Loading...
1/*
2 * linux/fs/ext4/ioctl.c
3 *
4 * Copyright (C) 1993, 1994, 1995
5 * Remy Card (card@masi.ibp.fr)
6 * Laboratoire MASI - Institut Blaise Pascal
7 * Universite Pierre et Marie Curie (Paris VI)
8 */
9
10#include <linux/fs.h>
11#include <linux/capability.h>
12#include <linux/time.h>
13#include <linux/compat.h>
14#include <linux/mount.h>
15#include <linux/file.h>
16#include <linux/random.h>
17#include <linux/quotaops.h>
18#include <asm/uaccess.h>
19#include "ext4_jbd2.h"
20#include "ext4.h"
21
22#define MAX_32_NUM ((((unsigned long long) 1) << 32) - 1)
23
24/**
25 * Swap memory between @a and @b for @len bytes.
26 *
27 * @a: pointer to first memory area
28 * @b: pointer to second memory area
29 * @len: number of bytes to swap
30 *
31 */
32static void memswap(void *a, void *b, size_t len)
33{
34 unsigned char *ap, *bp;
35
36 ap = (unsigned char *)a;
37 bp = (unsigned char *)b;
38 while (len-- > 0) {
39 swap(*ap, *bp);
40 ap++;
41 bp++;
42 }
43}
44
45/**
46 * Swap i_data and associated attributes between @inode1 and @inode2.
47 * This function is used for the primary swap between inode1 and inode2
48 * and also to revert this primary swap in case of errors.
49 *
50 * Therefore you have to make sure, that calling this method twice
51 * will revert all changes.
52 *
53 * @inode1: pointer to first inode
54 * @inode2: pointer to second inode
55 */
56static void swap_inode_data(struct inode *inode1, struct inode *inode2)
57{
58 loff_t isize;
59 struct ext4_inode_info *ei1;
60 struct ext4_inode_info *ei2;
61
62 ei1 = EXT4_I(inode1);
63 ei2 = EXT4_I(inode2);
64
65 memswap(&inode1->i_flags, &inode2->i_flags, sizeof(inode1->i_flags));
66 memswap(&inode1->i_version, &inode2->i_version,
67 sizeof(inode1->i_version));
68 memswap(&inode1->i_blocks, &inode2->i_blocks,
69 sizeof(inode1->i_blocks));
70 memswap(&inode1->i_bytes, &inode2->i_bytes, sizeof(inode1->i_bytes));
71 memswap(&inode1->i_atime, &inode2->i_atime, sizeof(inode1->i_atime));
72 memswap(&inode1->i_mtime, &inode2->i_mtime, sizeof(inode1->i_mtime));
73
74 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
75 memswap(&ei1->i_flags, &ei2->i_flags, sizeof(ei1->i_flags));
76 memswap(&ei1->i_disksize, &ei2->i_disksize, sizeof(ei1->i_disksize));
77 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
78 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
79
80 isize = i_size_read(inode1);
81 i_size_write(inode1, i_size_read(inode2));
82 i_size_write(inode2, isize);
83}
84
85/**
86 * Swap the information from the given @inode and the inode
87 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
88 * important fields of the inodes.
89 *
90 * @sb: the super block of the filesystem
91 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
92 *
93 */
94static long swap_inode_boot_loader(struct super_block *sb,
95 struct inode *inode)
96{
97 handle_t *handle;
98 int err;
99 struct inode *inode_bl;
100 struct ext4_inode_info *ei_bl;
101 struct ext4_sb_info *sbi = EXT4_SB(sb);
102
103 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode))
104 return -EINVAL;
105
106 if (!inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN))
107 return -EPERM;
108
109 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO);
110 if (IS_ERR(inode_bl))
111 return PTR_ERR(inode_bl);
112 ei_bl = EXT4_I(inode_bl);
113
114 filemap_flush(inode->i_mapping);
115 filemap_flush(inode_bl->i_mapping);
116
117 /* Protect orig inodes against a truncate and make sure,
118 * that only 1 swap_inode_boot_loader is running. */
119 lock_two_nondirectories(inode, inode_bl);
120
121 truncate_inode_pages(&inode->i_data, 0);
122 truncate_inode_pages(&inode_bl->i_data, 0);
123
124 /* Wait for all existing dio workers */
125 ext4_inode_block_unlocked_dio(inode);
126 ext4_inode_block_unlocked_dio(inode_bl);
127 inode_dio_wait(inode);
128 inode_dio_wait(inode_bl);
129
130 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
131 if (IS_ERR(handle)) {
132 err = -EINVAL;
133 goto journal_err_out;
134 }
135
136 /* Protect extent tree against block allocations via delalloc */
137 ext4_double_down_write_data_sem(inode, inode_bl);
138
139 if (inode_bl->i_nlink == 0) {
140 /* this inode has never been used as a BOOT_LOADER */
141 set_nlink(inode_bl, 1);
142 i_uid_write(inode_bl, 0);
143 i_gid_write(inode_bl, 0);
144 inode_bl->i_flags = 0;
145 ei_bl->i_flags = 0;
146 inode_bl->i_version = 1;
147 i_size_write(inode_bl, 0);
148 inode_bl->i_mode = S_IFREG;
149 if (ext4_has_feature_extents(sb)) {
150 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
151 ext4_ext_tree_init(handle, inode_bl);
152 } else
153 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
154 }
155
156 swap_inode_data(inode, inode_bl);
157
158 inode->i_ctime = inode_bl->i_ctime = ext4_current_time(inode);
159
160 spin_lock(&sbi->s_next_gen_lock);
161 inode->i_generation = sbi->s_next_generation++;
162 inode_bl->i_generation = sbi->s_next_generation++;
163 spin_unlock(&sbi->s_next_gen_lock);
164
165 ext4_discard_preallocations(inode);
166
167 err = ext4_mark_inode_dirty(handle, inode);
168 if (err < 0) {
169 ext4_warning(inode->i_sb,
170 "couldn't mark inode #%lu dirty (err %d)",
171 inode->i_ino, err);
172 /* Revert all changes: */
173 swap_inode_data(inode, inode_bl);
174 } else {
175 err = ext4_mark_inode_dirty(handle, inode_bl);
176 if (err < 0) {
177 ext4_warning(inode_bl->i_sb,
178 "couldn't mark inode #%lu dirty (err %d)",
179 inode_bl->i_ino, err);
180 /* Revert all changes: */
181 swap_inode_data(inode, inode_bl);
182 ext4_mark_inode_dirty(handle, inode);
183 }
184 }
185 ext4_journal_stop(handle);
186 ext4_double_up_write_data_sem(inode, inode_bl);
187
188journal_err_out:
189 ext4_inode_resume_unlocked_dio(inode);
190 ext4_inode_resume_unlocked_dio(inode_bl);
191 unlock_two_nondirectories(inode, inode_bl);
192 iput(inode_bl);
193 return err;
194}
195
196static int uuid_is_zero(__u8 u[16])
197{
198 int i;
199
200 for (i = 0; i < 16; i++)
201 if (u[i])
202 return 0;
203 return 1;
204}
205
206static int ext4_ioctl_setflags(struct inode *inode,
207 unsigned int flags)
208{
209 struct ext4_inode_info *ei = EXT4_I(inode);
210 handle_t *handle = NULL;
211 int err = -EPERM, migrate = 0;
212 struct ext4_iloc iloc;
213 unsigned int oldflags, mask, i;
214 unsigned int jflag;
215
216 /* Is it quota file? Do not allow user to mess with it */
217 if (IS_NOQUOTA(inode))
218 goto flags_out;
219
220 oldflags = ei->i_flags;
221
222 /* The JOURNAL_DATA flag is modifiable only by root */
223 jflag = flags & EXT4_JOURNAL_DATA_FL;
224
225 /*
226 * The IMMUTABLE and APPEND_ONLY flags can only be changed by
227 * the relevant capability.
228 *
229 * This test looks nicer. Thanks to Pauline Middelink
230 */
231 if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
232 if (!capable(CAP_LINUX_IMMUTABLE))
233 goto flags_out;
234 }
235
236 /*
237 * The JOURNAL_DATA flag can only be changed by
238 * the relevant capability.
