LXR linux/fs/ext4/ioctl.c

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * linux/fs/ext4/ioctl.c
   4 *
   5 * Copyright (C) 1993, 1994, 1995
   6 * Remy Card (card@masi.ibp.fr)
   7 * Laboratoire MASI - Institut Blaise Pascal
   8 * Universite Pierre et Marie Curie (Paris VI)
   9 */
  10
  11#include <linux/fs.h>
  12#include <linux/capability.h>
  13#include <linux/time.h>
  14#include <linux/compat.h>
  15#include <linux/mount.h>
  16#include <linux/file.h>
  17#include <linux/quotaops.h>
  18#include <linux/random.h>
  19#include <linux/uuid.h>
  20#include <linux/uaccess.h>
  21#include <linux/delay.h>
  22#include <linux/iversion.h>
  23#include "ext4_jbd2.h"
  24#include "ext4.h"
  25#include <linux/fsmap.h>
  26#include "fsmap.h"
  27#include <trace/events/ext4.h>
  28
  29/**
  30 * Swap memory between @a and @b for @len bytes.
  31 *
  32 * @a:          pointer to first memory area
  33 * @b:          pointer to second memory area
  34 * @len:        number of bytes to swap
  35 *
  36 */
  37static void memswap(void *a, void *b, size_t len)
  38{
  39        unsigned char *ap, *bp;
  40
  41        ap = (unsigned char *)a;
  42        bp = (unsigned char *)b;
  43        while (len-- > 0) {
  44                swap(*ap, *bp);
  45                ap++;
  46                bp++;
  47        }
  48}
  49
  50/**
  51 * Swap i_data and associated attributes between @inode1 and @inode2.
  52 * This function is used for the primary swap between inode1 and inode2
  53 * and also to revert this primary swap in case of errors.
  54 *
  55 * Therefore you have to make sure, that calling this method twice
  56 * will revert all changes.
  57 *
  58 * @inode1:     pointer to first inode
  59 * @inode2:     pointer to second inode
  60 */
  61static void swap_inode_data(struct inode *inode1, struct inode *inode2)
  62{
  63        loff_t isize;
  64        struct ext4_inode_info *ei1;
  65        struct ext4_inode_info *ei2;
  66
  67        ei1 = EXT4_I(inode1);
  68        ei2 = EXT4_I(inode2);
  69
  70        swap(inode1->i_flags, inode2->i_flags);
  71        swap(inode1->i_version, inode2->i_version);
  72        swap(inode1->i_blocks, inode2->i_blocks);
  73        swap(inode1->i_bytes, inode2->i_bytes);
  74        swap(inode1->i_atime, inode2->i_atime);
  75        swap(inode1->i_mtime, inode2->i_mtime);
  76
  77        memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
  78        swap(ei1->i_flags, ei2->i_flags);
  79        swap(ei1->i_disksize, ei2->i_disksize);
  80        ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
  81        ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
  82
  83        isize = i_size_read(inode1);
  84        i_size_write(inode1, i_size_read(inode2));
  85        i_size_write(inode2, isize);
  86}
  87
  88/**
  89 * Swap the information from the given @inode and the inode
  90 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
  91 * important fields of the inodes.
  92 *
  93 * @sb:         the super block of the filesystem
  94 * @inode:      the inode to swap with EXT4_BOOT_LOADER_INO
  95 *
  96 */
  97static long swap_inode_boot_loader(struct super_block *sb,
  98                                struct inode *inode)
  99{
 100        handle_t *handle;
 101        int err;
 102        struct inode *inode_bl;
 103        struct ext4_inode_info *ei_bl;
 104
 105        if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode))
 106                return -EINVAL;
 107
 108        if (!inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN))
 109                return -EPERM;
 110
 111        inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO);
 112        if (IS_ERR(inode_bl))
 113                return PTR_ERR(inode_bl);
 114        ei_bl = EXT4_I(inode_bl);
 115
 116        filemap_flush(inode->i_mapping);
 117        filemap_flush(inode_bl->i_mapping);
 118
 119        /* Protect orig inodes against a truncate and make sure,
 120         * that only 1 swap_inode_boot_loader is running. */
 121        lock_two_nondirectories(inode, inode_bl);
 122
 123        truncate_inode_pages(&inode->i_data, 0);
 124        truncate_inode_pages(&inode_bl->i_data, 0);
 125
 126        /* Wait for all existing dio workers */
 127        inode_dio_wait(inode);
 128        inode_dio_wait(inode_bl);
 129
 130        handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
 131        if (IS_ERR(handle)) {
 132                err = -EINVAL;
 133                goto journal_err_out;
 134        }
 135
 136        /* Protect extent tree against block allocations via delalloc */
 137        ext4_double_down_write_data_sem(inode, inode_bl);
 138
 139        if (inode_bl->i_nlink == 0) {
 140                /* this inode has never been used as a BOOT_LOADER */
 141                set_nlink(inode_bl, 1);
 142                i_uid_write(inode_bl, 0);
 143                i_gid_write(inode_bl, 0);
 144                inode_bl->i_flags = 0;
 145                ei_bl->i_flags = 0;
 146                inode_set_iversion(inode_bl, 1);
 147                i_size_write(inode_bl, 0);
 148                inode_bl->i_mode = S_IFREG;
 149                if (ext4_has_feature_extents(sb)) {
 150                        ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
