LXR linux/fs/ext4/ioctl.c

   1// SPDX-License-Identifier: GPL-2.0
   2/*
   3 * linux/fs/ext4/ioctl.c
   4 *
   5 * Copyright (C) 1993, 1994, 1995
   6 * Remy Card (card@masi.ibp.fr)
   7 * Laboratoire MASI - Institut Blaise Pascal
   8 * Universite Pierre et Marie Curie (Paris VI)
   9 */
  10
  11#include <linux/fs.h>
  12#include <linux/capability.h>
  13#include <linux/time.h>
  14#include <linux/compat.h>
  15#include <linux/mount.h>
  16#include <linux/file.h>
  17#include <linux/quotaops.h>
  18#include <linux/random.h>
  19#include <linux/uuid.h>
  20#include <linux/uaccess.h>
  21#include <linux/delay.h>
  22#include <linux/iversion.h>
  23#include "ext4_jbd2.h"
  24#include "ext4.h"
  25#include <linux/fsmap.h>
  26#include "fsmap.h"
  27#include <trace/events/ext4.h>
  28
  29/**
  30 * Swap memory between @a and @b for @len bytes.
  31 *
  32 * @a:          pointer to first memory area
  33 * @b:          pointer to second memory area
  34 * @len:        number of bytes to swap
  35 *
  36 */
  37static void memswap(void *a, void *b, size_t len)
  38{
  39        unsigned char *ap, *bp;
  40
  41        ap = (unsigned char *)a;
  42        bp = (unsigned char *)b;
  43        while (len-- > 0) {
  44                swap(*ap, *bp);
  45                ap++;
  46                bp++;
  47        }
  48}
  49
  50/**
  51 * Swap i_data and associated attributes between @inode1 and @inode2.
  52 * This function is used for the primary swap between inode1 and inode2
  53 * and also to revert this primary swap in case of errors.
  54 *
  55 * Therefore you have to make sure, that calling this method twice
  56 * will revert all changes.
  57 *
  58 * @inode1:     pointer to first inode
  59 * @inode2:     pointer to second inode
  60 */
  61static void swap_inode_data(struct inode *inode1, struct inode *inode2)
  62{
  63        loff_t isize;
  64        struct ext4_inode_info *ei1;
  65        struct ext4_inode_info *ei2;
  66        unsigned long tmp;
  67
  68        ei1 = EXT4_I(inode1);
  69        ei2 = EXT4_I(inode2);
  70
  71        swap(inode1->i_version, inode2->i_version);
  72        swap(inode1->i_atime, inode2->i_atime);
  73        swap(inode1->i_mtime, inode2->i_mtime);
  74
  75        memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
  76        tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
  77        ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
  78                (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
  79        ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
  80        swap(ei1->i_disksize, ei2->i_disksize);
  81        ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
  82        ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
  83
  84        isize = i_size_read(inode1);
  85        i_size_write(inode1, i_size_read(inode2));
  86        i_size_write(inode2, isize);
  87}
  88
  89static void reset_inode_seed(struct inode *inode)
  90{
  91        struct ext4_inode_info *ei = EXT4_I(inode);
  92        struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
  93        __le32 inum = cpu_to_le32(inode->i_ino);
  94        __le32 gen = cpu_to_le32(inode->i_generation);
  95        __u32 csum;
  96
  97        if (!ext4_has_metadata_csum(inode->i_sb))
  98                return;
  99
 100        csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
 101        ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
 102}
 103
 104/**
 105 * Swap the information from the given @inode and the inode
 106 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
 107 * important fields of the inodes.
 108 *
 109 * @sb:         the super block of the filesystem
 110 * @inode:      the inode to swap with EXT4_BOOT_LOADER_INO
 111 *
 112 */
 113static long swap_inode_boot_loader(struct super_block *sb,
 114                                struct inode *inode)
 115{
 116        handle_t *handle;
 117        int err;
 118        struct inode *inode_bl;
 119        struct ext4_inode_info *ei_bl;
 120        qsize_t size, size_bl, diff;
 121        blkcnt_t blocks;
 122        unsigned short bytes;
 123
 124        inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL);
 125        if (IS_ERR(inode_bl))
 126                return PTR_ERR(inode_bl);
 127        ei_bl = EXT4_I(inode_bl);
 128
 129        /* Protect orig inodes against a truncate and make sure,
 130         * that only 1 swap_inode_boot_loader is running. */
 131        lock_two_nondirectories(inode, inode_bl);
 132
 133        if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
 134            IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
 135            (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
 136            ext4_has_inline_data(inode)) {
 137                err = -EINVAL;
 138                goto journal_err_out;
 139        }
 140
 141        if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
 142            !inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) {
 143                err = -EPERM;
 144                goto journal_err_out;
 145        }
 146
 147        down_write(&EXT4_I(inode)->i_mmap_sem);
 148        err = filemap_write_and_wait(inode->i_mapping);
 149        if (err)
 150                goto err_out;
 151
 152        err = filemap_write_and_wait(inode_bl->i_mapping);
 153        if (err)
 154                goto err_out;
 155
 156        /* Wait for all existing dio workers */
 157        inode_dio_wait(inode);
 158        inode_dio_wait(inode_bl);
 159
 160        truncate_inode_pages(&inode->i_data, 0);
 161        truncate_inode_pages(&inode_bl->i_data, 0);
 162
 163        handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
 164        if (IS_ERR(handle)) {
 165                err = -EINVAL;
 166                goto err_out;
 167        }
 168
 169        /* Protect extent tree against block allocations via delalloc */
 170        ext4_double_down_write_data_sem(inode, inode_bl);
 171
 172        if (inode_bl->i_nlink == 0) {
 173                /* this inode has never been used as a BOOT_LOADER */
 174                set_nlink(inode_bl, 1);
 175                i_uid_write(inode_bl, 0);
 176                i_gid_write(inode_bl, 0);