239 */
240 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
241 if (!capable(CAP_SYS_RESOURCE))
242 goto flags_out;
243 }
244 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
245 migrate = 1;
246
247 if (flags & EXT4_EOFBLOCKS_FL) {
248 /* we don't support adding EOFBLOCKS flag */
249 if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
250 err = -EOPNOTSUPP;
251 goto flags_out;
252 }
253 } else if (oldflags & EXT4_EOFBLOCKS_FL)
254 ext4_truncate(inode);
255
256 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
257 if (IS_ERR(handle)) {
258 err = PTR_ERR(handle);
259 goto flags_out;
260 }
261 if (IS_SYNC(inode))
262 ext4_handle_sync(handle);
263 err = ext4_reserve_inode_write(handle, inode, &iloc);
264 if (err)
265 goto flags_err;
266
267 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
268 if (!(mask & EXT4_FL_USER_MODIFIABLE))
269 continue;
270 if (mask & flags)
271 ext4_set_inode_flag(inode, i);
272 else
273 ext4_clear_inode_flag(inode, i);
274 }
275
276 ext4_set_inode_flags(inode);
277 inode->i_ctime = ext4_current_time(inode);
278
279 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
280flags_err:
281 ext4_journal_stop(handle);
282 if (err)
283 goto flags_out;
284
285 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL))
286 err = ext4_change_inode_journal_flag(inode, jflag);
287 if (err)
288 goto flags_out;
289 if (migrate) {
290 if (flags & EXT4_EXTENTS_FL)
291 err = ext4_ext_migrate(inode);
292 else
293 err = ext4_ind_migrate(inode);
294 }
295
296flags_out:
297 return err;
298}
299
300#ifdef CONFIG_QUOTA
301static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
302{
303 struct inode *inode = file_inode(filp);
304 struct super_block *sb = inode->i_sb;
305 struct ext4_inode_info *ei = EXT4_I(inode);
306 int err, rc;
307 handle_t *handle;
308 kprojid_t kprojid;
309 struct ext4_iloc iloc;
310 struct ext4_inode *raw_inode;
311
312 if (!EXT4_HAS_RO_COMPAT_FEATURE(sb,
313 EXT4_FEATURE_RO_COMPAT_PROJECT)) {
314 if (projid != EXT4_DEF_PROJID)
315 return -EOPNOTSUPP;
316 else
317 return 0;
318 }
319
320 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
321 return -EOPNOTSUPP;
322
323 kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
324
325 if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
326 return 0;
327
328 err = mnt_want_write_file(filp);
329 if (err)
330 return err;
331
332 err = -EPERM;
333 inode_lock(inode);
334 /* Is it quota file? Do not allow user to mess with it */
335 if (IS_NOQUOTA(inode))
336 goto out_unlock;
337
338 err = ext4_get_inode_loc(inode, &iloc);
339 if (err)
340 goto out_unlock;
341
342 raw_inode = ext4_raw_inode(&iloc);
343 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
344 err = -EOVERFLOW;
345 brelse(iloc.bh);
346 goto out_unlock;
347 }
348 brelse(iloc.bh);
349
350 dquot_initialize(inode);
351
352 handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
353 EXT4_QUOTA_INIT_BLOCKS(sb) +
354 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
355 if (IS_ERR(handle)) {
356 err = PTR_ERR(handle);
357 goto out_unlock;
358 }
359
360 err = ext4_reserve_inode_write(handle, inode, &iloc);
361 if (err)
362 goto out_stop;
363
364 if (sb_has_quota_limits_enabled(sb, PRJQUOTA)) {
365 struct dquot *transfer_to[MAXQUOTAS] = { };
366
367 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
368 if (transfer_to[PRJQUOTA]) {
369 err = __dquot_transfer(inode, transfer_to);
370 dqput(transfer_to[PRJQUOTA]);
371 if (err)
372 goto out_dirty;
373 }
374 }
375 EXT4_I(inode)->i_projid = kprojid;
376 inode->i_ctime = ext4_current_time(inode);
377out_dirty:
378 rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
379 if (!err)
380 err = rc;
381out_stop:
382 ext4_journal_stop(handle);
383out_unlock:
384 inode_unlock(inode);
385 mnt_drop_write_file(filp);
386 return err;
387}
388#else
389static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
390{
391 if (projid != EXT4_DEF_PROJID)
392 return -EOPNOTSUPP;
393 return 0;
394}
395#endif
396
397/* Transfer internal flags to xflags */
398static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
399{
400 __u32 xflags = 0;
401
402 if (iflags & EXT4_SYNC_FL)
403 xflags |= FS_XFLAG_SYNC;
404 if (iflags & EXT4_IMMUTABLE_FL)
405 xflags |= FS_XFLAG_IMMUTABLE;
406 if (iflags & EXT4_APPEND_FL)
407 xflags |= FS_XFLAG_APPEND;
408 if (iflags & EXT4_NODUMP_FL)
409 xflags |= FS_XFLAG_NODUMP;
410 if (iflags & EXT4_NOATIME_FL)
411 xflags |= FS_XFLAG_NOATIME;
412 if (iflags & EXT4_PROJINHERIT_FL)
413 xflags |= FS_XFLAG_PROJINHERIT;
414 return xflags;
415}
416
417/* Transfer xflags flags to internal */
418static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
419{
420 unsigned long iflags = 0;
421
422 if (xflags & FS_XFLAG_SYNC)
423 iflags |= EXT4_SYNC_FL;
424 if (xflags & FS_XFLAG_IMMUTABLE)
425 iflags |= EXT4_IMMUTABLE_FL;
426 if (xflags & FS_XFLAG_APPEND)
427 iflags |= EXT4_APPEND_FL;
428 if (xflags & FS_XFLAG_NODUMP)
429 iflags |= EXT4_NODUMP_FL;
430 if (xflags & FS_XFLAG_NOATIME)
431 iflags |= EXT4_NOATIME_FL;
432 if (xflags & FS_XFLAG_PROJINHERIT)
433 iflags |= EXT4_PROJINHERIT_FL;
434
435 return iflags;
436}
437
438long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
439{
440 struct inode *inode = file_inode(filp);
441 struct super_block *sb = inode->i_sb;
442 struct ext4_inode_info *ei = EXT4_I(inode);
443 unsigned int flags;
444
445 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
446
447 switch (cmd) {
448 case EXT4_IOC_GETFLAGS:
449 ext4_get_inode_flags(ei);
450 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
451 return put_user(flags, (int __user *) arg);
452 case EXT4_IOC_SETFLAGS: {
453 int err;
454
455 if (!inode_owner_or_capable(inode))
456 return -EACCES;
457
458 if (get_user(flags, (int __user *) arg))
459 return -EFAULT;
460
461 err = mnt_want_write_file(filp);
462 if (err)
463 return err;
464
465 flags = ext4_mask_flags(inode->i_mode, flags);
466
467 inode_lock(inode);
468 err = ext4_ioctl_setflags(inode, flags);
469 inode_unlock(inode);
470 mnt_drop_write_file(filp);
471 return err;
472 }
473 case EXT4_IOC_GETVERSION:
474 case EXT4_IOC_GETVERSION_OLD:
475 return put_user(inode->i_generation, (int __user *) arg);
476 case EXT4_IOC_SETVERSION:
477 case EXT4_IOC_SETVERSION_OLD: {
478 handle_t *handle;
479 struct ext4_iloc iloc;
480 __u32 generation;
481 int err;
482
483 if (!inode_owner_or_capable(inode))
484 return -EPERM;
485
486 if (ext4_has_metadata_csum(inode->i_sb)) {
487 ext4_warning(sb, "Setting inode version is not "
488 "supported with metadata_csum enabled.");
489 return -ENOTTY;
490 }
491
492 err = mnt_want_write_file(filp);
493 if (err)
494 return err;
495 if (get_user(generation, (int __user *) arg)) {
496 err = -EFAULT;
497 goto setversion_out;
498 }
499
500 inode_lock(inode);
501 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
502 if (IS_ERR(handle)) {
503 err = PTR_ERR(handle);
504 goto unlock_out;
505 }
506 err = ext4_reserve_inode_write(handle, inode, &iloc);
507 if (err == 0) {
508 inode->i_ctime = ext4_current_time(inode);
509 inode->i_generation = generation;
510 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
511 }
512 ext4_journal_stop(handle);
513
514unlock_out:
515 inode_unlock(inode);
516setversion_out:
517 mnt_drop_write_file(filp);
518 return err;
519 }
520 case EXT4_IOC_GROUP_EXTEND: {
521 ext4_fsblk_t n_blocks_count;
522 int err, err2=0;
523
524 err = ext4_resize_begin(sb);
525 if (err)
526 return err;
527
528 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
529 err = -EFAULT;
530 goto group_extend_out;
531 }
532
533 if (ext4_has_feature_bigalloc(sb)) {
534 ext4_msg(sb, KERN_ERR,
535 "Online resizing not supported with bigalloc");
536 err = -EOPNOTSUPP;
537 goto group_extend_out;
538 }
539
540 err = mnt_want_write_file(filp);
541 if (err)
542 goto group_extend_out;
543
544 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
545 if (EXT4_SB(sb)->s_journal) {
546 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
547 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
548 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
549 }
550 if (err == 0)
551 err = err2;
552 mnt_drop_write_file(filp);
553group_extend_out:
554 ext4_resize_end(sb);
555 return err;
556 }
557
558 case EXT4_IOC_MOVE_EXT: {
559 struct move_extent me;
560 struct fd donor;
561 int err;
562
563 if (!(filp->f_mode & FMODE_READ) ||
564 !(filp->f_mode & FMODE_WRITE))
565 return -EBADF;
566
567 if (copy_from_user(&me,
568 (struct move_extent __user *)arg, sizeof(me)))
569 return -EFAULT;
570 me.moved_len = 0;
571
572 donor = fdget(me.donor_fd);
573 if (!donor.file)
574 return -EBADF;
575
576 if (!(donor.file->f_mode & FMODE_WRITE)) {
577 err = -EBADF;
578 goto mext_out;
579 }
580
581 if (ext4_has_feature_bigalloc(sb)) {
582 ext4_msg(sb, KERN_ERR,
583 "Online defrag not supported with bigalloc");
584 err = -EOPNOTSUPP;
585 goto mext_out;
586 } else if (IS_DAX(inode)) {
587 ext4_msg(sb, KERN_ERR,
588 "Online defrag not supported with DAX");
589 err = -EOPNOTSUPP;
590 goto mext_out;
591 }
592
593 err = mnt_want_write_file(filp);
594 if (err)
595 goto mext_out;
596
597 err = ext4_move_extents(filp, donor.file, me.orig_start,
598 me.donor_start, me.len, &me.moved_len);
599 mnt_drop_write_file(filp);
600
601 if (copy_to_user((struct move_extent __user *)arg,
602 &me, sizeof(me)))
603 err = -EFAULT;
604mext_out:
605 fdput(donor);
606 return err;
607 }
608
609 case EXT4_IOC_GROUP_ADD: {
610 struct ext4_new_group_data input;
611 int err, err2=0;
612
613 err = ext4_resize_begin(sb);
614 if (err)
615 return err;
616
617 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
618 sizeof(input))) {
619 err = -EFAULT;
620 goto group_add_out;
621 }
622
623 if (ext4_has_feature_bigalloc(sb)) {
624 ext4_msg(sb, KERN_ERR,
625 "Online resizing not supported with bigalloc");
626 err = -EOPNOTSUPP;
627 goto group_add_out;
628 }
629
630 err = mnt_want_write_file(filp);
631 if (err)
632 goto group_add_out;
633
634 err = ext4_group_add(sb, &input);
635 if (EXT4_SB(sb)->s_journal) {
636 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
637 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
638 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
639 }
640 if (err == 0)
641 err = err2;
642 mnt_drop_write_file(filp);
643 if (!err && ext4_has_group_desc_csum(sb) &&
644 test_opt(sb, INIT_INODE_TABLE))
645 err = ext4_register_li_request(sb, input.group);
646group_add_out:
647 ext4_resize_end(sb);
648 return err;
649 }
650
651 case EXT4_IOC_MIGRATE:
652 {
653 int err;
654 if (!inode_owner_or_capable(inode))
655 return -EACCES;
656
657 err = mnt_want_write_file(filp);
658 if (err)
659 return err;
660 /*
661 * inode_mutex prevent write and truncate on the file.