 151                        ext4_ext_tree_init(handle, inode_bl);
 152                } else
 153                        memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
 154        }
 155
 156        swap_inode_data(inode, inode_bl);
 157
 158        inode->i_ctime = inode_bl->i_ctime = current_time(inode);
 159
 160        inode->i_generation = prandom_u32();
 161        inode_bl->i_generation = prandom_u32();
 162
 163        ext4_discard_preallocations(inode);
 164
 165        err = ext4_mark_inode_dirty(handle, inode);
 166        if (err < 0) {
 167                ext4_warning(inode->i_sb,
 168                        "couldn't mark inode #%lu dirty (err %d)",
 169                        inode->i_ino, err);
 170                /* Revert all changes: */
 171                swap_inode_data(inode, inode_bl);
 172        } else {
 173                err = ext4_mark_inode_dirty(handle, inode_bl);
 174                if (err < 0) {
 175                        ext4_warning(inode_bl->i_sb,
 176                                "couldn't mark inode #%lu dirty (err %d)",
 177                                inode_bl->i_ino, err);
 178                        /* Revert all changes: */
 179                        swap_inode_data(inode, inode_bl);
 180                        ext4_mark_inode_dirty(handle, inode);
 181                }
 182        }
 183        ext4_journal_stop(handle);
 184        ext4_double_up_write_data_sem(inode, inode_bl);
 185
 186journal_err_out:
 187        unlock_two_nondirectories(inode, inode_bl);
 188        iput(inode_bl);
 189        return err;
 190}
 191
 192#ifdef CONFIG_EXT4_FS_ENCRYPTION
 193static int uuid_is_zero(__u8 u[16])
 194{
 195        int     i;
 196
 197        for (i = 0; i < 16; i++)
 198                if (u[i])
 199                        return 0;
 200        return 1;
 201}
 202#endif
 203
 204static int ext4_ioctl_setflags(struct inode *inode,
 205                               unsigned int flags)
 206{
 207        struct ext4_inode_info *ei = EXT4_I(inode);
 208        handle_t *handle = NULL;
 209        int err = -EPERM, migrate = 0;
 210        struct ext4_iloc iloc;
 211        unsigned int oldflags, mask, i;
 212        unsigned int jflag;
 213
 214        /* Is it quota file? Do not allow user to mess with it */
 215        if (ext4_is_quota_file(inode))
 216                goto flags_out;
 217
 218        oldflags = ei->i_flags;
 219
 220        /* The JOURNAL_DATA flag is modifiable only by root */
 221        jflag = flags & EXT4_JOURNAL_DATA_FL;
 222
 223        /*
 224         * The IMMUTABLE and APPEND_ONLY flags can only be changed by
 225         * the relevant capability.
 226         *
 227         * This test looks nicer. Thanks to Pauline Middelink
 228         */
 229        if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
 230                if (!capable(CAP_LINUX_IMMUTABLE))
 231                        goto flags_out;
 232        }
 233
 234        /*
 235         * The JOURNAL_DATA flag can only be changed by
 236         * the relevant capability.
 237         */
 238        if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
 239                if (!capable(CAP_SYS_RESOURCE))
 240                        goto flags_out;
 241        }
 242        if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
 243                migrate = 1;
 244
 245        if (flags & EXT4_EOFBLOCKS_FL) {
 246                /* we don't support adding EOFBLOCKS flag */
 247                if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
 248                        err = -EOPNOTSUPP;
 249                        goto flags_out;
 250                }
 251        } else if (oldflags & EXT4_EOFBLOCKS_FL) {
 252                err = ext4_truncate(inode);
 253                if (err)
 254                        goto flags_out;
 255        }
 256
 257        handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
 258        if (IS_ERR(handle)) {
 259                err = PTR_ERR(handle);
 260                goto flags_out;
 261        }
 262        if (IS_SYNC(inode))
 263                ext4_handle_sync(handle);
 264        err = ext4_reserve_inode_write(handle, inode, &iloc);
 265        if (err)
 266                goto flags_err;
 267
 268        for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
 269                if (!(mask & EXT4_FL_USER_MODIFIABLE))
 270                        continue;
 271                /* These flags get special treatment later */
 272                if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
 273                        continue;
 274                if (mask & flags)
 275                        ext4_set_inode_flag(inode, i);
 276                else
 277                        ext4_clear_inode_flag(inode, i);
 278        }
 279
 280        ext4_set_inode_flags(inode);
 281        inode->i_ctime = current_time(inode);
 282
 283        err = ext4_mark_iloc_dirty(handle, inode, &iloc);
 284flags_err:
 285        ext4_journal_stop(handle);
 286        if (err)
 287                goto flags_out;
 288
 289        if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
 290                /*
 291                 * Changes to the journaling mode can cause unsafe changes to
 292                 * S_DAX if we are using the DAX mount option.
