1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ioctl.c 4 * 5 * Copyright (C) 1991, 1992 Linus Torvalds 6 */ 7 8 #include <linux/syscalls.h> 9 #include <linux/mm.h> 10 #include <linux/capability.h> 11 #include <linux/compat.h> 12 #include <linux/file.h> 13 #include <linux/fs.h> 14 #include <linux/security.h> 15 #include <linux/export.h> 16 #include <linux/uaccess.h> 17 #include <linux/writeback.h> 18 #include <linux/buffer_head.h> 19 #include <linux/falloc.h> 20 #include <linux/sched/signal.h> 21 22 #include "internal.h" 23 24 #include <asm/ioctls.h> 25 26 /* So that the fiemap access checks can't overflow on 32 bit machines. */ 27 #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent)) 28 29 /** 30 * vfs_ioctl - call filesystem specific ioctl methods 31 * @filp: open file to invoke ioctl method on 32 * @cmd: ioctl command to execute 33 * @arg: command-specific argument for ioctl 34 * 35 * Invokes filesystem specific ->unlocked_ioctl, if one exists; otherwise 36 * returns -ENOTTY. 37 * 38 * Returns 0 on success, -errno on error. 39 */ 40 long vfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 41 { 42 int error = -ENOTTY; 43 44 if (!filp->f_op->unlocked_ioctl) 45 goto out; 46 47 error = filp->f_op->unlocked_ioctl(filp, cmd, arg); 48 if (error == -ENOIOCTLCMD) 49 error = -ENOTTY; 50 out: 51 return error; 52 } 53 EXPORT_SYMBOL(vfs_ioctl); 54 55 static int ioctl_fibmap(struct file *filp, int __user *p) 56 { 57 struct inode *inode = file_inode(filp); 58 int error, ur_block; 59 sector_t block; 60 61 if (!capable(CAP_SYS_RAWIO)) 62 return -EPERM; 63 64 error = get_user(ur_block, p); 65 if (error) 66 return error; 67 68 if (ur_block < 0) 69 return -EINVAL; 70 71 block = ur_block; 72 error = bmap(inode, &block); 73 74 if (error) 75 ur_block = 0; 76 else 77 ur_block = block; 78 79 if (put_user(ur_block, p)) 80 error = -EFAULT; 81 82 return error; 83 } 84 85 /** 86 * fiemap_fill_next_extent - Fiemap helper function 87 * @fieinfo: Fiemap context passed into ->fiemap 88 * @logical: Extent logical start offset, in bytes 89 * @phys: Extent physical start offset, in bytes 90 * @len: Extent length, in bytes 91 * @flags: FIEMAP_EXTENT flags that describe this extent 92 * 93 * Called from file system ->fiemap callback. Will populate extent 94 * info as passed in via arguments and copy to user memory. On 95 * success, extent count on fieinfo is incremented. 96 * 97 * Returns 0 on success, -errno on error, 1 if this was the last 98 * extent that will fit in user array. 99 */ 100 #define SET_UNKNOWN_FLAGS (FIEMAP_EXTENT_DELALLOC) 101 #define SET_NO_UNMOUNTED_IO_FLAGS (FIEMAP_EXTENT_DATA_ENCRYPTED) 102 #define SET_NOT_ALIGNED_FLAGS (FIEMAP_EXTENT_DATA_TAIL|FIEMAP_EXTENT_DATA_INLINE) 103 int fiemap_fill_next_extent(struct fiemap_extent_info *fieinfo, u64 logical, 104 u64 phys, u64 len, u32 flags) 105 { 106 struct fiemap_extent extent; 107 struct fiemap_extent __user *dest = fieinfo->fi_extents_start; 108 109 /* only count the extents */ 110 if (fieinfo->fi_extents_max == 0) { 111 fieinfo->fi_extents_mapped++; 112 return (flags & FIEMAP_EXTENT_LAST) ? 