeilBrown attr->ia_size != i_size_read(inode)) { 1134a30131eSNeilBrown int error = vmtruncate(inode, attr->ia_size); 1144a30131eSNeilBrown if (error) 1154a30131eSNeilBrown return error; 1161da177e4SLinus Torvalds } 1171da177e4SLinus Torvalds 1181da177e4SLinus Torvalds if (ia_valid & ATTR_UID) 1191da177e4SLinus Torvalds inode->i_uid = attr->ia_uid; 1201da177e4SLinus Torvalds if (ia_valid & ATTR_GID) 1211da177e4SLinus Torvalds inode->i_gid = attr->ia_gid; 1221da177e4SLinus Torvalds if (ia_valid & ATTR_ATIME) 1231da177e4SLinus Torvalds inode->i_atime = timespec_trunc(attr->ia_atime, 1241da177e4SLinus Torvalds inode->i_sb->s_time_gran); 1251da177e4SLinus Torvalds if (ia_valid & ATTR_MTIME) 1261da177e4SLinus Torvalds inode->i_mtime = timespec_trunc(attr->ia_mtime, 1271da177e4SLinus Torvalds inode->i_sb->s_time_gran); 1281da177e4SLinus Torvalds if (ia_valid & ATTR_CTIME) 1291da177e4SLinus Torvalds inode->i_ctime = timespec_trunc(attr->ia_ctime, 1301da177e4SLinus Torvalds inode->i_sb->s_time_gran); 1311da177e4SLinus Torvalds if (ia_valid & ATTR_MODE) { 1321da177e4SLinus Torvalds umode_t mode = attr->ia_mode; 1331da177e4SLinus Torvalds 1341da177e4SLinus Torvalds if (!in_group_p(inode->i_gid) && !capable(CAP_FSETID)) 1351da177e4SLinus Torvalds mode &= ~S_ISGID; 1361da177e4SLinus Torvalds inode->i_mode = mode; 1371da177e4SLinus Torvalds } 1381da177e4SLinus Torvalds mark_inode_dirty(inode); 1394a30131eSNeilBrown 1404a30131eSNeilBrown return 0; 1411da177e4SLinus Torvalds } 1421da177e4SLinus Torvalds EXPORT_SYMBOL(inode_setattr); 1431da177e4SLinus Torvalds 1441da177e4SLinus Torvalds int notify_change(struct dentry * dentry, struct iattr * attr) 1451da177e4SLinus Torvalds { 1461da177e4SLinus Torvalds struct inode *inode = dentry->d_inode; 1476de0ec00SJeff Layton mode_t mode = inode->i_mode; 1481da177e4SLinus Torvalds int error; 1491da177e4SLinus Torvalds struct timespec now; 1501da177e4SLinus Torvalds unsigned int ia_valid = attr->ia_valid; 1511da177e4SLinus Torvalds 152beb29e05SMiklos Szeredi if (ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID | ATTR_TIMES_SET)) { 153beb29e05SMiklos Szeredi if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) 154beb29e05SMiklos Szeredi return -EPERM; 155beb29e05SMiklos Szeredi } 156beb29e05SMiklos Szeredi 1571da177e4SLinus Torvalds now = current_fs_time(inode->i_sb); 1581da177e4SLinus Torvalds 1591da177e4SLinus Torvalds attr->ia_ctime = now; 1601da177e4SLinus Torvalds if (!(ia_valid & ATTR_ATIME_SET)) 1611da177e4SLinus Torvalds attr->ia_atime = now; 1621da177e4SLinus Torvalds if (!