1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * linux/fs/ext4/ioctl.c
4 *
5 * Copyright (C) 1993, 1994, 1995
6 * Remy Card (card@masi.ibp.fr)
7 * Laboratoire MASI - Institut Blaise Pascal
8 * Universite Pierre et Marie Curie (Paris VI)
9 */
10
11 #include <linux/fs.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <linux/quotaops.h>
18 #include <linux/random.h>
19 #include <linux/uaccess.h>
20 #include <linux/delay.h>
21 #include <linux/iversion.h>
22 #include <linux/fileattr.h>
23 #include <linux/uuid.h>
24 #include "ext4_jbd2.h"
25 #include "ext4.h"
26 #include <linux/fsmap.h>
27 #include "fsmap.h"
28 #include <trace/events/ext4.h>
29
30 typedef void ext4_update_sb_callback(struct ext4_super_block *es,
31 const void *arg);
32
33 /*
34 * Superblock modification callback function for changing file system
35 * label
36 */
ext4_sb_setlabel(struct ext4_super_block * es,const void * arg)37 static void ext4_sb_setlabel(struct ext4_super_block *es, const void *arg)
38 {
39 /* Sanity check, this should never happen */
40 BUILD_BUG_ON(sizeof(es->s_volume_name) < EXT4_LABEL_MAX);
41
42 memcpy(es->s_volume_name, (char *)arg, EXT4_LABEL_MAX);
43 }
44
45 /*
46 * Superblock modification callback function for changing file system
47 * UUID.
48 */
ext4_sb_setuuid(struct ext4_super_block * es,const void * arg)49 static void ext4_sb_setuuid(struct ext4_super_block *es, const void *arg)
50 {
51 memcpy(es->s_uuid, (__u8 *)arg, UUID_SIZE);
52 }
53
54 static
ext4_update_primary_sb(struct super_block * sb,handle_t * handle,ext4_update_sb_callback func,const void * arg)55 int ext4_update_primary_sb(struct super_block *sb, handle_t *handle,
56 ext4_update_sb_callback func,
57 const void *arg)
58 {
59 int err = 0;
60 struct ext4_sb_info *sbi = EXT4_SB(sb);
61 struct buffer_head *bh = sbi->s_sbh;
62 struct ext4_super_block *es = sbi->s_es;
63
64 trace_ext4_update_sb(sb, bh->b_blocknr, 1);
65
66 BUFFER_TRACE(bh, "get_write_access");
67 err = ext4_journal_get_write_access(handle, sb,
68 bh,
69 EXT4_JTR_NONE);
70 if (err)
71 goto out_err;
72
73 lock_buffer(bh);
74 func(es, arg);
75 ext4_superblock_csum_set(sb);
76 unlock_buffer(bh);
77
78 if (buffer_write_io_error(bh) || !buffer_uptodate(bh)) {
79 ext4_msg(sbi->s_sb, KERN_ERR, "previous I/O error to "
80 "superblock detected");
81 clear_buffer_write_io_error(bh);
82 set_buffer_uptodate(bh);
83 }
84
85 err = ext4_handle_dirty_metadata(handle, NULL, bh);
86 if (err)
87 goto out_err;
88 err = sync_dirty_buffer(bh);
89 out_err:
90 ext4_std_error(sb, err);
91 return err;
92 }
93
94 /*
95 * Update one backup superblock in the group 'grp' using the callback
96 * function 'func' and argument 'arg'. If the handle is NULL the
97 * modification is not journalled.
98 *
99 * Returns: 0 when no modification was done (no superblock in the group)
100 * 1 when the modification was successful
101 * <0 on error
102 */
ext4_update_backup_sb(struct super_block * sb,handle_t * handle,ext4_group_t grp,ext4_update_sb_callback func,const void * arg)103 static int ext4_update_backup_sb(struct super_block *sb,
104 handle_t *handle, ext4_group_t grp,
105 ext4_update_sb_callback func, const void *arg)
106 {
107 int err = 0;
108 ext4_fsblk_t sb_block;
109 struct buffer_head *bh;
110 unsigned long offset = 0;
111 struct ext4_super_block *es;
112
113 if (!ext4_bg_has_super(sb, grp))
114 return 0;
115
116 /*
117 * For the group 0 there is always 1k padding, so we have
118 * either adjust offset, or sb_block depending on blocksize
119 */
120 if (grp == 0) {
121 sb_block = 1 * EXT4_MIN_BLOCK_SIZE;
122 offset = do_div(sb_block, sb->s_blocksize);
123 } else {
124 sb_block = ext4_group_first_block_no(sb, grp);
125 offset = 0;
126 }
127
128 trace_ext4_update_sb(sb, sb_block, handle ? 1 : 0);
129
130 bh = ext4_sb_bread(sb, sb_block, 0);
131 if (IS_ERR(bh))
132 return PTR_ERR(bh);
133
134 if (handle) {
135 BUFFER_TRACE(bh, "get_write_access");
136 err = ext4_journal_get_write_access(handle, sb,
137 bh,
138 EXT4_JTR_NONE);
139 if (err)
140 goto out_bh;
141 }
142
143 es = (struct ext4_super_block *) (bh->b_data + offset);
144 lock_buffer(bh);
145 if (ext4_has_metadata_csum(sb) &&
146 es->s_checksum != ext4_superblock_csum(sb, es)) {
147 ext4_msg(sb, KERN_ERR, "Invalid checksum for backup "
148 "superblock %llu", sb_block);
149 unlock_buffer(bh);
150 goto out_bh;
151 }
152 func(es, arg);
153 if (ext4_has_metadata_csum(sb))
154 es->s_checksum = ext4_superblock_csum(sb, es);
155 set_buffer_uptodate(bh);
156 unlock_buffer(bh);
157
158 if (handle) {
159 err = ext4_handle_dirty_metadata(handle, NULL, bh);
160 if (err)
161 goto out_bh;
162 } else {
163 BUFFER_TRACE(bh, "marking dirty");
164 mark_buffer_dirty(bh);
165 }
166 err = sync_dirty_buffer(bh);
167
168 out_bh:
169 brelse(bh);
170 ext4_std_error(sb, err);
171 return (err) ? err : 1;
172 }
173
174 /*
175 * Update primary and backup superblocks using the provided function
176 * func and argument arg.
177 *
178 * Only the primary superblock and at most two backup superblock
179 * modifications are journalled; the rest is modified without journal.
180 * This is safe because e2fsck will re-write them if there is a problem,
181 * and we're very unlikely to ever need more than two backups.
182 */
183 static
ext4_update_superblocks_fn(struct super_block * sb,ext4_update_sb_callback func,const void * arg)184 int ext4_update_superblocks_fn(struct super_block *sb,
185 ext4_update_sb_callback func,
186 const void *arg)
187 {
188 handle_t *handle;
189 ext4_group_t ngroups;
190 unsigned int three = 1;
191 unsigned int five = 5;
192 unsigned int seven = 7;
193 int err = 0, ret, i;
194 ext4_group_t grp, primary_grp;
195 struct ext4_sb_info *sbi = EXT4_SB(sb);
196
197 /*
198 * We can't update superblocks while the online resize is running
199 */
200 if (test_and_set_bit_lock(EXT4_FLAGS_RESIZING,
201 &sbi->s_ext4_flags)) {
202 ext4_msg(sb, KERN_ERR, "Can't modify superblock while"
203 "performing online resize");
204 return -EBUSY;
205 }
206
207 /*
208 * We're only going to update primary superblock and two
209 * backup superblocks in this transaction.
