1 // SPDX-License-Identifier: GPL-2.0 2 #ifndef NO_BCACHEFS_FS 3 4 #include "bcachefs.h" 5 #include "chardev.h" 6 #include "dirent.h" 7 #include "fs.h" 8 #include "fs-common.h" 9 #include "fs-ioctl.h" 10 #include "quota.h" 11 12 #include <linux/compat.h> 13 #include <linux/fsnotify.h> 14 #include <linux/mount.h> 15 #include <linux/namei.h> 16 #include <linux/security.h> 17 #include <linux/writeback.h> 18 19 #define FS_IOC_GOINGDOWN _IOR('X', 125, __u32) 20 #define FSOP_GOING_FLAGS_DEFAULT 0x0 /* going down */ 21 #define FSOP_GOING_FLAGS_LOGFLUSH 0x1 /* flush log but not data */ 22 #define FSOP_GOING_FLAGS_NOLOGFLUSH 0x2 /* don't flush log nor data */ 23 24 struct flags_set { 25 unsigned mask; 26 unsigned flags; 27 28 unsigned projid; 29 30 bool set_projinherit; 31 bool projinherit; 32 }; 33 34 static int bch2_inode_flags_set(struct btree_trans *trans, 35 struct bch_inode_info *inode, 36 struct bch_inode_unpacked *bi, 37 void *p) 38 { 39 struct bch_fs *c = inode->v.i_sb->s_fs_info; 40 /* 41 * We're relying on btree locking here for exclusion with other ioctl 42 * calls - use the flags in the btree (@bi), not inode->i_flags: 43 */ 44 struct flags_set *s = p; 45 unsigned newflags = s->flags; 46 unsigned oldflags = bi->bi_flags & s->mask; 47 48 if (((newflags ^ oldflags) & (BCH_INODE_APPEND|BCH_INODE_IMMUTABLE)) && 49 !capable(CAP_LINUX_IMMUTABLE)) 50 return -EPERM; 51 52 if (!S_ISREG(bi->bi_mode) && 53 !S_ISDIR(bi->bi_mode) && 54 (newflags & (BCH_INODE_NODUMP|BCH_INODE_NOATIME)) != newflags) 55 return -EINVAL; 56 57 if (s->set_projinherit) { 58 bi->bi_fields_set &= ~(1 << Inode_opt_project); 59 bi->bi_fields_set |= ((int) s->projinherit << Inode_opt_project); 60 } 61 62 bi->bi_flags &= ~s->mask; 63 bi->bi_flags |= newflags; 64 65 bi->bi_ctime = timespec_to_bch2_time(c, current_time(&inode->v)); 66 return 0; 67 } 68 69 static int bch2_ioc_getflags(struct bch_inode_info *inode, int __user *arg) 70 { 71 unsigned flags = map_flags(bch_flags_to_uflags, inode->ei_inode.bi_flags); 72 73 return put_user(flags, arg); 74 } 75 76 static int bch2_ioc_setflags(struct bch_fs *c, 77 struct file *file, 78 struct bch_inode_info *inode, 79 void __user *arg) 80 { 81 struct flags_set s = { .mask = map_defined(bch_flags_to_uflags) }; 82 unsigned uflags; 83 int ret; 84 85 if (get_user(uflags, (int __user *) arg)) 86 return -EFAULT; 87 88 s.flags = map_flags_rev(bch_flags_to_uflags, uflags); 89 if (uflags) 90 return -EOPNOTSUPP; 91 92 ret = mnt_want_write_file(file); 93 if (ret) 94 return ret; 95 96 inode_lock(&inode->v); 97 if (!inode_owner_or_capable(file_mnt_idmap(file), &inode->v)) { 98 ret = -EACCES; 99 goto setflags_out; 100 } 101 102 mutex_lock(&inode->ei_update_lock); 103 ret = bch2_write_inode(c, inode, bch2_inode_flags_set, &s, 104 ATTR_CTIME); 105 mutex_unlock(&inode->ei_update_lock); 