1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/ioctl.c 4 * 5 * Copyright (C) 1993, 1994, 1995 6 * Remy Card (card@masi.ibp.fr) 7 * Laboratoire MASI - Institut Blaise Pascal 8 * Universite Pierre et Marie Curie (Paris VI) 9 */ 10 11 #include <linux/fs.h> 12 #include <linux/capability.h> 13 #include <linux/time.h> 14 #include <linux/compat.h> 15 #include <linux/mount.h> 16 #include <linux/file.h> 17 #include <linux/quotaops.h> 18 #include <linux/random.h> 19 #include <linux/uuid.h> 20 #include <linux/uaccess.h> 21 #include <linux/delay.h> 22 #include <linux/iversion.h> 23 #include "ext4_jbd2.h" 24 #include "ext4.h" 25 #include <linux/fsmap.h> 26 #include "fsmap.h" 27 #include <trace/events/ext4.h> 28 29 /** 30 * Swap memory between @a and @b for @len bytes. 31 * 32 * @a: pointer to first memory area 33 * @b: pointer to second memory area 34 * @len: number of bytes to swap 35 * 36 */ 37 static void memswap(void *a, void *b, size_t len) 38 { 39 unsigned char *ap, *bp; 40 41 ap = (unsigned char *)a; 42 bp = (unsigned char *)b; 43 while (len-- > 0) { 44 swap(*ap, *bp); 45 ap++; 46 bp++; 47 } 48 } 49 50 /** 51 * Swap i_data and associated attributes between @inode1 and @inode2. 52 * This function is used for the primary swap between inode1 and inode2 53 * and also to revert this primary swap in case of errors. 54 * 55 * Therefore you have to make sure, that calling this method twice 56 * will revert all changes. 57 * 58 * @inode1: pointer to first inode 59 * @inode2: pointer to second inode 60 */ 61 static void swap_inode_data(struct inode *inode1, struct inode *inode2) 62 { 63 loff_t isize; 64 struct ext4_inode_info *ei1; 65 struct ext4_inode_info *ei2; 66 67 ei1 = EXT4_I(inode1); 68 ei2 = EXT4_I(inode2); 69 70 swap(inode1->i_flags, inode2->i_flags); 71 swap(inode1->i_version, inode2->i_version); 72 swap(inode1->i_blocks, inode2->i_blocks); 73 swap(inode1->i_bytes, inode2->i_bytes); 74 swap(inode1->i_atime, inode2->i_atime); 75 swap(inode1->i_mtime, inode2->i_mtime); 76 77 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data)); 78 swap(ei1->i_flags, ei2->i_flags); 79 swap(ei1->i_disksize, ei2->i_disksize); 80 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS); 81 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS); 82 83 isize = i_size_read(inode1); 84 i_size_write(inode1, i_size_read(inode2)); 85 i_size_write(inode2, isize); 86 } 87 88 /** 89 * Swap the information from the given @inode and the inode 90 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other 91 * important fields of the inodes. 92 * 93 * @sb: the super block of the filesystem 94 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO 95 * 96 */ 97 static long swap_inode_boot_loader(struct super_block *sb, 98 struct inode *inode) 99 { 100 handle_t *handle; 101 int err; 102 struct inode *inode_bl; 103 struct ext4_inode_info *ei_bl; 104 105 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode)) 106 return -EINVAL; 107 108 if (!inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) 109 return -EPERM; 110 111 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO); 112 if (IS_ERR(inode_bl)) 113 return PTR_ERR(inode_bl); 114 ei_bl = EXT4_I(inode_bl); 115 116 filemap_flush(inode->i_mapping); 117 filemap_flush(inode_bl->i_mapping); 118 119 /* Protect orig inodes against a truncate and make sure, 120 * that only 1 swap_inode_boot_loader is running. */ 121 lock_two_nondirectories(inode, inode_bl); 122 123 truncate_inode_pages(&inode->i_data, 0); 124 truncate_inode_pages(&inode_bl->i_data, 0); 125 126 /* Wait for all