Loading...
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * linux/fs/ext4/ioctl.c
4 *
5 * Copyright (C) 1993, 1994, 1995
6 * Remy Card (card@masi.ibp.fr)
7 * Laboratoire MASI - Institut Blaise Pascal
8 * Universite Pierre et Marie Curie (Paris VI)
9 */
10
11#include <linux/fs.h>
12#include <linux/capability.h>
13#include <linux/time.h>
14#include <linux/compat.h>
15#include <linux/mount.h>
16#include <linux/file.h>
17#include <linux/quotaops.h>
18#include <linux/random.h>
19#include <linux/uaccess.h>
20#include <linux/delay.h>
21#include <linux/iversion.h>
22#include <linux/fileattr.h>
23#include <linux/uuid.h>
24#include "ext4_jbd2.h"
25#include "ext4.h"
26#include <linux/fsmap.h>
27#include "fsmap.h"
28#include <trace/events/ext4.h>
29
30typedef void ext4_update_sb_callback(struct ext4_super_block *es,
31 const void *arg);
32
33/*
34 * Superblock modification callback function for changing file system
35 * label
36 */
37static void ext4_sb_setlabel(struct ext4_super_block *es, const void *arg)
38{
39 /* Sanity check, this should never happen */
40 BUILD_BUG_ON(sizeof(es->s_volume_name) < EXT4_LABEL_MAX);
41
42 memcpy(es->s_volume_name, (char *)arg, EXT4_LABEL_MAX);
43}
44
45/*
46 * Superblock modification callback function for changing file system
47 * UUID.
48 */
49static void ext4_sb_setuuid(struct ext4_super_block *es, const void *arg)
50{
51 memcpy(es->s_uuid, (__u8 *)arg, UUID_SIZE);
52}
53
54static
55int ext4_update_primary_sb(struct super_block *sb, handle_t *handle,
56 ext4_update_sb_callback func,
57 const void *arg)
58{
59 int err = 0;
60 struct ext4_sb_info *sbi = EXT4_SB(sb);
61 struct buffer_head *bh = sbi->s_sbh;
62 struct ext4_super_block *es = sbi->s_es;
63
64 trace_ext4_update_sb(sb, bh->b_blocknr, 1);
65
66 BUFFER_TRACE(bh, "get_write_access");
67 err = ext4_journal_get_write_access(handle, sb,
68 bh,
69 EXT4_JTR_NONE);
70 if (err)
71 goto out_err;
72
73 lock_buffer(bh);
74 func(es, arg);
75 ext4_superblock_csum_set(sb);
76 unlock_buffer(bh);
77
78 if (buffer_write_io_error(bh) || !buffer_uptodate(bh)) {
79 ext4_msg(sbi->s_sb, KERN_ERR, "previous I/O error to "
80 "superblock detected");
81 clear_buffer_write_io_error(bh);
82 set_buffer_uptodate(bh);
83 }
84
85 err = ext4_handle_dirty_metadata(handle, NULL, bh);
86 if (err)
87 goto out_err;
88 err = sync_dirty_buffer(bh);
89out_err:
90 ext4_std_error(sb, err);
91 return err;
92}
93
94/*
95 * Update one backup superblock in the group 'grp' using the callback
96 * function 'func' and argument 'arg'. If the handle is NULL the
97 * modification is not journalled.
98 *
99 * Returns: 0 when no modification was done (no superblock in the group)
100 * 1 when the modification was successful
101 * <0 on error
102 */
103static int ext4_update_backup_sb(struct super_block *sb,
104 handle_t *handle, ext4_group_t grp,
105 ext4_update_sb_callback func, const void *arg)
106{
107 int err = 0;
108 ext4_fsblk_t sb_block;
109 struct buffer_head *bh;
110 unsigned long offset = 0;
111 struct ext4_super_block *es;
112
113 if (!ext4_bg_has_super(sb, grp))
114 return 0;
115
116 /*
117 * For the group 0 there is always 1k padding, so we have
118 * either adjust offset, or sb_block depending on blocksize
119 */
120 if (grp == 0) {
121 sb_block = 1 * EXT4_MIN_BLOCK_SIZE;
122 offset = do_div(sb_block, sb->s_blocksize);
123 } else {
124 sb_block = ext4_group_first_block_no(sb, grp);
125 offset = 0;
126 }
127
128 trace_ext4_update_sb(sb, sb_block, handle ? 1 : 0);
129
130 bh = ext4_sb_bread(sb, sb_block, 0);
131 if (IS_ERR(bh))
132 return PTR_ERR(bh);
133
134 if (handle) {
135 BUFFER_TRACE(bh, "get_write_access");
136 err = ext4_journal_get_write_access(handle, sb,
137 bh,
138 EXT4_JTR_NONE);
139 if (err)
140 goto out_bh;
141 }
142
143 es = (struct ext4_super_block *) (bh->b_data + offset);
144 lock_buffer(bh);
145 if (ext4_has_metadata_csum(sb) &&
146 es->s_checksum != ext4_superblock_csum(sb, es)) {
147 ext4_msg(sb, KERN_ERR, "Invalid checksum for backup "
148 "superblock %llu", sb_block);
149 unlock_buffer(bh);
150 goto out_bh;
151 }
152 func(es, arg);
153 if (ext4_has_metadata_csum(sb))
154 es->s_checksum = ext4_superblock_csum(sb, es);
155 set_buffer_uptodate(bh);
156 unlock_buffer(bh);
157
158 if (handle) {
159 err = ext4_handle_dirty_metadata(handle, NULL, bh);
160 if (err)
161 goto out_bh;
162 } else {
163 BUFFER_TRACE(bh, "marking dirty");
164 mark_buffer_dirty(bh);
165 }
166 err = sync_dirty_buffer(bh);
167
168out_bh:
169 brelse(bh);
170 ext4_std_error(sb, err);
171 return (err) ? err : 1;
172}
173
174/*
175 * Update primary and backup superblocks using the provided function
176 * func and argument arg.
177 *
178 * Only the primary superblock and at most two backup superblock
179 * modifications are journalled; the rest is modified without journal.
180 * This is safe because e2fsck will re-write them if there is a problem,
181 * and we're very unlikely to ever need more than two backups.
182 */
183static
184int ext4_update_superblocks_fn(struct super_block *sb,
185 ext4_update_sb_callback func,
186 const void *arg)
187{
188 handle_t *handle;
189 ext4_group_t ngroups;
190 unsigned int three = 1;
191 unsigned int five = 5;
192 unsigned int seven = 7;
193 int err = 0, ret, i;
194 ext4_group_t grp, primary_grp;
195 struct ext4_sb_info *sbi = EXT4_SB(sb);
196
197 /*
198 * We can't update superblocks while the online resize is running
199 */
200 if (test_and_set_bit_lock(EXT4_FLAGS_RESIZING,
201 &sbi->s_ext4_flags)) {
202 ext4_msg(sb, KERN_ERR, "Can't modify superblock while"
203 "performing online resize");
204 return -EBUSY;
205 }
206
207 /*
208 * We're only going to update primary superblock and two
209 * backup superblocks in this transaction.
210 */
211 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 3);
212 if (IS_ERR(handle)) {
213 err = PTR_ERR(handle);
214 goto out;
215 }
216
217 /* Update primary superblock */
218 err = ext4_update_primary_sb(sb, handle, func, arg);
219 if (err) {
220 ext4_msg(sb, KERN_ERR, "Failed to update primary "
221 "superblock");
222 goto out_journal;
223 }
224
225 primary_grp = ext4_get_group_number(sb, sbi->s_sbh->b_blocknr);
226 ngroups = ext4_get_groups_count(sb);
227
228 /*
229 * Update backup superblocks. We have to start from group 0
230 * because it might not be where the primary superblock is
231 * if the fs is mounted with -o sb=<backup_sb_block>
232 */
233 i = 0;
234 grp = 0;
235 while (grp < ngroups) {
236 /* Skip primary superblock */
237 if (grp == primary_grp)
238 goto next_grp;
239
240 ret = ext4_update_backup_sb(sb, handle, grp, func, arg);
241 if (ret < 0) {
242 /* Ignore bad checksum; try to update next sb */
243 if (ret == -EFSBADCRC)
244 goto next_grp;
245 err = ret;
246 goto out_journal;
247 }
248
249 i += ret;
250 if (handle && i > 1) {
251 /*
252 * We're only journalling primary superblock and
253 * two backup superblocks; the rest is not
254 * journalled.
255 */
256 err = ext4_journal_stop(handle);
257 if (err)
258 goto out;
259 handle = NULL;
260 }
261next_grp:
262 grp = ext4_list_backups(sb, &three, &five, &seven);
263 }
264
265out_journal:
266 if (handle) {
267 ret = ext4_journal_stop(handle);
268 if (ret && !err)
269 err = ret;
270 }
271out:
272 clear_bit_unlock(EXT4_FLAGS_RESIZING, &sbi->s_ext4_flags);
273 smp_mb__after_atomic();
274 return err ? err : 0;
275}
276
277/*
278 * Swap memory between @a and @b for @len bytes.
279 *
280 * @a: pointer to first memory area
281 * @b: pointer to second memory area
282 * @len: number of bytes to swap
283 *
284 */
285static void memswap(void *a, void *b, size_t len)
286{
287 unsigned char *ap, *bp;
288
289 ap = (unsigned char *)a;
290 bp = (unsigned char *)b;
291 while (len-- > 0) {
292 swap(*ap, *bp);
293 ap++;
294 bp++;
295 }
296}
297
298/*
299 * Swap i_data and associated attributes between @inode1 and @inode2.
300 * This function is used for the primary swap between inode1 and inode2
301 * and also to revert this primary swap in case of errors.
302 *
303 * Therefore you have to make sure, that calling this method twice
304 * will revert all changes.
305 *
306 * @inode1: pointer to first inode
307 * @inode2: pointer to second inode
308 */
309static void swap_inode_data(struct inode *inode1, struct inode *inode2)
310{
311 loff_t isize;
312 struct ext4_inode_info *ei1;
313 struct ext4_inode_info *ei2;
314 unsigned long tmp;
315 struct timespec64 ts1, ts2;
316
317 ei1 = EXT4_I(inode1);
318 ei2 = EXT4_I(inode2);
319
320 swap(inode1->i_version, inode2->i_version);
321
322 ts1 = inode_get_atime(inode1);
323 ts2 = inode_get_atime(inode2);
324 inode_set_atime_to_ts(inode1, ts2);
325 inode_set_atime_to_ts(inode2, ts1);
326
327 ts1 = inode_get_mtime(inode1);
328 ts2 = inode_get_mtime(inode2);
329 inode_set_mtime_to_ts(inode1, ts2);
330 inode_set_mtime_to_ts(inode2, ts1);
331
332 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
333 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
334 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
335 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
336 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
337 swap(ei1->i_disksize, ei2->i_disksize);
338 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
339 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
340
341 isize = i_size_read(inode1);
342 i_size_write(inode1, i_size_read(inode2));
343 i_size_write(inode2, isize);
344}
345
346void ext4_reset_inode_seed(struct inode *inode)
347{
348 struct ext4_inode_info *ei = EXT4_I(inode);
349 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
350 __le32 inum = cpu_to_le32(inode->i_ino);
351 __le32 gen = cpu_to_le32(inode->i_generation);
352 __u32 csum;
353
354 if (!ext4_has_metadata_csum(inode->i_sb))
355 return;
356
357 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
358 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
359}
360
361/*
362 * Swap the information from the given @inode and the inode
363 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
364 * important fields of the inodes.