210 */
211 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 3);
212 if (IS_ERR(handle)) {
213 err = PTR_ERR(handle);
214 goto out;
215 }
216
217 /* Update primary superblock */
218 err = ext4_update_primary_sb(sb, handle, func, arg);
219 if (err) {
220 ext4_msg(sb, KERN_ERR, "Failed to update primary "
221 "superblock");
222 goto out_journal;
223 }
224
225 primary_grp = ext4_get_group_number(sb, sbi->s_sbh->b_blocknr);
226 ngroups = ext4_get_groups_count(sb);
227
228 /*
229 * Update backup superblocks. We have to start from group 0
230 * because it might not be where the primary superblock is
231 * if the fs is mounted with -o sb=<backup_sb_block>
232 */
233 i = 0;
234 grp = 0;
235 while (grp < ngroups) {
236 /* Skip primary superblock */
237 if (grp == primary_grp)
238 goto next_grp;
239
240 ret = ext4_update_backup_sb(sb, handle, grp, func, arg);
241 if (ret < 0) {
242 /* Ignore bad checksum; try to update next sb */
243 if (ret == -EFSBADCRC)
244 goto next_grp;
245 err = ret;
246 goto out_journal;
247 }
248
249 i += ret;
250 if (handle && i > 1) {
251 /*
252 * We're only journalling primary superblock and
253 * two backup superblocks; the rest is not
254 * journalled.
255 */
256 err = ext4_journal_stop(handle);
257 if (err)
258 goto out;
259 handle = NULL;
260 }
261 next_grp:
262 grp = ext4_list_backups(sb, &three, &five, &seven);
263 }
264
265 out_journal:
266 if (handle) {
267 ret = ext4_journal_stop(handle);
268 if (ret && !err)
269 err = ret;
270 }
271 out:
272 clear_bit_unlock(EXT4_FLAGS_RESIZING, &sbi->s_ext4_flags);
273 smp_mb__after_atomic();
274 return err ? err : 0;
275 }
276
277 /*
278 * Swap memory between @a and @b for @len bytes.
279 *
280 * @a: pointer to first memory area
281 * @b: pointer to second memory area
282 * @len: number of bytes to swap
283 *
284 */
memswap(void * a,void * b,size_t len)285 static void memswap(void *a, void *b, size_t len)
286 {
287 unsigned char *ap, *bp;
288
289 ap = (unsigned char *)a;
290 bp = (unsigned char *)b;
291 while (len-- > 0) {
292 swap(*ap, *bp);
293 ap++;
294 bp++;
295 }
296 }
297
298 /*
299 * Swap i_data and associated attributes between @inode1 and @inode2.
300 * This function is used for the primary swap between inode1 and inode2
301 * and also to revert this primary swap in case of errors.
302 *
303 * Therefore you have to make sure, that calling this method twice
304 * will revert all changes.
305 *
306 * @inode1: pointer to first inode
307 * @inode2: pointer to second inode
308 */
swap_inode_data(struct inode * inode1,struct inode * inode2)309 static void swap_inode_data(struct inode *inode1, struct inode *inode2)
310 {
311 loff_t isize;
312 struct ext4_inode_info *ei1;
313 struct ext4_inode_info *ei2;
314 unsigned long tmp;
315 struct timespec64 ts1, ts2;
316
317 ei1 = EXT4_I(inode1);
318 ei2 = EXT4_I(inode2);
319
320 swap(inode1->i_version, inode2->i_version);
321
322 ts1 = inode_get_atime(inode1);
323 ts2 = inode_get_atime(inode2);
324 inode_set_atime_to_ts(inode1, ts2);
325 inode_set_atime_to_ts(inode2, ts1);
326
327 ts1 = inode_get_mtime(inode1);
328 ts2 = inode_get_mtime(inode2);
329 inode_set_mtime_to_ts(inode1, ts2);
330 inode_set_mtime_to_ts(inode2, ts1);
331
332 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
333 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
334 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
335 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
336 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
337 swap(ei1->i_disksize, ei2->i_disksize);
338 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
339 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
340
341 isize = i_size_read(inode1);
342 i_size_write(inode1, i_size_read(inode2));
343 i_size_write(inode2, isize);
344 }
345
ext4_reset_inode_seed(struct inode * inode)346 void ext4_reset_inode_seed(struct inode *inode)
347 {
348 struct ext4_inode_info *ei = EXT4_I(inode);
349 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
350 __le32 inum = cpu_to_le32(inode->i_ino);
351 __le32 gen = cpu_to_le32(inode->i_generation);
352 __u32 csum;
353
354 if (!ext4_has_metadata_csum(inode->i_sb))
355 return;
356
357 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
358 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
359 }
360
361 /*
362 * Swap the information from the given @inode and the inode
363 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
364 * important fields of the inodes.
365 *
366 * @sb: the super block of the filesystem
367 * @idmap: idmap of the mount the inode was found from
368 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
369 *
370 */
swap_inode_boot_loader(struct super_block * sb,struct mnt_idmap * idmap,struct inode * inode)371 static long swap_inode_boot_loader(struct super_block *sb,
372 struct mnt_idmap *idmap,
373 struct inode *inode)
374 {
375 handle_t *handle;
376 int err;
377 struct inode *inode_bl;
378 struct ext4_inode_info *ei_bl;
379 qsize_t size, size_bl, diff;
380 blkcnt_t blocks;
381 unsigned short bytes;
382
383 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO,
384 EXT4_IGET_SPECIAL | EXT4_IGET_BAD);
385 if (IS_ERR(inode_bl))
386 return PTR_ERR(inode_bl);
387 ei_bl = EXT4_I(inode_bl);
388
389 /* Protect orig inodes against a truncate and make sure,
390 * that only 1 swap_inode_boot_loader is running. */
391 lock_two_nondirectories(inode, inode_bl);
392
393 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
394 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
395 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
396 ext4_has_inline_data(inode)) {
397 err = -EINVAL;
398 goto journal_err_out;
399 }
400
401 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
402 !inode_owner_or_capable(idmap, inode) ||
403 !capable(CAP_SYS_ADMIN)) {
404 err = -EPERM;
405 goto journal_err_out;
406 }
407
408 filemap_invalidate_lock(inode->i_mapping);
409 err = filemap_write_and_wait(inode->i_mapping);
410 if (err)
411 goto err_out;
412
413 err = filemap_write_and_wait(inode_bl->i_mapping);
414 if (err)
415 goto err_out;
416
417 /* Wait for all existing dio workers */
418 inode_dio_wait(inode);
419 inode_dio_wait(inode_bl);
420
421 truncate_inode_pages(&inode->i_data, 0);
422 truncate_inode_pages(&inode_bl->i_data, 0);
423
424 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
