LXR linux/fs/ext4/ioctl.c

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * linux/fs/ext4/ioctl.c
   4 *
   5 * Copyright (C) 1993, 1994, 1995
   6 * Remy Card (card@masi.ibp.fr)
   7 * Laboratoire MASI - Institut Blaise Pascal
   8 * Universite Pierre et Marie Curie (Paris VI)
   9 */
  10
  11#include <linux/fs.h>
  12#include <linux/capability.h>
  13#include <linux/time.h>
  14#include <linux/compat.h>
  15#include <linux/mount.h>
  16#include <linux/file.h>
  17#include <linux/quotaops.h>
  18#include <linux/uuid.h>
  19#include <linux/uaccess.h>
  20#include <linux/delay.h>
  21#include "ext4_jbd2.h"
  22#include "ext4.h"
  23#include <linux/fsmap.h>
  24#include "fsmap.h"
  25#include <trace/events/ext4.h>
  26
  27/**
  28 * Swap memory between @a and @b for @len bytes.
  29 *
  30 * @a:          pointer to first memory area
  31 * @b:          pointer to second memory area
  32 * @len:        number of bytes to swap
  33 *
  34 */
  35static void memswap(void *a, void *b, size_t len)
  36{
  37        unsigned char *ap, *bp;
  38
  39        ap = (unsigned char *)a;
  40        bp = (unsigned char *)b;
  41        while (len-- > 0) {
  42                swap(*ap, *bp);
  43                ap++;
  44                bp++;
  45        }
  46}
  47
  48/**
  49 * Swap i_data and associated attributes between @inode1 and @inode2.
  50 * This function is used for the primary swap between inode1 and inode2
  51 * and also to revert this primary swap in case of errors.
  52 *
  53 * Therefore you have to make sure, that calling this method twice
  54 * will revert all changes.
  55 *
  56 * @inode1:     pointer to first inode
  57 * @inode2:     pointer to second inode
  58 */
  59static void swap_inode_data(struct inode *inode1, struct inode *inode2)
  60{
  61        loff_t isize;
  62        struct ext4_inode_info *ei1;
  63        struct ext4_inode_info *ei2;
  64
  65        ei1 = EXT4_I(inode1);
  66        ei2 = EXT4_I(inode2);
  67
  68        swap(inode1->i_flags, inode2->i_flags);
  69        swap(inode1->i_version, inode2->i_version);
  70        swap(inode1->i_blocks, inode2->i_blocks);
  71        swap(inode1->i_bytes, inode2->i_bytes);
  72        swap(inode1->i_atime, inode2->i_atime);
  73        swap(inode1->i_mtime, inode2->i_mtime);
  74
  75        memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
  76        swap(ei1->i_flags, ei2->i_flags);
  77        swap(ei1->i_disksize, ei2->i_disksize);
  78        ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
  79        ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
  80
  81        isize = i_size_read(inode1);
  82        i_size_write(inode1, i_size_read(inode2));
  83        i_size_write(inode2, isize);
  84}
  85
  86/**
  87 * Swap the information from the given @inode and the inode
  88 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
  89 * important fields of the inodes.
  90 *
  91 * @sb:         the super block of the filesystem
  92 * @inode:      the inode to swap with EXT4_BOOT_LOADER_INO
  93 *
  94 */
  95static long swap_inode_boot_loader(struct super_block *sb,
  96                                struct inode *inode)
  97{
  98        handle_t *handle;
  99        int err;
 100        struct inode *inode_bl;
 101        struct ext4_inode_info *ei_bl;
 102        struct ext4_sb_info *sbi = EXT4_SB(sb);
 103
 104        if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode))
 105                return -EINVAL;
 106
 107        if (!inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN))
 108                return -EPERM;
 109
 110        inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO);
 111        if (IS_ERR(inode_bl))
 112                return PTR_ERR(inode_bl);
 113        ei_bl = EXT4_I(inode_bl);
 114
 115        filemap_flush(inode->i_mapping);
 116        filemap_flush(inode_bl->i_mapping);
 117
 118        /* Protect orig inodes against a truncate and make sure,
 119         * that only 1 swap_inode_boot_loader is running. */
 120        lock_two_nondirectories(inode, inode_bl);
 121
 122        truncate_inode_pages(&inode->i_data, 0);
 123        truncate_inode_pages(&inode_bl->i_data, 0);
 124
 125        /* Wait for all existing dio workers */
 126        ext4_inode_block_unlocked_dio(inode);
 127        ext4_inode_block_unlocked_dio(inode_bl);