1 : 0; 113 } 114 115 if (fieinfo->fi_extents_mapped >= fieinfo->fi_extents_max) 116 return 1; 117 118 if (flags & SET_UNKNOWN_FLAGS) 119 flags |= FIEMAP_EXTENT_UNKNOWN; 120 if (flags & SET_NO_UNMOUNTED_IO_FLAGS) 121 flags |= FIEMAP_EXTENT_ENCODED; 122 if (flags & SET_NOT_ALIGNED_FLAGS) 123 flags |= FIEMAP_EXTENT_NOT_ALIGNED; 124 125 memset(&extent, 0, sizeof(extent)); 126 extent.fe_logical = logical; 127 extent.fe_physical = phys; 128 extent.fe_length = len; 129 extent.fe_flags = flags; 130 131 dest += fieinfo->fi_extents_mapped; 132 if (copy_to_user(dest, &extent, sizeof(extent))) 133 return -EFAULT; 134 135 fieinfo->fi_extents_mapped++; 136 if (fieinfo->fi_extents_mapped == fieinfo->fi_extents_max) 137 return 1; 138 return (flags & FIEMAP_EXTENT_LAST) ? 1 : 0; 139 } 140 EXPORT_SYMBOL(fiemap_fill_next_extent); 141 142 /** 143 * fiemap_check_flags - check validity of requested flags for fiemap 144 * @fieinfo: Fiemap context passed into ->fiemap 145 * @fs_flags: Set of fiemap flags that the file system understands 146 * 147 * Called from file system ->fiemap callback. This will compute the 148 * intersection of valid fiemap flags and those that the fs supports. That 149 * value is then compared against the user supplied flags. In case of bad user 150 * flags, the invalid values will be written into the fieinfo structure, and 151 * -EBADR is returned, which tells ioctl_fiemap() to return those values to 152 * userspace. For this reason, a return code of -EBADR should be preserved. 153 * 154 * Returns 0 on success, -EBADR on bad flags. 155 */ 156 int fiemap_check_flags(struct fiemap_extent_info *fieinfo, u32 fs_flags) 157 { 158 u32 incompat_flags; 159 160 incompat_flags = fieinfo->fi_flags & ~(FIEMAP_FLAGS_COMPAT & fs_flags); 161 if (incompat_flags) { 162 fieinfo->fi_flags = incompat_flags; 163 return -EBADR; 164 } 165 return 0; 166 } 167 EXPORT_SYMBOL(fiemap_check_flags); 168 169 static int fiemap_check_ranges(struct super_block *sb, 170 u64 start, u64 len, u64 *new_len) 171 { 172 u64 maxbytes = (u64) sb->s_maxbytes; 173 174 *new_len = len; 175 176 if (len == 0) 177 return -EINVAL; 178 179 if (start > maxbytes) 180 return -EFBIG; 181 182 /* 183 * Shrink request scope to what the fs can actually handle. 184 */ 185 if (len > maxbytes || (maxbytes - len) < start) 186 *new_len = maxbytes - start; 187 188 return 0; 189 } 190 191 static int ioctl_fiemap(struct file *filp, struct fiemap __user *ufiemap) 192 { 193 struct fiemap fiemap; 194 struct fiemap_extent_info fieinfo = { 0, }; 195 struct inode *inode = file_inode(filp); 196 struct super_block *sb = inode->i_sb; 197 u64 len; 198 int error; 199 200 if (!inode->i_op->fiemap) 201 return -EOPNOTSUPP; 202 203 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap))) 204 return -EFAULT; 205 206 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS) 207 return -EINVAL; 208 209 error = fiemap_check_ranges(sb, fiemap.fm_start, fiemap.fm_length, 210 &len); 211 if (error) 212 return error; 213 214 fieinfo.fi_flags = fiemap.fm_flags; 215 fieinfo.fi_extents_max = fiemap.fm_extent_count; 216 fieinfo.fi_extents_start = ufiemap->fm_extents; 217 218 if (fiemap.fm_extent_count != 0 && 219 !access_ok(fieinfo.fi_extents_start, 220 fieinfo.fi_extents_max * sizeof(struct fiemap_extent))) 221 return -EFAULT; 222 223 if (fieinfo.fi_flags & FIEMAP_FLAG_SYNC) 224 filemap_write_and_wait(inode->i_mapping); 225 226 error = inode->i_op->fiemap(inode, &fieinfo, fiemap.fm_start, len); 227 fiemap.fm_flags = fieinfo.fi_flags; 228 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped; 229 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap))) 230 error = -EFAULT; 231 232 return error; 233 } 234 235 static long ioctl_file_clone(struct