]> err.no Git - linux-2.6/blob - fs/utimes.c
vfs: fix permission checking in sys_utimensat
[linux-2.6] / fs / utimes.c
1 #include <linux/compiler.h>
2 #include <linux/file.h>
3 #include <linux/fs.h>
4 #include <linux/linkage.h>
5 #include <linux/mount.h>
6 #include <linux/namei.h>
7 #include <linux/sched.h>
8 #include <linux/stat.h>
9 #include <linux/utime.h>
10 #include <linux/syscalls.h>
11 #include <asm/uaccess.h>
12 #include <asm/unistd.h>
13
14 #ifdef __ARCH_WANT_SYS_UTIME
15
16 /*
17  * sys_utime() can be implemented in user-level using sys_utimes().
18  * Is this for backwards compatibility?  If so, why not move it
19  * into the appropriate arch directory (for those architectures that
20  * need it).
21  */
22
23 /* If times==NULL, set access and modification to current time,
24  * must be owner or have write permission.
25  * Else, update from *times, must be owner or super user.
26  */
27 asmlinkage long sys_utime(char __user *filename, struct utimbuf __user *times)
28 {
29         struct timespec tv[2];
30
31         if (times) {
32                 if (get_user(tv[0].tv_sec, &times->actime) ||
33                     get_user(tv[1].tv_sec, &times->modtime))
34                         return -EFAULT;
35                 tv[0].tv_nsec = 0;
36                 tv[1].tv_nsec = 0;
37         }
38         return do_utimes(AT_FDCWD, filename, times ? tv : NULL, 0);
39 }
40
41 #endif
42
43 static bool nsec_special(long nsec)
44 {
45         return nsec == UTIME_OMIT || nsec == UTIME_NOW;
46 }
47
48 static bool nsec_valid(long nsec)
49 {
50         if (nsec_special(nsec))
51                 return true;
52
53         return nsec >= 0 && nsec <= 999999999;
54 }
55
56 /* If times==NULL, set access and modification to current time,
57  * must be owner or have write permission.
58  * Else, update from *times, must be owner or super user.
59  */
60 long do_utimes(int dfd, char __user *filename, struct timespec *times, int flags)
61 {
62         int error;
63         struct nameidata nd;
64         struct dentry *dentry;
65         struct inode *inode;
66         struct iattr newattrs;
67         struct file *f = NULL;
68         struct vfsmount *mnt;
69
70         error = -EINVAL;
71         if (times && (!nsec_valid(times[0].tv_nsec) ||
72                       !nsec_valid(times[1].tv_nsec))) {
73                 goto out;
74         }
75
76         if (flags & ~AT_SYMLINK_NOFOLLOW)
77                 goto out;
78
79         if (filename == NULL && dfd != AT_FDCWD) {
80                 error = -EINVAL;
81                 if (flags & AT_SYMLINK_NOFOLLOW)
82                         goto out;
83
84                 error = -EBADF;
85                 f = fget(dfd);
86                 if (!f)
87                         goto out;
88                 dentry = f->f_path.dentry;
89                 mnt = f->f_path.mnt;
90         } else {
91                 error = __user_walk_fd(dfd, filename, (flags & AT_SYMLINK_NOFOLLOW) ? 0 : LOOKUP_FOLLOW, &nd);
92                 if (error)
93                         goto out;
94
95                 dentry = nd.path.dentry;
96                 mnt = nd.path.mnt;
97         }
98
99         inode = dentry->d_inode;
100
101         error = mnt_want_write(mnt);
102         if (error)
103                 goto dput_and_out;
104
105         /* Don't worry, the checks are done in inode_change_ok() */
106         newattrs.ia_valid = ATTR_CTIME | ATTR_MTIME | ATTR_ATIME;
107         if (times) {
108                 error = -EPERM;
109                 if (IS_APPEND(inode) || IS_IMMUTABLE(inode))
110                         goto mnt_drop_write_and_out;
111
112                 if (times[0].tv_nsec == UTIME_OMIT)
113                         newattrs.ia_valid &= ~ATTR_ATIME;
114                 else if (times[0].tv_nsec != UTIME_NOW) {
115                         newattrs.ia_atime.tv_sec = times[0].tv_sec;
116                         newattrs.ia_atime.tv_nsec = times[0].tv_nsec;
117                         newattrs.ia_valid |= ATTR_ATIME_SET;
118                 }
119
120                 if (times[1].tv_nsec == UTIME_OMIT)
121                         newattrs.ia_valid &= ~ATTR_MTIME;
122                 else if (times[1].tv_nsec != UTIME_NOW) {
123                         newattrs.ia_mtime.tv_sec = times[1].tv_sec;
124                         newattrs.ia_mtime.tv_nsec = times[1].tv_nsec;
125                         newattrs.ia_valid |= ATTR_MTIME_SET;
126                 }
127         }
128
129         /*
130          * If times is NULL or both times are either UTIME_OMIT or
131          * UTIME_NOW, then need to check permissions, because
132          * inode_change_ok() won't do it.
