[PATCH] r/o bind mounts: elevate write count for ioctls()

Some ioctl()s can cause writes to the filesystem. Take these, and make them use mnt_want/drop_write() instead. [AV: updated] Acked-by: Al Viro <viro@ZenIV.linux.org.uk> Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Dave Hansen <haveblue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
author: Dave Hansen <haveblue@us.ibm.com> 2008-02-15 17:37:46 -0500
committer: Al Viro <viro@zeniv.linux.org.uk> 2008-04-19 00:29:24 -0400
commit: 42a74f206b914db13ee1f5ae932dcd91a77c8579 (patch)
tree: 24e3dbe55edaacc750067ab9e01778255a6bff08 /fs/jfs
parent: 20ddee2c75339cc095f6191c3115f81da8955e96 (diff)
1 files changed, 22 insertions, 11 deletions
diff --git a/fs/jfs/ioctl.c b/fs/jfs/ioctl.c
index a1f8e375ad21..afe222bf300f 100644
--- a/fs/jfs/ioctl.c
+++ b/fs/jfs/ioctl.c
@@ -8,6 +8,7 @@
 #include <linux/fs.h>
 #include <linux/ctype.h>
 #include <linux/capability.h>
+#include <linux/mount.h>
 #include <linux/time.h>
 #include <linux/sched.h>
 #include <asm/current.h>
@@ -65,23 +66,30 @@ long jfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
                return put_user(flags, (int __user *) arg);
        case JFS_IOC_SETFLAGS: {
                unsigned int oldflags;
+                int err;
-                if (IS_RDONLY(inode))
+                err = mnt_want_write(filp->f_path.mnt);
-                        return -EROFS;
+                if (err)
+                        return err;
-                if (!is_owner_or_cap(inode))
+                if (!is_owner_or_cap(inode)) {
-                        return -EACCES;
+                        err = -EACCES;
+                        goto setflags_out;
-                if (get_user(flags, (int __user *) arg))
+                }
-                        return -EFAULT;
+                if (get_user(flags, (int __user *) arg)) {
+                        err = -EFAULT;
+                        goto setflags_out;
+                }
                flags = jfs_map_ext2(flags, 1);
                if (!S_ISDIR(inode->i_mode))
                        flags &= ~JFS_DIRSYNC_FL;
                /* Is it quota file? Do not allow user to mess with it */
-                if (IS_NOQUOTA(inode))
+                if (IS_NOQUOTA(inode)) {
-                        return -EPERM;
+                        err = -EPERM;
+                        goto setflags_out;
+                }
                /* Lock against other parallel changes of flags */
                mutex_lock(&inode->i_mutex);
@@ -98,7 +106,8 @@ long jfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
                        (JFS_APPEND_FL | JFS_IMMUTABLE_FL))) {
                        if (!capable(CAP_LINUX_IMMUTABLE)) {
                                mutex_unlock(&inode->i_mutex);
-                                return -EPERM;
+                                err = -EPERM;
+                                goto setflags_out;
                        }
                }
@@ -110,7 +119,9 @@ long jfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
                mutex_unlock(&inode->i_mutex);
                inode->i_ctime = CURRENT_TIME_SEC;
                mark_inode_dirty(inode);
-                return 0;
+setflags_out:
+                mnt_drop_write(filp->f_path.mnt);
+                return err;
        }
        default:
                return -ENOTTY;
author	Dave Hansen <haveblue@us.ibm.com>	2008-02-15 17:37:46 -0500
committer	Al Viro <viro@zeniv.linux.org.uk>	2008-04-19 00:29:24 -0400
commit	42a74f206b914db13ee1f5ae932dcd91a77c8579 (patch)
tree	24e3dbe55edaacc750067ab9e01778255a6bff08 /fs/jfs
parent	20ddee2c75339cc095f6191c3115f81da8955e96 (diff)

diff --git a/fs/jfs/ioctl.c b/fs/jfs/ioctl.c index a1f8e375ad21..afe222bf300f 100644 --- a/fs/jfs/ioctl.c +++ b/fs/jfs/ioctl.c
@@ -8,6 +8,7 @@
8	#include <linux/fs.h>	8	#include <linux/fs.h>
9	#include <linux/ctype.h>	9	#include <linux/ctype.h>
10	#include <linux/capability.h>	10	#include <linux/capability.h>
		11	#include <linux/mount.h>
11	#include <linux/time.h>	12	#include <linux/time.h>
12	#include <linux/sched.h>	13	#include <linux/sched.h>
13	#include <asm/current.h>	14	#include <asm/current.h>
@@ -65,23 +66,30 @@ long jfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
65	return put_user(flags, (int __user *) arg);	66	return put_user(flags, (int __user *) arg);
66	case JFS_IOC_SETFLAGS: {	67	case JFS_IOC_SETFLAGS: {
67	unsigned int oldflags;	68	unsigned int oldflags;
		69	int err;
68		70
69	if (IS_RDONLY(inode))	71	err = mnt_want_write(filp->f_path.mnt);
70	return -EROFS;	72	if (err)
		73	return err;
71		74
72	if (!is_owner_or_cap(inode))	75	if (!is_owner_or_cap(inode)) {
73	return -EACCES;	76	err = -EACCES;
74		77	goto setflags_out;
75	if (get_user(flags, (int __user *) arg))	78	}
76	return -EFAULT;	79	if (get_user(flags, (int __user *) arg)) {
		80	err = -EFAULT;
		81	goto setflags_out;
		82	}
77		83
78	flags = jfs_map_ext2(flags, 1);	84	flags = jfs_map_ext2(flags, 1);
79	if (!S_ISDIR(inode->i_mode))	85	if (!S_ISDIR(inode->i_mode))
80	flags &= ~JFS_DIRSYNC_FL;	86	flags &= ~JFS_DIRSYNC_FL;
81		87
82	/* Is it quota file? Do not allow user to mess with it */	88	/* Is it quota file? Do not allow user to mess with it */
83	if (IS_NOQUOTA(inode))	89	if (IS_NOQUOTA(inode)) {
84	return -EPERM;	90	err = -EPERM;
		91	goto setflags_out;
		92	}
85		93
86	/* Lock against other parallel changes of flags */	94	/* Lock against other parallel changes of flags */
87	mutex_lock(&inode->i_mutex);	95	mutex_lock(&inode->i_mutex);
@@ -98,7 +106,8 @@ long jfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
98	(JFS_APPEND_FL \| JFS_IMMUTABLE_FL))) {	106	(JFS_APPEND_FL \| JFS_IMMUTABLE_FL))) {
99	if (!capable(CAP_LINUX_IMMUTABLE)) {	107	if (!capable(CAP_LINUX_IMMUTABLE)) {
100	mutex_unlock(&inode->i_mutex);	108	mutex_unlock(&inode->i_mutex);
101	return -EPERM;	109	err = -EPERM;
		110	goto setflags_out;
102	}	111	}
103	}	112	}
104		113
@@ -110,7 +119,9 @@ long jfs_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
110	mutex_unlock(&inode->i_mutex);	119	mutex_unlock(&inode->i_mutex);
111	inode->i_ctime = CURRENT_TIME_SEC;	120	inode->i_ctime = CURRENT_TIME_SEC;
112	mark_inode_dirty(inode);	121	mark_inode_dirty(inode);
113	return 0;	122	setflags_out:
		123	mnt_drop_write(filp->f_path.mnt);
		124	return err;
114	}	125	}
115	default:	126	default:
116	return -ENOTTY;	127	return -ENOTTY;