Loading...
1/*
2 * linux/fs/ext4/ioctl.c
3 *
4 * Copyright (C) 1993, 1994, 1995
5 * Remy Card (card@masi.ibp.fr)
6 * Laboratoire MASI - Institut Blaise Pascal
7 * Universite Pierre et Marie Curie (Paris VI)
8 */
9
10#include <linux/fs.h>
11#include <linux/jbd2.h>
12#include <linux/capability.h>
13#include <linux/time.h>
14#include <linux/compat.h>
15#include <linux/mount.h>
16#include <linux/file.h>
17#include <asm/uaccess.h>
18#include "ext4_jbd2.h"
19#include "ext4.h"
20
21#define MAX_32_NUM ((((unsigned long long) 1) << 32) - 1)
22
23/**
24 * Swap memory between @a and @b for @len bytes.
25 *
26 * @a: pointer to first memory area
27 * @b: pointer to second memory area
28 * @len: number of bytes to swap
29 *
30 */
31static void memswap(void *a, void *b, size_t len)
32{
33 unsigned char *ap, *bp;
34 unsigned char tmp;
35
36 ap = (unsigned char *)a;
37 bp = (unsigned char *)b;
38 while (len-- > 0) {
39 tmp = *ap;
40 *ap = *bp;
41 *bp = tmp;
42 ap++;
43 bp++;
44 }
45}
46
47/**
48 * Swap i_data and associated attributes between @inode1 and @inode2.
49 * This function is used for the primary swap between inode1 and inode2
50 * and also to revert this primary swap in case of errors.
51 *
52 * Therefore you have to make sure, that calling this method twice
53 * will revert all changes.
54 *
55 * @inode1: pointer to first inode
56 * @inode2: pointer to second inode
57 */
58static void swap_inode_data(struct inode *inode1, struct inode *inode2)
59{
60 loff_t isize;
61 struct ext4_inode_info *ei1;
62 struct ext4_inode_info *ei2;
63
64 ei1 = EXT4_I(inode1);
65 ei2 = EXT4_I(inode2);
66
67 memswap(&inode1->i_flags, &inode2->i_flags, sizeof(inode1->i_flags));
68 memswap(&inode1->i_version, &inode2->i_version,
69 sizeof(inode1->i_version));
70 memswap(&inode1->i_blocks, &inode2->i_blocks,
71 sizeof(inode1->i_blocks));
72 memswap(&inode1->i_bytes, &inode2->i_bytes, sizeof(inode1->i_bytes));
73 memswap(&inode1->i_atime, &inode2->i_atime, sizeof(inode1->i_atime));
74 memswap(&inode1->i_mtime, &inode2->i_mtime, sizeof(inode1->i_mtime));
75
76 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
77 memswap(&ei1->i_flags, &ei2->i_flags, sizeof(ei1->i_flags));
78 memswap(&ei1->i_disksize, &ei2->i_disksize, sizeof(ei1->i_disksize));
79 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
80 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
81 ext4_es_lru_del(inode1);
82 ext4_es_lru_del(inode2);
83
84 isize = i_size_read(inode1);
85 i_size_write(inode1, i_size_read(inode2));
86 i_size_write(inode2, isize);
87}
88
89/**
90 * Swap the information from the given @inode and the inode
91 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
92 * important fields of the inodes.
93 *
94 * @sb: the super block of the filesystem
95 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
96 *
97 */
98static long swap_inode_boot_loader(struct super_block *sb,
99 struct inode *inode)
100{
101 handle_t *handle;
102 int err;
103 struct inode *inode_bl;
104 struct ext4_inode_info *ei_bl;
105 struct ext4_sb_info *sbi = EXT4_SB(sb);
106
107 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode))
108 return -EINVAL;
109
110 if (!inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN))
111 return -EPERM;
112
113 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO);
114 if (IS_ERR(inode_bl))
115 return PTR_ERR(inode_bl);
116 ei_bl = EXT4_I(inode_bl);
117
118 filemap_flush(inode->i_mapping);
119 filemap_flush(inode_bl->i_mapping);
120
121 /* Protect orig inodes against a truncate and make sure,
122 * that only 1 swap_inode_boot_loader is running. */
123 lock_two_nondirectories(inode, inode_bl);
124
125 truncate_inode_pages(&inode->i_data, 0);
126 truncate_inode_pages(&inode_bl->i_data, 0);
127
128 /* Wait for all existing dio workers */
129 ext4_inode_block_unlocked_dio(inode);
130 ext4_inode_block_unlocked_dio(inode_bl);
131 inode_dio_wait(inode);
132 inode_dio_wait(inode_bl);
133
134 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
135 if (IS_ERR(handle)) {
136 err = -EINVAL;
137 goto journal_err_out;
138 }
139
140 /* Protect extent tree against block allocations via delalloc */
141 ext4_double_down_write_data_sem(inode, inode_bl);
142
143 if (inode_bl->i_nlink == 0) {
144 /* this inode has never been used as a BOOT_LOADER */
145 set_nlink(inode_bl, 1);
146 i_uid_write(inode_bl, 0);
147 i_gid_write(inode_bl, 0);
148 inode_bl->i_flags = 0;
149 ei_bl->i_flags = 0;
150 inode_bl->i_version = 1;
151 i_size_write(inode_bl, 0);
152 inode_bl->i_mode = S_IFREG;
153 if (EXT4_HAS_INCOMPAT_FEATURE(sb,
154 EXT4_FEATURE_INCOMPAT_EXTENTS)) {
155 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
156 ext4_ext_tree_init(handle, inode_bl);
157 } else
158 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
159 }
160
161 swap_inode_data(inode, inode_bl);
162
163 inode->i_ctime = inode_bl->i_ctime = ext4_current_time(inode);
164
165 spin_lock(&sbi->s_next_gen_lock);
166 inode->i_generation = sbi->s_next_generation++;
167 inode_bl->i_generation = sbi->s_next_generation++;
168 spin_unlock(&sbi->s_next_gen_lock);
169
170 ext4_discard_preallocations(inode);
171
172 err = ext4_mark_inode_dirty(handle, inode);
173 if (err < 0) {
174 ext4_warning(inode->i_sb,
175 "couldn't mark inode #%lu dirty (err %d)",
176 inode->i_ino, err);
177 /* Revert all changes: */
178 swap_inode_data(inode, inode_bl);
179 } else {
180 err = ext4_mark_inode_dirty(handle, inode_bl);
181 if (err < 0) {
182 ext4_warning(inode_bl->i_sb,
183 "couldn't mark inode #%lu dirty (err %d)",
184 inode_bl->i_ino, err);
185 /* Revert all changes: */
186 swap_inode_data(inode, inode_bl);
187 ext4_mark_inode_dirty(handle, inode);
188 }
189 }
190 ext4_journal_stop(handle);
191 ext4_double_up_write_data_sem(inode, inode_bl);
192
193journal_err_out:
194 ext4_inode_resume_unlocked_dio(inode);
195 ext4_inode_resume_unlocked_dio(inode_bl);
196 unlock_two_nondirectories(inode, inode_bl);
197 iput(inode_bl);
198 return err;
199}
200
201long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
202{
203 struct inode *inode = file_inode(filp);
204 struct super_block *sb = inode->i_sb;
205 struct ext4_inode_info *ei = EXT4_I(inode);
206 unsigned int flags;
207
208 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
209
210 switch (cmd) {
211 case EXT4_IOC_GETFLAGS:
212 ext4_get_inode_flags(ei);
213 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
214 return put_user(flags, (int __user *) arg);
215 case EXT4_IOC_SETFLAGS: {
216 handle_t *handle = NULL;
217 int err, migrate = 0;
218 struct ext4_iloc iloc;
219 unsigned int oldflags, mask, i;
220 unsigned int jflag;
221
222 if (!inode_owner_or_capable(inode))
223 return -EACCES;
224
225 if (get_user(flags, (int __user *) arg))
226 return -EFAULT;
227
228 err = mnt_want_write_file(filp);
229 if (err)
230 return err;
231
232 flags = ext4_mask_flags(inode->i_mode, flags);
233
234 err = -EPERM;
235 mutex_lock(&inode->i_mutex);
236 /* Is it quota file? Do not allow user to mess with it */
237 if (IS_NOQUOTA(inode))
238 goto flags_out;
239
240 oldflags = ei->i_flags;
241
242 /* The JOURNAL_DATA flag is modifiable only by root */
243 jflag = flags & EXT4_JOURNAL_DATA_FL;
244
245 /*
246 * The IMMUTABLE and APPEND_ONLY flags can only be changed by
247 * the relevant capability.
248 *
249 * This test looks nicer. Thanks to Pauline Middelink
250 */
251 if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
252 if (!capable(CAP_LINUX_IMMUTABLE))
253 goto flags_out;
254 }
255
256 /*
257 * The JOURNAL_DATA flag can only be changed by
258 * the relevant capability.