 177                inode_bl->i_flags = 0;
 178                ei_bl->i_flags = 0;
 179                inode_set_iversion(inode_bl, 1);
 180                i_size_write(inode_bl, 0);
 181                inode_bl->i_mode = S_IFREG;
 182                if (ext4_has_feature_extents(sb)) {
 183                        ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
 184                        ext4_ext_tree_init(handle, inode_bl);
 185                } else
 186                        memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
 187        }
 188
 189        err = dquot_initialize(inode);
 190        if (err)
 191                goto err_out1;
 192
 193        size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
 194        size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
 195        diff = size - size_bl;
 196        swap_inode_data(inode, inode_bl);
 197
 198        inode->i_ctime = inode_bl->i_ctime = current_time(inode);
 199
 200        inode->i_generation = prandom_u32();
 201        inode_bl->i_generation = prandom_u32();
 202        reset_inode_seed(inode);
 203        reset_inode_seed(inode_bl);
 204
 205        ext4_discard_preallocations(inode);
 206
 207        err = ext4_mark_inode_dirty(handle, inode);
 208        if (err < 0) {
 209                /* No need to update quota information. */
 210                ext4_warning(inode->i_sb,
 211                        "couldn't mark inode #%lu dirty (err %d)",
 212                        inode->i_ino, err);
 213                /* Revert all changes: */
 214                swap_inode_data(inode, inode_bl);
 215                ext4_mark_inode_dirty(handle, inode);
 216                goto err_out1;
 217        }
 218
 219        blocks = inode_bl->i_blocks;
 220        bytes = inode_bl->i_bytes;
 221        inode_bl->i_blocks = inode->i_blocks;
 222        inode_bl->i_bytes = inode->i_bytes;
 223        err = ext4_mark_inode_dirty(handle, inode_bl);
 224        if (err < 0) {
 225                /* No need to update quota information. */
 226                ext4_warning(inode_bl->i_sb,
 227                        "couldn't mark inode #%lu dirty (err %d)",
 228                        inode_bl->i_ino, err);
 229                goto revert;
 230        }
 231
 232        /* Bootloader inode should not be counted into quota information. */
 233        if (diff > 0)
 234                dquot_free_space(inode, diff);
 235        else
 236                err = dquot_alloc_space(inode, -1 * diff);
 237
 238        if (err < 0) {
 239revert:
 240                /* Revert all changes: */
 241                inode_bl->i_blocks = blocks;
 242                inode_bl->i_bytes = bytes;
 243                swap_inode_data(inode, inode_bl);
 244                ext4_mark_inode_dirty(handle, inode);
 245                ext4_mark_inode_dirty(handle, inode_bl);
 246        }
 247
 248err_out1:
 249        ext4_journal_stop(handle);
 250        ext4_double_up_write_data_sem(inode, inode_bl);
 251
 252err_out:
 253        up_write(&EXT4_I(inode)->i_mmap_sem);
 254journal_err_out:
 255        unlock_two_nondirectories(inode, inode_bl);
 256        iput(inode_bl);
 257        return err;
 258}
 259
 260#ifdef CONFIG_FS_ENCRYPTION
 261static int uuid_is_zero(__u8 u[16])
 262{
 263        int     i;
 264
 265        for (i = 0; i < 16; i++)
 266                if (u[i])
 267                        return 0;
 268        return 1;
 269}
 270#endif
 271
 272/*
 273 * If immutable is set and we are not clearing it, we're not allowed to change
 274 * anything else in the inode.  Don't error out if we're only trying to set
 275 * immutable on an immutable file.
 276 */
 277static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
 278                                      unsigned int flags)
 279{
 280        struct ext4_inode_info *ei = EXT4_I(inode);
 281        unsigned int oldflags = ei->i_flags;
 282
 283        if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
 284                return 0;
 285
 286        if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
 287                return -EPERM;
 288        if (ext4_has_feature_project(inode->i_sb) &&
 289            __kprojid_val(ei->i_projid) != new_projid)
 290                return -EPERM;
 291
 292        return 0;
 293}
 294
 295static void ext4_dax_dontcache(struct inode *inode, unsigned int flags)
 296{
 297        struct ext4_inode_info *ei = EXT4_I(inode);
 298
 299        if (S_ISDIR(inode->i_mode))
 300                return;
 301
 302        if (test_opt2(inode->i_sb, DAX_NEVER) ||
 303            test_opt(inode->i_sb, DAX_ALWAYS))
 304                return;
 305
 306        if ((ei->i_flags ^ flags) & EXT4_DAX_FL)
 307                d_mark_dontcache(inode);
 308}
 309
 310static bool dax_compatible(struct inode *inode, unsigned int oldflags,
 311                           unsigned int flags)
 312{
 313        if (flags & EXT4_DAX_FL) {
 314                if ((oldflags & EXT4_DAX_MUT_EXCL) ||
 315                     ext4_test_inode_state(inode,
 316                                          EXT4_STATE_VERITY_IN_PROGRESS)) {
 317                        return false;
 318                }
 319        }
 320
 321        if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL))
 322                        return false;
 323
 324        return true;
 325}
 326
 327static int ext4_ioctl_setflags(struct inode *inode,
 328                               unsigned int flags)
 329{
 330        struct ext4_inode_info *ei = EXT4_I(inode);
 331        handle_t *handle = NULL;
 332        int err = -EPERM, migrate = 0;
 333        struct ext4_iloc iloc;
 334        unsigned int oldflags, mask, i;
 335        struct super_block *sb = inode->i_sb;
 336
 337        /* Is it quota file? Do not allow user to mess with it */
 338        if (ext4_is_quota_file(inode))
 339                goto flags_out;
 340
 341        oldflags = ei->i_flags;
 342
 343        err = vfs_ioc_setflags_prepare(inode, oldflags, flags);
 344        if (err)
 345                goto flags_out;
 346
 347        /*
 348         * The JOURNAL_DATA flag can only be changed by
 349         * the relevant capability.