(ia_valid & ATTR_MTIME_SET)) 1631da177e4SLinus Torvalds attr->ia_mtime = now; 164b5376771SSerge E. Hallyn if (ia_valid & ATTR_KILL_PRIV) { 165b5376771SSerge E. Hallyn attr->ia_valid &= ~ATTR_KILL_PRIV; 166b5376771SSerge E. Hallyn ia_valid &= ~ATTR_KILL_PRIV; 167b5376771SSerge E. Hallyn error = security_inode_need_killpriv(dentry); 168b5376771SSerge E. Hallyn if (error > 0) 169b5376771SSerge E. Hallyn error = security_inode_killpriv(dentry); 170b5376771SSerge E. Hallyn if (error) 171b5376771SSerge E. Hallyn return error; 172b5376771SSerge E. Hallyn } 1736de0ec00SJeff Layton 1746de0ec00SJeff Layton /* 1756de0ec00SJeff Layton * We now pass ATTR_KILL_S*ID to the lower level setattr function so 1766de0ec00SJeff Layton * that the function has the ability to reinterpret a mode change 1776de0ec00SJeff Layton * that's due to these bits. This adds an implicit restriction that 1786de0ec00SJeff Layton * no function will ever call notify_change with both ATTR_MODE and 1796de0ec00SJeff Layton * ATTR_KILL_S*ID set. 1806de0ec00SJeff Layton */ 1816de0ec00SJeff Layton if ((ia_valid & (ATTR_KILL_SUID|ATTR_KILL_SGID)) && 1826de0ec00SJeff Layton (ia_valid & ATTR_MODE)) 1836de0ec00SJeff Layton BUG(); 1846de0ec00SJeff Layton 1851da177e4SLinus Torvalds if (ia_valid & ATTR_KILL_SUID) { 1861da177e4SLinus Torvalds if (mode & S_ISUID) { 1871da177e4SLinus Torvalds ia_valid = attr->ia_valid |= ATTR_MODE; 1886de0ec00SJeff Layton attr->ia_mode = (inode->i_mode & ~S_ISUID); 1891da177e4SLinus Torvalds } 1901da177e4SLinus Torvalds } 1911da177e4SLinus Torvalds if (ia_valid & ATTR_KILL_SGID) { 1921da177e4SLinus Torvalds if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { 1931da177e4SLinus Torvalds if (!(ia_valid & ATTR_MODE)) { 1941da177e4SLinus Torvalds ia_valid = attr->ia_valid |= ATTR_MODE; 1951da177e4SLinus Torvalds attr->ia_mode = inode->i_mode; 1961da177e4SLinus Torvalds } 1971da177e4SLinus Torvalds attr->ia_mode &= ~S_ISGID; 1981da177e4SLinus Torvalds } 1991da177e4SLinus Torvalds } 2006de0ec00SJeff Layton if (!(attr->ia_valid & ~(ATTR_KILL_SUID | ATTR_KILL_SGID))) 2011da177e4SLinus Torvalds return 0; 2021da177e4SLinus Torvalds 203a77b72daSMiklos Szeredi error = security_inode_setattr(dentry, attr); 204a77b72daSMiklos Szeredi if (error) 205a77b72daSMiklos Szeredi return error; 206a77b72daSMiklos Szeredi 2071da177e4SLinus Torvalds if (ia_valid & ATTR_SIZE) 2081da177e4SLinus Torvalds down_write(&dentry->d_inode->i_alloc_sem); 2091da177e4SLinus Torvalds 2101da177e4SLinus Torvalds if (inode->i_op && inode->i_op->setattr) { 2111da177e4SLinus Torvalds error = inode->i_op->setattr(dentry, attr); 2121da177e4SLinus Torvalds } else { 2131da177e4SLinus Torvalds error = inode_change_ok(inode, attr); 2141da177e4SLinus Torvalds if (!error) 2151da177e4SLinus Torvalds error = inode_setattr(inode, attr); 2161da177e4SLinus Torvalds } 2171da177e4SLinus Torvalds 2181da177e4SLinus Torvalds if (ia_valid & ATTR_SIZE) 2191da177e4SLinus Torvalds up_write(&dentry->d_inode->i_alloc_sem); 2201da177e4SLinus Torvalds 2210eeca283SRobert Love if (!error) 2220eeca283SRobert Love fsnotify_change(dentry, ia_valid); 2230eeca283SRobert Love 2241da177e4SLinus Torvalds return error; 2251da177e4SLinus Torvalds } 2261da177e4SLinus Torvalds 2271da177e4SLinus Torvalds EXPORT_SYMBOL(notify_change); 228