365 *
366 * @sb: the super block of the filesystem
367 * @idmap: idmap of the mount the inode was found from
368 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
369 *
370 */
371static long swap_inode_boot_loader(struct super_block *sb,
372 struct mnt_idmap *idmap,
373 struct inode *inode)
374{
375 handle_t *handle;
376 int err;
377 struct inode *inode_bl;
378 struct ext4_inode_info *ei_bl;
379 qsize_t size, size_bl, diff;
380 blkcnt_t blocks;
381 unsigned short bytes;
382
383 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO,
384 EXT4_IGET_SPECIAL | EXT4_IGET_BAD);
385 if (IS_ERR(inode_bl))
386 return PTR_ERR(inode_bl);
387 ei_bl = EXT4_I(inode_bl);
388
389 /* Protect orig inodes against a truncate and make sure,
390 * that only 1 swap_inode_boot_loader is running. */
391 lock_two_nondirectories(inode, inode_bl);
392
393 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
394 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
395 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
396 ext4_has_inline_data(inode)) {
397 err = -EINVAL;
398 goto journal_err_out;
399 }
400
401 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
402 !inode_owner_or_capable(idmap, inode) ||
403 !capable(CAP_SYS_ADMIN)) {
404 err = -EPERM;
405 goto journal_err_out;
406 }
407
408 filemap_invalidate_lock(inode->i_mapping);
409 err = filemap_write_and_wait(inode->i_mapping);
410 if (err)
411 goto err_out;
412
413 err = filemap_write_and_wait(inode_bl->i_mapping);
414 if (err)
415 goto err_out;
416
417 /* Wait for all existing dio workers */
418 inode_dio_wait(inode);
419 inode_dio_wait(inode_bl);
420
421 truncate_inode_pages(&inode->i_data, 0);
422 truncate_inode_pages(&inode_bl->i_data, 0);
423
424 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
425 if (IS_ERR(handle)) {
426 err = -EINVAL;
427 goto err_out;
428 }
429 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_SWAP_BOOT, handle);
430
431 /* Protect extent tree against block allocations via delalloc */
432 ext4_double_down_write_data_sem(inode, inode_bl);
433
434 if (is_bad_inode(inode_bl) || !S_ISREG(inode_bl->i_mode)) {
435 /* this inode has never been used as a BOOT_LOADER */
436 set_nlink(inode_bl, 1);
437 i_uid_write(inode_bl, 0);
438 i_gid_write(inode_bl, 0);
439 inode_bl->i_flags = 0;
440 ei_bl->i_flags = 0;
441 inode_set_iversion(inode_bl, 1);
442 i_size_write(inode_bl, 0);
443 EXT4_I(inode_bl)->i_disksize = inode_bl->i_size;
444 inode_bl->i_mode = S_IFREG;
445 if (ext4_has_feature_extents(sb)) {
446 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
447 ext4_ext_tree_init(handle, inode_bl);
448 } else
449 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
450 }
451
452 err = dquot_initialize(inode);
453 if (err)
454 goto err_out1;
455
456 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
457 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
458 diff = size - size_bl;
459 swap_inode_data(inode, inode_bl);
460
461 inode_set_ctime_current(inode);
462 inode_set_ctime_current(inode_bl);
463 inode_inc_iversion(inode);
464
465 inode->i_generation = get_random_u32();
466 inode_bl->i_generation = get_random_u32();
467 ext4_reset_inode_seed(inode);
468 ext4_reset_inode_seed(inode_bl);
469
470 ext4_discard_preallocations(inode);
471
472 err = ext4_mark_inode_dirty(handle, inode);
473 if (err < 0) {
474 /* No need to update quota information. */
475 ext4_warning(inode->i_sb,
476 "couldn't mark inode #%lu dirty (err %d)",
477 inode->i_ino, err);
478 /* Revert all changes: */
479 swap_inode_data(inode, inode_bl);
480 ext4_mark_inode_dirty(handle, inode);
481 goto err_out1;
482 }
483
484 blocks = inode_bl->i_blocks;
485 bytes = inode_bl->i_bytes;
486 inode_bl->i_blocks = inode->i_blocks;
487 inode_bl->i_bytes = inode->i_bytes;
488 err = ext4_mark_inode_dirty(handle, inode_bl);
489 if (err < 0) {
490 /* No need to update quota information. */
491 ext4_warning(inode_bl->i_sb,
492 "couldn't mark inode #%lu dirty (err %d)",
493 inode_bl->i_ino, err);
494 goto revert;
495 }
496
497 /* Bootloader inode should not be counted into quota information. */
498 if (diff > 0)
499 dquot_free_space(inode, diff);
500 else
501 err = dquot_alloc_space(inode, -1 * diff);
502
503 if (err < 0) {
504revert:
505 /* Revert all changes: */
506 inode_bl->i_blocks = blocks;
507 inode_bl->i_bytes = bytes;
508 swap_inode_data(inode, inode_bl);
509 ext4_mark_inode_dirty(handle, inode);
510 ext4_mark_inode_dirty(handle, inode_bl);
511 }
512
513err_out1:
514 ext4_journal_stop(handle);
515 ext4_double_up_write_data_sem(inode, inode_bl);
516
517err_out:
518 filemap_invalidate_unlock(inode->i_mapping);
519journal_err_out:
520 unlock_two_nondirectories(inode, inode_bl);
521 iput(inode_bl);
522 return err;
523}
524
525/*
526 * If immutable is set and we are not clearing it, we're not allowed to change
527 * anything else in the inode. Don't error out if we're only trying to set
528 * immutable on an immutable file.
529 */
530static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
531 unsigned int flags)
532{
533 struct ext4_inode_info *ei = EXT4_I(inode);
534 unsigned int oldflags = ei->i_flags;
535
536 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
537 return 0;
538
539 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
540 return -EPERM;
541 if (ext4_has_feature_project(inode->i_sb) &&
542 __kprojid_val(ei->i_projid) != new_projid)
543 return -EPERM;
544
545 return 0;
546}
547
548static void ext4_dax_dontcache(struct inode *inode, unsigned int flags)
549{
550 struct ext4_inode_info *ei = EXT4_I(inode);
551
552 if (S_ISDIR(inode->i_mode))
553 return;
554
555 if (test_opt2(inode->i_sb, DAX_NEVER) ||
556 test_opt(inode->i_sb, DAX_ALWAYS))
557 return;
558
559 if ((ei->i_flags ^ flags) & EXT4_DAX_FL)
560 d_mark_dontcache(inode);
561}
562
563static bool dax_compatible(struct inode *inode, unsigned int oldflags,
564 unsigned int flags)
565{
566 /* Allow the DAX flag to be changed on inline directories */
567 if (S_ISDIR(inode->i_mode)) {
568 flags &= ~EXT4_INLINE_DATA_FL;
569 oldflags &= ~EXT4_INLINE_DATA_FL;
570 }
571
572 if (flags & EXT4_DAX_FL) {
573 if ((oldflags & EXT4_DAX_MUT_EXCL) ||
574 ext4_test_inode_state(inode,
575 EXT4_STATE_VERITY_IN_PROGRESS)) {
576 return false;
577 }
578 }
579
580 if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL))
581 return false;
582
583 return true;
584}
585
586static int ext4_ioctl_setflags(struct inode *inode,
587 unsigned int flags)
588{
589 struct ext4_inode_info *ei = EXT4_I(inode);
590 handle_t *handle = NULL;
591 int err = -EPERM, migrate = 0;
592 struct ext4_iloc iloc;
593 unsigned int oldflags, mask, i;
594 struct super_block *sb = inode->i_sb;
595
596 /* Is it quota file? Do not allow user to mess with it */
597 if (ext4_is_quota_file(inode))
598 goto flags_out;
599
600 oldflags = ei->i_flags;
601 /*
602 * The JOURNAL_DATA flag can only be changed by
603 * the relevant capability.
604 */
605 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
606 if (!capable(CAP_SYS_RESOURCE))
607 goto flags_out;
608 }
609
610 if (!dax_compatible(inode, oldflags, flags)) {
611 err = -EOPNOTSUPP;
612 goto flags_out;
613 }
614
615 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
616 migrate = 1;
617
618 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) {
619 if (!ext4_has_feature_casefold(sb)) {
620 err = -EOPNOTSUPP;
621 goto flags_out;
622 }
623
624 if (!S_ISDIR(inode->i_mode)) {
625 err = -ENOTDIR;
626 goto flags_out;
627 }
628
629 if (!ext4_empty_dir(inode)) {
630 err = -ENOTEMPTY;
631 goto flags_out;
632 }
633 }
634
635 /*
636 * Wait for all pending directio and then flush all the dirty pages
637 * for this file. The flush marks all the pages readonly, so any
638 * subsequent attempt to write to the file (particularly mmap pages)
639 * will come through the filesystem and fail.
640 */
641 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
642 (flags & EXT4_IMMUTABLE_FL)) {
643 inode_dio_wait(inode);
644 err = filemap_write_and_wait(inode->i_mapping);
645 if (err)
646 goto flags_out;
647 }
648
649 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
650 if (IS_ERR(handle)) {
651 err = PTR_ERR(handle);
652 goto flags_out;
653 }
654 if (IS_SYNC(inode))
655 ext4_handle_sync(handle);
656 err = ext4_reserve_inode_write(handle, inode, &iloc);
657 if (err)
658 goto flags_err;
659
660 ext4_dax_dontcache(inode, flags);
661
662 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
663 if (!(mask & EXT4_FL_USER_MODIFIABLE))
664 continue;
665 /* These flags get special treatment later */
666 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
667 continue;
668 if (mask & flags)
669 ext4_set_inode_flag(inode, i);
670 else
671 ext4_clear_inode_flag(inode, i);
672 }
673
674 ext4_set_inode_flags(inode, false);
675
676 inode_set_ctime_current(inode);
677 inode_inc_iversion(inode);
678
679 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
680flags_err:
681 ext4_journal_stop(handle);
682 if (err)
683 goto flags_out;
684
685 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
686 /*
687 * Changes to the journaling mode can cause unsafe changes to
688 * S_DAX if the inode is DAX
689 */
690 if (IS_DAX(inode)) {
691 err = -EBUSY;
692 goto flags_out;
693 }
694
695 err = ext4_change_inode_journal_flag(inode,
696 flags & EXT4_JOURNAL_DATA_FL);
697 if (err)
698 goto flags_out;
699 }
700 if (migrate) {
701 if (flags & EXT4_EXTENTS_FL)
702 err = ext4_ext_migrate(inode);
703 else
704 err = ext4_ind_migrate(inode);
705 }
706
707flags_out:
708 return err;
709}
710
711#ifdef CONFIG_QUOTA
712static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
713{
714 struct super_block *sb = inode->i_sb;
715 struct ext4_inode_info *ei = EXT4_I(inode);
716 int err, rc;
717 handle_t *handle;
718 kprojid_t kprojid;
719 struct ext4_iloc iloc;
720 struct ext4_inode *raw_inode;
721 struct dquot *transfer_to[MAXQUOTAS] = { };
722
723 if (!ext4_has_feature_project(sb)) {
724 if (projid != EXT4_DEF_PROJID)
725 return -EOPNOTSUPP;
726 else
727 return 0;
728 }
729
730 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
731 return -EOPNOTSUPP;
732
733 kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
734
735 if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
736 return 0;
737
738 err = -EPERM;
739 /* Is it quota file? Do not allow user to mess with it */
740 if (ext4_is_quota_file(inode))
741 return err;
742
743 err = dquot_initialize(inode);
744 if (err)
745 return err;
746
747 err = ext4_get_inode_loc(inode, &iloc);
748 if (err)
749 return err;
750
751 raw_inode = ext4_raw_inode(&iloc);
752 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
753 err = ext4_expand_extra_isize(inode,
754 EXT4_SB(sb)->s_want_extra_isize,
755 &iloc);
756 if (err)
757 return err;
758 } else {
759 brelse(iloc.bh);
760 }
761
762 handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
763 EXT4_QUOTA_INIT_BLOCKS(sb) +
764 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
765 if (IS_ERR(handle))
766 return PTR_ERR(handle);
767
768 err = ext4_reserve_inode_write(handle, inode, &iloc);
769 if (err)
770 goto out_stop;
771
772 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
773 if (!IS_ERR(transfer_to[PRJQUOTA])) {
774
775 /* __dquot_transfer() calls back ext4_get_inode_usage() which
776 * counts xattr inode references.