 293                 */
 294                if (test_opt(inode->i_sb, DAX)) {
 295                        err = -EBUSY;
 296                        goto flags_out;
 297                }
 298
 299                err = ext4_change_inode_journal_flag(inode, jflag);
 300                if (err)
 301                        goto flags_out;
 302        }
 303        if (migrate) {
 304                if (flags & EXT4_EXTENTS_FL)
 305                        err = ext4_ext_migrate(inode);
 306                else
 307                        err = ext4_ind_migrate(inode);
 308        }
 309
 310flags_out:
 311        return err;
 312}
 313
 314#ifdef CONFIG_QUOTA
 315static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
 316{
 317        struct inode *inode = file_inode(filp);
 318        struct super_block *sb = inode->i_sb;
 319        struct ext4_inode_info *ei = EXT4_I(inode);
 320        int err, rc;
 321        handle_t *handle;
 322        kprojid_t kprojid;
 323        struct ext4_iloc iloc;
 324        struct ext4_inode *raw_inode;
 325        struct dquot *transfer_to[MAXQUOTAS] = { };
 326
 327        if (!ext4_has_feature_project(sb)) {
 328                if (projid != EXT4_DEF_PROJID)
 329                        return -EOPNOTSUPP;
 330                else
 331                        return 0;
 332        }
 333
 334        if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
 335                return -EOPNOTSUPP;
 336
 337        kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
 338
 339        if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
 340                return 0;
 341
 342        err = mnt_want_write_file(filp);
 343        if (err)
 344                return err;
 345
 346        err = -EPERM;
 347        inode_lock(inode);
 348        /* Is it quota file? Do not allow user to mess with it */
 349        if (ext4_is_quota_file(inode))
 350                goto out_unlock;
 351
 352        err = ext4_get_inode_loc(inode, &iloc);
 353        if (err)
 354                goto out_unlock;
 355
 356        raw_inode = ext4_raw_inode(&iloc);
 357        if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
 358                err = ext4_expand_extra_isize(inode,
 359                                              EXT4_SB(sb)->s_want_extra_isize,
 360                                              &iloc);
 361                if (err)
 362                        goto out_unlock;
 363        } else {
 364                brelse(iloc.bh);
 365        }
 366
 367        dquot_initialize(inode);
 368
 369        handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
 370                EXT4_QUOTA_INIT_BLOCKS(sb) +
 371                EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
 372        if (IS_ERR(handle)) {
 373                err = PTR_ERR(handle);
 374                goto out_unlock;
 375        }
 376
 377        err = ext4_reserve_inode_write(handle, inode, &iloc);
 378        if (err)
 379                goto out_stop;
 380
 381        transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
 382        if (!IS_ERR(transfer_to[PRJQUOTA])) {
 383
 384                /* __dquot_transfer() calls back ext4_get_inode_usage() which
 385                 * counts xattr inode references.