file *dst_file, unsigned long srcfd, 236 u64 off, u64 olen, u64 destoff) 237 { 238 struct fd src_file = fdget(srcfd); 239 loff_t cloned; 240 int ret; 241 242 if (!src_file.file) 243 return -EBADF; 244 ret = -EXDEV; 245 if (src_file.file->f_path.mnt != dst_file->f_path.mnt) 246 goto fdput; 247 cloned = vfs_clone_file_range(src_file.file, off, dst_file, destoff, 248 olen, 0); 249 if (cloned < 0) 250 ret = cloned; 251 else if (olen && cloned != olen) 252 ret = -EINVAL; 253 else 254 ret = 0; 255 fdput: 256 fdput(src_file); 257 return ret; 258 } 259 260 static long ioctl_file_clone_range(struct file *file, 261 struct file_clone_range __user *argp) 262 { 263 struct file_clone_range args; 264 265 if (copy_from_user(&args, argp, sizeof(args))) 266 return -EFAULT; 267 return ioctl_file_clone(file, args.src_fd, args.src_offset, 268 args.src_length, args.dest_offset); 269 } 270 271 #ifdef CONFIG_BLOCK 272 273 static inline sector_t logical_to_blk(struct inode *inode, loff_t offset) 274 { 275 return (offset >> inode->i_blkbits); 276 } 277 278 static inline loff_t blk_to_logical(struct inode *inode, sector_t blk) 279 { 280 return (blk << inode->i_blkbits); 281 } 282 283 /** 284 * __generic_block_fiemap - FIEMAP for block based inodes (no locking) 285 * @inode: the inode to map 286 * @fieinfo: the fiemap info struct that will be passed back to userspace 287 * @start: where to start mapping in the inode 288 * @len: how much space to map 289 * @get_block: the fs's get_block function 290 * 291 * This does FIEMAP for block based inodes. Basically it will just loop 292 * through get_block until we hit the number of extents we want to map, or we 293 * go past the end of the file and hit a hole. 294 * 295 * If it is possible to have data blocks beyond a hole past @inode->i_size, then 296 * please do not use this function, it will stop at the first unmapped block 297 * beyond i_size. 298 * 299 * If you use this function directly, you need to do your own locking. Use 300 * generic_block_fiemap if you want the locking done for you. 301 */ 302 303 int __generic_block_fiemap(struct inode *inode, 304 struct fiemap_extent_info *fieinfo, loff_t start, 305 loff_t len, get_block_t *get_block) 306 { 307 struct buffer_head map_bh; 308 sector_t start_blk, last_blk; 309 loff_t isize = i_size_read(inode); 310 u64 logical = 0, phys = 0, size = 0; 311 u32 flags = FIEMAP_EXTENT_MERGED; 312 bool past_eof = false, whole_file = false; 313 int ret = 0; 314 315 ret = fiemap_check_flags(fieinfo, FIEMAP_FLAG_SYNC); 316 if (ret) 317 return ret; 318 319 /* 320 * Either the i_mutex or other appropriate locking needs to be held 321 * since we expect isize to not change at all through the duration of 322 * this call. 323 */ 324 if (len >= isize) { 325 whole_file = true; 326 len = isize; 327 } 328 329 /* 330 * Some filesystems can't deal with being asked to map less than 331 * blocksize, so make sure our len is at least block length. 