662 * Read still goes through. We take i_data_sem in
663 * ext4_ext_swap_inode_data before we switch the
664 * inode format to prevent read.
665 */
666 inode_lock((inode));
667 err = ext4_ext_migrate(inode);
668 inode_unlock((inode));
669 mnt_drop_write_file(filp);
670 return err;
671 }
672
673 case EXT4_IOC_ALLOC_DA_BLKS:
674 {
675 int err;
676 if (!inode_owner_or_capable(inode))
677 return -EACCES;
678
679 err = mnt_want_write_file(filp);
680 if (err)
681 return err;
682 err = ext4_alloc_da_blocks(inode);
683 mnt_drop_write_file(filp);
684 return err;
685 }
686
687 case EXT4_IOC_SWAP_BOOT:
688 {
689 int err;
690 if (!(filp->f_mode & FMODE_WRITE))
691 return -EBADF;
692 err = mnt_want_write_file(filp);
693 if (err)
694 return err;
695 err = swap_inode_boot_loader(sb, inode);
696 mnt_drop_write_file(filp);
697 return err;
698 }
699
700 case EXT4_IOC_RESIZE_FS: {
701 ext4_fsblk_t n_blocks_count;
702 int err = 0, err2 = 0;
703 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
704
705 if (ext4_has_feature_bigalloc(sb)) {
706 ext4_msg(sb, KERN_ERR,
707 "Online resizing not (yet) supported with bigalloc");
708 return -EOPNOTSUPP;
709 }
710
711 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
712 sizeof(__u64))) {
713 return -EFAULT;
714 }
715
716 err = ext4_resize_begin(sb);
717 if (err)
718 return err;
719
720 err = mnt_want_write_file(filp);
721 if (err)
722 goto resizefs_out;
723
724 err = ext4_resize_fs(sb, n_blocks_count);
725 if (EXT4_SB(sb)->s_journal) {
726 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
727 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
728 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
729 }
730 if (err == 0)
731 err = err2;
732 mnt_drop_write_file(filp);
733 if (!err && (o_group > EXT4_SB(sb)->s_groups_count) &&
734 ext4_has_group_desc_csum(sb) &&
735 test_opt(sb, INIT_INODE_TABLE))
736 err = ext4_register_li_request(sb, o_group);
737
738resizefs_out:
739 ext4_resize_end(sb);
740 return err;
741 }
742
743 case FITRIM:
744 {
745 struct request_queue *q = bdev_get_queue(sb->s_bdev);
746 struct fstrim_range range;
747 int ret = 0;
748
749 if (!capable(CAP_SYS_ADMIN))
750 return -EPERM;
751
752 if (!blk_queue_discard(q))
753 return -EOPNOTSUPP;
754
755 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
756 sizeof(range)))
757 return -EFAULT;
758
759 range.minlen = max((unsigned int)range.minlen,
760 q->limits.discard_granularity);
761 ret = ext4_trim_fs(sb, &range);
762 if (ret < 0)
763 return ret;
764
765 if (copy_to_user((struct fstrim_range __user *)arg, &range,
766 sizeof(range)))
767 return -EFAULT;
768
769 return 0;
770 }
771 case EXT4_IOC_PRECACHE_EXTENTS:
772 return ext4_ext_precache(inode);
773 case EXT4_IOC_SET_ENCRYPTION_POLICY: {
774#ifdef CONFIG_EXT4_FS_ENCRYPTION
775 struct ext4_encryption_policy policy;
776 int err = 0;
777
778 if (copy_from_user(&policy,
779 (struct ext4_encryption_policy __user *)arg,
780 sizeof(policy))) {
781 err = -EFAULT;
782 goto encryption_policy_out;
783 }
784
785 err = ext4_process_policy(&policy, inode);
786encryption_policy_out:
787 return err;
788#else
789 return -EOPNOTSUPP;
790#endif
791 }
792 case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
793 int err, err2;
794 struct ext4_sb_info *sbi = EXT4_SB(sb);
795 handle_t *handle;
796
797 if (!ext4_sb_has_crypto(sb))
798 return -EOPNOTSUPP;
799 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
800 err = mnt_want_write_file(filp);
801 if (err)
802 return err;
803 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
804 if (IS_ERR(handle)) {
805 err = PTR_ERR(handle);
806 goto pwsalt_err_exit;
807 }
808 err = ext4_journal_get_write_access(handle, sbi->s_sbh);
809 if (err)
810 goto pwsalt_err_journal;
811 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
812 err = ext4_handle_dirty_metadata(handle, NULL,
813 sbi->s_sbh);
814 pwsalt_err_journal:
815 err2 = ext4_journal_stop(handle);
816 if (err2 && !err)
817 err = err2;
818 pwsalt_err_exit:
819 mnt_drop_write_file(filp);
820 if (err)
821 return err;
822 }
823 if (copy_to_user((void __user *) arg,
824 sbi->s_es->s_encrypt_pw_salt, 16))
825 return -EFAULT;
826 return 0;
827 }
828 case EXT4_IOC_GET_ENCRYPTION_POLICY: {
829#ifdef CONFIG_EXT4_FS_ENCRYPTION
830 struct ext4_encryption_policy policy;
831 int err = 0;
832
833 if (!ext4_encrypted_inode(inode))
834 return -ENOENT;
835 err = ext4_get_policy(inode, &policy);
836 if (err)
837 return err;
838 if (copy_to_user((void __user *)arg, &policy, sizeof(policy)))
839 return -EFAULT;
840 return 0;
841#else
842 return -EOPNOTSUPP;
843#endif
844 }
845 case EXT4_IOC_FSGETXATTR:
846 {
847 struct fsxattr fa;
848
849 memset(&fa, 0, sizeof(struct fsxattr));
850 ext4_get_inode_flags(ei);
851 fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE);
852
853 if (EXT4_HAS_RO_COMPAT_FEATURE(inode->i_sb,
854 EXT4_FEATURE_RO_COMPAT_PROJECT)) {
855 fa.fsx_projid = (__u32)from_kprojid(&init_user_ns,
856 EXT4_I(inode)->i_projid);
857 }
858
859 if (copy_to_user((struct fsxattr __user *)arg,
860 &fa, sizeof(fa)))
861 return -EFAULT;
862 return 0;
863 }
864 case EXT4_IOC_FSSETXATTR:
865 {
866 struct fsxattr fa;
867 int err;
868
869 if (copy_from_user(&fa, (struct fsxattr __user *)arg,
870 sizeof(fa)))
871 return -EFAULT;
872
873 /* Make sure caller has proper permission */
874 if (!inode_owner_or_capable(inode))
875 return -EACCES;
876
877 err = mnt_want_write_file(filp);
878 if (err)
879 return err;
880
881 flags = ext4_xflags_to_iflags(fa.fsx_xflags);
