LXR linux/fs/ext4/ioctl.c

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * linux/fs/ext4/ioctl.c
   4 *
   5 * Copyright (C) 1993, 1994, 1995
   6 * Remy Card (card@masi.ibp.fr)
   7 * Laboratoire MASI - Institut Blaise Pascal
   8 * Universite Pierre et Marie Curie (Paris VI)
   9 */
  10
  11#include <linux/fs.h>
  12#include <linux/capability.h>
  13#include <linux/time.h>
  14#include <linux/compat.h>
  15#include <linux/mount.h>
  16#include <linux/file.h>
  17#include <linux/quotaops.h>
  18#include <linux/random.h>
  19#include <linux/uuid.h>
  20#include <linux/uaccess.h>
  21#include <linux/delay.h>
  22#include <linux/iversion.h>
  23#include "ext4_jbd2.h"
  24#include "ext4.h"
  25#include <linux/fsmap.h>
  26#include "fsmap.h"
  27#include <trace/events/ext4.h>
  28
  29/**
  30 * Swap memory between @a and @b for @len bytes.
  31 *
  32 * @a:          pointer to first memory area
  33 * @b:          pointer to second memory area
  34 * @len:        number of bytes to swap
  35 *
  36 */
  37static void memswap(void *a, void *b, size_t len)
  38{
  39        unsigned char *ap, *bp;
  40
  41        ap = (unsigned char *)a;
  42        bp = (unsigned char *)b;
  43        while (len-- > 0) {
  44                swap(*ap, *bp);
  45                ap++;
  46                bp++;
  47        }
  48}
  49
  50/**
  51 * Swap i_data and associated attributes between @inode1 and @inode2.
  52 * This function is used for the primary swap between inode1 and inode2
  53 * and also to revert this primary swap in case of errors.
  54 *
  55 * Therefore you have to make sure, that calling this method twice
  56 * will revert all changes.
  57 *
  58 * @inode1:     pointer to first inode
  59 * @inode2:     pointer to second inode
  60 */
  61static void swap_inode_data(struct inode *inode1, struct inode *inode2)
  62{
  63        loff_t isize;
  64        struct ext4_inode_info *ei1;
  65        struct ext4_inode_info *ei2;
  66        unsigned long tmp;
  67
  68        ei1 = EXT4_I(inode1);
  69        ei2 = EXT4_I(inode2);
  70
  71        swap(inode1->i_version, inode2->i_version);
  72        swap(inode1->i_atime, inode2->i_atime);
  73        swap(inode1->i_mtime, inode2->i_mtime);
  74
  75        memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
  76        tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
  77        ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
  78                (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
  79        ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
  80        swap(ei1->i_disksize, ei2->i_disksize);
  81        ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
  82        ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
  83
  84        isize = i_size_read(inode1);
  85        i_size_write(inode1, i_size_read(inode2));
  86        i_size_write(inode2, isize);
  87}
  88
  89static void reset_inode_seed(struct inode *inode)
  90{
  91        struct ext4_inode_info *ei = EXT4_I(inode);
  92        struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
  93        __le32 inum = cpu_to_le32(inode->i_ino);
  94        __le32 gen = cpu_to_le32(inode->i_generation);
  95        __u32 csum;
  96
  97        if (!ext4_has_metadata_csum(inode->i_sb))
  98                return;
  99
 100        csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
 101        ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
 102}
 103
 104/**
 105 * Swap the information from the given @inode and the inode
 106 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
 107 * important fields of the inodes.
 108 *
 109 * @sb:         the super block of the filesystem
 110 * @inode:      the inode to swap with EXT4_BOOT_LOADER_INO
 111 *
 112 */
 113static long swap_inode_boot_loader(struct super_block *sb,
 114                                struct inode *inode)
 115{
 116        handle_t *handle;
 117        int err;
 118        struct inode *inode_bl;
 119        struct ext4_inode_info *ei_bl;
 120        qsize_t size, size_bl, diff;
 121        blkcnt_t blocks;
 122        unsigned short bytes;
 123
 124        inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL);
 125        if (IS_ERR(inode_bl))
 126                return PTR_ERR(inode_bl);
 127        ei_bl = EXT4_I(inode_bl);
 128
 129        /* Protect orig inodes against a truncate and make sure,
 130         * that only 1 swap_inode_boot_loader is running. */
 131        lock_two_nondirectories(inode, inode_bl);
 132
 133        if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
 134            IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
 135            (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
 136            ext4_has_inline_data(inode)) {
 137                err = -EINVAL;
 138                goto journal_err_out;
 139        }
 140
 141        if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
 142            !inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) {
 143                err = -EPERM;
 144                goto journal_err_out;
 145        }
 146
 147        down_write(&EXT4_I(inode)->i_mmap_sem);
 148        err = filemap_write_and_wait(inode->i_mapping);
 149        if (err)
 150                goto err_out;
 151
 152        err = filemap_write_and_wait(inode_bl->i_mapping);
 153        if (err)
 154                goto err_out;
 155
 156        /* Wait for all existing dio workers */
 157        inode_dio_wait(inode);
 158        inode_dio_wait(inode_bl);
 159
 160        truncate_inode_pages(&inode->i_data, 0);
 161        truncate_inode_pages(&inode_bl->i_data, 0);
 162
 163        handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
 164        if (IS_ERR(handle)) {
