LXR linux/fs/ext4/ioctl.c

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * linux/fs/ext4/ioctl.c
   4 *
   5 * Copyright (C) 1993, 1994, 1995
   6 * Remy Card (card@masi.ibp.fr)
   7 * Laboratoire MASI - Institut Blaise Pascal
   8 * Universite Pierre et Marie Curie (Paris VI)
   9 */
  10
  11#include <linux/fs.h>
  12#include <linux/capability.h>
  13#include <linux/time.h>
  14#include <linux/compat.h>
  15#include <linux/mount.h>
  16#include <linux/file.h>
  17#include <linux/quotaops.h>
  18#include <linux/random.h>
  19#include <linux/uuid.h>
  20#include <linux/uaccess.h>
  21#include <linux/delay.h>
  22#include <linux/iversion.h>
  23#include "ext4_jbd2.h"
  24#include "ext4.h"
  25#include <linux/fsmap.h>
  26#include "fsmap.h"
  27#include <trace/events/ext4.h>
  28
  29/**
  30 * Swap memory between @a and @b for @len bytes.
  31 *
  32 * @a:          pointer to first memory area
  33 * @b:          pointer to second memory area
  34 * @len:        number of bytes to swap
  35 *
  36 */
  37static void memswap(void *a, void *b, size_t len)
  38{
  39        unsigned char *ap, *bp;
  40
  41        ap = (unsigned char *)a;
  42        bp = (unsigned char *)b;
  43        while (len-- > 0) {
  44                swap(*ap, *bp);
  45                ap++;
  46                bp++;
  47        }
  48}
  49
  50/**
  51 * Swap i_data and associated attributes between @inode1 and @inode2.
  52 * This function is used for the primary swap between inode1 and inode2
  53 * and also to revert this primary swap in case of errors.
  54 *
  55 * Therefore you have to make sure, that calling this method twice
  56 * will revert all changes.
  57 *
  58 * @inode1:     pointer to first inode
  59 * @inode2:     pointer to second inode
  60 */
  61static void swap_inode_data(struct inode *inode1, struct inode *inode2)
  62{
  63        loff_t isize;
  64        struct ext4_inode_info *ei1;
  65        struct ext4_inode_info *ei2;
  66
  67        ei1 = EXT4_I(inode1);
  68        ei2 = EXT4_I(inode2);
  69
  70        swap(inode1->i_flags, inode2->i_flags);
  71        swap(inode1->i_version, inode2->i_version);
  72        swap(inode1->i_blocks, inode2->i_blocks);
  73        swap(inode1->i_bytes, inode2->i_bytes);
  74        swap(inode1->i_atime, inode2->i_atime);
  75        swap(inode1->i_mtime, inode2->i_mtime);
  76
  77        memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
  78        swap(ei1->i_flags, ei2->i_flags);
  79        swap(ei1->i_disksize, ei2->i_disksize);
  80        ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
  81        ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
  82
  83        isize = i_size_read(inode1);
  84        i_size_write(inode1, i_size_read(inode2));
  85        i_size_write(inode2, isize);
  86}
  87
  88/**
  89 * Swap the information from the given @inode and the inode
  90 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
  91 * important fields of the inodes.
  92 *
  93 * @sb:         the super block of the filesystem
  94 * @inode:      the inode to swap with EXT4_BOOT_LOADER_INO
  95 *
  96 */
  97static long swap_inode_boot_loader(struct super_block *sb,
  98                                struct inode *inode)
  99{
 100        handle_t *handle;
 101        int err;
 102        struct inode *inode_bl;
 103        struct ext4_inode_info *ei_bl;
 104
 105        if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode))
 106                return -EINVAL;
 107
 108        if (!inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN))
 109                return -EPERM;
 110
 111        inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO);
 112        if (IS_ERR(inode_bl))
 113                return PTR_ERR(inode_bl);
 114        ei_bl = EXT4_I(inode_bl);
 115
 116        filemap_flush(inode->i_mapping);
 117        filemap_flush(inode_bl->i_mapping);
 118
 119        /* Protect orig inodes against a truncate and make sure,
 120         * that only 1 swap_inode_boot_loader is running. */
 121        lock_two_nondirectories(inode, inode_bl);
 122
 123        truncate_inode_pages(&inode->i_data, 0);
 124        truncate_inode_pages(&inode_bl->i_data, 0);
 125
 126        /* Wait for all existing dio workers */
 127        ext4_inode_block_unlocked_dio(inode);
