Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * linux/fs/ext4/ioctl.c
4 *
5 * Copyright (C) 1993, 1994, 1995
6 * Remy Card (card@masi.ibp.fr)
7 * Laboratoire MASI - Institut Blaise Pascal
8 * Universite Pierre et Marie Curie (Paris VI)
9 */
10
11#include <linux/fs.h>
12#include <linux/capability.h>
13#include <linux/time.h>
14#include <linux/compat.h>
15#include <linux/mount.h>
16#include <linux/file.h>
17#include <linux/quotaops.h>
18#include <linux/random.h>
19#include <linux/uuid.h>
20#include <linux/uaccess.h>
21#include <linux/delay.h>
22#include <linux/iversion.h>
23#include "ext4_jbd2.h"
24#include "ext4.h"
25#include <linux/fsmap.h>
26#include "fsmap.h"
27#include <trace/events/ext4.h>
28
29/**
30 * Swap memory between @a and @b for @len bytes.
31 *
32 * @a: pointer to first memory area
33 * @b: pointer to second memory area
34 * @len: number of bytes to swap
35 *
36 */
37static void memswap(void *a, void *b, size_t len)
38{
39 unsigned char *ap, *bp;
40
41 ap = (unsigned char *)a;
42 bp = (unsigned char *)b;
43 while (len-- > 0) {
44 swap(*ap, *bp);
45 ap++;
46 bp++;
47 }
48}
49
50/**
51 * Swap i_data and associated attributes between @inode1 and @inode2.
52 * This function is used for the primary swap between inode1 and inode2
53 * and also to revert this primary swap in case of errors.
54 *
55 * Therefore you have to make sure, that calling this method twice
56 * will revert all changes.
57 *
58 * @inode1: pointer to first inode
59 * @inode2: pointer to second inode
60 */
61static void swap_inode_data(struct inode *inode1, struct inode *inode2)
62{
63 loff_t isize;
64 struct ext4_inode_info *ei1;
65 struct ext4_inode_info *ei2;
66
67 ei1 = EXT4_I(inode1);
68 ei2 = EXT4_I(inode2);
69
70 swap(inode1->i_flags, inode2->i_flags);
71 swap(inode1->i_version, inode2->i_version);
72 swap(inode1->i_blocks, inode2->i_blocks);
73 swap(inode1->i_bytes, inode2->i_bytes);
74 swap(inode1->i_atime, inode2->i_atime);
75 swap(inode1->i_mtime, inode2->i_mtime);
76
77 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
78 swap(ei1->i_flags, ei2->i_flags);
79 swap(ei1->i_disksize, ei2->i_disksize);
80 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
81 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
82
83 isize = i_size_read(inode1);
84 i_size_write(inode1, i_size_read(inode2));
85 i_size_write(inode2, isize);
86}
87
88/**
89 * Swap the information from the given @inode and the inode
90 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
91 * important fields of the inodes.
92 *
93 * @sb: the super block of the filesystem
94 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
95 *
96 */
97static long swap_inode_boot_loader(struct super_block *sb,
98 struct inode *inode)
99{
100 handle_t *handle;
101 int err;
102 struct inode *inode_bl;
103 struct ext4_inode_info *ei_bl;
104
105 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode))
106 return -EINVAL;
107
108 if (!inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN))
109 return -EPERM;
110
111 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO);
112 if (IS_ERR(inode_bl))
113 return PTR_ERR(inode_bl);
114 ei_bl = EXT4_I(inode_bl);
115
116 filemap_flush(inode->i_mapping);
117 filemap_flush(inode_bl->i_mapping);
118
119 /* Protect orig inodes against a truncate and make sure,
120 * that only 1 swap_inode_boot_loader is running. */
121 lock_two_nondirectories(inode, inode_bl);
122
123 truncate_inode_pages(&inode->i_data, 0);
124 truncate_inode_pages(&inode_bl->i_data, 0);
125
126 /* Wait for all existing dio workers */
127 inode_dio_wait(inode);
128 inode_dio_wait(inode_bl);
129
130 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
131 if (IS_ERR(handle)) {
132 err = -EINVAL;
133 goto journal_err_out;
134 }
135
136 /* Protect extent tree against block allocations via delalloc */
137 ext4_double_down_write_data_sem(inode, inode_bl);
138
139 if (inode_bl->i_nlink == 0) {
140 /* this inode has never been used as a BOOT_LOADER */
141 set_nlink(inode_bl, 1);
142 i_uid_write(inode_bl, 0);
143 i_gid_write(inode_bl, 0);
144 inode_bl->i_flags = 0;
145 ei_bl->i_flags = 0;
146 inode_set_iversion(inode_bl, 1);
147 i_size_write(inode_bl, 0);
148 inode_bl->i_mode = S_IFREG;
149 if (ext4_has_feature_extents(sb)) {
150 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
151 ext4_ext_tree_init(handle, inode_bl);
152 } else
153 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
154 }
155
156 swap_inode_data(inode, inode_bl);
157
158 inode->i_ctime = inode_bl->i_ctime = current_time(inode);
159
160 inode->i_generation = prandom_u32();
161 inode_bl->i_generation = prandom_u32();
162
163 ext4_discard_preallocations(inode);
164
165 err = ext4_mark_inode_dirty(handle, inode);
166 if (err < 0) {
167 ext4_warning(inode->i_sb,
168 "couldn't mark inode #%lu dirty (err %d)",
169 inode->i_ino, err);
170 /* Revert all changes: */
171 swap_inode_data(inode, inode_bl);
172 } else {
173 err = ext4_mark_inode_dirty(handle, inode_bl);
174 if (err < 0) {
175 ext4_warning(inode_bl->i_sb,
176 "couldn't mark inode #%lu dirty (err %d)",
177 inode_bl->i_ino, err);
178 /* Revert all changes: */
179 swap_inode_data(inode, inode_bl);
180 ext4_mark_inode_dirty(handle, inode);
181 }
182 }
183 ext4_journal_stop(handle);
184 ext4_double_up_write_data_sem(inode, inode_bl);
185
186journal_err_out:
187 unlock_two_nondirectories(inode, inode_bl);
188 iput(inode_bl);
189 return err;
190}
191
192#ifdef CONFIG_EXT4_FS_ENCRYPTION
193static int uuid_is_zero(__u8 u[16])
194{
195 int i;
196
197 for (i = 0; i < 16; i++)
198 if (u[i])
199 return 0;
200 return 1;
201}
202#endif
203
204static int ext4_ioctl_setflags(struct inode *inode,
205 unsigned int flags)
206{
207 struct ext4_inode_info *ei = EXT4_I(inode);
208 handle_t *handle = NULL;
209 int err = -EPERM, migrate = 0;
210 struct ext4_iloc iloc;
211 unsigned int oldflags, mask, i;
212 unsigned int jflag;
213
214 /* Is it quota file? Do not allow user to mess with it */
215 if (ext4_is_quota_file(inode))
216 goto flags_out;
217
218 oldflags = ei->i_flags;
219
220 /* The JOURNAL_DATA flag is modifiable only by root */
221 jflag = flags & EXT4_JOURNAL_DATA_FL;
222
223 /*
224 * The IMMUTABLE and APPEND_ONLY flags can only be changed by
225 * the relevant capability.
226 *
227 * This test looks nicer. Thanks to Pauline Middelink
228 */
229 if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
230 if (!capable(CAP_LINUX_IMMUTABLE))
231 goto flags_out;
232 }
233
234 /*
235 * The JOURNAL_DATA flag can only be changed by
236 * the relevant capability.
237 */
238 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
239 if (!capable(CAP_SYS_RESOURCE))
240 goto flags_out;
241 }
242 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
243 migrate = 1;
244
245 if (flags & EXT4_EOFBLOCKS_FL) {
246 /* we don't support adding EOFBLOCKS flag */
247 if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
248 err = -EOPNOTSUPP;
249 goto flags_out;
250 }
251 } else if (oldflags & EXT4_EOFBLOCKS_FL) {
252 err = ext4_truncate(inode);
253 if (err)
254 goto flags_out;
255 }
256
257 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
258 if (IS_ERR(handle)) {
259 err = PTR_ERR(handle);
260 goto flags_out;
261 }
262 if (IS_SYNC(inode))
263 ext4_handle_sync(handle);
264 err = ext4_reserve_inode_write(handle, inode, &iloc);
265 if (err)
266 goto flags_err;
267
268 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
269 if (!(mask & EXT4_FL_USER_MODIFIABLE))
270 continue;
271 /* These flags get special treatment later */
272 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
273 continue;
274 if (mask & flags)
275 ext4_set_inode_flag(inode, i);
276 else
277 ext4_clear_inode_flag(inode, i);
278 }
279
280 ext4_set_inode_flags(inode);
281 inode->i_ctime = current_time(inode);
282
283 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
284flags_err:
285 ext4_journal_stop(handle);
286 if (err)
287 goto flags_out;
288
289 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
290 /*
291 * Changes to the journaling mode can cause unsafe changes to
292 * S_DAX if we are using the DAX mount option.