 165                err = -EINVAL;
 166                goto err_out;
 167        }
 168
 169        /* Protect extent tree against block allocations via delalloc */
 170        ext4_double_down_write_data_sem(inode, inode_bl);
 171
 172        if (inode_bl->i_nlink == 0) {
 173                /* this inode has never been used as a BOOT_LOADER */
 174                set_nlink(inode_bl, 1);
 175                i_uid_write(inode_bl, 0);
 176                i_gid_write(inode_bl, 0);
 177                inode_bl->i_flags = 0;
 178                ei_bl->i_flags = 0;
 179                inode_set_iversion(inode_bl, 1);
 180                i_size_write(inode_bl, 0);
 181                inode_bl->i_mode = S_IFREG;
 182                if (ext4_has_feature_extents(sb)) {
 183                        ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
 184                        ext4_ext_tree_init(handle, inode_bl);
 185                } else
 186                        memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
 187        }
 188
 189        err = dquot_initialize(inode);
 190        if (err)
 191                goto err_out1;
 192
 193        size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
 194        size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
 195        diff = size - size_bl;
 196        swap_inode_data(inode, inode_bl);
 197
 198        inode->i_ctime = inode_bl->i_ctime = current_time(inode);
 199
 200        inode->i_generation = prandom_u32();
 201        inode_bl->i_generation = prandom_u32();
 202        reset_inode_seed(inode);
 203        reset_inode_seed(inode_bl);
 204
 205        ext4_discard_preallocations(inode);
 206
 207        err = ext4_mark_inode_dirty(handle, inode);
 208        if (err < 0) {
 209                /* No need to update quota information. */
 210                ext4_warning(inode->i_sb,
 211                        "couldn't mark inode #%lu dirty (err %d)",
 212                        inode->i_ino, err);
 213                /* Revert all changes: */
 214                swap_inode_data(inode, inode_bl);
 215                ext4_mark_inode_dirty(handle, inode);
 216                goto err_out1;
 217        }
 218
 219        blocks = inode_bl->i_blocks;
 220        bytes = inode_bl->i_bytes;
 221        inode_bl->i_blocks = inode->i_blocks;
 222        inode_bl->i_bytes = inode->i_bytes;
 223        err = ext4_mark_inode_dirty(handle, inode_bl);
 224        if (err < 0) {
 225                /* No need to update quota information. */
 226                ext4_warning(inode_bl->i_sb,
 227                        "couldn't mark inode #%lu dirty (err %d)",
 228                        inode_bl->i_ino, err);
 229                goto revert;
 230        }
 231
 232        /* Bootloader inode should not be counted into quota information. */
 233        if (diff > 0)
 234                dquot_free_space(inode, diff);
 235        else
 236                err = dquot_alloc_space(inode, -1 * diff);
 237
 238        if (err < 0) {
 239revert:
 240                /* Revert all changes: */
 241                inode_bl->i_blocks = blocks;
 242                inode_bl->i_bytes = bytes;
 243                swap_inode_data(inode, inode_bl);
 244                ext4_mark_inode_dirty(handle, inode);
 245                ext4_mark_inode_dirty(handle, inode_bl);
 246        }
 247
 248err_out1:
 249        ext4_journal_stop(handle);
 250        ext4_double_up_write_data_sem(inode, inode_bl);
 251
 252err_out:
 253        up_write(&EXT4_I(inode)->i_mmap_sem);
 254journal_err_out:
 255        unlock_two_nondirectories(inode, inode_bl);
 256        iput(inode_bl);
 257        return err;
 258}
 259
 260#ifdef CONFIG_FS_ENCRYPTION
 261static int uuid_is_zero(__u8 u[16])
 262{
 263        int     i;
 264
 265        for (i = 0; i < 16; i++)
 266                if (u[i])
 267                        return 0;
 268        return 1;
 269}
 270#endif
 271
 272/*
 273 * If immutable is set and we are not clearing it, we're not allowed to change
 274 * anything else in the inode.  Don't error out if we're only trying to set
 275 * immutable on an immutable file.
 276 */
 277static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
 278                                      unsigned int flags)
 279{
 280        struct ext4_inode_info *ei = EXT4_I(inode);
 281        unsigned int oldflags = ei->i_flags;
 282
 283        if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
 284                return 0;
 285
 286        if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
 287                return -EPERM;
 288        if (ext4_has_feature_project(inode->i_sb) &&
 289            __kprojid_val(ei->i_projid) != new_projid)
 290                return -EPERM;
 291
 292        return 0;
 293}
 294
 295static int ext4_ioctl_setflags(struct inode *inode,
 296                               unsigned int flags)
 297{
 298        struct ext4_inode_info *ei = EXT4_I(inode);
 299        handle_t *handle = NULL;
 300        int err = -EPERM, migrate = 0;
 301        struct ext4_iloc iloc;
 302        unsigned int oldflags, mask, i;
 303        unsigned int jflag;
 304        struct super_block *sb = inode->i_sb;
 305
 306        /* Is it quota file? Do not allow user to mess with it */
 307        if (ext4_is_quota_file(inode))
 308                goto flags_out;
 309
 310        oldflags = ei->i_flags;
 311
 312        /* The JOURNAL_DATA flag is modifiable only by root */
 313        jflag = flags & EXT4_JOURNAL_DATA_FL;
 314
 315        err = vfs_ioc_setflags_prepare(inode, oldflags, flags);
 316        if (err)
 317                goto flags_out;
 318
 319        /*
 320         * The JOURNAL_DATA flag can only be changed by
 321         * the relevant capability.