777 */
778 down_read(&EXT4_I(inode)->xattr_sem);
779 err = __dquot_transfer(inode, transfer_to);
780 up_read(&EXT4_I(inode)->xattr_sem);
781 dqput(transfer_to[PRJQUOTA]);
782 if (err)
783 goto out_dirty;
784 }
785
786 EXT4_I(inode)->i_projid = kprojid;
787 inode_set_ctime_current(inode);
788 inode_inc_iversion(inode);
789out_dirty:
790 rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
791 if (!err)
792 err = rc;
793out_stop:
794 ext4_journal_stop(handle);
795 return err;
796}
797#else
798static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
799{
800 if (projid != EXT4_DEF_PROJID)
801 return -EOPNOTSUPP;
802 return 0;
803}
804#endif
805
806int ext4_force_shutdown(struct super_block *sb, u32 flags)
807{
808 struct ext4_sb_info *sbi = EXT4_SB(sb);
809 int ret;
810
811 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
812 return -EINVAL;
813
814 if (ext4_forced_shutdown(sb))
815 return 0;
816
817 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
818 trace_ext4_shutdown(sb, flags);
819
820 switch (flags) {
821 case EXT4_GOING_FLAGS_DEFAULT:
822 ret = bdev_freeze(sb->s_bdev);
823 if (ret)
824 return ret;
825 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
826 bdev_thaw(sb->s_bdev);
827 break;
828 case EXT4_GOING_FLAGS_LOGFLUSH:
829 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
830 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
831 (void) ext4_force_commit(sb);
832 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
833 }
834 break;
835 case EXT4_GOING_FLAGS_NOLOGFLUSH:
836 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
837 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
838 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
839 break;
840 default:
841 return -EINVAL;
842 }
843 clear_opt(sb, DISCARD);
844 return 0;
845}
846
847static int ext4_ioctl_shutdown(struct super_block *sb, unsigned long arg)
848{
849 u32 flags;
850
851 if (!capable(CAP_SYS_ADMIN))
852 return -EPERM;
853
854 if (get_user(flags, (__u32 __user *)arg))
855 return -EFAULT;
856
857 return ext4_force_shutdown(sb, flags);
858}
859
860struct getfsmap_info {
861 struct super_block *gi_sb;
862 struct fsmap_head __user *gi_data;
863 unsigned int gi_idx;
864 __u32 gi_last_flags;
865};
866
867static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
868{
869 struct getfsmap_info *info = priv;
870 struct fsmap fm;
871
872 trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
873
874 info->gi_last_flags = xfm->fmr_flags;
875 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
876 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
877 sizeof(struct fsmap)))
878 return -EFAULT;
879
880 return 0;
881}
882
883static int ext4_ioc_getfsmap(struct super_block *sb,
884 struct fsmap_head __user *arg)
885{
886 struct getfsmap_info info = { NULL };
887 struct ext4_fsmap_head xhead = {0};
888 struct fsmap_head head;
889 bool aborted = false;
890 int error;
891
892 if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
893 return -EFAULT;
894 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
895 memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
896 sizeof(head.fmh_keys[0].fmr_reserved)) ||
897 memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
898 sizeof(head.fmh_keys[1].fmr_reserved)))
899 return -EINVAL;
900 /*
901 * ext4 doesn't report file extents at all, so the only valid
902 * file offsets are the magic ones (all zeroes or all ones).
903 */
904 if (head.fmh_keys[0].fmr_offset ||
905 (head.fmh_keys[1].fmr_offset != 0 &&
906 head.fmh_keys[1].fmr_offset != -1ULL))
907 return -EINVAL;
908
909 xhead.fmh_iflags = head.fmh_iflags;
910 xhead.fmh_count = head.fmh_count;
911 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
912 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
913
914 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
915 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
916
917 info.gi_sb = sb;
918 info.gi_data = arg;
919 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
920 if (error == EXT4_QUERY_RANGE_ABORT)
921 aborted = true;
922 else if (error)
923 return error;
924
925 /* If we didn't abort, set the "last" flag in the last fmx */
926 if (!aborted && info.gi_idx) {
927 info.gi_last_flags |= FMR_OF_LAST;
928 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
929 &info.gi_last_flags,
930 sizeof(info.gi_last_flags)))
931 return -EFAULT;
932 }
933
934 /* copy back header */
935 head.fmh_entries = xhead.fmh_entries;
936 head.fmh_oflags = xhead.fmh_oflags;
937 if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
938 return -EFAULT;
939
940 return 0;
941}
942
943static long ext4_ioctl_group_add(struct file *file,
944 struct ext4_new_group_data *input)
945{
946 struct super_block *sb = file_inode(file)->i_sb;
947 int err, err2=0;
948
949 err = ext4_resize_begin(sb);
950 if (err)
951 return err;
952
953 if (ext4_has_feature_bigalloc(sb)) {
954 ext4_msg(sb, KERN_ERR,
955 "Online resizing not supported with bigalloc");
956 err = -EOPNOTSUPP;
957 goto group_add_out;
958 }
959
960 err = mnt_want_write_file(file);
961 if (err)
962 goto group_add_out;
963
964 err = ext4_group_add(sb, input);
965 if (EXT4_SB(sb)->s_journal) {
966 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
967 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
968 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
969 }
970 if (err == 0)
971 err = err2;
972 mnt_drop_write_file(file);
973 if (!err && ext4_has_group_desc_csum(sb) &&
974 test_opt(sb, INIT_INODE_TABLE))
975 err = ext4_register_li_request(sb, input->group);
976group_add_out:
977 err2 = ext4_resize_end(sb, false);
978 if (err == 0)
979 err = err2;
980 return err;
981}
982
983int ext4_fileattr_get(struct dentry *dentry, struct fileattr *fa)
984{
985 struct inode *inode = d_inode(dentry);
986 struct ext4_inode_info *ei = EXT4_I(inode);
987 u32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
988
989 if (S_ISREG(inode->i_mode))
990 flags &= ~FS_PROJINHERIT_FL;
991
992 fileattr_fill_flags(fa, flags);
993 if (ext4_has_feature_project(inode->i_sb))
994 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid);
995
996 return 0;
997}
998
999int ext4_fileattr_set(struct mnt_idmap *idmap,
1000 struct dentry *dentry, struct fileattr *fa)
1001{
1002 struct inode *inode = d_inode(dentry);
1003 u32 flags = fa->flags;
1004 int err = -EOPNOTSUPP;
1005
1006 if (flags & ~EXT4_FL_USER_VISIBLE)
1007 goto out;
1008
1009 /*
1010 * chattr(1) grabs flags via GETFLAGS, modifies the result and
1011 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
1012 * more restrictive than just silently masking off visible but
1013 * not settable flags as we always did.
1014 */
1015 flags &= EXT4_FL_USER_MODIFIABLE;
1016 if (ext4_mask_flags(inode->i_mode, flags) != flags)
1017 goto out;
1018 err = ext4_ioctl_check_immutable(inode, fa->fsx_projid, flags);
1019 if (err)
1020 goto out;
1021 err = ext4_ioctl_setflags(inode, flags);
1022 if (err)
1023 goto out;
1024 err = ext4_ioctl_setproject(inode, fa->fsx_projid);
1025out:
1026 return err;
1027}
1028
1029/* So that the fiemap access checks can't overflow on 32 bit machines. */
1030#define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent))
1031
1032static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg)
1033{
1034 struct fiemap fiemap;
1035 struct fiemap __user *ufiemap = (struct fiemap __user *) arg;
1036 struct fiemap_extent_info fieinfo = { 0, };
1037 struct inode *inode = file_inode(filp);
1038 int error;
1039
1040 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap)))
1041 return -EFAULT;
1042
1043 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS)
1044 return -EINVAL;
1045
1046 fieinfo.fi_flags = fiemap.fm_flags;
1047 fieinfo.fi_extents_max = fiemap.fm_extent_count;
1048 fieinfo.fi_extents_start = ufiemap->fm_extents;
1049
1050 error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start,
1051 fiemap.fm_length);
1052 fiemap.fm_flags = fieinfo.fi_flags;
1053 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
1054 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap)))
1055 error = -EFAULT;
1056
1057 return error;
1058}
1059
1060static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg)
1061{
1062 int err = 0;
1063 __u32 flags = 0;
1064 unsigned int flush_flags = 0;
1065 struct super_block *sb = file_inode(filp)->i_sb;
1066
1067 if (copy_from_user(&flags, (__u32 __user *)arg,
1068 sizeof(__u32)))
1069 return -EFAULT;
1070
1071 if (!capable(CAP_SYS_ADMIN))
1072 return -EPERM;
1073
1074 /* check for invalid bits set */
1075 if ((flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) ||
1076 ((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
1077 (flags & JBD2_JOURNAL_FLUSH_ZEROOUT)))
1078 return -EINVAL;
1079
1080 if (!EXT4_SB(sb)->s_journal)
1081 return -ENODEV;
1082
1083 if ((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
1084 !bdev_max_discard_sectors(EXT4_SB(sb)->s_journal->j_dev))
1085 return -EOPNOTSUPP;
1086
1087 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DRY_RUN)
1088 return 0;
1089
1090 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DISCARD)
1091 flush_flags |= JBD2_JOURNAL_FLUSH_DISCARD;
1092
1093 if (flags & EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT) {
1094 flush_flags |= JBD2_JOURNAL_FLUSH_ZEROOUT;
1095 pr_info_ratelimited("warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow");
1096 }
1097
1098 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1099 err = jbd2_journal_flush(EXT4_SB(sb)->s_journal, flush_flags);
1100 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1101
1102 return err;
1103}
1104
1105static int ext4_ioctl_setlabel(struct file *filp, const char __user *user_label)
1106{
1107 size_t len;
1108 int ret = 0;
1109 char new_label[EXT4_LABEL_MAX + 1];
1110 struct super_block *sb = file_inode(filp)->i_sb;
1111
1112 if (!capable(CAP_SYS_ADMIN))
1113 return -EPERM;
1114
1115 /*
1116 * Copy the maximum length allowed for ext4 label with one more to
1117 * find the required terminating null byte in order to test the
1118 * label length. The on disk label doesn't need to be null terminated.
1119 */
1120 if (copy_from_user(new_label, user_label, EXT4_LABEL_MAX + 1))
1121 return -EFAULT;
1122
1123 len = strnlen(new_label, EXT4_LABEL_MAX + 1);
1124 if (len > EXT4_LABEL_MAX)
1125 return -EINVAL;
1126
1127 /*
1128 * Clear the buffer after the new label
1129 */
1130 memset(new_label + len, 0, EXT4_LABEL_MAX - len);
1131
1132 ret = mnt_want_write_file(filp);
1133 if (ret)
1134 return ret;
1135
1136 ret = ext4_update_superblocks_fn(sb, ext4_sb_setlabel, new_label);
1137
1138 mnt_drop_write_file(filp);
1139 return ret;
1140}
1141
1142static int ext4_ioctl_getlabel(struct ext4_sb_info *sbi, char __user *user_label)
1143{
1144 char label[EXT4_LABEL_MAX + 1];
1145
1146 /*
1147 * EXT4_LABEL_MAX must always be smaller than FSLABEL_MAX because
1148 * FSLABEL_MAX must include terminating null byte, while s_volume_name
1149 * does not have to.
1150 */
1151 BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX);
1152
1153 lock_buffer(sbi->s_sbh);
1154 memtostr_pad(label, sbi->s_es->s_volume_name);
1155 unlock_buffer(sbi->s_sbh);
1156
1157 if (copy_to_user(user_label, label, sizeof(label)))
1158 return -EFAULT;
1159 return 0;
1160}
1161
1162static int ext4_ioctl_getuuid(struct ext4_sb_info *sbi,
1163 struct fsuuid __user *ufsuuid)
1164{
1165 struct fsuuid fsuuid;
1166 __u8 uuid[UUID_SIZE];
1167
1168 if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid)))
1169 return -EFAULT;
1170
1171 if (fsuuid.fsu_len == 0) {
1172 fsuuid.fsu_len = UUID_SIZE;
1173 if (copy_to_user(&ufsuuid->fsu_len, &fsuuid.fsu_len,
1174 sizeof(fsuuid.fsu_len)))
1175 return -EFAULT;
1176 return 0;
1177 }
1178
1179 if (fsuuid.fsu_len < UUID_SIZE || fsuuid.fsu_flags != 0)
1180 return -EINVAL;
1181
1182 lock_buffer(sbi->s_sbh);
1183 memcpy(uuid, sbi->s_es->s_uuid, UUID_SIZE);
1184 unlock_buffer(sbi->s_sbh);
1185
1186 fsuuid.fsu_len = UUID_SIZE;
1187 if (copy_to_user(ufsuuid, &fsuuid, sizeof(fsuuid)) ||
1188 copy_to_user(&ufsuuid->fsu_uuid[0], uuid, UUID_SIZE))
1189 return -EFAULT;
1190 return 0;
1191}
1192
1193static int ext4_ioctl_setuuid(struct file *filp,
1194 const struct fsuuid __user *ufsuuid)
1195{
1196 int ret = 0;
1197 struct super_block *sb = file_inode(filp)->i_sb;
1198 struct fsuuid fsuuid;
1199 __u8 uuid[UUID_SIZE];
1200
1201 if (!capable(CAP_SYS_ADMIN))
1202 return -EPERM;
1203
1204 /*
1205 * If any checksums (group descriptors or metadata) are being used
1206 * then the checksum seed feature is required to change the UUID.