 128        inode_dio_wait(inode);
 129        inode_dio_wait(inode_bl);
 130
 131        handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
 132        if (IS_ERR(handle)) {
 133                err = -EINVAL;
 134                goto journal_err_out;
 135        }
 136
 137        /* Protect extent tree against block allocations via delalloc */
 138        ext4_double_down_write_data_sem(inode, inode_bl);
 139
 140        if (inode_bl->i_nlink == 0) {
 141                /* this inode has never been used as a BOOT_LOADER */
 142                set_nlink(inode_bl, 1);
 143                i_uid_write(inode_bl, 0);
 144                i_gid_write(inode_bl, 0);
 145                inode_bl->i_flags = 0;
 146                ei_bl->i_flags = 0;
 147                inode_bl->i_version = 1;
 148                i_size_write(inode_bl, 0);
 149                inode_bl->i_mode = S_IFREG;
 150                if (ext4_has_feature_extents(sb)) {
 151                        ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
 152                        ext4_ext_tree_init(handle, inode_bl);
 153                } else
 154                        memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
 155        }
 156
 157        swap_inode_data(inode, inode_bl);
 158
 159        inode->i_ctime = inode_bl->i_ctime = current_time(inode);
 160
 161        spin_lock(&sbi->s_next_gen_lock);
 162        inode->i_generation = sbi->s_next_generation++;
 163        inode_bl->i_generation = sbi->s_next_generation++;
 164        spin_unlock(&sbi->s_next_gen_lock);
 165
 166        ext4_discard_preallocations(inode);
 167
 168        err = ext4_mark_inode_dirty(handle, inode);
 169        if (err < 0) {
 170                ext4_warning(inode->i_sb,
 171                        "couldn't mark inode #%lu dirty (err %d)",
 172                        inode->i_ino, err);
 173                /* Revert all changes: */
 174                swap_inode_data(inode, inode_bl);
 175        } else {
 176                err = ext4_mark_inode_dirty(handle, inode_bl);
 177                if (err < 0) {
 178                        ext4_warning(inode_bl->i_sb,
 179                                "couldn't mark inode #%lu dirty (err %d)",
 180                                inode_bl->i_ino, err);
 181                        /* Revert all changes: */
 182                        swap_inode_data(inode, inode_bl);
 183                        ext4_mark_inode_dirty(handle, inode);
 184                }
 185        }
 186        ext4_journal_stop(handle);
 187        ext4_double_up_write_data_sem(inode, inode_bl);
 188
 189journal_err_out:
 190        ext4_inode_resume_unlocked_dio(inode);
 191        ext4_inode_resume_unlocked_dio(inode_bl);
 192        unlock_two_nondirectories(inode, inode_bl);
 193        iput(inode_bl);
 194        return err;
 195}
 196
 197#ifdef CONFIG_EXT4_FS_ENCRYPTION
 198static int uuid_is_zero(__u8 u[16])
 199{
 200        int     i;
 201
 202        for (i = 0; i < 16; i++)
 203                if (u[i])
 204                        return 0;
 205        return 1;
 206}
 207#endif
 208
 209static int ext4_ioctl_setflags(struct inode *inode,
 210                               unsigned int flags)
 211{
 212        struct ext4_inode_info *ei = EXT4_I(inode);
 213        handle_t *handle = NULL;
 214        int err = -EPERM, migrate = 0;
 215        struct ext4_iloc iloc;
 216        unsigned int oldflags, mask, i;
 217        unsigned int jflag;
 218
 219        /* Is it quota file? Do not allow user to mess with it */
 220        if (ext4_is_quota_file(inode))
 221                goto flags_out;
 222
 223        oldflags = ei->i_flags;
 224
 225        /* The JOURNAL_DATA flag is modifiable only by root */
 226        jflag = flags & EXT4_JOURNAL_DATA_FL;
 227
 228        /*
 229         * The IMMUTABLE and APPEND_ONLY flags can only be changed by
 230         * the relevant capability.
 231         *
 232         * This test looks nicer. Thanks to Pauline Middelink
 233         */
 234        if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
 235                if (!capable(CAP_LINUX_IMMUTABLE))
 236                        goto flags_out;
 237        }
 238
 239        /*
 240         * The JOURNAL_DATA flag can only be changed by
 241         * the relevant capability.