 322         */
 323        if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
 324                if (!capable(CAP_SYS_RESOURCE))
 325                        goto flags_out;
 326        }
 327        if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
 328                migrate = 1;
 329
 330        if (flags & EXT4_EOFBLOCKS_FL) {
 331                /* we don't support adding EOFBLOCKS flag */
 332                if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
 333                        err = -EOPNOTSUPP;
 334                        goto flags_out;
 335                }
 336        } else if (oldflags & EXT4_EOFBLOCKS_FL) {
 337                err = ext4_truncate(inode);
 338                if (err)
 339                        goto flags_out;
 340        }
 341
 342        if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) {
 343                if (!ext4_has_feature_casefold(sb)) {
 344                        err = -EOPNOTSUPP;
 345                        goto flags_out;
 346                }
 347
 348                if (!S_ISDIR(inode->i_mode)) {
 349                        err = -ENOTDIR;
 350                        goto flags_out;
 351                }
 352
 353                if (!ext4_empty_dir(inode)) {
 354                        err = -ENOTEMPTY;
 355                        goto flags_out;
 356                }
 357        }
 358
 359        /*
 360         * Wait for all pending directio and then flush all the dirty pages
 361         * for this file.  The flush marks all the pages readonly, so any
 362         * subsequent attempt to write to the file (particularly mmap pages)
 363         * will come through the filesystem and fail.
 364         */
 365        if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
 366            (flags & EXT4_IMMUTABLE_FL)) {
 367                inode_dio_wait(inode);
 368                err = filemap_write_and_wait(inode->i_mapping);
 369                if (err)
 370                        goto flags_out;
 371        }
 372
 373        handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
 374        if (IS_ERR(handle)) {
 375                err = PTR_ERR(handle);
 376                goto flags_out;
 377        }
 378        if (IS_SYNC(inode))
 379                ext4_handle_sync(handle);
 380        err = ext4_reserve_inode_write(handle, inode, &iloc);
 381        if (err)
 382                goto flags_err;
 383
 384        for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
 385                if (!(mask & EXT4_FL_USER_MODIFIABLE))
 386                        continue;
 387                /* These flags get special treatment later */
 388                if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
 389                        continue;
 390                if (mask & flags)
 391                        ext4_set_inode_flag(inode, i);
 392                else
 393                        ext4_clear_inode_flag(inode, i);
 394        }
 395
 396        ext4_set_inode_flags(inode);
 397        inode->i_ctime = current_time(inode);
 398
 399        err = ext4_mark_iloc_dirty(handle, inode, &iloc);
 400flags_err:
 401        ext4_journal_stop(handle);
 402        if (err)
 403                goto flags_out;
 404
 405        if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
 406                /*
 407                 * Changes to the journaling mode can cause unsafe changes to
 408                 * S_DAX if we are using the DAX mount option.
 409                 */
 410                if (test_opt(inode->i_sb, DAX)) {
 411                        err = -EBUSY;
 412                        goto flags_out;
 413                }
 414
 415                err = ext4_change_inode_journal_flag(inode, jflag);
 416                if (err)
 417                        goto flags_out;
 418        }
 419        if (migrate) {
 420                if (flags & EXT4_EXTENTS_FL)
 421                        err = ext4_ext_migrate(inode);
 422                else
 423                        err = ext4_ind_migrate(inode);
 424        }
 425
 426flags_out:
 427        return err;
 428}
 429
 430#ifdef CONFIG_QUOTA
 431static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
 432{
 433        struct inode *inode = file_inode(filp);
 434        struct super_block *sb = inode->i_sb;
 435        struct ext4_inode_info *ei = EXT4_I(inode);
 436        int err, rc;
 437        handle_t *handle;
 438        kprojid_t kprojid;
 439        struct ext4_iloc iloc;
 440        struct ext4_inode *raw_inode;
 441        struct dquot *transfer_to[MAXQUOTAS] = { };
 442
 443        if (!ext4_has_feature_project(sb)) {
 444                if (projid != EXT4_DEF_PROJID)
 445                        return -EOPNOTSUPP;
 446                else
 447                        return 0;
 448        }
 449
 450        if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
 451                return -EOPNOTSUPP;
 452
 453        kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
 454
 455        if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
 456                return 0;
 457
 458        err = -EPERM;
 459        /* Is it quota file? Do not allow user to mess with it */
 460        if (ext4_is_quota_file(inode))
 461                return err;
 462
 463        err = ext4_get_inode_loc(inode, &iloc);
 464        if (err)
 465                return err;
 466
 467        raw_inode = ext4_raw_inode(&iloc);
 468        if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
 469                err = ext4_expand_extra_isize(inode,
 470                                              EXT4_SB(sb)->s_want_extra_isize,
 471                                              &iloc);
 472                if (err)
 473                        return err;
 474        } else {
 475                brelse(iloc.bh);
 476        }
 477
 478        err = dquot_initialize(inode);
 479        if (err)
 480                return err;
 481
 482        handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
 483                EXT4_QUOTA_INIT_BLOCKS(sb) +
 484                EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
 485        if (IS_ERR(handle))
 486                return PTR_ERR(handle);
 487
 488        err = ext4_reserve_inode_write(handle, inode, &iloc);
 489        if (err)
 490                goto out_stop;
 491
 492        transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
 493        if (!IS_ERR(transfer_to[PRJQUOTA])) {
 494
 495                /* __dquot_transfer() calls back ext4_get_inode_usage() which
 496                 * counts xattr inode references.