882 flags = ext4_mask_flags(inode->i_mode, flags);
883
884 inode_lock(inode);
885 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
886 (flags & EXT4_FL_XFLAG_VISIBLE);
887 err = ext4_ioctl_setflags(inode, flags);
888 inode_unlock(inode);
889 mnt_drop_write_file(filp);
890 if (err)
891 return err;
892
893 err = ext4_ioctl_setproject(filp, fa.fsx_projid);
894 if (err)
895 return err;
896
897 return 0;
898 }
899 default:
900 return -ENOTTY;
901 }
902}
903
904#ifdef CONFIG_COMPAT
905long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
906{
907 /* These are just misnamed, they actually get/put from/to user an int */
908 switch (cmd) {
909 case EXT4_IOC32_GETFLAGS:
910 cmd = EXT4_IOC_GETFLAGS;
911 break;
912 case EXT4_IOC32_SETFLAGS:
913 cmd = EXT4_IOC_SETFLAGS;
914 break;
915 case EXT4_IOC32_GETVERSION:
916 cmd = EXT4_IOC_GETVERSION;
917 break;
918 case EXT4_IOC32_SETVERSION:
919 cmd = EXT4_IOC_SETVERSION;
920 break;
921 case EXT4_IOC32_GROUP_EXTEND:
922 cmd = EXT4_IOC_GROUP_EXTEND;
923 break;
924 case EXT4_IOC32_GETVERSION_OLD:
925 cmd = EXT4_IOC_GETVERSION_OLD;
926 break;
927 case EXT4_IOC32_SETVERSION_OLD:
928 cmd = EXT4_IOC_SETVERSION_OLD;
929 break;
930 case EXT4_IOC32_GETRSVSZ:
931 cmd = EXT4_IOC_GETRSVSZ;
932 break;
933 case EXT4_IOC32_SETRSVSZ:
934 cmd = EXT4_IOC_SETRSVSZ;
935 break;
936 case EXT4_IOC32_GROUP_ADD: {
937 struct compat_ext4_new_group_input __user *uinput;
938 struct ext4_new_group_input input;
939 mm_segment_t old_fs;
940 int err;
941
942 uinput = compat_ptr(arg);
943 err = get_user(input.group, &uinput->group);
944 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
945 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
946 err |= get_user(input.inode_table, &uinput->inode_table);
947 err |= get_user(input.blocks_count, &uinput->blocks_count);
948 err |= get_user(input.reserved_blocks,
949 &uinput->reserved_blocks);
950 if (err)
951 return -EFAULT;
952 old_fs = get_fs();
953 set_fs(KERNEL_DS);
954 err = ext4_ioctl(file, EXT4_IOC_GROUP_ADD,
955 (unsigned long) &input);
956 set_fs(old_fs);
957 return err;
958 }
959 case EXT4_IOC_MOVE_EXT:
960 case EXT4_IOC_RESIZE_FS:
961 case EXT4_IOC_PRECACHE_EXTENTS:
962 case EXT4_IOC_SET_ENCRYPTION_POLICY:
963 case EXT4_IOC_GET_ENCRYPTION_PWSALT:
964 case EXT4_IOC_GET_ENCRYPTION_POLICY:
965 break;
966 default:
967 return -ENOIOCTLCMD;
968 }
969 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
970}
971#endif
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * linux/fs/ext4/ioctl.c
4 *
5 * Copyright (C) 1993, 1994, 1995
6 * Remy Card (card@masi.ibp.fr)
7 * Laboratoire MASI - Institut Blaise Pascal
8 * Universite Pierre et Marie Curie (Paris VI)
9 */
10
11#include <linux/fs.h>
12#include <linux/capability.h>
13#include <linux/time.h>
14#include <linux/compat.h>
15#include <linux/mount.h>
16#include <linux/file.h>
17#include <linux/quotaops.h>
18#include <linux/random.h>
19#include <linux/uuid.h>
20#include <linux/uaccess.h>
21#include <linux/delay.h>
22#include <linux/iversion.h>
23#include <linux/fileattr.h>
24#include "ext4_jbd2.h"
25#include "ext4.h"
26#include <linux/fsmap.h>
27#include "fsmap.h"
28#include <trace/events/ext4.h>
29
30/**
31 * Swap memory between @a and @b for @len bytes.
32 *
33 * @a: pointer to first memory area
34 * @b: pointer to second memory area
35 * @len: number of bytes to swap
36 *
37 */
38static void memswap(void *a, void *b, size_t len)
39{
40 unsigned char *ap, *bp;
41
42 ap = (unsigned char *)a;
43 bp = (unsigned char *)b;
44 while (len-- > 0) {
45 swap(*ap, *bp);
46 ap++;
47 bp++;
48 }
49}
50
51/**
52 * Swap i_data and associated attributes between @inode1 and @inode2.
53 * This function is used for the primary swap between inode1 and inode2
54 * and also to revert this primary swap in case of errors.
55 *
56 * Therefore you have to make sure, that calling this method twice
57 * will revert all changes.
58 *
59 * @inode1: pointer to first inode
60 * @inode2: pointer to second inode
61 */
62static void swap_inode_data(struct inode *inode1, struct inode *inode2)
63{
64 loff_t isize;
65 struct ext4_inode_info *ei1;
66 struct ext4_inode_info *ei2;
67 unsigned long tmp;
68
69 ei1 = EXT4_I(inode1);
70 ei2 = EXT4_I(inode2);
71
72 swap(inode1->i_version, inode2->i_version);
73 swap(inode1->i_atime, inode2->i_atime);
74 swap(inode1->i_mtime, inode2->i_mtime);
75
76 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
77 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
78 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
79 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
80 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
81 swap(ei1->i_disksize, ei2->i_disksize);
82 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
83 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
84
85 isize = i_size_read(inode1);
86 i_size_write(inode1, i_size_read(inode2));
87 i_size_write(inode2, isize);
88}
89
90void ext4_reset_inode_seed(struct inode *inode)
91{
92 struct ext4_inode_info *ei = EXT4_I(inode);
93 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
94 __le32 inum = cpu_to_le32(inode->i_ino);
95 __le32 gen = cpu_to_le32(inode->i_generation);
96 __u32 csum;
97
98 if (!ext4_has_metadata_csum(inode->i_sb))
99 return;
100
101 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
102 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
103}
104
105/**
106 * Swap the information from the given @inode and the inode
107 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
108 * important fields of the inodes.