1207 */
1208 if (((ext4_has_feature_gdt_csum(sb) || ext4_has_metadata_csum(sb))
1209 && !ext4_has_feature_csum_seed(sb))
1210 || ext4_has_feature_stable_inodes(sb))
1211 return -EOPNOTSUPP;
1212
1213 if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid)))
1214 return -EFAULT;
1215
1216 if (fsuuid.fsu_len != UUID_SIZE || fsuuid.fsu_flags != 0)
1217 return -EINVAL;
1218
1219 if (copy_from_user(uuid, &ufsuuid->fsu_uuid[0], UUID_SIZE))
1220 return -EFAULT;
1221
1222 ret = mnt_want_write_file(filp);
1223 if (ret)
1224 return ret;
1225
1226 ret = ext4_update_superblocks_fn(sb, ext4_sb_setuuid, &uuid);
1227 mnt_drop_write_file(filp);
1228
1229 return ret;
1230}
1231
1232static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1233{
1234 struct inode *inode = file_inode(filp);
1235 struct super_block *sb = inode->i_sb;
1236 struct mnt_idmap *idmap = file_mnt_idmap(filp);
1237
1238 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
1239
1240 switch (cmd) {
1241 case FS_IOC_GETFSMAP:
1242 return ext4_ioc_getfsmap(sb, (void __user *)arg);
1243 case EXT4_IOC_GETVERSION:
1244 case EXT4_IOC_GETVERSION_OLD:
1245 return put_user(inode->i_generation, (int __user *) arg);
1246 case EXT4_IOC_SETVERSION:
1247 case EXT4_IOC_SETVERSION_OLD: {
1248 handle_t *handle;
1249 struct ext4_iloc iloc;
1250 __u32 generation;
1251 int err;
1252
1253 if (!inode_owner_or_capable(idmap, inode))
1254 return -EPERM;
1255
1256 if (ext4_has_metadata_csum(inode->i_sb)) {
1257 ext4_warning(sb, "Setting inode version is not "
1258 "supported with metadata_csum enabled.");
1259 return -ENOTTY;
1260 }
1261
1262 err = mnt_want_write_file(filp);
1263 if (err)
1264 return err;
1265 if (get_user(generation, (int __user *) arg)) {
1266 err = -EFAULT;
1267 goto setversion_out;
1268 }
1269
1270 inode_lock(inode);
1271 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
1272 if (IS_ERR(handle)) {
1273 err = PTR_ERR(handle);
1274 goto unlock_out;
1275 }
1276 err = ext4_reserve_inode_write(handle, inode, &iloc);
1277 if (err == 0) {
1278 inode_set_ctime_current(inode);
1279 inode_inc_iversion(inode);
1280 inode->i_generation = generation;
1281 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
1282 }
1283 ext4_journal_stop(handle);
1284
1285unlock_out:
1286 inode_unlock(inode);
1287setversion_out:
1288 mnt_drop_write_file(filp);
1289 return err;
1290 }
1291 case EXT4_IOC_GROUP_EXTEND: {
1292 ext4_fsblk_t n_blocks_count;
1293 int err, err2=0;
1294
1295 err = ext4_resize_begin(sb);
1296 if (err)
1297 return err;
1298
1299 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
1300 err = -EFAULT;
1301 goto group_extend_out;
1302 }
1303
1304 if (ext4_has_feature_bigalloc(sb)) {
1305 ext4_msg(sb, KERN_ERR,
1306 "Online resizing not supported with bigalloc");
1307 err = -EOPNOTSUPP;
1308 goto group_extend_out;
1309 }
1310
1311 err = mnt_want_write_file(filp);
1312 if (err)
1313 goto group_extend_out;
1314
1315 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
1316 if (EXT4_SB(sb)->s_journal) {
1317 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1318 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1319 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1320 }
1321 if (err == 0)
1322 err = err2;
1323 mnt_drop_write_file(filp);
1324group_extend_out:
1325 err2 = ext4_resize_end(sb, false);
1326 if (err == 0)
1327 err = err2;
1328 return err;
1329 }
1330
1331 case EXT4_IOC_MOVE_EXT: {
1332 struct move_extent me;
1333 int err;
1334
1335 if (!(filp->f_mode & FMODE_READ) ||
1336 !(filp->f_mode & FMODE_WRITE))
1337 return -EBADF;
1338
1339 if (copy_from_user(&me,
1340 (struct move_extent __user *)arg, sizeof(me)))
1341 return -EFAULT;
1342 me.moved_len = 0;
1343
1344 CLASS(fd, donor)(me.donor_fd);
1345 if (fd_empty(donor))
1346 return -EBADF;
1347
1348 if (!(fd_file(donor)->f_mode & FMODE_WRITE))
1349 return -EBADF;
1350
1351 if (ext4_has_feature_bigalloc(sb)) {
1352 ext4_msg(sb, KERN_ERR,
1353 "Online defrag not supported with bigalloc");
1354 return -EOPNOTSUPP;
1355 } else if (IS_DAX(inode)) {
1356 ext4_msg(sb, KERN_ERR,
1357 "Online defrag not supported with DAX");
1358 return -EOPNOTSUPP;
1359 }
1360
1361 err = mnt_want_write_file(filp);
1362 if (err)
1363 return err;
1364
1365 err = ext4_move_extents(filp, fd_file(donor), me.orig_start,
1366 me.donor_start, me.len, &me.moved_len);
1367 mnt_drop_write_file(filp);
1368
1369 if (copy_to_user((struct move_extent __user *)arg,
1370 &me, sizeof(me)))
1371 err = -EFAULT;
1372 return err;
1373 }
1374
1375 case EXT4_IOC_GROUP_ADD: {
1376 struct ext4_new_group_data input;
1377
1378 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
1379 sizeof(input)))
1380 return -EFAULT;
1381
1382 return ext4_ioctl_group_add(filp, &input);
1383 }
1384
1385 case EXT4_IOC_MIGRATE:
1386 {
1387 int err;
1388 if (!inode_owner_or_capable(idmap, inode))
1389 return -EACCES;
1390
1391 err = mnt_want_write_file(filp);
1392 if (err)
1393 return err;
1394 /*
1395 * inode_mutex prevent write and truncate on the file.
1396 * Read still goes through. We take i_data_sem in
1397 * ext4_ext_swap_inode_data before we switch the
1398 * inode format to prevent read.
1399 */
1400 inode_lock((inode));
1401 err = ext4_ext_migrate(inode);
1402 inode_unlock((inode));
1403 mnt_drop_write_file(filp);
1404 return err;
1405 }
1406
1407 case EXT4_IOC_ALLOC_DA_BLKS:
1408 {
1409 int err;
1410 if (!inode_owner_or_capable(idmap, inode))
1411 return -EACCES;
1412
1413 err = mnt_want_write_file(filp);
1414 if (err)
1415 return err;
1416 err = ext4_alloc_da_blocks(inode);
1417 mnt_drop_write_file(filp);
1418 return err;
1419 }
1420
1421 case EXT4_IOC_SWAP_BOOT:
1422 {
1423 int err;
1424 if (!(filp->f_mode & FMODE_WRITE))
1425 return -EBADF;
1426 err = mnt_want_write_file(filp);
1427 if (err)
1428 return err;
1429 err = swap_inode_boot_loader(sb, idmap, inode);
1430 mnt_drop_write_file(filp);
1431 return err;
1432 }
1433
1434 case EXT4_IOC_RESIZE_FS: {
1435 ext4_fsblk_t n_blocks_count;
1436 int err = 0, err2 = 0;
1437 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
1438
1439 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1440 sizeof(__u64))) {
1441 return -EFAULT;
1442 }
1443
1444 err = ext4_resize_begin(sb);
1445 if (err)
1446 return err;
1447
1448 err = mnt_want_write_file(filp);
1449 if (err)
1450 goto resizefs_out;
1451
1452 err = ext4_resize_fs(sb, n_blocks_count);
1453 if (EXT4_SB(sb)->s_journal) {
1454 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE, NULL);
1455 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1456 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1457 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1458 }
1459 if (err == 0)
1460 err = err2;
1461 mnt_drop_write_file(filp);
1462 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1463 ext4_has_group_desc_csum(sb) &&
1464 test_opt(sb, INIT_INODE_TABLE))
1465 err = ext4_register_li_request(sb, o_group);
1466
1467resizefs_out:
1468 err2 = ext4_resize_end(sb, true);
1469 if (err == 0)
1470 err = err2;
1471 return err;
1472 }
1473
1474 case FITRIM:
1475 {
1476 struct fstrim_range range;
1477 int ret = 0;
1478
1479 if (!capable(CAP_SYS_ADMIN))
1480 return -EPERM;
1481
1482 if (!bdev_max_discard_sectors(sb->s_bdev))
1483 return -EOPNOTSUPP;
1484
1485 /*
1486 * We haven't replayed the journal, so we cannot use our
1487 * block-bitmap-guided storage zapping commands.