 128        ext4_inode_block_unlocked_dio(inode_bl);
 129        inode_dio_wait(inode);
 130        inode_dio_wait(inode_bl);
 131
 132        handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
 133        if (IS_ERR(handle)) {
 134                err = -EINVAL;
 135                goto journal_err_out;
 136        }
 137
 138        /* Protect extent tree against block allocations via delalloc */
 139        ext4_double_down_write_data_sem(inode, inode_bl);
 140
 141        if (inode_bl->i_nlink == 0) {
 142                /* this inode has never been used as a BOOT_LOADER */
 143                set_nlink(inode_bl, 1);
 144                i_uid_write(inode_bl, 0);
 145                i_gid_write(inode_bl, 0);
 146                inode_bl->i_flags = 0;
 147                ei_bl->i_flags = 0;
 148                inode_set_iversion(inode_bl, 1);
 149                i_size_write(inode_bl, 0);
 150                inode_bl->i_mode = S_IFREG;
 151                if (ext4_has_feature_extents(sb)) {
 152                        ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
 153                        ext4_ext_tree_init(handle, inode_bl);
 154                } else
 155                        memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
 156        }
 157
 158        swap_inode_data(inode, inode_bl);
 159
 160        inode->i_ctime = inode_bl->i_ctime = current_time(inode);
 161
 162        inode->i_generation = prandom_u32();
 163        inode_bl->i_generation = prandom_u32();
 164
 165        ext4_discard_preallocations(inode);
 166
 167        err = ext4_mark_inode_dirty(handle, inode);
 168        if (err < 0) {
 169                ext4_warning(inode->i_sb,
 170                        "couldn't mark inode #%lu dirty (err %d)",
 171                        inode->i_ino, err);
 172                /* Revert all changes: */
 173                swap_inode_data(inode, inode_bl);
 174        } else {
 175                err = ext4_mark_inode_dirty(handle, inode_bl);
 176                if (err < 0) {
 177                        ext4_warning(inode_bl->i_sb,
 178                                "couldn't mark inode #%lu dirty (err %d)",
 179                                inode_bl->i_ino, err);
 180                        /* Revert all changes: */
 181                        swap_inode_data(inode, inode_bl);
 182                        ext4_mark_inode_dirty(handle, inode);
 183                }
 184        }
 185        ext4_journal_stop(handle);
 186        ext4_double_up_write_data_sem(inode, inode_bl);
 187
 188journal_err_out:
 189        ext4_inode_resume_unlocked_dio(inode);
 190        ext4_inode_resume_unlocked_dio(inode_bl);
 191        unlock_two_nondirectories(inode, inode_bl);
 192        iput(inode_bl);
 193        return err;
 194}
 195
 196#ifdef CONFIG_EXT4_FS_ENCRYPTION
 197static int uuid_is_zero(__u8 u[16])
 198{
 199        int     i;
 200
 201        for (i = 0; i < 16; i++)
 202                if (u[i])
 203                        return 0;
 204        return 1;
 205}
 206#endif
 207
 208static int ext4_ioctl_setflags(struct inode *inode,
 209                               unsigned int flags)
 210{
 211        struct ext4_inode_info *ei = EXT4_I(inode);
 212        handle_t *handle = NULL;
 213        int err = -EPERM, migrate = 0;
 214        struct ext4_iloc iloc;
 215        unsigned int oldflags, mask, i;
 216        unsigned int jflag;
 217
 218        /* Is it quota file? Do not allow user to mess with it */
 219        if (ext4_is_quota_file(inode))
 220                goto flags_out;
 221
 222        oldflags = ei->i_flags;
 223
 224        /* The JOURNAL_DATA flag is modifiable only by root */
 225        jflag = flags & EXT4_JOURNAL_DATA_FL;
 226
 227        /*
 228         * The IMMUTABLE and APPEND_ONLY flags can only be changed by
 229         * the relevant capability.
 230         *
 231         * This test looks nicer. Thanks to Pauline Middelink
 232         */
 233        if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
 234                if (!capable(CAP_LINUX_IMMUTABLE))
 235                        goto flags_out;
 236        }
 237
 238        /*
 239         * The JOURNAL_DATA flag can only be changed by
 240         * the relevant capability.