106 107 setflags_out: 108 inode_unlock(&inode->v); 109 mnt_drop_write_file(file); 110 return ret; 111 } 112 113 static int bch2_ioc_fsgetxattr(struct bch_inode_info *inode, 114 struct fsxattr __user *arg) 115 { 116 struct fsxattr fa = { 0 }; 117 118 fa.fsx_xflags = map_flags(bch_flags_to_xflags, inode->ei_inode.bi_flags); 119 120 if (inode->ei_inode.bi_fields_set & (1 << Inode_opt_project)) 121 fa.fsx_xflags |= FS_XFLAG_PROJINHERIT; 122 123 fa.fsx_projid = inode->ei_qid.q[QTYP_PRJ]; 124 125 if (copy_to_user(arg, &fa, sizeof(fa))) 126 return -EFAULT; 127 128 return 0; 129 } 130 131 static int fssetxattr_inode_update_fn(struct btree_trans *trans, 132 struct bch_inode_info *inode, 133 struct bch_inode_unpacked *bi, 134 void *p) 135 { 136 struct flags_set *s = p; 137 138 if (s->projid != bi->bi_project) { 139 bi->bi_fields_set |= 1U << Inode_opt_project; 140 bi->bi_project = s->projid; 141 } 142 143 return bch2_inode_flags_set(trans, inode, bi, p); 144 } 145 146 static int bch2_ioc_fssetxattr(struct bch_fs *c, 147 struct file *file, 148 struct bch_inode_info *inode, 149 struct fsxattr __user *arg) 150 { 151 struct flags_set s = { .mask = map_defined(bch_flags_to_xflags) }; 152 struct fsxattr fa; 153 int ret; 154 155 if (copy_from_user(&fa, arg, sizeof(fa))) 156 return -EFAULT; 157 158 s.set_projinherit = true; 159 s.projinherit = (fa.fsx_xflags & FS_XFLAG_PROJINHERIT) != 0; 160 fa.fsx_xflags &= ~FS_XFLAG_PROJINHERIT; 161 162 s.flags = map_flags_rev(bch_flags_to_xflags, fa.fsx_xflags); 163 if (fa.fsx_xflags) 164 return -EOPNOTSUPP; 165 166 if (fa.fsx_projid >= U32_MAX) 167 return -EINVAL; 168 169 /* 170 * inode fields accessible via the xattr interface are stored with a +1 171 * bias, so that 0 means unset: 172 */ 173 s.projid = fa.fsx_projid + 1; 174 175 ret = mnt_want_write_file(file); 176 if (ret) 177 return ret; 178 179 inode_lock(&inode->v); 180 if (!inode_owner_or_capable(file_mnt_idmap(file), &inode->v)) { 181 ret = -EACCES; 182 goto err; 183 } 184 185 mutex_lock(&inode->ei_update_lock); 186 ret = bch2_set_projid(c, inode, fa.fsx_projid); 187 if (ret) 188 goto err_unlock; 189 190 ret = bch2_write_inode(c, inode, fssetxattr_inode_update_fn, &s, 191 ATTR_CTIME); 192 err_unlock: 193 mutex_unlock(&inode->ei_update_lock); 194 err: 195 inode_unlock(&inode->v); 196 mnt_drop_write_file(file); 197 return ret; 198 } 199 200 static int bch2_reinherit_attrs_fn(struct btree_trans *trans, 201 struct bch_inode_info *inode, 202 struct bch_inode_unpacked *bi, 203 void *p) 204 { 205 struct bch_inode_info *dir = p; 206 207 return !bch2_reinherit_attrs(bi, &dir->ei_inode); 208 } 209 210 static int bch2_ioc_reinherit_attrs(struct bch_fs *c, 211 struct file *file, 212 struct bch_inode_info *src, 213 const char __user *name) 214 { 215 struct bch_hash_info hash = bch2_hash_info_init(c, &src->ei_inode); 