 350         */
 351        if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
 352                if (!capable(CAP_SYS_RESOURCE))
 353                        goto flags_out;
 354        }
 355
 356        if (!dax_compatible(inode, oldflags, flags)) {
 357                err = -EOPNOTSUPP;
 358                goto flags_out;
 359        }
 360
 361        if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
 362                migrate = 1;
 363
 364        if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) {
 365                if (!ext4_has_feature_casefold(sb)) {
 366                        err = -EOPNOTSUPP;
 367                        goto flags_out;
 368                }
 369
 370                if (!S_ISDIR(inode->i_mode)) {
 371                        err = -ENOTDIR;
 372                        goto flags_out;
 373                }
 374
 375                if (!ext4_empty_dir(inode)) {
 376                        err = -ENOTEMPTY;
 377                        goto flags_out;
 378                }
 379        }
 380
 381        /*
 382         * Wait for all pending directio and then flush all the dirty pages
 383         * for this file.  The flush marks all the pages readonly, so any
 384         * subsequent attempt to write to the file (particularly mmap pages)
 385         * will come through the filesystem and fail.
 386         */
 387        if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
 388            (flags & EXT4_IMMUTABLE_FL)) {
 389                inode_dio_wait(inode);
 390                err = filemap_write_and_wait(inode->i_mapping);
 391                if (err)
 392                        goto flags_out;
 393        }
 394
 395        handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
 396        if (IS_ERR(handle)) {
 397                err = PTR_ERR(handle);
 398                goto flags_out;
 399        }
 400        if (IS_SYNC(inode))
 401                ext4_handle_sync(handle);
 402        err = ext4_reserve_inode_write(handle, inode, &iloc);
 403        if (err)
 404                goto flags_err;
 405
 406        ext4_dax_dontcache(inode, flags);
 407
 408        for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
 409                if (!(mask & EXT4_FL_USER_MODIFIABLE))
 410                        continue;
 411                /* These flags get special treatment later */
 412                if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
 413                        continue;
 414                if (mask & flags)
 415                        ext4_set_inode_flag(inode, i);
 416                else
 417                        ext4_clear_inode_flag(inode, i);
 418        }
 419
 420        ext4_set_inode_flags(inode, false);
 421
 422        inode->i_ctime = current_time(inode);
 423
 424        err = ext4_mark_iloc_dirty(handle, inode, &iloc);
 425flags_err:
 426        ext4_journal_stop(handle);
 427        if (err)
 428                goto flags_out;
 429
 430        if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
 431                /*
 432                 * Changes to the journaling mode can cause unsafe changes to
 433                 * S_DAX if the inode is DAX
 434                 */
 435                if (IS_DAX(inode)) {
 436                        err = -EBUSY;
 437                        goto flags_out;
 438                }
 439
 440                err = ext4_change_inode_journal_flag(inode,
 441                                                     flags & EXT4_JOURNAL_DATA_FL);
 442                if (err)
 443                        goto flags_out;
 444        }
 445        if (migrate) {
 446                if (flags & EXT4_EXTENTS_FL)
 447                        err = ext4_ext_migrate(inode);
 448                else
 449                        err = ext4_ind_migrate(inode);
 450        }
 451
 452flags_out:
 453        return err;
 454}
 455
 456#ifdef CONFIG_QUOTA
 457static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
 458{
 459        struct inode *inode = file_inode(filp);
 460        struct super_block *sb = inode->i_sb;
 461        struct ext4_inode_info *ei = EXT4_I(inode);
 462        int err, rc;
 463        handle_t *handle;
 464        kprojid_t kprojid;
 465        struct ext4_iloc iloc;
 466        struct ext4_inode *raw_inode;
 467        struct dquot *transfer_to[MAXQUOTAS] = { };
 468
 469        if (!ext4_has_feature_project(sb)) {
 470                if (projid != EXT4_DEF_PROJID)
 471                        return -EOPNOTSUPP;
 472                else
 473                        return 0;
 474        }
 475
 476        if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
 477                return -EOPNOTSUPP;
 478
 479        kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
 480
 481        if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
 482                return 0;
 483
 484        err = -EPERM;
 485        /* Is it quota file? Do not allow user to mess with it */
 486        if (ext4_is_quota_file(inode))
 487                return err;
 488
 489        err = ext4_get_inode_loc(inode, &iloc);
 490        if (err)
 491                return err;
 492
 493        raw_inode = ext4_raw_inode(&iloc);
 494        if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
 495                err = ext4_expand_extra_isize(inode,
 496                                              EXT4_SB(sb)->s_want_extra_isize,
 497                                              &iloc);
 498                if (err)
 499                        return err;
 500        } else {
 501                brelse(iloc.bh);
 502        }
 503
 504        err = dquot_initialize(inode);
 505        if (err)
 506                return err;
 507
 508        handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
 509                EXT4_QUOTA_INIT_BLOCKS(sb) +
 510                EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
 511        if (IS_ERR(handle))
 512                return PTR_ERR(handle);
 513
 514        err = ext4_reserve_inode_write(handle, inode, &iloc);
 515        if (err)
 516                goto out_stop;
 517
 518        transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
 519        if (!IS_ERR(transfer_to[PRJQUOTA])) {
 520
 521                /* __dquot_transfer() calls back ext4_get_inode_usage() which
 522                 * counts xattr inode references.