 386                 */
 387                down_read(&EXT4_I(inode)->xattr_sem);
 388                err = __dquot_transfer(inode, transfer_to);
 389                up_read(&EXT4_I(inode)->xattr_sem);
 390                dqput(transfer_to[PRJQUOTA]);
 391                if (err)
 392                        goto out_dirty;
 393        }
 394
 395        EXT4_I(inode)->i_projid = kprojid;
 396        inode->i_ctime = current_time(inode);
 397out_dirty:
 398        rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
 399        if (!err)
 400                err = rc;
 401out_stop:
 402        ext4_journal_stop(handle);
 403out_unlock:
 404        inode_unlock(inode);
 405        mnt_drop_write_file(filp);
 406        return err;
 407}
 408#else
 409static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
 410{
 411        if (projid != EXT4_DEF_PROJID)
 412                return -EOPNOTSUPP;
 413        return 0;
 414}
 415#endif
 416
 417/* Transfer internal flags to xflags */
 418static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
 419{
 420        __u32 xflags = 0;
 421
 422        if (iflags & EXT4_SYNC_FL)
 423                xflags |= FS_XFLAG_SYNC;
 424        if (iflags & EXT4_IMMUTABLE_FL)
 425                xflags |= FS_XFLAG_IMMUTABLE;
 426        if (iflags & EXT4_APPEND_FL)
 427                xflags |= FS_XFLAG_APPEND;
 428        if (iflags & EXT4_NODUMP_FL)
 429                xflags |= FS_XFLAG_NODUMP;
 430        if (iflags & EXT4_NOATIME_FL)
 431                xflags |= FS_XFLAG_NOATIME;
 432        if (iflags & EXT4_PROJINHERIT_FL)
 433                xflags |= FS_XFLAG_PROJINHERIT;
 434        return xflags;
 435}
 436
 437#define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
 438                                  FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
 439                                  FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT)
 440
 441/* Transfer xflags flags to internal */
 442static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
 443{
 444        unsigned long iflags = 0;
 445
 446        if (xflags & FS_XFLAG_SYNC)
 447                iflags |= EXT4_SYNC_FL;
 448        if (xflags & FS_XFLAG_IMMUTABLE)
 449                iflags |= EXT4_IMMUTABLE_FL;
 450        if (xflags & FS_XFLAG_APPEND)
 451                iflags |= EXT4_APPEND_FL;
 452        if (xflags & FS_XFLAG_NODUMP)
 453                iflags |= EXT4_NODUMP_FL;
 454        if (xflags & FS_XFLAG_NOATIME)
 455                iflags |= EXT4_NOATIME_FL;
 456        if (xflags & FS_XFLAG_PROJINHERIT)
 457                iflags |= EXT4_PROJINHERIT_FL;
 458
 459        return iflags;
 460}
 461
 462static int ext4_shutdown(struct super_block *sb, unsigned long arg)
 463{
 464        struct ext4_sb_info *sbi = EXT4_SB(sb);
 465        __u32 flags;
 466
 467        if (!capable(CAP_SYS_ADMIN))
 468                return -EPERM;
 469
 470        if (get_user(flags, (__u32 __user *)arg))
 471                return -EFAULT;
 472
 473        if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
 474                return -EINVAL;
 475
 476        if (ext4_forced_shutdown(sbi))
 477                return 0;
 478
 479        ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
 480        trace_ext4_shutdown(sb, flags);
 481
 482        switch (flags) {
 483        case EXT4_GOING_FLAGS_DEFAULT:
 484                freeze_bdev(sb->s_bdev);
 485                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 486                thaw_bdev(sb->s_bdev, sb);
 487                break;
 488        case EXT4_GOING_FLAGS_LOGFLUSH:
 489                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 490                if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
 491                        (void) ext4_force_commit(sb);
 492                        jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
 493                }
 494                break;
 495        case EXT4_GOING_FLAGS_NOLOGFLUSH:
 496                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 497                if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
 498                        jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
 499                break;
 500        default:
 501                return -EINVAL;
 502        }
 503        clear_opt(sb, DISCARD);
 504        return 0;
 505}
 506
 507struct getfsmap_info {
 508        struct super_block      *gi_sb;
 509        struct fsmap_head __user *gi_data;
 510        unsigned int            gi_idx;
 511        __u32                   gi_last_flags;
 512};
 513
 514static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
 515{
 516        struct getfsmap_info *info = priv;
 517        struct fsmap fm;
 518
 519        trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
 520
 521        info->gi_last_flags = xfm->fmr_flags;
 522        ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
 523        if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
 524                        sizeof(struct fsmap)))
 525                return -EFAULT;
 526
 527        return 0;
 528}
 529
 530static int ext4_ioc_getfsmap(struct super_block *sb,
 531                             struct fsmap_head __user *arg)
 532{
 533        struct getfsmap_info info = {0};
 534        struct ext4_fsmap_head xhead = {0};
 535        struct fsmap_head head;
 536        bool aborted = false;
 537        int error;
 538
 539        if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
 540                return -EFAULT;
 541        if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
 542            memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
 543                       sizeof(head.fmh_keys[0].fmr_reserved)) ||
 544            memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
 545                       sizeof(head.fmh_keys[1].fmr_reserved)))
 546                return -EINVAL;
 547        /*
 548         * ext4 doesn't report file extents at all, so the only valid
 549         * file offsets are the magic ones (all zeroes or all ones).