425 if (IS_ERR(handle)) {
426 err = -EINVAL;
427 goto err_out;
428 }
429 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_SWAP_BOOT, handle);
430
431 /* Protect extent tree against block allocations via delalloc */
432 ext4_double_down_write_data_sem(inode, inode_bl);
433
434 if (is_bad_inode(inode_bl) || !S_ISREG(inode_bl->i_mode)) {
435 /* this inode has never been used as a BOOT_LOADER */
436 set_nlink(inode_bl, 1);
437 i_uid_write(inode_bl, 0);
438 i_gid_write(inode_bl, 0);
439 inode_bl->i_flags = 0;
440 ei_bl->i_flags = 0;
441 inode_set_iversion(inode_bl, 1);
442 i_size_write(inode_bl, 0);
443 EXT4_I(inode_bl)->i_disksize = inode_bl->i_size;
444 inode_bl->i_mode = S_IFREG;
445 if (ext4_has_feature_extents(sb)) {
446 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
447 ext4_ext_tree_init(handle, inode_bl);
448 } else
449 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
450 }
451
452 err = dquot_initialize(inode);
453 if (err)
454 goto err_out1;
455
456 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
457 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
458 diff = size - size_bl;
459 swap_inode_data(inode, inode_bl);
460
461 inode_set_ctime_current(inode);
462 inode_set_ctime_current(inode_bl);
463 inode_inc_iversion(inode);
464
465 inode->i_generation = get_random_u32();
466 inode_bl->i_generation = get_random_u32();
467 ext4_reset_inode_seed(inode);
468 ext4_reset_inode_seed(inode_bl);
469
470 ext4_discard_preallocations(inode);
471
472 err = ext4_mark_inode_dirty(handle, inode);
473 if (err < 0) {
474 /* No need to update quota information. */
475 ext4_warning(inode->i_sb,
476 "couldn't mark inode #%lu dirty (err %d)",
477 inode->i_ino, err);
478 /* Revert all changes: */
479 swap_inode_data(inode, inode_bl);
480 ext4_mark_inode_dirty(handle, inode);
481 goto err_out1;
482 }
483
484 blocks = inode_bl->i_blocks;
485 bytes = inode_bl->i_bytes;
486 inode_bl->i_blocks = inode->i_blocks;
487 inode_bl->i_bytes = inode->i_bytes;
488 err = ext4_mark_inode_dirty(handle, inode_bl);
489 if (err < 0) {
490 /* No need to update quota information. */
491 ext4_warning(inode_bl->i_sb,
492 "couldn't mark inode #%lu dirty (err %d)",
493 inode_bl->i_ino, err);
494 goto revert;
495 }
496
497 /* Bootloader inode should not be counted into quota information. */
498 if (diff > 0)
499 dquot_free_space(inode, diff);
500 else
501 err = dquot_alloc_space(inode, -1 * diff);
502
503 if (err < 0) {
504 revert:
505 /* Revert all changes: */
506 inode_bl->i_blocks = blocks;
507 inode_bl->i_bytes = bytes;
508 swap_inode_data(inode, inode_bl);
509 ext4_mark_inode_dirty(handle, inode);
510 ext4_mark_inode_dirty(handle, inode_bl);
511 }
512
513 err_out1:
514 ext4_journal_stop(handle);
515 ext4_double_up_write_data_sem(inode, inode_bl);
516
517 err_out:
518 filemap_invalidate_unlock(inode->i_mapping);
519 journal_err_out:
520 unlock_two_nondirectories(inode, inode_bl);
521 iput(inode_bl);
522 return err;
523 }
524
525 /*
526 * If immutable is set and we are not clearing it, we're not allowed to change
527 * anything else in the inode. Don't error out if we're only trying to set
528 * immutable on an immutable file.
529 */
ext4_ioctl_check_immutable(struct inode * inode,__u32 new_projid,unsigned int flags)530 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
531 unsigned int flags)
532 {
533 struct ext4_inode_info *ei = EXT4_I(inode);
534 unsigned int oldflags = ei->i_flags;
535
536 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
537 return 0;
538
539 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
540 return -EPERM;
541 if (ext4_has_feature_project(inode->i_sb) &&
542 __kprojid_val(ei->i_projid) != new_projid)
543 return -EPERM;
544
545 return 0;
546 }
547
ext4_dax_dontcache(struct inode * inode,unsigned int flags)548 static void ext4_dax_dontcache(struct inode *inode, unsigned int flags)
549 {
550 struct ext4_inode_info *ei = EXT4_I(inode);
551
552 if (S_ISDIR(inode->i_mode))
553 return;
554
555 if (test_opt2(inode->i_sb, DAX_NEVER) ||
556 test_opt(inode->i_sb, DAX_ALWAYS))
557 return;
558
559 if ((ei->i_flags ^ flags) & EXT4_DAX_FL)
560 d_mark_dontcache(inode);
561 }
562
dax_compatible(struct inode * inode,unsigned int oldflags,unsigned int flags)563 static bool dax_compatible(struct inode *inode, unsigned int oldflags,
564 unsigned int flags)
565 {
566 /* Allow the DAX flag to be changed on inline directories */
567 if (S_ISDIR(inode->i_mode)) {
568 flags &= ~EXT4_INLINE_DATA_FL;
569 oldflags &= ~EXT4_INLINE_DATA_FL;
570 }
571
572 if (flags & EXT4_DAX_FL) {
573 if ((oldflags & EXT4_DAX_MUT_EXCL) ||
574 ext4_test_inode_state(inode,
575 EXT4_STATE_VERITY_IN_PROGRESS)) {
576 return false;
577 }
578 }
579
580 if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL))
581 return false;
582
583 return true;
584 }
585
ext4_ioctl_setflags(struct inode * inode,unsigned int flags)586 static int ext4_ioctl_setflags(struct inode *inode,
587 unsigned int flags)
588 {
589 struct ext4_inode_info *ei = EXT4_I(inode);
590 handle_t *handle = NULL;
591 int err = -EPERM, migrate = 0;
592 struct ext4_iloc iloc;
593 unsigned int oldflags, mask, i;
594 struct super_block *sb = inode->i_sb;
595
596 /* Is it quota file? Do not allow user to mess with it */
597 if (ext4_is_quota_file(inode))
598 goto flags_out;
599
600 oldflags = ei->i_flags;
601 /*
602 * The JOURNAL_DATA flag can only be changed by
603 * the relevant capability.
604 */
605 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
606 if (!capable(CAP_SYS_RESOURCE))
607 goto flags_out;
608 }
609
610 if (!dax_compatible(inode, oldflags, flags)) {
611 err = -EOPNOTSUPP;
612 goto flags_out;
613 }
614
615 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
616 migrate = 1;
617
618 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) {
619 if (!ext4_has_feature_casefold(sb)) {
620 err = -EOPNOTSUPP;
621 goto flags_out;
622 }
623
624 if (!S_ISDIR(inode->i_mode)) {
625 err = -ENOTDIR;
626 goto flags_out;
627 }
628
629 if (!ext4_empty_dir(inode)) {
630 err = -ENOTEMPTY;
631 goto flags_out;
632 }
633 }
634
635 /*
636 * Wait for all pending directio and then flush all the dirty pages
637 * for this file. The flush marks all the pages readonly, so any
638 * subsequent attempt to write to the file (particularly mmap pages)
639 * will come through the filesystem and fail.
