xref: /linux/fs/ext4/ioctl.c (revision 0dd9ac63ce26ec87b080ca9c3e6efed33c23ace6) 
1 /*
2  * linux/fs/ext4/ioctl.c
3  *
4  * Copyright (C) 1993, 1994, 1995
5  * Remy Card (card@masi.ibp.fr)
6  * Laboratoire MASI - Institut Blaise Pascal
7  * Universite Pierre et Marie Curie (Paris VI)
8  */
9 
10 #include <linux/fs.h>
11 #include <linux/jbd2.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <asm/uaccess.h>
18 #include "ext4_jbd2.h"
19 #include "ext4.h"
20 
21 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
22 {
23 	struct inode *inode = filp->f_dentry->d_inode;
24 	struct ext4_inode_info *ei = EXT4_I(inode);
25 	unsigned int flags;
26 
27 	ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
28 
29 	switch (cmd) {
30 	case EXT4_IOC_GETFLAGS:
31 		ext4_get_inode_flags(ei);
32 		flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
33 		return put_user(flags, (int __user *) arg);
34 	case EXT4_IOC_SETFLAGS: {
35 		handle_t *handle = NULL;
36 		int err, migrate = 0;
37 		struct ext4_iloc iloc;
38 		unsigned int oldflags;
39 		unsigned int jflag;
40 
41 		if (!is_owner_or_cap(inode))
42 			return -EACCES;
43 
44 		if (get_user(flags, (int __user *) arg))
45 			return -EFAULT;
46 
47 		err = mnt_want_write(filp->f_path.mnt);
48 		if (err)
49 			return err;
50 
51 		flags = ext4_mask_flags(inode->i_mode, flags);
52 
53 		err = -EPERM;
54 		mutex_lock(&inode->i_mutex);
55 		/* Is it quota file? Do not allow user to mess with it */
56 		if (IS_NOQUOTA(inode))
57 			goto flags_out;
58 
59 		oldflags = ei->i_flags;
60 
61 		/* The JOURNAL_DATA flag is modifiable only by root */
62 		jflag = flags & EXT4_JOURNAL_DATA_FL;
63 
64 		/*
65 		 * The IMMUTABLE and APPEND_ONLY flags can only be changed by
66 		 * the relevant capability.
67 		 *
68 		 * This test looks nicer. Thanks to Pauline Middelink
69 		 */
70 		if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
71 			if (!capable(CAP_LINUX_IMMUTABLE))
72 				goto flags_out;
73 		}
74 
75 		/*
76 		 * The JOURNAL_DATA flag can only be changed by
77 		 * the relevant capability.
78 		 */
79 		if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
80 			if (!capable(CAP_SYS_RESOURCE))
81 				goto flags_out;
82 		}
83 		if (oldflags & EXT4_EXTENTS_FL) {
84 			/* We don't support clearning extent flags */
85 			if (!(flags & EXT4_EXTENTS_FL)) {
86 				err = -EOPNOTSUPP;
87 				goto flags_out;
88 			}
89 		} else if (flags & EXT4_EXTENTS_FL) {
90 			/* migrate the file */
91 			migrate = 1;
92 			flags &= ~EXT4_EXTENTS_FL;
93 		}
94 
95 		if (flags & EXT4_EOFBLOCKS_FL) {
96 			/* we don't support adding EOFBLOCKS flag */
97 			if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
98 				err = -EOPNOTSUPP;
99 				goto flags_out;
100 			}
101 		} else if (oldflags & EXT4_EOFBLOCKS_FL)
102 			ext4_truncate(inode);
103 
104 		handle = ext4_journal_start(inode, 1);
105 		if (IS_ERR(handle)) {
106 			err = PTR_ERR(handle);
107 			goto flags_out;
108 		}
109 		if (IS_SYNC(inode))
110 			ext4_handle_sync(handle);
111 		err = ext4_reserve_inode_write(handle, inode, &iloc);
112 		if (err)
113 			goto flags_err;
114 
115 		flags = flags & EXT4_FL_USER_MODIFIABLE;
116 		flags |= oldflags & ~EXT4_FL_USER_MODIFIABLE;
117 		ei->i_flags = flags;
118 
119 		ext4_set_inode_flags(inode);
120 		inode->i_ctime = ext4_current_time(inode);
121 
122 		err = ext4_mark_iloc_dirty(handle, inode, &iloc);
123 flags_err:
124 		ext4_journal_stop(handle);
125 		if (err)
126 			goto flags_out;
127 
128 		if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL))
129 			err = ext4_change_inode_journal_flag(inode, jflag);
130 		if (err)
131 			goto flags_out;
132 		if (migrate)
133 			err = ext4_ext_migrate(inode);
134 flags_out:
135 		mutex_unlock(&inode->i_mutex);
136 		mnt_drop_write(filp->f_path.mnt);
137 		return err;
138 	}
139 	case EXT4_IOC_GETVERSION:
140 	case EXT4_IOC_GETVERSION_OLD:
141 		return put_user(inode->i_generation, (int __user *) arg);
142 	case EXT4_IOC_SETVERSION:
143 	case EXT4_IOC_SETVERSION_OLD: {
144 		handle_t *handle;
145 		struct ext4_iloc iloc;
146 		__u32 generation;
147 		int err;
148 
149 		if (!is_owner_or_cap(inode))
150 			return -EPERM;
151 
152 		err = mnt_want_write(filp->f_path.mnt);
