1 // SPDX-License-Identifier: GPL-2.0-only 2 /* 3 * linux/fs/fat/file.c 4 * 5 * Written 1992,1993 by Werner Almesberger 6 * 7 * regular file handling primitives for fat-based filesystems 8 */ 9 10 #include <linux/capability.h> 11 #include <linux/module.h> 12 #include <linux/compat.h> 13 #include <linux/mount.h> 14 #include <linux/blkdev.h> 15 #include <linux/backing-dev.h> 16 #include <linux/fsnotify.h> 17 #include <linux/security.h> 18 #include <linux/falloc.h> 19 #include "fat.h" 20 21 static long fat_fallocate(struct file *file, int mode, 22 loff_t offset, loff_t len); 23 24 static int fat_ioctl_get_attributes(struct inode *inode, u32 __user *user_attr) 25 { 26 u32 attr; 27 28 inode_lock(inode); 29 attr = fat_make_attrs(inode); 30 inode_unlock(inode); 31 32 return put_user(attr, user_attr); 33 } 34 35 static int fat_ioctl_set_attributes(struct file *file, u32 __user *user_attr) 36 { 37 struct inode *inode = file_inode(file); 38 struct msdos_sb_info *sbi = MSDOS_SB(inode->i_sb); 39 int is_dir = S_ISDIR(inode->i_mode); 40 u32 attr, oldattr; 41 struct iattr ia; 42 int err; 43 44 err = get_user(attr, user_attr); 45 if (err) 46 goto out; 47 48 err = mnt_want_write_file(file); 49 if (err) 50 goto out; 51 inode_lock(inode); 52 53 /* 54 * ATTR_VOLUME and ATTR_DIR cannot be changed; this also 55 * prevents the user from turning us into a VFAT 56 * longname entry. Also, we obviously can't set 57 * any of the NTFS attributes in the high 24 bits. 58 */ 59 attr &= 0xff & ~(ATTR_VOLUME | ATTR_DIR); 60 /* Merge in ATTR_VOLUME and ATTR_DIR */ 61 attr |= (MSDOS_I(inode)->i_attrs & ATTR_VOLUME) | 62 (is_dir ? ATTR_DIR : 0); 63 oldattr = fat_make_attrs(inode); 64 65 /* Equivalent to a chmod() */ 66 ia.ia_valid = ATTR_MODE | ATTR_CTIME; 67 ia.ia_ctime = current_time(inode); 68 if (is_dir) 69 ia.ia_mode = fat_make_mode(sbi, attr, S_IRWXUGO); 70 else { 71 ia.ia_mode = fat_make_mode(sbi, attr, 72 S_IRUGO | S_IWUGO | (inode->i_mode & S_IXUGO)); 73 } 74 75 /* The root directory has no attributes */ 76 if (inode->i_ino == MSDOS_ROOT_INO && attr != ATTR_DIR) { 77 err = -EINVAL; 78 goto out_unlock_inode; 79 } 80 81 if (sbi->options.sys_immutable && 82 ((attr | oldattr) & ATTR_SYS) && 83 !capable(CAP_LINUX_IMMUTABLE)) { 84 err = -EPERM; 85 goto out_unlock_inode; 86 } 87 88 /* 89 * The security check is questionable... We single 90 * out the RO attribute for checking by the security 91 * module, just because it maps to a file mode. 92 */ 93 err = security_inode_setattr(file->f_path.dentry, &ia); 94 if (err) 95 goto out_unlock_inode; 96 97 /* This MUST be done before doing anything irreversible... */ 98 err = fat_setattr(file->f_path.dentry, &ia); 99 if (err) 100 goto out_unlock_inode; 101 102 fsnotify_change(file->f_path.dentry, ia.ia_valid); 103 if (sbi->options.sys_immutable) { 104 if (attr & ATTR_SYS) 105 inode->i_flags |= S_IMMUTABLE; 106 else 107 inode->i_flags &= ~S_IMMUTABLE; 108 } 109 110 fat_save_attrs(inode, attr); 111 mark_inode_dirty(inode); 112 out_unlock_inode: 113 inode_unlock(inode); 114 mnt_drop_write_file(file); 115 out: 116 return err; 117 } 118 119 static int fat_ioctl_get_volume_id(struct inode *inode, u32 __user *user_attr) 120 { 121 struct msdos_sb_info *sbi = MSDOS_SB(inode->i_sb); 122 return put_user(sbi->vol_id, user_attr); 123 } 124 125 static int fat_ioctl_fitrim(struct inode *inode, unsigned long arg) 126 { 127 struct super_block *sb = inode->i_sb; 128 struct fstrim_range __user *user_range; 129 struct fstrim_range range; 130 struct request_queue *q = bdev_get_queue(sb->s_bdev); 131 int err; 132 133 if (!capable(CAP_SYS_ADMIN)) 134 return -EPERM; 135 136 if (!blk_queue_discard(q)) 137 return -EOPNOTSUPP; 138 139 user_range = (struct fstrim_range __user *)arg; 140 if (copy_from_user(&range, user_range, sizeof(range))) 141 return -EFAULT; 142 143 range.minlen = max_t(unsigned int, range.minlen, 144 q->limits.discard_granularity); 145 146 err = fat_trim_fs(inode, &range); 147 if (err < 0) 148 return err; 149 150 if (copy_to_user(user_range, &range, sizeof(range))) 151 return -EFAULT; 152 153 return 0; 154 } 155 156 long fat_generic_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 157 { 158 struct inode *inode = file_inode(filp); 159 u32 __user *user_attr = (u32 __user *)arg; 160 161 switch (cmd) { 162 case FAT_IOCTL_GET_ATTRIBUTES: 163 return fat_ioctl_get_attributes(inode, user_attr); 164 case FAT_IOCTL_SET_ATTRIBUTES: 165 return fat_ioctl_set_attributes(filp, user_attr); 166 case FAT_IOCTL_GET_VOLUME_ID: 167 return fat_ioctl_get_volume_id(inode, user_attr); 168 case FITRIM: 169 return fat_ioctl_fitrim(inode, arg); 170 default: 171 return -ENOTTY; /* Inappropriate ioctl for device */ 172 } 173 } 174 175 #ifdef CONFIG_COMPAT 176 static long fat_generic_compat_ioctl(struct file *filp, unsigned int cmd, 177 unsigned long arg) 178 179 { 180 return fat_generic_ioctl(filp, cmd, (unsigned long)compat_ptr(arg)); 181 } 182 #endif 183 184 static int fat_file_release(struct inode *inode, struct file *filp) 185 { 186 if ((filp->f_mode & FMODE_WRITE) && 187 MSDOS_SB(inode->i_sb)->options.flush) { 188 fat_flush_inodes(inode->i_sb, inode, NULL); 189 congestion_wait(BLK_RW_ASYNC, HZ/10); 190 } 191 return 0; 192 } 193 194 int fat_file_fsync(struct file *filp, loff_t start, loff_t end, int datasync) 195 { 196 struct inode *inode = filp->f_mapping->host; 197 int err; 198 199 err = __generic_file_fsync(filp, start, end, datasync); 200 if (err) 201 return err; 202 203 err = sync_mapping_buffers(MSDOS_SB(inode->i_sb)->fat_inode->i_mapping); 204 if (err) 205 return err; 206 207 return blkdev_issue_flush(inode->i_sb->s_bdev, GFP_KERNEL, NULL); 208 } 209 210 211 const struct file_operations fat_file_operations = { 212 .llseek = generic_file_llseek, 213 .read_iter = generic_file_read_iter, 214 .write_iter = generic_file_write_iter, 215 .mmap = generic_file_mmap, 216 .release = fat_file_release, 217 .unlocked_ioctl = fat_generic_ioctl, 218 #ifdef CONFIG_COMPAT 219 .compat_ioctl = fat_generic_compat_ioctl, 220 #endif 221 .fsync = fat_file_fsync, 222 .splice_read = generic_file_splice_read, 223 .splice_write = iter_file_splice_write, 224 .fallocate = fat_fallocate, 225 }; 226 227 static int fat_cont_expand(struct inode *inode, loff_t size) 228 { 229 struct address_space *mapping = inode->i_mapping; 230 loff_t start = inode->i_size, count = size - inode->i_size; 231 int err; 232 233 err = generic_cont_expand_simple(inode, size); 234 if (err) 