 523                 */
 524                down_read(&EXT4_I(inode)->xattr_sem);
 525                err = __dquot_transfer(inode, transfer_to);
 526                up_read(&EXT4_I(inode)->xattr_sem);
 527                dqput(transfer_to[PRJQUOTA]);
 528                if (err)
 529                        goto out_dirty;
 530        }
 531
 532        EXT4_I(inode)->i_projid = kprojid;
 533        inode->i_ctime = current_time(inode);
 534out_dirty:
 535        rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
 536        if (!err)
 537                err = rc;
 538out_stop:
 539        ext4_journal_stop(handle);
 540        return err;
 541}
 542#else
 543static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
 544{
 545        if (projid != EXT4_DEF_PROJID)
 546                return -EOPNOTSUPP;
 547        return 0;
 548}
 549#endif
 550
 551/* Transfer internal flags to xflags */
 552static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
 553{
 554        __u32 xflags = 0;
 555
 556        if (iflags & EXT4_SYNC_FL)
 557                xflags |= FS_XFLAG_SYNC;
 558        if (iflags & EXT4_IMMUTABLE_FL)
 559                xflags |= FS_XFLAG_IMMUTABLE;
 560        if (iflags & EXT4_APPEND_FL)
 561                xflags |= FS_XFLAG_APPEND;
 562        if (iflags & EXT4_NODUMP_FL)
 563                xflags |= FS_XFLAG_NODUMP;
 564        if (iflags & EXT4_NOATIME_FL)
 565                xflags |= FS_XFLAG_NOATIME;
 566        if (iflags & EXT4_PROJINHERIT_FL)
 567                xflags |= FS_XFLAG_PROJINHERIT;
 568        if (iflags & EXT4_DAX_FL)
 569                xflags |= FS_XFLAG_DAX;
 570        return xflags;
 571}
 572
 573#define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
 574                                  FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
 575                                  FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT | \
 576                                  FS_XFLAG_DAX)
 577
 578/* Transfer xflags flags to internal */
 579static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
 580{
 581        unsigned long iflags = 0;
 582
 583        if (xflags & FS_XFLAG_SYNC)
 584                iflags |= EXT4_SYNC_FL;
 585        if (xflags & FS_XFLAG_IMMUTABLE)
 586                iflags |= EXT4_IMMUTABLE_FL;
 587        if (xflags & FS_XFLAG_APPEND)
 588                iflags |= EXT4_APPEND_FL;
 589        if (xflags & FS_XFLAG_NODUMP)
 590                iflags |= EXT4_NODUMP_FL;
 591        if (xflags & FS_XFLAG_NOATIME)
 592                iflags |= EXT4_NOATIME_FL;
 593        if (xflags & FS_XFLAG_PROJINHERIT)
 594                iflags |= EXT4_PROJINHERIT_FL;
 595        if (xflags & FS_XFLAG_DAX)
 596                iflags |= EXT4_DAX_FL;
 597
 598        return iflags;
 599}
 600
 601static int ext4_shutdown(struct super_block *sb, unsigned long arg)
 602{
 603        struct ext4_sb_info *sbi = EXT4_SB(sb);
 604        __u32 flags;
 605
 606        if (!capable(CAP_SYS_ADMIN))
 607                return -EPERM;
 608
 609        if (get_user(flags, (__u32 __user *)arg))
 610                return -EFAULT;
 611
 612        if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
 613                return -EINVAL;
 614
 615        if (ext4_forced_shutdown(sbi))
 616                return 0;
 617
 618        ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
 619        trace_ext4_shutdown(sb, flags);
 620
 621        switch (flags) {
 622        case EXT4_GOING_FLAGS_DEFAULT:
 623                freeze_bdev(sb->s_bdev);
 624                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 625                thaw_bdev(sb->s_bdev, sb);
 626                break;
 627        case EXT4_GOING_FLAGS_LOGFLUSH:
 628                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 629                if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
 630                        (void) ext4_force_commit(sb);
 631                        jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
 632                }
 633                break;
 634        case EXT4_GOING_FLAGS_NOLOGFLUSH:
 635                set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
 636                if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
 637                        jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
 638                break;
 639        default:
 640                return -EINVAL;
 641        }
 642        clear_opt(sb, DISCARD);
 643        return 0;
 644}
 645
 646struct getfsmap_info {
 647        struct super_block      *gi_sb;
 648        struct fsmap_head __user *gi_data;
 649        unsigned int            gi_idx;
 650        __u32                   gi_last_flags;
 651};
 652
 653static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
 654{
 655        struct getfsmap_info *info = priv;
 656        struct fsmap fm;
 657
 658        trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
 659
 660        info->gi_last_flags = xfm->fmr_flags;
 661        ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
 662        if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
 663                        sizeof(struct fsmap)))
 664                return -EFAULT;
 665
 666        return 0;
 667}
 668
 669static int ext4_ioc_getfsmap(struct super_block *sb,
 670                             struct fsmap_head __user *arg)
 671{
 672        struct getfsmap_info info = { NULL };
 673        struct ext4_fsmap_head xhead = {0};
 674        struct fsmap_head head;
 675        bool aborted = false;
 676        int error;
 677
 678        if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
 679                return -EFAULT;
 680        if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
 681            memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
 682                       sizeof(head.fmh_keys[0].fmr_reserved)) ||
 683            memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
 684                       sizeof(head.fmh_keys[1].fmr_reserved)))
 685                return -EINVAL;
 686        /*
 687         * ext4 doesn't report file extents at all, so the only valid
 688         * file offsets are the magic ones (all zeroes or all ones).