332 */ 333 if (logical_to_blk(inode, len) == 0) 334 len = blk_to_logical(inode, 1); 335 336 start_blk = logical_to_blk(inode, start); 337 last_blk = logical_to_blk(inode, start + len - 1); 338 339 do { 340 /* 341 * we set b_size to the total size we want so it will map as 342 * many contiguous blocks as possible at once 343 */ 344 memset(&map_bh, 0, sizeof(struct buffer_head)); 345 map_bh.b_size = len; 346 347 ret = get_block(inode, start_blk, &map_bh, 0); 348 if (ret) 349 break; 350 351 /* HOLE */ 352 if (!buffer_mapped(&map_bh)) { 353 start_blk++; 354 355 /* 356 * We want to handle the case where there is an 357 * allocated block at the front of the file, and then 358 * nothing but holes up to the end of the file properly, 359 * to make sure that extent at the front gets properly 360 * marked with FIEMAP_EXTENT_LAST 361 */ 362 if (!past_eof && 363 blk_to_logical(inode, start_blk) >= isize) 364 past_eof = 1; 365 366 /* 367 * First hole after going past the EOF, this is our 368 * last extent 369 */ 370 if (past_eof && size) { 371 flags = FIEMAP_EXTENT_MERGED|FIEMAP_EXTENT_LAST; 372 ret = fiemap_fill_next_extent(fieinfo, logical, 373 phys, size, 374 flags); 375 } else if (size) { 376 ret = fiemap_fill_next_extent(fieinfo, logical, 377 phys, size, flags); 378 size = 0; 379 } 380 381 /* if we have holes up to/past EOF then we're done */ 382 if (start_blk > last_blk || past_eof || ret) 383 break; 384 } else { 385 /* 386 * We have gone over the length of what we wanted to 387 * map, and it wasn't the entire file, so add the extent 388 * we got last time and exit. 389 * 390 * This is for the case where say we want to map all the 391 * way up to the second to the last block in a file, but 392 * the last block is a hole, making the second to last 393 * block FIEMAP_EXTENT_LAST. In this case we want to 394 * see if there is a hole after the second to last block 395 * so we can mark it properly. If we found data after 396 * we exceeded the length we were requesting, then we 397 * are good to go, just add the extent to the fieinfo 398 * and break 399 */ 400 if (start_blk > last_blk && !whole_file) { 401 ret = fiemap_fill_next_extent(fieinfo, logical, 402 phys, size, 403 flags); 404 break; 405 } 406 407 /* 408 * if size != 0 then we know we already have an extent 409 * to add, so add it. 410 */ 411 if (size) { 412 ret = fiemap_fill_next_extent(fieinfo, logical, 413 phys, size, 414 flags); 415 if (ret) 416 break; 417 } 418 419 logical = blk_to_logical(inode, start_blk); 420 phys = blk_to_logical(inode, map_bh.b_blocknr); 421 size = map_bh.b_size; 422 flags = FIEMAP_EXTENT_MERGED; 423 424 start_blk += logical_to_blk(inode, size); 425 426 /* 427 * If we are past the EOF, then we need to make sure as 428 * soon as we find a hole that the last extent we found 429 * is marked with FIEMAP_EXTENT_LAST 430 */ 431 if (!past_eof && logical + size >= isize) 432 past_eof = true; 433 } 434 cond_resched(); 435 if (fatal_signal_pending(current)) { 436 ret = -EINTR; 437 break; 438 } 439 440 } while (1); 441 442 /* If ret is 1 then we just hit the end of the extent array */ 443 if (ret == 1) 444 ret = 0; 445 446 return ret; 447 } 448 EXPORT_SYMBOL(__generic_block_fiemap); 449 450 /** 451 * generic_block_fiemap - FIEMAP for block based inodes 452 * @inode: The inode to map 453 * @fieinfo: The mapping information 454 * @start: The initial block to map 455 * @len: The length of the extect to attempt to map 456 * @get_block: The block mapping function for the fs 457 * 458 * Calls __generic_block_fiemap to map the inode, after taking 459 * the inode's mutex lock. 460 */ 461 462 int generic_block_fiemap(struct inode *inode, 463 struct fiemap_extent_info *fieinfo, u64 start, 464 u64 len, get_block_t *get_block) 465 { 466 int ret; 467 inode_lock(inode); 468 ret = __generic_block_fiemap(inode, fieinfo, start, len, get_block); 469 inode_unlock(inode); 470 return ret; 471 } 472 EXPORT_SYMBOL(generic_block_fiemap); 473 474 #endif /* CONFIG_BLOCK */ 475 476 /* 477 * This provides compatibility with legacy XFS pre-allocation ioctls 478 * which predate the fallocate syscall. 