 497                 */
 498                down_read(&EXT4_I(inode)->xattr_sem);
 499                err = __dquot_transfer(inode, transfer_to);
 500                up_read(&EXT4_I(inode)->xattr_sem);
 501                dqput(transfer_to[PRJQUOTA]);
 502                if (err)
 503                        goto out_dirty;
 504        }
 505
 506        EXT4_I(inode)->i_projid = kprojid;
 507        inode->i_ctime = current_time(inode);
 508out_dirty:
 509        rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
 510        if (!err)
 511                err = rc;
 512out_stop:
 513        ext4_journal_stop(handle);
 514        return err;
 515}
 516#else
 517static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
 518{
 519        if (projid != EXT4_DEF_PROJID)
 520                return -EOPNOTSUPP;
 521        return 0;
 522}
 523#endif
 524
 525/* Transfer internal flags to xflags */
 526static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
 527{
 528        __u32 xflags = 0;
 529
 530        if (iflags & EXT4_SYNC_FL)
 531                xflags |= FS_XFLAG_SYNC;
 532        if (iflags & EXT4_IMMUTABLE_FL)
 533                xflags |= FS_XFLAG_IMMUTABLE;
 534        if (iflags & EXT4_APPEND_FL)
 535                xflags |= FS_XFLAG_APPEND;
 536        if (iflags & EXT4_NODUMP_FL)
 537                xflags |= FS_XFLAG_NODUMP;
 538        if (iflags & EXT4_NOATIME_FL)
 539                xflags |= FS_XFLAG_NOATIME;
 540        if (iflags & EXT4_PROJINHERIT_FL)
 541                xflags |= FS_XFLAG_PROJINHERIT;
 542        return xflags;
 543}
 544
 545#define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
 546                                  FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
 547                                  FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT)
 548
 549/* Transfer xflags flags to internal */
 550static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
 551{
 552        unsigned long iflags = 0;
 553
 554        if (xflags & FS_XFLAG_SYNC)
 555                iflags |= EXT4_SYNC_FL;
 556        if (xflags & FS_XFLAG_IMMUTABLE)
 557                iflags |= EXT4_IMMUTABLE_FL;
 558        if (xflags & FS_XFLAG_APPEND)
 559                iflags |= EXT4_APPEND_FL;
 560        if (xflags & FS_XFLAG_NODUMP)
 561                iflags |= EXT4_NODUMP_FL;
 562        if (xflags & FS_XFLAG_NOATIME)
 563                iflags |= EXT4_NOATIME_FL;
 564        if (xflags & FS_XFLAG_PROJINHERIT)
 565                iflags |= EXT4_PROJINHERIT_FL;
 566
 567        return iflags;
 568}
 569
 570static int ext4_shutdown(struct super_block *sb, unsigned long arg)
 571{
 572        struct ext4_sb_info *sbi = EXT4_SB(sb);
 573        __u32 flags;
 574
 575        if (!capable(CAP_SYS_ADMIN))
 576                return -EPERM;
 577
 578        if (get_user(flags, (__u32 __user *)arg))
 579                return -EFAULT;
 580
 581        if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
 582                return -EINVAL;
 583
 584        if (ext4_forced_shutdown(sbi))
 585                return 0;
 586
 587        ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
 588        trace_ext4_shutdown(sb, flags);
 589
 590        switch (flags) {
 591        case EXT4_GOING_FLAGS_DEFAULT:
 592                freeze_bdev(sb->s_bdev);
 593                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 594                thaw_bdev(sb->s_bdev, sb);
 595                break;
 596        case EXT4_GOING_FLAGS_LOGFLUSH:
 597                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 598                if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
 599                        (void) ext4_force_commit(sb);
 600                        jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
 601                }
 602                break;
 603        case EXT4_GOING_FLAGS_NOLOGFLUSH:
 604                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 605                if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
 606                        jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
 607                break;
 608        default:
 609                return -EINVAL;
 610        }
 611        clear_opt(sb, DISCARD);
 612        return 0;
 613}
 614
 615struct getfsmap_info {
 616        struct super_block      *gi_sb;
 617        struct fsmap_head __user *gi_data;
 618        unsigned int            gi_idx;
 619        __u32                   gi_last_flags;
 620};
 621
 622static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
 623{
 624        struct getfsmap_info *info = priv;
 625        struct fsmap fm;
 626
 627        trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
 628
 629        info->gi_last_flags = xfm->fmr_flags;
 630        ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
 631        if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
 632                        sizeof(struct fsmap)))
 633                return -EFAULT;
 634
 635        return 0;
 636}
 637
 638static int ext4_ioc_getfsmap(struct super_block *sb,
 639                             struct fsmap_head __user *arg)
 640{
 641        struct getfsmap_info info = { NULL };
 642        struct ext4_fsmap_head xhead = {0};
 643        struct fsmap_head head;
 644        bool aborted = false;
 645        int error;
 646
 647        if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
 648                return -EFAULT;
 649        if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
 650            memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
 651                       sizeof(head.fmh_keys[0].fmr_reserved)) ||
 652            memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
 653                       sizeof(head.fmh_keys[1].fmr_reserved)))
 654                return -EINVAL;
 655        /*
 656         * ext4 doesn't report file extents at all, so the only valid
 657         * file offsets are the magic ones (all zeroes or all ones).