 689         */
 690        if (head.fmh_keys[0].fmr_offset ||
 691            (head.fmh_keys[1].fmr_offset != 0 &&
 692             head.fmh_keys[1].fmr_offset != -1ULL))
 693                return -EINVAL;
 694
 695        xhead.fmh_iflags = head.fmh_iflags;
 696        xhead.fmh_count = head.fmh_count;
 697        ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
 698        ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
 699
 700        trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
 701        trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
 702
 703        info.gi_sb = sb;
 704        info.gi_data = arg;
 705        error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
 706        if (error == EXT4_QUERY_RANGE_ABORT) {
 707                error = 0;
 708                aborted = true;
 709        } else if (error)
 710                return error;
 711
 712        /* If we didn't abort, set the "last" flag in the last fmx */
 713        if (!aborted && info.gi_idx) {
 714                info.gi_last_flags |= FMR_OF_LAST;
 715                if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
 716                                 &info.gi_last_flags,
 717                                 sizeof(info.gi_last_flags)))
 718                        return -EFAULT;
 719        }
 720
 721        /* copy back header */
 722        head.fmh_entries = xhead.fmh_entries;
 723        head.fmh_oflags = xhead.fmh_oflags;
 724        if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
 725                return -EFAULT;
 726
 727        return 0;
 728}
 729
 730static long ext4_ioctl_group_add(struct file *file,
 731                                 struct ext4_new_group_data *input)
 732{
 733        struct super_block *sb = file_inode(file)->i_sb;
 734        int err, err2=0;
 735
 736        err = ext4_resize_begin(sb);
 737        if (err)
 738                return err;
 739
 740        if (ext4_has_feature_bigalloc(sb)) {
 741                ext4_msg(sb, KERN_ERR,
 742                         "Online resizing not supported with bigalloc");
 743                err = -EOPNOTSUPP;
 744                goto group_add_out;
 745        }
 746
 747        err = mnt_want_write_file(file);
 748        if (err)
 749                goto group_add_out;
 750
 751        err = ext4_group_add(sb, input);
 752        if (EXT4_SB(sb)->s_journal) {
 753                jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
 754                err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
 755                jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
 756        }
 757        if (err == 0)
 758                err = err2;
 759        mnt_drop_write_file(file);
 760        if (!err && ext4_has_group_desc_csum(sb) &&
 761            test_opt(sb, INIT_INODE_TABLE))
 762                err = ext4_register_li_request(sb, input->group);
 763group_add_out:
 764        ext4_resize_end(sb);
 765        return err;
 766}
 767
 768static void ext4_fill_fsxattr(struct inode *inode, struct fsxattr *fa)
 769{
 770        struct ext4_inode_info *ei = EXT4_I(inode);
 771
 772        simple_fill_fsxattr(fa, ext4_iflags_to_xflags(ei->i_flags &
 773                                                      EXT4_FL_USER_VISIBLE));
 774
 775        if (ext4_has_feature_project(inode->i_sb))
 776                fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid);
 777}
 778
 779/* So that the fiemap access checks can't overflow on 32 bit machines. */
 780#define FIEMAP_MAX_EXTENTS      (UINT_MAX / sizeof(struct fiemap_extent))
 781
 782static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg)
 783{
 784        struct fiemap fiemap;
 785        struct fiemap __user *ufiemap = (struct fiemap __user *) arg;
 786        struct fiemap_extent_info fieinfo = { 0, };
 787        struct inode *inode = file_inode(filp);
 788        int error;
 789
 790        if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap)))
 791                return -EFAULT;
 792
 793        if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS)
 794                return -EINVAL;
 795
 796        fieinfo.fi_flags = fiemap.fm_flags;
 797        fieinfo.fi_extents_max = fiemap.fm_extent_count;
 798        fieinfo.fi_extents_start = ufiemap->fm_extents;
 799
 800        error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start,
 801                        fiemap.fm_length);
 802        fiemap.fm_flags = fieinfo.fi_flags;
 803        fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
 804        if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap)))
 805                error = -EFAULT;
 806
 807        return error;
 808}
 809
 810long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 811{
 812        struct inode *inode = file_inode(filp);
 813        struct super_block *sb = inode->i_sb;
 814        struct ext4_inode_info *ei = EXT4_I(inode);
 815        unsigned int flags;
 816
 817        ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
 818
 819        switch (cmd) {
 820        case FS_IOC_GETFSMAP:
 821                return ext4_ioc_getfsmap(sb, (void __user *)arg);
 822        case EXT4_IOC_GETFLAGS:
 823                flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
 824                if (S_ISREG(inode->i_mode))
 825                        flags &= ~EXT4_PROJINHERIT_FL;
 826                return put_user(flags, (int __user *) arg);
 827        case EXT4_IOC_SETFLAGS: {
 828                int err;
 829
 830                if (!inode_owner_or_capable(inode))
 831                        return -EACCES;
 832
 833                if (get_user(flags, (int __user *) arg))
 834                        return -EFAULT;
 835
 836                if (flags & ~EXT4_FL_USER_VISIBLE)
 837                        return -EOPNOTSUPP;
 838                /*
 839                 * chattr(1) grabs flags via GETFLAGS, modifies the result and
 840                 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
 841                 * more restrictive than just silently masking off visible but
 842                 * not settable flags as we always did.