235 goto out; 236 237 fat_truncate_time(inode, NULL, S_CTIME|S_MTIME); 238 mark_inode_dirty(inode); 239 if (IS_SYNC(inode)) { 240 int err2; 241 242 /* 243 * Opencode syncing since we don't have a file open to use 244 * standard fsync path. 245 */ 246 err = filemap_fdatawrite_range(mapping, start, 247 start + count - 1); 248 err2 = sync_mapping_buffers(mapping); 249 if (!err) 250 err = err2; 251 err2 = write_inode_now(inode, 1); 252 if (!err) 253 err = err2; 254 if (!err) { 255 err = filemap_fdatawait_range(mapping, start, 256 start + count - 1); 257 } 258 } 259 out: 260 return err; 261 } 262 263 /* 264 * Preallocate space for a file. This implements fat's fallocate file 265 * operation, which gets called from sys_fallocate system call. User 266 * space requests len bytes at offset. If FALLOC_FL_KEEP_SIZE is set 267 * we just allocate clusters without zeroing them out. Otherwise we 268 * allocate and zero out clusters via an expanding truncate. 269 */ 270 static long fat_fallocate(struct file *file, int mode, 271 loff_t offset, loff_t len) 272 { 273 int nr_cluster; /* Number of clusters to be allocated */ 274 loff_t mm_bytes; /* Number of bytes to be allocated for file */ 275 loff_t ondisksize; /* block aligned on-disk size in bytes*/ 276 struct inode *inode = file->f_mapping->host; 277 struct super_block *sb = inode->i_sb; 278 struct msdos_sb_info *sbi = MSDOS_SB(sb); 279 int err = 0; 280 281 /* No support for hole punch or other fallocate flags. */ 282 if (mode & ~FALLOC_FL_KEEP_SIZE) 283 return -EOPNOTSUPP; 284 285 /* No support for dir */ 286 if (!S_ISREG(inode->i_mode)) 287 return -EOPNOTSUPP; 288 289 inode_lock(inode); 290 if (mode & FALLOC_FL_KEEP_SIZE) { 291 ondisksize = inode->i_blocks << 9; 292 if ((offset + len) <= ondisksize) 293 goto error; 294 295 /* First compute the number of clusters to be allocated */ 296 mm_bytes = offset + len - ondisksize; 297 nr_cluster = (mm_bytes + (sbi->cluster_size - 1)) >> 298 sbi->cluster_bits; 299 300 /* Start the allocation.We are not zeroing out the clusters */ 301 while (nr_cluster-- > 0) { 302 err = fat_add_cluster(inode); 303 if (err) 304 goto error; 305 } 306 } else { 307 if ((offset + len) <= i_size_read(inode)) 308 goto error; 309 310 /* This is just an expanding truncate */ 311 err = fat_cont_expand(inode, (offset + len)); 312 } 313 314 error: 315 inode_unlock(inode); 316 return err; 317 } 318 319 /* Free all clusters after the skip'th cluster. */ 320 static int fat_free(struct inode *inode, int skip) 321 { 322 struct super_block *sb = inode->i_sb; 323 int err, wait, free_start, i_start, i_logstart; 324 325 if (MSDOS_I(inode)->i_start == 0) 326 return 0; 327 328 fat_cache_inval_inode(inode); 329 330 wait = IS_DIRSYNC(inode); 331 i_start = free_start = MSDOS_I(inode)->i_start; 332 i_logstart = MSDOS_I(inode)->i_logstart; 333 334 /* First, we write the new file size. */ 335 if (!skip) { 336 MSDOS_I(inode)->i_start = 0; 337 MSDOS_I(inode)->i_logstart = 0; 338 } 339 MSDOS_I(inode)->i_attrs |= ATTR_ARCH; 340 fat_truncate_time(inode, NULL, S_CTIME|S_MTIME); 341 if (wait) { 342 err = fat_sync_inode(inode); 343 if (err) { 344 MSDOS_I(inode)->i_start = i_start; 345 MSDOS_I(inode)->i_logstart = i_logstart; 346 return