1 // SPDX-License-Identifier: GPL-2.0 2 #ifndef NO_BCACHEFS_FS 3 4 #include "bcachefs.h" 5 #include "chardev.h" 6 #include "dirent.h" 7 #include "fs.h" 8 #include "fs-common.h" 9 #include "fs-ioctl.h" 10 #include "quota.h" 11 12 #include <linux/compat.h> 13 #include <linux/fsnotify.h> 14 #include <linux/mount.h> 15 #include <linux/namei.h> 16 #include <linux/security.h> 17 #include <linux/writeback.h> 18 19 #define FS_IOC_GOINGDOWN _IOR('X', 125, __u32) 20 #define FSOP_GOING_FLAGS_DEFAULT 0x0 /* going down */ 21 #define FSOP_GOING_FLAGS_LOGFLUSH 0x1 /* flush log but not data */ 22 #define FSOP_GOING_FLAGS_NOLOGFLUSH 0x2 /* don't flush log nor data */ 23 24 struct flags_set { 25 unsigned mask; 26 unsigned flags; 27 28 unsigned projid; 29 30 bool set_projinherit; 31 bool projinherit; 32 }; 33 34 static int bch2_inode_flags_set(struct btree_trans *trans, 35 struct bch_inode_info *inode, 36 struct bch_inode_unpacked *bi, 37 void *p) 38 { 39 struct bch_fs *c = inode->v.i_sb->s_fs_info; 40 /* 41 * We're relying on btree locking here for exclusion with other ioctl 42 * calls - use the flags in the btree (@bi), not inode->i_flags: 43 */ 44 struct flags_set *s = p; 45 unsigned newflags = s->flags; 46 unsigned oldflags = bi->bi_flags & s->mask; 47 48 if (((newflags ^ oldflags) & (BCH_INODE_append|BCH_INODE_immutable)) && 49 !capable(CAP_LINUX_IMMUTABLE)) 50 return -EPERM; 51 52 if (!S_ISREG(bi->bi_mode) && 53 !S_ISDIR(bi->bi_mode) && 54 (newflags & (BCH_INODE_nodump|BCH_INODE_noatime)) != newflags) 55 return -EINVAL; 56 57 if (s->set_projinherit) { 58 bi->bi_fields_set &= ~(1 << Inode_opt_project); 59 bi->bi_fields_set |= ((int) s->projinherit << Inode_opt_project); 60 } 61 62 bi->bi_flags &= ~s->mask; 63 bi->bi_flags |= newflags; 64 65 bi->bi_ctime = timespec_to_bch2_time(c, current_time(&inode->v)); 66 return 0; 67 } 68 69 static int bch2_ioc_getflags(struct bch_inode_info *inode, int __user *arg) 70 { 71 unsigned flags = map_flags(bch_flags_to_uflags, inode->ei_inode.bi_flags); 72 73 return put_user(flags, arg); 74 } 75 76 static int bch2_ioc_setflags(struct bch_fs *c, 77 struct file *file, 78 struct bch_inode_info *inode, 79 void __user *arg) 80 { 81 struct flags_set s = { .mask = map_defined(bch_flags_to_uflags) }; 82 unsigned uflags; 83 int ret; 84 85 if (get_user(uflags, (int __user *) arg)) 86 return -EFAULT; 87 88 s.flags = map_flags_rev(bch_flags_to_uflags, uflags); 89 if (uflags) 90 return -EOPNOTSUPP; 91 92 ret = mnt_want_write_file(file); 93 if (ret) 94 return ret; 95 96 inode_lock(&inode->v); 97 if (!inode_owner_or_capable(file_mnt_idmap(file), &inode->v)) { 98 ret = -EACCES; 99 goto setflags_out; 100 } 101 102 mutex_lock(&inode->ei_update_lock); 103 ret = bch2_subvol_is_ro(c, inode->ei_subvol) ?: 104 bch2_write_inode(c, inode, bch2_inode_flags_set, &s, 105 ATTR_CTIME); 106 mutex_unlock(&inode->ei_update_lock); 107 108 setflags_out: 109 inode_unlock(&inode->v); 110 mnt_drop_write_file(file); 111 return ret; 112 } 113 114 static int bch2_ioc_fsgetxattr(struct bch_inode_info *inode, 115 struct fsxattr __user *arg) 116 { 117 struct fsxattr fa = { 0 }; 118 119 fa.fsx_xflags = map_flags(bch_flags_to_xflags, inode->ei_inode.bi_flags); 