 658         */
 659        if (head.fmh_keys[0].fmr_offset ||
 660            (head.fmh_keys[1].fmr_offset != 0 &&
 661             head.fmh_keys[1].fmr_offset != -1ULL))
 662                return -EINVAL;
 663
 664        xhead.fmh_iflags = head.fmh_iflags;
 665        xhead.fmh_count = head.fmh_count;
 666        ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
 667        ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
 668
 669        trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
 670        trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
 671
 672        info.gi_sb = sb;
 673        info.gi_data = arg;
 674        error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
 675        if (error == EXT4_QUERY_RANGE_ABORT) {
 676                error = 0;
 677                aborted = true;
 678        } else if (error)
 679                return error;
 680
 681        /* If we didn't abort, set the "last" flag in the last fmx */
 682        if (!aborted && info.gi_idx) {
 683                info.gi_last_flags |= FMR_OF_LAST;
 684                if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
 685                                 &info.gi_last_flags,
 686                                 sizeof(info.gi_last_flags)))
 687                        return -EFAULT;
 688        }
 689
 690        /* copy back header */
 691        head.fmh_entries = xhead.fmh_entries;
 692        head.fmh_oflags = xhead.fmh_oflags;
 693        if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
 694                return -EFAULT;
 695
 696        return 0;
 697}
 698
 699static long ext4_ioctl_group_add(struct file *file,
 700                                 struct ext4_new_group_data *input)
 701{
 702        struct super_block *sb = file_inode(file)->i_sb;
 703        int err, err2=0;
 704
 705        err = ext4_resize_begin(sb);
 706        if (err)
 707                return err;
 708
 709        if (ext4_has_feature_bigalloc(sb)) {
 710                ext4_msg(sb, KERN_ERR,
 711                         "Online resizing not supported with bigalloc");
 712                err = -EOPNOTSUPP;
 713                goto group_add_out;
 714        }
 715
 716        err = mnt_want_write_file(file);
 717        if (err)
 718                goto group_add_out;
 719
 720        err = ext4_group_add(sb, input);
 721        if (EXT4_SB(sb)->s_journal) {
 722                jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
 723                err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
 724                jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
 725        }
 726        if (err == 0)
 727                err = err2;
 728        mnt_drop_write_file(file);
 729        if (!err && ext4_has_group_desc_csum(sb) &&
 730            test_opt(sb, INIT_INODE_TABLE))
 731                err = ext4_register_li_request(sb, input->group);
 732group_add_out:
 733        ext4_resize_end(sb);
 734        return err;
 735}
 736
 737static void ext4_fill_fsxattr(struct inode *inode, struct fsxattr *fa)
 738{
 739        struct ext4_inode_info *ei = EXT4_I(inode);
 740
 741        simple_fill_fsxattr(fa, ext4_iflags_to_xflags(ei->i_flags &
 742                                                      EXT4_FL_USER_VISIBLE));
 743
 744        if (ext4_has_feature_project(inode->i_sb))
 745                fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid);
 746}
 747
 748long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 749{
 750        struct inode *inode = file_inode(filp);
 751        struct super_block *sb = inode->i_sb;
 752        struct ext4_inode_info *ei = EXT4_I(inode);
 753        unsigned int flags;
 754
 755        ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
 756
 757        switch (cmd) {
 758        case FS_IOC_GETFSMAP:
 759                return ext4_ioc_getfsmap(sb, (void __user *)arg);
 760        case EXT4_IOC_GETFLAGS:
 761                flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
 762                if (S_ISREG(inode->i_mode))
 763                        flags &= ~EXT4_PROJINHERIT_FL;
 764                return put_user(flags, (int __user *) arg);
 765        case EXT4_IOC_SETFLAGS: {
 766                int err;
 767
 768                if (!inode_owner_or_capable(inode))
 769                        return -EACCES;
 770
 771                if (get_user(flags, (int __user *) arg))
 772                        return -EFAULT;
 773
 774                if (flags & ~EXT4_FL_USER_VISIBLE)
 775                        return -EOPNOTSUPP;
 776                /*
 777                 * chattr(1) grabs flags via GETFLAGS, modifies the result and
 778                 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
 779                 * more restrictive than just silently masking off visible but
 780                 * not settable flags as we always did.