1488 */
1489 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1490 return -EROFS;
1491
1492 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1493 sizeof(range)))
1494 return -EFAULT;
1495
1496 ret = ext4_trim_fs(sb, &range);
1497 if (ret < 0)
1498 return ret;
1499
1500 if (copy_to_user((struct fstrim_range __user *)arg, &range,
1501 sizeof(range)))
1502 return -EFAULT;
1503
1504 return 0;
1505 }
1506 case EXT4_IOC_PRECACHE_EXTENTS:
1507 return ext4_ext_precache(inode);
1508
1509 case FS_IOC_SET_ENCRYPTION_POLICY:
1510 if (!ext4_has_feature_encrypt(sb))
1511 return -EOPNOTSUPP;
1512 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1513
1514 case FS_IOC_GET_ENCRYPTION_PWSALT:
1515 return ext4_ioctl_get_encryption_pwsalt(filp, (void __user *)arg);
1516
1517 case FS_IOC_GET_ENCRYPTION_POLICY:
1518 if (!ext4_has_feature_encrypt(sb))
1519 return -EOPNOTSUPP;
1520 return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1521
1522 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1523 if (!ext4_has_feature_encrypt(sb))
1524 return -EOPNOTSUPP;
1525 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg);
1526
1527 case FS_IOC_ADD_ENCRYPTION_KEY:
1528 if (!ext4_has_feature_encrypt(sb))
1529 return -EOPNOTSUPP;
1530 return fscrypt_ioctl_add_key(filp, (void __user *)arg);
1531
1532 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1533 if (!ext4_has_feature_encrypt(sb))
1534 return -EOPNOTSUPP;
1535 return fscrypt_ioctl_remove_key(filp, (void __user *)arg);
1536
1537 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1538 if (!ext4_has_feature_encrypt(sb))
1539 return -EOPNOTSUPP;
1540 return fscrypt_ioctl_remove_key_all_users(filp,
1541 (void __user *)arg);
1542 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1543 if (!ext4_has_feature_encrypt(sb))
1544 return -EOPNOTSUPP;
1545 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg);
1546
1547 case FS_IOC_GET_ENCRYPTION_NONCE:
1548 if (!ext4_has_feature_encrypt(sb))
1549 return -EOPNOTSUPP;
1550 return fscrypt_ioctl_get_nonce(filp, (void __user *)arg);
1551
1552 case EXT4_IOC_CLEAR_ES_CACHE:
1553 {
1554 if (!inode_owner_or_capable(idmap, inode))
1555 return -EACCES;
1556 ext4_clear_inode_es(inode);
1557 return 0;
1558 }
1559
1560 case EXT4_IOC_GETSTATE:
1561 {
1562 __u32 state = 0;
1563
1564 if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED))
1565 state |= EXT4_STATE_FLAG_EXT_PRECACHED;
1566 if (ext4_test_inode_state(inode, EXT4_STATE_NEW))
1567 state |= EXT4_STATE_FLAG_NEW;
1568 if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
1569 state |= EXT4_STATE_FLAG_NEWENTRY;
1570 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE))
1571 state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE;
1572
1573 return put_user(state, (__u32 __user *) arg);
1574 }
1575
1576 case EXT4_IOC_GET_ES_CACHE:
1577 return ext4_ioctl_get_es_cache(filp, arg);
1578
1579 case EXT4_IOC_SHUTDOWN:
1580 return ext4_ioctl_shutdown(sb, arg);
1581
1582 case FS_IOC_ENABLE_VERITY:
1583 if (!ext4_has_feature_verity(sb))
1584 return -EOPNOTSUPP;
1585 return fsverity_ioctl_enable(filp, (const void __user *)arg);
1586
1587 case FS_IOC_MEASURE_VERITY:
1588 if (!ext4_has_feature_verity(sb))
1589 return -EOPNOTSUPP;
1590 return fsverity_ioctl_measure(filp, (void __user *)arg);
1591
1592 case FS_IOC_READ_VERITY_METADATA:
1593 if (!ext4_has_feature_verity(sb))
1594 return -EOPNOTSUPP;
1595 return fsverity_ioctl_read_metadata(filp,
1596 (const void __user *)arg);
1597
1598 case EXT4_IOC_CHECKPOINT:
1599 return ext4_ioctl_checkpoint(filp, arg);
1600
1601 case FS_IOC_GETFSLABEL:
1602 return ext4_ioctl_getlabel(EXT4_SB(sb), (void __user *)arg);
1603
1604 case FS_IOC_SETFSLABEL:
1605 return ext4_ioctl_setlabel(filp,
1606 (const void __user *)arg);
1607
1608 case EXT4_IOC_GETFSUUID:
1609 return ext4_ioctl_getuuid(EXT4_SB(sb), (void __user *)arg);
1610 case EXT4_IOC_SETFSUUID:
1611 return ext4_ioctl_setuuid(filp, (const void __user *)arg);
1612 default:
1613 return -ENOTTY;
1614 }
1615}
1616
1617long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1618{
1619 return __ext4_ioctl(filp, cmd, arg);
1620}
1621
1622#ifdef CONFIG_COMPAT
1623long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1624{
1625 /* These are just misnamed, they actually get/put from/to user an int */
1626 switch (cmd) {
1627 case EXT4_IOC32_GETVERSION:
1628 cmd = EXT4_IOC_GETVERSION;
1629 break;
1630 case EXT4_IOC32_SETVERSION:
1631 cmd = EXT4_IOC_SETVERSION;
1632 break;
1633 case EXT4_IOC32_GROUP_EXTEND:
1634 cmd = EXT4_IOC_GROUP_EXTEND;
1635 break;
1636 case EXT4_IOC32_GETVERSION_OLD:
1637 cmd = EXT4_IOC_GETVERSION_OLD;
1638 break;
1639 case EXT4_IOC32_SETVERSION_OLD:
1640 cmd = EXT4_IOC_SETVERSION_OLD;
1641 break;
1642 case EXT4_IOC32_GETRSVSZ:
1643 cmd = EXT4_IOC_GETRSVSZ;
1644 break;
1645 case EXT4_IOC32_SETRSVSZ:
1646 cmd = EXT4_IOC_SETRSVSZ;
1647 break;
1648 case EXT4_IOC32_GROUP_ADD: {
1649 struct compat_ext4_new_group_input __user *uinput;
1650 struct ext4_new_group_data input;
1651 int err;
1652
1653 uinput = compat_ptr(arg);
1654 err = get_user(input.group, &uinput->group);
1655 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1656 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1657 err |= get_user(input.inode_table, &uinput->inode_table);
1658 err |= get_user(input.blocks_count, &uinput->blocks_count);
1659 err |= get_user(input.reserved_blocks,
1660 &uinput->reserved_blocks);
1661 if (err)
1662 return -EFAULT;
1663 return ext4_ioctl_group_add(file, &input);
1664 }
1665 case EXT4_IOC_MOVE_EXT:
1666 case EXT4_IOC_RESIZE_FS:
1667 case FITRIM:
1668 case EXT4_IOC_PRECACHE_EXTENTS:
1669 case FS_IOC_SET_ENCRYPTION_POLICY:
1670 case FS_IOC_GET_ENCRYPTION_PWSALT:
1671 case FS_IOC_GET_ENCRYPTION_POLICY:
1672 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1673 case FS_IOC_ADD_ENCRYPTION_KEY:
1674 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1675 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1676 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1677 case FS_IOC_GET_ENCRYPTION_NONCE:
1678 case EXT4_IOC_SHUTDOWN:
1679 case FS_IOC_GETFSMAP:
1680 case FS_IOC_ENABLE_VERITY:
1681 case FS_IOC_MEASURE_VERITY:
1682 case FS_IOC_READ_VERITY_METADATA:
1683 case EXT4_IOC_CLEAR_ES_CACHE:
1684 case EXT4_IOC_GETSTATE:
1685 case EXT4_IOC_GET_ES_CACHE:
1686 case EXT4_IOC_CHECKPOINT:
1687 case FS_IOC_GETFSLABEL:
1688 case FS_IOC_SETFSLABEL:
1689 case EXT4_IOC_GETFSUUID:
1690 case EXT4_IOC_SETFSUUID:
1691 break;
1692 default:
1693 return -ENOIOCTLCMD;
1694 }
1695 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1696}
1697#endif
1698
1699static void set_overhead(struct ext4_super_block *es, const void *arg)
1700{
1701 es->s_overhead_clusters = cpu_to_le32(*((unsigned long *) arg));
1702}
1703
1704int ext4_update_overhead(struct super_block *sb, bool force)
1705{
1706 struct ext4_sb_info *sbi = EXT4_SB(sb);
1707
1708 if (sb_rdonly(sb))
1709 return 0;
1710 if (!force &&
1711 (sbi->s_overhead == 0 ||
1712 sbi->s_overhead == le32_to_cpu(sbi->s_es->s_overhead_clusters)))
1713 return 0;
1714 return ext4_update_superblocks_fn(sb, set_overhead, &sbi->s_overhead);
1715}
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * linux/fs/ext4/ioctl.c
4 *
5 * Copyright (C) 1993, 1994, 1995
6 * Remy Card (card@masi.ibp.fr)
7 * Laboratoire MASI - Institut Blaise Pascal
8 * Universite Pierre et Marie Curie (Paris VI)
9 */
10
11#include <linux/fs.h>
12#include <linux/capability.h>
13#include <linux/time.h>
14#include <linux/compat.h>
15#include <linux/mount.h>
16#include <linux/file.h>
17#include <linux/quotaops.h>
18#include <linux/random.h>
19#include <linux/uuid.h>
20#include <linux/uaccess.h>
21#include <linux/delay.h>
22#include <linux/iversion.h>
23#include "ext4_jbd2.h"
24#include "ext4.h"
25#include <linux/fsmap.h>
26#include "fsmap.h"
27#include <trace/events/ext4.h>
28
29/**
30 * Swap memory between @a and @b for @len bytes.
31 *
32 * @a: pointer to first memory area
33 * @b: pointer to second memory area
34 * @len: number of bytes to swap
35 *
36 */
37static void memswap(void *a, void *b, size_t len)
38{
39 unsigned char *ap, *bp;
40
41 ap = (unsigned char *)a;
42 bp = (unsigned char *)b;
43 while (len-- > 0) {
44 swap(*ap, *bp);
45 ap++;
46 bp++;
47 }
48}
49
50/**
51 * Swap i_data and associated attributes between @inode1 and @inode2.
52 * This function is used for the primary swap between inode1 and inode2
53 * and also to revert this primary swap in case of errors.
54 *
55 * Therefore you have to make sure, that calling this method twice
56 * will revert all changes.
57 *
58 * @inode1: pointer to first inode
59 * @inode2: pointer to second inode
60 */
61static void swap_inode_data(struct inode *inode1, struct inode *inode2)
62{
63 loff_t isize;
64 struct ext4_inode_info *ei1;
65 struct ext4_inode_info *ei2;
66 unsigned long tmp;
67
68 ei1 = EXT4_I(inode1);
69 ei2 = EXT4_I(inode2);
70
71 swap(inode1->i_version, inode2->i_version);
72 swap(inode1->i_atime, inode2->i_atime);
73 swap(inode1->i_mtime, inode2->i_mtime);
74
75 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
76 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
77 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
78 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
79 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
80 swap(ei1->i_disksize, ei2->i_disksize);
81 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
82 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
83
84 isize = i_size_read(inode1);
85 i_size_write(inode1, i_size_read(inode2));
86 i_size_write(inode2, isize);
87}
88
89static void reset_inode_seed(struct inode *inode)
90{
91 struct ext4_inode_info *ei = EXT4_I(inode);
92 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
93 __le32 inum = cpu_to_le32(inode->i_ino);
94 __le32 gen = cpu_to_le32(inode->i_generation);
95 __u32 csum;
96
97 if (!ext4_has_metadata_csum(inode->i_sb))
98 return;
99
100 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
101 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
102}
103
104/**
105 * Swap the information from the given @inode and the inode
106 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
107 * important fields of the inodes.
108 *
109 * @sb: the super block of the filesystem
110 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
111 *
112 */
113static long swap_inode_boot_loader(struct super_block *sb,
114 struct inode *inode)
115{
116 handle_t *handle;
117 int err;
118 struct inode *inode_bl;
119 struct ext4_inode_info *ei_bl;
120 qsize_t size, size_bl, diff;
121 blkcnt_t blocks;
122 unsigned short bytes;
123
124 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL);
125 if (IS_ERR(inode_bl))
126 return PTR_ERR(inode_bl);
127 ei_bl = EXT4_I(inode_bl);
128
129 /* Protect orig inodes against a truncate and make sure,
130 * that only 1 swap_inode_boot_loader is running. */
131 lock_two_nondirectories(inode, inode_bl);
132
133 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
134 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
135 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
136 ext4_has_inline_data(inode)) {
137 err = -EINVAL;
138 goto journal_err_out;
139 }
140
141 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
142 !inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) {
143 err = -EPERM;
144 goto journal_err_out;
145 }
146
147 down_write(&EXT4_I(inode)->i_mmap_sem);
148 err = filemap_write_and_wait(inode->i_mapping);
149 if (err)
150 goto err_out;
151
152 err = filemap_write_and_wait(inode_bl->i_mapping);
153 if (err)
154 goto err_out;
155
156 /* Wait for all existing dio workers */
157 inode_dio_wait(inode);
158 inode_dio_wait(inode_bl);
159
160 truncate_inode_pages(&inode->i_data, 0);
161 truncate_inode_pages(&inode_bl->i_data, 0);
162
163 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
164 if (IS_ERR(handle)) {
165 err = -EINVAL;
166 goto err_out;
167 }
168
169 /* Protect extent tree against block allocations via delalloc */
170 ext4_double_down_write_data_sem(inode, inode_bl);
171
172 if (inode_bl->i_nlink == 0) {
173 /* this inode has never been used as a BOOT_LOADER */
174 set_nlink(inode_bl, 1);
175 i_uid_write(inode_bl, 0);
176 i_gid_write(inode_bl, 0);
177 inode_bl->i_flags = 0;
178 ei_bl->i_flags = 0;
179 inode_set_iversion(inode_bl, 1);
180 i_size_write(inode_bl, 0);
181 inode_bl->i_mode = S_IFREG;
182 if (ext4_has_feature_extents(sb)) {
183 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
184 ext4_ext_tree_init(handle, inode_bl);
185 } else
186 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
187 }
188
189 err = dquot_initialize(inode);
190 if (err)
191 goto err_out1;
192
193 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
194 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
195 diff = size - size_bl;
196 swap_inode_data(inode, inode_bl);
197
198 inode->i_ctime = inode_bl->i_ctime = current_time(inode);
199
200 inode->i_generation = prandom_u32();
201 inode_bl->i_generation = prandom_u32();
202 reset_inode_seed(inode);
203 reset_inode_seed(inode_bl);
204
205 ext4_discard_preallocations(inode, 0);
206
207 err = ext4_mark_inode_dirty(handle, inode);
208 if (err < 0) {
209 /* No need to update quota information. */
210 ext4_warning(inode->i_sb,
211 "couldn't mark inode #%lu dirty (err %d)",
212 inode->i_ino, err);
213 /* Revert all changes: */
214 swap_inode_data(inode, inode_bl);
215 ext4_mark_inode_dirty(handle, inode);
216 goto err_out1;
217 }
218
219 blocks = inode_bl->i_blocks;
220 bytes = inode_bl->i_bytes;
221 inode_bl->i_blocks = inode->i_blocks;
222 inode_bl->i_bytes = inode->i_bytes;
223 err = ext4_mark_inode_dirty(handle, inode_bl);
224 if (err < 0) {
225 /* No need to update quota information. */
226 ext4_warning(inode_bl->i_sb,
227 "couldn't mark inode #%lu dirty (err %d)",
228 inode_bl->i_ino, err);
229 goto revert;
230 }
231
232 /* Bootloader inode should not be counted into quota information. */
233 if (diff > 0)
234 dquot_free_space(inode, diff);
235 else
236 err = dquot_alloc_space(inode, -1 * diff);
237
238 if (err < 0) {
239revert:
240 /* Revert all changes: */
241 inode_bl->i_blocks = blocks;
242 inode_bl->i_bytes = bytes;
243 swap_inode_data(inode, inode_bl);
244 ext4_mark_inode_dirty(handle, inode);
245 ext4_mark_inode_dirty(handle, inode_bl);
246 }
247
248err_out1:
249 ext4_journal_stop(handle);
250 ext4_double_up_write_data_sem(inode, inode_bl);
251
252err_out:
253 up_write(&EXT4_I(inode)->i_mmap_sem);
254journal_err_out:
255 unlock_two_nondirectories(inode, inode_bl);
256 iput(inode_bl);
257 return err;
258}
259
260#ifdef CONFIG_FS_ENCRYPTION
261static int uuid_is_zero(__u8 u[16])
262{
263 int i;
264
265 for (i = 0; i < 16; i++)
266 if (u[i])
267 return 0;
268 return 1;
269}
270#endif
271
272/*
273 * If immutable is set and we are not clearing it, we're not allowed to change
274 * anything else in the inode. Don't error out if we're only trying to set
275 * immutable on an immutable file.