479 * 480 * Only the l_start, l_len and l_whence fields of the 'struct space_resv' 481 * are used here, rest are ignored. 482 */ 483 static int ioctl_preallocate(struct file *filp, int mode, void __user *argp) 484 { 485 struct inode *inode = file_inode(filp); 486 struct space_resv sr; 487 488 if (copy_from_user(&sr, argp, sizeof(sr))) 489 return -EFAULT; 490 491 switch (sr.l_whence) { 492 case SEEK_SET: 493 break; 494 case SEEK_CUR: 495 sr.l_start += filp->f_pos; 496 break; 497 case SEEK_END: 498 sr.l_start += i_size_read(inode); 499 break; 500 default: 501 return -EINVAL; 502 } 503 504 return vfs_fallocate(filp, mode | FALLOC_FL_KEEP_SIZE, sr.l_start, 505 sr.l_len); 506 } 507 508 /* on ia32 l_start is on a 32-bit boundary */ 509 #if defined CONFIG_COMPAT && defined(CONFIG_X86_64) 510 /* just account for different alignment */ 511 static int compat_ioctl_preallocate(struct file *file, int mode, 512 struct space_resv_32 __user *argp) 513 { 514 struct inode *inode = file_inode(file); 515 struct space_resv_32 sr; 516 517 if (copy_from_user(&sr, argp, sizeof(sr))) 518 return -EFAULT; 519 520 switch (sr.l_whence) { 521 case SEEK_SET: 522 break; 523 case SEEK_CUR: 524 sr.l_start += file->f_pos; 525 break; 526 case SEEK_END: 527 sr.l_start += i_size_read(inode); 528 break; 529 default: 530 return -EINVAL; 531 } 532 533 return vfs_fallocate(file, mode | FALLOC_FL_KEEP_SIZE, sr.l_start, sr.l_len); 534 } 535 #endif 536 537 static int file_ioctl(struct file *filp, unsigned int cmd, int __user *p) 538 { 539 switch (cmd) { 540 case FIBMAP: 541 return ioctl_fibmap(filp, p); 542 case FS_IOC_RESVSP: 543 case FS_IOC_RESVSP64: 544 return ioctl_preallocate(filp, 0, p); 545 case FS_IOC_UNRESVSP: 546 case FS_IOC_UNRESVSP64: 547 return ioctl_preallocate(filp, FALLOC_FL_PUNCH_HOLE, p); 548 case FS_IOC_ZERO_RANGE: 549 return ioctl_preallocate(filp, FALLOC_FL_ZERO_RANGE, p); 550 } 551 552 return -ENOIOCTLCMD; 553 } 554 555 static int ioctl_fionbio(struct file *filp, int __user *argp) 556 { 557 unsigned int flag; 558 int on, error; 559 560 error = get_user(on, argp); 561 if (error) 562 return error; 563 flag = O_NONBLOCK; 564 #ifdef __sparc__ 565 /* SunOS compatibility item. */ 566 if (O_NONBLOCK != O_NDELAY) 567 flag |= O_NDELAY; 568 #endif 569 spin_lock(&filp->f_lock); 570 if (on) 571 filp->f_flags |= flag; 572 else 573 filp->f_flags &= ~flag; 574 spin_unlock(&filp->f_lock); 575 return error; 576 } 577 578 static int ioctl_fioasync(unsigned int fd, struct file *filp, 579 int __user *argp) 580 { 581 unsigned int flag; 582 int on, error; 583 584 error = get_user(on, argp); 585 if (error) 586 return error; 587 flag = on ? FASYNC : 0; 588 589 /* Did FASYNC state change ? */ 590 if ((flag ^ filp->f_flags) & FASYNC) { 591 if (filp->f_op->fasync) 592 /* fasync() adjusts filp->f_flags */ 593 error = filp->f_op->fasync(fd, filp, on); 594 else 595 error = -ENOTTY; 596 } 597 return error < 0 ? error : 0; 598 } 599 600 static int ioctl_fsfreeze(struct file *filp) 601 { 602 struct super_block *sb = file_inode(filp)->i_sb; 603 604 if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) 605 return -EPERM; 606 607 /* If filesystem doesn't