259 */
260 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
261 if (!capable(CAP_SYS_RESOURCE))
262 goto flags_out;
263 }
264 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
265 migrate = 1;
266
267 if (flags & EXT4_EOFBLOCKS_FL) {
268 /* we don't support adding EOFBLOCKS flag */
269 if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
270 err = -EOPNOTSUPP;
271 goto flags_out;
272 }
273 } else if (oldflags & EXT4_EOFBLOCKS_FL)
274 ext4_truncate(inode);
275
276 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
277 if (IS_ERR(handle)) {
278 err = PTR_ERR(handle);
279 goto flags_out;
280 }
281 if (IS_SYNC(inode))
282 ext4_handle_sync(handle);
283 err = ext4_reserve_inode_write(handle, inode, &iloc);
284 if (err)
285 goto flags_err;
286
287 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
288 if (!(mask & EXT4_FL_USER_MODIFIABLE))
289 continue;
290 if (mask & flags)
291 ext4_set_inode_flag(inode, i);
292 else
293 ext4_clear_inode_flag(inode, i);
294 }
295
296 ext4_set_inode_flags(inode);
297 inode->i_ctime = ext4_current_time(inode);
298
299 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
300flags_err:
301 ext4_journal_stop(handle);
302 if (err)
303 goto flags_out;
304
305 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL))
306 err = ext4_change_inode_journal_flag(inode, jflag);
307 if (err)
308 goto flags_out;
309 if (migrate) {
310 if (flags & EXT4_EXTENTS_FL)
311 err = ext4_ext_migrate(inode);
312 else
313 err = ext4_ind_migrate(inode);
314 }
315
316flags_out:
317 mutex_unlock(&inode->i_mutex);
318 mnt_drop_write_file(filp);
319 return err;
320 }
321 case EXT4_IOC_GETVERSION:
322 case EXT4_IOC_GETVERSION_OLD:
323 return put_user(inode->i_generation, (int __user *) arg);
324 case EXT4_IOC_SETVERSION:
325 case EXT4_IOC_SETVERSION_OLD: {
326 handle_t *handle;
327 struct ext4_iloc iloc;
328 __u32 generation;
329 int err;
330
331 if (!inode_owner_or_capable(inode))
332 return -EPERM;
333
334 if (EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
335 EXT4_FEATURE_RO_COMPAT_METADATA_CSUM)) {
336 ext4_warning(sb, "Setting inode version is not "
337 "supported with metadata_csum enabled.");
338 return -ENOTTY;
339 }
340
341 err = mnt_want_write_file(filp);
342 if (err)
343 return err;
344 if (get_user(generation, (int __user *) arg)) {
345 err = -EFAULT;
346 goto setversion_out;
347 }
348
349 mutex_lock(&inode->i_mutex);
350 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
351 if (IS_ERR(handle)) {
352 err = PTR_ERR(handle);
353 goto unlock_out;
354 }
355 err = ext4_reserve_inode_write(handle, inode, &iloc);
356 if (err == 0) {
357 inode->i_ctime = ext4_current_time(inode);
358 inode->i_generation = generation;
359 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
360 }
361 ext4_journal_stop(handle);
362
363unlock_out:
364 mutex_unlock(&inode->i_mutex);
365setversion_out:
366 mnt_drop_write_file(filp);
367 return err;
368 }
369 case EXT4_IOC_GROUP_EXTEND: {
370 ext4_fsblk_t n_blocks_count;
371 int err, err2=0;
372
373 err = ext4_resize_begin(sb);
374 if (err)
375 return err;
376
377 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
378 err = -EFAULT;
379 goto group_extend_out;
380 }
381
382 if (EXT4_HAS_RO_COMPAT_FEATURE(sb,
383 EXT4_FEATURE_RO_COMPAT_BIGALLOC)) {
384 ext4_msg(sb, KERN_ERR,
385 "Online resizing not supported with bigalloc");
386 err = -EOPNOTSUPP;
387 goto group_extend_out;
388 }
389
390 err = mnt_want_write_file(filp);
391 if (err)
392 goto group_extend_out;
393
394 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
395 if (EXT4_SB(sb)->s_journal) {
396 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
397 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
398 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
399 }
400 if (err == 0)
401 err = err2;
402 mnt_drop_write_file(filp);
403group_extend_out:
404 ext4_resize_end(sb);
405 return err;
406 }
407
408 case EXT4_IOC_MOVE_EXT: {
409 struct move_extent me;
410 struct fd donor;
411 int err;
412
413 if (!(filp->f_mode & FMODE_READ) ||
414 !(filp->f_mode & FMODE_WRITE))
415 return -EBADF;
416
417 if (copy_from_user(&me,
418 (struct move_extent __user *)arg, sizeof(me)))
419 return -EFAULT;
420 me.moved_len = 0;
421
422 donor = fdget(me.donor_fd);
423 if (!donor.file)
424 return -EBADF;
425
426 if (!(donor.file->f_mode & FMODE_WRITE)) {
427 err = -EBADF;
428 goto mext_out;
429 }
430
431 if (EXT4_HAS_RO_COMPAT_FEATURE(sb,
432 EXT4_FEATURE_RO_COMPAT_BIGALLOC)) {
433 ext4_msg(sb, KERN_ERR,
434 "Online defrag not supported with bigalloc");
435 err = -EOPNOTSUPP;
436 goto mext_out;
437 }
438
439 err = mnt_want_write_file(filp);
440 if (err)
441 goto mext_out;
442
443 err = ext4_move_extents(filp, donor.file, me.orig_start,
444 me.donor_start, me.len, &me.moved_len);
445 mnt_drop_write_file(filp);
446
447 if (copy_to_user((struct move_extent __user *)arg,
448 &me, sizeof(me)))
449 err = -EFAULT;
450mext_out:
451 fdput(donor);
452 return err;
453 }
454
455 case EXT4_IOC_GROUP_ADD: {
456 struct ext4_new_group_data input;
457 int err, err2=0;
458
459 err = ext4_resize_begin(sb);
460 if (err)
461 return err;
462
463 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
464 sizeof(input))) {
465 err = -EFAULT;
466 goto group_add_out;
467 }
468
469 if (EXT4_HAS_RO_COMPAT_FEATURE(sb,
470 EXT4_FEATURE_RO_COMPAT_BIGALLOC)) {
471 ext4_msg(sb, KERN_ERR,
472 "Online resizing not supported with bigalloc");
473 err = -EOPNOTSUPP;
474 goto group_add_out;
475 }
476
477 err = mnt_want_write_file(filp);
478 if (err)
479 goto group_add_out;
480
481 err = ext4_group_add(sb, &input);
482 if (EXT4_SB(sb)->s_journal) {
483 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
484 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
485 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
486 }
487 if (err == 0)
488 err = err2;
489 mnt_drop_write_file(filp);
490 if (!err && ext4_has_group_desc_csum(sb) &&
491 test_opt(sb, INIT_INODE_TABLE))
492 err = ext4_register_li_request(sb, input.group);
493group_add_out:
494 ext4_resize_end(sb);
495 return err;
496 }
497
498 case EXT4_IOC_MIGRATE:
499 {
500 int err;
501 if (!inode_owner_or_capable(inode))
502 return -EACCES;
503
504 err = mnt_want_write_file(filp);
505 if (err)
506 return err;
507 /*
508 * inode_mutex prevent write and truncate on the file.
509 * Read still goes through. We take i_data_sem in
510 * ext4_ext_swap_inode_data before we switch the
511 * inode format to prevent read.
512 */
513 mutex_lock(&(inode->i_mutex));
514 err = ext4_ext_migrate(inode);
515 mutex_unlock(&(inode->i_mutex));
516 mnt_drop_write_file(filp);
517 return err;
518 }
519
520 case EXT4_IOC_ALLOC_DA_BLKS:
521 {
522 int err;
523 if (!inode_owner_or_capable(inode))
524 return -EACCES;
525
526 err = mnt_want_write_file(filp);
527 if (err)
528 return err;
529 err = ext4_alloc_da_blocks(inode);
530 mnt_drop_write_file(filp);
531 return err;
532 }
533
534 case EXT4_IOC_SWAP_BOOT:
535 if (!(filp->f_mode & FMODE_WRITE))
536 return -EBADF;
537 return swap_inode_boot_loader(sb, inode);
538
539 case EXT4_IOC_RESIZE_FS: {
540 ext4_fsblk_t n_blocks_count;
541 int err = 0, err2 = 0;
542 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
543
544 if (EXT4_HAS_RO_COMPAT_FEATURE(sb,
545 EXT4_FEATURE_RO_COMPAT_BIGALLOC)) {
546 ext4_msg(sb, KERN_ERR,
547 "Online resizing not (yet) supported with bigalloc");
548 return -EOPNOTSUPP;
549 }
550
551 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
552 sizeof(__u64))) {
553 return -EFAULT;
554 }
555
556 err = ext4_resize_begin(sb);
557 if (err)
558 return err;
559
560 err = mnt_want_write_file(filp);
561 if (err)
562 goto resizefs_out;
563
564 err = ext4_resize_fs(sb, n_blocks_count);
565 if (EXT4_SB(sb)->s_journal) {
566 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
567 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
568 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
569 }
570 if (err == 0)
571 err = err2;
572 mnt_drop_write_file(filp);
573 if (!err && (o_group > EXT4_SB(sb)->s_groups_count) &&
574 ext4_has_group_desc_csum(sb) &&
575 test_opt(sb, INIT_INODE_TABLE))
576 err = ext4_register_li_request(sb, o_group);
577
578resizefs_out:
579 ext4_resize_end(sb);
580 return err;
581 }
582
583 case FITRIM:
584 {
585 struct request_queue *q = bdev_get_queue(sb->s_bdev);