109 *
110 * @sb: the super block of the filesystem
111 * @mnt_userns: user namespace of the mount the inode was found from
112 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
113 *
114 */
115static long swap_inode_boot_loader(struct super_block *sb,
116 struct user_namespace *mnt_userns,
117 struct inode *inode)
118{
119 handle_t *handle;
120 int err;
121 struct inode *inode_bl;
122 struct ext4_inode_info *ei_bl;
123 qsize_t size, size_bl, diff;
124 blkcnt_t blocks;
125 unsigned short bytes;
126
127 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL);
128 if (IS_ERR(inode_bl))
129 return PTR_ERR(inode_bl);
130 ei_bl = EXT4_I(inode_bl);
131
132 /* Protect orig inodes against a truncate and make sure,
133 * that only 1 swap_inode_boot_loader is running. */
134 lock_two_nondirectories(inode, inode_bl);
135
136 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
137 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
138 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
139 ext4_has_inline_data(inode)) {
140 err = -EINVAL;
141 goto journal_err_out;
142 }
143
144 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
145 !inode_owner_or_capable(mnt_userns, inode) ||
146 !capable(CAP_SYS_ADMIN)) {
147 err = -EPERM;
148 goto journal_err_out;
149 }
150
151 down_write(&EXT4_I(inode)->i_mmap_sem);
152 err = filemap_write_and_wait(inode->i_mapping);
153 if (err)
154 goto err_out;
155
156 err = filemap_write_and_wait(inode_bl->i_mapping);
157 if (err)
158 goto err_out;
159
160 /* Wait for all existing dio workers */
161 inode_dio_wait(inode);
162 inode_dio_wait(inode_bl);
163
164 truncate_inode_pages(&inode->i_data, 0);
165 truncate_inode_pages(&inode_bl->i_data, 0);
166
167 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
168 if (IS_ERR(handle)) {
169 err = -EINVAL;
170 goto err_out;
171 }
172 ext4_fc_start_ineligible(sb, EXT4_FC_REASON_SWAP_BOOT);
173
174 /* Protect extent tree against block allocations via delalloc */
175 ext4_double_down_write_data_sem(inode, inode_bl);
176
177 if (inode_bl->i_nlink == 0) {
178 /* this inode has never been used as a BOOT_LOADER */
179 set_nlink(inode_bl, 1);
180 i_uid_write(inode_bl, 0);
181 i_gid_write(inode_bl, 0);
182 inode_bl->i_flags = 0;
183 ei_bl->i_flags = 0;
184 inode_set_iversion(inode_bl, 1);
185 i_size_write(inode_bl, 0);
186 inode_bl->i_mode = S_IFREG;
187 if (ext4_has_feature_extents(sb)) {
188 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
189 ext4_ext_tree_init(handle, inode_bl);
190 } else
191 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
192 }
193
194 err = dquot_initialize(inode);
195 if (err)
196 goto err_out1;
197
198 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
199 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
200 diff = size - size_bl;
201 swap_inode_data(inode, inode_bl);
202
203 inode->i_ctime = inode_bl->i_ctime = current_time(inode);
204
205 inode->i_generation = prandom_u32();
206 inode_bl->i_generation = prandom_u32();
207 ext4_reset_inode_seed(inode);
208 ext4_reset_inode_seed(inode_bl);
209
210 ext4_discard_preallocations(inode, 0);
211
212 err = ext4_mark_inode_dirty(handle, inode);
213 if (err < 0) {
214 /* No need to update quota information. */
215 ext4_warning(inode->i_sb,
216 "couldn't mark inode #%lu dirty (err %d)",
217 inode->i_ino, err);
218 /* Revert all changes: */
219 swap_inode_data(inode, inode_bl);
220 ext4_mark_inode_dirty(handle, inode);
221 goto err_out1;
222 }
223
224 blocks = inode_bl->i_blocks;
225 bytes = inode_bl->i_bytes;
226 inode_bl->i_blocks = inode->i_blocks;
227 inode_bl->i_bytes = inode->i_bytes;
228 err = ext4_mark_inode_dirty(handle, inode_bl);
229 if (err < 0) {
230 /* No need to update quota information. */
231 ext4_warning(inode_bl->i_sb,
232 "couldn't mark inode #%lu dirty (err %d)",
233 inode_bl->i_ino, err);
234 goto revert;
235 }
236
237 /* Bootloader inode should not be counted into quota information. */
238 if (diff > 0)
239 dquot_free_space(inode, diff);
240 else
241 err = dquot_alloc_space(inode, -1 * diff);
242
243 if (err < 0) {
244revert:
245 /* Revert all changes: */
246 inode_bl->i_blocks = blocks;
247 inode_bl->i_bytes = bytes;
248 swap_inode_data(inode, inode_bl);
249 ext4_mark_inode_dirty(handle, inode);
250 ext4_mark_inode_dirty(handle, inode_bl);
251 }
252
253err_out1:
254 ext4_journal_stop(handle);
255 ext4_fc_stop_ineligible(sb);
256 ext4_double_up_write_data_sem(inode, inode_bl);
257
258err_out:
259 up_write(&EXT4_I(inode)->i_mmap_sem);
260journal_err_out:
261 unlock_two_nondirectories(inode, inode_bl);
262 iput(inode_bl);
263 return err;
264}
265
266#ifdef CONFIG_FS_ENCRYPTION
267static int uuid_is_zero(__u8 u[16])
268{
269 int i;
270
271 for (i = 0; i < 16; i++)
272 if (u[i])
273 return 0;
274 return 1;
275}
276#endif
277
278/*
279 * If immutable is set and we are not clearing it, we're not allowed to change
280 * anything else in the inode. Don't error out if we're only trying to set
281 * immutable on an immutable file.
282 */
283static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
284 unsigned int flags)
285{
286 struct ext4_inode_info *ei = EXT4_I(inode);
287 unsigned int oldflags = ei->i_flags;
288
289 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
290 return 0;
291
292 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
293 return -EPERM;
294 if (ext4_has_feature_project(inode->i_sb) &&
295 __kprojid_val(ei->i_projid) != new_projid)
296 return -EPERM;
297
298 return 0;
299}
300
301static void ext4_dax_dontcache(struct inode *inode, unsigned int flags)
302{
303 struct ext4_inode_info *ei = EXT4_I(inode);
304
305 if (S_ISDIR(inode->i_mode))
306 return;
307
308 if (test_opt2(inode->i_sb, DAX_NEVER) ||
309 test_opt(inode->i_sb, DAX_ALWAYS))
310 return;
311
312 if ((ei->i_flags ^ flags) & EXT4_DAX_FL)
313 d_mark_dontcache(inode);
314}
315
316static bool dax_compatible(struct inode *inode, unsigned int oldflags,
317 unsigned int flags)
318{
319 /* Allow the DAX flag to be changed on inline directories */
320 if (S_ISDIR(inode->i_mode)) {
321 flags &= ~EXT4_INLINE_DATA_FL;
322 oldflags &= ~EXT4_INLINE_DATA_FL;
323 }
324
325 if (flags & EXT4_DAX_FL) {
326 if ((oldflags & EXT4_DAX_MUT_EXCL) ||
327 ext4_test_inode_state(inode,
328 EXT4_STATE_VERITY_IN_PROGRESS)) {
329 return false;
330 }
331 }
332
333 if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL))
334 return false;
335
336 return true;
337}
338
339static int ext4_ioctl_setflags(struct inode *inode,
340 unsigned int flags)
341{
342 struct ext4_inode_info *ei = EXT4_I(inode);
343 handle_t *handle = NULL;
344 int err = -EPERM, migrate = 0;
345 struct ext4_iloc iloc;
346 unsigned int oldflags, mask, i;
347 struct super_block *sb = inode->i_sb;
348
349 /* Is it quota file? Do not allow user to mess with it */
350 if (ext4_is_quota_file(inode))
351 goto flags_out;
352
353 oldflags = ei->i_flags;
354 /*
355 * The JOURNAL_DATA flag can only be changed by
356 * the relevant capability.
357 */
358 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
359 if (!capable(CAP_SYS_RESOURCE))
360 goto flags_out;
361 }
362
363 if (!dax_compatible(inode, oldflags, flags)) {
364 err = -EOPNOTSUPP;
365 goto flags_out;
366 }
367
368 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
369 migrate = 1;
370
371 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) {
372 if (!ext4_has_feature_casefold(sb)) {
373 err = -EOPNOTSUPP;
374 goto flags_out;
375 }
376
377 if (!S_ISDIR(inode->i_mode)) {
378 err = -ENOTDIR;
379 goto flags_out;
380 }
381
382 if (!ext4_empty_dir(inode)) {
383 err = -ENOTEMPTY;
384 goto flags_out;
385 }
386 }
387
388 /*
389 * Wait for all pending directio and then flush all the dirty pages
390 * for this file. The flush marks all the pages readonly, so any
391 * subsequent attempt to write to the file (particularly mmap pages)
392 * will come through the filesystem and fail.
393 */
394 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
395 (flags & EXT4_IMMUTABLE_FL)) {
396 inode_dio_wait(inode);
397 err = filemap_write_and_wait(inode->i_mapping);
398 if (err)
399 goto flags_out;
400 }
401
402 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
403 if (IS_ERR(handle)) {
404 err = PTR_ERR(handle);
405 goto flags_out;
406 }
407 if (IS_SYNC(inode))
408 ext4_handle_sync(handle);
409 err = ext4_reserve_inode_write(handle, inode, &iloc);
410 if (err)
411 goto flags_err;
412
413 ext4_dax_dontcache(inode, flags);
414
415 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
416 if (!(mask & EXT4_FL_USER_MODIFIABLE))
417 continue;
418 /* These flags get special treatment later */
419 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
420 continue;
421 if (mask & flags)
422 ext4_set_inode_flag(inode, i);
423 else
424 ext4_clear_inode_flag(inode, i);
425 }
426
427 ext4_set_inode_flags(inode, false);
428
429 inode->i_ctime = current_time(inode);
430
431 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
432flags_err:
433 ext4_journal_stop(handle);
434 if (err)
435 goto flags_out;
436
437 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
438 /*
439 * Changes to the journaling mode can cause unsafe changes to
440 * S_DAX if the inode is DAX
441 */
442 if (IS_DAX(inode)) {
443 err = -EBUSY;
444 goto flags_out;
445 }
446
447 err = ext4_change_inode_journal_flag(inode,
448 flags & EXT4_JOURNAL_DATA_FL);
449 if (err)
450 goto flags_out;
451 }
452 if (migrate) {
453 if (flags & EXT4_EXTENTS_FL)
454 err = ext4_ext_migrate(inode);
455 else
456 err = ext4_ind_migrate(inode);
457 }
458
459flags_out:
460 return err;
461}
462
463#ifdef CONFIG_QUOTA
464static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
465{
466 struct super_block *sb = inode->i_sb;
467 struct ext4_inode_info *ei = EXT4_I(inode);
468 int err, rc;
469 handle_t *handle;
470 kprojid_t kprojid;
471 struct ext4_iloc iloc;
472 struct ext4_inode *raw_inode;
473 struct dquot *transfer_to[MAXQUOTAS] = { };
474
475 if (!ext4_has_feature_project(sb)) {
476 if (projid != EXT4_DEF_PROJID)
477 return -EOPNOTSUPP;
478 else
479 return 0;
480 }
481
482 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
483 return -EOPNOTSUPP;
484
485 kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
486
487 if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
488 return 0;
489
490 err = -EPERM;
491 /* Is it quota file? Do not allow user to mess with it */
492 if (ext4_is_quota_file(inode))
493 return err;
494
495 err = ext4_get_inode_loc(inode, &iloc);
496 if (err)
497 return err;
498
499 raw_inode = ext4_raw_inode(&iloc);
500 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
501 err = ext4_expand_extra_isize(inode,
502 EXT4_SB(sb)->s_want_extra_isize,
503 &iloc);
504 if (err)
505 return err;
506 } else {
507 brelse(iloc.bh);
508 }
509
510 err = dquot_initialize(inode);
511 if (err)
512 return err;
513
514 handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
515 EXT4_QUOTA_INIT_BLOCKS(sb) +
516 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
517 if (IS_ERR(handle))
518 return PTR_ERR(handle);
519
520 err = ext4_reserve_inode_write(handle, inode, &iloc);
521 if (err)
522 goto out_stop;
523
524 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
525 if (!IS_ERR(transfer_to[PRJQUOTA])) {
526
527 /* __dquot_transfer() calls back ext4_get_inode_usage() which
528 * counts xattr inode references.