 242         */
 243        if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
 244                if (!capable(CAP_SYS_RESOURCE))
 245                        goto flags_out;
 246        }
 247        if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
 248                migrate = 1;
 249
 250        if (flags & EXT4_EOFBLOCKS_FL) {
 251                /* we don't support adding EOFBLOCKS flag */
 252                if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
 253                        err = -EOPNOTSUPP;
 254                        goto flags_out;
 255                }
 256        } else if (oldflags & EXT4_EOFBLOCKS_FL) {
 257                err = ext4_truncate(inode);
 258                if (err)
 259                        goto flags_out;
 260        }
 261
 262        handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
 263        if (IS_ERR(handle)) {
 264                err = PTR_ERR(handle);
 265                goto flags_out;
 266        }
 267        if (IS_SYNC(inode))
 268                ext4_handle_sync(handle);
 269        err = ext4_reserve_inode_write(handle, inode, &iloc);
 270        if (err)
 271                goto flags_err;
 272
 273        for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
 274                if (!(mask & EXT4_FL_USER_MODIFIABLE))
 275                        continue;
 276                /* These flags get special treatment later */
 277                if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
 278                        continue;
 279                if (mask & flags)
 280                        ext4_set_inode_flag(inode, i);
 281                else
 282                        ext4_clear_inode_flag(inode, i);
 283        }
 284
 285        ext4_set_inode_flags(inode);
 286        inode->i_ctime = current_time(inode);
 287
 288        err = ext4_mark_iloc_dirty(handle, inode, &iloc);
 289flags_err:
 290        ext4_journal_stop(handle);
 291        if (err)
 292                goto flags_out;
 293
 294        if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL))
 295                err = ext4_change_inode_journal_flag(inode, jflag);
 296        if (err)
 297                goto flags_out;
 298        if (migrate) {
 299                if (flags & EXT4_EXTENTS_FL)
 300                        err = ext4_ext_migrate(inode);
 301                else
 302                        err = ext4_ind_migrate(inode);
 303        }
 304
 305flags_out:
 306        return err;
 307}
 308
 309#ifdef CONFIG_QUOTA
 310static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
 311{
 312        struct inode *inode = file_inode(filp);
 313        struct super_block *sb = inode->i_sb;
 314        struct ext4_inode_info *ei = EXT4_I(inode);
 315        int err, rc;
 316        handle_t *handle;
 317        kprojid_t kprojid;
 318        struct ext4_iloc iloc;
 319        struct ext4_inode *raw_inode;
 320        struct dquot *transfer_to[MAXQUOTAS] = { };
 321
 322        if (!ext4_has_feature_project(sb)) {
 323                if (projid != EXT4_DEF_PROJID)
 324                        return -EOPNOTSUPP;
 325                else
 326                        return 0;
 327        }
 328
 329        if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
 330                return -EOPNOTSUPP;
 331
 332        kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
 333
 334        if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
 335                return 0;
 336
 337        err = mnt_want_write_file(filp);
 338        if (err)
 339                return err;
 340
 341        err = -EPERM;
 342        inode_lock(inode);
 343        /* Is it quota file? Do not allow user to mess with it */
 344        if (ext4_is_quota_file(inode))
 345                goto out_unlock;
 346
 347        err = ext4_get_inode_loc(inode, &iloc);
 348        if (err)
 349                goto out_unlock;
 350
 351        raw_inode = ext4_raw_inode(&iloc);
 352        if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
 353                err = ext4_expand_extra_isize(inode,
 354                                              EXT4_SB(sb)->s_want_extra_isize,
 355                                              &iloc);
 356                if (err)
 357                        goto out_unlock;
 358        } else {
 359                brelse(iloc.bh);
 360        }
 361
 362        dquot_initialize(inode);
 363
 364        handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
 365                EXT4_QUOTA_INIT_BLOCKS(sb) +
 366                EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
 367        if (IS_ERR(handle)) {
 368                err = PTR_ERR(handle);
 369                goto out_unlock;
 370        }
 371
 372        err = ext4_reserve_inode_write(handle, inode, &iloc);
 373        if (err)
 374                goto out_stop;
 375
 376        transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
 377        if (!IS_ERR(transfer_to[PRJQUOTA])) {
 378
 379                /* __dquot_transfer() calls back ext4_get_inode_usage() which
 380                 * counts xattr inode references.