 781                 */
 782                flags &= EXT4_FL_USER_MODIFIABLE;
 783                if (ext4_mask_flags(inode->i_mode, flags) != flags)
 784                        return -EOPNOTSUPP;
 785
 786                err = mnt_want_write_file(filp);
 787                if (err)
 788                        return err;
 789
 790                inode_lock(inode);
 791                err = ext4_ioctl_check_immutable(inode,
 792                                from_kprojid(&init_user_ns, ei->i_projid),
 793                                flags);
 794                if (!err)
 795                        err = ext4_ioctl_setflags(inode, flags);
 796                inode_unlock(inode);
 797                mnt_drop_write_file(filp);
 798                return err;
 799        }
 800        case EXT4_IOC_GETVERSION:
 801        case EXT4_IOC_GETVERSION_OLD:
 802                return put_user(inode->i_generation, (int __user *) arg);
 803        case EXT4_IOC_SETVERSION:
 804        case EXT4_IOC_SETVERSION_OLD: {
 805                handle_t *handle;
 806                struct ext4_iloc iloc;
 807                __u32 generation;
 808                int err;
 809
 810                if (!inode_owner_or_capable(inode))
 811                        return -EPERM;
 812
 813                if (ext4_has_metadata_csum(inode->i_sb)) {
 814                        ext4_warning(sb, "Setting inode version is not "
 815                                     "supported with metadata_csum enabled.");
 816                        return -ENOTTY;
 817                }
 818
 819                err = mnt_want_write_file(filp);
 820                if (err)
 821                        return err;
 822                if (get_user(generation, (int __user *) arg)) {
 823                        err = -EFAULT;
 824                        goto setversion_out;
 825                }
 826
 827                inode_lock(inode);
 828                handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
 829                if (IS_ERR(handle)) {
 830                        err = PTR_ERR(handle);
 831                        goto unlock_out;
 832                }
 833                err = ext4_reserve_inode_write(handle, inode, &iloc);
 834                if (err == 0) {
 835                        inode->i_ctime = current_time(inode);
 836                        inode->i_generation = generation;
 837                        err = ext4_mark_iloc_dirty(handle, inode, &iloc);
 838                }
 839                ext4_journal_stop(handle);
 840
 841unlock_out:
 842                inode_unlock(inode);
 843setversion_out:
 844                mnt_drop_write_file(filp);
 845                return err;
 846        }
 847        case EXT4_IOC_GROUP_EXTEND: {
 848                ext4_fsblk_t n_blocks_count;
 849                int err, err2=0;
 850
 851                err = ext4_resize_begin(sb);
 852                if (err)
 853                        return err;
 854
 855                if (get_user(n_blocks_count, (__u32 __user *)arg)) {
 856                        err = -EFAULT;
 857                        goto group_extend_out;
 858                }
 859
 860                if (ext4_has_feature_bigalloc(sb)) {
 861                        ext4_msg(sb, KERN_ERR,
 862                                 "Online resizing not supported with bigalloc");
 863                        err = -EOPNOTSUPP;
 864                        goto group_extend_out;
 865                }
 866
 867                err = mnt_want_write_file(filp);
 868                if (err)
 869                        goto group_extend_out;
 870
 871                err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
 872                if (EXT4_SB(sb)->s_journal) {
 873                        jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
 874                        err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
 875                        jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
 876                }
 877                if (err == 0)
 878                        err = err2;
 879                mnt_drop_write_file(filp);
 880group_extend_out:
 881                ext4_resize_end(sb);
 882                return err;
 883        }
 884
 885        case EXT4_IOC_MOVE_EXT: {
 886                struct move_extent me;
 887                struct fd donor;
 888                int err;
 889
 890                if (!(filp->f_mode & FMODE_READ) ||
 891                    !(filp->f_mode & FMODE_WRITE))
 892                        return -EBADF;
 893
 894                if (copy_from_user(&me,
 895                        (struct move_extent __user *)arg, sizeof(me)))
 896                        return -EFAULT;
 897                me.moved_len = 0;
 898
 899                donor = fdget(me.donor_fd);
 900                if (!donor.file)
 901                        return -EBADF;
 902
 903                if (!(donor.file->f_mode & FMODE_WRITE)) {
 904                        err = -EBADF;
 905                        goto mext_out;
 906                }
 907
 908                if (ext4_has_feature_bigalloc(sb)) {
 909                        ext4_msg(sb, KERN_ERR,
 910                                 "Online defrag not supported with bigalloc");
 911                        err = -EOPNOTSUPP;
 912                        goto mext_out;
 913                } else if (IS_DAX(inode)) {
 914                        ext4_msg(sb, KERN_ERR,
 915                                 "Online defrag not supported with DAX");
 916                        err = -EOPNOTSUPP;
 917                        goto mext_out;
 918                }
 919
 920                err = mnt_want_write_file(filp);
 921                if (err)
 922                        goto mext_out;
 923
 924                err = ext4_move_extents(filp, donor.file, me.orig_start,
 925                                        me.donor_start, me.len, &me.moved_len);
 926                mnt_drop_write_file(filp);
 927
 928                if (copy_to_user((struct move_extent __user *)arg,
 929                                 &me, sizeof(me)))
 930                        err = -EFAULT;
 931mext_out:
 932                fdput(donor);
 933                return err;
 934        }
 935
 936        case EXT4_IOC_GROUP_ADD: {
 937                struct ext4_new_group_data input;
 938
 939                if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
 940                                sizeof(input)))
 941                        return -EFAULT;
 942
 943                return ext4_ioctl_group_add(filp, &input);
 944        }
 945
 946        case EXT4_IOC_MIGRATE:
 947        {
 948                int err;
 949                if (!inode_owner_or_capable(inode))
 950                        return -EACCES;
 951
 952                err = mnt_want_write_file(filp);
 953                if (err)
 954                        return err;
 955                /*
 956                 * inode_mutex prevent write and truncate on the file.