276 */
277static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
278 unsigned int flags)
279{
280 struct ext4_inode_info *ei = EXT4_I(inode);
281 unsigned int oldflags = ei->i_flags;
282
283 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
284 return 0;
285
286 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
287 return -EPERM;
288 if (ext4_has_feature_project(inode->i_sb) &&
289 __kprojid_val(ei->i_projid) != new_projid)
290 return -EPERM;
291
292 return 0;
293}
294
295static void ext4_dax_dontcache(struct inode *inode, unsigned int flags)
296{
297 struct ext4_inode_info *ei = EXT4_I(inode);
298
299 if (S_ISDIR(inode->i_mode))
300 return;
301
302 if (test_opt2(inode->i_sb, DAX_NEVER) ||
303 test_opt(inode->i_sb, DAX_ALWAYS))
304 return;
305
306 if ((ei->i_flags ^ flags) & EXT4_DAX_FL)
307 d_mark_dontcache(inode);
308}
309
310static bool dax_compatible(struct inode *inode, unsigned int oldflags,
311 unsigned int flags)
312{
313 if (flags & EXT4_DAX_FL) {
314 if ((oldflags & EXT4_DAX_MUT_EXCL) ||
315 ext4_test_inode_state(inode,
316 EXT4_STATE_VERITY_IN_PROGRESS)) {
317 return false;
318 }
319 }
320
321 if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL))
322 return false;
323
324 return true;
325}
326
327static int ext4_ioctl_setflags(struct inode *inode,
328 unsigned int flags)
329{
330 struct ext4_inode_info *ei = EXT4_I(inode);
331 handle_t *handle = NULL;
332 int err = -EPERM, migrate = 0;
333 struct ext4_iloc iloc;
334 unsigned int oldflags, mask, i;
335 struct super_block *sb = inode->i_sb;
336
337 /* Is it quota file? Do not allow user to mess with it */
338 if (ext4_is_quota_file(inode))
339 goto flags_out;
340
341 oldflags = ei->i_flags;
342
343 err = vfs_ioc_setflags_prepare(inode, oldflags, flags);
344 if (err)
345 goto flags_out;
346
347 /*
348 * The JOURNAL_DATA flag can only be changed by
349 * the relevant capability.
350 */
351 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
352 if (!capable(CAP_SYS_RESOURCE))
353 goto flags_out;
354 }
355
356 if (!dax_compatible(inode, oldflags, flags)) {
357 err = -EOPNOTSUPP;
358 goto flags_out;
359 }
360
361 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
362 migrate = 1;
363
364 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) {
365 if (!ext4_has_feature_casefold(sb)) {
366 err = -EOPNOTSUPP;
367 goto flags_out;
368 }
369
370 if (!S_ISDIR(inode->i_mode)) {
371 err = -ENOTDIR;
372 goto flags_out;
373 }
374
375 if (!ext4_empty_dir(inode)) {
376 err = -ENOTEMPTY;
377 goto flags_out;
378 }
379 }
380
381 /*
382 * Wait for all pending directio and then flush all the dirty pages
383 * for this file. The flush marks all the pages readonly, so any
384 * subsequent attempt to write to the file (particularly mmap pages)
385 * will come through the filesystem and fail.
386 */
387 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
388 (flags & EXT4_IMMUTABLE_FL)) {
389 inode_dio_wait(inode);
390 err = filemap_write_and_wait(inode->i_mapping);
391 if (err)
392 goto flags_out;
393 }
394
395 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
396 if (IS_ERR(handle)) {
397 err = PTR_ERR(handle);
398 goto flags_out;
399 }
400 if (IS_SYNC(inode))
401 ext4_handle_sync(handle);
402 err = ext4_reserve_inode_write(handle, inode, &iloc);
403 if (err)
404 goto flags_err;
405
406 ext4_dax_dontcache(inode, flags);
407
408 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
409 if (!(mask & EXT4_FL_USER_MODIFIABLE))
410 continue;
411 /* These flags get special treatment later */
412 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
413 continue;
414 if (mask & flags)
415 ext4_set_inode_flag(inode, i);
416 else
417 ext4_clear_inode_flag(inode, i);
418 }
419
420 ext4_set_inode_flags(inode, false);
421
422 inode->i_ctime = current_time(inode);
423
424 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
425flags_err:
426 ext4_journal_stop(handle);
427 if (err)
428 goto flags_out;
429
430 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
431 /*
432 * Changes to the journaling mode can cause unsafe changes to
433 * S_DAX if the inode is DAX
434 */
435 if (IS_DAX(inode)) {
436 err = -EBUSY;
437 goto flags_out;
438 }
439
440 err = ext4_change_inode_journal_flag(inode,
441 flags & EXT4_JOURNAL_DATA_FL);
442 if (err)
443 goto flags_out;
444 }
445 if (migrate) {
446 if (flags & EXT4_EXTENTS_FL)
447 err = ext4_ext_migrate(inode);
448 else
449 err = ext4_ind_migrate(inode);
450 }
451
452flags_out:
453 return err;
454}
455
456#ifdef CONFIG_QUOTA
457static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
458{
459 struct inode *inode = file_inode(filp);
460 struct super_block *sb = inode->i_sb;
461 struct ext4_inode_info *ei = EXT4_I(inode);
462 int err, rc;
463 handle_t *handle;
464 kprojid_t kprojid;
465 struct ext4_iloc iloc;
466 struct ext4_inode *raw_inode;
467 struct dquot *transfer_to[MAXQUOTAS] = { };
468
469 if (!ext4_has_feature_project(sb)) {
470 if (projid != EXT4_DEF_PROJID)
471 return -EOPNOTSUPP;
472 else
473 return 0;
474 }
475
476 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
477 return -EOPNOTSUPP;
478
479 kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
480
481 if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
482 return 0;
483
484 err = -EPERM;
485 /* Is it quota file? Do not allow user to mess with it */
486 if (ext4_is_quota_file(inode))
487 return err;
488
489 err = ext4_get_inode_loc(inode, &iloc);
490 if (err)
491 return err;
492
493 raw_inode = ext4_raw_inode(&iloc);
494 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
495 err = ext4_expand_extra_isize(inode,
496 EXT4_SB(sb)->s_want_extra_isize,
497 &iloc);
498 if (err)
499 return err;
500 } else {
501 brelse(iloc.bh);
502 }
503
504 err = dquot_initialize(inode);
505 if (err)
506 return err;
507
508 handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
509 EXT4_QUOTA_INIT_BLOCKS(sb) +
510 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
511 if (IS_ERR(handle))
512 return PTR_ERR(handle);
513
514 err = ext4_reserve_inode_write(handle, inode, &iloc);
515 if (err)
516 goto out_stop;
517
518 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
519 if (!IS_ERR(transfer_to[PRJQUOTA])) {
520
521 /* __dquot_transfer() calls back ext4_get_inode_usage() which
522 * counts xattr inode references.
523 */
524 down_read(&EXT4_I(inode)->xattr_sem);
525 err = __dquot_transfer(inode, transfer_to);
526 up_read(&EXT4_I(inode)->xattr_sem);
527 dqput(transfer_to[PRJQUOTA]);
528 if (err)
529 goto out_dirty;
530 }
531
532 EXT4_I(inode)->i_projid = kprojid;
533 inode->i_ctime = current_time(inode);
534out_dirty:
535 rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
536 if (!err)
537 err = rc;
538out_stop:
539 ext4_journal_stop(handle);
540 return err;
541}
542#else
543static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
544{
545 if (projid != EXT4_DEF_PROJID)
546 return -EOPNOTSUPP;
547 return 0;
548}
549#endif
550
551/* Transfer internal flags to xflags */
552static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
553{
554 __u32 xflags = 0;
555
556 if (iflags & EXT4_SYNC_FL)
557 xflags |= FS_XFLAG_SYNC;
558 if (iflags & EXT4_IMMUTABLE_FL)
559 xflags |= FS_XFLAG_IMMUTABLE;
560 if (iflags & EXT4_APPEND_FL)
561 xflags |= FS_XFLAG_APPEND;
562 if (iflags & EXT4_NODUMP_FL)
563 xflags |= FS_XFLAG_NODUMP;
564 if (iflags & EXT4_NOATIME_FL)
565 xflags |= FS_XFLAG_NOATIME;
566 if (iflags & EXT4_PROJINHERIT_FL)
567 xflags |= FS_XFLAG_PROJINHERIT;
568 if (iflags & EXT4_DAX_FL)
569 xflags |= FS_XFLAG_DAX;
570 return xflags;
571}
572
573#define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
574 FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
575 FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT | \
576 FS_XFLAG_DAX)
577
578/* Transfer xflags flags to internal */
579static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
580{
581 unsigned long iflags = 0;
582
583 if (xflags & FS_XFLAG_SYNC)
584 iflags |= EXT4_SYNC_FL;
585 if (xflags & FS_XFLAG_IMMUTABLE)
586 iflags |= EXT4_IMMUTABLE_FL;
587 if (xflags & FS_XFLAG_APPEND)
588 iflags |= EXT4_APPEND_FL;
589 if (xflags & FS_XFLAG_NODUMP)
590 iflags |= EXT4_NODUMP_FL;
591 if (xflags & FS_XFLAG_NOATIME)
592 iflags |= EXT4_NOATIME_FL;
593 if (xflags & FS_XFLAG_PROJINHERIT)
594 iflags |= EXT4_PROJINHERIT_FL;
595 if (xflags & FS_XFLAG_DAX)
596 iflags |= EXT4_DAX_FL;
597
598 return iflags;
599}
600
601static int ext4_shutdown(struct super_block *sb, unsigned long arg)
602{
603 struct ext4_sb_info *sbi = EXT4_SB(sb);
604 __u32 flags;
605
606 if (!capable(CAP_SYS_ADMIN))
607 return -EPERM;
608
609 if (get_user(flags, (__u32 __user *)arg))
610 return -EFAULT;
611
612 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
613 return -EINVAL;
614
615 if (ext4_forced_shutdown(sbi))
616 return 0;
617
618 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
619 trace_ext4_shutdown(sb, flags);
620
621 switch (flags) {
622 case EXT4_GOING_FLAGS_DEFAULT:
623 freeze_bdev(sb->s_bdev);
624 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
625 thaw_bdev(sb->s_bdev, sb);
626 break;
627 case EXT4_GOING_FLAGS_LOGFLUSH:
628 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
629 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
630 (void) ext4_force_commit(sb);
631 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
632 }
633 break;
634 case EXT4_GOING_FLAGS_NOLOGFLUSH:
635 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
636 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
637 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
638 break;
639 default:
640 return -EINVAL;
641 }
642 clear_opt(sb, DISCARD);
643 return 0;
644}
645
646struct getfsmap_info {
647 struct super_block *gi_sb;
648 struct fsmap_head __user *gi_data;
649 unsigned int gi_idx;
650 __u32 gi_last_flags;
651};
652
653static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
654{
655 struct getfsmap_info *info = priv;
656 struct fsmap fm;
657
658 trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
659
660 info->gi_last_flags = xfm->fmr_flags;
661 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
662 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
663 sizeof(struct fsmap)))
664 return -EFAULT;
665
666 return 0;
667}
668
669static int ext4_ioc_getfsmap(struct super_block *sb,
670 struct fsmap_head __user *arg)
671{
672 struct getfsmap_info info = { NULL };
673 struct ext4_fsmap_head xhead = {0};
674 struct fsmap_head head;
675 bool aborted = false;
676 int error;
677
678 if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
679 return -EFAULT;
680 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
681 memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
682 sizeof(head.fmh_keys[0].fmr_reserved)) ||
683 memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
684 sizeof(head.fmh_keys[1].fmr_reserved)))
685 return -EINVAL;
686 /*
687 * ext4 doesn't report file extents at all, so the only valid
688 * file offsets are the magic ones (all zeroes or all ones).