640 */
641 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
642 (flags & EXT4_IMMUTABLE_FL)) {
643 inode_dio_wait(inode);
644 err = filemap_write_and_wait(inode->i_mapping);
645 if (err)
646 goto flags_out;
647 }
648
649 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
650 if (IS_ERR(handle)) {
651 err = PTR_ERR(handle);
652 goto flags_out;
653 }
654 if (IS_SYNC(inode))
655 ext4_handle_sync(handle);
656 err = ext4_reserve_inode_write(handle, inode, &iloc);
657 if (err)
658 goto flags_err;
659
660 ext4_dax_dontcache(inode, flags);
661
662 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
663 if (!(mask & EXT4_FL_USER_MODIFIABLE))
664 continue;
665 /* These flags get special treatment later */
666 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
667 continue;
668 if (mask & flags)
669 ext4_set_inode_flag(inode, i);
670 else
671 ext4_clear_inode_flag(inode, i);
672 }
673
674 ext4_set_inode_flags(inode, false);
675
676 inode_set_ctime_current(inode);
677 inode_inc_iversion(inode);
678
679 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
680 flags_err:
681 ext4_journal_stop(handle);
682 if (err)
683 goto flags_out;
684
685 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
686 /*
687 * Changes to the journaling mode can cause unsafe changes to
688 * S_DAX if the inode is DAX
689 */
690 if (IS_DAX(inode)) {
691 err = -EBUSY;
692 goto flags_out;
693 }
694
695 err = ext4_change_inode_journal_flag(inode,
696 flags & EXT4_JOURNAL_DATA_FL);
697 if (err)
698 goto flags_out;
699 }
700 if (migrate) {
701 if (flags & EXT4_EXTENTS_FL)
702 err = ext4_ext_migrate(inode);
703 else
704 err = ext4_ind_migrate(inode);
705 }
706
707 flags_out:
708 return err;
709 }
710
711 #ifdef CONFIG_QUOTA
ext4_ioctl_setproject(struct inode * inode,__u32 projid)712 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
713 {
714 struct super_block *sb = inode->i_sb;
715 struct ext4_inode_info *ei = EXT4_I(inode);
716 int err, rc;
717 handle_t *handle;
718 kprojid_t kprojid;
719 struct ext4_iloc iloc;
720 struct ext4_inode *raw_inode;
721 struct dquot *transfer_to[MAXQUOTAS] = { };
722
723 if (!ext4_has_feature_project(sb)) {
724 if (projid != EXT4_DEF_PROJID)
725 return -EOPNOTSUPP;
726 else
727 return 0;
728 }
729
730 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
731 return -EOPNOTSUPP;
732
733 kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
734
735 if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
736 return 0;
737
738 err = -EPERM;
739 /* Is it quota file? Do not allow user to mess with it */
740 if (ext4_is_quota_file(inode))
741 return err;
742
743 err = dquot_initialize(inode);
744 if (err)
745 return err;
746
747 err = ext4_get_inode_loc(inode, &iloc);
748 if (err)
749 return err;
750
751 raw_inode = ext4_raw_inode(&iloc);
752 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
753 err = ext4_expand_extra_isize(inode,
754 EXT4_SB(sb)->s_want_extra_isize,
755 &iloc);
756 if (err)
757 return err;
758 } else {
759 brelse(iloc.bh);
760 }
761
762 handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
763 EXT4_QUOTA_INIT_BLOCKS(sb) +
764 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
765 if (IS_ERR(handle))
766 return PTR_ERR(handle);
767
768 err = ext4_reserve_inode_write(handle, inode, &iloc);
769 if (err)
770 goto out_stop;
771
772 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
773 if (!IS_ERR(transfer_to[PRJQUOTA])) {
774
775 /* __dquot_transfer() calls back ext4_get_inode_usage() which
776 * counts xattr inode references.
777 */
778 down_read(&EXT4_I(inode)->xattr_sem);
779 err = __dquot_transfer(inode, transfer_to);
780 up_read(&EXT4_I(inode)->xattr_sem);
781 dqput(transfer_to[PRJQUOTA]);
782 if (err)
783 goto out_dirty;
784 }
785
786 EXT4_I(inode)->i_projid = kprojid;
787 inode_set_ctime_current(inode);
788 inode_inc_iversion(inode);
789 out_dirty:
790 rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
791 if (!err)
792 err = rc;
793 out_stop:
794 ext4_journal_stop(handle);
795 return err;
796 }
797 #else
ext4_ioctl_setproject(struct inode * inode,__u32 projid)798 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
799 {
800 if (projid != EXT4_DEF_PROJID)
801 return -EOPNOTSUPP;
802 return 0;
803 }
804 #endif
805
ext4_force_shutdown(struct super_block * sb,u32 flags)806 int ext4_force_shutdown(struct super_block *sb, u32 flags)
807 {
808 struct ext4_sb_info *sbi = EXT4_SB(sb);
809 int ret;
810
811 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
812 return -EINVAL;
813
814 if (ext4_forced_shutdown(sb))
815 return 0;
816
817 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
818 trace_ext4_shutdown(sb, flags);
819
820 switch (flags) {
821 case EXT4_GOING_FLAGS_DEFAULT:
822 ret = bdev_freeze(sb->s_bdev);
823 if (ret)
824 return ret;
825 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
826 bdev_thaw(sb->s_bdev);
827 break;
828 case EXT4_GOING_FLAGS_LOGFLUSH:
829 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
830 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
831 (void) ext4_force_commit(sb);
832 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
833 }
834 break;
835 case EXT4_GOING_FLAGS_NOLOGFLUSH:
836 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
837 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
838 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
839 break;
840 default:
841 return -EINVAL;
842 }
843 clear_opt(sb, DISCARD);
844 return 0;
845 }
846
ext4_ioctl_shutdown(struct super_block * sb,unsigned long arg)847 static int ext4_ioctl_shutdown(struct super_block *sb, unsigned long arg)
848 {
849 u32 flags;
850
851 if (!capable(CAP_SYS_ADMIN))
852 return -EPERM;
853
854 if (get_user(flags, (__u32 __user *)arg))
855 return -EFAULT;
856
857 return ext4_force_shutdown(sb, flags);
858 }
859
860 struct getfsmap_info {
861 struct super_block *gi_sb;
862 struct fsmap_head __user *gi_data;
863 unsigned int gi_idx;
864 __u32 gi_last_flags;
865 };
866
ext4_getfsmap_format(struct ext4_fsmap * xfm,void * priv)867 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
868 {
869 struct getfsmap_info *info = priv;
870 struct fsmap fm;
871
872 trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
873
874 info->gi_last_flags = xfm->fmr_flags;
875 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
876 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
877 sizeof(struct fsmap)))
878 return -EFAULT;
879
880 return 0;
881 }
882
ext4_ioc_getfsmap(struct super_block * sb,struct fsmap_head __user * arg)883 static int ext4_ioc_getfsmap(struct super_block *sb,
884 struct fsmap_head __user *arg)
885 {
886 struct getfsmap_info info = { NULL };
887 struct ext4_fsmap_head xhead = {0};
888 struct fsmap_head head;
889 bool aborted = false;
890 int error;
891
892 if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
893 return -EFAULT;
894 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
895 memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
896 sizeof(head.fmh_keys[0].fmr_reserved)) ||
897 memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
898 sizeof(head.fmh_keys[1].fmr_reserved)))
899 return -EINVAL;
900 /*
901 * ext4 doesn't report file extents at all, so the only valid
902 * file offsets are the magic ones (all zeroes or all ones).