support freeze feature, return. */ 608 if (sb->s_op->freeze_fs == NULL && sb->s_op->freeze_super == NULL) 609 return -EOPNOTSUPP; 610 611 /* Freeze */ 612 if (sb->s_op->freeze_super) 613 return sb->s_op->freeze_super(sb); 614 return freeze_super(sb); 615 } 616 617 static int ioctl_fsthaw(struct file *filp) 618 { 619 struct super_block *sb = file_inode(filp)->i_sb; 620 621 if (!ns_capable(sb->s_user_ns, CAP_SYS_ADMIN)) 622 return -EPERM; 623 624 /* Thaw */ 625 if (sb->s_op->thaw_super) 626 return sb->s_op->thaw_super(sb); 627 return thaw_super(sb); 628 } 629 630 static int ioctl_file_dedupe_range(struct file *file, 631 struct file_dedupe_range __user *argp) 632 { 633 struct file_dedupe_range *same = NULL; 634 int ret; 635 unsigned long size; 636 u16 count; 637 638 if (get_user(count, &argp->dest_count)) { 639 ret = -EFAULT; 640 goto out; 641 } 642 643 size = offsetof(struct file_dedupe_range __user, info[count]); 644 if (size > PAGE_SIZE) { 645 ret = -ENOMEM; 646 goto out; 647 } 648 649 same = memdup_user(argp, size); 650 if (IS_ERR(same)) { 651 ret = PTR_ERR(same); 652 same = NULL; 653 goto out; 654 } 655 656 same->dest_count = count; 657 ret = vfs_dedupe_file_range(file, same); 658 if (ret) 659 goto out; 660 661 ret = copy_to_user(argp, same, size); 662 if (ret) 663 ret = -EFAULT; 664 665 out: 666 kfree(same); 667 return ret; 668 } 669 670 /* 671 * do_vfs_ioctl() is not for drivers and not intended to be EXPORT_SYMBOL()'d. 672 * It's just a simple helper for sys_ioctl and compat_sys_ioctl. 673 * 674 * When you add any new common ioctls to the switches above and below, 675 * please ensure they have compatible arguments in compat mode. 676 */ 677 static int do_vfs_ioctl(struct file *filp, unsigned int fd, 678 unsigned int cmd, unsigned long arg) 679 { 680 void __user *argp = (void __user *)arg; 681 struct inode *inode = file_inode(filp); 682 683 switch (cmd) { 684 case FIOCLEX: 685 set_close_on_exec(fd, 1); 686 return 0; 687 688 case FIONCLEX: 689 set_close_on_exec(fd, 0); 690 return 0; 691 692 case FIONBIO: 693 return ioctl_fionbio(filp, argp); 694 695 case FIOASYNC: 696 return ioctl_fioasync(fd, filp, argp); 697 698 case FIOQSIZE: 699 if (S_ISDIR(inode->i_mode) || S_ISREG(inode->i_mode) || 700 S_ISLNK(inode->i_mode)) { 701 loff_t res = inode_get_bytes(inode); 702 return copy_to_user(argp, &res, sizeof(res)) ? 703 -EFAULT : 0; 704 } 705 706 return -ENOTTY; 707 708 case FIFREEZE: 709 return ioctl_fsfreeze(filp); 710 711 case FITHAW: 712 return ioctl_fsthaw(filp); 713 714 case FS_IOC_FIEMAP: 715 return ioctl_fiemap(filp, argp); 716 717 case FIGETBSZ: 718 /* anon_bdev filesystems may not have a block size */ 719 if (!inode->i_sb->s_blocksize) 720 return -EINVAL; 721 722 return put_user(inode->i_sb->s_blocksize, (int __user *)argp); 723 724 case FICLONE: 725 return ioctl_file_clone(filp, arg, 0, 0, 0); 726 727 case FICLONERANGE: 728 return ioctl_file_clone_range(filp, argp); 729 730 case FIDEDUPERANGE: 731 return ioctl_file_dedupe_range(filp, argp); 732 733 case FIONREAD: 734 if (!S_ISREG(inode->i_mode)) 735 return vfs_ioctl(filp, cmd, arg); 736 737 return put_user(i_size_read(inode) - filp->f_pos, 738 (int __user *)argp); 739 740 default: 741 if (S_ISREG(inode->i_mode)) 742 return file_ioctl(filp, cmd, argp); 743 break; 744 } 745 746 return -ENOIOCTLCMD; 747 } 748 749 int ksys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg) 750 { 751 struct