153 		if (err)
154 			return err;
155 		if (get_user(generation, (int __user *) arg)) {
156 			err = -EFAULT;
157 			goto setversion_out;
158 		}
159 
160 		handle = ext4_journal_start(inode, 1);
161 		if (IS_ERR(handle)) {
162 			err = PTR_ERR(handle);
163 			goto setversion_out;
164 		}
165 		err = ext4_reserve_inode_write(handle, inode, &iloc);
166 		if (err == 0) {
167 			inode->i_ctime = ext4_current_time(inode);
168 			inode->i_generation = generation;
169 			err = ext4_mark_iloc_dirty(handle, inode, &iloc);
170 		}
171 		ext4_journal_stop(handle);
172 setversion_out:
173 		mnt_drop_write(filp->f_path.mnt);
174 		return err;
175 	}
176 #ifdef CONFIG_JBD2_DEBUG
177 	case EXT4_IOC_WAIT_FOR_READONLY:
178 		/*
179 		 * This is racy - by the time we're woken up and running,
180 		 * the superblock could be released.  And the module could
181 		 * have been unloaded.  So sue me.
182 		 *
183 		 * Returns 1 if it slept, else zero.
184 		 */
185 		{
186 			struct super_block *sb = inode->i_sb;
187 			DECLARE_WAITQUEUE(wait, current);
188 			int ret = 0;
189 
190 			set_current_state(TASK_INTERRUPTIBLE);
191 			add_wait_queue(&EXT4_SB(sb)->ro_wait_queue, &wait);
192 			if (timer_pending(&EXT4_SB(sb)->turn_ro_timer)) {
193 				schedule();
194 				ret = 1;
195 			}
196 			remove_wait_queue(&EXT4_SB(sb)->ro_wait_queue, &wait);
197 			return ret;
198 		}
199 #endif
200 	case EXT4_IOC_GROUP_EXTEND: {
201 		ext4_fsblk_t n_blocks_count;
202 		struct super_block *sb = inode->i_sb;
203 		int err, err2=0;
204 
205 		if (!capable(CAP_SYS_RESOURCE))
206 			return -EPERM;
207 
208 		if (get_user(n_blocks_count, (__u32 __user *)arg))
209 			return -EFAULT;
210 
211 		err = mnt_want_write(filp->f_path.mnt);
212 		if (err)
213 			return err;
214 
215 		err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
216 		if (EXT4_SB(sb)->s_journal) {
217 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
218 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
219 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
220 		}
221 		if (err == 0)
222 			err = err2;
223 		mnt_drop_write(filp->f_path.mnt);
224 
225 		return err;
226 	}
227 
228 	case EXT4_IOC_MOVE_EXT: {
229 		struct move_extent me;
230 		struct file *donor_filp;
231 		int err;
232 
233 		if (!(filp->f_mode & FMODE_READ) ||
234 		    !(filp->f_mode & FMODE_WRITE))
235 			return -EBADF;
236 
237 		if (copy_from_user(&me,
238 			(struct move_extent __user *)arg, sizeof(me)))
239 			return -EFAULT;
240 		me.moved_len = 0;
241 
242 		donor_filp = fget(me.donor_fd);
243 		if (!donor_filp)
244 			return -EBADF;
245 
246 		if (!(donor_filp->f_mode & FMODE_WRITE)) {
247 			err = -EBADF;
248 			goto mext_out;
249 		}
250 
251 		err = mnt_want_write(filp->f_path.mnt);
252 		if (err)
253 			goto mext_out;
254 
255 		err = ext4_move_extents(filp, donor_filp, me.orig_start,
256 					me.donor_start, me.len, &me.moved_len);
257 		mnt_drop_write(filp->f_path.mnt);
258 		if (me.moved_len > 0)
259 			file_remove_suid(donor_filp);
260 
261 		if (copy_to_user((struct move_extent __user *)arg,
262 				 &me, sizeof(me)))
263 			err = -EFAULT;
264 mext_out:
265 		fput(donor_filp);
266 		return err;
267 	}
268 
269 	case EXT4_IOC_GROUP_ADD: {
270 		struct ext4_new_group_data input;
271 		struct super_block *sb = inode->i_sb;
272 		int err, err2=0;
273 
274 		if (!capable(CAP_SYS_RESOURCE))
275 			return -EPERM;
276 
277 		if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
278 				sizeof(input)))
279 			return -EFAULT;
280 
281 		err = mnt_want_write(filp->f_path.mnt);
282 		if (err)
283 			return err;
284 
285 		err = ext4_group_add(sb, &input);
286 		if (EXT4_SB(sb)->s_journal) {
287 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
288 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
289 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
290 		}
291 		if (err == 0)
292 			err = err2;
293 		mnt_drop_write(filp->f_path.mnt);
294 
295 		return err;
296 	}
297 
298 	case EXT4_IOC_MIGRATE:
299 	{
300 		int err;
301 		if (!is_owner_or_cap(inode))
302 			return -EACCES;
303 
304 		err = mnt_want_write(filp->f_path.mnt);
305 		if (err)
306 			return err;
307 		/*
308 		 * inode_mutex prevent write and truncate on the file.