903 */
904 if (head.fmh_keys[0].fmr_offset ||
905 (head.fmh_keys[1].fmr_offset != 0 &&
906 head.fmh_keys[1].fmr_offset != -1ULL))
907 return -EINVAL;
908
909 xhead.fmh_iflags = head.fmh_iflags;
910 xhead.fmh_count = head.fmh_count;
911 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
912 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
913
914 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
915 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
916
917 info.gi_sb = sb;
918 info.gi_data = arg;
919 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
920 if (error == EXT4_QUERY_RANGE_ABORT)
921 aborted = true;
922 else if (error)
923 return error;
924
925 /* If we didn't abort, set the "last" flag in the last fmx */
926 if (!aborted && info.gi_idx) {
927 info.gi_last_flags |= FMR_OF_LAST;
928 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
929 &info.gi_last_flags,
930 sizeof(info.gi_last_flags)))
931 return -EFAULT;
932 }
933
934 /* copy back header */
935 head.fmh_entries = xhead.fmh_entries;
936 head.fmh_oflags = xhead.fmh_oflags;
937 if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
938 return -EFAULT;
939
940 return 0;
941 }
942
ext4_ioctl_group_add(struct file * file,struct ext4_new_group_data * input)943 static long ext4_ioctl_group_add(struct file *file,
944 struct ext4_new_group_data *input)
945 {
946 struct super_block *sb = file_inode(file)->i_sb;
947 int err, err2=0;
948
949 err = ext4_resize_begin(sb);
950 if (err)
951 return err;
952
953 if (ext4_has_feature_bigalloc(sb)) {
954 ext4_msg(sb, KERN_ERR,
955 "Online resizing not supported with bigalloc");
956 err = -EOPNOTSUPP;
957 goto group_add_out;
958 }
959
960 err = mnt_want_write_file(file);
961 if (err)
962 goto group_add_out;
963
964 err = ext4_group_add(sb, input);
965 if (EXT4_SB(sb)->s_journal) {
966 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
967 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
968 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
969 }
970 if (err == 0)
971 err = err2;
972 mnt_drop_write_file(file);
973 if (!err && ext4_has_group_desc_csum(sb) &&
974 test_opt(sb, INIT_INODE_TABLE))
975 err = ext4_register_li_request(sb, input->group);
976 group_add_out:
977 err2 = ext4_resize_end(sb, false);
978 if (err == 0)
979 err = err2;
980 return err;
981 }
982
ext4_fileattr_get(struct dentry * dentry,struct fileattr * fa)983 int ext4_fileattr_get(struct dentry *dentry, struct fileattr *fa)
984 {
985 struct inode *inode = d_inode(dentry);
986 struct ext4_inode_info *ei = EXT4_I(inode);
987 u32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
988
989 if (S_ISREG(inode->i_mode))
990 flags &= ~FS_PROJINHERIT_FL;
991
992 fileattr_fill_flags(fa, flags);
993 if (ext4_has_feature_project(inode->i_sb))
994 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid);
995
996 return 0;
997 }
998
ext4_fileattr_set(struct mnt_idmap * idmap,struct dentry * dentry,struct fileattr * fa)999 int ext4_fileattr_set(struct mnt_idmap *idmap,
1000 struct dentry *dentry, struct fileattr *fa)
1001 {
1002 struct inode *inode = d_inode(dentry);
1003 u32 flags = fa->flags;
1004 int err = -EOPNOTSUPP;
1005
1006 if (flags & ~EXT4_FL_USER_VISIBLE)
1007 goto out;
1008
1009 /*
1010 * chattr(1) grabs flags via GETFLAGS, modifies the result and
1011 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
1012 * more restrictive than just silently masking off visible but
1013 * not settable flags as we always did.
1014 */
1015 flags &= EXT4_FL_USER_MODIFIABLE;
1016 if (ext4_mask_flags(inode->i_mode, flags) != flags)
1017 goto out;
1018 err = ext4_ioctl_check_immutable(inode, fa->fsx_projid, flags);
1019 if (err)
1020 goto out;
1021 err = ext4_ioctl_setflags(inode, flags);
1022 if (err)
1023 goto out;
1024 err = ext4_ioctl_setproject(inode, fa->fsx_projid);
1025 out:
1026 return err;
1027 }
1028
1029 /* So that the fiemap access checks can't overflow on 32 bit machines. */
1030 #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent))
1031
ext4_ioctl_get_es_cache(struct file * filp,unsigned long arg)1032 static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg)
1033 {
1034 struct fiemap fiemap;
1035 struct fiemap __user *ufiemap = (struct fiemap __user *) arg;
1036 struct fiemap_extent_info fieinfo = { 0, };
1037 struct inode *inode = file_inode(filp);
1038 int error;
1039
1040 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap)))
1041 return -EFAULT;
1042
1043 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS)
1044 return -EINVAL;
1045
1046 fieinfo.fi_flags = fiemap.fm_flags;
1047 fieinfo.fi_extents_max = fiemap.fm_extent_count;
1048 fieinfo.fi_extents_start = ufiemap->fm_extents;
1049
1050 error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start,
1051 fiemap.fm_length);
1052 fiemap.fm_flags = fieinfo.fi_flags;
1053 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
1054 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap)))
1055 error = -EFAULT;
1056
1057 return error;
1058 }
1059
ext4_ioctl_checkpoint(struct file * filp,unsigned long arg)1060 static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg)
1061 {
1062 int err = 0;
1063 __u32 flags = 0;
1064 unsigned int flush_flags = 0;
1065 struct super_block *sb = file_inode(filp)->i_sb;
1066
1067 if (copy_from_user(&flags, (__u32 __user *)arg,
1068 sizeof(__u32)))
1069 return -EFAULT;
1070
1071 if (!capable(CAP_SYS_ADMIN))
1072 return -EPERM;
1073
1074 /* check for invalid bits set */
1075 if ((flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) ||
1076 ((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
1077 (flags & JBD2_JOURNAL_FLUSH_ZEROOUT)))
1078 return -EINVAL;
1079
1080 if (!EXT4_SB(sb)->s_journal)
1081 return -ENODEV;
1082
1083 if ((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
1084 !bdev_max_discard_sectors(EXT4_SB(sb)->s_journal->j_dev))
1085 return -EOPNOTSUPP;
1086
1087 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DRY_RUN)
1088 return 0;
1089
1090 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DISCARD)
1091 flush_flags |= JBD2_JOURNAL_FLUSH_DISCARD;
1092
1093 if (flags & EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT) {
1094 flush_flags |= JBD2_JOURNAL_FLUSH_ZEROOUT;
1095 pr_info_ratelimited("warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow");
1096 }
1097
1098 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1099 err = jbd2_journal_flush(EXT4_SB(sb)->s_journal, flush_flags);
1100 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1101
1102 return err;
1103 }
1104
ext4_ioctl_setlabel(struct file * filp,const char __user * user_label)1105 static int ext4_ioctl_setlabel(struct file *filp, const char __user *user_label)
1106 {
1107 size_t len;
1108 int ret = 0;
1109 char new_label[EXT4_LABEL_MAX + 1];
1110 struct super_block *sb = file_inode(filp)->i_sb;
1111
1112 if (!capable(CAP_SYS_ADMIN))
1113 return -EPERM;
1114
1115 /*
1116 * Copy the maximum length allowed for ext4 label with one more to
1117 * find the required terminating null byte in order to test the
1118 * label length. The on disk label doesn't need to be null terminated.