133          */
134         if (!times || (nsec_special(times[0].tv_nsec) &&
135                        nsec_special(times[1].tv_nsec))) {
136                 error = -EACCES;
137                 if (IS_IMMUTABLE(inode))
138                         goto mnt_drop_write_and_out;
139
140                 if (!is_owner_or_cap(inode)) {
141                         if (f) {
142                                 if (!(f->f_mode & FMODE_WRITE))
143                                         goto mnt_drop_write_and_out;
144                         } else {
145                                 error = vfs_permission(&nd, MAY_WRITE);
146                                 if (error)
147                                         goto mnt_drop_write_and_out;
148                         }
149                 }
150         }
151         mutex_lock(&inode->i_mutex);
152         error = notify_change(dentry, &newattrs);
153         mutex_unlock(&inode->i_mutex);
154 mnt_drop_write_and_out:
155         mnt_drop_write(mnt);
156 dput_and_out:
157         if (f)
158                 fput(f);
159         else
160                 path_put(&nd.path);
161 out:
162         return error;
163 }
164
165 asmlinkage long sys_utimensat(int dfd, char __user *filename, struct timespec __user *utimes, int flags)
166 {
167         struct timespec tstimes[2];
168
169         if (utimes) {
170                 if (copy_from_user(&tstimes, utimes, sizeof(tstimes)))
171                         return -EFAULT;
172                 if ((tstimes[0].tv_nsec == UTIME_OMIT ||
173                      tstimes[0].tv_nsec == UTIME_NOW) &&
174                     tstimes[0].tv_sec != 0)
175                         return -EINVAL;
176                 if ((tstimes[1].tv_nsec == UTIME_OMIT ||
177                      tstimes[1].tv_nsec == UTIME_NOW) &&
178                     tstimes[1].tv_sec != 0)
179                         return -EINVAL;
180
181                 /* Nothing to do, we must not even check the path.  */
182                 if (tstimes[0].tv_nsec == UTIME_OMIT &&
183                     tstimes[1].tv_nsec == UTIME_OMIT)
184                         return 0;
185         }
186
187         return do_utimes(dfd, filename, utimes ? tstimes : NULL, flags);
188 }
189
190 asmlinkage long sys_futimesat(int dfd, char __user *filename, struct timeval __user *utimes)
191 {
192         struct timeval times[2];
193         struct timespec tstimes[2];
194
195         if (utimes) {
196                 if (copy_from_user(&times, utimes, sizeof(times)))
197                         return -EFAULT;
198
199                 /* This test is needed to catch all invalid values.  If we
200                    would test only in do_utimes we would miss those invalid
201                    values truncated by the multiplication with 1000.  Note
202                    that we also catch UTIME_{NOW,OMIT} here which are only
203                    valid for utimensat.  */
204                 if (times[0].tv_usec >= 1000000 || times[0].tv_usec < 0 ||
205                     times[1].tv_usec >= 1000000 || times[1].tv_usec < 0)
206                         return -EINVAL;
207
208                 tstimes[0].tv_sec = times[0].tv_sec;
209                 tstimes[0].tv_nsec = 1000 * times[0].tv_usec;
210                 tstimes[1].tv_sec = times[1].tv_sec;
211                 tstimes[1].tv_nsec = 1000 * times[1].tv_usec;
212         }
213
214         return do_utimes(dfd, filename, utimes ? tstimes : NULL, 0);
215 }
216
217 asmlinkage long sys_utimes(char __user *filename, struct timeval __user *utimes)
218 {
219         return sys_futimesat(AT_FDCWD, filename, utimes);
220 }