 843                 */
 844                flags &= EXT4_FL_USER_MODIFIABLE;
 845                if (ext4_mask_flags(inode->i_mode, flags) != flags)
 846                        return -EOPNOTSUPP;
 847
 848                err = mnt_want_write_file(filp);
 849                if (err)
 850                        return err;
 851
 852                inode_lock(inode);
 853                err = ext4_ioctl_check_immutable(inode,
 854                                from_kprojid(&init_user_ns, ei->i_projid),
 855                                flags);
 856                if (!err)
 857                        err = ext4_ioctl_setflags(inode, flags);
 858                inode_unlock(inode);
 859                mnt_drop_write_file(filp);
 860                return err;
 861        }
 862        case EXT4_IOC_GETVERSION:
 863        case EXT4_IOC_GETVERSION_OLD:
 864                return put_user(inode->i_generation, (int __user *) arg);
 865        case EXT4_IOC_SETVERSION:
 866        case EXT4_IOC_SETVERSION_OLD: {
 867                handle_t *handle;
 868                struct ext4_iloc iloc;
 869                __u32 generation;
 870                int err;
 871
 872                if (!inode_owner_or_capable(inode))
 873                        return -EPERM;
 874
 875                if (ext4_has_metadata_csum(inode->i_sb)) {
 876                        ext4_warning(sb, "Setting inode version is not "
 877                                     "supported with metadata_csum enabled.");
 878                        return -ENOTTY;
 879                }
 880
 881                err = mnt_want_write_file(filp);
 882                if (err)
 883                        return err;
 884                if (get_user(generation, (int __user *) arg)) {
 885                        err = -EFAULT;
 886                        goto setversion_out;
 887                }
 888
 889                inode_lock(inode);
 890                handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
 891                if (IS_ERR(handle)) {
 892                        err = PTR_ERR(handle);
 893                        goto unlock_out;
 894                }
 895                err = ext4_reserve_inode_write(handle, inode, &iloc);
 896                if (err == 0) {
 897                        inode->i_ctime = current_time(inode);
 898                        inode->i_generation = generation;
 899                        err = ext4_mark_iloc_dirty(handle, inode, &iloc);
 900                }
 901                ext4_journal_stop(handle);
 902
 903unlock_out:
 904                inode_unlock(inode);
 905setversion_out:
 906                mnt_drop_write_file(filp);
 907                return err;
 908        }
 909        case EXT4_IOC_GROUP_EXTEND: {
 910                ext4_fsblk_t n_blocks_count;
 911                int err, err2=0;
 912
 913                err = ext4_resize_begin(sb);
 914                if (err)
 915                        return err;
 916
 917                if (get_user(n_blocks_count, (__u32 __user *)arg)) {
 918                        err = -EFAULT;
 919                        goto group_extend_out;
 920                }
 921
 922                if (ext4_has_feature_bigalloc(sb)) {
 923                        ext4_msg(sb, KERN_ERR,
 924                                 "Online resizing not supported with bigalloc");
 925                        err = -EOPNOTSUPP;
 926                        goto group_extend_out;
 927                }
 928
 929                err = mnt_want_write_file(filp);
 930                if (err)
 931                        goto group_extend_out;
 932
 933                err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
 934                if (EXT4_SB(sb)->s_journal) {
 935                        jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
 936                        err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
 937                        jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
 938                }
 939                if (err == 0)
 940                        err = err2;
 941                mnt_drop_write_file(filp);
 942group_extend_out:
 943                ext4_resize_end(sb);
 944                return err;
 945        }
 946
 947        case EXT4_IOC_MOVE_EXT: {
 948                struct move_extent me;
 949                struct fd donor;
 950                int err;
 951
 952                if (!(filp->f_mode & FMODE_READ) ||
 953                    !(filp->f_mode & FMODE_WRITE))
 954                        return -EBADF;
 955
 956                if (copy_from_user(&me,
 957                        (struct move_extent __user *)arg, sizeof(me)))
 958                        return -EFAULT;
 959                me.moved_len = 0;
 960
 961                donor = fdget(me.donor_fd);
 962                if (!donor.file)
 963                        return -EBADF;
 964
 965                if (!(donor.file->f_mode & FMODE_WRITE)) {
 966                        err = -EBADF;
 967                        goto mext_out;
 968                }
 969
 970                if (ext4_has_feature_bigalloc(sb)) {
 971                        ext4_msg(sb, KERN_ERR,
 972                                 "Online defrag not supported with bigalloc");
 973                        err = -EOPNOTSUPP;
 974                        goto mext_out;
 975                } else if (IS_DAX(inode)) {
 976                        ext4_msg(sb, KERN_ERR,
 977                                 "Online defrag not supported with DAX");
 978                        err = -EOPNOTSUPP;
 979                        goto mext_out;
 980                }
 981
 982                err = mnt_want_write_file(filp);
 983                if (err)
 984                        goto mext_out;
 985
 986                err = ext4_move_extents(filp, donor.file, me.orig_start,
 987                                        me.donor_start, me.len, &me.moved_len);
 988                mnt_drop_write_file(filp);
 989
 990                if (copy_to_user((struct move_extent __user *)arg,
 991                                 &me, sizeof(me)))
 992                        err = -EFAULT;
 993mext_out:
 994                fdput(donor);
 995                return err;
 996        }
 997
 998        case EXT4_IOC_GROUP_ADD: {
 999                struct ext4_new_group_data input;
1000

1001                if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
1002                                sizeof(input)))
1003                        return -EFAULT;
1004
1005                return ext4_ioctl_group_add(filp, &input);
1006        }
1007
1008        case EXT4_IOC_MIGRATE:
1009        {
1010                int err;
1011                if (!inode_owner_or_capable(inode))
1012                        return -EACCES;
1013
1014                err = mnt_want_write_file(filp);
1015                if (err)
1016                        return err;
1017                /*
1018                 * inode_mutex prevent write and truncate on the file.
1019                 * Read still goes through. We take i_data_sem in
1020                 * ext4_ext_swap_inode_data before we switch the
1021                 * inode format to prevent read.
1022                 */
1023                inode_lock((inode));
1024                err = ext4_ext_migrate(inode);
1025                inode_unlock((inode));
1026                mnt_drop_write_file(filp);
1027                return err;
1028        }
1029
1030        case EXT4_IOC_ALLOC_DA_BLKS:
1031        {
1032                int err;
1033                if (!inode_owner_or_capable(inode))
1034                        return -EACCES;
1035
1036                err = mnt_want_write_file(filp);
1037                if (err)
1038                        return err;
1039                err = ext4_alloc_da_blocks(inode);
1040                mnt_drop_write_file(filp);
1041                return err;
1042        }
1043
1044        case EXT4_IOC_SWAP_BOOT:
1045        {
1046                int err;
1047                if (!(filp->f_mode & FMODE_WRITE))
1048                        return -EBADF;
1049                err = mnt_want_write_file(filp);
1050                if (err)
1051                        return err;
1052                err = swap_inode_boot_loader(sb, inode);
1053                mnt_drop_write_file(filp);
1054                return err;
1055        }
1056
1057        case EXT4_IOC_RESIZE_FS: {
1058                ext4_fsblk_t n_blocks_count;
1059                int err = 0, err2 = 0;
1060                ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
1061
1062                if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1063                                   sizeof(__u64))) {
1064                        return -EFAULT;
1065                }
1066
1067                err = ext4_resize_begin(sb);
1068                if (err)
1069                        return err;
1070
1071                err = mnt_want_write_file(filp);
1072                if (err)
1073                        goto resizefs_out;
1074
1075                err = ext4_resize_fs(sb, n_blocks_count);
1076                if (EXT4_SB(sb)->s_journal) {
1077                        jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1078                        err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
1079                        jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1080                }
1081                if (err == 0)
1082                        err = err2;
1083                mnt_drop_write_file(filp);
1084                if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1085                    ext4_has_group_desc_csum(sb) &&
1086                    test_opt(sb, INIT_INODE_TABLE))
1087                        err = ext4_register_li_request(sb, o_group);
1088
1089resizefs_out:
1090                ext4_resize_end(sb);
1091                return err;
1092        }
1093
1094        case FITRIM:
1095        {
1096                struct request_queue *q = bdev_get_queue(sb->s_bdev);
1097                struct fstrim_range range;
1098                int ret = 0;
1099
1100                if (!capable(CAP_SYS_ADMIN))
1101                        return -EPERM;
1102
1103                if (!blk_queue_discard(q))
1104                        return -EOPNOTSUPP;
1105
1106                /*
1107                 * We haven't replayed the journal, so we cannot use our
1108                 * block-bitmap-guided storage zapping commands.
