1 /* 2 * linux/fs/fat/file.c 3 * 4 * Written 1992,1993 by Werner Almesberger 5 * 6 * regular file handling primitives for fat-based filesystems 7 */ 8 9 #include <linux/capability.h> 10 #include <linux/module.h> 11 #include <linux/mount.h> 12 #include <linux/time.h> 13 #include <linux/buffer_head.h> 14 #include <linux/writeback.h> 15 #include <linux/backing-dev.h> 16 #include <linux/blkdev.h> 17 #include <linux/fsnotify.h> 18 #include <linux/security.h> 19 #include "fat.h" 20 21 static int fat_ioctl_get_attributes(struct inode *inode, u32 __user *user_attr) 22 { 23 u32 attr; 24 25 mutex_lock(&inode->i_mutex); 26 attr = fat_make_attrs(inode); 27 mutex_unlock(&inode->i_mutex); 28 29 return put_user(attr, user_attr); 30 } 31 32 static int fat_ioctl_set_attributes(struct file *file, u32 __user *user_attr) 33 { 34 struct inode *inode = file->f_path.dentry->d_inode; 35 struct msdos_sb_info *sbi = MSDOS_SB(inode->i_sb); 36 int is_dir = S_ISDIR(inode->i_mode); 37 u32 attr, oldattr; 38 struct iattr ia; 39 int err; 40 41 err = get_user(attr, user_attr); 42 if (err) 43 goto out; 44 45 mutex_lock(&inode->i_mutex); 46 err = mnt_want_write(file->f_path.mnt); 47 if (err) 48 goto out_unlock_inode; 49 50 /* 51 * ATTR_VOLUME and ATTR_DIR cannot be changed; this also 52 * prevents the user from turning us into a VFAT 53 * longname entry. Also, we obviously can't set 54 * any of the NTFS attributes in the high 24 bits. 55 */ 56 attr &= 0xff & ~(ATTR_VOLUME | ATTR_DIR); 57 /* Merge in ATTR_VOLUME and ATTR_DIR */ 58 attr |= (MSDOS_I(inode)->i_attrs & ATTR_VOLUME) | 59 (is_dir ? ATTR_DIR : 0); 60 oldattr = fat_make_attrs(inode); 61 62 /* Equivalent to a chmod() */ 63 ia.ia_valid = ATTR_MODE | ATTR_CTIME; 64 ia.ia_ctime = current_fs_time(inode->i_sb); 65 if (is_dir) 66 ia.ia_mode = fat_make_mode(sbi, attr, S_IRWXUGO); 67 else { 68 ia.ia_mode = fat_make_mode(sbi, attr, 69 S_IRUGO | S_IWUGO | (inode->i_mode & S_IXUGO)); 70 } 71 72 /* The root directory has no attributes */ 73 if (inode->i_ino == MSDOS_ROOT_INO && attr != ATTR_DIR) { 74 err = -EINVAL; 75 goto out_drop_write; 76 } 77 78 if (sbi->options.sys_immutable && 79 ((attr | oldattr) & ATTR_SYS) && 80 !capable(CAP_LINUX_IMMUTABLE)) { 81 err = -EPERM; 82 goto out_drop_write; 83 } 84 85 /* 86 * The security check is questionable... We single 87 * out the RO attribute for checking by the security 88 * module, just because it maps to a file mode. 89 */ 90 err = security_inode_setattr(file->f_path.dentry, &ia); 91 if (err) 92 goto out_drop_write; 93 94 /* This MUST be done before doing anything irreversible... */ 95 err = fat_setattr(file->f_path.dentry, &ia); 96 if (err) 97 goto out_drop_write; 98 99 fsnotify_change(file->f_path.dentry, ia.ia_valid); 100 if (sbi->options.sys_immutable) { 101 if (attr & ATTR_SYS) 102 inode->i_flags |= S_IMMUTABLE; 103 else 104 inode->i_flags &= S_IMMUTABLE; 105 } 106 107 fat_save_attrs(inode, attr); 108 mark_inode_dirty(inode); 109 out_drop_write: 110 mnt_drop_write(file->f_path.mnt); 111 out_unlock_inode: 112 mutex_unlock(&inode->i_mutex); 113 out: 114 return err; 115 } 116 117 int fat_generic_ioctl(struct inode *inode, struct file *filp, 118 unsigned int cmd, unsigned long arg) 119 { 120 u32 __user *user_attr = (u32 __user *)arg; 121 122 switch (cmd) { 123 case FAT_IOCTL_GET_ATTRIBUTES: 124 return fat_ioctl_get_attributes(inode, user_attr); 125 case FAT_IOCTL_SET_ATTRIBUTES: 126 return fat_ioctl_set_attributes(filp, user_attr); 127 default: 128 return -ENOTTY; /* Inappropriate ioctl for device */ 129 } 130 } 131 132 static int fat_file_release(struct inode *inode, struct file *filp) 133 { 134 if ((filp->f_mode & FMODE_WRITE) && 135 MSDOS_SB(inode->i_sb)->options.flush) { 136 fat_flush_inodes(inode->i_sb, inode, NULL); 