309 		 * Read still goes through. We take i_data_sem in
310 		 * ext4_ext_swap_inode_data before we switch the
311 		 * inode format to prevent read.
312 		 */
313 		mutex_lock(&(inode->i_mutex));
314 		err = ext4_ext_migrate(inode);
315 		mutex_unlock(&(inode->i_mutex));
316 		mnt_drop_write(filp->f_path.mnt);
317 		return err;
318 	}
319 
320 	case EXT4_IOC_ALLOC_DA_BLKS:
321 	{
322 		int err;
323 		if (!is_owner_or_cap(inode))
324 			return -EACCES;
325 
326 		err = mnt_want_write(filp->f_path.mnt);
327 		if (err)
328 			return err;
329 		err = ext4_alloc_da_blocks(inode);
330 		mnt_drop_write(filp->f_path.mnt);
331 		return err;
332 	}
333 
334 	default:
335 		return -ENOTTY;
336 	}
337 }
338 
339 #ifdef CONFIG_COMPAT
340 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
341 {
342 	/* These are just misnamed, they actually get/put from/to user an int */
343 	switch (cmd) {
344 	case EXT4_IOC32_GETFLAGS:
345 		cmd = EXT4_IOC_GETFLAGS;
346 		break;
347 	case EXT4_IOC32_SETFLAGS:
348 		cmd = EXT4_IOC_SETFLAGS;
349 		break;
350 	case EXT4_IOC32_GETVERSION:
351 		cmd = EXT4_IOC_GETVERSION;
352 		break;
353 	case EXT4_IOC32_SETVERSION:
354 		cmd = EXT4_IOC_SETVERSION;
355 		break;
356 	case EXT4_IOC32_GROUP_EXTEND:
357 		cmd = EXT4_IOC_GROUP_EXTEND;
358 		break;
359 	case EXT4_IOC32_GETVERSION_OLD:
360 		cmd = EXT4_IOC_GETVERSION_OLD;
361 		break;
362 	case EXT4_IOC32_SETVERSION_OLD:
363 		cmd = EXT4_IOC_SETVERSION_OLD;
364 		break;
365 #ifdef CONFIG_JBD2_DEBUG
366 	case EXT4_IOC32_WAIT_FOR_READONLY:
367 		cmd = EXT4_IOC_WAIT_FOR_READONLY;
368 		break;
369 #endif
370 	case EXT4_IOC32_GETRSVSZ:
371 		cmd = EXT4_IOC_GETRSVSZ;
372 		break;
373 	case EXT4_IOC32_SETRSVSZ:
374 		cmd = EXT4_IOC_SETRSVSZ;
375 		break;
376 	case EXT4_IOC32_GROUP_ADD: {
377 		struct compat_ext4_new_group_input __user *uinput;
378 		struct ext4_new_group_input input;
379 		mm_segment_t old_fs;
380 		int err;
381 
382 		uinput = compat_ptr(arg);
383 		err = get_user(input.group, &uinput->group);
384 		err |= get_user(input.block_bitmap, &uinput->block_bitmap);
385 		err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
386 		err |= get_user(input.inode_table, &uinput->inode_table);
387 		err |= get_user(input.blocks_count, &uinput->blocks_count);
388 		err |= get_user(input.reserved_blocks,
389 				&uinput->reserved_blocks);
390 		if (err)
391 			return -EFAULT;
392 		old_fs = get_fs();
393 		set_fs(KERNEL_DS);
394 		err = ext4_ioctl(file, EXT4_IOC_GROUP_ADD,
395 				 (unsigned long) &input);
396 		set_fs(old_fs);
397 		return err;
398 	}
399 	case EXT4_IOC_MOVE_EXT:
400 		break;
401 	default:
402 		return -ENOIOCTLCMD;
403 	}
404 	return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
405 }
406 #endif
407