120 121 if (inode->ei_inode.bi_fields_set & (1 << Inode_opt_project)) 122 fa.fsx_xflags |= FS_XFLAG_PROJINHERIT; 123 124 fa.fsx_projid = inode->ei_qid.q[QTYP_PRJ]; 125 126 if (copy_to_user(arg, &fa, sizeof(fa))) 127 return -EFAULT; 128 129 return 0; 130 } 131 132 static int fssetxattr_inode_update_fn(struct btree_trans *trans, 133 struct bch_inode_info *inode, 134 struct bch_inode_unpacked *bi, 135 void *p) 136 { 137 struct flags_set *s = p; 138 139 if (s->projid != bi->bi_project) { 140 bi->bi_fields_set |= 1U << Inode_opt_project; 141 bi->bi_project = s->projid; 142 } 143 144 return bch2_inode_flags_set(trans, inode, bi, p); 145 } 146 147 static int bch2_ioc_fssetxattr(struct bch_fs *c, 148 struct file *file, 149 struct bch_inode_info *inode, 150 struct fsxattr __user *arg) 151 { 152 struct flags_set s = { .mask = map_defined(bch_flags_to_xflags) }; 153 struct fsxattr fa; 154 int ret; 155 156 if (copy_from_user(&fa, arg, sizeof(fa))) 157 return -EFAULT; 158 159 s.set_projinherit = true; 160 s.projinherit = (fa.fsx_xflags & FS_XFLAG_PROJINHERIT) != 0; 161 fa.fsx_xflags &= ~FS_XFLAG_PROJINHERIT; 162 163 s.flags = map_flags_rev(bch_flags_to_xflags, fa.fsx_xflags); 164 if (fa.fsx_xflags) 165 return -EOPNOTSUPP; 166 167 if (fa.fsx_projid >= U32_MAX) 168 return -EINVAL; 169 170 /* 171 * inode fields accessible via the xattr interface are stored with a +1 172 * bias, so that 0 means unset: 173 */ 174 s.projid = fa.fsx_projid + 1; 175 176 ret = mnt_want_write_file(file); 177 if (ret) 178 return ret; 179 180 inode_lock(&inode->v); 181 if (!inode_owner_or_capable(file_mnt_idmap(file), &inode->v)) { 182 ret = -EACCES; 183 goto err; 184 } 185 186 mutex_lock(&inode->ei_update_lock); 187 ret = bch2_subvol_is_ro(c, inode->ei_subvol) ?: 188 bch2_set_projid(c, inode, fa.fsx_projid) ?: 189 bch2_write_inode(c, inode, fssetxattr_inode_update_fn, &s, 190 ATTR_CTIME); 191 mutex_unlock(&inode->ei_update_lock); 192 err: 193 inode_unlock(&inode->v); 194 mnt_drop_write_file(file); 195 return ret; 196 } 197 198 static int bch2_reinherit_attrs_fn(struct btree_trans *trans, 199 struct bch_inode_info *inode, 200 struct bch_inode_unpacked *bi, 201 void *p) 202 { 203 struct bch_inode_info *dir = p; 204 205 return !bch2_reinherit_attrs(bi, &dir->ei_inode); 206 } 207 208 static int bch2_ioc_reinherit_attrs(struct bch_fs *c, 209 struct file *file, 210 struct bch_inode_info *src, 211 const char __user *name) 212 { 213 struct bch_hash_info hash = bch2_hash_info_init(c, &src->ei_inode); 214 struct bch_inode_info *dst; 215 struct inode *vinode = NULL; 216 char *kname = NULL; 217 struct qstr qstr; 218 int ret = 0; 219 subvol_inum inum; 220 221 kname = kmalloc(BCH_NAME_MAX + 1, GFP_KERNEL); 222 if (!kname) 223 return -ENOMEM; 224 225 ret = strncpy_from_user(kname, name, BCH_NAME_MAX); 226 if (unlikely(ret < 0)) 227 goto err1; 228 229 qstr.len = ret; 230 qstr.name = kname; 231 232 ret = bch2_dirent_lookup(c, inode_inum(src), &hash, &qstr, &inum); 233 if (ret) 234 goto err1; 235 236 vinode = bch2_vfs_inode_get(c, inum); 237 ret = PTR_ERR_OR_ZERO(vinode); 238 if (ret) 239 goto err1; 240 241 dst = to_bch_ei(vinode); 242 243 ret = mnt_want_write_file(file); 244 if (ret) 245 goto err2; 246 247 bch2_lock_inodes(INODE_UPDATE_LOCK, src, dst); 248 249 if (inode_attr_changing(src, dst, Inode_opt_project)) { 250 ret = bch2_fs_quota_transfer(c, dst, 251 src->ei_qid, 252 1 << QTYP_PRJ, 253 KEY_TYPE_QUOTA_PREALLOC); 254 if (ret) 255 goto err3; 256 } 257 258 ret = bch2_write_inode(c, dst, bch2_reinherit_attrs_fn, src, 0); 259 err3: 260 bch2_unlock_inodes(INODE_UPDATE_LOCK, src, dst); 261 262 /* return true if we did work */ 263 if (ret >= 0) 264 ret = !ret; 265 266 mnt_drop_write_file(file); 267 err2: 268 iput(vinode); 269 err1: 270 kfree(kname); 271 272 return ret; 273 } 274 275 static int bch2_ioc_getversion(struct bch_inode_info *inode, u32 __user *arg) 276 { 277 return put_user(inode->v.i_generation, arg); 278 } 279 280 static int bch2_ioc_getlabel(struct bch_fs *c, char __user *user_label) 281 { 282 int ret; 283 size_t len; 284 char label[BCH_SB_LABEL_SIZE]; 285 286 BUILD_BUG_ON(BCH_SB_LABEL_SIZE >= FSLABEL_MAX); 287 288 mutex_lock(&c->sb_lock); 289 memcpy(label, c->disk_sb.sb->label, BCH_SB_LABEL_SIZE); 290 mutex_unlock(&c->sb_lock); 291 292 len = strnlen(label, BCH_SB_LABEL_SIZE); 293 if (len == BCH_SB_LABEL_SIZE) { 294 bch_warn(c, 295 "label is too long, return the first %zu bytes", 296 --len); 297 } 298 299 ret = copy_to_user(user_label, label, len); 300 301 return ret ? -EFAULT : 0; 302 } 303 304 static int bch2_ioc_setlabel(struct bch_fs *c, 305 struct file *file, 306 struct bch_inode_info *inode, 307 const char __user *user_label) 308 { 309 int ret; 310 char label[BCH_SB_LABEL_SIZE]; 311 312 if (!capable(CAP_SYS_ADMIN)) 313 return -EPERM; 314 315 if (copy_from_user(label, user_label, sizeof(label))) 316 return -EFAULT; 317 318 if (strnlen(label, BCH_SB_LABEL_SIZE) == BCH_SB_LABEL_SIZE) { 319 bch_err(c, 320 "unable to set label with more than %d bytes", 321 BCH_SB_LABEL_SIZE - 1); 322 return -EINVAL; 323 } 324 325 ret = mnt_want_write_file(file); 326 if (ret) 327 return ret; 328 329 mutex_lock(&c->sb_lock); 330 strscpy(c->disk_sb.sb->label, label, BCH_SB_LABEL_SIZE); 331 mutex_unlock(&c->sb_lock); 332 333 ret = bch2_write_super(c); 334 335 mnt_drop_write_file(file); 336 return ret; 337 } 338 339 static int bch2_ioc_goingdown(struct bch_fs *c, u32 __user *arg) 340 { 341 u32 flags; 342 int ret = 0; 343 344 if (!capable(CAP_SYS_ADMIN)) 345 return -EPERM; 346 347 if (get_user(flags, arg)) 348 return -EFAULT; 349 350 bch_notice(c, "shutdown by ioctl type %u", flags); 351 352 switch (flags) { 353 case FSOP_GOING_FLAGS_DEFAULT: 354 ret = bdev_freeze(c->vfs_sb->s_bdev); 355 if (ret) 356 break; 357 bch2_journal_flush(&c->journal); 358 bch2_fs_emergency_read_only(c); 359 bdev_thaw(c->vfs_sb->s_bdev); 360 break; 361 case FSOP_GOING_FLAGS_LOGFLUSH: 362 bch2_journal_flush(&c->journal); 363 fallthrough; 364 case FSOP_GOING_FLAGS_NOLOGFLUSH: 365 bch2_fs_emergency_read_only(c); 366 break; 367 default: 368 ret = -EINVAL; 369 break; 370 } 371 372 return ret; 373 } 374 375 static long bch2_ioctl_subvolume_create(struct bch_fs *c, struct file *filp, 376 struct bch_ioctl_subvolume arg) 377 { 378 struct inode *dir; 379 struct bch_inode_info *inode; 380 struct user_namespace *s_user_ns; 381 struct dentry *dst_dentry; 382 struct path src_path, dst_path; 383 int how = LOOKUP_FOLLOW; 384 int error; 385 subvol_inum snapshot_src = { 0 }; 386 unsigned lookup_flags = 0; 387 unsigned create_flags = BCH_CREATE_SUBVOL; 388 389 if (arg.flags & ~(BCH_SUBVOL_SNAPSHOT_CREATE| 390 BCH_SUBVOL_SNAPSHOT_RO)) 391 return -EINVAL; 392 393 if (!