689 */
690 if (head.fmh_keys[0].fmr_offset ||
691 (head.fmh_keys[1].fmr_offset != 0 &&
692 head.fmh_keys[1].fmr_offset != -1ULL))
693 return -EINVAL;
694
695 xhead.fmh_iflags = head.fmh_iflags;
696 xhead.fmh_count = head.fmh_count;
697 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
698 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
699
700 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
701 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
702
703 info.gi_sb = sb;
704 info.gi_data = arg;
705 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
706 if (error == EXT4_QUERY_RANGE_ABORT) {
707 error = 0;
708 aborted = true;
709 } else if (error)
710 return error;
711
712 /* If we didn't abort, set the "last" flag in the last fmx */
713 if (!aborted && info.gi_idx) {
714 info.gi_last_flags |= FMR_OF_LAST;
715 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
716 &info.gi_last_flags,
717 sizeof(info.gi_last_flags)))
718 return -EFAULT;
719 }
720
721 /* copy back header */
722 head.fmh_entries = xhead.fmh_entries;
723 head.fmh_oflags = xhead.fmh_oflags;
724 if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
725 return -EFAULT;
726
727 return 0;
728}
729
730static long ext4_ioctl_group_add(struct file *file,
731 struct ext4_new_group_data *input)
732{
733 struct super_block *sb = file_inode(file)->i_sb;
734 int err, err2=0;
735
736 err = ext4_resize_begin(sb);
737 if (err)
738 return err;
739
740 if (ext4_has_feature_bigalloc(sb)) {
741 ext4_msg(sb, KERN_ERR,
742 "Online resizing not supported with bigalloc");
743 err = -EOPNOTSUPP;
744 goto group_add_out;
745 }
746
747 err = mnt_want_write_file(file);
748 if (err)
749 goto group_add_out;
750
751 err = ext4_group_add(sb, input);
752 if (EXT4_SB(sb)->s_journal) {
753 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
754 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
755 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
756 }
757 if (err == 0)
758 err = err2;
759 mnt_drop_write_file(file);
760 if (!err && ext4_has_group_desc_csum(sb) &&
761 test_opt(sb, INIT_INODE_TABLE))
762 err = ext4_register_li_request(sb, input->group);
763group_add_out:
764 ext4_resize_end(sb);
765 return err;
766}
767
768static void ext4_fill_fsxattr(struct inode *inode, struct fsxattr *fa)
769{
770 struct ext4_inode_info *ei = EXT4_I(inode);
771
772 simple_fill_fsxattr(fa, ext4_iflags_to_xflags(ei->i_flags &
773 EXT4_FL_USER_VISIBLE));
774
775 if (ext4_has_feature_project(inode->i_sb))
776 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid);
777}
778
779/* So that the fiemap access checks can't overflow on 32 bit machines. */
780#define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent))
781
782static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg)
783{
784 struct fiemap fiemap;
785 struct fiemap __user *ufiemap = (struct fiemap __user *) arg;
786 struct fiemap_extent_info fieinfo = { 0, };
787 struct inode *inode = file_inode(filp);
788 int error;
789
790 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap)))
791 return -EFAULT;
792
793 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS)
794 return -EINVAL;
795
796 fieinfo.fi_flags = fiemap.fm_flags;
797 fieinfo.fi_extents_max = fiemap.fm_extent_count;
798 fieinfo.fi_extents_start = ufiemap->fm_extents;
799
800 error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start,
801 fiemap.fm_length);
802 fiemap.fm_flags = fieinfo.fi_flags;
803 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
804 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap)))
805 error = -EFAULT;
806
807 return error;
808}
809
810long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
811{
812 struct inode *inode = file_inode(filp);
813 struct super_block *sb = inode->i_sb;
814 struct ext4_inode_info *ei = EXT4_I(inode);
815 unsigned int flags;
816
817 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
818
819 switch (cmd) {
820 case FS_IOC_GETFSMAP:
821 return ext4_ioc_getfsmap(sb, (void __user *)arg);
822 case FS_IOC_GETFLAGS:
823 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
824 if (S_ISREG(inode->i_mode))
825 flags &= ~EXT4_PROJINHERIT_FL;
826 return put_user(flags, (int __user *) arg);
827 case FS_IOC_SETFLAGS: {
828 int err;
829
830 if (!inode_owner_or_capable(inode))
831 return -EACCES;
832
833 if (get_user(flags, (int __user *) arg))
834 return -EFAULT;
835
836 if (flags & ~EXT4_FL_USER_VISIBLE)
837 return -EOPNOTSUPP;
838 /*
839 * chattr(1) grabs flags via GETFLAGS, modifies the result and
840 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
841 * more restrictive than just silently masking off visible but
842 * not settable flags as we always did.
843 */
844 flags &= EXT4_FL_USER_MODIFIABLE;
845 if (ext4_mask_flags(inode->i_mode, flags) != flags)
846 return -EOPNOTSUPP;
847
848 err = mnt_want_write_file(filp);
849 if (err)
850 return err;
851
852 inode_lock(inode);
853 err = ext4_ioctl_check_immutable(inode,
854 from_kprojid(&init_user_ns, ei->i_projid),
855 flags);
856 if (!err)
857 err = ext4_ioctl_setflags(inode, flags);
858 inode_unlock(inode);
859 mnt_drop_write_file(filp);
860 return err;
861 }
862 case EXT4_IOC_GETVERSION:
863 case EXT4_IOC_GETVERSION_OLD:
864 return put_user(inode->i_generation, (int __user *) arg);
865 case EXT4_IOC_SETVERSION:
866 case EXT4_IOC_SETVERSION_OLD: {
867 handle_t *handle;
868 struct ext4_iloc iloc;
869 __u32 generation;
870 int err;
871
872 if (!inode_owner_or_capable(inode))
873 return -EPERM;
874
875 if (ext4_has_metadata_csum(inode->i_sb)) {
876 ext4_warning(sb, "Setting inode version is not "
877 "supported with metadata_csum enabled.");
878 return -ENOTTY;
879 }
880
881 err = mnt_want_write_file(filp);
882 if (err)
883 return err;
884 if (get_user(generation, (int __user *) arg)) {
885 err = -EFAULT;
886 goto setversion_out;
887 }
888
889 inode_lock(inode);
890 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
891 if (IS_ERR(handle)) {
892 err = PTR_ERR(handle);
893 goto unlock_out;
894 }
895 err = ext4_reserve_inode_write(handle, inode, &iloc);
896 if (err == 0) {
897 inode->i_ctime = current_time(inode);
898 inode->i_generation = generation;
899 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
900 }
901 ext4_journal_stop(handle);
902
903unlock_out:
904 inode_unlock(inode);
905setversion_out:
906 mnt_drop_write_file(filp);
907 return err;
908 }
909 case EXT4_IOC_GROUP_EXTEND: {
910 ext4_fsblk_t n_blocks_count;
911 int err, err2=0;
912
913 err = ext4_resize_begin(sb);
914 if (err)
915 return err;
916
917 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
918 err = -EFAULT;
919 goto group_extend_out;
920 }
921
922 if (ext4_has_feature_bigalloc(sb)) {
923 ext4_msg(sb, KERN_ERR,
924 "Online resizing not supported with bigalloc");
925 err = -EOPNOTSUPP;
926 goto group_extend_out;
927 }
928
929 err = mnt_want_write_file(filp);
930 if (err)
931 goto group_extend_out;
932
933 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
934 if (EXT4_SB(sb)->s_journal) {
935 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
936 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
937 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
938 }
939 if (err == 0)
940 err = err2;
941 mnt_drop_write_file(filp);
942group_extend_out:
943 ext4_resize_end(sb);
944 return err;
945 }
946
947 case EXT4_IOC_MOVE_EXT: {
948 struct move_extent me;
949 struct fd donor;
950 int err;
951
952 if (!(filp->f_mode & FMODE_READ) ||
953 !(filp->f_mode & FMODE_WRITE))
954 return -EBADF;
955
956 if (copy_from_user(&me,
957 (struct move_extent __user *)arg, sizeof(me)))
958 return -EFAULT;
959 me.moved_len = 0;
960
961 donor = fdget(me.donor_fd);
962 if (!donor.file)
963 return -EBADF;
964
965 if (!(donor.file->f_mode & FMODE_WRITE)) {
966 err = -EBADF;
967 goto mext_out;
968 }
969
970 if (ext4_has_feature_bigalloc(sb)) {
971 ext4_msg(sb, KERN_ERR,
972 "Online defrag not supported with bigalloc");
973 err = -EOPNOTSUPP;
974 goto mext_out;
975 } else if (IS_DAX(inode)) {
976 ext4_msg(sb, KERN_ERR,
977 "Online defrag not supported with DAX");
978 err = -EOPNOTSUPP;
979 goto mext_out;
980 }
981
982 err = mnt_want_write_file(filp);
983 if (err)
984 goto mext_out;
985
986 err = ext4_move_extents(filp, donor.file, me.orig_start,
987 me.donor_start, me.len, &me.moved_len);
988 mnt_drop_write_file(filp);
989
990 if (copy_to_user((struct move_extent __user *)arg,
991 &me, sizeof(me)))
992 err = -EFAULT;
993mext_out:
994 fdput(donor);
995 return err;
996 }
997
998 case EXT4_IOC_GROUP_ADD: {
999 struct ext4_new_group_data input;
1000
1001 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
1002 sizeof(input)))
1003 return -EFAULT;
1004
1005 return ext4_ioctl_group_add(filp, &input);
1006 }
1007
1008 case EXT4_IOC_MIGRATE:
1009 {
1010 int err;
1011 if (!inode_owner_or_capable(inode))
1012 return -EACCES;
1013
1014 err = mnt_want_write_file(filp);
1015 if (err)
1016 return err;
1017 /*
1018 * inode_mutex prevent write and truncate on the file.
1019 * Read still goes through. We take i_data_sem in
1020 * ext4_ext_swap_inode_data before we switch the
1021 * inode format to prevent read.