586 struct fstrim_range range;
587 int ret = 0;
588
589 if (!capable(CAP_SYS_ADMIN))
590 return -EPERM;
591
592 if (!blk_queue_discard(q))
593 return -EOPNOTSUPP;
594
595 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
596 sizeof(range)))
597 return -EFAULT;
598
599 range.minlen = max((unsigned int)range.minlen,
600 q->limits.discard_granularity);
601 ret = ext4_trim_fs(sb, &range);
602 if (ret < 0)
603 return ret;
604
605 if (copy_to_user((struct fstrim_range __user *)arg, &range,
606 sizeof(range)))
607 return -EFAULT;
608
609 return 0;
610 }
611 case EXT4_IOC_PRECACHE_EXTENTS:
612 return ext4_ext_precache(inode);
613
614 default:
615 return -ENOTTY;
616 }
617}
618
619#ifdef CONFIG_COMPAT
620long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
621{
622 /* These are just misnamed, they actually get/put from/to user an int */
623 switch (cmd) {
624 case EXT4_IOC32_GETFLAGS:
625 cmd = EXT4_IOC_GETFLAGS;
626 break;
627 case EXT4_IOC32_SETFLAGS:
628 cmd = EXT4_IOC_SETFLAGS;
629 break;
630 case EXT4_IOC32_GETVERSION:
631 cmd = EXT4_IOC_GETVERSION;
632 break;
633 case EXT4_IOC32_SETVERSION:
634 cmd = EXT4_IOC_SETVERSION;
635 break;
636 case EXT4_IOC32_GROUP_EXTEND:
637 cmd = EXT4_IOC_GROUP_EXTEND;
638 break;
639 case EXT4_IOC32_GETVERSION_OLD:
640 cmd = EXT4_IOC_GETVERSION_OLD;
641 break;
642 case EXT4_IOC32_SETVERSION_OLD:
643 cmd = EXT4_IOC_SETVERSION_OLD;
644 break;
645 case EXT4_IOC32_GETRSVSZ:
646 cmd = EXT4_IOC_GETRSVSZ;
647 break;
648 case EXT4_IOC32_SETRSVSZ:
649 cmd = EXT4_IOC_SETRSVSZ;
650 break;
651 case EXT4_IOC32_GROUP_ADD: {
652 struct compat_ext4_new_group_input __user *uinput;
653 struct ext4_new_group_input input;
654 mm_segment_t old_fs;
655 int err;
656
657 uinput = compat_ptr(arg);
658 err = get_user(input.group, &uinput->group);
659 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
660 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
661 err |= get_user(input.inode_table, &uinput->inode_table);
662 err |= get_user(input.blocks_count, &uinput->blocks_count);
663 err |= get_user(input.reserved_blocks,
664 &uinput->reserved_blocks);
665 if (err)
666 return -EFAULT;
667 old_fs = get_fs();
668 set_fs(KERNEL_DS);
669 err = ext4_ioctl(file, EXT4_IOC_GROUP_ADD,
670 (unsigned long) &input);
671 set_fs(old_fs);
672 return err;
673 }
674 case EXT4_IOC_MOVE_EXT:
675 case FITRIM:
676 case EXT4_IOC_RESIZE_FS:
677 case EXT4_IOC_PRECACHE_EXTENTS:
678 break;
679 default:
680 return -ENOIOCTLCMD;
681 }
682 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
683}
684#endif
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * linux/fs/ext4/ioctl.c
4 *
5 * Copyright (C) 1993, 1994, 1995
6 * Remy Card (card@masi.ibp.fr)
7 * Laboratoire MASI - Institut Blaise Pascal
8 * Universite Pierre et Marie Curie (Paris VI)
9 */
10
11#include <linux/fs.h>
12#include <linux/capability.h>
13#include <linux/time.h>
14#include <linux/compat.h>
15#include <linux/mount.h>
16#include <linux/file.h>
17#include <linux/quotaops.h>
18#include <linux/random.h>
19#include <linux/uaccess.h>
20#include <linux/delay.h>
21#include <linux/iversion.h>
22#include <linux/fileattr.h>
23#include <linux/uuid.h>
24#include "ext4_jbd2.h"
25#include "ext4.h"
26#include <linux/fsmap.h>
27#include "fsmap.h"
28#include <trace/events/ext4.h>
29
30typedef void ext4_update_sb_callback(struct ext4_super_block *es,
31 const void *arg);
32
33/*
34 * Superblock modification callback function for changing file system
35 * label
36 */
37static void ext4_sb_setlabel(struct ext4_super_block *es, const void *arg)
38{
39 /* Sanity check, this should never happen */
40 BUILD_BUG_ON(sizeof(es->s_volume_name) < EXT4_LABEL_MAX);
41
42 memcpy(es->s_volume_name, (char *)arg, EXT4_LABEL_MAX);
43}
44
45/*
46 * Superblock modification callback function for changing file system
47 * UUID.
48 */
49static void ext4_sb_setuuid(struct ext4_super_block *es, const void *arg)
50{
51 memcpy(es->s_uuid, (__u8 *)arg, UUID_SIZE);
52}
53
54static
55int ext4_update_primary_sb(struct super_block *sb, handle_t *handle,
56 ext4_update_sb_callback func,
57 const void *arg)
58{
59 int err = 0;
60 struct ext4_sb_info *sbi = EXT4_SB(sb);
61 struct buffer_head *bh = sbi->s_sbh;
62 struct ext4_super_block *es = sbi->s_es;
63
64 trace_ext4_update_sb(sb, bh->b_blocknr, 1);
65
66 BUFFER_TRACE(bh, "get_write_access");
67 err = ext4_journal_get_write_access(handle, sb,
68 bh,
69 EXT4_JTR_NONE);
70 if (err)
71 goto out_err;
72
73 lock_buffer(bh);
74 func(es, arg);
75 ext4_superblock_csum_set(sb);
76 unlock_buffer(bh);
77
78 if (buffer_write_io_error(bh) || !buffer_uptodate(bh)) {
79 ext4_msg(sbi->s_sb, KERN_ERR, "previous I/O error to "
80 "superblock detected");
81 clear_buffer_write_io_error(bh);
82 set_buffer_uptodate(bh);
83 }
84
85 err = ext4_handle_dirty_metadata(handle, NULL, bh);
86 if (err)
87 goto out_err;
88 err = sync_dirty_buffer(bh);
89out_err:
90 ext4_std_error(sb, err);
91 return err;
92}
93
94/*
95 * Update one backup superblock in the group 'grp' using the callback
96 * function 'func' and argument 'arg'. If the handle is NULL the
97 * modification is not journalled.
98 *
99 * Returns: 0 when no modification was done (no superblock in the group)
100 * 1 when the modification was successful
101 * <0 on error
102 */
103static int ext4_update_backup_sb(struct super_block *sb,
104 handle_t *handle, ext4_group_t grp,
105 ext4_update_sb_callback func, const void *arg)
106{
107 int err = 0;
108 ext4_fsblk_t sb_block;
109 struct buffer_head *bh;
110 unsigned long offset = 0;
111 struct ext4_super_block *es;
112
113 if (!ext4_bg_has_super(sb, grp))
114 return 0;
115
116 /*
117 * For the group 0 there is always 1k padding, so we have
118 * either adjust offset, or sb_block depending on blocksize
119 */
120 if (grp == 0) {
121 sb_block = 1 * EXT4_MIN_BLOCK_SIZE;
122 offset = do_div(sb_block, sb->s_blocksize);
123 } else {
124 sb_block = ext4_group_first_block_no(sb, grp);
125 offset = 0;
126 }
127
128 trace_ext4_update_sb(sb, sb_block, handle ? 1 : 0);
129
130 bh = ext4_sb_bread(sb, sb_block, 0);
131 if (IS_ERR(bh))
132 return PTR_ERR(bh);
133
134 if (handle) {
135 BUFFER_TRACE(bh, "get_write_access");
136 err = ext4_journal_get_write_access(handle, sb,
137 bh,
138 EXT4_JTR_NONE);
139 if (err)
140 goto out_bh;
141 }
142
143 es = (struct ext4_super_block *) (bh->b_data + offset);
144 lock_buffer(bh);
145 if (ext4_has_metadata_csum(sb) &&
146 es->s_checksum != ext4_superblock_csum(sb, es)) {
147 ext4_msg(sb, KERN_ERR, "Invalid checksum for backup "
148 "superblock %llu", sb_block);
149 unlock_buffer(bh);
150 goto out_bh;
151 }
152 func(es, arg);
153 if (ext4_has_metadata_csum(sb))
154 es->s_checksum = ext4_superblock_csum(sb, es);
155 set_buffer_uptodate(bh);
156 unlock_buffer(bh);
157
158 if (err)
159 goto out_bh;
160
161 if (handle) {
162 err = ext4_handle_dirty_metadata(handle, NULL, bh);
163 if (err)
164 goto out_bh;
165 } else {
166 BUFFER_TRACE(bh, "marking dirty");
167 mark_buffer_dirty(bh);
168 }
169 err = sync_dirty_buffer(bh);
170
171out_bh:
172 brelse(bh);
173 ext4_std_error(sb, err);
174 return (err) ? err : 1;
175}
176
177/*
178 * Update primary and backup superblocks using the provided function
179 * func and argument arg.
180 *
181 * Only the primary superblock and at most two backup superblock
182 * modifications are journalled; the rest is modified without journal.
183 * This is safe because e2fsck will re-write them if there is a problem,
184 * and we're very unlikely to ever need more than two backups.
185 */
186static
187int ext4_update_superblocks_fn(struct super_block *sb,
188 ext4_update_sb_callback func,
189 const void *arg)
190{
191 handle_t *handle;
192 ext4_group_t ngroups;
193 unsigned int three = 1;
194 unsigned int five = 5;
195 unsigned int seven = 7;
196 int err = 0, ret, i;
197 ext4_group_t grp, primary_grp;
198 struct ext4_sb_info *sbi = EXT4_SB(sb);
199
200 /*
201 * We can't update superblocks while the online resize is running
202 */
203 if (test_and_set_bit_lock(EXT4_FLAGS_RESIZING,
204 &sbi->s_ext4_flags)) {
205 ext4_msg(sb, KERN_ERR, "Can't modify superblock while"
206 "performing online resize");
207 return -EBUSY;
208 }
209
210 /*
211 * We're only going to update primary superblock and two
212 * backup superblocks in this transaction.