 241         */
 242        if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
 243                if (!capable(CAP_SYS_RESOURCE))
 244                        goto flags_out;
 245        }
 246        if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
 247                migrate = 1;
 248
 249        if (flags & EXT4_EOFBLOCKS_FL) {
 250                /* we don't support adding EOFBLOCKS flag */
 251                if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
 252                        err = -EOPNOTSUPP;
 253                        goto flags_out;
 254                }
 255        } else if (oldflags & EXT4_EOFBLOCKS_FL) {
 256                err = ext4_truncate(inode);
 257                if (err)
 258                        goto flags_out;
 259        }
 260
 261        handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
 262        if (IS_ERR(handle)) {
 263                err = PTR_ERR(handle);
 264                goto flags_out;
 265        }
 266        if (IS_SYNC(inode))
 267                ext4_handle_sync(handle);
 268        err = ext4_reserve_inode_write(handle, inode, &iloc);
 269        if (err)
 270                goto flags_err;
 271
 272        for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
 273                if (!(mask & EXT4_FL_USER_MODIFIABLE))
 274                        continue;
 275                /* These flags get special treatment later */
 276                if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
 277                        continue;
 278                if (mask & flags)
 279                        ext4_set_inode_flag(inode, i);
 280                else
 281                        ext4_clear_inode_flag(inode, i);
 282        }
 283
 284        ext4_set_inode_flags(inode);
 285        inode->i_ctime = current_time(inode);
 286
 287        err = ext4_mark_iloc_dirty(handle, inode, &iloc);
 288flags_err:
 289        ext4_journal_stop(handle);
 290        if (err)
 291                goto flags_out;
 292
 293        if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
 294                /*
 295                 * Changes to the journaling mode can cause unsafe changes to
 296                 * S_DAX if we are using the DAX mount option.
 297                 */
 298                if (test_opt(inode->i_sb, DAX)) {
 299                        err = -EBUSY;
 300                        goto flags_out;
 301                }
 302
 303                err = ext4_change_inode_journal_flag(inode, jflag);
 304                if (err)
 305                        goto flags_out;
 306        }
 307        if (migrate) {
 308                if (flags & EXT4_EXTENTS_FL)
 309                        err = ext4_ext_migrate(inode);
 310                else
 311                        err = ext4_ind_migrate(inode);
 312        }
 313
 314flags_out:
 315        return err;
 316}
 317
 318#ifdef CONFIG_QUOTA
 319static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
 320{
 321        struct inode *inode = file_inode(filp);
 322        struct super_block *sb = inode->i_sb;
 323        struct ext4_inode_info *ei = EXT4_I(inode);
 324        int err, rc;
 325        handle_t *handle;
 326        kprojid_t kprojid;
 327        struct ext4_iloc iloc;
 328        struct ext4_inode *raw_inode;
 329        struct dquot *transfer_to[MAXQUOTAS] = { };
 330
 331        if (!ext4_has_feature_project(sb)) {
 332                if (projid != EXT4_DEF_PROJID)
 333                        return -EOPNOTSUPP;
 334                else
 335                        return 0;
 336        }
 337
 338        if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
 339                return -EOPNOTSUPP;
 340
 341        kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
 342
 343        if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
 344                return 0;
 345
 346        err = mnt_want_write_file(filp);
 347        if (err)
 348                return err;
 349
 350        err = -EPERM;
 351        inode_lock(inode);
 352        /* Is it quota file? Do not allow user to mess with it */
 353        if (ext4_is_quota_file(inode))
 354                goto out_unlock;
 355
 356        err = ext4_get_inode_loc(inode, &iloc);
 357        if (err)
 358                goto out_unlock;
 359
 360        raw_inode = ext4_raw_inode(&iloc);
 361        if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
 362                err = ext4_expand_extra_isize(inode,
 363                                              EXT4_SB(sb)->s_want_extra_isize,
 364                                              &iloc);
 365                if (err)
 366                        goto out_unlock;
 367        } else {
 368                brelse(iloc.bh);
 369        }
 370
 371        dquot_initialize(inode);
 372
 373        handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
 374                EXT4_QUOTA_INIT_BLOCKS(sb) +
 375                EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
 376        if (IS_ERR(handle)) {
 377                err = PTR_ERR(handle);
 378                goto out_unlock;
 379        }
 380
 381        err = ext4_reserve_inode_write(handle, inode, &iloc);
 382        if (err)
 383                goto out_stop;
 384
 385        transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
 386        if (!IS_ERR(transfer_to[PRJQUOTA])) {
 387
 388                /* __dquot_transfer() calls back ext4_get_inode_usage() which
 389                 * counts xattr inode references.