1119 */
1120 if (copy_from_user(new_label, user_label, EXT4_LABEL_MAX + 1))
1121 return -EFAULT;
1122
1123 len = strnlen(new_label, EXT4_LABEL_MAX + 1);
1124 if (len > EXT4_LABEL_MAX)
1125 return -EINVAL;
1126
1127 /*
1128 * Clear the buffer after the new label
1129 */
1130 memset(new_label + len, 0, EXT4_LABEL_MAX - len);
1131
1132 ret = mnt_want_write_file(filp);
1133 if (ret)
1134 return ret;
1135
1136 ret = ext4_update_superblocks_fn(sb, ext4_sb_setlabel, new_label);
1137
1138 mnt_drop_write_file(filp);
1139 return ret;
1140 }
1141
ext4_ioctl_getlabel(struct ext4_sb_info * sbi,char __user * user_label)1142 static int ext4_ioctl_getlabel(struct ext4_sb_info *sbi, char __user *user_label)
1143 {
1144 char label[EXT4_LABEL_MAX + 1];
1145
1146 /*
1147 * EXT4_LABEL_MAX must always be smaller than FSLABEL_MAX because
1148 * FSLABEL_MAX must include terminating null byte, while s_volume_name
1149 * does not have to.
1150 */
1151 BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX);
1152
1153 lock_buffer(sbi->s_sbh);
1154 memtostr_pad(label, sbi->s_es->s_volume_name);
1155 unlock_buffer(sbi->s_sbh);
1156
1157 if (copy_to_user(user_label, label, sizeof(label)))
1158 return -EFAULT;
1159 return 0;
1160 }
1161
ext4_ioctl_getuuid(struct ext4_sb_info * sbi,struct fsuuid __user * ufsuuid)1162 static int ext4_ioctl_getuuid(struct ext4_sb_info *sbi,
1163 struct fsuuid __user *ufsuuid)
1164 {
1165 struct fsuuid fsuuid;
1166 __u8 uuid[UUID_SIZE];
1167
1168 if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid)))
1169 return -EFAULT;
1170
1171 if (fsuuid.fsu_len == 0) {
1172 fsuuid.fsu_len = UUID_SIZE;
1173 if (copy_to_user(&ufsuuid->fsu_len, &fsuuid.fsu_len,
1174 sizeof(fsuuid.fsu_len)))
1175 return -EFAULT;
1176 return 0;
1177 }
1178
1179 if (fsuuid.fsu_len < UUID_SIZE || fsuuid.fsu_flags != 0)
1180 return -EINVAL;
1181
1182 lock_buffer(sbi->s_sbh);
1183 memcpy(uuid, sbi->s_es->s_uuid, UUID_SIZE);
1184 unlock_buffer(sbi->s_sbh);
1185
1186 fsuuid.fsu_len = UUID_SIZE;
1187 if (copy_to_user(ufsuuid, &fsuuid, sizeof(fsuuid)) ||
1188 copy_to_user(&ufsuuid->fsu_uuid[0], uuid, UUID_SIZE))
1189 return -EFAULT;
1190 return 0;
1191 }
1192
ext4_ioctl_setuuid(struct file * filp,const struct fsuuid __user * ufsuuid)1193 static int ext4_ioctl_setuuid(struct file *filp,
1194 const struct fsuuid __user *ufsuuid)
1195 {
1196 int ret = 0;
1197 struct super_block *sb = file_inode(filp)->i_sb;
1198 struct fsuuid fsuuid;
1199 __u8 uuid[UUID_SIZE];
1200
1201 if (!capable(CAP_SYS_ADMIN))
1202 return -EPERM;
1203
1204 /*
1205 * If any checksums (group descriptors or metadata) are being used
1206 * then the checksum seed feature is required to change the UUID.
1207 */
1208 if (((ext4_has_feature_gdt_csum(sb) || ext4_has_metadata_csum(sb))
1209 && !ext4_has_feature_csum_seed(sb))
1210 || ext4_has_feature_stable_inodes(sb))
1211 return -EOPNOTSUPP;
1212
1213 if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid)))
1214 return -EFAULT;
1215
1216 if (fsuuid.fsu_len != UUID_SIZE || fsuuid.fsu_flags != 0)
1217 return -EINVAL;
1218
1219 if (copy_from_user(uuid, &ufsuuid->fsu_uuid[0], UUID_SIZE))
1220 return -EFAULT;
1221
1222 ret = mnt_want_write_file(filp);
1223 if (ret)
1224 return ret;
1225
1226 ret = ext4_update_superblocks_fn(sb, ext4_sb_setuuid, &uuid);
1227 mnt_drop_write_file(filp);
1228
1229 return ret;
1230 }
1231
__ext4_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)1232 static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1233 {
1234 struct inode *inode = file_inode(filp);
1235 struct super_block *sb = inode->i_sb;
1236 struct mnt_idmap *idmap = file_mnt_idmap(filp);
1237
1238 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
1239
1240 switch (cmd) {
1241 case FS_IOC_GETFSMAP:
1242 return ext4_ioc_getfsmap(sb, (void __user *)arg);
1243 case EXT4_IOC_GETVERSION:
1244 case EXT4_IOC_GETVERSION_OLD:
1245 return put_user(inode->i_generation, (int __user *) arg);
1246 case EXT4_IOC_SETVERSION:
1247 case EXT4_IOC_SETVERSION_OLD: {
1248 handle_t *handle;
1249 struct ext4_iloc iloc;
1250 __u32 generation;
1251 int err;
1252
1253 if (!inode_owner_or_capable(idmap, inode))
1254 return -EPERM;
1255
1256 if (ext4_has_metadata_csum(inode->i_sb)) {
1257 ext4_warning(sb, "Setting inode version is not "
1258 "supported with metadata_csum enabled.");
1259 return -ENOTTY;
1260 }
1261
1262 err = mnt_want_write_file(filp);
1263 if (err)
1264 return err;
1265 if (get_user(generation, (int __user *) arg)) {
1266 err = -EFAULT;
1267 goto setversion_out;
1268 }
1269
1270 inode_lock(inode);
1271 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
1272 if (IS_ERR(handle)) {
1273 err = PTR_ERR(handle);
1274 goto unlock_out;
1275 }
1276 err = ext4_reserve_inode_write(handle, inode, &iloc);
1277 if (err == 0) {
1278 inode_set_ctime_current(inode);
1279 inode_inc_iversion(inode);
1280 inode->i_generation = generation;
1281 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
1282 }
1283 ext4_journal_stop(handle);
1284
1285 unlock_out:
1286 inode_unlock(inode);
1287 setversion_out:
1288 mnt_drop_write_file(filp);
1289 return err;
1290 }