 957                 * Read still goes through. We take i_data_sem in
 958                 * ext4_ext_swap_inode_data before we switch the
 959                 * inode format to prevent read.
 960                 */
 961                inode_lock((inode));
 962                err = ext4_ext_migrate(inode);
 963                inode_unlock((inode));
 964                mnt_drop_write_file(filp);
 965                return err;
 966        }
 967
 968        case EXT4_IOC_ALLOC_DA_BLKS:
 969        {
 970                int err;
 971                if (!inode_owner_or_capable(inode))
 972                        return -EACCES;
 973
 974                err = mnt_want_write_file(filp);
 975                if (err)
 976                        return err;
 977                err = ext4_alloc_da_blocks(inode);
 978                mnt_drop_write_file(filp);
 979                return err;
 980        }
 981
 982        case EXT4_IOC_SWAP_BOOT:
 983        {
 984                int err;
 985                if (!(filp->f_mode & FMODE_WRITE))
 986                        return -EBADF;
 987                err = mnt_want_write_file(filp);
 988                if (err)
 989                        return err;
 990                err = swap_inode_boot_loader(sb, inode);
 991                mnt_drop_write_file(filp);
 992                return err;
 993        }
 994
 995        case EXT4_IOC_RESIZE_FS: {
 996                ext4_fsblk_t n_blocks_count;
 997                int err = 0, err2 = 0;
 998                ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
 999
1000                if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,

1001                                   sizeof(__u64))) {
1002                        return -EFAULT;
1003                }
1004
1005                err = ext4_resize_begin(sb);
1006                if (err)
1007                        return err;
1008
1009                err = mnt_want_write_file(filp);
1010                if (err)
1011                        goto resizefs_out;
1012
1013                err = ext4_resize_fs(sb, n_blocks_count);
1014                if (EXT4_SB(sb)->s_journal) {
1015                        jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1016                        err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
1017                        jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1018                }
1019                if (err == 0)
1020                        err = err2;
1021                mnt_drop_write_file(filp);
1022                if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1023                    ext4_has_group_desc_csum(sb) &&
1024                    test_opt(sb, INIT_INODE_TABLE))
1025                        err = ext4_register_li_request(sb, o_group);
1026
1027resizefs_out:
1028                ext4_resize_end(sb);
1029                return err;
1030        }
1031
1032        case FITRIM:
1033        {
1034                struct request_queue *q = bdev_get_queue(sb->s_bdev);
1035                struct fstrim_range range;
1036                int ret = 0;
1037
1038                if (!capable(CAP_SYS_ADMIN))
1039                        return -EPERM;
1040
1041                if (!blk_queue_discard(q))
1042                        return -EOPNOTSUPP;
1043
1044                /*
1045                 * We haven't replayed the journal, so we cannot use our
1046                 * block-bitmap-guided storage zapping commands.
1047                 */
1048                if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1049                        return -EROFS;
1050
1051                if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1052                    sizeof(range)))
1053                        return -EFAULT;
1054
1055                range.minlen = max((unsigned int)range.minlen,
1056                                   q->limits.discard_granularity);
1057                ret = ext4_trim_fs(sb, &range);
1058                if (ret < 0)
1059                        return ret;
1060
1061                if (copy_to_user((struct fstrim_range __user *)arg, &range,
1062                    sizeof(range)))
1063                        return -EFAULT;
1064
1065                return 0;
1066        }
1067        case EXT4_IOC_PRECACHE_EXTENTS:
1068                return ext4_ext_precache(inode);
1069
1070        case EXT4_IOC_SET_ENCRYPTION_POLICY:
1071                if (!ext4_has_feature_encrypt(sb))
1072                        return -EOPNOTSUPP;
1073                return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1074
1075        case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
1076#ifdef CONFIG_FS_ENCRYPTION
1077                int err, err2;
1078                struct ext4_sb_info *sbi = EXT4_SB(sb);
1079                handle_t *handle;
1080
1081                if (!ext4_has_feature_encrypt(sb))
1082                        return -EOPNOTSUPP;
1083                if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
1084                        err = mnt_want_write_file(filp);
1085                        if (err)
1086                                return err;
1087                        handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
1088                        if (IS_ERR(handle)) {
1089                                err = PTR_ERR(handle);
1090                                goto pwsalt_err_exit;
1091                        }
1092                        err = ext4_journal_get_write_access(handle, sbi->s_sbh);
1093                        if (err)
1094                                goto pwsalt_err_journal;
1095                        generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
1096                        err = ext4_handle_dirty_metadata(handle, NULL,
1097                                                         sbi->s_sbh);