 550         */
 551        if (head.fmh_keys[0].fmr_offset ||
 552            (head.fmh_keys[1].fmr_offset != 0 &&
 553             head.fmh_keys[1].fmr_offset != -1ULL))
 554                return -EINVAL;
 555
 556        xhead.fmh_iflags = head.fmh_iflags;
 557        xhead.fmh_count = head.fmh_count;
 558        ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
 559        ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
 560
 561        trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
 562        trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
 563
 564        info.gi_sb = sb;
 565        info.gi_data = arg;
 566        error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
 567        if (error == EXT4_QUERY_RANGE_ABORT) {
 568                error = 0;
 569                aborted = true;
 570        } else if (error)
 571                return error;
 572
 573        /* If we didn't abort, set the "last" flag in the last fmx */
 574        if (!aborted && info.gi_idx) {
 575                info.gi_last_flags |= FMR_OF_LAST;
 576                if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
 577                                 &info.gi_last_flags,
 578                                 sizeof(info.gi_last_flags)))
 579                        return -EFAULT;
 580        }
 581
 582        /* copy back header */
 583        head.fmh_entries = xhead.fmh_entries;
 584        head.fmh_oflags = xhead.fmh_oflags;
 585        if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
 586                return -EFAULT;
 587
 588        return 0;
 589}
 590
 591static long ext4_ioctl_group_add(struct file *file,
 592                                 struct ext4_new_group_data *input)
 593{
 594        struct super_block *sb = file_inode(file)->i_sb;
 595        int err, err2=0;
 596
 597        err = ext4_resize_begin(sb);
 598        if (err)
 599                return err;
 600
 601        if (ext4_has_feature_bigalloc(sb)) {
 602                ext4_msg(sb, KERN_ERR,
 603                         "Online resizing not supported with bigalloc");
 604                err = -EOPNOTSUPP;
 605                goto group_add_out;
 606        }
 607
 608        err = mnt_want_write_file(file);
 609        if (err)
 610                goto group_add_out;
 611
 612        err = ext4_group_add(sb, input);
 613        if (EXT4_SB(sb)->s_journal) {
 614                jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
 615                err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
 616                jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
 617        }
 618        if (err == 0)
 619                err = err2;
 620        mnt_drop_write_file(file);
 621        if (!err && ext4_has_group_desc_csum(sb) &&
 622            test_opt(sb, INIT_INODE_TABLE))
 623                err = ext4_register_li_request(sb, input->group);
 624group_add_out:
 625        ext4_resize_end(sb);
 626        return err;
 627}
 628
 629long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 630{
 631        struct inode *inode = file_inode(filp);
 632        struct super_block *sb = inode->i_sb;
 633        struct ext4_inode_info *ei = EXT4_I(inode);
 634        unsigned int flags;
 635
 636        ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
 637
 638        switch (cmd) {
 639        case FS_IOC_GETFSMAP:
 640                return ext4_ioc_getfsmap(sb, (void __user *)arg);
 641        case EXT4_IOC_GETFLAGS:
 642                flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
 643                return put_user(flags, (int __user *) arg);
 644        case EXT4_IOC_SETFLAGS: {
 645                int err;
 646
 647                if (!inode_owner_or_capable(inode))
 648                        return -EACCES;
 649
 650                if (get_user(flags, (int __user *) arg))
 651                        return -EFAULT;
 652
 653                if (flags & ~EXT4_FL_USER_VISIBLE)
 654                        return -EOPNOTSUPP;
 655                /*
 656                 * chattr(1) grabs flags via GETFLAGS, modifies the result and
 657                 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
 658                 * more restrictive than just silently masking off visible but
 659                 * not settable flags as we always did.
 660                 */
 661                flags &= EXT4_FL_USER_MODIFIABLE;
 662                if (ext4_mask_flags(inode->i_mode, flags) != flags)
 663                        return -EOPNOTSUPP;
 664
 665                err = mnt_want_write_file(filp);
 666                if (err)
 667                        return err;
 668
 669                inode_lock(inode);
 670                err = ext4_ioctl_setflags(inode, flags);
 671                inode_unlock(inode);
 672                mnt_drop_write_file(filp);
 673                return err;
 674        }
 675        case EXT4_IOC_GETVERSION:
 676        case EXT4_IOC_GETVERSION_OLD:
 677                return put_user(inode->i_generation, (int __user *) arg);
 678        case EXT4_IOC_SETVERSION:
 679        case EXT4_IOC_SETVERSION_OLD: {
 680                handle_t *handle;
 681                struct ext4_iloc iloc;
 682                __u32 generation;
 683                int err;
 684
 685                if (!inode_owner_or_capable(inode))
 686                        return -EPERM;
 687
 688                if (ext4_has_metadata_csum(inode->i_sb)) {
 689                        ext4_warning(sb, "Setting inode version is not "
 690                                     "supported with metadata_csum enabled.");
 691                        return -ENOTTY;