fd f = fdget(fd); 752 int error; 753 754 if (!f.file) 755 return -EBADF; 756 757 error = security_file_ioctl(f.file, cmd, arg); 758 if (error) 759 goto out; 760 761 error = do_vfs_ioctl(f.file, fd, cmd, arg); 762 if (error == -ENOIOCTLCMD) 763 error = vfs_ioctl(f.file, cmd, arg); 764 765 out: 766 fdput(f); 767 return error; 768 } 769 770 SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd, unsigned long, arg) 771 { 772 return ksys_ioctl(fd, cmd, arg); 773 } 774 775 #ifdef CONFIG_COMPAT 776 /** 777 * compat_ptr_ioctl - generic implementation of .compat_ioctl file operation 778 * 779 * This is not normally called as a function, but instead set in struct 780 * file_operations as 781 * 782 * .compat_ioctl = compat_ptr_ioctl, 783 * 784 * On most architectures, the compat_ptr_ioctl() just passes all arguments 785 * to the corresponding ->ioctl handler. The exception is arch/s390, where 786 * compat_ptr() clears the top bit of a 32-bit pointer value, so user space 787 * pointers to the second 2GB alias the first 2GB, as is the case for 788 * native 32-bit s390 user space. 789 * 790 * The compat_ptr_ioctl() function must therefore be used only with ioctl 791 * functions that either ignore the argument or pass a pointer to a 792 * compatible data type. 793 * 794 * If any ioctl command handled by fops->unlocked_ioctl passes a plain 795 * integer instead of a pointer, or any of the passed data types 796 * is incompatible between 32-bit and 64-bit architectures, a proper 797 * handler is required instead of compat_ptr_ioctl. 798 */ 799 long compat_ptr_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 800 { 801 if (!file->f_op->unlocked_ioctl) 802 return -ENOIOCTLCMD; 803 804 return file->f_op->unlocked_ioctl(file, cmd, (unsigned long)compat_ptr(arg)); 805 } 806 EXPORT_SYMBOL(compat_ptr_ioctl); 807 808 COMPAT_SYSCALL_DEFINE3(ioctl, unsigned int, fd, unsigned int, cmd, 809 compat_ulong_t, arg) 810 { 811 struct fd f = fdget(fd); 812 int error; 813 814 if (!f.file) 815 return -EBADF; 816 817 /* RED-PEN how should LSM module know it's handling 32bit? */ 818 error = security_file_ioctl(f.file, cmd, arg); 819 if (error) 820 goto out; 821 822 switch (cmd) { 823 /* FICLONE takes an int argument, so don't use compat_ptr() */ 824 case FICLONE: 825 error = ioctl_file_clone(f.file, arg, 0, 0, 0); 826 break; 827 828 #if defined(CONFIG_X86_64) 829 /* these get messy on amd64 due to alignment differences */ 830 case FS_IOC_RESVSP_32: 831 case FS_IOC_RESVSP64_32: 832 error = compat_ioctl_preallocate(f.file, 0, compat_ptr(arg)); 833 break; 834 case FS_IOC_UNRESVSP_32: 835 case FS_IOC_UNRESVSP64_32: 836 error = compat_ioctl_preallocate(f.file, FALLOC_FL_PUNCH_HOLE, 837 compat_ptr(arg)); 838 break; 839 case FS_IOC_ZERO_RANGE_32: 840 error = compat_ioctl_preallocate(f.file, FALLOC_FL_ZERO_RANGE, 841 compat_ptr(arg)); 842 break; 843 #endif 844 845 /* 846 * everything else in do_vfs_ioctl() takes either a compatible 847 * pointer argument or no argument -- call it with a modified 848 * argument. 849 */ 850 default: 851 error = do_vfs_ioctl(f.file, fd, cmd, 852 (unsigned long)compat_ptr(arg)); 853 if (error != -ENOIOCTLCMD) 854 break; 855 856 if (f.file->f_op->compat_ioctl) 857 error = f.file->f_op->compat_ioctl(f.file, cmd, arg); 858 if (error == -ENOIOCTLCMD) 859 error = -ENOTTY; 860 break; 861 } 862 863 out: 864 fdput(f); 865 866 return error; 867 } 868 #endif 869