 381                 */
 382                down_read(&EXT4_I(inode)->xattr_sem);
 383                err = __dquot_transfer(inode, transfer_to);
 384                up_read(&EXT4_I(inode)->xattr_sem);
 385                dqput(transfer_to[PRJQUOTA]);
 386                if (err)
 387                        goto out_dirty;
 388        }
 389
 390        EXT4_I(inode)->i_projid = kprojid;
 391        inode->i_ctime = current_time(inode);
 392out_dirty:
 393        rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
 394        if (!err)
 395                err = rc;
 396out_stop:
 397        ext4_journal_stop(handle);
 398out_unlock:
 399        inode_unlock(inode);
 400        mnt_drop_write_file(filp);
 401        return err;
 402}
 403#else
 404static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
 405{
 406        if (projid != EXT4_DEF_PROJID)
 407                return -EOPNOTSUPP;
 408        return 0;
 409}
 410#endif
 411
 412/* Transfer internal flags to xflags */
 413static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
 414{
 415        __u32 xflags = 0;
 416
 417        if (iflags & EXT4_SYNC_FL)
 418                xflags |= FS_XFLAG_SYNC;
 419        if (iflags & EXT4_IMMUTABLE_FL)
 420                xflags |= FS_XFLAG_IMMUTABLE;
 421        if (iflags & EXT4_APPEND_FL)
 422                xflags |= FS_XFLAG_APPEND;
 423        if (iflags & EXT4_NODUMP_FL)
 424                xflags |= FS_XFLAG_NODUMP;
 425        if (iflags & EXT4_NOATIME_FL)
 426                xflags |= FS_XFLAG_NOATIME;
 427        if (iflags & EXT4_PROJINHERIT_FL)
 428                xflags |= FS_XFLAG_PROJINHERIT;
 429        return xflags;
 430}
 431
 432#define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
 433                                  FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
 434                                  FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT)
 435
 436/* Transfer xflags flags to internal */
 437static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
 438{
 439        unsigned long iflags = 0;
 440
 441        if (xflags & FS_XFLAG_SYNC)
 442                iflags |= EXT4_SYNC_FL;
 443        if (xflags & FS_XFLAG_IMMUTABLE)
 444                iflags |= EXT4_IMMUTABLE_FL;
 445        if (xflags & FS_XFLAG_APPEND)
 446                iflags |= EXT4_APPEND_FL;
 447        if (xflags & FS_XFLAG_NODUMP)
 448                iflags |= EXT4_NODUMP_FL;
 449        if (xflags & FS_XFLAG_NOATIME)
 450                iflags |= EXT4_NOATIME_FL;
 451        if (xflags & FS_XFLAG_PROJINHERIT)
 452                iflags |= EXT4_PROJINHERIT_FL;
 453
 454        return iflags;
 455}
 456
 457static int ext4_shutdown(struct super_block *sb, unsigned long arg)
 458{
 459        struct ext4_sb_info *sbi = EXT4_SB(sb);
 460        __u32 flags;
 461
 462        if (!capable(CAP_SYS_ADMIN))
 463                return -EPERM;
 464
 465        if (get_user(flags, (__u32 __user *)arg))
 466                return -EFAULT;
 467
 468        if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
 469                return -EINVAL;
 470
 471        if (ext4_forced_shutdown(sbi))
 472                return 0;
 473
 474        ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
 475
 476        switch (flags) {
 477        case EXT4_GOING_FLAGS_DEFAULT:
 478                freeze_bdev(sb->s_bdev);
 479                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 480                thaw_bdev(sb->s_bdev, sb);
 481                break;
 482        case EXT4_GOING_FLAGS_LOGFLUSH:
 483                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 484                if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
 485                        (void) ext4_force_commit(sb);
 486                        jbd2_journal_abort(sbi->s_journal, 0);
 487                }
 488                break;
 489        case EXT4_GOING_FLAGS_NOLOGFLUSH:
 490                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 491                if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
 492                        msleep(100);
 493                        jbd2_journal_abort(sbi->s_journal, 0);
 494                }
 495                break;
 496        default:
 497                return -EINVAL;
 498        }
 499        clear_opt(sb, DISCARD);
 500        return 0;
 501}
 502
 503struct getfsmap_info {
 504        struct super_block      *gi_sb;
 505        struct fsmap_head __user *gi_data;
 506        unsigned int            gi_idx;
 507        __u32                   gi_last_flags;
 508};
 509
 510static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
 511{
 512        struct getfsmap_info *info = priv;
 513        struct fsmap fm;
 514
 515        trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
 516
 517        info->gi_last_flags = xfm->fmr_flags;
 518        ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
 519        if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
 520                        sizeof(struct fsmap)))
 521                return -EFAULT;
 522
 523        return 0;
 524}
 525
 526static int ext4_ioc_getfsmap(struct super_block *sb,
 527                             struct fsmap_head __user *arg)
 528{
 529        struct getfsmap_info info = {0};
 530        struct ext4_fsmap_head xhead = {0};
 531        struct fsmap_head head;
 532        bool aborted = false;
 533        int error;
 534
 535        if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
 536                return -EFAULT;
 537        if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
 538            memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
 539                       sizeof(head.fmh_keys[0].fmr_reserved)) ||
 540            memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
 541                       sizeof(head.fmh_keys[1].fmr_reserved)))
 542                return -EINVAL;
 543        /*
 544         * ext4 doesn't report file extents at all, so the only valid
 545         * file offsets are the magic ones (all zeroes or all ones).