213 */
214 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 3);
215 if (IS_ERR(handle)) {
216 err = PTR_ERR(handle);
217 goto out;
218 }
219
220 /* Update primary superblock */
221 err = ext4_update_primary_sb(sb, handle, func, arg);
222 if (err) {
223 ext4_msg(sb, KERN_ERR, "Failed to update primary "
224 "superblock");
225 goto out_journal;
226 }
227
228 primary_grp = ext4_get_group_number(sb, sbi->s_sbh->b_blocknr);
229 ngroups = ext4_get_groups_count(sb);
230
231 /*
232 * Update backup superblocks. We have to start from group 0
233 * because it might not be where the primary superblock is
234 * if the fs is mounted with -o sb=<backup_sb_block>
235 */
236 i = 0;
237 grp = 0;
238 while (grp < ngroups) {
239 /* Skip primary superblock */
240 if (grp == primary_grp)
241 goto next_grp;
242
243 ret = ext4_update_backup_sb(sb, handle, grp, func, arg);
244 if (ret < 0) {
245 /* Ignore bad checksum; try to update next sb */
246 if (ret == -EFSBADCRC)
247 goto next_grp;
248 err = ret;
249 goto out_journal;
250 }
251
252 i += ret;
253 if (handle && i > 1) {
254 /*
255 * We're only journalling primary superblock and
256 * two backup superblocks; the rest is not
257 * journalled.
258 */
259 err = ext4_journal_stop(handle);
260 if (err)
261 goto out;
262 handle = NULL;
263 }
264next_grp:
265 grp = ext4_list_backups(sb, &three, &five, &seven);
266 }
267
268out_journal:
269 if (handle) {
270 ret = ext4_journal_stop(handle);
271 if (ret && !err)
272 err = ret;
273 }
274out:
275 clear_bit_unlock(EXT4_FLAGS_RESIZING, &sbi->s_ext4_flags);
276 smp_mb__after_atomic();
277 return err ? err : 0;
278}
279
280/*
281 * Swap memory between @a and @b for @len bytes.
282 *
283 * @a: pointer to first memory area
284 * @b: pointer to second memory area
285 * @len: number of bytes to swap
286 *
287 */
288static void memswap(void *a, void *b, size_t len)
289{
290 unsigned char *ap, *bp;
291
292 ap = (unsigned char *)a;
293 bp = (unsigned char *)b;
294 while (len-- > 0) {
295 swap(*ap, *bp);
296 ap++;
297 bp++;
298 }
299}
300
301/*
302 * Swap i_data and associated attributes between @inode1 and @inode2.
303 * This function is used for the primary swap between inode1 and inode2
304 * and also to revert this primary swap in case of errors.
305 *
306 * Therefore you have to make sure, that calling this method twice
307 * will revert all changes.
308 *
309 * @inode1: pointer to first inode
310 * @inode2: pointer to second inode
311 */
312static void swap_inode_data(struct inode *inode1, struct inode *inode2)
313{
314 loff_t isize;
315 struct ext4_inode_info *ei1;
316 struct ext4_inode_info *ei2;
317 unsigned long tmp;
318
319 ei1 = EXT4_I(inode1);
320 ei2 = EXT4_I(inode2);
321
322 swap(inode1->i_version, inode2->i_version);
323 swap(inode1->i_atime, inode2->i_atime);
324 swap(inode1->i_mtime, inode2->i_mtime);
325
326 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
327 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
328 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
329 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
330 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
331 swap(ei1->i_disksize, ei2->i_disksize);
332 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
333 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
334
335 isize = i_size_read(inode1);
336 i_size_write(inode1, i_size_read(inode2));
337 i_size_write(inode2, isize);
338}
339
340void ext4_reset_inode_seed(struct inode *inode)
341{
342 struct ext4_inode_info *ei = EXT4_I(inode);
343 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
344 __le32 inum = cpu_to_le32(inode->i_ino);
345 __le32 gen = cpu_to_le32(inode->i_generation);
346 __u32 csum;
347
348 if (!ext4_has_metadata_csum(inode->i_sb))
349 return;
350
351 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
352 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
353}
354
355/*
356 * Swap the information from the given @inode and the inode
357 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
358 * important fields of the inodes.
359 *
360 * @sb: the super block of the filesystem
361 * @mnt_userns: user namespace of the mount the inode was found from
362 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
363 *
364 */
365static long swap_inode_boot_loader(struct super_block *sb,
366 struct user_namespace *mnt_userns,
367 struct inode *inode)
368{
369 handle_t *handle;
370 int err;
371 struct inode *inode_bl;
372 struct ext4_inode_info *ei_bl;
373 qsize_t size, size_bl, diff;
374 blkcnt_t blocks;
375 unsigned short bytes;
376
377 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO,
378 EXT4_IGET_SPECIAL | EXT4_IGET_BAD);
379 if (IS_ERR(inode_bl))
380 return PTR_ERR(inode_bl);
381 ei_bl = EXT4_I(inode_bl);
382
383 /* Protect orig inodes against a truncate and make sure,
384 * that only 1 swap_inode_boot_loader is running. */
385 lock_two_nondirectories(inode, inode_bl);
386
387 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
388 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
389 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
390 ext4_has_inline_data(inode)) {
391 err = -EINVAL;
392 goto journal_err_out;
393 }
394
395 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
396 !inode_owner_or_capable(mnt_userns, inode) ||
397 !capable(CAP_SYS_ADMIN)) {
398 err = -EPERM;
399 goto journal_err_out;
400 }
401
402 filemap_invalidate_lock(inode->i_mapping);
403 err = filemap_write_and_wait(inode->i_mapping);
404 if (err)
405 goto err_out;
406
407 err = filemap_write_and_wait(inode_bl->i_mapping);
408 if (err)
409 goto err_out;
410
411 /* Wait for all existing dio workers */
412 inode_dio_wait(inode);
413 inode_dio_wait(inode_bl);
414
415 truncate_inode_pages(&inode->i_data, 0);
416 truncate_inode_pages(&inode_bl->i_data, 0);
417
418 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
419 if (IS_ERR(handle)) {
420 err = -EINVAL;
421 goto err_out;
422 }
423 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_SWAP_BOOT, handle);
424
425 /* Protect extent tree against block allocations via delalloc */
426 ext4_double_down_write_data_sem(inode, inode_bl);
427
428 if (is_bad_inode(inode_bl) || !S_ISREG(inode_bl->i_mode)) {
429 /* this inode has never been used as a BOOT_LOADER */
430 set_nlink(inode_bl, 1);
431 i_uid_write(inode_bl, 0);
432 i_gid_write(inode_bl, 0);
433 inode_bl->i_flags = 0;
434 ei_bl->i_flags = 0;
435 inode_set_iversion(inode_bl, 1);
436 i_size_write(inode_bl, 0);
437 inode_bl->i_mode = S_IFREG;
438 if (ext4_has_feature_extents(sb)) {
439 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
440 ext4_ext_tree_init(handle, inode_bl);
441 } else
442 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
443 }
444
445 err = dquot_initialize(inode);
446 if (err)
447 goto err_out1;
448
449 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
450 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
451 diff = size - size_bl;
452 swap_inode_data(inode, inode_bl);
453
454 inode->i_ctime = inode_bl->i_ctime = current_time(inode);
455 inode_inc_iversion(inode);
456
457 inode->i_generation = get_random_u32();
458 inode_bl->i_generation = get_random_u32();
459 ext4_reset_inode_seed(inode);
460 ext4_reset_inode_seed(inode_bl);
461
462 ext4_discard_preallocations(inode, 0);
463
464 err = ext4_mark_inode_dirty(handle, inode);
465 if (err < 0) {
466 /* No need to update quota information. */
467 ext4_warning(inode->i_sb,
468 "couldn't mark inode #%lu dirty (err %d)",
469 inode->i_ino, err);
470 /* Revert all changes: */
471 swap_inode_data(inode, inode_bl);
472 ext4_mark_inode_dirty(handle, inode);
473 goto err_out1;
474 }
475
476 blocks = inode_bl->i_blocks;
477 bytes = inode_bl->i_bytes;
478 inode_bl->i_blocks = inode->i_blocks;
479 inode_bl->i_bytes = inode->i_bytes;
480 err = ext4_mark_inode_dirty(handle, inode_bl);
481 if (err < 0) {
482 /* No need to update quota information. */
483 ext4_warning(inode_bl->i_sb,
484 "couldn't mark inode #%lu dirty (err %d)",
485 inode_bl->i_ino, err);
486 goto revert;
487 }
488
489 /* Bootloader inode should not be counted into quota information. */
490 if (diff > 0)
491 dquot_free_space(inode, diff);
492 else
493 err = dquot_alloc_space(inode, -1 * diff);
494
495 if (err < 0) {
496revert:
497 /* Revert all changes: */
498 inode_bl->i_blocks = blocks;
499 inode_bl->i_bytes = bytes;
500 swap_inode_data(inode, inode_bl);
501 ext4_mark_inode_dirty(handle, inode);
502 ext4_mark_inode_dirty(handle, inode_bl);
503 }
504
505err_out1:
506 ext4_journal_stop(handle);
507 ext4_double_up_write_data_sem(inode, inode_bl);
508
509err_out:
510 filemap_invalidate_unlock(inode->i_mapping);
511journal_err_out:
512 unlock_two_nondirectories(inode, inode_bl);
513 iput(inode_bl);
514 return err;
515}
516
517/*
518 * If immutable is set and we are not clearing it, we're not allowed to change
519 * anything else in the inode. Don't error out if we're only trying to set
520 * immutable on an immutable file.