 390                 */
 391                down_read(&EXT4_I(inode)->xattr_sem);
 392                err = __dquot_transfer(inode, transfer_to);
 393                up_read(&EXT4_I(inode)->xattr_sem);
 394                dqput(transfer_to[PRJQUOTA]);
 395                if (err)
 396                        goto out_dirty;
 397        }
 398
 399        EXT4_I(inode)->i_projid = kprojid;
 400        inode->i_ctime = current_time(inode);
 401out_dirty:
 402        rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
 403        if (!err)
 404                err = rc;
 405out_stop:
 406        ext4_journal_stop(handle);
 407out_unlock:
 408        inode_unlock(inode);
 409        mnt_drop_write_file(filp);
 410        return err;
 411}
 412#else
 413static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
 414{
 415        if (projid != EXT4_DEF_PROJID)
 416                return -EOPNOTSUPP;
 417        return 0;
 418}
 419#endif
 420
 421/* Transfer internal flags to xflags */
 422static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
 423{
 424        __u32 xflags = 0;
 425
 426        if (iflags & EXT4_SYNC_FL)
 427                xflags |= FS_XFLAG_SYNC;
 428        if (iflags & EXT4_IMMUTABLE_FL)
 429                xflags |= FS_XFLAG_IMMUTABLE;
 430        if (iflags & EXT4_APPEND_FL)
 431                xflags |= FS_XFLAG_APPEND;
 432        if (iflags & EXT4_NODUMP_FL)
 433                xflags |= FS_XFLAG_NODUMP;
 434        if (iflags & EXT4_NOATIME_FL)
 435                xflags |= FS_XFLAG_NOATIME;
 436        if (iflags & EXT4_PROJINHERIT_FL)
 437                xflags |= FS_XFLAG_PROJINHERIT;
 438        return xflags;
 439}
 440
 441#define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
 442                                  FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
 443                                  FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT)
 444
 445/* Transfer xflags flags to internal */
 446static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
 447{
 448        unsigned long iflags = 0;
 449
 450        if (xflags & FS_XFLAG_SYNC)
 451                iflags |= EXT4_SYNC_FL;
 452        if (xflags & FS_XFLAG_IMMUTABLE)
 453                iflags |= EXT4_IMMUTABLE_FL;
 454        if (xflags & FS_XFLAG_APPEND)
 455                iflags |= EXT4_APPEND_FL;
 456        if (xflags & FS_XFLAG_NODUMP)
 457                iflags |= EXT4_NODUMP_FL;
 458        if (xflags & FS_XFLAG_NOATIME)
 459                iflags |= EXT4_NOATIME_FL;
 460        if (xflags & FS_XFLAG_PROJINHERIT)
 461                iflags |= EXT4_PROJINHERIT_FL;
 462
 463        return iflags;
 464}
 465
 466static int ext4_shutdown(struct super_block *sb, unsigned long arg)
 467{
 468        struct ext4_sb_info *sbi = EXT4_SB(sb);
 469        __u32 flags;
 470
 471        if (!capable(CAP_SYS_ADMIN))
 472                return -EPERM;
 473
 474        if (get_user(flags, (__u32 __user *)arg))
 475                return -EFAULT;
 476
 477        if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
 478                return -EINVAL;
 479
 480        if (ext4_forced_shutdown(sbi))
 481                return 0;
 482
 483        ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
 484
 485        switch (flags) {
 486        case EXT4_GOING_FLAGS_DEFAULT:
 487                freeze_bdev(sb->s_bdev);
 488                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 489                thaw_bdev(sb->s_bdev, sb);
 490                break;
 491        case EXT4_GOING_FLAGS_LOGFLUSH:
 492                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 493                if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
 494                        (void) ext4_force_commit(sb);
 495                        jbd2_journal_abort(sbi->s_journal, 0);
 496                }
 497                break;
 498        case EXT4_GOING_FLAGS_NOLOGFLUSH:
 499                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 500                if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
 501                        msleep(100);
 502                        jbd2_journal_abort(sbi->s_journal, 0);
 503                }
 504                break;
 505        default:
 506                return -EINVAL;
 507        }
 508        clear_opt(sb, DISCARD);
 509        return 0;
 510}
 511
 512struct getfsmap_info {
 513        struct super_block      *gi_sb;
 514        struct fsmap_head __user *gi_data;
 515        unsigned int            gi_idx;
 516        __u32                   gi_last_flags;
 517};
 518
 519static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
 520{
 521        struct getfsmap_info *info = priv;
 522        struct fsmap fm;
 523
 524        trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
 525
 526        info->gi_last_flags = xfm->fmr_flags;
 527        ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
 528        if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
 529                        sizeof(struct fsmap)))
 530                return -EFAULT;
 531
 532        return 0;
 533}
 534
 535static int ext4_ioc_getfsmap(struct super_block *sb,
 536                             struct fsmap_head __user *arg)
 537{
 538        struct getfsmap_info info = {0};
 539        struct ext4_fsmap_head xhead = {0};
 540        struct fsmap_head head;
 541        bool aborted = false;
 542        int error;
 543
 544        if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
 545                return -EFAULT;
 546        if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
 547            memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
 548                       sizeof(head.fmh_keys[0].fmr_reserved)) ||
 549            memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
 550                       sizeof(head.fmh_keys[1].fmr_reserved)))
 551                return -EINVAL;
 552        /*
 553         * ext4 doesn't report file extents at all, so the only valid
 554         * file offsets are the magic ones (all zeroes or all ones).
