ARM: 8051/1: put_user: fix possible data corruption in put_user
[linux/fpc-iii.git] / fs / reiserfs / ioctl.c
blob6ec8a30a0911b953e0c79ddcbd1458c8fc13142a
1 /*
2 * Copyright 2000 by Hans Reiser, licensing governed by reiserfs/README
3 */
5 #include <linux/capability.h>
6 #include <linux/fs.h>
7 #include <linux/mount.h>
8 #include "reiserfs.h"
9 #include <linux/time.h>
10 #include <linux/uaccess.h>
11 #include <linux/pagemap.h>
12 #include <linux/compat.h>
15 * reiserfs_ioctl - handler for ioctl for inode
16 * supported commands:
17 * 1) REISERFS_IOC_UNPACK - try to unpack tail from direct item into indirect
18 * and prevent packing file (argument arg has t
19 * be non-zero)
20 * 2) REISERFS_IOC_[GS]ETFLAGS, REISERFS_IOC_[GS]ETVERSION
21 * 3) That's all for a while ...
23 long reiserfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
25 struct inode *inode = file_inode(filp);
26 unsigned int flags;
27 int err = 0;
29 reiserfs_write_lock(inode->i_sb);
31 switch (cmd) {
32 case REISERFS_IOC_UNPACK:
33 if (S_ISREG(inode->i_mode)) {
34 if (arg)
35 err = reiserfs_unpack(inode, filp);
36 } else
37 err = -ENOTTY;
38 break;
40 * following two cases are taken from fs/ext2/ioctl.c by Remy
41 * Card (card@masi.ibp.fr)
43 case REISERFS_IOC_GETFLAGS:
44 if (!reiserfs_attrs(inode->i_sb)) {
45 err = -ENOTTY;
46 break;
49 flags = REISERFS_I(inode)->i_attrs;
50 i_attrs_to_sd_attrs(inode, (__u16 *) & flags);
51 err = put_user(flags, (int __user *)arg);
52 break;
53 case REISERFS_IOC_SETFLAGS:{
54 if (!reiserfs_attrs(inode->i_sb)) {
55 err = -ENOTTY;
56 break;
59 err = mnt_want_write_file(filp);
60 if (err)
61 break;
63 if (!inode_owner_or_capable(inode)) {
64 err = -EPERM;
65 goto setflags_out;
67 if (get_user(flags, (int __user *)arg)) {
68 err = -EFAULT;
69 goto setflags_out;
72 * Is it quota file? Do not allow user to mess with it
74 if (IS_NOQUOTA(inode)) {
75 err = -EPERM;
76 goto setflags_out;
78 if (((flags ^ REISERFS_I(inode)->
79 i_attrs) & (REISERFS_IMMUTABLE_FL |
80 REISERFS_APPEND_FL))
81 && !capable(CAP_LINUX_IMMUTABLE)) {
82 err = -EPERM;
83 goto setflags_out;
85 if ((flags & REISERFS_NOTAIL_FL) &&
86 S_ISREG(inode->i_mode)) {
87 int result;
89 result = reiserfs_unpack(inode, filp);
90 if (result) {
91 err = result;
92 goto setflags_out;
95 sd_attrs_to_i_attrs(flags, inode);
96 REISERFS_I(inode)->i_attrs = flags;
97 inode->i_ctime = CURRENT_TIME_SEC;
98 mark_inode_dirty(inode);
99 setflags_out:
100 mnt_drop_write_file(filp);
101 break;
103 case REISERFS_IOC_GETVERSION:
104 err = put_user(inode->i_generation, (int __user *)arg);
105 break;
106 case REISERFS_IOC_SETVERSION:
107 if (!inode_owner_or_capable(inode)) {
108 err = -EPERM;
109 break;
111 err = mnt_want_write_file(filp);
112 if (err)
113 break;
114 if (get_user(inode->i_generation, (int __user *)arg)) {
115 err = -EFAULT;
116 goto setversion_out;
118 inode->i_ctime = CURRENT_TIME_SEC;
119 mark_inode_dirty(inode);
120 setversion_out:
121 mnt_drop_write_file(filp);
122 break;
123 default:
124 err = -ENOTTY;
127 reiserfs_write_unlock(inode->i_sb);
129 return err;
132 #ifdef CONFIG_COMPAT
133 long reiserfs_compat_ioctl(struct file *file, unsigned int cmd,
134 unsigned long arg)
137 * These are just misnamed, they actually
138 * get/put from/to user an int
140 switch (cmd) {
141 case REISERFS_IOC32_UNPACK:
142 cmd = REISERFS_IOC_UNPACK;
143 break;
144 case REISERFS_IOC32_GETFLAGS:
145 cmd = REISERFS_IOC_GETFLAGS;
146 break;
147 case REISERFS_IOC32_SETFLAGS:
148 cmd = REISERFS_IOC_SETFLAGS;
149 break;
150 case REISERFS_IOC32_GETVERSION:
151 cmd = REISERFS_IOC_GETVERSION;
152 break;
153 case REISERFS_IOC32_SETVERSION:
154 cmd = REISERFS_IOC_SETVERSION;
155 break;
156 default:
157 return -ENOIOCTLCMD;
160 return reiserfs_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
162 #endif
164 int reiserfs_commit_write(struct file *f, struct page *page,
165 unsigned from, unsigned to);
167 * reiserfs_unpack
168 * Function try to convert tail from direct item into indirect.
169 * It set up nopack attribute in the REISERFS_I(inode)->nopack
171 int reiserfs_unpack(struct inode *inode, struct file *filp)
173 int retval = 0;
174 int index;
175 struct page *page;
176 struct address_space *mapping;
177 unsigned long write_from;
178 unsigned long blocksize = inode->i_sb->s_blocksize;
180 if (inode->i_size == 0) {
181 REISERFS_I(inode)->i_flags |= i_nopack_mask;
182 return 0;
184 /* ioctl already done */
185 if (REISERFS_I(inode)->i_flags & i_nopack_mask) {
186 return 0;
189 /* we need to make sure nobody is changing the file size beneath us */
190 reiserfs_mutex_lock_safe(&inode->i_mutex, inode->i_sb);
192 reiserfs_write_lock(inode->i_sb);
194 write_from = inode->i_size & (blocksize - 1);
195 /* if we are on a block boundary, we are already unpacked. */
196 if (write_from == 0) {
197 REISERFS_I(inode)->i_flags |= i_nopack_mask;
198 goto out;
202 * we unpack by finding the page with the tail, and calling
203 * __reiserfs_write_begin on that page. This will force a
204 * reiserfs_get_block to unpack the tail for us.
206 index = inode->i_size >> PAGE_CACHE_SHIFT;
207 mapping = inode->i_mapping;
208 page = grab_cache_page(mapping, index);
209 retval = -ENOMEM;
210 if (!page) {
211 goto out;
213 retval = __reiserfs_write_begin(page, write_from, 0);
214 if (retval)
215 goto out_unlock;
217 /* conversion can change page contents, must flush */
218 flush_dcache_page(page);
219 retval = reiserfs_commit_write(NULL, page, write_from, write_from);
220 REISERFS_I(inode)->i_flags |= i_nopack_mask;
222 out_unlock:
223 unlock_page(page);
224 page_cache_release(page);
226 out:
227 mutex_unlock(&inode->i_mutex);
228 reiserfs_write_unlock(inode->i_sb);
229 return retval;