521 */
522static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
523 unsigned int flags)
524{
525 struct ext4_inode_info *ei = EXT4_I(inode);
526 unsigned int oldflags = ei->i_flags;
527
528 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
529 return 0;
530
531 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
532 return -EPERM;
533 if (ext4_has_feature_project(inode->i_sb) &&
534 __kprojid_val(ei->i_projid) != new_projid)
535 return -EPERM;
536
537 return 0;
538}
539
540static void ext4_dax_dontcache(struct inode *inode, unsigned int flags)
541{
542 struct ext4_inode_info *ei = EXT4_I(inode);
543
544 if (S_ISDIR(inode->i_mode))
545 return;
546
547 if (test_opt2(inode->i_sb, DAX_NEVER) ||
548 test_opt(inode->i_sb, DAX_ALWAYS))
549 return;
550
551 if ((ei->i_flags ^ flags) & EXT4_DAX_FL)
552 d_mark_dontcache(inode);
553}
554
555static bool dax_compatible(struct inode *inode, unsigned int oldflags,
556 unsigned int flags)
557{
558 /* Allow the DAX flag to be changed on inline directories */
559 if (S_ISDIR(inode->i_mode)) {
560 flags &= ~EXT4_INLINE_DATA_FL;
561 oldflags &= ~EXT4_INLINE_DATA_FL;
562 }
563
564 if (flags & EXT4_DAX_FL) {
565 if ((oldflags & EXT4_DAX_MUT_EXCL) ||
566 ext4_test_inode_state(inode,
567 EXT4_STATE_VERITY_IN_PROGRESS)) {
568 return false;
569 }
570 }
571
572 if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL))
573 return false;
574
575 return true;
576}
577
578static int ext4_ioctl_setflags(struct inode *inode,
579 unsigned int flags)
580{
581 struct ext4_inode_info *ei = EXT4_I(inode);
582 handle_t *handle = NULL;
583 int err = -EPERM, migrate = 0;
584 struct ext4_iloc iloc;
585 unsigned int oldflags, mask, i;
586 struct super_block *sb = inode->i_sb;
587
588 /* Is it quota file? Do not allow user to mess with it */
589 if (ext4_is_quota_file(inode))
590 goto flags_out;
591
592 oldflags = ei->i_flags;
593 /*
594 * The JOURNAL_DATA flag can only be changed by
595 * the relevant capability.
596 */
597 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
598 if (!capable(CAP_SYS_RESOURCE))
599 goto flags_out;
600 }
601
602 if (!dax_compatible(inode, oldflags, flags)) {
603 err = -EOPNOTSUPP;
604 goto flags_out;
605 }
606
607 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
608 migrate = 1;
609
610 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) {
611 if (!ext4_has_feature_casefold(sb)) {
612 err = -EOPNOTSUPP;
613 goto flags_out;
614 }
615
616 if (!S_ISDIR(inode->i_mode)) {
617 err = -ENOTDIR;
618 goto flags_out;
619 }
620
621 if (!ext4_empty_dir(inode)) {
622 err = -ENOTEMPTY;
623 goto flags_out;
624 }
625 }
626
627 /*
628 * Wait for all pending directio and then flush all the dirty pages
629 * for this file. The flush marks all the pages readonly, so any
630 * subsequent attempt to write to the file (particularly mmap pages)
631 * will come through the filesystem and fail.
632 */
633 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
634 (flags & EXT4_IMMUTABLE_FL)) {
635 inode_dio_wait(inode);
636 err = filemap_write_and_wait(inode->i_mapping);
637 if (err)
638 goto flags_out;
639 }
640
641 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
642 if (IS_ERR(handle)) {
643 err = PTR_ERR(handle);
644 goto flags_out;
645 }
646 if (IS_SYNC(inode))
647 ext4_handle_sync(handle);
648 err = ext4_reserve_inode_write(handle, inode, &iloc);
649 if (err)
650 goto flags_err;
651
652 ext4_dax_dontcache(inode, flags);
653
654 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
655 if (!(mask & EXT4_FL_USER_MODIFIABLE))
656 continue;
657 /* These flags get special treatment later */
658 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
659 continue;
660 if (mask & flags)
661 ext4_set_inode_flag(inode, i);
662 else
663 ext4_clear_inode_flag(inode, i);
664 }
665
666 ext4_set_inode_flags(inode, false);
667
668 inode->i_ctime = current_time(inode);
669 inode_inc_iversion(inode);
670
671 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
672flags_err:
673 ext4_journal_stop(handle);
674 if (err)
675 goto flags_out;
676
677 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
678 /*
679 * Changes to the journaling mode can cause unsafe changes to
680 * S_DAX if the inode is DAX
681 */
682 if (IS_DAX(inode)) {
683 err = -EBUSY;
684 goto flags_out;
685 }
686
687 err = ext4_change_inode_journal_flag(inode,
688 flags & EXT4_JOURNAL_DATA_FL);
689 if (err)
690 goto flags_out;
691 }
692 if (migrate) {
693 if (flags & EXT4_EXTENTS_FL)
694 err = ext4_ext_migrate(inode);
695 else
696 err = ext4_ind_migrate(inode);
697 }
698
699flags_out:
700 return err;
701}
702
703#ifdef CONFIG_QUOTA
704static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
705{
706 struct super_block *sb = inode->i_sb;
707 struct ext4_inode_info *ei = EXT4_I(inode);
708 int err, rc;
709 handle_t *handle;
710 kprojid_t kprojid;
711 struct ext4_iloc iloc;
712 struct ext4_inode *raw_inode;
713 struct dquot *transfer_to[MAXQUOTAS] = { };
714
715 if (!ext4_has_feature_project(sb)) {
716 if (projid != EXT4_DEF_PROJID)
717 return -EOPNOTSUPP;
718 else
719 return 0;
720 }
721
722 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
723 return -EOPNOTSUPP;
724
725 kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
726
727 if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
728 return 0;
729
730 err = -EPERM;
731 /* Is it quota file? Do not allow user to mess with it */
732 if (ext4_is_quota_file(inode))
733 return err;
734
735 err = dquot_initialize(inode);
736 if (err)
737 return err;
738
739 err = ext4_get_inode_loc(inode, &iloc);
740 if (err)
741 return err;
742
743 raw_inode = ext4_raw_inode(&iloc);
744 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
745 err = ext4_expand_extra_isize(inode,
746 EXT4_SB(sb)->s_want_extra_isize,
747 &iloc);
748 if (err)
749 return err;
750 } else {
751 brelse(iloc.bh);
752 }
753
754 handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
755 EXT4_QUOTA_INIT_BLOCKS(sb) +
756 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
757 if (IS_ERR(handle))
758 return PTR_ERR(handle);
759
760 err = ext4_reserve_inode_write(handle, inode, &iloc);
761 if (err)
762 goto out_stop;
763
764 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
765 if (!IS_ERR(transfer_to[PRJQUOTA])) {
766
767 /* __dquot_transfer() calls back ext4_get_inode_usage() which
768 * counts xattr inode references.
769 */
770 down_read(&EXT4_I(inode)->xattr_sem);
771 err = __dquot_transfer(inode, transfer_to);
772 up_read(&EXT4_I(inode)->xattr_sem);
773 dqput(transfer_to[PRJQUOTA]);
774 if (err)
775 goto out_dirty;
776 }
777
778 EXT4_I(inode)->i_projid = kprojid;
779 inode->i_ctime = current_time(inode);
780 inode_inc_iversion(inode);
781out_dirty:
782 rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
783 if (!err)
784 err = rc;
785out_stop:
786 ext4_journal_stop(handle);
787 return err;
788}
789#else
790static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
791{
792 if (projid != EXT4_DEF_PROJID)
793 return -EOPNOTSUPP;
794 return 0;
795}
796#endif
797
798static int ext4_shutdown(struct super_block *sb, unsigned long arg)
799{
800 struct ext4_sb_info *sbi = EXT4_SB(sb);
801 __u32 flags;
802
803 if (!capable(CAP_SYS_ADMIN))
804 return -EPERM;
805
806 if (get_user(flags, (__u32 __user *)arg))
807 return -EFAULT;
808
809 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
810 return -EINVAL;
811
812 if (ext4_forced_shutdown(sbi))
813 return 0;
814
815 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
816 trace_ext4_shutdown(sb, flags);
817
818 switch (flags) {
819 case EXT4_GOING_FLAGS_DEFAULT:
820 freeze_bdev(sb->s_bdev);
821 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
822 thaw_bdev(sb->s_bdev);
823 break;
824 case EXT4_GOING_FLAGS_LOGFLUSH:
825 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
826 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
827 (void) ext4_force_commit(sb);
828 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
829 }
830 break;
831 case EXT4_GOING_FLAGS_NOLOGFLUSH:
832 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
833 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
834 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
835 break;
836 default:
837 return -EINVAL;
838 }
839 clear_opt(sb, DISCARD);
840 return 0;
841}
842
843struct getfsmap_info {
844 struct super_block *gi_sb;
845 struct fsmap_head __user *gi_data;
846 unsigned int gi_idx;
847 __u32 gi_last_flags;
848};
849
850static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
851{
852 struct getfsmap_info *info = priv;
853 struct fsmap fm;
854
855 trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
856
857 info->gi_last_flags = xfm->fmr_flags;
858 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
859 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
860 sizeof(struct fsmap)))
861 return -EFAULT;
862
863 return 0;
864}
865
866static int ext4_ioc_getfsmap(struct super_block *sb,
867 struct fsmap_head __user *arg)
868{
869 struct getfsmap_info info = { NULL };
870 struct ext4_fsmap_head xhead = {0};
871 struct fsmap_head head;
872 bool aborted = false;
873 int error;
874
875 if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
876 return -EFAULT;
877 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
878 memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
879 sizeof(head.fmh_keys[0].fmr_reserved)) ||
880 memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
881 sizeof(head.fmh_keys[1].fmr_reserved)))
882 return -EINVAL;
883 /*
884 * ext4 doesn't report file extents at all, so the only valid
885 * file offsets are the magic ones (all zeroes or all ones).