216 struct bch_inode_info *dst; 217 struct inode *vinode = NULL; 218 char *kname = NULL; 219 struct qstr qstr; 220 int ret = 0; 221 subvol_inum inum; 222 223 kname = kmalloc(BCH_NAME_MAX + 1, GFP_KERNEL); 224 if (!kname) 225 return -ENOMEM; 226 227 ret = strncpy_from_user(kname, name, BCH_NAME_MAX); 228 if (unlikely(ret < 0)) 229 goto err1; 230 231 qstr.len = ret; 232 qstr.name = kname; 233 234 ret = bch2_dirent_lookup(c, inode_inum(src), &hash, &qstr, &inum); 235 if (ret) 236 goto err1; 237 238 vinode = bch2_vfs_inode_get(c, inum); 239 ret = PTR_ERR_OR_ZERO(vinode); 240 if (ret) 241 goto err1; 242 243 dst = to_bch_ei(vinode); 244 245 ret = mnt_want_write_file(file); 246 if (ret) 247 goto err2; 248 249 bch2_lock_inodes(INODE_UPDATE_LOCK, src, dst); 250 251 if (inode_attr_changing(src, dst, Inode_opt_project)) { 252 ret = bch2_fs_quota_transfer(c, dst, 253 src->ei_qid, 254 1 << QTYP_PRJ, 255 KEY_TYPE_QUOTA_PREALLOC); 256 if (ret) 257 goto err3; 258 } 259 260 ret = bch2_write_inode(c, dst, bch2_reinherit_attrs_fn, src, 0); 261 err3: 262 bch2_unlock_inodes(INODE_UPDATE_LOCK, src, dst); 263 264 /* return true if we did work */ 265 if (ret >= 0) 266 ret = !ret; 267 268 mnt_drop_write_file(file); 269 err2: 270 iput(vinode); 271 err1: 272 kfree(kname); 273 274 return ret; 275 } 276 277 static int bch2_ioc_goingdown(struct bch_fs *c, u32 __user *arg) 278 { 279 u32 flags; 280 int ret = 0; 281 282 if (!capable(CAP_SYS_ADMIN)) 283 return -EPERM; 284 285 if (get_user(flags, arg)) 286 return -EFAULT; 287 288 bch_notice(c, "shutdown by ioctl type %u", flags); 289 290 down_write(&c->vfs_sb->s_umount); 291 292 switch (flags) { 293 case FSOP_GOING_FLAGS_DEFAULT: 294 ret = freeze_bdev(c->vfs_sb->s_bdev); 295 if (ret) 296 goto err; 297 298 bch2_journal_flush(&c->journal); 299 c->vfs_sb->s_flags |= SB_RDONLY; 300 bch2_fs_emergency_read_only(c); 301 thaw_bdev(c->vfs_sb->s_bdev); 302 break; 303 304 case FSOP_GOING_FLAGS_LOGFLUSH: 305 bch2_journal_flush(&c->journal); 306 fallthrough; 307 308 case FSOP_GOING_FLAGS_NOLOGFLUSH: 309 c->vfs_sb->s_flags |= SB_RDONLY; 310 bch2_fs_emergency_read_only(c); 311 break; 312 default: 313 ret = -EINVAL; 314 break; 315 } 316 err: 317 up_write(&c->vfs_sb->s_umount); 318 return ret; 319 } 320 321 static long __bch2_ioctl_subvolume_create(struct bch_fs *c, struct file *filp, 322 struct bch_ioctl_subvolume arg) 323 { 324 struct inode *dir; 325 struct bch_inode_info *inode; 326 struct user_namespace *s_user_ns; 327 struct dentry *dst_dentry; 328 struct path src_path, dst_path; 329 int how = LOOKUP_FOLLOW; 330 int error; 331 subvol_inum snapshot_src = { 0 }; 332 unsigned lookup_flags = 0; 333 unsigned create_flags = BCH_CREATE_SUBVOL; 334 335 if (arg.flags & ~(BCH_SUBVOL_SNAPSHOT_CREATE| 336 BCH_SUBVOL_SNAPSHOT_RO)) 337 return -EINVAL; 338 339 if (!