 546         */
 547        if (head.fmh_keys[0].fmr_offset ||
 548            (head.fmh_keys[1].fmr_offset != 0 &&
 549             head.fmh_keys[1].fmr_offset != -1ULL))
 550                return -EINVAL;
 551
 552        xhead.fmh_iflags = head.fmh_iflags;
 553        xhead.fmh_count = head.fmh_count;
 554        ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
 555        ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
 556
 557        trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
 558        trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
 559
 560        info.gi_sb = sb;
 561        info.gi_data = arg;
 562        error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
 563        if (error == EXT4_QUERY_RANGE_ABORT) {
 564                error = 0;
 565                aborted = true;
 566        } else if (error)
 567                return error;
 568
 569        /* If we didn't abort, set the "last" flag in the last fmx */
 570        if (!aborted && info.gi_idx) {
 571                info.gi_last_flags |= FMR_OF_LAST;
 572                if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
 573                                 &info.gi_last_flags,
 574                                 sizeof(info.gi_last_flags)))
 575                        return -EFAULT;
 576        }
 577
 578        /* copy back header */
 579        head.fmh_entries = xhead.fmh_entries;
 580        head.fmh_oflags = xhead.fmh_oflags;
 581        if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
 582                return -EFAULT;
 583
 584        return 0;
 585}
 586
 587long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 588{
 589        struct inode *inode = file_inode(filp);
 590        struct super_block *sb = inode->i_sb;
 591        struct ext4_inode_info *ei = EXT4_I(inode);
 592        unsigned int flags;
 593
 594        ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
 595
 596        switch (cmd) {
 597        case FS_IOC_GETFSMAP:
 598                return ext4_ioc_getfsmap(sb, (void __user *)arg);
 599        case EXT4_IOC_GETFLAGS:
 600                flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
 601                return put_user(flags, (int __user *) arg);
 602        case EXT4_IOC_SETFLAGS: {
 603                int err;
 604
 605                if (!inode_owner_or_capable(inode))
 606                        return -EACCES;
 607
 608                if (get_user(flags, (int __user *) arg))
 609                        return -EFAULT;
 610
 611                if (flags & ~EXT4_FL_USER_VISIBLE)
 612                        return -EOPNOTSUPP;
 613                /*
 614                 * chattr(1) grabs flags via GETFLAGS, modifies the result and
 615                 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
 616                 * more restrictive than just silently masking off visible but
 617                 * not settable flags as we always did.
 618                 */
 619                flags &= EXT4_FL_USER_MODIFIABLE;
 620                if (ext4_mask_flags(inode->i_mode, flags) != flags)
 621                        return -EOPNOTSUPP;
 622
 623                err = mnt_want_write_file(filp);
 624                if (err)
 625                        return err;
 626
 627                inode_lock(inode);
 628                err = ext4_ioctl_setflags(inode, flags);
 629                inode_unlock(inode);
 630                mnt_drop_write_file(filp);
 631                return err;
 632        }
 633        case EXT4_IOC_GETVERSION:
 634        case EXT4_IOC_GETVERSION_OLD:
 635                return put_user(inode->i_generation, (int __user *) arg);
 636        case EXT4_IOC_SETVERSION:
 637        case EXT4_IOC_SETVERSION_OLD: {
 638                handle_t *handle;
 639                struct ext4_iloc iloc;
 640                __u32 generation;
 641                int err;
 642
 643                if (!inode_owner_or_capable(inode))
 644                        return -EPERM;
 645
 646                if (ext4_has_metadata_csum(inode->i_sb)) {
 647                        ext4_warning(sb, "Setting inode version is not "
 648                                     "supported with metadata_csum enabled.");
 649                        return -ENOTTY;
 650                }
 651
 652                err = mnt_want_write_file(filp);
 653                if (err)
 654                        return err;
 655                if (get_user(generation, (int __user *) arg)) {
 656                        err = -EFAULT;
 657                        goto setversion_out;
 658                }
 659
 660                inode_lock(inode);
 661                handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
 662                if (IS_ERR(handle)) {
 663                        err = PTR_ERR(handle);
 664                        goto unlock_out;
 665                }
 666                err = ext4_reserve_inode_write(handle, inode, &iloc);
 667                if (err == 0) {
 668                        inode->i_ctime = current_time(inode);
 669                        inode->i_generation = generation;
 670                        err = ext4_mark_iloc_dirty(handle, inode, &iloc);
 671                }
 672                ext4_journal_stop(handle);
 673
 674unlock_out:
 675                inode_unlock(inode);
 676setversion_out:
 677                mnt_drop_write_file(filp);
 678                return err;
 679        }
 680        case EXT4_IOC_GROUP_EXTEND: {
 681                ext4_fsblk_t n_blocks_count;
 682                int err, err2=0;
 683
 684                err = ext4_resize_begin(sb);
 685                if (err)