(arg.flags & BCH_SUBVOL_SNAPSHOT_CREATE) && 394 (arg.src_ptr || 395 (arg.flags & BCH_SUBVOL_SNAPSHOT_RO))) 396 return -EINVAL; 397 398 if (arg.flags & BCH_SUBVOL_SNAPSHOT_CREATE) 399 create_flags |= BCH_CREATE_SNAPSHOT; 400 401 if (arg.flags & BCH_SUBVOL_SNAPSHOT_RO) 402 create_flags |= BCH_CREATE_SNAPSHOT_RO; 403 404 if (arg.flags & BCH_SUBVOL_SNAPSHOT_CREATE) { 405 /* sync_inodes_sb enforce s_umount is locked */ 406 down_read(&c->vfs_sb->s_umount); 407 sync_inodes_sb(c->vfs_sb); 408 up_read(&c->vfs_sb->s_umount); 409 } 410 retry: 411 if (arg.src_ptr) { 412 error = user_path_at(arg.dirfd, 413 (const char __user *)(unsigned long)arg.src_ptr, 414 how, &src_path); 415 if (error) 416 goto err1; 417 418 if (src_path.dentry->d_sb->s_fs_info != c) { 419 path_put(&src_path); 420 error = -EXDEV; 421 goto err1; 422 } 423 424 snapshot_src = inode_inum(to_bch_ei(src_path.dentry->d_inode)); 425 } 426 427 dst_dentry = user_path_create(arg.dirfd, 428 (const char __user *)(unsigned long)arg.dst_ptr, 429 &dst_path, lookup_flags); 430 error = PTR_ERR_OR_ZERO(dst_dentry); 431 if (error) 432 goto err2; 433 434 if (dst_dentry->d_sb->s_fs_info != c) { 435 error = -EXDEV; 436 goto err3; 437 } 438 439 if (dst_dentry->d_inode) { 440 error = -BCH_ERR_EEXIST_subvolume_create; 441 goto err3; 442 } 443 444 dir = dst_path.dentry->d_inode; 445 if (IS_DEADDIR(dir)) { 446 error = -BCH_ERR_ENOENT_directory_dead; 447 goto err3; 448 } 449 450 s_user_ns = dir->i_sb->s_user_ns; 451 if (!kuid_has_mapping(s_user_ns, current_fsuid()) || 452 !kgid_has_mapping(s_user_ns, current_fsgid())) { 453 error = -EOVERFLOW; 454 goto err3; 455 } 456 457 error = inode_permission(file_mnt_idmap(filp), 458 dir, MAY_WRITE | MAY_EXEC); 459 if (error) 460 goto err3; 461 462 if (!IS_POSIXACL(dir)) 463 arg.mode &= ~current_umask(); 464 465 error = security_path_mkdir(&dst_path, dst_dentry, arg.mode); 466 if (error) 467 goto err3; 468 469 if ((arg.flags & BCH_SUBVOL_SNAPSHOT_CREATE) && 470 !arg.src_ptr) 471 snapshot_src.subvol = inode_inum(to_bch_ei(dir)).subvol; 472 473 down_write(&c->snapshot_create_lock); 474 inode = __bch2_create(file_mnt_idmap(filp), to_bch_ei(dir), 475 dst_dentry, arg.mode|S_IFDIR, 476 0, snapshot_src, create_flags); 477 up_write(&c->snapshot_create_lock); 478 479 error = PTR_ERR_OR_ZERO(inode); 480 if (error) 481 goto err3; 482 483 d_instantiate(dst_dentry, &inode->v); 484 fsnotify_mkdir(dir, dst_dentry); 485 err3: 486 done_path_create(&dst_path, dst_dentry); 487 err2: 488 if (arg.src_ptr) 489 path_put(&src_path); 490 491 if (retry_estale(error, lookup_flags)) { 492 lookup_flags |= LOOKUP_REVAL; 493 goto retry; 494 } 495 err1: 496 return error; 497 } 498 499 static long bch2_ioctl_subvolume_destroy(struct bch_fs *c, struct file *filp, 500 struct bch_ioctl_subvolume arg) 501 { 502 const char __user *name = (void __user *)(unsigned long)arg.dst_ptr; 503 struct path path; 504 struct inode *dir; 505 struct dentry *victim; 506 int ret = 0; 507 508 if (arg.flags) 509 return -EINVAL; 510 511 victim = user_path_locked_at(arg.dirfd, name, &path); 512 if (IS_ERR(victim)) 513 return PTR_ERR(victim); 514 515 dir = d_inode(path.dentry); 516 if (victim->d_sb->s_fs_info != c) { 517 ret = -EXDEV; 518 goto err; 519 } 520 if (!d_is_positive(victim)) { 521 ret = -ENOENT; 522 goto err; 523 } 524 ret = __bch2_unlink(dir, victim, true); 525 if (!ret) { 526 fsnotify_rmdir(dir, victim); 527 d_delete(victim); 528 } 529 err: 530 inode_unlock(dir); 531 dput(victim); 532 path_put(&path); 533 return ret; 534 } 535 536 long bch2_fs_file_ioctl(struct file *file, unsigned cmd, unsigned long arg) 537 { 538 struct bch_inode_info *inode = file_bch_inode(file); 539 struct bch_fs *c = inode->v.i_sb->s_fs_info; 540 long ret; 541 542 switch (cmd) { 543 case FS_IOC_GETFLAGS: 544 ret = bch2_ioc_getflags(inode, (int __user *) arg); 545 break; 546 547 case FS_IOC_SETFLAGS: 548 ret = bch2_ioc_setflags(c, file, inode, (int __user *) arg); 549 break; 550 551 case FS_IOC_FSGETXATTR: 552 ret = bch2_ioc_fsgetxattr(inode, (void __user *) arg); 553 break; 554 555 case FS_IOC_FSSETXATTR: 556 ret = bch2_ioc_fssetxattr(c, file, inode, 557 (void __user *) arg); 558 break; 559 560 case BCHFS_IOC_REINHERIT_ATTRS: 561 ret = bch2_ioc_reinherit_attrs(c, file, inode, 562 (void __user *) arg); 563 break; 564 565 case FS_IOC_GETVERSION: 566 ret = bch2_ioc_getversion(inode, (u32 __user *) arg); 567 break; 568 569 case FS_IOC_SETVERSION: 570 ret = -ENOTTY; 571 break; 572 573 case FS_IOC_GETFSLABEL: 574 ret = bch2_ioc_getlabel(c, (void __user *) arg); 575 break; 576 577 case FS_IOC_SETFSLABEL: 578 ret = bch2_ioc_setlabel(c, file, inode, (const void __user *) arg); 579 break; 580 581 case FS_IOC_GOINGDOWN: 582 ret = bch2_ioc_goingdown(c, (u32 __user *) arg); 583 break; 584 585 case BCH_IOCTL_SUBVOLUME_CREATE: { 586 struct bch_ioctl_subvolume i; 587 588 ret = copy_from_user(&i, (void __user *) arg, sizeof(i)) 589 ? -EFAULT 590 : bch2_ioctl_subvolume_create(c, file, i); 591 break; 592 } 593 594 case BCH_IOCTL_SUBVOLUME_DESTROY: { 595 struct bch_ioctl_subvolume i; 596 597 ret = copy_from_user(&i, (void __user *) arg, sizeof(i)) 598 ? -EFAULT 599 : bch2_ioctl_subvolume_destroy(c, file, i); 600 break; 601 } 602 603 default: 604 ret = bch2_fs_ioctl(c, cmd, (void __user *) arg); 605 break; 606 } 607 608 return bch2_err_class(ret); 609 } 610 611 #ifdef CONFIG_COMPAT 612 long bch2_compat_fs_ioctl(struct file *file, unsigned cmd, unsigned long arg) 613 { 614 /* These are just misnamed, they actually get/put from/to user an int */ 615 switch (cmd) { 616 case FS_IOC32_GETFLAGS: 617 cmd = FS_IOC_GETFLAGS; 618 break; 619 case FS_IOC32_SETFLAGS: 620 cmd = FS_IOC_SETFLAGS; 621 break; 622 case FS_IOC32_GETVERSION: 623 cmd = FS_IOC_GETVERSION; 624 break; 625 case FS_IOC_GETFSLABEL: 626 case FS_IOC_SETFSLABEL: 627 break; 628 default: 629 return -ENOIOCTLCMD; 630 } 631 return bch2_fs_file_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); 632 } 633 #endif 634 635 #endif /* NO_BCACHEFS_FS */ 636