293 */
294 if (test_opt(inode->i_sb, DAX)) {
295 err = -EBUSY;
296 goto flags_out;
297 }
298
299 err = ext4_change_inode_journal_flag(inode, jflag);
300 if (err)
301 goto flags_out;
302 }
303 if (migrate) {
304 if (flags & EXT4_EXTENTS_FL)
305 err = ext4_ext_migrate(inode);
306 else
307 err = ext4_ind_migrate(inode);
308 }
309
310flags_out:
311 return err;
312}
313
314#ifdef CONFIG_QUOTA
315static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
316{
317 struct inode *inode = file_inode(filp);
318 struct super_block *sb = inode->i_sb;
319 struct ext4_inode_info *ei = EXT4_I(inode);
320 int err, rc;
321 handle_t *handle;
322 kprojid_t kprojid;
323 struct ext4_iloc iloc;
324 struct ext4_inode *raw_inode;
325 struct dquot *transfer_to[MAXQUOTAS] = { };
326
327 if (!ext4_has_feature_project(sb)) {
328 if (projid != EXT4_DEF_PROJID)
329 return -EOPNOTSUPP;
330 else
331 return 0;
332 }
333
334 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
335 return -EOPNOTSUPP;
336
337 kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
338
339 if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
340 return 0;
341
342 err = mnt_want_write_file(filp);
343 if (err)
344 return err;
345
346 err = -EPERM;
347 inode_lock(inode);
348 /* Is it quota file? Do not allow user to mess with it */
349 if (ext4_is_quota_file(inode))
350 goto out_unlock;
351
352 err = ext4_get_inode_loc(inode, &iloc);
353 if (err)
354 goto out_unlock;
355
356 raw_inode = ext4_raw_inode(&iloc);
357 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
358 err = ext4_expand_extra_isize(inode,
359 EXT4_SB(sb)->s_want_extra_isize,
360 &iloc);
361 if (err)
362 goto out_unlock;
363 } else {
364 brelse(iloc.bh);
365 }
366
367 dquot_initialize(inode);
368
369 handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
370 EXT4_QUOTA_INIT_BLOCKS(sb) +
371 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
372 if (IS_ERR(handle)) {
373 err = PTR_ERR(handle);
374 goto out_unlock;
375 }
376
377 err = ext4_reserve_inode_write(handle, inode, &iloc);
378 if (err)
379 goto out_stop;
380
381 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
382 if (!IS_ERR(transfer_to[PRJQUOTA])) {
383
384 /* __dquot_transfer() calls back ext4_get_inode_usage() which
385 * counts xattr inode references.
386 */
387 down_read(&EXT4_I(inode)->xattr_sem);
388 err = __dquot_transfer(inode, transfer_to);
389 up_read(&EXT4_I(inode)->xattr_sem);
390 dqput(transfer_to[PRJQUOTA]);
391 if (err)
392 goto out_dirty;
393 }
394
395 EXT4_I(inode)->i_projid = kprojid;
396 inode->i_ctime = current_time(inode);
397out_dirty:
398 rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
399 if (!err)
400 err = rc;
401out_stop:
402 ext4_journal_stop(handle);
403out_unlock:
404 inode_unlock(inode);
405 mnt_drop_write_file(filp);
406 return err;
407}
408#else
409static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
410{
411 if (projid != EXT4_DEF_PROJID)
412 return -EOPNOTSUPP;
413 return 0;
414}
415#endif
416
417/* Transfer internal flags to xflags */
418static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
419{
420 __u32 xflags = 0;
421
422 if (iflags & EXT4_SYNC_FL)
423 xflags |= FS_XFLAG_SYNC;
424 if (iflags & EXT4_IMMUTABLE_FL)
425 xflags |= FS_XFLAG_IMMUTABLE;
426 if (iflags & EXT4_APPEND_FL)
427 xflags |= FS_XFLAG_APPEND;
428 if (iflags & EXT4_NODUMP_FL)
429 xflags |= FS_XFLAG_NODUMP;
430 if (iflags & EXT4_NOATIME_FL)
431 xflags |= FS_XFLAG_NOATIME;
432 if (iflags & EXT4_PROJINHERIT_FL)
433 xflags |= FS_XFLAG_PROJINHERIT;
434 return xflags;
435}
436
437#define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
438 FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
439 FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT)
440
441/* Transfer xflags flags to internal */
442static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
443{
444 unsigned long iflags = 0;
445
446 if (xflags & FS_XFLAG_SYNC)
447 iflags |= EXT4_SYNC_FL;
448 if (xflags & FS_XFLAG_IMMUTABLE)
449 iflags |= EXT4_IMMUTABLE_FL;
450 if (xflags & FS_XFLAG_APPEND)
451 iflags |= EXT4_APPEND_FL;
452 if (xflags & FS_XFLAG_NODUMP)
453 iflags |= EXT4_NODUMP_FL;
454 if (xflags & FS_XFLAG_NOATIME)
455 iflags |= EXT4_NOATIME_FL;
456 if (xflags & FS_XFLAG_PROJINHERIT)
457 iflags |= EXT4_PROJINHERIT_FL;
458
459 return iflags;
460}
461
462static int ext4_shutdown(struct super_block *sb, unsigned long arg)
463{
464 struct ext4_sb_info *sbi = EXT4_SB(sb);
465 __u32 flags;
466
467 if (!capable(CAP_SYS_ADMIN))
468 return -EPERM;
469
470 if (get_user(flags, (__u32 __user *)arg))
471 return -EFAULT;
472
473 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
474 return -EINVAL;
475
476 if (ext4_forced_shutdown(sbi))
477 return 0;
478
479 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
480 trace_ext4_shutdown(sb, flags);
481
482 switch (flags) {
483 case EXT4_GOING_FLAGS_DEFAULT:
484 freeze_bdev(sb->s_bdev);
485 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
486 thaw_bdev(sb->s_bdev, sb);
487 break;
488 case EXT4_GOING_FLAGS_LOGFLUSH:
489 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
490 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
491 (void) ext4_force_commit(sb);
492 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
493 }
494 break;
495 case EXT4_GOING_FLAGS_NOLOGFLUSH:
496 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
497 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
498 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
499 break;
500 default:
501 return -EINVAL;
502 }
503 clear_opt(sb, DISCARD);
504 return 0;
505}
506
507struct getfsmap_info {
508 struct super_block *gi_sb;
509 struct fsmap_head __user *gi_data;
510 unsigned int gi_idx;
511 __u32 gi_last_flags;
512};
513
514static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
515{
516 struct getfsmap_info *info = priv;
517 struct fsmap fm;
518
519 trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
520
521 info->gi_last_flags = xfm->fmr_flags;
522 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
523 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
524 sizeof(struct fsmap)))
525 return -EFAULT;
526
527 return 0;
528}
529
530static int ext4_ioc_getfsmap(struct super_block *sb,
531 struct fsmap_head __user *arg)
532{
533 struct getfsmap_info info = {0};
534 struct ext4_fsmap_head xhead = {0};
535 struct fsmap_head head;
536 bool aborted = false;
537 int error;
538
539 if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
540 return -EFAULT;
541 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
542 memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
543 sizeof(head.fmh_keys[0].fmr_reserved)) ||
544 memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
545 sizeof(head.fmh_keys[1].fmr_reserved)))
546 return -EINVAL;
547 /*
548 * ext4 doesn't report file extents at all, so the only valid
549 * file offsets are the magic ones (all zeroes or all ones).
550 */
551 if (head.fmh_keys[0].fmr_offset ||
552 (head.fmh_keys[1].fmr_offset != 0 &&
553 head.fmh_keys[1].fmr_offset != -1ULL))
554 return -EINVAL;
555
556 xhead.fmh_iflags = head.fmh_iflags;
557 xhead.fmh_count = head.fmh_count;
558 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
559 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
560
561 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
562 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
563
564 info.gi_sb = sb;
565 info.gi_data = arg;
566 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
567 if (error == EXT4_QUERY_RANGE_ABORT) {
568 error = 0;
569 aborted = true;
570 } else if (error)
571 return error;
572
573 /* If we didn't abort, set the "last" flag in the last fmx */
574 if (!aborted && info.gi_idx) {
575 info.gi_last_flags |= FMR_OF_LAST;
576 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
577 &info.gi_last_flags,
578 sizeof(info.gi_last_flags)))
579 return -EFAULT;
580 }
581
582 /* copy back header */
583 head.fmh_entries = xhead.fmh_entries;
584 head.fmh_oflags = xhead.fmh_oflags;
585 if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
586 return -EFAULT;
587
588 return 0;
589}
590
591static long ext4_ioctl_group_add(struct file *file,
592 struct ext4_new_group_data *input)
593{
594 struct super_block *sb = file_inode(file)->i_sb;
595 int err, err2=0;
596
597 err = ext4_resize_begin(sb);
598 if (err)
599 return err;
600
601 if (ext4_has_feature_bigalloc(sb)) {
602 ext4_msg(sb, KERN_ERR,
603 "Online resizing not supported with bigalloc");
604 err = -EOPNOTSUPP;
605 goto group_add_out;
606 }
607
608 err = mnt_want_write_file(file);
609 if (err)
610 goto group_add_out;
611
612 err = ext4_group_add(sb, input);
613 if (EXT4_SB(sb)->s_journal) {
614 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
615 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
616 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
617 }
618 if (err == 0)
619 err = err2;
620 mnt_drop_write_file(file);
621 if (!err && ext4_has_group_desc_csum(sb) &&
622 test_opt(sb, INIT_INODE_TABLE))
623 err = ext4_register_li_request(sb, input->group);
624group_add_out:
625 ext4_resize_end(sb);
626 return err;
627}
628
629long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
630{
631 struct inode *inode = file_inode(filp);
632 struct super_block *sb = inode->i_sb;
633 struct ext4_inode_info *ei = EXT4_I(inode);
634 unsigned int flags;
635
636 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
637
638 switch (cmd) {
639 case FS_IOC_GETFSMAP:
640 return ext4_ioc_getfsmap(sb, (void __user *)arg);
641 case EXT4_IOC_GETFLAGS:
642 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
643 return put_user(flags, (int __user *) arg);
644 case EXT4_IOC_SETFLAGS: {
645 int err;
646
647 if (!inode_owner_or_capable(inode))
648 return -EACCES;
649
650 if (get_user(flags, (int __user *) arg))
651 return -EFAULT;
652
653 if (flags & ~EXT4_FL_USER_VISIBLE)
654 return -EOPNOTSUPP;
655 /*
656 * chattr(1) grabs flags via GETFLAGS, modifies the result and
657 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
658 * more restrictive than just silently masking off visible but
659 * not settable flags as we always did.