886 */
887 if (head.fmh_keys[0].fmr_offset ||
888 (head.fmh_keys[1].fmr_offset != 0 &&
889 head.fmh_keys[1].fmr_offset != -1ULL))
890 return -EINVAL;
891
892 xhead.fmh_iflags = head.fmh_iflags;
893 xhead.fmh_count = head.fmh_count;
894 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
895 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
896
897 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
898 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
899
900 info.gi_sb = sb;
901 info.gi_data = arg;
902 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
903 if (error == EXT4_QUERY_RANGE_ABORT)
904 aborted = true;
905 else if (error)
906 return error;
907
908 /* If we didn't abort, set the "last" flag in the last fmx */
909 if (!aborted && info.gi_idx) {
910 info.gi_last_flags |= FMR_OF_LAST;
911 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
912 &info.gi_last_flags,
913 sizeof(info.gi_last_flags)))
914 return -EFAULT;
915 }
916
917 /* copy back header */
918 head.fmh_entries = xhead.fmh_entries;
919 head.fmh_oflags = xhead.fmh_oflags;
920 if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
921 return -EFAULT;
922
923 return 0;
924}
925
926static long ext4_ioctl_group_add(struct file *file,
927 struct ext4_new_group_data *input)
928{
929 struct super_block *sb = file_inode(file)->i_sb;
930 int err, err2=0;
931
932 err = ext4_resize_begin(sb);
933 if (err)
934 return err;
935
936 if (ext4_has_feature_bigalloc(sb)) {
937 ext4_msg(sb, KERN_ERR,
938 "Online resizing not supported with bigalloc");
939 err = -EOPNOTSUPP;
940 goto group_add_out;
941 }
942
943 err = mnt_want_write_file(file);
944 if (err)
945 goto group_add_out;
946
947 err = ext4_group_add(sb, input);
948 if (EXT4_SB(sb)->s_journal) {
949 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
950 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
951 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
952 }
953 if (err == 0)
954 err = err2;
955 mnt_drop_write_file(file);
956 if (!err && ext4_has_group_desc_csum(sb) &&
957 test_opt(sb, INIT_INODE_TABLE))
958 err = ext4_register_li_request(sb, input->group);
959group_add_out:
960 err2 = ext4_resize_end(sb, false);
961 if (err == 0)
962 err = err2;
963 return err;
964}
965
966int ext4_fileattr_get(struct dentry *dentry, struct fileattr *fa)
967{
968 struct inode *inode = d_inode(dentry);
969 struct ext4_inode_info *ei = EXT4_I(inode);
970 u32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
971
972 if (S_ISREG(inode->i_mode))
973 flags &= ~FS_PROJINHERIT_FL;
974
975 fileattr_fill_flags(fa, flags);
976 if (ext4_has_feature_project(inode->i_sb))
977 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid);
978
979 return 0;
980}
981
982int ext4_fileattr_set(struct user_namespace *mnt_userns,
983 struct dentry *dentry, struct fileattr *fa)
984{
985 struct inode *inode = d_inode(dentry);
986 u32 flags = fa->flags;
987 int err = -EOPNOTSUPP;
988
989 if (flags & ~EXT4_FL_USER_VISIBLE)
990 goto out;
991
992 /*
993 * chattr(1) grabs flags via GETFLAGS, modifies the result and
994 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
995 * more restrictive than just silently masking off visible but
996 * not settable flags as we always did.
997 */
998 flags &= EXT4_FL_USER_MODIFIABLE;
999 if (ext4_mask_flags(inode->i_mode, flags) != flags)
1000 goto out;
1001 err = ext4_ioctl_check_immutable(inode, fa->fsx_projid, flags);
1002 if (err)
1003 goto out;
1004 err = ext4_ioctl_setflags(inode, flags);
1005 if (err)
1006 goto out;
1007 err = ext4_ioctl_setproject(inode, fa->fsx_projid);
1008out:
1009 return err;
1010}
1011
1012/* So that the fiemap access checks can't overflow on 32 bit machines. */
1013#define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent))
1014
1015static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg)
1016{
1017 struct fiemap fiemap;
1018 struct fiemap __user *ufiemap = (struct fiemap __user *) arg;
1019 struct fiemap_extent_info fieinfo = { 0, };
1020 struct inode *inode = file_inode(filp);
1021 int error;
1022
1023 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap)))
1024 return -EFAULT;
1025
1026 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS)
1027 return -EINVAL;
1028
1029 fieinfo.fi_flags = fiemap.fm_flags;
1030 fieinfo.fi_extents_max = fiemap.fm_extent_count;
1031 fieinfo.fi_extents_start = ufiemap->fm_extents;
1032
1033 error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start,
1034 fiemap.fm_length);
1035 fiemap.fm_flags = fieinfo.fi_flags;
1036 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
1037 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap)))
1038 error = -EFAULT;
1039
1040 return error;
1041}
1042
1043static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg)
1044{
1045 int err = 0;
1046 __u32 flags = 0;
1047 unsigned int flush_flags = 0;
1048 struct super_block *sb = file_inode(filp)->i_sb;
1049
1050 if (copy_from_user(&flags, (__u32 __user *)arg,
1051 sizeof(__u32)))
1052 return -EFAULT;
1053
1054 if (!capable(CAP_SYS_ADMIN))
1055 return -EPERM;
1056
1057 /* check for invalid bits set */
1058 if ((flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) ||
1059 ((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
1060 (flags & JBD2_JOURNAL_FLUSH_ZEROOUT)))
1061 return -EINVAL;
1062
1063 if (!EXT4_SB(sb)->s_journal)
1064 return -ENODEV;
1065
1066 if ((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
1067 !bdev_max_discard_sectors(EXT4_SB(sb)->s_journal->j_dev))
1068 return -EOPNOTSUPP;
1069
1070 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DRY_RUN)
1071 return 0;
1072
1073 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DISCARD)
1074 flush_flags |= JBD2_JOURNAL_FLUSH_DISCARD;
1075
1076 if (flags & EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT) {
1077 flush_flags |= JBD2_JOURNAL_FLUSH_ZEROOUT;
1078 pr_info_ratelimited("warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow");
1079 }
1080
1081 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1082 err = jbd2_journal_flush(EXT4_SB(sb)->s_journal, flush_flags);
1083 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1084
1085 return err;
1086}
1087
1088static int ext4_ioctl_setlabel(struct file *filp, const char __user *user_label)
1089{
1090 size_t len;
1091 int ret = 0;
1092 char new_label[EXT4_LABEL_MAX + 1];
1093 struct super_block *sb = file_inode(filp)->i_sb;
1094
1095 if (!capable(CAP_SYS_ADMIN))
1096 return -EPERM;
1097
1098 /*
1099 * Copy the maximum length allowed for ext4 label with one more to
1100 * find the required terminating null byte in order to test the
1101 * label length. The on disk label doesn't need to be null terminated.
1102 */
1103 if (copy_from_user(new_label, user_label, EXT4_LABEL_MAX + 1))
1104 return -EFAULT;
1105
1106 len = strnlen(new_label, EXT4_LABEL_MAX + 1);
1107 if (len > EXT4_LABEL_MAX)
1108 return -EINVAL;
1109
1110 /*
1111 * Clear the buffer after the new label
1112 */
1113 memset(new_label + len, 0, EXT4_LABEL_MAX - len);
1114
1115 ret = mnt_want_write_file(filp);
1116 if (ret)
1117 return ret;
1118
1119 ret = ext4_update_superblocks_fn(sb, ext4_sb_setlabel, new_label);
1120
1121 mnt_drop_write_file(filp);
1122 return ret;
1123}
1124
1125static int ext4_ioctl_getlabel(struct ext4_sb_info *sbi, char __user *user_label)
1126{
1127 char label[EXT4_LABEL_MAX + 1];
1128
1129 /*
1130 * EXT4_LABEL_MAX must always be smaller than FSLABEL_MAX because
1131 * FSLABEL_MAX must include terminating null byte, while s_volume_name
1132 * does not have to.
