[PATCH] r/o bind mounts: elevate write count for ioctls()

#include <linux/time.h>

#include <linux/sched.h>

#include <linux/compat.h>

#include <linux/mount.h>

#include <linux/smp_lock.h>

#include <asm/current.h>

#include <asm/uaccess.h>

	struct ext2_inode_info *ei = EXT2_I(inode);

	unsigned int flags;

	unsigned short rsv_window_size;

	int ret;

	ext2_debug ("cmd = %u, arg = %lu\n", cmd, arg);

	case EXT2_IOC_SETFLAGS: {

		unsigned int oldflags;

		if (IS_RDONLY(inode))

			return -EROFS;

		ret = mnt_want_write(filp->f_path.mnt);

		if (ret)

			return ret;

		if (!is_owner_or_cap(inode))

			return -EACCES;

		if (!is_owner_or_cap(inode)) {

			ret = -EACCES;

			goto setflags_out;

		}

		if (get_user(flags, (int __user *) arg))

			return -EFAULT;

		if (get_user(flags, (int __user *) arg)) {

			ret = -EFAULT;

			goto setflags_out;

		}

		if (!S_ISDIR(inode->i_mode))

			flags &= ~EXT2_DIRSYNC_FL;

		/* Is it quota file? Do not allow user to mess with it */

		if (IS_NOQUOTA(inode)) {

			mutex_unlock(&inode->i_mutex);

			return -EPERM;

			ret = -EPERM;

			goto setflags_out;

		}

		oldflags = ei->i_flags;

		if ((flags ^ oldflags) & (EXT2_APPEND_FL | EXT2_IMMUTABLE_FL)) {

			if (!capable(CAP_LINUX_IMMUTABLE)) {

				mutex_unlock(&inode->i_mutex);

				return -EPERM;

				ret = -EPERM;

				goto setflags_out;

			}

		}

		ext2_set_inode_flags(inode);

		inode->i_ctime = CURRENT_TIME_SEC;

		mark_inode_dirty(inode);

		return 0;

setflags_out:

		mnt_drop_write(filp->f_path.mnt);

		return ret;

	}

	case EXT2_IOC_GETVERSION:

		return put_user(inode->i_generation, (int __user *) arg);

	case EXT2_IOC_SETVERSION:

		if (!is_owner_or_cap(inode))

			return -EPERM;

		if (IS_RDONLY(inode))

			return -EROFS;

		if (get_user(inode->i_generation, (int __user *) arg))

			return -EFAULT;	

		ret = mnt_want_write(filp->f_path.mnt);

		if (ret)

			return ret;

		if (get_user(inode->i_generation, (int __user *) arg)) {

			ret = -EFAULT;

		} else {

			inode->i_ctime = CURRENT_TIME_SEC;

			mark_inode_dirty(inode);

		return 0;

		}

		mnt_drop_write(filp->f_path.mnt);

		return ret;

	case EXT2_IOC_GETRSVSZ:

		if (test_opt(inode->i_sb, RESERVATION)

			&& S_ISREG(inode->i_mode)

		if (!test_opt(inode->i_sb, RESERVATION) ||!S_ISREG(inode->i_mode))

			return -ENOTTY;

		if (IS_RDONLY(inode))

			return -EROFS;

		if ((current->fsuid != inode->i_uid) && !capable(CAP_FOWNER))

		if (!is_owner_or_cap(inode))

			return -EACCES;

		if (get_user(rsv_window_size, (int __user *)arg))

			return -EFAULT;

		ret = mnt_want_write(filp->f_path.mnt);

		if (ret)

			return ret;

		if (rsv_window_size > EXT2_MAX_RESERVE_BLOCKS)

			rsv_window_size = EXT2_MAX_RESERVE_BLOCKS;

			rsv->rsv_goal_size = rsv_window_size;

		}

		mutex_unlock(&ei->truncate_mutex);

		mnt_drop_write(filp->f_path.mnt);

		return 0;

	}

	default:

#include <linux/capability.h>

#include <linux/ext3_fs.h>

#include <linux/ext3_jbd.h>

#include <linux/mount.h>

#include <linux/time.h>

#include <linux/compat.h>

#include <linux/smp_lock.h>

		unsigned int oldflags;

		unsigned int jflag;

		if (IS_RDONLY(inode))

			return -EROFS;

		err = mnt_want_write(filp->f_path.mnt);

		if (err)

			return err;

		if (!is_owner_or_cap(inode))

			return -EACCES;

		if (!is_owner_or_cap(inode)) {

			err = -EACCES;

			goto flags_out;

		}

		if (get_user(flags, (int __user *) arg))

			return -EFAULT;

		if (get_user(flags, (int __user *) arg)) {

			err = -EFAULT;

			goto flags_out;