1291 case EXT4_IOC_GROUP_EXTEND: {
1292 ext4_fsblk_t n_blocks_count;
1293 int err, err2=0;
1294
1295 err = ext4_resize_begin(sb);
1296 if (err)
1297 return err;
1298
1299 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
1300 err = -EFAULT;
1301 goto group_extend_out;
1302 }
1303
1304 if (ext4_has_feature_bigalloc(sb)) {
1305 ext4_msg(sb, KERN_ERR,
1306 "Online resizing not supported with bigalloc");
1307 err = -EOPNOTSUPP;
1308 goto group_extend_out;
1309 }
1310
1311 err = mnt_want_write_file(filp);
1312 if (err)
1313 goto group_extend_out;
1314
1315 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
1316 if (EXT4_SB(sb)->s_journal) {
1317 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1318 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1319 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1320 }
1321 if (err == 0)
1322 err = err2;
1323 mnt_drop_write_file(filp);
1324 group_extend_out:
1325 err2 = ext4_resize_end(sb, false);
1326 if (err == 0)
1327 err = err2;
1328 return err;
1329 }
1330
1331 case EXT4_IOC_MOVE_EXT: {
1332 struct move_extent me;
1333 struct fd donor;
1334 int err;
1335
1336 if (!(filp->f_mode & FMODE_READ) ||
1337 !(filp->f_mode & FMODE_WRITE))
1338 return -EBADF;
1339
1340 if (copy_from_user(&me,
1341 (struct move_extent __user *)arg, sizeof(me)))
1342 return -EFAULT;
1343 me.moved_len = 0;
1344
1345 donor = fdget(me.donor_fd);
1346 if (!fd_file(donor))
1347 return -EBADF;
1348
1349 if (!(fd_file(donor)->f_mode & FMODE_WRITE)) {
1350 err = -EBADF;
1351 goto mext_out;
1352 }
1353
1354 if (ext4_has_feature_bigalloc(sb)) {
1355 ext4_msg(sb, KERN_ERR,
1356 "Online defrag not supported with bigalloc");
1357 err = -EOPNOTSUPP;
1358 goto mext_out;
1359 } else if (IS_DAX(inode)) {
1360 ext4_msg(sb, KERN_ERR,
1361 "Online defrag not supported with DAX");
1362 err = -EOPNOTSUPP;
1363 goto mext_out;
1364 }
1365
1366 err = mnt_want_write_file(filp);
1367 if (err)
1368 goto mext_out;
1369
1370 err = ext4_move_extents(filp, fd_file(donor), me.orig_start,
1371 me.donor_start, me.len, &me.moved_len);
1372 mnt_drop_write_file(filp);
1373
1374 if (copy_to_user((struct move_extent __user *)arg,
1375 &me, sizeof(me)))
1376 err = -EFAULT;
1377 mext_out:
1378 fdput(donor);
1379 return err;
1380 }
1381
1382 case EXT4_IOC_GROUP_ADD: {
1383 struct ext4_new_group_data input;
1384
1385 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
1386 sizeof(input)))
1387 return -EFAULT;
1388
1389 return ext4_ioctl_group_add(filp, &input);
1390 }
1391
1392 case EXT4_IOC_MIGRATE:
1393 {
1394 int err;
1395 if (!inode_owner_or_capable(idmap, inode))
1396 return -EACCES;
1397
1398 err = mnt_want_write_file(filp);
1399 if (err)
1400 return err;
1401 /*
1402 * inode_mutex prevent write and truncate on the file.
1403 * Read still goes through. We take i_data_sem in
1404 * ext4_ext_swap_inode_data before we switch the
1405 * inode format to prevent read.
1406 */
1407 inode_lock((inode));
1408 err = ext4_ext_migrate(inode);
1409 inode_unlock((inode));
1410 mnt_drop_write_file(filp);
1411 return err;
1412 }
1413
1414 case EXT4_IOC_ALLOC_DA_BLKS:
1415 {
1416 int err;
1417 if (!inode_owner_or_capable(idmap, inode))
1418 return -EACCES;
1419
1420 err = mnt_want_write_file(filp);
1421 if (err)
1422 return err;
1423 err = ext4_alloc_da_blocks(inode);
1424 mnt_drop_write_file(filp);
1425 return err;
1426 }
1427
1428 case EXT4_IOC_SWAP_BOOT:
1429 {
1430 int err;
1431 if (!(filp->f_mode & FMODE_WRITE))
1432 return -EBADF;
1433 err = mnt_want_write_file(filp);
1434 if (err)
1435 return err;
1436 err = swap_inode_boot_loader(sb, idmap, inode);
1437 mnt_drop_write_file(filp);
1438 return err;
1439 }
1440
1441 case EXT4_IOC_RESIZE_FS: {
1442 ext4_fsblk_t n_blocks_count;
1443 int err = 0, err2 = 0;
1444 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
1445
1446 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1447 sizeof(__u64))) {
1448 return -EFAULT;
1449 }
1450
1451 err = ext4_resize_begin(sb);
1452 if (err)
1453 return err;
1454
1455 err = mnt_want_write_file(filp);
1456 if (err)
1457 goto resizefs_out;
1458
1459 err = ext4_resize_fs(sb, n_blocks_count);
1460 if (EXT4_SB(sb)->s_journal) {
1461 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE, NULL);
1462 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1463 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1464 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1465 }
1466 if (err == 0)
1467 err = err2;
1468 mnt_drop_write_file(filp);
1469 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1470 ext4_has_group_desc_csum(sb) &&
1471 test_opt(sb, INIT_INODE_TABLE))
1472 err = ext4_register_li_request(sb, o_group);
1473
1474 resizefs_out:
1475 err2 = ext4_resize_end(sb, true);
1476 if (err == 0)
1477 err = err2;
1478 return err;
1479 }
1480
1481 case FITRIM:
1482 {
1483 struct fstrim_range range;
1484 int ret = 0;
1485
1486 if (!capable(CAP_SYS_ADMIN))
1487 return -EPERM;
1488
1489 if (!bdev_max_discard_sectors(sb->s_bdev))
1490 return -EOPNOTSUPP;
1491
1492 /*
1493 * We haven't replayed the journal, so we cannot use our
1494 * block-bitmap-guided storage zapping commands.