660 */
661 flags &= EXT4_FL_USER_MODIFIABLE;
662 if (ext4_mask_flags(inode->i_mode, flags) != flags)
663 return -EOPNOTSUPP;
664
665 err = mnt_want_write_file(filp);
666 if (err)
667 return err;
668
669 inode_lock(inode);
670 err = ext4_ioctl_setflags(inode, flags);
671 inode_unlock(inode);
672 mnt_drop_write_file(filp);
673 return err;
674 }
675 case EXT4_IOC_GETVERSION:
676 case EXT4_IOC_GETVERSION_OLD:
677 return put_user(inode->i_generation, (int __user *) arg);
678 case EXT4_IOC_SETVERSION:
679 case EXT4_IOC_SETVERSION_OLD: {
680 handle_t *handle;
681 struct ext4_iloc iloc;
682 __u32 generation;
683 int err;
684
685 if (!inode_owner_or_capable(inode))
686 return -EPERM;
687
688 if (ext4_has_metadata_csum(inode->i_sb)) {
689 ext4_warning(sb, "Setting inode version is not "
690 "supported with metadata_csum enabled.");
691 return -ENOTTY;
692 }
693
694 err = mnt_want_write_file(filp);
695 if (err)
696 return err;
697 if (get_user(generation, (int __user *) arg)) {
698 err = -EFAULT;
699 goto setversion_out;
700 }
701
702 inode_lock(inode);
703 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
704 if (IS_ERR(handle)) {
705 err = PTR_ERR(handle);
706 goto unlock_out;
707 }
708 err = ext4_reserve_inode_write(handle, inode, &iloc);
709 if (err == 0) {
710 inode->i_ctime = current_time(inode);
711 inode->i_generation = generation;
712 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
713 }
714 ext4_journal_stop(handle);
715
716unlock_out:
717 inode_unlock(inode);
718setversion_out:
719 mnt_drop_write_file(filp);
720 return err;
721 }
722 case EXT4_IOC_GROUP_EXTEND: {
723 ext4_fsblk_t n_blocks_count;
724 int err, err2=0;
725
726 err = ext4_resize_begin(sb);
727 if (err)
728 return err;
729
730 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
731 err = -EFAULT;
732 goto group_extend_out;
733 }
734
735 if (ext4_has_feature_bigalloc(sb)) {
736 ext4_msg(sb, KERN_ERR,
737 "Online resizing not supported with bigalloc");
738 err = -EOPNOTSUPP;
739 goto group_extend_out;
740 }
741
742 err = mnt_want_write_file(filp);
743 if (err)
744 goto group_extend_out;
745
746 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
747 if (EXT4_SB(sb)->s_journal) {
748 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
749 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
750 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
751 }
752 if (err == 0)
753 err = err2;
754 mnt_drop_write_file(filp);
755group_extend_out:
756 ext4_resize_end(sb);
757 return err;
758 }
759
760 case EXT4_IOC_MOVE_EXT: {
761 struct move_extent me;
762 struct fd donor;
763 int err;
764
765 if (!(filp->f_mode & FMODE_READ) ||
766 !(filp->f_mode & FMODE_WRITE))
767 return -EBADF;
768
769 if (copy_from_user(&me,
770 (struct move_extent __user *)arg, sizeof(me)))
771 return -EFAULT;
772 me.moved_len = 0;
773
774 donor = fdget(me.donor_fd);
775 if (!donor.file)
776 return -EBADF;
777
778 if (!(donor.file->f_mode & FMODE_WRITE)) {
779 err = -EBADF;
780 goto mext_out;
781 }
782
783 if (ext4_has_feature_bigalloc(sb)) {
784 ext4_msg(sb, KERN_ERR,
785 "Online defrag not supported with bigalloc");
786 err = -EOPNOTSUPP;
787 goto mext_out;
788 } else if (IS_DAX(inode)) {
789 ext4_msg(sb, KERN_ERR,
790 "Online defrag not supported with DAX");
791 err = -EOPNOTSUPP;
792 goto mext_out;
793 }
794
795 err = mnt_want_write_file(filp);
796 if (err)
797 goto mext_out;
798
799 err = ext4_move_extents(filp, donor.file, me.orig_start,
800 me.donor_start, me.len, &me.moved_len);
801 mnt_drop_write_file(filp);
802
803 if (copy_to_user((struct move_extent __user *)arg,
804 &me, sizeof(me)))
805 err = -EFAULT;
806mext_out:
807 fdput(donor);
808 return err;
809 }
810
811 case EXT4_IOC_GROUP_ADD: {
812 struct ext4_new_group_data input;
813
814 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
815 sizeof(input)))
816 return -EFAULT;
817
818 return ext4_ioctl_group_add(filp, &input);
819 }
820
821 case EXT4_IOC_MIGRATE:
822 {
823 int err;
824 if (!inode_owner_or_capable(inode))
825 return -EACCES;
826
827 err = mnt_want_write_file(filp);
828 if (err)
829 return err;
830 /*
831 * inode_mutex prevent write and truncate on the file.
832 * Read still goes through. We take i_data_sem in
833 * ext4_ext_swap_inode_data before we switch the
834 * inode format to prevent read.
835 */
836 inode_lock((inode));
837 err = ext4_ext_migrate(inode);
838 inode_unlock((inode));
839 mnt_drop_write_file(filp);
840 return err;
841 }
842
843 case EXT4_IOC_ALLOC_DA_BLKS:
844 {
845 int err;
846 if (!inode_owner_or_capable(inode))
847 return -EACCES;
848
849 err = mnt_want_write_file(filp);
850 if (err)
851 return err;
852 err = ext4_alloc_da_blocks(inode);
853 mnt_drop_write_file(filp);
854 return err;
855 }
856
857 case EXT4_IOC_SWAP_BOOT:
858 {
859 int err;
860 if (!(filp->f_mode & FMODE_WRITE))
861 return -EBADF;
862 err = mnt_want_write_file(filp);
863 if (err)
864 return err;
865 err = swap_inode_boot_loader(sb, inode);
866 mnt_drop_write_file(filp);
867 return err;
868 }
869
870 case EXT4_IOC_RESIZE_FS: {
871 ext4_fsblk_t n_blocks_count;
872 int err = 0, err2 = 0;
873 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
874
875 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
876 sizeof(__u64))) {
877 return -EFAULT;
878 }
879
880 err = ext4_resize_begin(sb);
881 if (err)
882 return err;
883
884 err = mnt_want_write_file(filp);
885 if (err)
886 goto resizefs_out;
887
888 err = ext4_resize_fs(sb, n_blocks_count);
889 if (EXT4_SB(sb)->s_journal) {
890 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
891 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
892 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
893 }
894 if (err == 0)
895 err = err2;
896 mnt_drop_write_file(filp);
897 if (!err && (o_group > EXT4_SB(sb)->s_groups_count) &&
898 ext4_has_group_desc_csum(sb) &&
899 test_opt(sb, INIT_INODE_TABLE))
900 err = ext4_register_li_request(sb, o_group);
901
902resizefs_out:
903 ext4_resize_end(sb);
904 return err;
905 }
906
907 case FITRIM:
908 {
909 struct request_queue *q = bdev_get_queue(sb->s_bdev);
910 struct fstrim_range range;
911 int ret = 0;
912
913 if (!capable(CAP_SYS_ADMIN))
914 return -EPERM;
915
916 if (!blk_queue_discard(q))
917 return -EOPNOTSUPP;
918
919 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
920 sizeof(range)))
921 return -EFAULT;
922
923 range.minlen = max((unsigned int)range.minlen,
924 q->limits.discard_granularity);
925 ret = ext4_trim_fs(sb, &range);
926 if (ret < 0)
927 return ret;
928
929 if (copy_to_user((struct fstrim_range __user *)arg, &range,
930 sizeof(range)))
931 return -EFAULT;
932
933 return 0;
934 }
935 case EXT4_IOC_PRECACHE_EXTENTS:
936 return ext4_ext_precache(inode);
937
938 case EXT4_IOC_SET_ENCRYPTION_POLICY:
939 if (!ext4_has_feature_encrypt(sb))
940 return -EOPNOTSUPP;
941 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
942
943 case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
944#ifdef CONFIG_EXT4_FS_ENCRYPTION
945 int err, err2;
946 struct ext4_sb_info *sbi = EXT4_SB(sb);
947 handle_t *handle;
948
949 if (!ext4_has_feature_encrypt(sb))
950 return -EOPNOTSUPP;
951 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
952 err = mnt_want_write_file(filp);
953 if (err)
954 return err;
955 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
956 if (IS_ERR(handle)) {