 686                        return err;
 687
 688                if (get_user(n_blocks_count, (__u32 __user *)arg)) {
 689                        err = -EFAULT;
 690                        goto group_extend_out;
 691                }
 692
 693                if (ext4_has_feature_bigalloc(sb)) {
 694                        ext4_msg(sb, KERN_ERR,
 695                                 "Online resizing not supported with bigalloc");
 696                        err = -EOPNOTSUPP;
 697                        goto group_extend_out;
 698                }
 699
 700                err = mnt_want_write_file(filp);
 701                if (err)
 702                        goto group_extend_out;
 703
 704                err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
 705                if (EXT4_SB(sb)->s_journal) {
 706                        jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
 707                        err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
 708                        jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
 709                }
 710                if (err == 0)
 711                        err = err2;
 712                mnt_drop_write_file(filp);
 713group_extend_out:
 714                ext4_resize_end(sb);
 715                return err;
 716        }
 717
 718        case EXT4_IOC_MOVE_EXT: {
 719                struct move_extent me;
 720                struct fd donor;
 721                int err;
 722
 723                if (!(filp->f_mode & FMODE_READ) ||
 724                    !(filp->f_mode & FMODE_WRITE))
 725                        return -EBADF;
 726
 727                if (copy_from_user(&me,
 728                        (struct move_extent __user *)arg, sizeof(me)))
 729                        return -EFAULT;
 730                me.moved_len = 0;
 731
 732                donor = fdget(me.donor_fd);
 733                if (!donor.file)
 734                        return -EBADF;
 735
 736                if (!(donor.file->f_mode & FMODE_WRITE)) {
 737                        err = -EBADF;
 738                        goto mext_out;
 739                }
 740
 741                if (ext4_has_feature_bigalloc(sb)) {
 742                        ext4_msg(sb, KERN_ERR,
 743                                 "Online defrag not supported with bigalloc");
 744                        err = -EOPNOTSUPP;
 745                        goto mext_out;
 746                } else if (IS_DAX(inode)) {
 747                        ext4_msg(sb, KERN_ERR,
 748                                 "Online defrag not supported with DAX");
 749                        err = -EOPNOTSUPP;
 750                        goto mext_out;
 751                }
 752
 753                err = mnt_want_write_file(filp);
 754                if (err)
 755                        goto mext_out;
 756
 757                err = ext4_move_extents(filp, donor.file, me.orig_start,
 758                                        me.donor_start, me.len, &me.moved_len);
 759                mnt_drop_write_file(filp);
 760
 761                if (copy_to_user((struct move_extent __user *)arg,
 762                                 &me, sizeof(me)))
 763                        err = -EFAULT;
 764mext_out:
 765                fdput(donor);
 766                return err;
 767        }
 768
 769        case EXT4_IOC_GROUP_ADD: {
 770                struct ext4_new_group_data input;
 771                int err, err2=0;
 772
 773                err = ext4_resize_begin(sb);
 774                if (err)
 775                        return err;
 776
 777                if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
 778                                sizeof(input))) {
 779                        err = -EFAULT;
 780                        goto group_add_out;
 781                }
 782
 783                if (ext4_has_feature_bigalloc(sb)) {
 784                        ext4_msg(sb, KERN_ERR,
 785                                 "Online resizing not supported with bigalloc");
 786                        err = -EOPNOTSUPP;
 787                        goto group_add_out;
 788                }
 789
 790                err = mnt_want_write_file(filp);
 791                if (err)
 792                        goto group_add_out;
 793
 794                err = ext4_group_add(sb, &input);
 795                if (EXT4_SB(sb)->s_journal) {
 796                        jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
 797                        err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
 798                        jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
 799                }
 800                if (err == 0)
 801                        err = err2;
 802                mnt_drop_write_file(filp);
 803                if (!err && ext4_has_group_desc_csum(sb) &&
 804                    test_opt(sb, INIT_INODE_TABLE))
 805                        err = ext4_register_li_request(sb, input.group);
 806group_add_out:
 807                ext4_resize_end(sb);
 808                return err;
 809        }
 810
 811        case EXT4_IOC_MIGRATE:
 812        {
 813                int err;
 814                if (!inode_owner_or_capable(inode))
 815                        return -EACCES;
 816
 817                err = mnt_want_write_file(filp);
 818                if (err)
 819                        return err;
 820                /*
 821                 * inode_mutex prevent write and truncate on the file.
 822                 * Read still goes through. We take i_data_sem in
 823                 * ext4_ext_swap_inode_data before we switch the
 824                 * inode format to prevent read.