 692                }
 693
 694                err = mnt_want_write_file(filp);
 695                if (err)
 696                        return err;
 697                if (get_user(generation, (int __user *) arg)) {
 698                        err = -EFAULT;
 699                        goto setversion_out;
 700                }
 701
 702                inode_lock(inode);
 703                handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
 704                if (IS_ERR(handle)) {
 705                        err = PTR_ERR(handle);
 706                        goto unlock_out;
 707                }
 708                err = ext4_reserve_inode_write(handle, inode, &iloc);
 709                if (err == 0) {
 710                        inode->i_ctime = current_time(inode);
 711                        inode->i_generation = generation;
 712                        err = ext4_mark_iloc_dirty(handle, inode, &iloc);
 713                }
 714                ext4_journal_stop(handle);
 715
 716unlock_out:
 717                inode_unlock(inode);
 718setversion_out:
 719                mnt_drop_write_file(filp);
 720                return err;
 721        }
 722        case EXT4_IOC_GROUP_EXTEND: {
 723                ext4_fsblk_t n_blocks_count;
 724                int err, err2=0;
 725
 726                err = ext4_resize_begin(sb);
 727                if (err)
 728                        return err;
 729
 730                if (get_user(n_blocks_count, (__u32 __user *)arg)) {
 731                        err = -EFAULT;
 732                        goto group_extend_out;
 733                }
 734
 735                if (ext4_has_feature_bigalloc(sb)) {
 736                        ext4_msg(sb, KERN_ERR,
 737                                 "Online resizing not supported with bigalloc");
 738                        err = -EOPNOTSUPP;
 739                        goto group_extend_out;
 740                }
 741
 742                err = mnt_want_write_file(filp);
 743                if (err)
 744                        goto group_extend_out;
 745
 746                err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
 747                if (EXT4_SB(sb)->s_journal) {
 748                        jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
 749                        err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
 750                        jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
 751                }
 752                if (err == 0)
 753                        err = err2;
 754                mnt_drop_write_file(filp);
 755group_extend_out:
 756                ext4_resize_end(sb);
 757                return err;
 758        }
 759
 760        case EXT4_IOC_MOVE_EXT: {
 761                struct move_extent me;
 762                struct fd donor;
 763                int err;
 764
 765                if (!(filp->f_mode & FMODE_READ) ||
 766                    !(filp->f_mode & FMODE_WRITE))
 767                        return -EBADF;
 768
 769                if (copy_from_user(&me,
 770                        (struct move_extent __user *)arg, sizeof(me)))
 771                        return -EFAULT;
 772                me.moved_len = 0;
 773
 774                donor = fdget(me.donor_fd);
 775                if (!donor.file)
 776                        return -EBADF;
 777
 778                if (!(donor.file->f_mode & FMODE_WRITE)) {
 779                        err = -EBADF;
 780                        goto mext_out;
 781                }
 782
 783                if (ext4_has_feature_bigalloc(sb)) {
 784                        ext4_msg(sb, KERN_ERR,
 785                                 "Online defrag not supported with bigalloc");
 786                        err = -EOPNOTSUPP;
 787                        goto mext_out;
 788                } else if (IS_DAX(inode)) {
 789                        ext4_msg(sb, KERN_ERR,
 790                                 "Online defrag not supported with DAX");
 791                        err = -EOPNOTSUPP;
 792                        goto mext_out;
 793                }
 794
 795                err = mnt_want_write_file(filp);
 796                if (err)
 797                        goto mext_out;
 798
 799                err = ext4_move_extents(filp, donor.file, me.orig_start,
 800                                        me.donor_start, me.len, &me.moved_len);
 801                mnt_drop_write_file(filp);
 802
 803                if (copy_to_user((struct move_extent __user *)arg,
 804                                 &me, sizeof(me)))
 805                        err = -EFAULT;
 806mext_out:
 807                fdput(donor);
 808                return err;
 809        }
 810
 811        case EXT4_IOC_GROUP_ADD: {
 812                struct ext4_new_group_data input;
 813
 814                if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
 815                                sizeof(input)))
 816                        return -EFAULT;
 817
 818                return ext4_ioctl_group_add(filp, &input);
 819        }
 820
 821        case EXT4_IOC_MIGRATE:
 822        {
 823                int err;
 824                if (!inode_owner_or_capable(inode))
 825                        return -EACCES;
 826
 827                err = mnt_want_write_file(filp);
 828                if (err)
 829                        return err;
 830                /*
 831                 * inode_mutex prevent write and truncate on the file.
 832                 * Read still goes through. We take i_data_sem in
 833                 * ext4_ext_swap_inode_data before we switch the
 834                 * inode format to prevent read.