		}

		if (!S_ISDIR(inode->i_mode))

			flags &= ~EXT3_DIRSYNC_FL;

		/* Is it quota file? Do not allow user to mess with it */

		if (IS_NOQUOTA(inode)) {

			mutex_unlock(&inode->i_mutex);

			return -EPERM;

			err = -EPERM;

			goto flags_out;

		}

		oldflags = ei->i_flags;

		if ((flags ^ oldflags) & (EXT3_APPEND_FL | EXT3_IMMUTABLE_FL)) {

			if (!capable(CAP_LINUX_IMMUTABLE)) {

				mutex_unlock(&inode->i_mutex);

				return -EPERM;

				err = -EPERM;

				goto flags_out;

			}

		}

		if ((jflag ^ oldflags) & (EXT3_JOURNAL_DATA_FL)) {

			if (!capable(CAP_SYS_RESOURCE)) {

				mutex_unlock(&inode->i_mutex);

				return -EPERM;

				err = -EPERM;

				goto flags_out;

			}

		}

		handle = ext3_journal_start(inode, 1);

		if (IS_ERR(handle)) {

			mutex_unlock(&inode->i_mutex);

			return PTR_ERR(handle);

			err = PTR_ERR(handle);

			goto flags_out;

		}

		if (IS_SYNC(inode))

			handle->h_sync = 1;

		if ((jflag ^ oldflags) & (EXT3_JOURNAL_DATA_FL))

			err = ext3_change_inode_journal_flag(inode, jflag);

		mutex_unlock(&inode->i_mutex);

flags_out:

		mnt_drop_write(filp->f_path.mnt);

		return err;

	}

	case EXT3_IOC_GETVERSION:

		if (!is_owner_or_cap(inode))

			return -EPERM;

		if (IS_RDONLY(inode))

			return -EROFS;

		if (get_user(generation, (int __user *) arg))

			return -EFAULT;

		err = mnt_want_write(filp->f_path.mnt);

		if (err)

			return err;

		if (get_user(generation, (int __user *) arg)) {

			err = -EFAULT;

			goto setversion_out;

		}

		handle = ext3_journal_start(inode, 1);

		if (IS_ERR(handle))

			return PTR_ERR(handle);

		if (IS_ERR(handle)) {

			err = PTR_ERR(handle);

			goto setversion_out;

		}

		err = ext3_reserve_inode_write(handle, inode, &iloc);

		if (err == 0) {

			inode->i_ctime = CURRENT_TIME_SEC;

			err = ext3_mark_iloc_dirty(handle, inode, &iloc);

		}

		ext3_journal_stop(handle);

setversion_out:

		mnt_drop_write(filp->f_path.mnt);

		return err;

	}

#ifdef CONFIG_JBD_DEBUG

		}

		return -ENOTTY;

	case EXT3_IOC_SETRSVSZ: {

		int err;

		if (!test_opt(inode->i_sb, RESERVATION) ||!S_ISREG(inode->i_mode))

			return -ENOTTY;

		if (IS_RDONLY(inode))

			return -EROFS;

		err = mnt_want_write(filp->f_path.mnt);

		if (err)

			return err;

		if (!is_owner_or_cap(inode))

			return -EACCES;

		if (!is_owner_or_cap(inode)) {

			err = -EACCES;

			goto setrsvsz_out;

		}

		if (get_user(rsv_window_size, (int __user *)arg))

			return -EFAULT;

		if (get_user(rsv_window_size, (int __user *)arg)) {

			err = -EFAULT;

			goto setrsvsz_out;

		}

		if (rsv_window_size > EXT3_MAX_RESERVE_BLOCKS)

			rsv_window_size = EXT3_MAX_RESERVE_BLOCKS;

			rsv->rsv_goal_size = rsv_window_size;

		}

		mutex_unlock(&ei->truncate_mutex);

		return 0;

setrsvsz_out:

		mnt_drop_write(filp->f_path.mnt);

		return err;

	}

	case EXT3_IOC_GROUP_EXTEND: {

		ext3_fsblk_t n_blocks_count;

		if (!capable(CAP_SYS_RESOURCE))

			return -EPERM;

		if (IS_RDONLY(inode))

			return -EROFS;

		if (get_user(n_blocks_count, (__u32 __user *)arg))

			return -EFAULT;

		err = mnt_want_write(filp->f_path.mnt);

		if (err)

			return err;

		if (get_user(n_blocks_count, (__u32 __user *)arg)) {

			err = -EFAULT;

			goto group_extend_out;

		}

		err = ext3_group_extend(sb, EXT3_SB(sb)->s_es, n_blocks_count);

		journal_lock_updates(EXT3_SB(sb)->s_journal);

		journal_flush(EXT3_SB(sb)->s_journal);

		journal_unlock_updates(EXT3_SB(sb)->s_journal);

group_extend_out:

		mnt_drop_write(filp->f_path.mnt);

		return err;