1133 */
1134 BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX);
1135
1136 memset(label, 0, sizeof(label));
1137 lock_buffer(sbi->s_sbh);
1138 strncpy(label, sbi->s_es->s_volume_name, EXT4_LABEL_MAX);
1139 unlock_buffer(sbi->s_sbh);
1140
1141 if (copy_to_user(user_label, label, sizeof(label)))
1142 return -EFAULT;
1143 return 0;
1144}
1145
1146static int ext4_ioctl_getuuid(struct ext4_sb_info *sbi,
1147 struct fsuuid __user *ufsuuid)
1148{
1149 struct fsuuid fsuuid;
1150 __u8 uuid[UUID_SIZE];
1151
1152 if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid)))
1153 return -EFAULT;
1154
1155 if (fsuuid.fsu_len == 0) {
1156 fsuuid.fsu_len = UUID_SIZE;
1157 if (copy_to_user(&ufsuuid->fsu_len, &fsuuid.fsu_len,
1158 sizeof(fsuuid.fsu_len)))
1159 return -EFAULT;
1160 return 0;
1161 }
1162
1163 if (fsuuid.fsu_len < UUID_SIZE || fsuuid.fsu_flags != 0)
1164 return -EINVAL;
1165
1166 lock_buffer(sbi->s_sbh);
1167 memcpy(uuid, sbi->s_es->s_uuid, UUID_SIZE);
1168 unlock_buffer(sbi->s_sbh);
1169
1170 fsuuid.fsu_len = UUID_SIZE;
1171 if (copy_to_user(ufsuuid, &fsuuid, sizeof(fsuuid)) ||
1172 copy_to_user(&ufsuuid->fsu_uuid[0], uuid, UUID_SIZE))
1173 return -EFAULT;
1174 return 0;
1175}
1176
1177static int ext4_ioctl_setuuid(struct file *filp,
1178 const struct fsuuid __user *ufsuuid)
1179{
1180 int ret = 0;
1181 struct super_block *sb = file_inode(filp)->i_sb;
1182 struct fsuuid fsuuid;
1183 __u8 uuid[UUID_SIZE];
1184
1185 if (!capable(CAP_SYS_ADMIN))
1186 return -EPERM;
1187
1188 /*
1189 * If any checksums (group descriptors or metadata) are being used
1190 * then the checksum seed feature is required to change the UUID.
1191 */
1192 if (((ext4_has_feature_gdt_csum(sb) || ext4_has_metadata_csum(sb))
1193 && !ext4_has_feature_csum_seed(sb))
1194 || ext4_has_feature_stable_inodes(sb))
1195 return -EOPNOTSUPP;
1196
1197 if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid)))
1198 return -EFAULT;
1199
1200 if (fsuuid.fsu_len != UUID_SIZE || fsuuid.fsu_flags != 0)
1201 return -EINVAL;
1202
1203 if (copy_from_user(uuid, &ufsuuid->fsu_uuid[0], UUID_SIZE))
1204 return -EFAULT;
1205
1206 ret = mnt_want_write_file(filp);
1207 if (ret)
1208 return ret;
1209
1210 ret = ext4_update_superblocks_fn(sb, ext4_sb_setuuid, &uuid);
1211 mnt_drop_write_file(filp);
1212
1213 return ret;
1214}
1215
1216static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1217{
1218 struct inode *inode = file_inode(filp);
1219 struct super_block *sb = inode->i_sb;
1220 struct user_namespace *mnt_userns = file_mnt_user_ns(filp);
1221
1222 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
1223
1224 switch (cmd) {
1225 case FS_IOC_GETFSMAP:
1226 return ext4_ioc_getfsmap(sb, (void __user *)arg);
1227 case EXT4_IOC_GETVERSION:
1228 case EXT4_IOC_GETVERSION_OLD:
1229 return put_user(inode->i_generation, (int __user *) arg);
1230 case EXT4_IOC_SETVERSION:
1231 case EXT4_IOC_SETVERSION_OLD: {
1232 handle_t *handle;
1233 struct ext4_iloc iloc;
1234 __u32 generation;
1235 int err;
1236
1237 if (!inode_owner_or_capable(mnt_userns, inode))
1238 return -EPERM;
1239
1240 if (ext4_has_metadata_csum(inode->i_sb)) {
1241 ext4_warning(sb, "Setting inode version is not "
1242 "supported with metadata_csum enabled.");
1243 return -ENOTTY;
1244 }
1245
1246 err = mnt_want_write_file(filp);
1247 if (err)
1248 return err;
1249 if (get_user(generation, (int __user *) arg)) {
1250 err = -EFAULT;
1251 goto setversion_out;
1252 }
1253
1254 inode_lock(inode);
1255 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
1256 if (IS_ERR(handle)) {
1257 err = PTR_ERR(handle);
1258 goto unlock_out;
1259 }
1260 err = ext4_reserve_inode_write(handle, inode, &iloc);
1261 if (err == 0) {
1262 inode->i_ctime = current_time(inode);
1263 inode_inc_iversion(inode);
1264 inode->i_generation = generation;
1265 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
1266 }
1267 ext4_journal_stop(handle);
1268
1269unlock_out:
1270 inode_unlock(inode);
1271setversion_out:
1272 mnt_drop_write_file(filp);
1273 return err;
1274 }
1275 case EXT4_IOC_GROUP_EXTEND: {
1276 ext4_fsblk_t n_blocks_count;
1277 int err, err2=0;
1278
1279 err = ext4_resize_begin(sb);
1280 if (err)
1281 return err;
1282
1283 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
1284 err = -EFAULT;
1285 goto group_extend_out;
1286 }
1287
1288 if (ext4_has_feature_bigalloc(sb)) {
1289 ext4_msg(sb, KERN_ERR,
1290 "Online resizing not supported with bigalloc");
1291 err = -EOPNOTSUPP;
1292 goto group_extend_out;
1293 }
1294
1295 err = mnt_want_write_file(filp);
1296 if (err)
1297 goto group_extend_out;
1298
1299 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
1300 if (EXT4_SB(sb)->s_journal) {
1301 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1302 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1303 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1304 }
1305 if (err == 0)
1306 err = err2;
1307 mnt_drop_write_file(filp);
1308group_extend_out:
1309 err2 = ext4_resize_end(sb, false);
1310 if (err == 0)
1311 err = err2;
1312 return err;
1313 }
1314
1315 case EXT4_IOC_MOVE_EXT: {
1316 struct move_extent me;
1317 struct fd donor;
1318 int err;
1319
1320 if (!(filp->f_mode & FMODE_READ) ||
1321 !(filp->f_mode & FMODE_WRITE))
1322 return -EBADF;
1323
1324 if (copy_from_user(&me,
1325 (struct move_extent __user *)arg, sizeof(me)))
1326 return -EFAULT;
1327 me.moved_len = 0;
1328
1329 donor = fdget(me.donor_fd);
1330 if (!donor.file)
1331 return -EBADF;
1332
1333 if (!(donor.file->f_mode & FMODE_WRITE)) {
1334 err = -EBADF;
1335 goto mext_out;
1336 }
1337
1338 if (ext4_has_feature_bigalloc(sb)) {
1339 ext4_msg(sb, KERN_ERR,
1340 "Online defrag not supported with bigalloc");
1341 err = -EOPNOTSUPP;
1342 goto mext_out;
1343 } else if (IS_DAX(inode)) {
1344 ext4_msg(sb, KERN_ERR,
1345 "Online defrag not supported with DAX");
1346 err = -EOPNOTSUPP;
1347 goto mext_out;
1348 }
1349
1350 err = mnt_want_write_file(filp);
1351 if (err)
1352 goto mext_out;
1353
1354 err = ext4_move_extents(filp, donor.file, me.orig_start,
1355 me.donor_start, me.len, &me.moved_len);
1356 mnt_drop_write_file(filp);
1357
1358 if (copy_to_user((struct move_extent __user *)arg,
1359 &me, sizeof(me)))
1360 err = -EFAULT;
1361mext_out:
1362 fdput(donor);
1363 return err;
1364 }
1365
1366 case EXT4_IOC_GROUP_ADD: {
1367 struct ext4_new_group_data input;
1368
1369 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
1370 sizeof(input)))
1371 return -EFAULT;
1372
1373 return ext4_ioctl_group_add(filp, &input);
1374 }
1375
1376 case EXT4_IOC_MIGRATE:
1377 {
1378 int err;
1379 if (!inode_owner_or_capable(mnt_userns, inode))
1380 return -EACCES;
1381
1382 err = mnt_want_write_file(filp);
1383 if (err)
1384 return err;
1385 /*
1386 * inode_mutex prevent write and truncate on the file.
1387 * Read still goes through. We take i_data_sem in
1388 * ext4_ext_swap_inode_data before we switch the
1389 * inode format to prevent read.
1390 */
1391 inode_lock((inode));
1392 err = ext4_ext_migrate(inode);
1393 inode_unlock((inode));
1394 mnt_drop_write_file(filp);
1395 return err;
1396 }
1397
1398 case EXT4_IOC_ALLOC_DA_BLKS:
1399 {
1400 int err;
1401 if (!inode_owner_or_capable(mnt_userns, inode))
1402 return -EACCES;
1403
1404 err = mnt_want_write_file(filp);
1405 if (err)
1406 return err;
1407 err = ext4_alloc_da_blocks(inode);
1408 mnt_drop_write_file(filp);
1409 return err;
1410 }
1411
1412 case EXT4_IOC_SWAP_BOOT:
1413 {
1414 int err;
1415 if (!(filp->f_mode & FMODE_WRITE))
1416 return -EBADF;
1417 err = mnt_want_write_file(filp);
1418 if (err)
1419 return err;
1420 err = swap_inode_boot_loader(sb, mnt_userns, inode);
1421 mnt_drop_write_file(filp);
1422 return err;
1423 }
1424
1425 case EXT4_IOC_RESIZE_FS: {
1426 ext4_fsblk_t n_blocks_count;
1427 int err = 0, err2 = 0;
1428 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
1429
1430 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1431 sizeof(__u64))) {
1432 return -EFAULT;
1433 }
1434
1435 err = ext4_resize_begin(sb);
1436 if (err)
1437 return err;
1438
1439 err = mnt_want_write_file(filp);
1440 if (err)
1441 goto resizefs_out;
1442
1443 err = ext4_resize_fs(sb, n_blocks_count);
1444 if (EXT4_SB(sb)->s_journal) {
1445 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE, NULL);
1446 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1447 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1448 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1449 }
1450 if (err == 0)
1451 err = err2;
1452 mnt_drop_write_file(filp);
1453 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1454 ext4_has_group_desc_csum(sb) &&
1455 test_opt(sb, INIT_INODE_TABLE))
1456 err = ext4_register_li_request(sb, o_group);
1457
1458resizefs_out:
1459 err2 = ext4_resize_end(sb, true);
1460 if (err == 0)
1461 err = err2;
1462 return err;
1463 }
1464
1465 case FITRIM:
1466 {
1467 struct fstrim_range range;
1468 int ret = 0;
1469
1470 if (!capable(CAP_SYS_ADMIN))
1471 return -EPERM;
1472
1473 if (!bdev_max_discard_sectors(sb->s_bdev))
1474 return -EOPNOTSUPP;
1475
1476 /*
1477 * We haven't replayed the journal, so we cannot use our
1478 * block-bitmap-guided storage zapping commands.