(arg.flags & BCH_SUBVOL_SNAPSHOT_CREATE) && 340 (arg.src_ptr || 341 (arg.flags & BCH_SUBVOL_SNAPSHOT_RO))) 342 return -EINVAL; 343 344 if (arg.flags & BCH_SUBVOL_SNAPSHOT_CREATE) 345 create_flags |= BCH_CREATE_SNAPSHOT; 346 347 if (arg.flags & BCH_SUBVOL_SNAPSHOT_RO) 348 create_flags |= BCH_CREATE_SNAPSHOT_RO; 349 350 /* why do we need this lock? */ 351 down_read(&c->vfs_sb->s_umount); 352 353 if (arg.flags & BCH_SUBVOL_SNAPSHOT_CREATE) 354 sync_inodes_sb(c->vfs_sb); 355 retry: 356 if (arg.src_ptr) { 357 error = user_path_at(arg.dirfd, 358 (const char __user *)(unsigned long)arg.src_ptr, 359 how, &src_path); 360 if (error) 361 goto err1; 362 363 if (src_path.dentry->d_sb->s_fs_info != c) { 364 path_put(&src_path); 365 error = -EXDEV; 366 goto err1; 367 } 368 369 snapshot_src = inode_inum(to_bch_ei(src_path.dentry->d_inode)); 370 } 371 372 dst_dentry = user_path_create(arg.dirfd, 373 (const char __user *)(unsigned long)arg.dst_ptr, 374 &dst_path, lookup_flags); 375 error = PTR_ERR_OR_ZERO(dst_dentry); 376 if (error) 377 goto err2; 378 379 if (dst_dentry->d_sb->s_fs_info != c) { 380 error = -EXDEV; 381 goto err3; 382 } 383 384 if (dst_dentry->d_inode) { 385 error = -EEXIST; 386 goto err3; 387 } 388 389 dir = dst_path.dentry->d_inode; 390 if (IS_DEADDIR(dir)) { 391 error = -BCH_ERR_ENOENT_directory_dead; 392 goto err3; 393 } 394 395 s_user_ns = dir->i_sb->s_user_ns; 396 if (!kuid_has_mapping(s_user_ns, current_fsuid()) || 397 !kgid_has_mapping(s_user_ns, current_fsgid())) { 398 error = -EOVERFLOW; 399 goto err3; 400 } 401 402 error = inode_permission(file_mnt_idmap(filp), 403 dir, MAY_WRITE | MAY_EXEC); 404 if (error) 405 goto err3; 406 407 if (!IS_POSIXACL(dir)) 408 arg.mode &= ~current_umask(); 409 410 error = security_path_mkdir(&dst_path, dst_dentry, arg.mode); 411 if (error) 412 goto err3; 413 414 if ((arg.flags & BCH_SUBVOL_SNAPSHOT_CREATE) && 415 !arg.src_ptr) 416 snapshot_src.subvol = to_bch_ei(dir)->ei_inode.bi_subvol; 417 418 inode = __bch2_create(file_mnt_idmap(filp), to_bch_ei(dir), 419 dst_dentry, arg.mode|S_IFDIR, 420 0, snapshot_src, create_flags); 421 error = PTR_ERR_OR_ZERO(inode); 422 if (error) 423 goto err3; 424 425 d_instantiate(dst_dentry, &inode->v); 426 fsnotify_mkdir(dir, dst_dentry); 427 err3: 428 done_path_create(&dst_path, dst_dentry); 429 err2: 430 if (arg.src_ptr) 431 path_put(&src_path); 432 433 if (retry_estale(error, lookup_flags)) { 434 lookup_flags |= LOOKUP_REVAL; 435 goto retry; 436 } 437 err1: 438 up_read(&c->vfs_sb->s_umount); 439 440 return error; 441 } 442 443 static long bch2_ioctl_subvolume_create(struct bch_fs *c, struct file *filp, 444 struct bch_ioctl_subvolume arg) 445 { 446 down_write(&c->snapshot_create_lock); 447 long ret = __bch2_ioctl_subvolume_create(c, filp, arg); 448 up_write(&c->snapshot_create_lock); 449 450 return