529 */
530 down_read(&EXT4_I(inode)->xattr_sem);
531 err = __dquot_transfer(inode, transfer_to);
532 up_read(&EXT4_I(inode)->xattr_sem);
533 dqput(transfer_to[PRJQUOTA]);
534 if (err)
535 goto out_dirty;
536 }
537
538 EXT4_I(inode)->i_projid = kprojid;
539 inode->i_ctime = current_time(inode);
540out_dirty:
541 rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
542 if (!err)
543 err = rc;
544out_stop:
545 ext4_journal_stop(handle);
546 return err;
547}
548#else
549static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
550{
551 if (projid != EXT4_DEF_PROJID)
552 return -EOPNOTSUPP;
553 return 0;
554}
555#endif
556
557static int ext4_shutdown(struct super_block *sb, unsigned long arg)
558{
559 struct ext4_sb_info *sbi = EXT4_SB(sb);
560 __u32 flags;
561
562 if (!capable(CAP_SYS_ADMIN))
563 return -EPERM;
564
565 if (get_user(flags, (__u32 __user *)arg))
566 return -EFAULT;
567
568 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
569 return -EINVAL;
570
571 if (ext4_forced_shutdown(sbi))
572 return 0;
573
574 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
575 trace_ext4_shutdown(sb, flags);
576
577 switch (flags) {
578 case EXT4_GOING_FLAGS_DEFAULT:
579 freeze_bdev(sb->s_bdev);
580 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
581 thaw_bdev(sb->s_bdev);
582 break;
583 case EXT4_GOING_FLAGS_LOGFLUSH:
584 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
585 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
586 (void) ext4_force_commit(sb);
587 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
588 }
589 break;
590 case EXT4_GOING_FLAGS_NOLOGFLUSH:
591 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
592 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
593 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
594 break;
595 default:
596 return -EINVAL;
597 }
598 clear_opt(sb, DISCARD);
599 return 0;
600}
601
602struct getfsmap_info {
603 struct super_block *gi_sb;
604 struct fsmap_head __user *gi_data;
605 unsigned int gi_idx;
606 __u32 gi_last_flags;
607};
608
609static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
610{
611 struct getfsmap_info *info = priv;
612 struct fsmap fm;
613
614 trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
615
616 info->gi_last_flags = xfm->fmr_flags;
617 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
618 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
619 sizeof(struct fsmap)))
620 return -EFAULT;
621
622 return 0;
623}
624
625static int ext4_ioc_getfsmap(struct super_block *sb,
626 struct fsmap_head __user *arg)
627{
628 struct getfsmap_info info = { NULL };
629 struct ext4_fsmap_head xhead = {0};
630 struct fsmap_head head;
631 bool aborted = false;
632 int error;
633
634 if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
635 return -EFAULT;
636 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
637 memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
638 sizeof(head.fmh_keys[0].fmr_reserved)) ||
639 memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
640 sizeof(head.fmh_keys[1].fmr_reserved)))
641 return -EINVAL;
642 /*
643 * ext4 doesn't report file extents at all, so the only valid
644 * file offsets are the magic ones (all zeroes or all ones).
645 */
646 if (head.fmh_keys[0].fmr_offset ||
647 (head.fmh_keys[1].fmr_offset != 0 &&
648 head.fmh_keys[1].fmr_offset != -1ULL))
649 return -EINVAL;
650
651 xhead.fmh_iflags = head.fmh_iflags;
652 xhead.fmh_count = head.fmh_count;
653 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
654 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
655
656 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
657 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
658
659 info.gi_sb = sb;
660 info.gi_data = arg;
661 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
662 if (error == EXT4_QUERY_RANGE_ABORT)
663 aborted = true;
664 else if (error)
665 return error;
666
667 /* If we didn't abort, set the "last" flag in the last fmx */
668 if (!aborted && info.gi_idx) {
669 info.gi_last_flags |= FMR_OF_LAST;
670 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
671 &info.gi_last_flags,
672 sizeof(info.gi_last_flags)))
673 return -EFAULT;
674 }
675
676 /* copy back header */
677 head.fmh_entries = xhead.fmh_entries;
678 head.fmh_oflags = xhead.fmh_oflags;
679 if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
680 return -EFAULT;
681
682 return 0;
683}
684
685static long ext4_ioctl_group_add(struct file *file,
686 struct ext4_new_group_data *input)
687{
688 struct super_block *sb = file_inode(file)->i_sb;
689 int err, err2=0;
690
691 err = ext4_resize_begin(sb);
692 if (err)
693 return err;
694
695 if (ext4_has_feature_bigalloc(sb)) {
696 ext4_msg(sb, KERN_ERR,
697 "Online resizing not supported with bigalloc");
698 err = -EOPNOTSUPP;
699 goto group_add_out;
700 }
701
702 err = mnt_want_write_file(file);
703 if (err)
704 goto group_add_out;
705
706 err = ext4_group_add(sb, input);
707 if (EXT4_SB(sb)->s_journal) {
708 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
709 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
710 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
711 }
712 if (err == 0)
713 err = err2;
714 mnt_drop_write_file(file);
715 if (!err && ext4_has_group_desc_csum(sb) &&
716 test_opt(sb, INIT_INODE_TABLE))
717 err = ext4_register_li_request(sb, input->group);
718group_add_out:
719 ext4_resize_end(sb);
720 return err;
721}
722
723int ext4_fileattr_get(struct dentry *dentry, struct fileattr *fa)
724{
725 struct inode *inode = d_inode(dentry);
726 struct ext4_inode_info *ei = EXT4_I(inode);
727 u32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
728
729 if (S_ISREG(inode->i_mode))
730 flags &= ~FS_PROJINHERIT_FL;
731
732 fileattr_fill_flags(fa, flags);
733 if (ext4_has_feature_project(inode->i_sb))
734 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid);
735
736 return 0;
737}
738
739int ext4_fileattr_set(struct user_namespace *mnt_userns,
740 struct dentry *dentry, struct fileattr *fa)
741{
742 struct inode *inode = d_inode(dentry);
743 u32 flags = fa->flags;
744 int err = -EOPNOTSUPP;
745
746 ext4_fc_start_update(inode);
747 if (flags & ~EXT4_FL_USER_VISIBLE)
748 goto out;
749
750 /*
751 * chattr(1) grabs flags via GETFLAGS, modifies the result and
752 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
753 * more restrictive than just silently masking off visible but
754 * not settable flags as we always did.