1479 */
1480 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1481 return -EROFS;
1482
1483 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1484 sizeof(range)))
1485 return -EFAULT;
1486
1487 ret = ext4_trim_fs(sb, &range);
1488 if (ret < 0)
1489 return ret;
1490
1491 if (copy_to_user((struct fstrim_range __user *)arg, &range,
1492 sizeof(range)))
1493 return -EFAULT;
1494
1495 return 0;
1496 }
1497 case EXT4_IOC_PRECACHE_EXTENTS:
1498 return ext4_ext_precache(inode);
1499
1500 case FS_IOC_SET_ENCRYPTION_POLICY:
1501 if (!ext4_has_feature_encrypt(sb))
1502 return -EOPNOTSUPP;
1503 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1504
1505 case FS_IOC_GET_ENCRYPTION_PWSALT:
1506 return ext4_ioctl_get_encryption_pwsalt(filp, (void __user *)arg);
1507
1508 case FS_IOC_GET_ENCRYPTION_POLICY:
1509 if (!ext4_has_feature_encrypt(sb))
1510 return -EOPNOTSUPP;
1511 return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1512
1513 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1514 if (!ext4_has_feature_encrypt(sb))
1515 return -EOPNOTSUPP;
1516 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg);
1517
1518 case FS_IOC_ADD_ENCRYPTION_KEY:
1519 if (!ext4_has_feature_encrypt(sb))
1520 return -EOPNOTSUPP;
1521 return fscrypt_ioctl_add_key(filp, (void __user *)arg);
1522
1523 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1524 if (!ext4_has_feature_encrypt(sb))
1525 return -EOPNOTSUPP;
1526 return fscrypt_ioctl_remove_key(filp, (void __user *)arg);
1527
1528 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1529 if (!ext4_has_feature_encrypt(sb))
1530 return -EOPNOTSUPP;
1531 return fscrypt_ioctl_remove_key_all_users(filp,
1532 (void __user *)arg);
1533 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1534 if (!ext4_has_feature_encrypt(sb))
1535 return -EOPNOTSUPP;
1536 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg);
1537
1538 case FS_IOC_GET_ENCRYPTION_NONCE:
1539 if (!ext4_has_feature_encrypt(sb))
1540 return -EOPNOTSUPP;
1541 return fscrypt_ioctl_get_nonce(filp, (void __user *)arg);
1542
1543 case EXT4_IOC_CLEAR_ES_CACHE:
1544 {
1545 if (!inode_owner_or_capable(mnt_userns, inode))
1546 return -EACCES;
1547 ext4_clear_inode_es(inode);
1548 return 0;
1549 }
1550
1551 case EXT4_IOC_GETSTATE:
1552 {
1553 __u32 state = 0;
1554
1555 if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED))
1556 state |= EXT4_STATE_FLAG_EXT_PRECACHED;
1557 if (ext4_test_inode_state(inode, EXT4_STATE_NEW))
1558 state |= EXT4_STATE_FLAG_NEW;
1559 if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
1560 state |= EXT4_STATE_FLAG_NEWENTRY;
1561 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE))
1562 state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE;
1563
1564 return put_user(state, (__u32 __user *) arg);
1565 }
1566
1567 case EXT4_IOC_GET_ES_CACHE:
1568 return ext4_ioctl_get_es_cache(filp, arg);
1569
1570 case EXT4_IOC_SHUTDOWN:
1571 return ext4_shutdown(sb, arg);
1572
1573 case FS_IOC_ENABLE_VERITY:
1574 if (!ext4_has_feature_verity(sb))
1575 return -EOPNOTSUPP;
1576 return fsverity_ioctl_enable(filp, (const void __user *)arg);
1577
1578 case FS_IOC_MEASURE_VERITY:
1579 if (!ext4_has_feature_verity(sb))
1580 return -EOPNOTSUPP;
1581 return fsverity_ioctl_measure(filp, (void __user *)arg);
1582
1583 case FS_IOC_READ_VERITY_METADATA:
1584 if (!ext4_has_feature_verity(sb))
1585 return -EOPNOTSUPP;
1586 return fsverity_ioctl_read_metadata(filp,
1587 (const void __user *)arg);
1588
1589 case EXT4_IOC_CHECKPOINT:
1590 return ext4_ioctl_checkpoint(filp, arg);
1591
1592 case FS_IOC_GETFSLABEL:
1593 return ext4_ioctl_getlabel(EXT4_SB(sb), (void __user *)arg);
1594
1595 case FS_IOC_SETFSLABEL:
1596 return ext4_ioctl_setlabel(filp,
1597 (const void __user *)arg);
1598
1599 case EXT4_IOC_GETFSUUID:
1600 return ext4_ioctl_getuuid(EXT4_SB(sb), (void __user *)arg);
1601 case EXT4_IOC_SETFSUUID:
1602 return ext4_ioctl_setuuid(filp, (const void __user *)arg);
1603 default:
1604 return -ENOTTY;
1605 }
1606}
1607
1608long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1609{
1610 return __ext4_ioctl(filp, cmd, arg);
1611}
1612
1613#ifdef CONFIG_COMPAT
1614long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1615{
1616 /* These are just misnamed, they actually get/put from/to user an int */
1617 switch (cmd) {
1618 case EXT4_IOC32_GETVERSION:
1619 cmd = EXT4_IOC_GETVERSION;
1620 break;
1621 case EXT4_IOC32_SETVERSION:
1622 cmd = EXT4_IOC_SETVERSION;
1623 break;
1624 case EXT4_IOC32_GROUP_EXTEND:
1625 cmd = EXT4_IOC_GROUP_EXTEND;
1626 break;
1627 case EXT4_IOC32_GETVERSION_OLD:
1628 cmd = EXT4_IOC_GETVERSION_OLD;
1629 break;
1630 case EXT4_IOC32_SETVERSION_OLD:
1631 cmd = EXT4_IOC_SETVERSION_OLD;
1632 break;
1633 case EXT4_IOC32_GETRSVSZ:
1634 cmd = EXT4_IOC_GETRSVSZ;
1635 break;
1636 case EXT4_IOC32_SETRSVSZ:
1637 cmd = EXT4_IOC_SETRSVSZ;
1638 break;
1639 case EXT4_IOC32_GROUP_ADD: {
1640 struct compat_ext4_new_group_input __user *uinput;
1641 struct ext4_new_group_data input;
1642 int err;
1643
1644 uinput = compat_ptr(arg);
1645 err = get_user(input.group, &uinput->group);
1646 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1647 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1648 err |= get_user(input.inode_table, &uinput->inode_table);
1649 err |= get_user(input.blocks_count, &uinput->blocks_count);
1650 err |= get_user(input.reserved_blocks,
1651 &uinput->reserved_blocks);
1652 if (err)
1653 return -EFAULT;
1654 return ext4_ioctl_group_add(file, &input);
1655 }
1656 case EXT4_IOC_MOVE_EXT:
1657 case EXT4_IOC_RESIZE_FS:
1658 case FITRIM:
1659 case EXT4_IOC_PRECACHE_EXTENTS:
1660 case FS_IOC_SET_ENCRYPTION_POLICY:
1661 case FS_IOC_GET_ENCRYPTION_PWSALT:
1662 case FS_IOC_GET_ENCRYPTION_POLICY:
1663 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1664 case FS_IOC_ADD_ENCRYPTION_KEY:
1665 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1666 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1667 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1668 case FS_IOC_GET_ENCRYPTION_NONCE:
1669 case EXT4_IOC_SHUTDOWN:
1670 case FS_IOC_GETFSMAP:
1671 case FS_IOC_ENABLE_VERITY:
1672 case FS_IOC_MEASURE_VERITY:
1673 case FS_IOC_READ_VERITY_METADATA:
1674 case EXT4_IOC_CLEAR_ES_CACHE:
1675 case EXT4_IOC_GETSTATE:
1676 case EXT4_IOC_GET_ES_CACHE:
1677 case EXT4_IOC_CHECKPOINT:
1678 case FS_IOC_GETFSLABEL:
1679 case FS_IOC_SETFSLABEL:
1680 case EXT4_IOC_GETFSUUID:
1681 case EXT4_IOC_SETFSUUID:
1682 break;
1683 default:
1684 return -ENOIOCTLCMD;
1685 }
1686 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1687}
1688#endif
1689
1690static void set_overhead(struct ext4_super_block *es, const void *arg)
1691{
1692 es->s_overhead_clusters = cpu_to_le32(*((unsigned long *) arg));
1693}
1694
1695int ext4_update_overhead(struct super_block *sb, bool force)
1696{
1697 struct ext4_sb_info *sbi = EXT4_SB(sb);
1698
1699 if (sb_rdonly(sb))
1700 return 0;
1701 if (!force &&
1702 (sbi->s_overhead == 0 ||
1703 sbi->s_overhead == le32_to_cpu(sbi->s_es->s_overhead_clusters)))
1704 return 0;
1705 return ext4_update_superblocks_fn(sb, set_overhead, &sbi->s_overhead);
1706}