 835                 */
 836                inode_lock((inode));
 837                err = ext4_ext_migrate(inode);
 838                inode_unlock((inode));
 839                mnt_drop_write_file(filp);
 840                return err;
 841        }
 842
 843        case EXT4_IOC_ALLOC_DA_BLKS:
 844        {
 845                int err;
 846                if (!inode_owner_or_capable(inode))
 847                        return -EACCES;
 848
 849                err = mnt_want_write_file(filp);
 850                if (err)
 851                        return err;
 852                err = ext4_alloc_da_blocks(inode);
 853                mnt_drop_write_file(filp);
 854                return err;
 855        }
 856
 857        case EXT4_IOC_SWAP_BOOT:
 858        {
 859                int err;
 860                if (!(filp->f_mode & FMODE_WRITE))
 861                        return -EBADF;
 862                err = mnt_want_write_file(filp);
 863                if (err)
 864                        return err;
 865                err = swap_inode_boot_loader(sb, inode);
 866                mnt_drop_write_file(filp);
 867                return err;
 868        }
 869
 870        case EXT4_IOC_RESIZE_FS: {
 871                ext4_fsblk_t n_blocks_count;
 872                int err = 0, err2 = 0;
 873                ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
 874
 875                if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
 876                                   sizeof(__u64))) {
 877                        return -EFAULT;
 878                }
 879
 880                err = ext4_resize_begin(sb);
 881                if (err)
 882                        return err;
 883
 884                err = mnt_want_write_file(filp);
 885                if (err)
 886                        goto resizefs_out;
 887
 888                err = ext4_resize_fs(sb, n_blocks_count);
 889                if (EXT4_SB(sb)->s_journal) {
 890                        jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
 891                        err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
 892                        jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
 893                }
 894                if (err == 0)
 895                        err = err2;
 896                mnt_drop_write_file(filp);
 897                if (!err && (o_group > EXT4_SB(sb)->s_groups_count) &&
 898                    ext4_has_group_desc_csum(sb) &&
 899                    test_opt(sb, INIT_INODE_TABLE))
 900                        err = ext4_register_li_request(sb, o_group);
 901
 902resizefs_out:
 903                ext4_resize_end(sb);
 904                return err;
 905        }
 906
 907        case FITRIM:
 908        {
 909                struct request_queue *q = bdev_get_queue(sb->s_bdev);
 910                struct fstrim_range range;
 911                int ret = 0;
 912
 913                if (!capable(CAP_SYS_ADMIN))
 914                        return -EPERM;
 915
 916                if (!blk_queue_discard(q))
 917                        return -EOPNOTSUPP;
 918
 919                if (copy_from_user(&range, (struct fstrim_range __user *)arg,
 920                    sizeof(range)))
 921                        return -EFAULT;
 922
 923                range.minlen = max((unsigned int)range.minlen,
 924                                   q->limits.discard_granularity);
 925                ret = ext4_trim_fs(sb, &range);
 926                if (ret < 0)
 927                        return ret;
 928
 929                if (copy_to_user((struct fstrim_range __user *)arg, &range,
 930                    sizeof(range)))
 931                        return -EFAULT;
 932
 933                return 0;
 934        }
 935        case EXT4_IOC_PRECACHE_EXTENTS:
 936                return ext4_ext_precache(inode);
 937
 938        case EXT4_IOC_SET_ENCRYPTION_POLICY:
 939                if (!ext4_has_feature_encrypt(sb))
 940                        return -EOPNOTSUPP;
 941                return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
 942
 943        case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
 944#ifdef CONFIG_EXT4_FS_ENCRYPTION
 945                int err, err2;
 946                struct ext4_sb_info *sbi = EXT4_SB(sb);
 947                handle_t *handle;
 948
 949                if (!ext4_has_feature_encrypt(sb))
 950                        return -EOPNOTSUPP;
 951                if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
 952                        err = mnt_want_write_file(filp);
 953                        if (err)
 954                                return err;
 955                        handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
 956                        if (IS_ERR(handle)) {
 957                                err = PTR_ERR(handle);
 958                                goto pwsalt_err_exit;
 959                        }
 960                        err = ext4_journal_get_write_access(handle, sbi->s_sbh);
 961                        if (err)
 962                                goto pwsalt_err_journal;
 963                        generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
 964                        err = ext4_handle_dirty_metadata(handle, NULL,
 965                                                         sbi->s_sbh);
 966                pwsalt_err_journal:
 967                        err2 = ext4_journal_stop(handle);
 968                        if (err2 && !err)
 969                                err = err2;
 970                pwsalt_err_exit:
 971                        mnt_drop_write_file(filp);
 972                        if (err)
 973                                return err;
 974                }
 975                if (copy_to_user((void __user *) arg,
 976                                 sbi->s_es->s_encrypt_pw_salt, 16))
 977                        return -EFAULT;
 978                return 0;
 979#else
 980                return -EOPNOTSUPP;
 981#endif
 982        }
 983        case EXT4_IOC_GET_ENCRYPTION_POLICY:
 984                return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
 985
 986        case EXT4_IOC_FSGETXATTR:
 987        {
 988                struct fsxattr fa;
 989
 990                memset(&fa, 0, sizeof(struct fsxattr));
 991                fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE);
 992
 993                if (ext4_has_feature_project(inode->i_sb)) {
 994                        fa.fsx_projid = (__u32)from_kprojid(&init_user_ns,
 995                                EXT4_I(inode)->i_projid);
 996                }
 997
 998                if (copy_to_user((struct fsxattr __user *)arg,
 999                                 &fa, sizeof(fa)))
1000                        return -EFAULT;

1001                return 0;
1002        }
1003        case EXT4_IOC_FSSETXATTR:
1004        {
1005                struct fsxattr fa;
1006                int err;
1007
1008                if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1009                                   sizeof(fa)))
1010                        return -EFAULT;
1011
1012                /* Make sure caller has proper permission */
1013                if (!inode_owner_or_capable(inode))
1014                        return -EACCES;
1015
1016                if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1017                        return -EOPNOTSUPP;
1018
1019                flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1020                if (ext4_mask_flags(inode->i_mode, flags) != flags)
1021                        return -EOPNOTSUPP;
1022
1023                err = mnt_want_write_file(filp);
1024                if (err)
1025                        return err;
1026
1027                inode_lock(inode);
1028                flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1029                         (flags & EXT4_FL_XFLAG_VISIBLE);
1030                err = ext4_ioctl_setflags(inode, flags);
1031                inode_unlock(inode);
1032                mnt_drop_write_file(filp);
1033                if (err)
1034                        return err;
1035
1036                err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1037                if (err)
1038                        return err;
1039
1040                return 0;
1041        }
1042        case EXT4_IOC_SHUTDOWN:
1043                return ext4_shutdown(sb, arg);
1044        default:
1045                return -ENOTTY;
1046        }
1047}
1048
1049#ifdef CONFIG_COMPAT
1050long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1051{
1052        /* These are just misnamed, they actually get/put from/to user an int */
1053        switch (cmd) {
1054        case EXT4_IOC32_GETFLAGS:
1055                cmd = EXT4_IOC_GETFLAGS;
1056                break;
1057        case EXT4_IOC32_SETFLAGS:
1058                cmd = EXT4_IOC_SETFLAGS;
1059                break;
1060        case EXT4_IOC32_GETVERSION:
1061                cmd = EXT4_IOC_GETVERSION;
1062                break;
1063        case EXT4_IOC32_SETVERSION:
1064                cmd = EXT4_IOC_SETVERSION;
1065                break;
1066        case EXT4_IOC32_GROUP_EXTEND:
1067                cmd = EXT4_IOC_GROUP_EXTEND;
1068                break;
1069        case EXT4_IOC32_GETVERSION_OLD:
1070                cmd = EXT4_IOC_GETVERSION_OLD;
1071                break;
1072        case EXT4_IOC32_SETVERSION_OLD:
1073                cmd = EXT4_IOC_SETVERSION_OLD;
1074                break;
1075        case EXT4_IOC32_GETRSVSZ:
1076                cmd = EXT4_IOC_GETRSVSZ;
1077                break;
1078        case EXT4_IOC32_SETRSVSZ:
1079                cmd = EXT4_IOC_SETRSVSZ;
1080                break;
1081        case EXT4_IOC32_GROUP_ADD: {
1082                struct compat_ext4_new_group_input __user *uinput;
1083                struct ext4_new_group_data input;
1084                int err;
1085
1086                uinput = compat_ptr(arg);
1087                err = get_user(input.group, &uinput->group);
1088                err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1089                err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1090                err |= get_user(input.inode_table, &uinput->inode_table);
1091                err |= get_user(input.blocks_count, &uinput->blocks_count);
1092                err |= get_user(input.reserved_blocks,
1093                                &uinput->reserved_blocks);
1094                if (err)
1095                        return -EFAULT;
1096                return ext4_ioctl_group_add(file, &input);
1097        }
1098        case EXT4_IOC_MOVE_EXT:
1099        case EXT4_IOC_RESIZE_FS:
1100        case EXT4_IOC_PRECACHE_EXTENTS:
1101        case EXT4_IOC_SET_ENCRYPTION_POLICY:
1102        case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1103        case EXT4_IOC_GET_ENCRYPTION_POLICY:
1104        case EXT4_IOC_SHUTDOWN:
1105        case FS_IOC_GETFSMAP:
1106                break;
1107        default:
1108                return -ENOIOCTLCMD;
1109        }
1110        return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1111}
1112#endif
1113