1109                 */
1110                if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1111                        return -EROFS;
1112
1113                if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1114                    sizeof(range)))
1115                        return -EFAULT;
1116
1117                range.minlen = max((unsigned int)range.minlen,
1118                                   q->limits.discard_granularity);
1119                ret = ext4_trim_fs(sb, &range);
1120                if (ret < 0)
1121                        return ret;
1122
1123                if (copy_to_user((struct fstrim_range __user *)arg, &range,
1124                    sizeof(range)))
1125                        return -EFAULT;
1126
1127                return 0;
1128        }
1129        case EXT4_IOC_PRECACHE_EXTENTS:
1130                return ext4_ext_precache(inode);
1131
1132        case EXT4_IOC_SET_ENCRYPTION_POLICY:
1133                if (!ext4_has_feature_encrypt(sb))
1134                        return -EOPNOTSUPP;
1135                return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1136
1137        case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
1138#ifdef CONFIG_FS_ENCRYPTION
1139                int err, err2;
1140                struct ext4_sb_info *sbi = EXT4_SB(sb);
1141                handle_t *handle;
1142
1143                if (!ext4_has_feature_encrypt(sb))
1144                        return -EOPNOTSUPP;
1145                if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
1146                        err = mnt_want_write_file(filp);
1147                        if (err)
1148                                return err;
1149                        handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
1150                        if (IS_ERR(handle)) {
1151                                err = PTR_ERR(handle);
1152                                goto pwsalt_err_exit;
1153                        }
1154                        err = ext4_journal_get_write_access(handle, sbi->s_sbh);
1155                        if (err)
1156                                goto pwsalt_err_journal;
1157                        generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
1158                        err = ext4_handle_dirty_metadata(handle, NULL,
1159                                                         sbi->s_sbh);
1160                pwsalt_err_journal:
1161                        err2 = ext4_journal_stop(handle);
1162                        if (err2 && !err)
1163                                err = err2;
1164                pwsalt_err_exit:
1165                        mnt_drop_write_file(filp);
1166                        if (err)
1167                                return err;
1168                }
1169                if (copy_to_user((void __user *) arg,
1170                                 sbi->s_es->s_encrypt_pw_salt, 16))
1171                        return -EFAULT;
1172                return 0;
1173#else
1174                return -EOPNOTSUPP;
1175#endif
1176        }
1177        case EXT4_IOC_GET_ENCRYPTION_POLICY:
1178                if (!ext4_has_feature_encrypt(sb))
1179                        return -EOPNOTSUPP;
1180                return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1181
1182        case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1183                if (!ext4_has_feature_encrypt(sb))
1184                        return -EOPNOTSUPP;
1185                return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg);
1186
1187        case FS_IOC_ADD_ENCRYPTION_KEY:
1188                if (!ext4_has_feature_encrypt(sb))
1189                        return -EOPNOTSUPP;
1190                return fscrypt_ioctl_add_key(filp, (void __user *)arg);
1191
1192        case FS_IOC_REMOVE_ENCRYPTION_KEY:
1193                if (!ext4_has_feature_encrypt(sb))
1194                        return -EOPNOTSUPP;
1195                return fscrypt_ioctl_remove_key(filp, (void __user *)arg);
1196
1197        case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1198                if (!ext4_has_feature_encrypt(sb))
1199                        return -EOPNOTSUPP;
1200                return fscrypt_ioctl_remove_key_all_users(filp,
1201                                                          (void __user *)arg);
1202        case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1203                if (!ext4_has_feature_encrypt(sb))
1204                        return -EOPNOTSUPP;
1205                return fscrypt_ioctl_get_key_status(filp, (void __user *)arg);
1206
1207        case FS_IOC_GET_ENCRYPTION_NONCE:
1208                if (!ext4_has_feature_encrypt(sb))
1209                        return -EOPNOTSUPP;
1210                return fscrypt_ioctl_get_nonce(filp, (void __user *)arg);
1211
1212        case EXT4_IOC_CLEAR_ES_CACHE:
1213        {
1214                if (!inode_owner_or_capable(inode))
1215                        return -EACCES;
1216                ext4_clear_inode_es(inode);
1217                return 0;
1218        }
1219
1220        case EXT4_IOC_GETSTATE:
1221        {
1222                __u32   state = 0;
1223
1224                if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED))
1225                        state |= EXT4_STATE_FLAG_EXT_PRECACHED;
1226                if (ext4_test_inode_state(inode, EXT4_STATE_NEW))
1227                        state |= EXT4_STATE_FLAG_NEW;
1228                if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
1229                        state |= EXT4_STATE_FLAG_NEWENTRY;
1230                if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE))
1231                        state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE;
1232
1233                return put_user(state, (__u32 __user *) arg);
1234        }
1235
1236        case EXT4_IOC_GET_ES_CACHE:
1237                return ext4_ioctl_get_es_cache(filp, arg);
1238
1239        case EXT4_IOC_FSGETXATTR:
1240        {