957 err = PTR_ERR(handle);
958 goto pwsalt_err_exit;
959 }
960 err = ext4_journal_get_write_access(handle, sbi->s_sbh);
961 if (err)
962 goto pwsalt_err_journal;
963 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
964 err = ext4_handle_dirty_metadata(handle, NULL,
965 sbi->s_sbh);
966 pwsalt_err_journal:
967 err2 = ext4_journal_stop(handle);
968 if (err2 && !err)
969 err = err2;
970 pwsalt_err_exit:
971 mnt_drop_write_file(filp);
972 if (err)
973 return err;
974 }
975 if (copy_to_user((void __user *) arg,
976 sbi->s_es->s_encrypt_pw_salt, 16))
977 return -EFAULT;
978 return 0;
979#else
980 return -EOPNOTSUPP;
981#endif
982 }
983 case EXT4_IOC_GET_ENCRYPTION_POLICY:
984 return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
985
986 case EXT4_IOC_FSGETXATTR:
987 {
988 struct fsxattr fa;
989
990 memset(&fa, 0, sizeof(struct fsxattr));
991 fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE);
992
993 if (ext4_has_feature_project(inode->i_sb)) {
994 fa.fsx_projid = (__u32)from_kprojid(&init_user_ns,
995 EXT4_I(inode)->i_projid);
996 }
997
998 if (copy_to_user((struct fsxattr __user *)arg,
999 &fa, sizeof(fa)))
1000 return -EFAULT;
1001 return 0;
1002 }
1003 case EXT4_IOC_FSSETXATTR:
1004 {
1005 struct fsxattr fa;
1006 int err;
1007
1008 if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1009 sizeof(fa)))
1010 return -EFAULT;
1011
1012 /* Make sure caller has proper permission */
1013 if (!inode_owner_or_capable(inode))
1014 return -EACCES;
1015
1016 if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1017 return -EOPNOTSUPP;
1018
1019 flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1020 if (ext4_mask_flags(inode->i_mode, flags) != flags)
1021 return -EOPNOTSUPP;
1022
1023 err = mnt_want_write_file(filp);
1024 if (err)
1025 return err;
1026
1027 inode_lock(inode);
1028 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1029 (flags & EXT4_FL_XFLAG_VISIBLE);
1030 err = ext4_ioctl_setflags(inode, flags);
1031 inode_unlock(inode);
1032 mnt_drop_write_file(filp);
1033 if (err)
1034 return err;
1035
1036 err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1037 if (err)
1038 return err;
1039
1040 return 0;
1041 }
1042 case EXT4_IOC_SHUTDOWN:
1043 return ext4_shutdown(sb, arg);
1044 default:
1045 return -ENOTTY;
1046 }
1047}
1048
1049#ifdef CONFIG_COMPAT
1050long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1051{
1052 /* These are just misnamed, they actually get/put from/to user an int */
1053 switch (cmd) {
1054 case EXT4_IOC32_GETFLAGS:
1055 cmd = EXT4_IOC_GETFLAGS;
1056 break;
1057 case EXT4_IOC32_SETFLAGS:
1058 cmd = EXT4_IOC_SETFLAGS;
1059 break;
1060 case EXT4_IOC32_GETVERSION:
1061 cmd = EXT4_IOC_GETVERSION;
1062 break;
1063 case EXT4_IOC32_SETVERSION:
1064 cmd = EXT4_IOC_SETVERSION;
1065 break;
1066 case EXT4_IOC32_GROUP_EXTEND:
1067 cmd = EXT4_IOC_GROUP_EXTEND;
1068 break;
1069 case EXT4_IOC32_GETVERSION_OLD:
1070 cmd = EXT4_IOC_GETVERSION_OLD;
1071 break;
1072 case EXT4_IOC32_SETVERSION_OLD:
1073 cmd = EXT4_IOC_SETVERSION_OLD;
1074 break;
1075 case EXT4_IOC32_GETRSVSZ:
1076 cmd = EXT4_IOC_GETRSVSZ;
1077 break;
1078 case EXT4_IOC32_SETRSVSZ:
1079 cmd = EXT4_IOC_SETRSVSZ;
1080 break;
1081 case EXT4_IOC32_GROUP_ADD: {
1082 struct compat_ext4_new_group_input __user *uinput;
1083 struct ext4_new_group_data input;
1084 int err;
1085
1086 uinput = compat_ptr(arg);
1087 err = get_user(input.group, &uinput->group);
1088 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1089 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1090 err |= get_user(input.inode_table, &uinput->inode_table);
1091 err |= get_user(input.blocks_count, &uinput->blocks_count);
1092 err |= get_user(input.reserved_blocks,
1093 &uinput->reserved_blocks);
1094 if (err)
1095 return -EFAULT;
1096 return ext4_ioctl_group_add(file, &input);
1097 }
1098 case EXT4_IOC_MOVE_EXT:
1099 case EXT4_IOC_RESIZE_FS:
1100 case EXT4_IOC_PRECACHE_EXTENTS:
1101 case EXT4_IOC_SET_ENCRYPTION_POLICY:
1102 case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1103 case EXT4_IOC_GET_ENCRYPTION_POLICY:
1104 case EXT4_IOC_SHUTDOWN:
1105 case FS_IOC_GETFSMAP:
1106 break;
1107 default:
1108 return -ENOIOCTLCMD;
1109 }
1110 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1111}
1112#endif
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * linux/fs/ext4/ioctl.c
4 *
5 * Copyright (C) 1993, 1994, 1995
6 * Remy Card (card@masi.ibp.fr)
7 * Laboratoire MASI - Institut Blaise Pascal
8 * Universite Pierre et Marie Curie (Paris VI)
9 */
10
11#include <linux/fs.h>
12#include <linux/capability.h>
13#include <linux/time.h>
14#include <linux/compat.h>
15#include <linux/mount.h>
16#include <linux/file.h>
17#include <linux/quotaops.h>
18#include <linux/random.h>
19#include <linux/uuid.h>
20#include <linux/uaccess.h>
21#include <linux/delay.h>
22#include <linux/iversion.h>
23#include "ext4_jbd2.h"
24#include "ext4.h"
25#include <linux/fsmap.h>
26#include "fsmap.h"
27#include <trace/events/ext4.h>
28
29/**
30 * Swap memory between @a and @b for @len bytes.
31 *
32 * @a: pointer to first memory area
33 * @b: pointer to second memory area
34 * @len: number of bytes to swap
35 *
36 */
37static void memswap(void *a, void *b, size_t len)
38{
39 unsigned char *ap, *bp;
40
41 ap = (unsigned char *)a;
42 bp = (unsigned char *)b;
43 while (len-- > 0) {
44 swap(*ap, *bp);
45 ap++;
46 bp++;
47 }
48}
49
50/**
51 * Swap i_data and associated attributes between @inode1 and @inode2.
52 * This function is used for the primary swap between inode1 and inode2
53 * and also to revert this primary swap in case of errors.
54 *
55 * Therefore you have to make sure, that calling this method twice
56 * will revert all changes.
57 *
58 * @inode1: pointer to first inode
59 * @inode2: pointer to second inode
60 */
61static void swap_inode_data(struct inode *inode1, struct inode *inode2)
62{
63 loff_t isize;
64 struct ext4_inode_info *ei1;
65 struct ext4_inode_info *ei2;
66 unsigned long tmp;
67
68 ei1 = EXT4_I(inode1);
69 ei2 = EXT4_I(inode2);
70
71 swap(inode1->i_version, inode2->i_version);
72 swap(inode1->i_atime, inode2->i_atime);
73 swap(inode1->i_mtime, inode2->i_mtime);
74
75 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
76 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
77 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
78 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
79 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
80 swap(ei1->i_disksize, ei2->i_disksize);
81 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
82 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
83
84 isize = i_size_read(inode1);
85 i_size_write(inode1, i_size_read(inode2));
86 i_size_write(inode2, isize);
87}
88
89static void reset_inode_seed(struct inode *inode)
90{
91 struct ext4_inode_info *ei = EXT4_I(inode);
92 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
93 __le32 inum = cpu_to_le32(inode->i_ino);
94 __le32 gen = cpu_to_le32(inode->i_generation);
95 __u32 csum;
96
97 if (!ext4_has_metadata_csum(inode->i_sb))
98 return;
99
100 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
101 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
102}
103
104/**
105 * Swap the information from the given @inode and the inode
106 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
107 * important fields of the inodes.