err; 347 } 348 } else 349 mark_inode_dirty(inode); 350 351 /* Write a new EOF, and get the remaining cluster chain for freeing. */ 352 if (skip) { 353 struct fat_entry fatent; 354 int ret, fclus, dclus; 355 356 ret = fat_get_cluster(inode, skip - 1, &fclus, &dclus); 357 if (ret < 0) 358 return ret; 359 else if (ret == FAT_ENT_EOF) 360 return 0; 361 362 fatent_init(&fatent); 363 ret = fat_ent_read(inode, &fatent, dclus); 364 if (ret == FAT_ENT_EOF) { 365 fatent_brelse(&fatent); 366 return 0; 367 } else if (ret == FAT_ENT_FREE) { 368 fat_fs_error(sb, 369 "%s: invalid cluster chain (i_pos %lld)", 370 __func__, MSDOS_I(inode)->i_pos); 371 ret = -EIO; 372 } else if (ret > 0) { 373 err = fat_ent_write(inode, &fatent, FAT_ENT_EOF, wait); 374 if (err) 375 ret = err; 376 } 377 fatent_brelse(&fatent); 378 if (ret < 0) 379 return ret; 380 381 free_start = ret; 382 } 383 inode->i_blocks = skip << (MSDOS_SB(sb)->cluster_bits - 9); 384 385 /* Freeing the remained cluster chain */ 386 return fat_free_clusters(inode, free_start); 387 } 388 389 void fat_truncate_blocks(struct inode *inode, loff_t offset) 390 { 391 struct msdos_sb_info *sbi = MSDOS_SB(inode->i_sb); 392 const unsigned int cluster_size = sbi->cluster_size; 393 int nr_clusters; 394 395 /* 396 * This protects against truncating a file bigger than it was then 397 * trying to write into the hole. 398 */ 399 if (MSDOS_I(inode)->mmu_private > offset) 400 MSDOS_I(inode)->mmu_private = offset; 401 402 nr_clusters = (offset + (cluster_size - 1)) >> sbi->cluster_bits; 403 404 fat_free(inode, nr_clusters); 405 fat_flush_inodes(inode->i_sb, inode, NULL); 406 } 407 408 int fat_getattr(const struct path *path, struct kstat *stat, 409 u32 request_mask, unsigned int flags) 410 { 411 struct inode *inode = d_inode(path->dentry); 412 generic_fillattr(inode, stat); 413 stat->blksize = MSDOS_SB(inode->i_sb)->cluster_size; 414 415 if (MSDOS_SB(inode->i_sb)->options.nfs == FAT_NFS_NOSTALE_RO) { 416 /* Use i_pos for ino. This is used as fileid of nfs. */ 417 stat->ino = fat_i_pos_read(MSDOS_SB(inode->i_sb), inode); 418 } 419 return 0; 420 } 421 EXPORT_SYMBOL_GPL(fat_getattr); 422 423 static int fat_sanitize_mode(const struct msdos_sb_info *sbi, 424 struct inode *inode, umode_t *mode_ptr) 425 { 426 umode_t mask, perm; 427 428 /* 429 * Note, the basic check is already done by a caller of 430 * (attr->ia_mode & ~FAT_VALID_MODE) 431 */ 432 433 if (S_ISREG(inode->i_mode)) 434 mask = sbi->options.fs_fmask; 435 else 436 mask = sbi->options.fs_dmask; 437 438 perm = *mode_ptr & ~(S_IFMT | mask); 439 440 /* 441 * Of the r and x bits, all (subject to umask) must be present. Of the 442 * w bits, either all (subject to umask) or none must be present. 443 * 444 * If fat_mode_can_hold_ro(inode) is false, can't change w bits. 445 */ 446 if ((perm & (S_IRUGO | S_IXUGO)) != (inode->i_mode & (S_IRUGO|S_IXUGO))) 447 return -EPERM; 448 if (fat_mode_can_hold_ro(inode)) { 449 if ((perm & S_IWUGO) && ((perm & S_IWUGO) != (S_IWUGO & ~mask))) 450 return -EPERM; 451 } else { 452 if ((perm & S_IWUGO) != (S_IWUGO & ~mask)) 453 return -EPERM; 454 } 455 456 *mode_ptr &= S_IFMT | perm; 457 458 return 0; 459 } 460 461 static int fat_allow_set_time(struct msdos_sb_info *sbi, struct inode *inode) 462 { 463 umode_t allow_utime = sbi->options.allow_utime; 464 465 if (!uid_eq(current_fsuid(), inode->i_uid)) { 466 if (in_group_p(inode->i_gid)) 467 allow_utime >>= 3; 468 if (allow_utime & MAY_WRITE) 469 return 1; 470 } 471 472 /* use a default check */ 473 return 0; 474 } 475 476 #define TIMES_SET_FLAGS (ATTR_MTIME_SET | ATTR_ATIME_SET | ATTR_TIMES_SET) 477 /* valid file mode bits */ 478 #define FAT_VALID_MODE (S_IFREG | S_IFDIR | S_IRWXUGO) 479 480 int fat_setattr(struct dentry *dentry, struct iattr *attr) 481 { 482 struct msdos_sb_info *sbi = MSDOS_SB(dentry->d_sb); 483 struct inode *inode = d_inode(dentry); 484 unsigned int ia_valid; 485 int error; 486 487 /* Check for setting the inode time. */ 488 ia_valid = attr->ia_valid; 489 if (ia_valid & TIMES_SET_FLAGS) { 490 if (fat_allow_set_time(sbi, inode)) 491 attr->ia_valid &= ~TIMES_SET_FLAGS; 492 } 493 494 error = setattr_prepare(dentry, attr); 495 attr->ia_valid = ia_valid; 496 if (error) { 497 if (sbi->options.quiet) 498 error = 0; 499 goto out; 500 } 501 502 /* 503 * Expand the file. Since inode_setattr() updates ->i_size 504 * before calling the ->truncate(), but FAT needs to fill the 505 * hole before it. XXX: this is no longer true with new truncate 506 * sequence. 507 */ 508 if (attr->ia_valid & ATTR_SIZE) { 509 inode_dio_wait(inode); 510 511 if (attr->ia_size > inode->i_size) { 512 error = fat_cont_expand(inode, attr->ia_size); 513 if (error || attr->ia_valid == ATTR_SIZE) 514 goto out; 515 attr->ia_valid &= ~ATTR_SIZE; 516 } 517 } 518 519 if (((attr->ia_valid & ATTR_UID) && 520 (!uid_eq(attr->ia_uid, sbi->options.fs_uid))) || 521 ((attr->ia_valid & ATTR_GID) && 522 (!gid_eq(attr->ia_gid, sbi->options.fs_gid))) || 523 ((attr->ia_valid & ATTR_MODE) && 524 (attr->ia_mode & ~FAT_VALID_MODE))) 525 error = -EPERM; 526 527 if (error) { 528 if (sbi->options.quiet) 529 error = 0; 530 goto out; 531 } 532 533 /* 534 * We don't return -EPERM here. Yes, strange, but this is too 535 * old behavior. 536 */ 537 if (attr->ia_valid & ATTR_MODE) { 538 if (fat_sanitize_mode(sbi, inode, &attr->ia_mode) < 0) 539 attr->ia_valid &= ~ATTR_MODE; 540 } 541 542 if (attr->ia_valid & ATTR_SIZE) { 543 error = fat_block_truncate_page(inode, attr->ia_size); 544 if (error) 545 goto out; 546 down_write(&MSDOS_I(inode)->truncate_lock); 547 truncate_setsize(inode, attr->ia_size); 548 fat_truncate_blocks(inode, attr->ia_size); 549 up_write(&MSDOS_I(inode)->truncate_lock); 550 } 551 552 /* 553 * setattr_copy can't truncate these appropriately, so we'll 554 * copy them ourselves 555 */ 556 if (attr->ia_valid & ATTR_ATIME) 557 fat_truncate_time(inode, &attr->ia_atime, S_ATIME); 558 if (attr->ia_valid & ATTR_CTIME) 559 fat_truncate_time(inode, &attr->ia_ctime, S_CTIME); 560 if (attr->ia_valid & ATTR_MTIME) 561 fat_truncate_time(inode, &attr->ia_mtime, S_MTIME); 562 attr->ia_valid &= ~(ATTR_ATIME|ATTR_CTIME|ATTR_MTIME); 563 564 setattr_copy(inode, attr); 565 mark_inode_dirty(inode); 566 out: 567 return error; 568 } 569 EXPORT_SYMBOL_GPL(fat_setattr); 570 571 const struct inode_operations fat_file_inode_operations = { 572 .setattr = fat_setattr, 573 .getattr = fat_getattr, 574 .update_time = fat_update_time, 575 }; 576