137 congestion_wait(BLK_RW_ASYNC, HZ/10); 138 } 139 return 0; 140 } 141 142 int fat_file_fsync(struct file *filp, struct dentry *dentry, int datasync) 143 { 144 struct inode *inode = dentry->d_inode; 145 int res, err; 146 147 res = simple_fsync(filp, dentry, datasync); 148 err = sync_mapping_buffers(MSDOS_SB(inode->i_sb)->fat_inode->i_mapping); 149 150 return res ? res : err; 151 } 152 153 154 const struct file_operations fat_file_operations = { 155 .llseek = generic_file_llseek, 156 .read = do_sync_read, 157 .write = do_sync_write, 158 .aio_read = generic_file_aio_read, 159 .aio_write = generic_file_aio_write, 160 .mmap = generic_file_mmap, 161 .release = fat_file_release, 162 .ioctl = fat_generic_ioctl, 163 .fsync = fat_file_fsync, 164 .splice_read = generic_file_splice_read, 165 }; 166 167 static int fat_cont_expand(struct inode *inode, loff_t size) 168 { 169 struct address_space *mapping = inode->i_mapping; 170 loff_t start = inode->i_size, count = size - inode->i_size; 171 int err; 172 173 err = generic_cont_expand_simple(inode, size); 174 if (err) 175 goto out; 176 177 inode->i_ctime = inode->i_mtime = CURRENT_TIME_SEC; 178 mark_inode_dirty(inode); 179 if (IS_SYNC(inode)) 180 err = sync_page_range_nolock(inode, mapping, start, count); 181 out: 182 return err; 183 } 184 185 /* Free all clusters after the skip'th cluster. */ 186 static int fat_free(struct inode *inode, int skip) 187 { 188 struct super_block *sb = inode->i_sb; 189 int err, wait, free_start, i_start, i_logstart; 190 191 if (MSDOS_I(inode)->i_start == 0) 192 return 0; 193 194 fat_cache_inval_inode(inode); 195 196 wait = IS_DIRSYNC(inode); 197 i_start = free_start = MSDOS_I(inode)->i_start; 198 i_logstart = MSDOS_I(inode)->i_logstart; 199 200 /* First, we write the new file size. */ 201 if (!skip) { 202 MSDOS_I(inode)->i_start = 0; 203 MSDOS_I(inode)->i_logstart = 0; 204 } 205 MSDOS_I(inode)->i_attrs |= ATTR_ARCH; 206 inode->i_ctime = inode->i_mtime = CURRENT_TIME_SEC; 207 if (wait) { 208 err = fat_sync_inode(inode); 209 if (err) { 210 MSDOS_I(inode)->i_start = i_start; 211 MSDOS_I(inode)->i_logstart = i_logstart; 212 return err; 213 } 214 } else 215 mark_inode_dirty(inode); 216 217 /* Write a new EOF, and get the remaining cluster chain for freeing. */ 218 if (skip) { 219 struct fat_entry fatent; 220 int ret, fclus, dclus; 221 222 ret = fat_get_cluster(inode, skip - 1, &fclus, &dclus); 223 if (ret < 0) 224 return ret; 225 else if (ret == FAT_ENT_EOF) 226 return 0; 227 228 fatent_init(&fatent); 229 ret = fat_ent_read(inode, &fatent, dclus); 230 if (ret == FAT_ENT_EOF) { 231 fatent_brelse(&fatent); 232 return 0; 233 } else if (ret == FAT_ENT_FREE) { 234 fat_fs_error(sb, 235 "%s: invalid cluster chain (i_pos %lld)", 236 __func__, MSDOS_I(inode)->i_pos); 237 ret = -EIO; 238 } else if (ret > 0) { 239 err = fat_ent_write(inode, &fatent, FAT_ENT_EOF, wait); 240 if (err) 241 ret = err; 242 } 243 fatent_brelse(&fatent); 244 if (ret < 0) 245 return ret; 246 247 free_start = ret; 248 } 249 inode->i_blocks = skip << (MSDOS_SB(sb)->cluster_bits - 9); 250 251 /* Freeing the remained cluster chain */ 252 return fat_free_clusters(inode, free_start); 253 } 254 255 void fat_truncate(struct inode *inode) 256 { 257 struct msdos_sb_info *sbi = MSDOS_SB(inode->i_sb); 258 const unsigned int cluster_size = sbi->cluster_size; 259 int nr_clusters; 260 261 /* 262 * This protects against truncating a file bigger than it was then 263 * trying to write into the hole. 264 */ 265 if (MSDOS_I(inode)->mmu_private > inode->i_size) 266 MSDOS_I(inode)->mmu_private = inode->i_size; 267 268 nr_clusters = (inode->i_size + (cluster_size - 1)) >> sbi->cluster_bits; 269 270 fat_free(inode, nr_clusters); 271 