108 *
109 * @sb: the super block of the filesystem
110 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
111 *
112 */
113static long swap_inode_boot_loader(struct super_block *sb,
114 struct inode *inode)
115{
116 handle_t *handle;
117 int err;
118 struct inode *inode_bl;
119 struct ext4_inode_info *ei_bl;
120 qsize_t size, size_bl, diff;
121 blkcnt_t blocks;
122 unsigned short bytes;
123
124 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL);
125 if (IS_ERR(inode_bl))
126 return PTR_ERR(inode_bl);
127 ei_bl = EXT4_I(inode_bl);
128
129 /* Protect orig inodes against a truncate and make sure,
130 * that only 1 swap_inode_boot_loader is running. */
131 lock_two_nondirectories(inode, inode_bl);
132
133 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
134 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
135 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
136 ext4_has_inline_data(inode)) {
137 err = -EINVAL;
138 goto journal_err_out;
139 }
140
141 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
142 !inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) {
143 err = -EPERM;
144 goto journal_err_out;
145 }
146
147 down_write(&EXT4_I(inode)->i_mmap_sem);
148 err = filemap_write_and_wait(inode->i_mapping);
149 if (err)
150 goto err_out;
151
152 err = filemap_write_and_wait(inode_bl->i_mapping);
153 if (err)
154 goto err_out;
155
156 /* Wait for all existing dio workers */
157 inode_dio_wait(inode);
158 inode_dio_wait(inode_bl);
159
160 truncate_inode_pages(&inode->i_data, 0);
161 truncate_inode_pages(&inode_bl->i_data, 0);
162
163 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
164 if (IS_ERR(handle)) {
165 err = -EINVAL;
166 goto err_out;
167 }
168
169 /* Protect extent tree against block allocations via delalloc */
170 ext4_double_down_write_data_sem(inode, inode_bl);
171
172 if (inode_bl->i_nlink == 0) {
173 /* this inode has never been used as a BOOT_LOADER */
174 set_nlink(inode_bl, 1);
175 i_uid_write(inode_bl, 0);
176 i_gid_write(inode_bl, 0);
177 inode_bl->i_flags = 0;
178 ei_bl->i_flags = 0;
179 inode_set_iversion(inode_bl, 1);
180 i_size_write(inode_bl, 0);
181 inode_bl->i_mode = S_IFREG;
182 if (ext4_has_feature_extents(sb)) {
183 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
184 ext4_ext_tree_init(handle, inode_bl);
185 } else
186 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
187 }
188
189 err = dquot_initialize(inode);
190 if (err)
191 goto err_out1;
192
193 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
194 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
195 diff = size - size_bl;
196 swap_inode_data(inode, inode_bl);
197
198 inode->i_ctime = inode_bl->i_ctime = current_time(inode);
199
200 inode->i_generation = prandom_u32();
201 inode_bl->i_generation = prandom_u32();
202 reset_inode_seed(inode);
203 reset_inode_seed(inode_bl);
204
205 ext4_discard_preallocations(inode);
206
207 err = ext4_mark_inode_dirty(handle, inode);
208 if (err < 0) {
209 /* No need to update quota information. */
210 ext4_warning(inode->i_sb,
211 "couldn't mark inode #%lu dirty (err %d)",
212 inode->i_ino, err);
213 /* Revert all changes: */
214 swap_inode_data(inode, inode_bl);
215 ext4_mark_inode_dirty(handle, inode);
216 goto err_out1;
217 }
218
219 blocks = inode_bl->i_blocks;
220 bytes = inode_bl->i_bytes;
221 inode_bl->i_blocks = inode->i_blocks;
222 inode_bl->i_bytes = inode->i_bytes;
223 err = ext4_mark_inode_dirty(handle, inode_bl);
224 if (err < 0) {
225 /* No need to update quota information. */
226 ext4_warning(inode_bl->i_sb,
227 "couldn't mark inode #%lu dirty (err %d)",
228 inode_bl->i_ino, err);
229 goto revert;
230 }
231
232 /* Bootloader inode should not be counted into quota information. */
233 if (diff > 0)
234 dquot_free_space(inode, diff);
235 else
236 err = dquot_alloc_space(inode, -1 * diff);
237
238 if (err < 0) {
239revert:
240 /* Revert all changes: */
241 inode_bl->i_blocks = blocks;
242 inode_bl->i_bytes = bytes;
243 swap_inode_data(inode, inode_bl);
244 ext4_mark_inode_dirty(handle, inode);
245 ext4_mark_inode_dirty(handle, inode_bl);
246 }
247
248err_out1:
249 ext4_journal_stop(handle);
250 ext4_double_up_write_data_sem(inode, inode_bl);
251
252err_out:
253 up_write(&EXT4_I(inode)->i_mmap_sem);
254journal_err_out:
255 unlock_two_nondirectories(inode, inode_bl);
256 iput(inode_bl);
257 return err;
258}
259
260#ifdef CONFIG_FS_ENCRYPTION
261static int uuid_is_zero(__u8 u[16])
262{
263 int i;
264
265 for (i = 0; i < 16; i++)
266 if (u[i])
267 return 0;
268 return 1;
269}
270#endif
271
272/*
273 * If immutable is set and we are not clearing it, we're not allowed to change
274 * anything else in the inode. Don't error out if we're only trying to set
275 * immutable on an immutable file.
276 */
277static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
278 unsigned int flags)
279{
280 struct ext4_inode_info *ei = EXT4_I(inode);
281 unsigned int oldflags = ei->i_flags;
282
283 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
284 return 0;
285
286 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
287 return -EPERM;
288 if (ext4_has_feature_project(inode->i_sb) &&
289 __kprojid_val(ei->i_projid) != new_projid)
290 return -EPERM;
291
292 return 0;
293}
294
295static int ext4_ioctl_setflags(struct inode *inode,
296 unsigned int flags)
297{
298 struct ext4_inode_info *ei = EXT4_I(inode);
299 handle_t *handle = NULL;
300 int err = -EPERM, migrate = 0;
301 struct ext4_iloc iloc;
302 unsigned int oldflags, mask, i;
303 unsigned int jflag;
304 struct super_block *sb = inode->i_sb;
305
306 /* Is it quota file? Do not allow user to mess with it */
307 if (ext4_is_quota_file(inode))
308 goto flags_out;
309
310 oldflags = ei->i_flags;
311
312 /* The JOURNAL_DATA flag is modifiable only by root */
313 jflag = flags & EXT4_JOURNAL_DATA_FL;
314
315 err = vfs_ioc_setflags_prepare(inode, oldflags, flags);
316 if (err)
317 goto flags_out;
318
319 /*
320 * The JOURNAL_DATA flag can only be changed by
321 * the relevant capability.
322 */
323 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
324 if (!capable(CAP_SYS_RESOURCE))
325 goto flags_out;
326 }
327 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
328 migrate = 1;
329
330 if (flags & EXT4_EOFBLOCKS_FL) {
331 /* we don't support adding EOFBLOCKS flag */
332 if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
333 err = -EOPNOTSUPP;
334 goto flags_out;
335 }
336 } else if (oldflags & EXT4_EOFBLOCKS_FL) {
337 err = ext4_truncate(inode);
338 if (err)
339 goto flags_out;
340 }
341
342 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) {
343 if (!ext4_has_feature_casefold(sb)) {
344 err = -EOPNOTSUPP;
345 goto flags_out;
346 }
347
348 if (!S_ISDIR(inode->i_mode)) {
349 err = -ENOTDIR;
350 goto flags_out;
351 }
352
353 if (!ext4_empty_dir(inode)) {
354 err = -ENOTEMPTY;
355 goto flags_out;
356 }
357 }
358
359 /*
360 * Wait for all pending directio and then flush all the dirty pages
361 * for this file. The flush marks all the pages readonly, so any
362 * subsequent attempt to write to the file (particularly mmap pages)
363 * will come through the filesystem and fail.
364 */
365 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
366 (flags & EXT4_IMMUTABLE_FL)) {
367 inode_dio_wait(inode);
368 err = filemap_write_and_wait(inode->i_mapping);
369 if (err)
370 goto flags_out;
371 }
372
373 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
374 if (IS_ERR(handle)) {
375 err = PTR_ERR(handle);
376 goto flags_out;
377 }
378 if (IS_SYNC(inode))
379 ext4_handle_sync(handle);
380 err = ext4_reserve_inode_write(handle, inode, &iloc);
381 if (err)
382 goto flags_err;
383
384 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
385 if (!(mask & EXT4_FL_USER_MODIFIABLE))
386 continue;
387 /* These flags get special treatment later */
388 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
389 continue;
390 if (mask & flags)
391 ext4_set_inode_flag(inode, i);
392 else
393 ext4_clear_inode_flag(inode, i);
394 }
395
396 ext4_set_inode_flags(inode);
397 inode->i_ctime = current_time(inode);
398
399 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
400flags_err:
401 ext4_journal_stop(handle);
402 if (err)
403 goto flags_out;
404
405 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
406 /*
407 * Changes to the journaling mode can cause unsafe changes to
408 * S_DAX if we are using the DAX mount option.
409 */
410 if (test_opt(inode->i_sb, DAX)) {
411 err = -EBUSY;
412 goto flags_out;
413 }
414
415 err = ext4_change_inode_journal_flag(inode, jflag);
416 if (err)
417 goto flags_out;
418 }
419 if (migrate) {
420 if (flags & EXT4_EXTENTS_FL)
421 err = ext4_ext_migrate(inode);
422 else
423 err = ext4_ind_migrate(inode);
424 }
425
426flags_out:
427 return err;
428}
429
430#ifdef CONFIG_QUOTA
431static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
432{
433 struct inode *inode = file_inode(filp);
434 struct super_block *sb = inode->i_sb;
435 struct ext4_inode_info *ei = EXT4_I(inode);
436 int err, rc;
437 handle_t *handle;
438 kprojid_t kprojid;
439 struct ext4_iloc iloc;
440 struct ext4_inode *raw_inode;
441 struct dquot *transfer_to[MAXQUOTAS] = { };
442
443 if (!ext4_has_feature_project(sb)) {
444 if (projid != EXT4_DEF_PROJID)
445 return -EOPNOTSUPP;
446 else
447 return 0;
448 }
449
450 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
451 return -EOPNOTSUPP;
452
453 kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
454
455 if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
456 return 0;
457
458 err = -EPERM;
459 /* Is it quota file? Do not allow user to mess with it */
460 if (ext4_is_quota_file(inode))
461 return err;
462
463 err = ext4_get_inode_loc(inode, &iloc);
464 if (err)
465 return err;
466
467 raw_inode = ext4_raw_inode(&iloc);
468 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
469 err = ext4_expand_extra_isize(inode,
470 EXT4_SB(sb)->s_want_extra_isize,
471 &iloc);
472 if (err)
473 return err;
474 } else {
475 brelse(iloc.bh);
476 }
477
478 err = dquot_initialize(inode);
479 if (err)
480 return err;
481
482 handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
483 EXT4_QUOTA_INIT_BLOCKS(sb) +
484 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
485 if (IS_ERR(handle))
486 return PTR_ERR(handle);
487
488 err = ext4_reserve_inode_write(handle, inode, &iloc);
489 if (err)
490 goto out_stop;
491
492 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
493 if (!IS_ERR(transfer_to[PRJQUOTA])) {
494
495 /* __dquot_transfer() calls back ext4_get_inode_usage() which
496 * counts xattr inode references.