 555         */
 556        if (head.fmh_keys[0].fmr_offset ||
 557            (head.fmh_keys[1].fmr_offset != 0 &&
 558             head.fmh_keys[1].fmr_offset != -1ULL))
 559                return -EINVAL;
 560
 561        xhead.fmh_iflags = head.fmh_iflags;
 562        xhead.fmh_count = head.fmh_count;
 563        ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
 564        ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
 565
 566        trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
 567        trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
 568
 569        info.gi_sb = sb;
 570        info.gi_data = arg;
 571        error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
 572        if (error == EXT4_QUERY_RANGE_ABORT) {
 573                error = 0;
 574                aborted = true;
 575        } else if (error)
 576                return error;
 577
 578        /* If we didn't abort, set the "last" flag in the last fmx */
 579        if (!aborted && info.gi_idx) {
 580                info.gi_last_flags |= FMR_OF_LAST;
 581                if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
 582                                 &info.gi_last_flags,
 583                                 sizeof(info.gi_last_flags)))
 584                        return -EFAULT;
 585        }
 586
 587        /* copy back header */
 588        head.fmh_entries = xhead.fmh_entries;
 589        head.fmh_oflags = xhead.fmh_oflags;
 590        if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
 591                return -EFAULT;
 592
 593        return 0;
 594}
 595
 596static long ext4_ioctl_group_add(struct file *file,
 597                                 struct ext4_new_group_data *input)
 598{
 599        struct super_block *sb = file_inode(file)->i_sb;
 600        int err, err2=0;
 601
 602        err = ext4_resize_begin(sb);
 603        if (err)
 604                return err;
 605
 606        if (ext4_has_feature_bigalloc(sb)) {
 607                ext4_msg(sb, KERN_ERR,
 608                         "Online resizing not supported with bigalloc");
 609                err = -EOPNOTSUPP;
 610                goto group_add_out;
 611        }
 612
 613        err = mnt_want_write_file(file);
 614        if (err)
 615                goto group_add_out;
 616
 617        err = ext4_group_add(sb, input);
 618        if (EXT4_SB(sb)->s_journal) {
 619                jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
 620                err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
 621                jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
 622        }
 623        if (err == 0)
 624                err = err2;
 625        mnt_drop_write_file(file);
 626        if (!err && ext4_has_group_desc_csum(sb) &&
 627            test_opt(sb, INIT_INODE_TABLE))
 628                err = ext4_register_li_request(sb, input->group);
 629group_add_out:
 630        ext4_resize_end(sb);
 631        return err;
 632}
 633
 634long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 635{
 636        struct inode *inode = file_inode(filp);
 637        struct super_block *sb = inode->i_sb;
 638        struct ext4_inode_info *ei = EXT4_I(inode);
 639        unsigned int flags;
 640
 641        ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
 642
 643        switch (cmd) {
 644        case FS_IOC_GETFSMAP:
 645                return ext4_ioc_getfsmap(sb, (void __user *)arg);
 646        case EXT4_IOC_GETFLAGS:
 647                flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
 648                return put_user(flags, (int __user *) arg);
 649        case EXT4_IOC_SETFLAGS: {
 650                int err;
 651
 652                if (!inode_owner_or_capable(inode))
 653                        return -EACCES;
 654
 655                if (get_user(flags, (int __user *) arg))
 656                        return -EFAULT;
 657
 658                if (flags & ~EXT4_FL_USER_VISIBLE)
 659                        return -EOPNOTSUPP;
 660                /*
 661                 * chattr(1) grabs flags via GETFLAGS, modifies the result and
 662                 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
 663                 * more restrictive than just silently masking off visible but
 664                 * not settable flags as we always did.