1022 */
1023 inode_lock((inode));
1024 err = ext4_ext_migrate(inode);
1025 inode_unlock((inode));
1026 mnt_drop_write_file(filp);
1027 return err;
1028 }
1029
1030 case EXT4_IOC_ALLOC_DA_BLKS:
1031 {
1032 int err;
1033 if (!inode_owner_or_capable(inode))
1034 return -EACCES;
1035
1036 err = mnt_want_write_file(filp);
1037 if (err)
1038 return err;
1039 err = ext4_alloc_da_blocks(inode);
1040 mnt_drop_write_file(filp);
1041 return err;
1042 }
1043
1044 case EXT4_IOC_SWAP_BOOT:
1045 {
1046 int err;
1047 if (!(filp->f_mode & FMODE_WRITE))
1048 return -EBADF;
1049 err = mnt_want_write_file(filp);
1050 if (err)
1051 return err;
1052 err = swap_inode_boot_loader(sb, inode);
1053 mnt_drop_write_file(filp);
1054 return err;
1055 }
1056
1057 case EXT4_IOC_RESIZE_FS: {
1058 ext4_fsblk_t n_blocks_count;
1059 int err = 0, err2 = 0;
1060 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
1061
1062 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1063 sizeof(__u64))) {
1064 return -EFAULT;
1065 }
1066
1067 err = ext4_resize_begin(sb);
1068 if (err)
1069 return err;
1070
1071 err = mnt_want_write_file(filp);
1072 if (err)
1073 goto resizefs_out;
1074
1075 err = ext4_resize_fs(sb, n_blocks_count);
1076 if (EXT4_SB(sb)->s_journal) {
1077 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1078 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
1079 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1080 }
1081 if (err == 0)
1082 err = err2;
1083 mnt_drop_write_file(filp);
1084 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1085 ext4_has_group_desc_csum(sb) &&
1086 test_opt(sb, INIT_INODE_TABLE))
1087 err = ext4_register_li_request(sb, o_group);
1088
1089resizefs_out:
1090 ext4_resize_end(sb);
1091 return err;
1092 }
1093
1094 case FITRIM:
1095 {
1096 struct request_queue *q = bdev_get_queue(sb->s_bdev);
1097 struct fstrim_range range;
1098 int ret = 0;
1099
1100 if (!capable(CAP_SYS_ADMIN))
1101 return -EPERM;
1102
1103 if (!blk_queue_discard(q))
1104 return -EOPNOTSUPP;
1105
1106 /*
1107 * We haven't replayed the journal, so we cannot use our
1108 * block-bitmap-guided storage zapping commands.
1109 */
1110 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1111 return -EROFS;
1112
1113 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1114 sizeof(range)))
1115 return -EFAULT;
1116
1117 range.minlen = max((unsigned int)range.minlen,
1118 q->limits.discard_granularity);
1119 ret = ext4_trim_fs(sb, &range);
1120 if (ret < 0)
1121 return ret;
1122
1123 if (copy_to_user((struct fstrim_range __user *)arg, &range,
1124 sizeof(range)))
1125 return -EFAULT;
1126
1127 return 0;
1128 }
1129 case EXT4_IOC_PRECACHE_EXTENTS:
1130 return ext4_ext_precache(inode);
1131
1132 case FS_IOC_SET_ENCRYPTION_POLICY:
1133 if (!ext4_has_feature_encrypt(sb))
1134 return -EOPNOTSUPP;
1135 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1136
1137 case FS_IOC_GET_ENCRYPTION_PWSALT: {
1138#ifdef CONFIG_FS_ENCRYPTION
1139 int err, err2;
1140 struct ext4_sb_info *sbi = EXT4_SB(sb);
1141 handle_t *handle;
1142
1143 if (!ext4_has_feature_encrypt(sb))
1144 return -EOPNOTSUPP;
1145 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
1146 err = mnt_want_write_file(filp);
1147 if (err)
1148 return err;
1149 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
1150 if (IS_ERR(handle)) {
1151 err = PTR_ERR(handle);
1152 goto pwsalt_err_exit;
1153 }
1154 err = ext4_journal_get_write_access(handle, sbi->s_sbh);
1155 if (err)
1156 goto pwsalt_err_journal;
1157 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
1158 err = ext4_handle_dirty_metadata(handle, NULL,
1159 sbi->s_sbh);
1160 pwsalt_err_journal:
1161 err2 = ext4_journal_stop(handle);
1162 if (err2 && !err)
1163 err = err2;
1164 pwsalt_err_exit:
1165 mnt_drop_write_file(filp);
1166 if (err)
1167 return err;
1168 }
1169 if (copy_to_user((void __user *) arg,
1170 sbi->s_es->s_encrypt_pw_salt, 16))
1171 return -EFAULT;
1172 return 0;
1173#else
1174 return -EOPNOTSUPP;
1175#endif
1176 }
1177 case FS_IOC_GET_ENCRYPTION_POLICY:
1178 if (!ext4_has_feature_encrypt(sb))
1179 return -EOPNOTSUPP;
1180 return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1181
1182 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1183 if (!ext4_has_feature_encrypt(sb))
1184 return -EOPNOTSUPP;
1185 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg);
1186
1187 case FS_IOC_ADD_ENCRYPTION_KEY:
1188 if (!ext4_has_feature_encrypt(sb))
1189 return -EOPNOTSUPP;
1190 return fscrypt_ioctl_add_key(filp, (void __user *)arg);
1191
1192 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1193 if (!ext4_has_feature_encrypt(sb))
1194 return -EOPNOTSUPP;
1195 return fscrypt_ioctl_remove_key(filp, (void __user *)arg);
1196
1197 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1198 if (!ext4_has_feature_encrypt(sb))
1199 return -EOPNOTSUPP;
1200 return fscrypt_ioctl_remove_key_all_users(filp,
1201 (void __user *)arg);
1202 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1203 if (!ext4_has_feature_encrypt(sb))
1204 return -EOPNOTSUPP;
1205 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg);
1206
1207 case FS_IOC_GET_ENCRYPTION_NONCE:
1208 if (!ext4_has_feature_encrypt(sb))
1209 return -EOPNOTSUPP;
1210 return fscrypt_ioctl_get_nonce(filp, (void __user *)arg);
1211
1212 case EXT4_IOC_CLEAR_ES_CACHE:
1213 {
1214 if (!inode_owner_or_capable(inode))
1215 return -EACCES;
1216 ext4_clear_inode_es(inode);
1217 return 0;
1218 }
1219
1220 case EXT4_IOC_GETSTATE:
1221 {
1222 __u32 state = 0;
1223
1224 if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED))
1225 state |= EXT4_STATE_FLAG_EXT_PRECACHED;
1226 if (ext4_test_inode_state(inode, EXT4_STATE_NEW))
1227 state |= EXT4_STATE_FLAG_NEW;
1228 if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
1229 state |= EXT4_STATE_FLAG_NEWENTRY;
1230 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE))
1231 state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE;
1232
1233 return put_user(state, (__u32 __user *) arg);
1234 }
1235
1236 case EXT4_IOC_GET_ES_CACHE:
1237 return ext4_ioctl_get_es_cache(filp, arg);
1238
1239 case FS_IOC_FSGETXATTR:
1240 {
1241 struct fsxattr fa;
1242
1243 ext4_fill_fsxattr(inode, &fa);
1244
1245 if (copy_to_user((struct fsxattr __user *)arg,
1246 &fa, sizeof(fa)))
1247 return -EFAULT;
1248 return 0;
1249 }
1250 case FS_IOC_FSSETXATTR:
1251 {
1252 struct fsxattr fa, old_fa;
1253 int err;
1254
1255 if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1256 sizeof(fa)))
1257 return -EFAULT;
1258
1259 /* Make sure caller has proper permission */
1260 if (!inode_owner_or_capable(inode))
1261 return -EACCES;
1262
1263 if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1264 return -EOPNOTSUPP;
1265
1266 flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1267 if (ext4_mask_flags(inode->i_mode, flags) != flags)
1268 return -EOPNOTSUPP;
1269
1270 err = mnt_want_write_file(filp);
1271 if (err)
1272 return err;
1273
1274 inode_lock(inode);
1275 ext4_fill_fsxattr(inode, &old_fa);
1276 err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa);
1277 if (err)
1278 goto out;
1279 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1280 (flags & EXT4_FL_XFLAG_VISIBLE);
1281 err = ext4_ioctl_check_immutable(inode, fa.fsx_projid, flags);
1282 if (err)
1283 goto out;
1284 err = ext4_ioctl_setflags(inode, flags);
1285 if (err)
1286 goto out;
1287 err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1288out:
1289 inode_unlock(inode);
1290 mnt_drop_write_file(filp);
1291 return err;
1292 }
1293 case EXT4_IOC_SHUTDOWN:
1294 return ext4_shutdown(sb, arg);
1295
1296 case FS_IOC_ENABLE_VERITY:
1297 if (!ext4_has_feature_verity(sb))
1298 return -EOPNOTSUPP;
1299 return fsverity_ioctl_enable(filp, (const void __user *)arg);
1300
1301 case FS_IOC_MEASURE_VERITY:
1302 if (!ext4_has_feature_verity(sb))
1303 return -EOPNOTSUPP;
1304 return fsverity_ioctl_measure(filp, (void __user *)arg);
1305
1306 default:
1307 return -ENOTTY;
1308 }
1309}
1310
1311#ifdef CONFIG_COMPAT
1312long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1313{
1314 /* These are just misnamed, they actually get/put from/to user an int */
1315 switch (cmd) {
1316 case FS_IOC32_GETFLAGS:
1317 cmd = FS_IOC_GETFLAGS;
1318 break;
1319 case FS_IOC32_SETFLAGS:
1320 cmd = FS_IOC_SETFLAGS;
1321 break;
1322 case EXT4_IOC32_GETVERSION:
1323 cmd = EXT4_IOC_GETVERSION;
1324 break;
1325 case EXT4_IOC32_SETVERSION:
1326 cmd = EXT4_IOC_SETVERSION;
1327 break;
1328 case EXT4_IOC32_GROUP_EXTEND:
1329 cmd = EXT4_IOC_GROUP_EXTEND;
1330 break;
1331 case EXT4_IOC32_GETVERSION_OLD:
1332 cmd = EXT4_IOC_GETVERSION_OLD;
1333 break;
1334 case EXT4_IOC32_SETVERSION_OLD:
1335 cmd = EXT4_IOC_SETVERSION_OLD;
1336 break;
1337 case EXT4_IOC32_GETRSVSZ:
1338 cmd = EXT4_IOC_GETRSVSZ;
1339 break;
1340 case EXT4_IOC32_SETRSVSZ:
1341 cmd = EXT4_IOC_SETRSVSZ;
1342 break;
1343 case EXT4_IOC32_GROUP_ADD: {
1344 struct compat_ext4_new_group_input __user *uinput;
1345 struct ext4_new_group_data input;
1346 int err;
1347
1348 uinput = compat_ptr(arg);
1349 err = get_user(input.group, &uinput->group);
1350 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1351 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1352 err |= get_user(input.inode_table, &uinput->inode_table);
1353 err |= get_user(input.blocks_count, &uinput->blocks_count);
1354 err |= get_user(input.reserved_blocks,
1355 &uinput->reserved_blocks);
1356 if (err)
1357 return -EFAULT;
1358 return ext4_ioctl_group_add(file, &input);
1359 }
1360 case EXT4_IOC_MOVE_EXT:
1361 case EXT4_IOC_RESIZE_FS:
1362 case FITRIM:
1363 case EXT4_IOC_PRECACHE_EXTENTS:
1364 case FS_IOC_SET_ENCRYPTION_POLICY:
1365 case FS_IOC_GET_ENCRYPTION_PWSALT:
1366 case FS_IOC_GET_ENCRYPTION_POLICY:
1367 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1368 case FS_IOC_ADD_ENCRYPTION_KEY:
1369 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1370 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1371 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1372 case FS_IOC_GET_ENCRYPTION_NONCE:
1373 case EXT4_IOC_SHUTDOWN:
1374 case FS_IOC_GETFSMAP:
1375 case FS_IOC_ENABLE_VERITY:
1376 case FS_IOC_MEASURE_VERITY:
1377 case EXT4_IOC_CLEAR_ES_CACHE:
1378 case EXT4_IOC_GETSTATE:
1379 case EXT4_IOC_GET_ES_CACHE:
1380 case FS_IOC_FSGETXATTR:
1381 case FS_IOC_FSSETXATTR:
1382 break;
1383 default:
1384 return -ENOIOCTLCMD;
1385 }
1386 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1387}
1388#endif