755 */
756 flags &= EXT4_FL_USER_MODIFIABLE;
757 if (ext4_mask_flags(inode->i_mode, flags) != flags)
758 goto out;
759 err = ext4_ioctl_check_immutable(inode, fa->fsx_projid, flags);
760 if (err)
761 goto out;
762 err = ext4_ioctl_setflags(inode, flags);
763 if (err)
764 goto out;
765 err = ext4_ioctl_setproject(inode, fa->fsx_projid);
766out:
767 ext4_fc_stop_update(inode);
768 return err;
769}
770
771/* So that the fiemap access checks can't overflow on 32 bit machines. */
772#define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent))
773
774static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg)
775{
776 struct fiemap fiemap;
777 struct fiemap __user *ufiemap = (struct fiemap __user *) arg;
778 struct fiemap_extent_info fieinfo = { 0, };
779 struct inode *inode = file_inode(filp);
780 int error;
781
782 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap)))
783 return -EFAULT;
784
785 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS)
786 return -EINVAL;
787
788 fieinfo.fi_flags = fiemap.fm_flags;
789 fieinfo.fi_extents_max = fiemap.fm_extent_count;
790 fieinfo.fi_extents_start = ufiemap->fm_extents;
791
792 error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start,
793 fiemap.fm_length);
794 fiemap.fm_flags = fieinfo.fi_flags;
795 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
796 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap)))
797 error = -EFAULT;
798
799 return error;
800}
801
802static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg)
803{
804 int err = 0;
805 __u32 flags = 0;
806 unsigned int flush_flags = 0;
807 struct super_block *sb = file_inode(filp)->i_sb;
808 struct request_queue *q;
809
810 if (copy_from_user(&flags, (__u32 __user *)arg,
811 sizeof(__u32)))
812 return -EFAULT;
813
814 if (!capable(CAP_SYS_ADMIN))
815 return -EPERM;
816
817 /* check for invalid bits set */
818 if ((flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) ||
819 ((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
820 (flags & JBD2_JOURNAL_FLUSH_ZEROOUT)))
821 return -EINVAL;
822
823 if (!EXT4_SB(sb)->s_journal)
824 return -ENODEV;
825
826 if (flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID)
827 return -EINVAL;
828
829 q = bdev_get_queue(EXT4_SB(sb)->s_journal->j_dev);
830 if (!q)
831 return -ENXIO;
832 if ((flags & JBD2_JOURNAL_FLUSH_DISCARD) && !blk_queue_discard(q))
833 return -EOPNOTSUPP;
834
835 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DRY_RUN)
836 return 0;
837
838 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DISCARD)
839 flush_flags |= JBD2_JOURNAL_FLUSH_DISCARD;
840
841 if (flags & EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT) {
842 flush_flags |= JBD2_JOURNAL_FLUSH_ZEROOUT;
843 pr_info_ratelimited("warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow");
844 }
845
846 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
847 err = jbd2_journal_flush(EXT4_SB(sb)->s_journal, flush_flags);
848 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
849
850 return err;
851}
852
853static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
854{
855 struct inode *inode = file_inode(filp);
856 struct super_block *sb = inode->i_sb;
857 struct user_namespace *mnt_userns = file_mnt_user_ns(filp);
858
859 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
860
861 switch (cmd) {
862 case FS_IOC_GETFSMAP:
863 return ext4_ioc_getfsmap(sb, (void __user *)arg);
864 case EXT4_IOC_GETVERSION:
865 case EXT4_IOC_GETVERSION_OLD:
866 return put_user(inode->i_generation, (int __user *) arg);
867 case EXT4_IOC_SETVERSION:
868 case EXT4_IOC_SETVERSION_OLD: {
869 handle_t *handle;
870 struct ext4_iloc iloc;
871 __u32 generation;
872 int err;
873
874 if (!inode_owner_or_capable(mnt_userns, inode))
875 return -EPERM;
876
877 if (ext4_has_metadata_csum(inode->i_sb)) {
878 ext4_warning(sb, "Setting inode version is not "
879 "supported with metadata_csum enabled.");
880 return -ENOTTY;
881 }
882
883 err = mnt_want_write_file(filp);
884 if (err)
885 return err;
886 if (get_user(generation, (int __user *) arg)) {
887 err = -EFAULT;
888 goto setversion_out;
889 }
890
891 inode_lock(inode);
892 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
893 if (IS_ERR(handle)) {
894 err = PTR_ERR(handle);
895 goto unlock_out;
896 }
897 err = ext4_reserve_inode_write(handle, inode, &iloc);
898 if (err == 0) {
899 inode->i_ctime = current_time(inode);
900 inode->i_generation = generation;
901 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
902 }
903 ext4_journal_stop(handle);
904
905unlock_out:
906 inode_unlock(inode);
907setversion_out:
908 mnt_drop_write_file(filp);
909 return err;
910 }
911 case EXT4_IOC_GROUP_EXTEND: {
912 ext4_fsblk_t n_blocks_count;
913 int err, err2=0;
914
915 err = ext4_resize_begin(sb);
916 if (err)
917 return err;
918
919 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
920 err = -EFAULT;
921 goto group_extend_out;
922 }
923
924 if (ext4_has_feature_bigalloc(sb)) {
925 ext4_msg(sb, KERN_ERR,
926 "Online resizing not supported with bigalloc");
927 err = -EOPNOTSUPP;
928 goto group_extend_out;
929 }
930
931 err = mnt_want_write_file(filp);
932 if (err)
933 goto group_extend_out;
934
935 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
936 if (EXT4_SB(sb)->s_journal) {
937 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
938 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
939 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
940 }
941 if (err == 0)
942 err = err2;
943 mnt_drop_write_file(filp);
944group_extend_out:
945 ext4_resize_end(sb);
946 return err;
947 }
948
949 case EXT4_IOC_MOVE_EXT: {
950 struct move_extent me;
951 struct fd donor;
952 int err;
953
954 if (!(filp->f_mode & FMODE_READ) ||
955 !(filp->f_mode & FMODE_WRITE))
956 return -EBADF;
957
958 if (copy_from_user(&me,
959 (struct move_extent __user *)arg, sizeof(me)))
960 return -EFAULT;
961 me.moved_len = 0;
962
963 donor = fdget(me.donor_fd);
964 if (!donor.file)
965 return -EBADF;
966
967 if (!(donor.file->f_mode & FMODE_WRITE)) {
968 err = -EBADF;
969 goto mext_out;
970 }
971
972 if (ext4_has_feature_bigalloc(sb)) {
973 ext4_msg(sb, KERN_ERR,
974 "Online defrag not supported with bigalloc");
975 err = -EOPNOTSUPP;
976 goto mext_out;
977 } else if (IS_DAX(inode)) {
978 ext4_msg(sb, KERN_ERR,
979 "Online defrag not supported with DAX");
980 err = -EOPNOTSUPP;
981 goto mext_out;
982 }
983
984 err = mnt_want_write_file(filp);
985 if (err)
986 goto mext_out;
987
988 err = ext4_move_extents(filp, donor.file, me.orig_start,
989 me.donor_start, me.len, &me.moved_len);
990 mnt_drop_write_file(filp);
991
992 if (copy_to_user((struct move_extent __user *)arg,
993 &me, sizeof(me)))
994 err = -EFAULT;
995mext_out:
996 fdput(donor);
997 return err;
998 }
999
1000 case EXT4_IOC_GROUP_ADD: {
1001 struct ext4_new_group_data input;
1002
1003 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
1004 sizeof(input)))
1005 return -EFAULT;
1006
1007 return ext4_ioctl_group_add(filp, &input);
1008 }
1009
1010 case EXT4_IOC_MIGRATE:
1011 {
1012 int err;
1013 if (!inode_owner_or_capable(mnt_userns, inode))
1014 return -EACCES;
1015
1016 err = mnt_want_write_file(filp);
1017 if (err)
1018 return err;
1019 /*
1020 * inode_mutex prevent write and truncate on the file.
1021 * Read still goes through. We take i_data_sem in
1022 * ext4_ext_swap_inode_data before we switch the
1023 * inode format to prevent read.
1024 */
1025 inode_lock((inode));
1026 err = ext4_ext_migrate(inode);
1027 inode_unlock((inode));
1028 mnt_drop_write_file(filp);
1029 return err;
1030 }
1031
1032 case EXT4_IOC_ALLOC_DA_BLKS:
1033 {
1034 int err;
1035 if (!inode_owner_or_capable(mnt_userns, inode))
1036 return -EACCES;
1037
1038 err = mnt_want_write_file(filp);
1039 if (err)
1040 return err;
1041 err = ext4_alloc_da_blocks(inode);
1042 mnt_drop_write_file(filp);
1043 return err;
1044 }
1045
1046 case EXT4_IOC_SWAP_BOOT:
1047 {
1048 int err;
1049 if (!(filp->f_mode & FMODE_WRITE))
1050 return -EBADF;
1051 err = mnt_want_write_file(filp);
1052 if (err)
1053 return err;
1054 err = swap_inode_boot_loader(sb, mnt_userns, inode);
1055 mnt_drop_write_file(filp);
1056 return err;
1057 }
1058
1059 case EXT4_IOC_RESIZE_FS: {
1060 ext4_fsblk_t n_blocks_count;
1061 int err = 0, err2 = 0;
1062 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
1063
1064 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1065 sizeof(__u64))) {
1066 return -EFAULT;
1067 }
1068
1069 err = ext4_resize_begin(sb);
1070 if (err)
1071 return err;
1072
1073 err = mnt_want_write_file(filp);
1074 if (err)
1075 goto resizefs_out;
1076
1077 err = ext4_resize_fs(sb, n_blocks_count);
1078 if (EXT4_SB(sb)->s_journal) {
1079 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE);
1080 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1081 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1082 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1083 }
1084 if (err == 0)
1085 err = err2;
1086 mnt_drop_write_file(filp);
1087 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1088 ext4_has_group_desc_csum(sb) &&
1089 test_opt(sb, INIT_INODE_TABLE))
1090 err = ext4_register_li_request(sb, o_group);
1091
1092resizefs_out:
1093 ext4_resize_end(sb);
1094 return err;
1095 }
1096
1097 case FITRIM:
1098 {
1099 struct request_queue *q = bdev_get_queue(sb->s_bdev);
1100 struct fstrim_range range;
1101 int ret = 0;
1102
1103 if (!capable(CAP_SYS_ADMIN))
1104 return -EPERM;
1105
1106 if (!blk_queue_discard(q))
1107 return -EOPNOTSUPP;
1108
1109 /*
1110 * We haven't replayed the journal, so we cannot use our
1111 * block-bitmap-guided storage zapping commands.