	}

	case EXT3_IOC_GROUP_ADD: {

		if (!capable(CAP_SYS_RESOURCE))

			return -EPERM;

		if (IS_RDONLY(inode))

			return -EROFS;

		err = mnt_want_write(filp->f_path.mnt);

		if (err)

			return err;

		if (copy_from_user(&input, (struct ext3_new_group_input __user *)arg,

				sizeof(input)))

			return -EFAULT;

				sizeof(input))) {

			err = -EFAULT;

			goto group_add_out;

		}

		err = ext3_group_add(sb, &input);

		journal_lock_updates(EXT3_SB(sb)->s_journal);

		journal_flush(EXT3_SB(sb)->s_journal);

		journal_unlock_updates(EXT3_SB(sb)->s_journal);

group_add_out:

		mnt_drop_write(filp->f_path.mnt);

		return err;

	}

#include <linux/time.h>

#include <linux/compat.h>

#include <linux/smp_lock.h>

#include <linux/mount.h>

#include <asm/uaccess.h>

int ext4_ioctl (struct inode * inode, struct file * filp, unsigned int cmd,

		unsigned int oldflags;

		unsigned int jflag;

		if (IS_RDONLY(inode))

			return -EROFS;

		if (!is_owner_or_cap(inode))

			return -EACCES;

		if (get_user(flags, (int __user *) arg))

			return -EFAULT;

		err = mnt_want_write(filp->f_path.mnt);

		if (err)

			return err;

		if (!S_ISDIR(inode->i_mode))

			flags &= ~EXT4_DIRSYNC_FL;

		err = -EPERM;

		mutex_lock(&inode->i_mutex);

		/* Is it quota file? Do not allow user to mess with it */

		if (IS_NOQUOTA(inode)) {

			mutex_unlock(&inode->i_mutex);

			return -EPERM;

		}

		if (IS_NOQUOTA(inode))

			goto flags_out;

		oldflags = ei->i_flags;

		/* The JOURNAL_DATA flag is modifiable only by root */

		 * This test looks nicer. Thanks to Pauline Middelink

		 */

		if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {

			if (!capable(CAP_LINUX_IMMUTABLE)) {

				mutex_unlock(&inode->i_mutex);

				return -EPERM;

			}

			if (!capable(CAP_LINUX_IMMUTABLE))

				goto flags_out;

		}

		/*

		 * the relevant capability.

		 */

		if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {

			if (!capable(CAP_SYS_RESOURCE)) {

				mutex_unlock(&inode->i_mutex);

				return -EPERM;

			}

			if (!capable(CAP_SYS_RESOURCE))

				goto flags_out;

		}

		handle = ext4_journal_start(inode, 1);

		if (IS_ERR(handle)) {

			mutex_unlock(&inode->i_mutex);

			return PTR_ERR(handle);

			err = PTR_ERR(handle);

			goto flags_out;

		}

		if (IS_SYNC(inode))

			handle->h_sync = 1;

		err = ext4_mark_iloc_dirty(handle, inode, &iloc);

flags_err:

		ext4_journal_stop(handle);

		if (err) {

			mutex_unlock(&inode->i_mutex);

			return err;

		}

		if (err)

			goto flags_out;

		if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL))

			err = ext4_change_inode_journal_flag(inode, jflag);

flags_out:

		mutex_unlock(&inode->i_mutex);

		mnt_drop_write(filp->f_path.mnt);

		return err;

	}

	case EXT4_IOC_GETVERSION:

		if (!is_owner_or_cap(inode))

			return -EPERM;

		if (IS_RDONLY(inode))

			return -EROFS;

		if (get_user(generation, (int __user *) arg))

			return -EFAULT;

		err = mnt_want_write(filp->f_path.mnt);

		if (err)

			return err;

		if (get_user(generation, (int __user *) arg)) {

			err = -EFAULT;

			goto setversion_out;

		}

		handle = ext4_journal_start(inode, 1);

		if (IS_ERR(handle))

			return PTR_ERR(handle);

		if (IS_ERR(handle)) {

			err = PTR_ERR(handle);

			goto setversion_out;

		}

		err = ext4_reserve_inode_write(handle, inode, &iloc);

		if (err == 0) {

			inode->i_ctime = ext4_current_time(inode);

			err = ext4_mark_iloc_dirty(handle, inode, &iloc);

		}

		ext4_journal_stop(handle);

setversion_out:

		mnt_drop_write(filp->f_path.mnt);

		return err;