1495 */
1496 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1497 return -EROFS;
1498
1499 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1500 sizeof(range)))
1501 return -EFAULT;
1502
1503 ret = ext4_trim_fs(sb, &range);
1504 if (ret < 0)
1505 return ret;
1506
1507 if (copy_to_user((struct fstrim_range __user *)arg, &range,
1508 sizeof(range)))
1509 return -EFAULT;
1510
1511 return 0;
1512 }
1513 case EXT4_IOC_PRECACHE_EXTENTS:
1514 return ext4_ext_precache(inode);
1515
1516 case FS_IOC_SET_ENCRYPTION_POLICY:
1517 if (!ext4_has_feature_encrypt(sb))
1518 return -EOPNOTSUPP;
1519 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1520
1521 case FS_IOC_GET_ENCRYPTION_PWSALT:
1522 return ext4_ioctl_get_encryption_pwsalt(filp, (void __user *)arg);
1523
1524 case FS_IOC_GET_ENCRYPTION_POLICY:
1525 if (!ext4_has_feature_encrypt(sb))
1526 return -EOPNOTSUPP;
1527 return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1528
1529 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1530 if (!ext4_has_feature_encrypt(sb))
1531 return -EOPNOTSUPP;
1532 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg);
1533
1534 case FS_IOC_ADD_ENCRYPTION_KEY:
1535 if (!ext4_has_feature_encrypt(sb))
1536 return -EOPNOTSUPP;
1537 return fscrypt_ioctl_add_key(filp, (void __user *)arg);
1538
1539 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1540 if (!ext4_has_feature_encrypt(sb))
1541 return -EOPNOTSUPP;
1542 return fscrypt_ioctl_remove_key(filp, (void __user *)arg);
1543
1544 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1545 if (!ext4_has_feature_encrypt(sb))
1546 return -EOPNOTSUPP;
1547 return fscrypt_ioctl_remove_key_all_users(filp,
1548 (void __user *)arg);
1549 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1550 if (!ext4_has_feature_encrypt(sb))
1551 return -EOPNOTSUPP;
1552 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg);
1553
1554 case FS_IOC_GET_ENCRYPTION_NONCE:
1555 if (!ext4_has_feature_encrypt(sb))
1556 return -EOPNOTSUPP;
1557 return fscrypt_ioctl_get_nonce(filp, (void __user *)arg);
1558
1559 case EXT4_IOC_CLEAR_ES_CACHE:
1560 {
1561 if (!inode_owner_or_capable(idmap, inode))
1562 return -EACCES;
1563 ext4_clear_inode_es(inode);
1564 return 0;
1565 }
1566
1567 case EXT4_IOC_GETSTATE:
1568 {
1569 __u32 state = 0;
1570
1571 if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED))
1572 state |= EXT4_STATE_FLAG_EXT_PRECACHED;
1573 if (ext4_test_inode_state(inode, EXT4_STATE_NEW))
1574 state |= EXT4_STATE_FLAG_NEW;
1575 if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
1576 state |= EXT4_STATE_FLAG_NEWENTRY;
1577 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE))
1578 state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE;
1579
1580 return put_user(state, (__u32 __user *) arg);
1581 }
1582
1583 case EXT4_IOC_GET_ES_CACHE:
1584 return ext4_ioctl_get_es_cache(filp, arg);
1585
1586 case EXT4_IOC_SHUTDOWN:
1587 return ext4_ioctl_shutdown(sb, arg);
1588
1589 case FS_IOC_ENABLE_VERITY:
1590 if (!ext4_has_feature_verity(sb))
1591 return -EOPNOTSUPP;
1592 return fsverity_ioctl_enable(filp, (const void __user *)arg);
1593
1594 case FS_IOC_MEASURE_VERITY:
1595 if (!ext4_has_feature_verity(sb))
1596 return -EOPNOTSUPP;
1597 return fsverity_ioctl_measure(filp, (void __user *)arg);
1598
1599 case FS_IOC_READ_VERITY_METADATA:
1600 if (!ext4_has_feature_verity(sb))
1601 return -EOPNOTSUPP;
1602 return fsverity_ioctl_read_metadata(filp,
1603 (const void __user *)arg);
1604
1605 case EXT4_IOC_CHECKPOINT:
1606 return ext4_ioctl_checkpoint(filp, arg);
1607
1608 case FS_IOC_GETFSLABEL:
1609 return ext4_ioctl_getlabel(EXT4_SB(sb), (void __user *)arg);
1610
1611 case FS_IOC_SETFSLABEL:
1612 return ext4_ioctl_setlabel(filp,
1613 (const void __user *)arg);
1614
1615 case EXT4_IOC_GETFSUUID:
1616 return ext4_ioctl_getuuid(EXT4_SB(sb), (void __user *)arg);
1617 case EXT4_IOC_SETFSUUID:
1618 return ext4_ioctl_setuuid(filp, (const void __user *)arg);
1619 default:
1620 return -ENOTTY;
1621 }
1622 }
1623
ext4_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)1624 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1625 {
1626 return __ext4_ioctl(filp, cmd, arg);
1627 }
1628
1629 #ifdef CONFIG_COMPAT
ext4_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1630 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1631 {
1632 /* These are just misnamed, they actually get/put from/to user an int */
1633 switch (cmd) {
1634 case EXT4_IOC32_GETVERSION:
1635 cmd = EXT4_IOC_GETVERSION;
1636 break;
1637 case EXT4_IOC32_SETVERSION:
1638 cmd = EXT4_IOC_SETVERSION;
1639 break;
1640 case EXT4_IOC32_GROUP_EXTEND:
1641 cmd = EXT4_IOC_GROUP_EXTEND;
1642 break;
1643 case EXT4_IOC32_GETVERSION_OLD:
1644 cmd = EXT4_IOC_GETVERSION_OLD;
1645 break;
1646 case EXT4_IOC32_SETVERSION_OLD:
1647 cmd = EXT4_IOC_SETVERSION_OLD;
1648 break;
1649 case EXT4_IOC32_GETRSVSZ:
1650 cmd = EXT4_IOC_GETRSVSZ;
1651 break;
1652 case EXT4_IOC32_SETRSVSZ:
1653 cmd = EXT4_IOC_SETRSVSZ;
1654 break;
1655 case EXT4_IOC32_GROUP_ADD: {
1656 struct compat_ext4_new_group_input __user *uinput;
1657 struct ext4_new_group_data input;
1658 int err;
1659
1660 uinput = compat_ptr(arg);
1661 err = get_user(input.group, &uinput->group);
1662 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1663 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1664 err |= get_user(input.inode_table, &uinput->inode_table);
1665 err |= get_user(input.blocks_count, &uinput->blocks_count);
1666 err |= get_user(input.reserved_blocks,
1667 &uinput->reserved_blocks);
1668 if (err)
1669 return -EFAULT;
1670 return ext4_ioctl_group_add(file, &input);
1671 }
1672 case EXT4_IOC_MOVE_EXT:
1673 case EXT4_IOC_RESIZE_FS:
1674 case FITRIM:
1675 case EXT4_IOC_PRECACHE_EXTENTS:
1676 case FS_IOC_SET_ENCRYPTION_POLICY:
1677 case FS_IOC_GET_ENCRYPTION_PWSALT:
1678 case FS_IOC_GET_ENCRYPTION_POLICY:
1679 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1680 case FS_IOC_ADD_ENCRYPTION_KEY:
1681 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1682 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1683 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1684 case FS_IOC_GET_ENCRYPTION_NONCE:
1685 case EXT4_IOC_SHUTDOWN:
1686 case FS_IOC_GETFSMAP:
1687 case FS_IOC_ENABLE_VERITY:
1688 case FS_IOC_MEASURE_VERITY:
1689 case FS_IOC_READ_VERITY_METADATA:
1690 case EXT4_IOC_CLEAR_ES_CACHE:
1691 case EXT4_IOC_GETSTATE:
1692 case EXT4_IOC_GET_ES_CACHE:
1693 case EXT4_IOC_CHECKPOINT:
1694 case FS_IOC_GETFSLABEL:
1695 case FS_IOC_SETFSLABEL:
1696 case EXT4_IOC_GETFSUUID:
1697 case EXT4_IOC_SETFSUUID:
1698 break;
1699 default:
1700 return -ENOIOCTLCMD;
1701 }
1702 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1703 }
1704 #endif
1705
set_overhead(struct ext4_super_block * es,const void * arg)1706 static void set_overhead(struct ext4_super_block *es, const void *arg)
1707 {
1708 es->s_overhead_clusters = cpu_to_le32(*((unsigned long *) arg));
1709 }
1710
ext4_update_overhead(struct super_block * sb,bool force)1711 int ext4_update_overhead(struct super_block *sb, bool force)
1712 {
1713 struct ext4_sb_info *sbi = EXT4_SB(sb);
1714
1715 if (sb_rdonly(sb))
1716 return 0;
1717 if (!force &&
1718 (sbi->s_overhead == 0 ||
1719 sbi->s_overhead == le32_to_cpu(sbi->s_es->s_overhead_clusters)))
1720 return 0;
1721 return ext4_update_superblocks_fn(sb, set_overhead, &sbi->s_overhead);
1722 }
1723