1112 */
1113 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1114 return -EROFS;
1115
1116 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1117 sizeof(range)))
1118 return -EFAULT;
1119
1120 range.minlen = max((unsigned int)range.minlen,
1121 q->limits.discard_granularity);
1122 ret = ext4_trim_fs(sb, &range);
1123 if (ret < 0)
1124 return ret;
1125
1126 if (copy_to_user((struct fstrim_range __user *)arg, &range,
1127 sizeof(range)))
1128 return -EFAULT;
1129
1130 return 0;
1131 }
1132 case EXT4_IOC_PRECACHE_EXTENTS:
1133 return ext4_ext_precache(inode);
1134
1135 case FS_IOC_SET_ENCRYPTION_POLICY:
1136 if (!ext4_has_feature_encrypt(sb))
1137 return -EOPNOTSUPP;
1138 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1139
1140 case FS_IOC_GET_ENCRYPTION_PWSALT: {
1141#ifdef CONFIG_FS_ENCRYPTION
1142 int err, err2;
1143 struct ext4_sb_info *sbi = EXT4_SB(sb);
1144 handle_t *handle;
1145
1146 if (!ext4_has_feature_encrypt(sb))
1147 return -EOPNOTSUPP;
1148 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
1149 err = mnt_want_write_file(filp);
1150 if (err)
1151 return err;
1152 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
1153 if (IS_ERR(handle)) {
1154 err = PTR_ERR(handle);
1155 goto pwsalt_err_exit;
1156 }
1157 err = ext4_journal_get_write_access(handle, sbi->s_sbh);
1158 if (err)
1159 goto pwsalt_err_journal;
1160 lock_buffer(sbi->s_sbh);
1161 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
1162 ext4_superblock_csum_set(sb);
1163 unlock_buffer(sbi->s_sbh);
1164 err = ext4_handle_dirty_metadata(handle, NULL,
1165 sbi->s_sbh);
1166 pwsalt_err_journal:
1167 err2 = ext4_journal_stop(handle);
1168 if (err2 && !err)
1169 err = err2;
1170 pwsalt_err_exit:
1171 mnt_drop_write_file(filp);
1172 if (err)
1173 return err;
1174 }
1175 if (copy_to_user((void __user *) arg,
1176 sbi->s_es->s_encrypt_pw_salt, 16))
1177 return -EFAULT;
1178 return 0;
1179#else
1180 return -EOPNOTSUPP;
1181#endif
1182 }
1183 case FS_IOC_GET_ENCRYPTION_POLICY:
1184 if (!ext4_has_feature_encrypt(sb))
1185 return -EOPNOTSUPP;
1186 return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1187
1188 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1189 if (!ext4_has_feature_encrypt(sb))
1190 return -EOPNOTSUPP;
1191 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg);
1192
1193 case FS_IOC_ADD_ENCRYPTION_KEY:
1194 if (!ext4_has_feature_encrypt(sb))
1195 return -EOPNOTSUPP;
1196 return fscrypt_ioctl_add_key(filp, (void __user *)arg);
1197
1198 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1199 if (!ext4_has_feature_encrypt(sb))
1200 return -EOPNOTSUPP;
1201 return fscrypt_ioctl_remove_key(filp, (void __user *)arg);
1202
1203 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1204 if (!ext4_has_feature_encrypt(sb))
1205 return -EOPNOTSUPP;
1206 return fscrypt_ioctl_remove_key_all_users(filp,
1207 (void __user *)arg);
1208 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1209 if (!ext4_has_feature_encrypt(sb))
1210 return -EOPNOTSUPP;
1211 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg);
1212
1213 case FS_IOC_GET_ENCRYPTION_NONCE:
1214 if (!ext4_has_feature_encrypt(sb))
1215 return -EOPNOTSUPP;
1216 return fscrypt_ioctl_get_nonce(filp, (void __user *)arg);
1217
1218 case EXT4_IOC_CLEAR_ES_CACHE:
1219 {
1220 if (!inode_owner_or_capable(mnt_userns, inode))
1221 return -EACCES;
1222 ext4_clear_inode_es(inode);
1223 return 0;
1224 }
1225
1226 case EXT4_IOC_GETSTATE:
1227 {
1228 __u32 state = 0;
1229
1230 if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED))
1231 state |= EXT4_STATE_FLAG_EXT_PRECACHED;
1232 if (ext4_test_inode_state(inode, EXT4_STATE_NEW))
1233 state |= EXT4_STATE_FLAG_NEW;
1234 if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
1235 state |= EXT4_STATE_FLAG_NEWENTRY;
1236 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE))
1237 state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE;
1238
1239 return put_user(state, (__u32 __user *) arg);
1240 }
1241
1242 case EXT4_IOC_GET_ES_CACHE:
1243 return ext4_ioctl_get_es_cache(filp, arg);
1244
1245 case EXT4_IOC_SHUTDOWN:
1246 return ext4_shutdown(sb, arg);
1247
1248 case FS_IOC_ENABLE_VERITY:
1249 if (!ext4_has_feature_verity(sb))
1250 return -EOPNOTSUPP;
1251 return fsverity_ioctl_enable(filp, (const void __user *)arg);
1252
1253 case FS_IOC_MEASURE_VERITY:
1254 if (!ext4_has_feature_verity(sb))
1255 return -EOPNOTSUPP;
1256 return fsverity_ioctl_measure(filp, (void __user *)arg);
1257
1258 case FS_IOC_READ_VERITY_METADATA:
1259 if (!ext4_has_feature_verity(sb))
1260 return -EOPNOTSUPP;
1261 return fsverity_ioctl_read_metadata(filp,
1262 (const void __user *)arg);
1263
1264 case EXT4_IOC_CHECKPOINT:
1265 return ext4_ioctl_checkpoint(filp, arg);
1266
1267 default:
1268 return -ENOTTY;
1269 }
1270}
1271
1272long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1273{
1274 long ret;
1275
1276 ext4_fc_start_update(file_inode(filp));
1277 ret = __ext4_ioctl(filp, cmd, arg);
1278 ext4_fc_stop_update(file_inode(filp));
1279
1280 return ret;
1281}
1282
1283#ifdef CONFIG_COMPAT
1284long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1285{
1286 /* These are just misnamed, they actually get/put from/to user an int */
1287 switch (cmd) {
1288 case EXT4_IOC32_GETVERSION:
1289 cmd = EXT4_IOC_GETVERSION;
1290 break;
1291 case EXT4_IOC32_SETVERSION:
1292 cmd = EXT4_IOC_SETVERSION;
1293 break;
1294 case EXT4_IOC32_GROUP_EXTEND:
1295 cmd = EXT4_IOC_GROUP_EXTEND;
1296 break;
1297 case EXT4_IOC32_GETVERSION_OLD:
1298 cmd = EXT4_IOC_GETVERSION_OLD;
1299 break;
1300 case EXT4_IOC32_SETVERSION_OLD:
1301 cmd = EXT4_IOC_SETVERSION_OLD;
1302 break;
1303 case EXT4_IOC32_GETRSVSZ:
1304 cmd = EXT4_IOC_GETRSVSZ;
1305 break;
1306 case EXT4_IOC32_SETRSVSZ:
1307 cmd = EXT4_IOC_SETRSVSZ;
1308 break;
1309 case EXT4_IOC32_GROUP_ADD: {
1310 struct compat_ext4_new_group_input __user *uinput;
1311 struct ext4_new_group_data input;
1312 int err;
1313
1314 uinput = compat_ptr(arg);
1315 err = get_user(input.group, &uinput->group);
1316 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1317 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1318 err |= get_user(input.inode_table, &uinput->inode_table);
1319 err |= get_user(input.blocks_count, &uinput->blocks_count);
1320 err |= get_user(input.reserved_blocks,
1321 &uinput->reserved_blocks);
1322 if (err)
1323 return -EFAULT;
1324 return ext4_ioctl_group_add(file, &input);
1325 }
1326 case EXT4_IOC_MOVE_EXT:
1327 case EXT4_IOC_RESIZE_FS:
1328 case FITRIM:
1329 case EXT4_IOC_PRECACHE_EXTENTS:
1330 case FS_IOC_SET_ENCRYPTION_POLICY:
1331 case FS_IOC_GET_ENCRYPTION_PWSALT:
1332 case FS_IOC_GET_ENCRYPTION_POLICY:
1333 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1334 case FS_IOC_ADD_ENCRYPTION_KEY:
1335 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1336 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1337 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1338 case FS_IOC_GET_ENCRYPTION_NONCE:
1339 case EXT4_IOC_SHUTDOWN:
1340 case FS_IOC_GETFSMAP:
1341 case FS_IOC_ENABLE_VERITY:
1342 case FS_IOC_MEASURE_VERITY:
1343 case FS_IOC_READ_VERITY_METADATA:
1344 case EXT4_IOC_CLEAR_ES_CACHE:
1345 case EXT4_IOC_GETSTATE:
1346 case EXT4_IOC_GET_ES_CACHE:
1347 case EXT4_IOC_CHECKPOINT:
1348 break;
1349 default:
1350 return -ENOIOCTLCMD;
1351 }
1352 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1353}
1354#endif