 665                 */
 666                flags &= EXT4_FL_USER_MODIFIABLE;
 667                if (ext4_mask_flags(inode->i_mode, flags) != flags)
 668                        return -EOPNOTSUPP;
 669
 670                err = mnt_want_write_file(filp);
 671                if (err)
 672                        return err;
 673
 674                inode_lock(inode);
 675                err = ext4_ioctl_setflags(inode, flags);
 676                inode_unlock(inode);
 677                mnt_drop_write_file(filp);
 678                return err;
 679        }
 680        case EXT4_IOC_GETVERSION:
 681        case EXT4_IOC_GETVERSION_OLD:
 682                return put_user(inode->i_generation, (int __user *) arg);
 683        case EXT4_IOC_SETVERSION:
 684        case EXT4_IOC_SETVERSION_OLD: {
 685                handle_t *handle;
 686                struct ext4_iloc iloc;
 687                __u32 generation;
 688                int err;
 689
 690                if (!inode_owner_or_capable(inode))
 691                        return -EPERM;
 692
 693                if (ext4_has_metadata_csum(inode->i_sb)) {
 694                        ext4_warning(sb, "Setting inode version is not "
 695                                     "supported with metadata_csum enabled.");
 696                        return -ENOTTY;
 697                }
 698
 699                err = mnt_want_write_file(filp);
 700                if (err)
 701                        return err;
 702                if (get_user(generation, (int __user *) arg)) {
 703                        err = -EFAULT;
 704                        goto setversion_out;
 705                }
 706
 707                inode_lock(inode);
 708                handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
 709                if (IS_ERR(handle)) {
 710                        err = PTR_ERR(handle);
 711                        goto unlock_out;
 712                }
 713                err = ext4_reserve_inode_write(handle, inode, &iloc);
 714                if (err == 0) {
 715                        inode->i_ctime = current_time(inode);
 716                        inode->i_generation = generation;
 717                        err = ext4_mark_iloc_dirty(handle, inode, &iloc);
 718                }
 719                ext4_journal_stop(handle);
 720
 721unlock_out:
 722                inode_unlock(inode);
 723setversion_out:
 724                mnt_drop_write_file(filp);
 725                return err;
 726        }
 727        case EXT4_IOC_GROUP_EXTEND: {
 728                ext4_fsblk_t n_blocks_count;
 729                int err, err2=0;
 730
 731                err = ext4_resize_begin(sb);
 732                if (err)
 733                        return err;
 734
 735                if (get_user(n_blocks_count, (__u32 __user *)arg)) {
 736                        err = -EFAULT;
 737                        goto group_extend_out;
 738                }
 739
 740                if (ext4_has_feature_bigalloc(sb)) {
 741                        ext4_msg(sb, KERN_ERR,
 742                                 "Online resizing not supported with bigalloc");
 743                        err = -EOPNOTSUPP;
 744                        goto group_extend_out;
 745                }
 746
 747                err = mnt_want_write_file(filp);
 748                if (err)
 749                        goto group_extend_out;
 750
 751                err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
 752                if (EXT4_SB(sb)->s_journal) {
 753                        jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
 754                        err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
 755                        jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
 756                }
 757                if (err == 0)
 758                        err = err2;
 759                mnt_drop_write_file(filp);
 760group_extend_out:
 761                ext4_resize_end(sb);
 762                return err;
 763        }
 764
 765        case EXT4_IOC_MOVE_EXT: {
 766                struct move_extent me;
 767                struct fd donor;
 768                int err;
 769
 770                if (!(filp->f_mode & FMODE_READ) ||
 771                    !(filp->f_mode & FMODE_WRITE))
 772                        return -EBADF;
 773
 774                if (copy_from_user(&me,
 775                        (struct move_extent __user *)arg, sizeof(me)))
 776                        return -EFAULT;
 777                me.moved_len = 0;
 778
 779                donor = fdget(me.donor_fd);
 780                if (!donor.file)
 781                        return -EBADF;
 782
 783                if (!(donor.file->f_mode & FMODE_WRITE)) {
 784                        err = -EBADF;
 785                        goto mext_out;
 786                }
 787
 788                if (ext4_has_feature_bigalloc(sb)) {
 789                        ext4_msg(sb, KERN_ERR,
 790                                 "Online defrag not supported with bigalloc");
 791                        err = -EOPNOTSUPP;
 792                        goto mext_out;
 793                } else if (IS_DAX(inode)) {
 794                        ext4_msg(sb, KERN_ERR,
 795                                 "Online defrag not supported with DAX");
 796                        err = -EOPNOTSUPP;
 797                        goto mext_out;
 798                }
 799
 800                err = mnt_want_write_file(filp);
 801                if (err)
 802                        goto mext_out;
 803
 804                err = ext4_move_extents(filp, donor.file, me.orig_start,
 805                                        me.donor_start, me.len, &me.moved_len);
 806                mnt_drop_write_file(filp);
 807
 808                if (copy_to_user((struct move_extent __user *)arg,
 809                                 &me, sizeof(me)))
 810                        err = -EFAULT;
 811mext_out:
 812                fdput(donor);
 813                return err;
 814        }
 815
 816        case EXT4_IOC_GROUP_ADD: {
 817                struct ext4_new_group_data input;
 818
 819                if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
 820                                sizeof(input)))
 821                        return -EFAULT;
 822
 823                return ext4_ioctl_group_add(filp, &input);
 824        }
 825
 826        case EXT4_IOC_MIGRATE:
 827        {
 828                int err;
 829                if (!inode_owner_or_capable(inode))
 830                        return -EACCES;
 831
 832                err = mnt_want_write_file(filp);
 833                if (err)
 834                        return err;
 835                /*
 836                 * inode_mutex prevent write and truncate on the file.
 837                 * Read still goes through. We take i_data_sem in
 838                 * ext4_ext_swap_inode_data before we switch the
 839                 * inode format to prevent read.