497 */
498 down_read(&EXT4_I(inode)->xattr_sem);
499 err = __dquot_transfer(inode, transfer_to);
500 up_read(&EXT4_I(inode)->xattr_sem);
501 dqput(transfer_to[PRJQUOTA]);
502 if (err)
503 goto out_dirty;
504 }
505
506 EXT4_I(inode)->i_projid = kprojid;
507 inode->i_ctime = current_time(inode);
508out_dirty:
509 rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
510 if (!err)
511 err = rc;
512out_stop:
513 ext4_journal_stop(handle);
514 return err;
515}
516#else
517static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
518{
519 if (projid != EXT4_DEF_PROJID)
520 return -EOPNOTSUPP;
521 return 0;
522}
523#endif
524
525/* Transfer internal flags to xflags */
526static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
527{
528 __u32 xflags = 0;
529
530 if (iflags & EXT4_SYNC_FL)
531 xflags |= FS_XFLAG_SYNC;
532 if (iflags & EXT4_IMMUTABLE_FL)
533 xflags |= FS_XFLAG_IMMUTABLE;
534 if (iflags & EXT4_APPEND_FL)
535 xflags |= FS_XFLAG_APPEND;
536 if (iflags & EXT4_NODUMP_FL)
537 xflags |= FS_XFLAG_NODUMP;
538 if (iflags & EXT4_NOATIME_FL)
539 xflags |= FS_XFLAG_NOATIME;
540 if (iflags & EXT4_PROJINHERIT_FL)
541 xflags |= FS_XFLAG_PROJINHERIT;
542 return xflags;
543}
544
545#define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
546 FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
547 FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT)
548
549/* Transfer xflags flags to internal */
550static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
551{
552 unsigned long iflags = 0;
553
554 if (xflags & FS_XFLAG_SYNC)
555 iflags |= EXT4_SYNC_FL;
556 if (xflags & FS_XFLAG_IMMUTABLE)
557 iflags |= EXT4_IMMUTABLE_FL;
558 if (xflags & FS_XFLAG_APPEND)
559 iflags |= EXT4_APPEND_FL;
560 if (xflags & FS_XFLAG_NODUMP)
561 iflags |= EXT4_NODUMP_FL;
562 if (xflags & FS_XFLAG_NOATIME)
563 iflags |= EXT4_NOATIME_FL;
564 if (xflags & FS_XFLAG_PROJINHERIT)
565 iflags |= EXT4_PROJINHERIT_FL;
566
567 return iflags;
568}
569
570static int ext4_shutdown(struct super_block *sb, unsigned long arg)
571{
572 struct ext4_sb_info *sbi = EXT4_SB(sb);
573 __u32 flags;
574
575 if (!capable(CAP_SYS_ADMIN))
576 return -EPERM;
577
578 if (get_user(flags, (__u32 __user *)arg))
579 return -EFAULT;
580
581 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
582 return -EINVAL;
583
584 if (ext4_forced_shutdown(sbi))
585 return 0;
586
587 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
588 trace_ext4_shutdown(sb, flags);
589
590 switch (flags) {
591 case EXT4_GOING_FLAGS_DEFAULT:
592 freeze_bdev(sb->s_bdev);
593 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
594 thaw_bdev(sb->s_bdev, sb);
595 break;
596 case EXT4_GOING_FLAGS_LOGFLUSH:
597 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
598 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
599 (void) ext4_force_commit(sb);
600 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
601 }
602 break;
603 case EXT4_GOING_FLAGS_NOLOGFLUSH:
604 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
605 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
606 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
607 break;
608 default:
609 return -EINVAL;
610 }
611 clear_opt(sb, DISCARD);
612 return 0;
613}
614
615struct getfsmap_info {
616 struct super_block *gi_sb;
617 struct fsmap_head __user *gi_data;
618 unsigned int gi_idx;
619 __u32 gi_last_flags;
620};
621
622static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
623{
624 struct getfsmap_info *info = priv;
625 struct fsmap fm;
626
627 trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
628
629 info->gi_last_flags = xfm->fmr_flags;
630 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
631 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
632 sizeof(struct fsmap)))
633 return -EFAULT;
634
635 return 0;
636}
637
638static int ext4_ioc_getfsmap(struct super_block *sb,
639 struct fsmap_head __user *arg)
640{
641 struct getfsmap_info info = { NULL };
642 struct ext4_fsmap_head xhead = {0};
643 struct fsmap_head head;
644 bool aborted = false;
645 int error;
646
647 if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
648 return -EFAULT;
649 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
650 memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
651 sizeof(head.fmh_keys[0].fmr_reserved)) ||
652 memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
653 sizeof(head.fmh_keys[1].fmr_reserved)))
654 return -EINVAL;
655 /*
656 * ext4 doesn't report file extents at all, so the only valid
657 * file offsets are the magic ones (all zeroes or all ones).
658 */
659 if (head.fmh_keys[0].fmr_offset ||
660 (head.fmh_keys[1].fmr_offset != 0 &&
661 head.fmh_keys[1].fmr_offset != -1ULL))
662 return -EINVAL;
663
664 xhead.fmh_iflags = head.fmh_iflags;
665 xhead.fmh_count = head.fmh_count;
666 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
667 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
668
669 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
670 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
671
672 info.gi_sb = sb;
673 info.gi_data = arg;
674 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
675 if (error == EXT4_QUERY_RANGE_ABORT) {
676 error = 0;
677 aborted = true;
678 } else if (error)
679 return error;
680
681 /* If we didn't abort, set the "last" flag in the last fmx */
682 if (!aborted && info.gi_idx) {
683 info.gi_last_flags |= FMR_OF_LAST;
684 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
685 &info.gi_last_flags,
686 sizeof(info.gi_last_flags)))
687 return -EFAULT;
688 }
689
690 /* copy back header */
691 head.fmh_entries = xhead.fmh_entries;
692 head.fmh_oflags = xhead.fmh_oflags;
693 if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
694 return -EFAULT;
695
696 return 0;
697}
698
699static long ext4_ioctl_group_add(struct file *file,
700 struct ext4_new_group_data *input)
701{
702 struct super_block *sb = file_inode(file)->i_sb;
703 int err, err2=0;
704
705 err = ext4_resize_begin(sb);
706 if (err)
707 return err;
708
709 if (ext4_has_feature_bigalloc(sb)) {
710 ext4_msg(sb, KERN_ERR,
711 "Online resizing not supported with bigalloc");
712 err = -EOPNOTSUPP;
713 goto group_add_out;
714 }
715
716 err = mnt_want_write_file(file);
717 if (err)
718 goto group_add_out;
719
720 err = ext4_group_add(sb, input);
721 if (EXT4_SB(sb)->s_journal) {
722 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
723 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
724 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
725 }
726 if (err == 0)
727 err = err2;
728 mnt_drop_write_file(file);
729 if (!err && ext4_has_group_desc_csum(sb) &&
730 test_opt(sb, INIT_INODE_TABLE))
731 err = ext4_register_li_request(sb, input->group);
732group_add_out:
733 ext4_resize_end(sb);
734 return err;
735}
736
737static void ext4_fill_fsxattr(struct inode *inode, struct fsxattr *fa)
738{
739 struct ext4_inode_info *ei = EXT4_I(inode);
740
741 simple_fill_fsxattr(fa, ext4_iflags_to_xflags(ei->i_flags &
742 EXT4_FL_USER_VISIBLE));
743
744 if (ext4_has_feature_project(inode->i_sb))
745 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid);
746}
747
748/* copied from fs/ioctl.c */
749static int fiemap_check_ranges(struct super_block *sb,
750 u64 start, u64 len, u64 *new_len)
751{
752 u64 maxbytes = (u64) sb->s_maxbytes;
753
754 *new_len = len;
755
756 if (len == 0)
757 return -EINVAL;
758
759 if (start > maxbytes)
760 return -EFBIG;
761
762 /*
763 * Shrink request scope to what the fs can actually handle.