fat_flush_inodes(inode->i_sb, inode, NULL); 272 } 273 274 int fat_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) 275 { 276 struct inode *inode = dentry->d_inode; 277 generic_fillattr(inode, stat); 278 stat->blksize = MSDOS_SB(inode->i_sb)->cluster_size; 279 return 0; 280 } 281 EXPORT_SYMBOL_GPL(fat_getattr); 282 283 static int fat_sanitize_mode(const struct msdos_sb_info *sbi, 284 struct inode *inode, umode_t *mode_ptr) 285 { 286 mode_t mask, perm; 287 288 /* 289 * Note, the basic check is already done by a caller of 290 * (attr->ia_mode & ~FAT_VALID_MODE) 291 */ 292 293 if (S_ISREG(inode->i_mode)) 294 mask = sbi->options.fs_fmask; 295 else 296 mask = sbi->options.fs_dmask; 297 298 perm = *mode_ptr & ~(S_IFMT | mask); 299 300 /* 301 * Of the r and x bits, all (subject to umask) must be present. Of the 302 * w bits, either all (subject to umask) or none must be present. 303 * 304 * If fat_mode_can_hold_ro(inode) is false, can't change w bits. 305 */ 306 if ((perm & (S_IRUGO | S_IXUGO)) != (inode->i_mode & (S_IRUGO|S_IXUGO))) 307 return -EPERM; 308 if (fat_mode_can_hold_ro(inode)) { 309 if ((perm & S_IWUGO) && ((perm & S_IWUGO) != (S_IWUGO & ~mask))) 310 return -EPERM; 311 } else { 312 if ((perm & S_IWUGO) != (S_IWUGO & ~mask)) 313 return -EPERM; 314 } 315 316 *mode_ptr &= S_IFMT | perm; 317 318 return 0; 319 } 320 321 static int fat_allow_set_time(struct msdos_sb_info *sbi, struct inode *inode) 322 { 323 mode_t allow_utime = sbi->options.allow_utime; 324 325 if (current_fsuid() != inode->i_uid) { 326 if (in_group_p(inode->i_gid)) 327 allow_utime >>= 3; 328 if (allow_utime & MAY_WRITE) 329 return 1; 330 } 331 332 /* use a default check */ 333 return 0; 334 } 335 336 #define TIMES_SET_FLAGS (ATTR_MTIME_SET | ATTR_ATIME_SET | ATTR_TIMES_SET) 337 /* valid file mode bits */ 338 #define FAT_VALID_MODE (S_IFREG | S_IFDIR | S_IRWXUGO) 339 340 int fat_setattr(struct dentry *dentry, struct iattr *attr) 341 { 342 struct msdos_sb_info *sbi = MSDOS_SB(dentry->d_sb); 343 struct inode *inode = dentry->d_inode; 344 unsigned int ia_valid; 345 int error; 346 347 /* 348 * Expand the file. Since inode_setattr() updates ->i_size 349 * before calling the ->truncate(), but FAT needs to fill the 350 * hole before it. 351 */ 352 if (attr->ia_valid & ATTR_SIZE) { 353 if (attr->ia_size > inode->i_size) { 354 error = fat_cont_expand(inode, attr->ia_size); 355 if (error || attr->ia_valid == ATTR_SIZE) 356 goto out; 357 attr->ia_valid &= ~ATTR_SIZE; 358 } 359 } 360 361 /* Check for setting the inode time. */ 362 ia_valid = attr->ia_valid; 363 if (ia_valid & TIMES_SET_FLAGS) { 364 if (fat_allow_set_time(sbi, inode)) 365 attr->ia_valid &= ~TIMES_SET_FLAGS; 366 } 367 368 error = inode_change_ok(inode, attr); 369 attr->ia_valid = ia_valid; 370 if (error) { 371 if (sbi->options.quiet) 372 error = 0; 373 goto out; 374 } 375 376 if (((attr->ia_valid & ATTR_UID) && 377 (attr->ia_uid != sbi->options.fs_uid)) || 378 ((attr->ia_valid & ATTR_GID) && 379 (attr->ia_gid != sbi->options.fs_gid)) || 380 ((attr->ia_valid & ATTR_MODE) && 381 (attr->ia_mode & ~FAT_VALID_MODE))) 382 error = -EPERM; 383 384 if (error) { 385 if (sbi->options.quiet) 386 error = 0; 387 goto out; 388 } 389 390 /* 391 * We don't return -EPERM here. Yes, strange, but this is too 392 * old behavior. 393 */ 394 if (attr->ia_valid & ATTR_MODE) { 395 if (fat_sanitize_mode(sbi, inode, &attr->ia_mode) < 0) 396 attr->ia_valid &= ~ATTR_MODE; 397 } 398 399 if (attr->ia_valid) 400 error = inode_setattr(inode, attr); 401 out: 402 return error; 403 } 404 EXPORT_SYMBOL_GPL(fat_setattr); 405 406 const struct inode_operations fat_file_inode_operations = { 407 .truncate = fat_truncate, 408 .setattr = fat_setattr, 409 .getattr = fat_getattr, 410 }; 411