ret; 451 } 452 453 static long bch2_ioctl_subvolume_destroy(struct bch_fs *c, struct file *filp, 454 struct bch_ioctl_subvolume arg) 455 { 456 struct path path; 457 struct inode *dir; 458 int ret = 0; 459 460 if (arg.flags) 461 return -EINVAL; 462 463 ret = user_path_at(arg.dirfd, 464 (const char __user *)(unsigned long)arg.dst_ptr, 465 LOOKUP_FOLLOW, &path); 466 if (ret) 467 return ret; 468 469 if (path.dentry->d_sb->s_fs_info != c) { 470 ret = -EXDEV; 471 goto err; 472 } 473 474 dir = path.dentry->d_parent->d_inode; 475 476 ret = __bch2_unlink(dir, path.dentry, true); 477 if (ret) 478 goto err; 479 480 fsnotify_rmdir(dir, path.dentry); 481 d_delete(path.dentry); 482 err: 483 path_put(&path); 484 return ret; 485 } 486 487 long bch2_fs_file_ioctl(struct file *file, unsigned cmd, unsigned long arg) 488 { 489 struct bch_inode_info *inode = file_bch_inode(file); 490 struct bch_fs *c = inode->v.i_sb->s_fs_info; 491 long ret; 492 493 switch (cmd) { 494 case FS_IOC_GETFLAGS: 495 ret = bch2_ioc_getflags(inode, (int __user *) arg); 496 break; 497 498 case FS_IOC_SETFLAGS: 499 ret = bch2_ioc_setflags(c, file, inode, (int __user *) arg); 500 break; 501 502 case FS_IOC_FSGETXATTR: 503 ret = bch2_ioc_fsgetxattr(inode, (void __user *) arg); 504 break; 505 506 case FS_IOC_FSSETXATTR: 507 ret = bch2_ioc_fssetxattr(c, file, inode, 508 (void __user *) arg); 509 break; 510 511 case BCHFS_IOC_REINHERIT_ATTRS: 512 ret = bch2_ioc_reinherit_attrs(c, file, inode, 513 (void __user *) arg); 514 break; 515 516 case FS_IOC_GETVERSION: 517 ret = -ENOTTY; 518 break; 519 520 case FS_IOC_SETVERSION: 521 ret = -ENOTTY; 522 break; 523 524 case FS_IOC_GOINGDOWN: 525 ret = bch2_ioc_goingdown(c, (u32 __user *) arg); 526 break; 527 528 case BCH_IOCTL_SUBVOLUME_CREATE: { 529 struct bch_ioctl_subvolume i; 530 531 ret = copy_from_user(&i, (void __user *) arg, sizeof(i)) 532 ? -EFAULT 533 : bch2_ioctl_subvolume_create(c, file, i); 534 break; 535 } 536 537 case BCH_IOCTL_SUBVOLUME_DESTROY: { 538 struct bch_ioctl_subvolume i; 539 540 ret = copy_from_user(&i, (void __user *) arg, sizeof(i)) 541 ? -EFAULT 542 : bch2_ioctl_subvolume_destroy(c, file, i); 543 break; 544 } 545 546 default: 547 ret = bch2_fs_ioctl(c, cmd, (void __user *) arg); 548 break; 549 } 550 551 return bch2_err_class(ret); 552 } 553 554 #ifdef CONFIG_COMPAT 555 long bch2_compat_fs_ioctl(struct file *file, unsigned cmd, unsigned long arg) 556 { 557 /* These are just misnamed, they actually get/put from/to user an int */ 558 switch (cmd) { 559 case FS_IOC_GETFLAGS: 560 cmd = FS_IOC_GETFLAGS; 561 break; 562 case FS_IOC32_SETFLAGS: 563 cmd = FS_IOC_SETFLAGS; 564 break; 565 default: 566 return -ENOIOCTLCMD; 567 } 568 return bch2_fs_file_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); 569 } 570 #endif 571 572 #endif /* NO_BCACHEFS_FS */ 573