	}

#ifdef CONFIG_JBD2_DEBUG

		}

		return -ENOTTY;

	case EXT4_IOC_SETRSVSZ: {

		int err;

		if (!test_opt(inode->i_sb, RESERVATION) ||!S_ISREG(inode->i_mode))

			return -ENOTTY;

		if (IS_RDONLY(inode))

			return -EROFS;

		if (!is_owner_or_cap(inode))

			return -EACCES;

		if (get_user(rsv_window_size, (int __user *)arg))

			return -EFAULT;

		err = mnt_want_write(filp->f_path.mnt);

		if (err)

			return err;

		if (rsv_window_size > EXT4_MAX_RESERVE_BLOCKS)

			rsv_window_size = EXT4_MAX_RESERVE_BLOCKS;

			rsv->rsv_goal_size = rsv_window_size;

		}

		up_write(&ei->i_data_sem);

		mnt_drop_write(filp->f_path.mnt);

		return 0;

	}

	case EXT4_IOC_GROUP_EXTEND: {

		if (!capable(CAP_SYS_RESOURCE))

			return -EPERM;

		if (IS_RDONLY(inode))

			return -EROFS;

		if (get_user(n_blocks_count, (__u32 __user *)arg))

			return -EFAULT;

		err = mnt_want_write(filp->f_path.mnt);

		if (err)

			return err;

		err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);

		jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);

		jbd2_journal_flush(EXT4_SB(sb)->s_journal);

		jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);

		mnt_drop_write(filp->f_path.mnt);

		return err;

	}

		if (!capable(CAP_SYS_RESOURCE))

			return -EPERM;

		if (IS_RDONLY(inode))

			return -EROFS;

		if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,

				sizeof(input)))

			return -EFAULT;

		err = mnt_want_write(filp->f_path.mnt);

		if (err)

			return err;

		err = ext4_group_add(sb, &input);

		jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);

		jbd2_journal_flush(EXT4_SB(sb)->s_journal);

		jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);

		mnt_drop_write(filp->f_path.mnt);

		return err;

	}

#include <linux/capability.h>

#include <linux/module.h>

#include <linux/mount.h>

#include <linux/time.h>

#include <linux/msdos_fs.h>

#include <linux/smp_lock.h>

		mutex_lock(&inode->i_mutex);

		if (IS_RDONLY(inode)) {

			err = -EROFS;

			goto up;

		}

		err = mnt_want_write(filp->f_path.mnt);

		if (err)

			goto up_no_drop_write;

		/*

		 * ATTR_VOLUME and ATTR_DIR cannot be changed; this also

		MSDOS_I(inode)->i_attrs = attr & ATTR_UNUSED;

		mark_inode_dirty(inode);

up:

		mnt_drop_write(filp->f_path.mnt);

up_no_drop_write:

		mutex_unlock(&inode->i_mutex);

		return err;

	}

#include <linux/capability.h>

#include <linux/fs.h>

#include <linux/mount.h>

#include <linux/sched.h>

#include <linux/xattr.h>

#include <asm/uaccess.h>

			flags |= FS_NODUMP_FL; /* EXT2_NODUMP_FL */

		return put_user(flags, (int __user *)arg);

	case HFSPLUS_IOC_EXT2_SETFLAGS: {

		if (IS_RDONLY(inode))

			return -EROFS;

		if (!is_owner_or_cap(inode))

			return -EACCES;

		if (get_user(flags, (int __user *)arg))

			return -EFAULT;

		int err = 0;

		err = mnt_want_write(filp->f_path.mnt);

		if (err)

			return err;

		if (!is_owner_or_cap(inode)) {

			err = -EACCES;

			goto setflags_out;

		}

		if (get_user(flags, (int __user *)arg)) {

			err = -EFAULT;

			goto setflags_out;

		}

		if (flags & (FS_IMMUTABLE_FL|FS_APPEND_FL) ||

		    HFSPLUS_I(inode).rootflags & (HFSPLUS_FLG_IMMUTABLE|HFSPLUS_FLG_APPEND)) {

			if (!capable(CAP_LINUX_IMMUTABLE))

				return -EPERM;

			if (!capable(CAP_LINUX_IMMUTABLE)) {

				err = -EPERM;

				goto setflags_out;

			}

		}

		/* don't silently ignore unsupported ext2 flags */

		if (flags & ~(FS_IMMUTABLE_FL|FS_APPEND_FL|FS_NODUMP_FL))

			return -EOPNOTSUPP;

		if (flags & ~(FS_IMMUTABLE_FL|FS_APPEND_FL|FS_NODUMP_FL)) {

			err = -EOPNOTSUPP;

			goto setflags_out;

		}

		if (flags & FS_IMMUTABLE_FL) { /* EXT2_IMMUTABLE_FL */

			inode->i_flags |= S_IMMUTABLE;

			HFSPLUS_I(inode).rootflags |= HFSPLUS_FLG_IMMUTABLE;