764 */
765 if (len > maxbytes || (maxbytes - len) < start)
766 *new_len = maxbytes - start;
767
768 return 0;
769}
770
771/* So that the fiemap access checks can't overflow on 32 bit machines. */
772#define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent))
773
774static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg)
775{
776 struct fiemap fiemap;
777 struct fiemap __user *ufiemap = (struct fiemap __user *) arg;
778 struct fiemap_extent_info fieinfo = { 0, };
779 struct inode *inode = file_inode(filp);
780 struct super_block *sb = inode->i_sb;
781 u64 len;
782 int error;
783
784 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap)))
785 return -EFAULT;
786
787 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS)
788 return -EINVAL;
789
790 error = fiemap_check_ranges(sb, fiemap.fm_start, fiemap.fm_length,
791 &len);
792 if (error)
793 return error;
794
795 fieinfo.fi_flags = fiemap.fm_flags;
796 fieinfo.fi_extents_max = fiemap.fm_extent_count;
797 fieinfo.fi_extents_start = ufiemap->fm_extents;
798
799 if (fiemap.fm_extent_count != 0 &&
800 !access_ok(fieinfo.fi_extents_start,
801 fieinfo.fi_extents_max * sizeof(struct fiemap_extent)))
802 return -EFAULT;
803
804 if (fieinfo.fi_flags & FIEMAP_FLAG_SYNC)
805 filemap_write_and_wait(inode->i_mapping);
806
807 error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start, len);
808 fiemap.fm_flags = fieinfo.fi_flags;
809 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
810 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap)))
811 error = -EFAULT;
812
813 return error;
814}
815
816long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
817{
818 struct inode *inode = file_inode(filp);
819 struct super_block *sb = inode->i_sb;
820 struct ext4_inode_info *ei = EXT4_I(inode);
821 unsigned int flags;
822
823 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
824
825 switch (cmd) {
826 case FS_IOC_GETFSMAP:
827 return ext4_ioc_getfsmap(sb, (void __user *)arg);
828 case EXT4_IOC_GETFLAGS:
829 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
830 if (S_ISREG(inode->i_mode))
831 flags &= ~EXT4_PROJINHERIT_FL;
832 return put_user(flags, (int __user *) arg);
833 case EXT4_IOC_SETFLAGS: {
834 int err;
835
836 if (!inode_owner_or_capable(inode))
837 return -EACCES;
838
839 if (get_user(flags, (int __user *) arg))
840 return -EFAULT;
841
842 if (flags & ~EXT4_FL_USER_VISIBLE)
843 return -EOPNOTSUPP;
844 /*
845 * chattr(1) grabs flags via GETFLAGS, modifies the result and
846 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
847 * more restrictive than just silently masking off visible but
848 * not settable flags as we always did.
849 */
850 flags &= EXT4_FL_USER_MODIFIABLE;
851 if (ext4_mask_flags(inode->i_mode, flags) != flags)
852 return -EOPNOTSUPP;
853
854 err = mnt_want_write_file(filp);
855 if (err)
856 return err;
857
858 inode_lock(inode);
859 err = ext4_ioctl_check_immutable(inode,
860 from_kprojid(&init_user_ns, ei->i_projid),
861 flags);
862 if (!err)
863 err = ext4_ioctl_setflags(inode, flags);
864 inode_unlock(inode);
865 mnt_drop_write_file(filp);
866 return err;
867 }
868 case EXT4_IOC_GETVERSION:
869 case EXT4_IOC_GETVERSION_OLD:
870 return put_user(inode->i_generation, (int __user *) arg);
871 case EXT4_IOC_SETVERSION:
872 case EXT4_IOC_SETVERSION_OLD: {
873 handle_t *handle;
874 struct ext4_iloc iloc;
875 __u32 generation;
876 int err;
877
878 if (!inode_owner_or_capable(inode))
879 return -EPERM;
880
881 if (ext4_has_metadata_csum(inode->i_sb)) {
882 ext4_warning(sb, "Setting inode version is not "
883 "supported with metadata_csum enabled.");
884 return -ENOTTY;
885 }
886
887 err = mnt_want_write_file(filp);
888 if (err)
889 return err;
890 if (get_user(generation, (int __user *) arg)) {
891 err = -EFAULT;
892 goto setversion_out;
893 }
894
895 inode_lock(inode);
896 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
897 if (IS_ERR(handle)) {
898 err = PTR_ERR(handle);
899 goto unlock_out;
900 }
901 err = ext4_reserve_inode_write(handle, inode, &iloc);
902 if (err == 0) {
903 inode->i_ctime = current_time(inode);
904 inode->i_generation = generation;
905 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
906 }
907 ext4_journal_stop(handle);
908
909unlock_out:
910 inode_unlock(inode);
911setversion_out:
912 mnt_drop_write_file(filp);
913 return err;
914 }
915 case EXT4_IOC_GROUP_EXTEND: {
916 ext4_fsblk_t n_blocks_count;
917 int err, err2=0;
918
919 err = ext4_resize_begin(sb);
920 if (err)
921 return err;
922
923 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
924 err = -EFAULT;
925 goto group_extend_out;
926 }
927
928 if (ext4_has_feature_bigalloc(sb)) {
929 ext4_msg(sb, KERN_ERR,
930 "Online resizing not supported with bigalloc");
931 err = -EOPNOTSUPP;
932 goto group_extend_out;
933 }
934
935 err = mnt_want_write_file(filp);
936 if (err)
937 goto group_extend_out;
938
939 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
940 if (EXT4_SB(sb)->s_journal) {
941 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
942 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
943 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
944 }
945 if (err == 0)
946 err = err2;
947 mnt_drop_write_file(filp);
948group_extend_out:
949 ext4_resize_end(sb);
950 return err;
951 }
952
953 case EXT4_IOC_MOVE_EXT: {
954 struct move_extent me;
955 struct fd donor;
956 int err;
957
958 if (!(filp->f_mode & FMODE_READ) ||
959 !(filp->f_mode & FMODE_WRITE))
960 return -EBADF;
961
962 if (copy_from_user(&me,
963 (struct move_extent __user *)arg, sizeof(me)))
964 return -EFAULT;
965 me.moved_len = 0;
966
967 donor = fdget(me.donor_fd);
968 if (!donor.file)
969 return -EBADF;
970
971 if (!(donor.file->f_mode & FMODE_WRITE)) {
972 err = -EBADF;
973 goto mext_out;
974 }
975
976 if (ext4_has_feature_bigalloc(sb)) {
977 ext4_msg(sb, KERN_ERR,
978 "Online defrag not supported with bigalloc");
979 err = -EOPNOTSUPP;
980 goto mext_out;
981 } else if (IS_DAX(inode)) {
982 ext4_msg(sb, KERN_ERR,
983 "Online defrag not supported with DAX");
984 err = -EOPNOTSUPP;
985 goto mext_out;
986 }
987
988 err = mnt_want_write_file(filp);
989 if (err)
990 goto mext_out;
991
992 err = ext4_move_extents(filp, donor.file, me.orig_start,
993 me.donor_start, me.len, &me.moved_len);
994 mnt_drop_write_file(filp);
995
996 if (copy_to_user((struct move_extent __user *)arg,
997 &me, sizeof(me)))
998 err = -EFAULT;
999mext_out:
1000 fdput(donor);
1001 return err;
1002 }
1003
1004 case EXT4_IOC_GROUP_ADD: {
1005 struct ext4_new_group_data input;
1006
1007 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
1008 sizeof(input)))
1009 return -EFAULT;
1010
1011 return ext4_ioctl_group_add(filp, &input);
1012 }
1013
1014 case EXT4_IOC_MIGRATE:
1015 {
1016 int err;
1017 if (!inode_owner_or_capable(inode))
1018 return -EACCES;
1019
1020 err = mnt_want_write_file(filp);
1021 if (err)
1022 return err;
1023 /*
1024 * inode_mutex prevent write and truncate on the file.
1025 * Read still goes through. We take i_data_sem in
1026 * ext4_ext_swap_inode_data before we switch the
1027 * inode format to prevent read.
1028 */
1029 inode_lock((inode));
1030 err = ext4_ext_migrate(inode);
1031 inode_unlock((inode));
1032 mnt_drop_write_file(filp);
1033 return err;
1034 }
1035
1036 case EXT4_IOC_ALLOC_DA_BLKS:
1037 {
1038 int err;
1039 if (!inode_owner_or_capable(inode))
1040 return -EACCES;
1041
1042 err = mnt_want_write_file(filp);
1043 if (err)
1044 return err;
1045 err = ext4_alloc_da_blocks(inode);
1046 mnt_drop_write_file(filp);
1047 return err;
1048 }
1049
1050 case EXT4_IOC_SWAP_BOOT:
1051 {
1052 int err;
1053 if (!(filp->f_mode & FMODE_WRITE))
1054 return -EBADF;
1055 err = mnt_want_write_file(filp);
1056 if (err)
1057 return err;
1058 err = swap_inode_boot_loader(sb, inode);
1059 mnt_drop_write_file(filp);
1060 return err;
1061 }
1062
1063 case EXT4_IOC_RESIZE_FS: {
1064 ext4_fsblk_t n_blocks_count;
1065 int err = 0, err2 = 0;
1066 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
1067
1068 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1069 sizeof(__u64))) {
1070 return -EFAULT;
1071 }
1072
1073 err = ext4_resize_begin(sb);
1074 if (err)
1075 return err;
1076
1077 err = mnt_want_write_file(filp);
1078 if (err)
1079 goto resizefs_out;
1080
1081 err = ext4_resize_fs(sb, n_blocks_count);
1082 if (EXT4_SB(sb)->s_journal) {
1083 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1084 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
1085 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1086 }
1087 if (err == 0)
1088 err = err2;
1089 mnt_drop_write_file(filp);
1090 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1091 ext4_has_group_desc_csum(sb) &&
1092 test_opt(sb, INIT_INODE_TABLE))
1093 err = ext4_register_li_request(sb, o_group);
1094
1095resizefs_out:
1096 ext4_resize_end(sb);
1097 return err;
1098 }
1099
1100 case FITRIM:
1101 {
1102 struct request_queue *q = bdev_get_queue(sb->s_bdev);
1103 struct fstrim_range range;
1104 int ret = 0;
1105
1106 if (!capable(CAP_SYS_ADMIN))
1107 return -EPERM;
1108
1109 if (!blk_queue_discard(q))
1110 return -EOPNOTSUPP;
1111
1112 /*
1113 * We haven't replayed the journal, so we cannot use our
1114 * block-bitmap-guided storage zapping commands.