 840                 */
 841                inode_lock((inode));
 842                err = ext4_ext_migrate(inode);
 843                inode_unlock((inode));
 844                mnt_drop_write_file(filp);
 845                return err;
 846        }
 847
 848        case EXT4_IOC_ALLOC_DA_BLKS:
 849        {
 850                int err;
 851                if (!inode_owner_or_capable(inode))
 852                        return -EACCES;
 853
 854                err = mnt_want_write_file(filp);
 855                if (err)
 856                        return err;
 857                err = ext4_alloc_da_blocks(inode);
 858                mnt_drop_write_file(filp);
 859                return err;
 860        }
 861
 862        case EXT4_IOC_SWAP_BOOT:
 863        {
 864                int err;
 865                if (!(filp->f_mode & FMODE_WRITE))
 866                        return -EBADF;
 867                err = mnt_want_write_file(filp);
 868                if (err)
 869                        return err;
 870                err = swap_inode_boot_loader(sb, inode);
 871                mnt_drop_write_file(filp);
 872                return err;
 873        }
 874
 875        case EXT4_IOC_RESIZE_FS: {
 876                ext4_fsblk_t n_blocks_count;
 877                int err = 0, err2 = 0;
 878                ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
 879
 880                if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
 881                                   sizeof(__u64))) {
 882                        return -EFAULT;
 883                }
 884
 885                err = ext4_resize_begin(sb);
 886                if (err)
 887                        return err;
 888
 889                err = mnt_want_write_file(filp);
 890                if (err)
 891                        goto resizefs_out;
 892
 893                err = ext4_resize_fs(sb, n_blocks_count);
 894                if (EXT4_SB(sb)->s_journal) {
 895                        jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
 896                        err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
 897                        jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
 898                }
 899                if (err == 0)
 900                        err = err2;
 901                mnt_drop_write_file(filp);
 902                if (!err && (o_group > EXT4_SB(sb)->s_groups_count) &&
 903                    ext4_has_group_desc_csum(sb) &&
 904                    test_opt(sb, INIT_INODE_TABLE))
 905                        err = ext4_register_li_request(sb, o_group);
 906
 907resizefs_out:
 908                ext4_resize_end(sb);
 909                return err;
 910        }
 911
 912        case FITRIM:
 913        {
 914                struct request_queue *q = bdev_get_queue(sb->s_bdev);
 915                struct fstrim_range range;
 916                int ret = 0;
 917
 918                if (!capable(CAP_SYS_ADMIN))
 919                        return -EPERM;
 920
 921                if (!blk_queue_discard(q))
 922                        return -EOPNOTSUPP;
 923
 924                if (copy_from_user(&range, (struct fstrim_range __user *)arg,
 925                    sizeof(range)))
 926                        return -EFAULT;
 927
 928                range.minlen = max((unsigned int)range.minlen,
 929                                   q->limits.discard_granularity);
 930                ret = ext4_trim_fs(sb, &range);
 931                if (ret < 0)
 932                        return ret;
 933
 934                if (copy_to_user((struct fstrim_range __user *)arg, &range,
 935                    sizeof(range)))
 936                        return -EFAULT;
 937
 938                return 0;
 939        }
 940        case EXT4_IOC_PRECACHE_EXTENTS:
 941                return ext4_ext_precache(inode);
 942
 943        case EXT4_IOC_SET_ENCRYPTION_POLICY:
 944                if (!ext4_has_feature_encrypt(sb))
 945                        return -EOPNOTSUPP;
 946                return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
 947
 948        case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
 949#ifdef CONFIG_EXT4_FS_ENCRYPTION
 950                int err, err2;
 951                struct ext4_sb_info *sbi = EXT4_SB(sb);
 952                handle_t *handle;
 953
 954                if (!ext4_has_feature_encrypt(sb))
 955                        return -EOPNOTSUPP;
 956                if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
 957                        err = mnt_want_write_file(filp);
 958                        if (err)
 959                                return err;
 960                        handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
 961                        if (IS_ERR(handle)) {
 962                                err = PTR_ERR(handle);
 963                                goto pwsalt_err_exit;
 964                        }
 965                        err = ext4_journal_get_write_access(handle, sbi->s_sbh);
 966                        if (err)
 967                                goto pwsalt_err_journal;
 968                        generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
 969                        err = ext4_handle_dirty_metadata(handle, NULL,
 970                                                         sbi->s_sbh);
 971                pwsalt_err_journal:
 972                        err2 = ext4_journal_stop(handle);
 973                        if (err2 && !err)
 974                                err = err2;
 975                pwsalt_err_exit:
 976                        mnt_drop_write_file(filp);
 977                        if (err)
 978                                return err;
 979                }
 980                if (copy_to_user((void __user *) arg,
 981                                 sbi->s_es->s_encrypt_pw_salt, 16))
 982                        return -EFAULT;
 983                return 0;
 984#else
 985                return -EOPNOTSUPP;
 986#endif
 987        }
 988        case EXT4_IOC_GET_ENCRYPTION_POLICY:
 989                return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
 990
 991        case EXT4_IOC_FSGETXATTR:
 992        {
 993                struct fsxattr fa;
 994
 995                memset(&fa, 0, sizeof(struct fsxattr));
 996                fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE);
 997
 998                if (ext4_has_feature_project(inode->i_sb)) {
 999                        fa.fsx_projid = (__u32)from_kprojid(&init_user_ns,
1000                                EXT4_I(inode)->i_projid);

1001                }
1002
1003                if (copy_to_user((struct fsxattr __user *)arg,
1004                                 &fa, sizeof(fa)))
1005                        return -EFAULT;
1006                return 0;
1007        }
1008        case EXT4_IOC_FSSETXATTR:
1009        {
1010                struct fsxattr fa;
1011                int err;
1012
1013                if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1014                                   sizeof(fa)))
1015                        return -EFAULT;
1016
1017                /* Make sure caller has proper permission */
1018                if (!inode_owner_or_capable(inode))
1019                        return -EACCES;
1020
1021                if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1022                        return -EOPNOTSUPP;
1023
1024                flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1025                if (ext4_mask_flags(inode->i_mode, flags) != flags)
1026                        return -EOPNOTSUPP;
1027
1028                err = mnt_want_write_file(filp);
1029                if (err)
1030                        return err;
1031
1032                inode_lock(inode);
1033                flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1034                         (flags & EXT4_FL_XFLAG_VISIBLE);
1035                err = ext4_ioctl_setflags(inode, flags);
1036                inode_unlock(inode);
1037                mnt_drop_write_file(filp);
1038                if (err)
1039                        return err;
1040
1041                err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1042                if (err)
1043                        return err;
1044
1045                return 0;
1046        }
1047        case EXT4_IOC_SHUTDOWN:
1048                return ext4_shutdown(sb, arg);
1049        default:
1050                return -ENOTTY;
1051        }
1052}
1053
1054#ifdef CONFIG_COMPAT
1055long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1056{
1057        /* These are just misnamed, they actually get/put from/to user an int */
1058        switch (cmd) {
1059        case EXT4_IOC32_GETFLAGS:
1060                cmd = EXT4_IOC_GETFLAGS;
1061                break;
1062        case EXT4_IOC32_SETFLAGS:
1063                cmd = EXT4_IOC_SETFLAGS;
1064                break;
1065        case EXT4_IOC32_GETVERSION:
1066                cmd = EXT4_IOC_GETVERSION;
1067                break;
1068        case EXT4_IOC32_SETVERSION:
1069                cmd = EXT4_IOC_SETVERSION;
1070                break;
1071        case EXT4_IOC32_GROUP_EXTEND:
1072                cmd = EXT4_IOC_GROUP_EXTEND;
1073                break;
1074        case EXT4_IOC32_GETVERSION_OLD:
1075                cmd = EXT4_IOC_GETVERSION_OLD;
1076                break;
1077        case EXT4_IOC32_SETVERSION_OLD:
1078                cmd = EXT4_IOC_SETVERSION_OLD;
1079                break;
1080        case EXT4_IOC32_GETRSVSZ:
1081                cmd = EXT4_IOC_GETRSVSZ;
1082                break;
1083        case EXT4_IOC32_SETRSVSZ:
1084                cmd = EXT4_IOC_SETRSVSZ;
1085                break;
1086        case EXT4_IOC32_GROUP_ADD: {
1087                struct compat_ext4_new_group_input __user *uinput;
1088                struct ext4_new_group_data input;
1089                int err;
1090
1091                uinput = compat_ptr(arg);
1092                err = get_user(input.group, &uinput->group);
1093                err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1094                err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1095                err |= get_user(input.inode_table, &uinput->inode_table);
1096                err |= get_user(input.blocks_count, &uinput->blocks_count);
1097                err |= get_user(input.reserved_blocks,
1098                                &uinput->reserved_blocks);
1099                if (err)
1100                        return -EFAULT;
1101                return ext4_ioctl_group_add(file, &input);
1102        }
1103        case EXT4_IOC_MOVE_EXT:
1104        case EXT4_IOC_RESIZE_FS:
1105        case EXT4_IOC_PRECACHE_EXTENTS:
1106        case EXT4_IOC_SET_ENCRYPTION_POLICY:
1107        case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1108        case EXT4_IOC_GET_ENCRYPTION_POLICY:
1109        case EXT4_IOC_SHUTDOWN:
1110        case FS_IOC_GETFSMAP:
1111                break;
1112        default:
1113                return -ENOIOCTLCMD;
1114        }
1115        return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1116}
1117#endif
1118