 825                 */
 826                inode_lock((inode));
 827                err = ext4_ext_migrate(inode);
 828                inode_unlock((inode));
 829                mnt_drop_write_file(filp);
 830                return err;
 831        }
 832
 833        case EXT4_IOC_ALLOC_DA_BLKS:
 834        {
 835                int err;
 836                if (!inode_owner_or_capable(inode))
 837                        return -EACCES;
 838
 839                err = mnt_want_write_file(filp);
 840                if (err)
 841                        return err;
 842                err = ext4_alloc_da_blocks(inode);
 843                mnt_drop_write_file(filp);
 844                return err;
 845        }
 846
 847        case EXT4_IOC_SWAP_BOOT:
 848        {
 849                int err;
 850                if (!(filp->f_mode & FMODE_WRITE))
 851                        return -EBADF;
 852                err = mnt_want_write_file(filp);
 853                if (err)
 854                        return err;
 855                err = swap_inode_boot_loader(sb, inode);
 856                mnt_drop_write_file(filp);
 857                return err;
 858        }
 859
 860        case EXT4_IOC_RESIZE_FS: {
 861                ext4_fsblk_t n_blocks_count;
 862                int err = 0, err2 = 0;
 863                ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
 864
 865                if (ext4_has_feature_bigalloc(sb)) {
 866                        ext4_msg(sb, KERN_ERR,
 867                                 "Online resizing not (yet) supported with bigalloc");
 868                        return -EOPNOTSUPP;
 869                }
 870
 871                if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
 872                                   sizeof(__u64))) {
 873                        return -EFAULT;
 874                }
 875
 876                err = ext4_resize_begin(sb);
 877                if (err)
 878                        return err;
 879
 880                err = mnt_want_write_file(filp);
 881                if (err)
 882                        goto resizefs_out;
 883
 884                err = ext4_resize_fs(sb, n_blocks_count);
 885                if (EXT4_SB(sb)->s_journal) {
 886                        jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
 887                        err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
 888                        jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
 889                }
 890                if (err == 0)
 891                        err = err2;
 892                mnt_drop_write_file(filp);
 893                if (!err && (o_group > EXT4_SB(sb)->s_groups_count) &&
 894                    ext4_has_group_desc_csum(sb) &&
 895                    test_opt(sb, INIT_INODE_TABLE))
 896                        err = ext4_register_li_request(sb, o_group);
 897
 898resizefs_out:
 899                ext4_resize_end(sb);
 900                return err;
 901        }
 902
 903        case FITRIM:
 904        {
 905                struct request_queue *q = bdev_get_queue(sb->s_bdev);
 906                struct fstrim_range range;
 907                int ret = 0;
 908
 909                if (!capable(CAP_SYS_ADMIN))
 910                        return -EPERM;
 911
 912                if (!blk_queue_discard(q))
 913                        return -EOPNOTSUPP;
 914
 915                if (copy_from_user(&range, (struct fstrim_range __user *)arg,
 916                    sizeof(range)))
 917                        return -EFAULT;
 918
 919                range.minlen = max((unsigned int)range.minlen,
 920                                   q->limits.discard_granularity);
 921                ret = ext4_trim_fs(sb, &range);
 922                if (ret < 0)
 923                        return ret;
 924
 925                if (copy_to_user((struct fstrim_range __user *)arg, &range,
 926                    sizeof(range)))
 927                        return -EFAULT;
 928
 929                return 0;
 930        }
 931        case EXT4_IOC_PRECACHE_EXTENTS:
 932                return ext4_ext_precache(inode);
 933
 934        case EXT4_IOC_SET_ENCRYPTION_POLICY:
 935                if (!ext4_has_feature_encrypt(sb))
 936                        return -EOPNOTSUPP;
 937                return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
 938
 939        case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
 940#ifdef CONFIG_EXT4_FS_ENCRYPTION
 941                int err, err2;
 942                struct ext4_sb_info *sbi = EXT4_SB(sb);
 943                handle_t *handle;
 944
 945                if (!ext4_has_feature_encrypt(sb))
 946                        return -EOPNOTSUPP;
 947                if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
 948                        err = mnt_want_write_file(filp);
 949                        if (err)
 950                                return err;
 951                        handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
 952                        if (IS_ERR(handle)) {
 953                                err = PTR_ERR(handle);
 954                                goto pwsalt_err_exit;
 955                        }
 956                        err = ext4_journal_get_write_access(handle, sbi->s_sbh);
 957                        if (err)
 958                                goto pwsalt_err_journal;
 959                        generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
 960                        err = ext4_handle_dirty_metadata(handle, NULL,
 961                                                         sbi->s_sbh);
 962                pwsalt_err_journal:
 963                        err2 = ext4_journal_stop(handle);
 964                        if (err2 && !err)
 965                                err = err2;
 966                pwsalt_err_exit:
 967                        mnt_drop_write_file(filp);
 968                        if (err)
 969                                return err;
 970                }
 971                if (copy_to_user((void __user *) arg,
 972                                 sbi->s_es->s_encrypt_pw_salt, 16))
 973                        return -EFAULT;
 974                return 0;
 975#else
 976                return -EOPNOTSUPP;
 977#endif
 978        }
 979        case EXT4_IOC_GET_ENCRYPTION_POLICY:
 980                return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
 981
 982        case EXT4_IOC_FSGETXATTR:
 983        {
 984                struct fsxattr fa;
 985
 986                memset(&fa, 0, sizeof(struct fsxattr));
 987                fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE);
 988
 989                if (ext4_has_feature_project(inode->i_sb)) {
 990                        fa.fsx_projid = (__u32)from_kprojid(&init_user_ns,
 991                                EXT4_I(inode)->i_projid);
 992                }
 993
 994                if (copy_to_user((struct fsxattr __user *)arg,
 995                                 &fa, sizeof(fa)))
 996                        return -EFAULT;
 997                return 0;
 998        }
 999        case EXT4_IOC_FSSETXATTR:
1000        {

1001                struct fsxattr fa;
1002                int err;
1003
1004                if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1005                                   sizeof(fa)))
1006                        return -EFAULT;
1007
1008                /* Make sure caller has proper permission */
1009                if (!inode_owner_or_capable(inode))
1010                        return -EACCES;
1011
1012                if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1013                        return -EOPNOTSUPP;
1014
1015                flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1016                if (ext4_mask_flags(inode->i_mode, flags) != flags)
1017                        return -EOPNOTSUPP;
1018
1019                err = mnt_want_write_file(filp);
1020                if (err)
1021                        return err;
1022
1023                inode_lock(inode);
1024                flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1025                         (flags & EXT4_FL_XFLAG_VISIBLE);
1026                err = ext4_ioctl_setflags(inode, flags);
1027                inode_unlock(inode);
1028                mnt_drop_write_file(filp);
1029                if (err)
1030                        return err;
1031
1032                err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1033                if (err)
1034                        return err;
1035
1036                return 0;
1037        }
1038        case EXT4_IOC_SHUTDOWN:
1039                return ext4_shutdown(sb, arg);
1040        default:
1041                return -ENOTTY;
1042        }
1043}
1044
1045#ifdef CONFIG_COMPAT
1046long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1047{
1048        /* These are just misnamed, they actually get/put from/to user an int */
1049        switch (cmd) {
1050        case EXT4_IOC32_GETFLAGS:
1051                cmd = EXT4_IOC_GETFLAGS;
1052                break;
1053        case EXT4_IOC32_SETFLAGS:
1054                cmd = EXT4_IOC_SETFLAGS;
1055                break;
1056        case EXT4_IOC32_GETVERSION:
1057                cmd = EXT4_IOC_GETVERSION;
1058                break;
1059        case EXT4_IOC32_SETVERSION:
1060                cmd = EXT4_IOC_SETVERSION;
1061                break;
1062        case EXT4_IOC32_GROUP_EXTEND:
1063                cmd = EXT4_IOC_GROUP_EXTEND;
1064                break;
1065        case EXT4_IOC32_GETVERSION_OLD:
1066                cmd = EXT4_IOC_GETVERSION_OLD;
1067                break;
1068        case EXT4_IOC32_SETVERSION_OLD:
1069                cmd = EXT4_IOC_SETVERSION_OLD;
1070                break;
1071        case EXT4_IOC32_GETRSVSZ:
1072                cmd = EXT4_IOC_GETRSVSZ;
1073                break;
1074        case EXT4_IOC32_SETRSVSZ:
1075                cmd = EXT4_IOC_SETRSVSZ;
1076                break;
1077        case EXT4_IOC32_GROUP_ADD: {
1078                struct compat_ext4_new_group_input __user *uinput;
1079                struct ext4_new_group_input input;
1080                mm_segment_t old_fs;
1081                int err;
1082
1083                uinput = compat_ptr(arg);
1084                err = get_user(input.group, &uinput->group);
1085                err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1086                err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1087                err |= get_user(input.inode_table, &uinput->inode_table);
1088                err |= get_user(input.blocks_count, &uinput->blocks_count);
1089                err |= get_user(input.reserved_blocks,
1090                                &uinput->reserved_blocks);
1091                if (err)
1092                        return -EFAULT;
1093                old_fs = get_fs();
1094                set_fs(KERNEL_DS);
1095                err = ext4_ioctl(file, EXT4_IOC_GROUP_ADD,
1096                                 (unsigned long) &input);
1097                set_fs(old_fs);
1098                return err;
1099        }
1100        case EXT4_IOC_MOVE_EXT:
1101        case EXT4_IOC_RESIZE_FS:
1102        case EXT4_IOC_PRECACHE_EXTENTS:
1103        case EXT4_IOC_SET_ENCRYPTION_POLICY:
1104        case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1105        case EXT4_IOC_GET_ENCRYPTION_POLICY:
1106        case EXT4_IOC_SHUTDOWN:
1107        case FS_IOC_GETFSMAP:
1108                break;
1109        default:
1110                return -ENOIOCTLCMD;
1111        }
1112        return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1113}
1114#endif
1115