1115 */
1116 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1117 return -EROFS;
1118
1119 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1120 sizeof(range)))
1121 return -EFAULT;
1122
1123 range.minlen = max((unsigned int)range.minlen,
1124 q->limits.discard_granularity);
1125 ret = ext4_trim_fs(sb, &range);
1126 if (ret < 0)
1127 return ret;
1128
1129 if (copy_to_user((struct fstrim_range __user *)arg, &range,
1130 sizeof(range)))
1131 return -EFAULT;
1132
1133 return 0;
1134 }
1135 case EXT4_IOC_PRECACHE_EXTENTS:
1136 return ext4_ext_precache(inode);
1137
1138 case EXT4_IOC_SET_ENCRYPTION_POLICY:
1139 if (!ext4_has_feature_encrypt(sb))
1140 return -EOPNOTSUPP;
1141 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1142
1143 case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
1144#ifdef CONFIG_FS_ENCRYPTION
1145 int err, err2;
1146 struct ext4_sb_info *sbi = EXT4_SB(sb);
1147 handle_t *handle;
1148
1149 if (!ext4_has_feature_encrypt(sb))
1150 return -EOPNOTSUPP;
1151 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
1152 err = mnt_want_write_file(filp);
1153 if (err)
1154 return err;
1155 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
1156 if (IS_ERR(handle)) {
1157 err = PTR_ERR(handle);
1158 goto pwsalt_err_exit;
1159 }
1160 err = ext4_journal_get_write_access(handle, sbi->s_sbh);
1161 if (err)
1162 goto pwsalt_err_journal;
1163 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
1164 err = ext4_handle_dirty_metadata(handle, NULL,
1165 sbi->s_sbh);
1166 pwsalt_err_journal:
1167 err2 = ext4_journal_stop(handle);
1168 if (err2 && !err)
1169 err = err2;
1170 pwsalt_err_exit:
1171 mnt_drop_write_file(filp);
1172 if (err)
1173 return err;
1174 }
1175 if (copy_to_user((void __user *) arg,
1176 sbi->s_es->s_encrypt_pw_salt, 16))
1177 return -EFAULT;
1178 return 0;
1179#else
1180 return -EOPNOTSUPP;
1181#endif
1182 }
1183 case EXT4_IOC_GET_ENCRYPTION_POLICY:
1184 if (!ext4_has_feature_encrypt(sb))
1185 return -EOPNOTSUPP;
1186 return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1187
1188 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1189 if (!ext4_has_feature_encrypt(sb))
1190 return -EOPNOTSUPP;
1191 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg);
1192
1193 case FS_IOC_ADD_ENCRYPTION_KEY:
1194 if (!ext4_has_feature_encrypt(sb))
1195 return -EOPNOTSUPP;
1196 return fscrypt_ioctl_add_key(filp, (void __user *)arg);
1197
1198 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1199 if (!ext4_has_feature_encrypt(sb))
1200 return -EOPNOTSUPP;
1201 return fscrypt_ioctl_remove_key(filp, (void __user *)arg);
1202
1203 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1204 if (!ext4_has_feature_encrypt(sb))
1205 return -EOPNOTSUPP;
1206 return fscrypt_ioctl_remove_key_all_users(filp,
1207 (void __user *)arg);
1208 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1209 if (!ext4_has_feature_encrypt(sb))
1210 return -EOPNOTSUPP;
1211 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg);
1212
1213 case EXT4_IOC_CLEAR_ES_CACHE:
1214 {
1215 if (!inode_owner_or_capable(inode))
1216 return -EACCES;
1217 ext4_clear_inode_es(inode);
1218 return 0;
1219 }
1220
1221 case EXT4_IOC_GETSTATE:
1222 {
1223 __u32 state = 0;
1224
1225 if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED))
1226 state |= EXT4_STATE_FLAG_EXT_PRECACHED;
1227 if (ext4_test_inode_state(inode, EXT4_STATE_NEW))
1228 state |= EXT4_STATE_FLAG_NEW;
1229 if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
1230 state |= EXT4_STATE_FLAG_NEWENTRY;
1231 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE))
1232 state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE;
1233
1234 return put_user(state, (__u32 __user *) arg);
1235 }
1236
1237 case EXT4_IOC_GET_ES_CACHE:
1238 return ext4_ioctl_get_es_cache(filp, arg);
1239
1240 case EXT4_IOC_FSGETXATTR:
1241 {
1242 struct fsxattr fa;
1243
1244 ext4_fill_fsxattr(inode, &fa);
1245
1246 if (copy_to_user((struct fsxattr __user *)arg,
1247 &fa, sizeof(fa)))
1248 return -EFAULT;
1249 return 0;
1250 }
1251 case EXT4_IOC_FSSETXATTR:
1252 {
1253 struct fsxattr fa, old_fa;
1254 int err;
1255
1256 if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1257 sizeof(fa)))
1258 return -EFAULT;
1259
1260 /* Make sure caller has proper permission */
1261 if (!inode_owner_or_capable(inode))
1262 return -EACCES;
1263
1264 if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1265 return -EOPNOTSUPP;
1266
1267 flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1268 if (ext4_mask_flags(inode->i_mode, flags) != flags)
1269 return -EOPNOTSUPP;
1270
1271 err = mnt_want_write_file(filp);
1272 if (err)
1273 return err;
1274
1275 inode_lock(inode);
1276 ext4_fill_fsxattr(inode, &old_fa);
1277 err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa);
1278 if (err)
1279 goto out;
1280 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1281 (flags & EXT4_FL_XFLAG_VISIBLE);
1282 err = ext4_ioctl_check_immutable(inode, fa.fsx_projid, flags);
1283 if (err)
1284 goto out;
1285 err = ext4_ioctl_setflags(inode, flags);
1286 if (err)
1287 goto out;
1288 err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1289out:
1290 inode_unlock(inode);
1291 mnt_drop_write_file(filp);
1292 return err;
1293 }
1294 case EXT4_IOC_SHUTDOWN:
1295 return ext4_shutdown(sb, arg);
1296
1297 case FS_IOC_ENABLE_VERITY:
1298 if (!ext4_has_feature_verity(sb))
1299 return -EOPNOTSUPP;
1300 return fsverity_ioctl_enable(filp, (const void __user *)arg);
1301
1302 case FS_IOC_MEASURE_VERITY:
1303 if (!ext4_has_feature_verity(sb))
1304 return -EOPNOTSUPP;
1305 return fsverity_ioctl_measure(filp, (void __user *)arg);
1306
1307 default:
1308 return -ENOTTY;
1309 }
1310}
1311
1312#ifdef CONFIG_COMPAT
1313long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1314{
1315 /* These are just misnamed, they actually get/put from/to user an int */
1316 switch (cmd) {
1317 case EXT4_IOC32_GETFLAGS:
1318 cmd = EXT4_IOC_GETFLAGS;
1319 break;
1320 case EXT4_IOC32_SETFLAGS:
1321 cmd = EXT4_IOC_SETFLAGS;
1322 break;
1323 case EXT4_IOC32_GETVERSION:
1324 cmd = EXT4_IOC_GETVERSION;
1325 break;
1326 case EXT4_IOC32_SETVERSION:
1327 cmd = EXT4_IOC_SETVERSION;
1328 break;
1329 case EXT4_IOC32_GROUP_EXTEND:
1330 cmd = EXT4_IOC_GROUP_EXTEND;
1331 break;
1332 case EXT4_IOC32_GETVERSION_OLD:
1333 cmd = EXT4_IOC_GETVERSION_OLD;
1334 break;
1335 case EXT4_IOC32_SETVERSION_OLD:
1336 cmd = EXT4_IOC_SETVERSION_OLD;
1337 break;
1338 case EXT4_IOC32_GETRSVSZ:
1339 cmd = EXT4_IOC_GETRSVSZ;
1340 break;
1341 case EXT4_IOC32_SETRSVSZ:
1342 cmd = EXT4_IOC_SETRSVSZ;
1343 break;
1344 case EXT4_IOC32_GROUP_ADD: {
1345 struct compat_ext4_new_group_input __user *uinput;
1346 struct ext4_new_group_data input;
1347 int err;
1348
1349 uinput = compat_ptr(arg);
1350 err = get_user(input.group, &uinput->group);
1351 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1352 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1353 err |= get_user(input.inode_table, &uinput->inode_table);
1354 err |= get_user(input.blocks_count, &uinput->blocks_count);
1355 err |= get_user(input.reserved_blocks,
1356 &uinput->reserved_blocks);
1357 if (err)
1358 return -EFAULT;
1359 return ext4_ioctl_group_add(file, &input);
1360 }
1361 case EXT4_IOC_MOVE_EXT:
1362 case EXT4_IOC_RESIZE_FS:
1363 case EXT4_IOC_PRECACHE_EXTENTS:
1364 case EXT4_IOC_SET_ENCRYPTION_POLICY:
1365 case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1366 case EXT4_IOC_GET_ENCRYPTION_POLICY:
1367 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1368 case FS_IOC_ADD_ENCRYPTION_KEY:
1369 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1370 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1371 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1372 case EXT4_IOC_SHUTDOWN:
1373 case FS_IOC_GETFSMAP:
1374 case FS_IOC_ENABLE_VERITY:
1375 case FS_IOC_MEASURE_VERITY:
1376 case EXT4_IOC_CLEAR_ES_CACHE:
1377 case EXT4_IOC_GETSTATE:
1378 case EXT4_IOC_GET_ES_CACHE:
1379 break;
1380 default:
1381 return -ENOIOCTLCMD;
1382 }
1383 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1384}
1385#endif