1098                pwsalt_err_journal:
1099                        err2 = ext4_journal_stop(handle);
1100                        if (err2 && !err)
1101                                err = err2;
1102                pwsalt_err_exit:
1103                        mnt_drop_write_file(filp);
1104                        if (err)
1105                                return err;
1106                }
1107                if (copy_to_user((void __user *) arg,
1108                                 sbi->s_es->s_encrypt_pw_salt, 16))
1109                        return -EFAULT;
1110                return 0;
1111#else
1112                return -EOPNOTSUPP;
1113#endif
1114        }
1115        case EXT4_IOC_GET_ENCRYPTION_POLICY:
1116                return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1117
1118        case EXT4_IOC_FSGETXATTR:
1119        {
1120                struct fsxattr fa;
1121
1122                ext4_fill_fsxattr(inode, &fa);
1123
1124                if (copy_to_user((struct fsxattr __user *)arg,
1125                                 &fa, sizeof(fa)))
1126                        return -EFAULT;
1127                return 0;
1128        }
1129        case EXT4_IOC_FSSETXATTR:
1130        {
1131                struct fsxattr fa, old_fa;
1132                int err;
1133
1134                if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1135                                   sizeof(fa)))
1136                        return -EFAULT;
1137
1138                /* Make sure caller has proper permission */
1139                if (!inode_owner_or_capable(inode))
1140                        return -EACCES;
1141
1142                if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1143                        return -EOPNOTSUPP;
1144
1145                flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1146                if (ext4_mask_flags(inode->i_mode, flags) != flags)
1147                        return -EOPNOTSUPP;
1148
1149                err = mnt_want_write_file(filp);
1150                if (err)
1151                        return err;
1152
1153                inode_lock(inode);
1154                ext4_fill_fsxattr(inode, &old_fa);
1155                err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa);
1156                if (err)
1157                        goto out;
1158                flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1159                         (flags & EXT4_FL_XFLAG_VISIBLE);
1160                err = ext4_ioctl_check_immutable(inode, fa.fsx_projid, flags);
1161                if (err)
1162                        goto out;
1163                err = ext4_ioctl_setflags(inode, flags);
1164                if (err)
1165                        goto out;
1166                err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1167out:
1168                inode_unlock(inode);
1169                mnt_drop_write_file(filp);
1170                return err;
1171        }
1172        case EXT4_IOC_SHUTDOWN:
1173                return ext4_shutdown(sb, arg);
1174        default:
1175                return -ENOTTY;
1176        }
1177}
1178
1179#ifdef CONFIG_COMPAT
1180long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1181{
1182        /* These are just misnamed, they actually get/put from/to user an int */
1183        switch (cmd) {
1184        case EXT4_IOC32_GETFLAGS:
1185                cmd = EXT4_IOC_GETFLAGS;
1186                break;
1187        case EXT4_IOC32_SETFLAGS:
1188                cmd = EXT4_IOC_SETFLAGS;
1189                break;
1190        case EXT4_IOC32_GETVERSION:
1191                cmd = EXT4_IOC_GETVERSION;
1192                break;
1193        case EXT4_IOC32_SETVERSION:
1194                cmd = EXT4_IOC_SETVERSION;
1195                break;
1196        case EXT4_IOC32_GROUP_EXTEND:
1197                cmd = EXT4_IOC_GROUP_EXTEND;
1198                break;
1199        case EXT4_IOC32_GETVERSION_OLD:
1200                cmd = EXT4_IOC_GETVERSION_OLD;
1201                break;
1202        case EXT4_IOC32_SETVERSION_OLD:
1203                cmd = EXT4_IOC_SETVERSION_OLD;
1204                break;
1205        case EXT4_IOC32_GETRSVSZ:
1206                cmd = EXT4_IOC_GETRSVSZ;
1207                break;
1208        case EXT4_IOC32_SETRSVSZ:
1209                cmd = EXT4_IOC_SETRSVSZ;
1210                break;
1211        case EXT4_IOC32_GROUP_ADD: {
1212                struct compat_ext4_new_group_input __user *uinput;
1213                struct ext4_new_group_data input;
1214                int err;
1215
1216                uinput = compat_ptr(arg);
1217                err = get_user(input.group, &uinput->group);
1218                err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1219                err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1220                err |= get_user(input.inode_table, &uinput->inode_table);
1221                err |= get_user(input.blocks_count, &uinput->blocks_count);
1222                err |= get_user(input.reserved_blocks,
1223                                &uinput->reserved_blocks);
1224                if (err)
1225                        return -EFAULT;
1226                return ext4_ioctl_group_add(file, &input);
1227        }
1228        case EXT4_IOC_MOVE_EXT:
1229        case EXT4_IOC_RESIZE_FS:
1230        case EXT4_IOC_PRECACHE_EXTENTS:
1231        case EXT4_IOC_SET_ENCRYPTION_POLICY:
1232        case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1233        case EXT4_IOC_GET_ENCRYPTION_POLICY:
1234        case EXT4_IOC_SHUTDOWN:
1235        case FS_IOC_GETFSMAP:
1236                break;
1237        default:
1238                return -ENOIOCTLCMD;
1239        }
1240        return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1241}
1242#endif
1243