1241                struct fsxattr fa;
1242
1243                ext4_fill_fsxattr(inode, &fa);
1244
1245                if (copy_to_user((struct fsxattr __user *)arg,
1246                                 &fa, sizeof(fa)))
1247                        return -EFAULT;
1248                return 0;
1249        }
1250        case EXT4_IOC_FSSETXATTR:
1251        {
1252                struct fsxattr fa, old_fa;
1253                int err;
1254
1255                if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1256                                   sizeof(fa)))
1257                        return -EFAULT;
1258
1259                /* Make sure caller has proper permission */
1260                if (!inode_owner_or_capable(inode))
1261                        return -EACCES;
1262
1263                if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1264                        return -EOPNOTSUPP;
1265
1266                flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1267                if (ext4_mask_flags(inode->i_mode, flags) != flags)
1268                        return -EOPNOTSUPP;
1269
1270                err = mnt_want_write_file(filp);
1271                if (err)
1272                        return err;
1273
1274                inode_lock(inode);
1275                ext4_fill_fsxattr(inode, &old_fa);
1276                err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa);
1277                if (err)
1278                        goto out;
1279                flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1280                         (flags & EXT4_FL_XFLAG_VISIBLE);
1281                err = ext4_ioctl_check_immutable(inode, fa.fsx_projid, flags);
1282                if (err)
1283                        goto out;
1284                err = ext4_ioctl_setflags(inode, flags);
1285                if (err)
1286                        goto out;
1287                err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1288out:
1289                inode_unlock(inode);
1290                mnt_drop_write_file(filp);
1291                return err;
1292        }
1293        case EXT4_IOC_SHUTDOWN:
1294                return ext4_shutdown(sb, arg);
1295
1296        case FS_IOC_ENABLE_VERITY:
1297                if (!ext4_has_feature_verity(sb))
1298                        return -EOPNOTSUPP;
1299                return fsverity_ioctl_enable(filp, (const void __user *)arg);
1300
1301        case FS_IOC_MEASURE_VERITY:
1302                if (!ext4_has_feature_verity(sb))
1303                        return -EOPNOTSUPP;
1304                return fsverity_ioctl_measure(filp, (void __user *)arg);
1305
1306        default:
1307                return -ENOTTY;
1308        }
1309}
1310
1311#ifdef CONFIG_COMPAT
1312long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1313{
1314        /* These are just misnamed, they actually get/put from/to user an int */
1315        switch (cmd) {
1316        case EXT4_IOC32_GETFLAGS:
1317                cmd = EXT4_IOC_GETFLAGS;
1318                break;
1319        case EXT4_IOC32_SETFLAGS:
1320                cmd = EXT4_IOC_SETFLAGS;
1321                break;
1322        case EXT4_IOC32_GETVERSION:
1323                cmd = EXT4_IOC_GETVERSION;
1324                break;
1325        case EXT4_IOC32_SETVERSION:
1326                cmd = EXT4_IOC_SETVERSION;
1327                break;
1328        case EXT4_IOC32_GROUP_EXTEND:
1329                cmd = EXT4_IOC_GROUP_EXTEND;
1330                break;
1331        case EXT4_IOC32_GETVERSION_OLD:
1332                cmd = EXT4_IOC_GETVERSION_OLD;
1333                break;
1334        case EXT4_IOC32_SETVERSION_OLD:
1335                cmd = EXT4_IOC_SETVERSION_OLD;
1336                break;
1337        case EXT4_IOC32_GETRSVSZ:
1338                cmd = EXT4_IOC_GETRSVSZ;
1339                break;
1340        case EXT4_IOC32_SETRSVSZ:
1341                cmd = EXT4_IOC_SETRSVSZ;
1342                break;
1343        case EXT4_IOC32_GROUP_ADD: {
1344                struct compat_ext4_new_group_input __user *uinput;
1345                struct ext4_new_group_data input;
1346                int err;
1347
1348                uinput = compat_ptr(arg);
1349                err = get_user(input.group, &uinput->group);
1350                err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1351                err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1352                err |= get_user(input.inode_table, &uinput->inode_table);
1353                err |= get_user(input.blocks_count, &uinput->blocks_count);
1354                err |= get_user(input.reserved_blocks,
1355                                &uinput->reserved_blocks);
1356                if (err)
1357                        return -EFAULT;
1358                return ext4_ioctl_group_add(file, &input);
1359        }
1360        case EXT4_IOC_MOVE_EXT:
1361        case EXT4_IOC_RESIZE_FS:
1362        case FITRIM:
1363        case EXT4_IOC_PRECACHE_EXTENTS:
1364        case EXT4_IOC_SET_ENCRYPTION_POLICY:
1365        case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1366        case EXT4_IOC_GET_ENCRYPTION_POLICY:
1367        case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1368        case FS_IOC_ADD_ENCRYPTION_KEY:
1369        case FS_IOC_REMOVE_ENCRYPTION_KEY:
1370        case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1371        case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1372        case FS_IOC_GET_ENCRYPTION_NONCE:
1373        case EXT4_IOC_SHUTDOWN:
1374        case FS_IOC_GETFSMAP:
1375        case FS_IOC_ENABLE_VERITY:
1376        case FS_IOC_MEASURE_VERITY:
1377        case EXT4_IOC_CLEAR_ES_CACHE:
1378        case EXT4_IOC_GETSTATE:
1379        case EXT4_IOC_GET_ES_CACHE:
1380        case EXT4_IOC_FSGETXATTR:
1381        case EXT4_IOC_FSSETXATTR:
1382                break;
1383        default:
1384                return -ENOIOCTLCMD;
1385        }
1386        return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1387}
1388#endif
1389