existing dio workers */ 127 ext4_inode_block_unlocked_dio(inode); 128 ext4_inode_block_unlocked_dio(inode_bl); 129 inode_dio_wait(inode); 130 inode_dio_wait(inode_bl); 131 132 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2); 133 if (IS_ERR(handle)) { 134 err = -EINVAL; 135 goto journal_err_out; 136 } 137 138 /* Protect extent tree against block allocations via delalloc */ 139 ext4_double_down_write_data_sem(inode, inode_bl); 140 141 if (inode_bl->i_nlink == 0) { 142 /* this inode has never been used as a BOOT_LOADER */ 143 set_nlink(inode_bl, 1); 144 i_uid_write(inode_bl, 0); 145 i_gid_write(inode_bl, 0); 146 inode_bl->i_flags = 0; 147 ei_bl->i_flags = 0; 148 inode_set_iversion(inode_bl, 1); 149 i_size_write(inode_bl, 0); 150 inode_bl->i_mode = S_IFREG; 151 if (ext4_has_feature_extents(sb)) { 152 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS); 153 ext4_ext_tree_init(handle, inode_bl); 154 } else 155 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data)); 156 } 157 158 swap_inode_data(inode, inode_bl); 159 160 inode->i_ctime = inode_bl->i_ctime = current_time(inode); 161 162 inode->i_generation = prandom_u32(); 163 inode_bl->i_generation = prandom_u32(); 164 165 ext4_discard_preallocations(inode); 166 167 err = ext4_mark_inode_dirty(handle, inode); 168 if (err < 0) { 169 ext4_warning(inode->i_sb, 170 "couldn't mark inode #%lu dirty (err %d)", 171 inode->i_ino, err); 172 /* Revert all changes: */ 173 swap_inode_data(inode, inode_bl); 174 } else { 175 err = ext4_mark_inode_dirty(handle, inode_bl); 176 if (err < 0) { 177 ext4_warning(inode_bl->i_sb, 178 "couldn't mark inode #%lu dirty (err %d)", 179 inode_bl->i_ino, err); 180 /* Revert all changes: */ 181 swap_inode_data(inode, inode_bl); 182 ext4_mark_inode_dirty(handle, inode); 183 } 184 } 185 ext4_journal_stop(handle); 186 ext4_double_up_write_data_sem(inode, inode_bl); 187 188 journal_err_out: 189 ext4_inode_resume_unlocked_dio(inode); 190 ext4_inode_resume_unlocked_dio(inode_bl); 191 unlock_two_nondirectories(inode, inode_bl); 192 iput(inode_bl); 193 return err; 194 } 195 196 #ifdef CONFIG_EXT4_FS_ENCRYPTION 197 static int uuid_is_zero(__u8 u[16]) 198 { 199 int i; 200 201 for (i = 0; i < 16; i++) 202 if (u[i]) 203 return 0; 204 return 1; 205 } 206 #endif 207 208 static int ext4_ioctl_setflags(struct inode *inode, 209 unsigned int flags) 210 { 211 struct ext4_inode_info *ei = EXT4_I(inode); 212 handle_t *handle = NULL; 213 int err = -EPERM, migrate = 0; 214 struct ext4_iloc iloc; 215 unsigned int oldflags, mask, i; 216 unsigned int jflag; 217 218 /* Is it quota file? Do not allow user to mess with it */ 219 if (ext4_is_quota_file(inode)) 220 goto flags_out; 221 222 oldflags = ei->i_flags; 223 224 /* The JOURNAL_DATA flag is modifiable only by root */ 225 jflag = flags & EXT4_JOURNAL_DATA_FL; 226 227 /* 228 * The IMMUTABLE and APPEND_ONLY flags can only be changed by 229 * the relevant capability. 230 * 231 * This test looks nicer. Thanks to Pauline Middelink 232 */ 233 if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) { 234 if (!capable(CAP_LINUX_IMMUTABLE)) 235 goto flags_out; 236 } 237 238 /* 239 * The JOURNAL_DATA flag can only be changed by 240 * the relevant capability. 241 */ 242 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 243 if (!capable(CAP_SYS_RESOURCE)) 244 goto flags_out; 245 } 246 if ((flags ^ oldflags) & EXT4_EXTENTS_FL) 247 migrate = 1; 248 249 if (flags & EXT4_EOFBLOCKS_FL) { 250 /* we don't support adding EOFBLOCKS flag */ 251 if (!(oldflags & EXT4_EOFBLOCKS_FL)) { 252 err = -EOPNOTSUPP; 253 goto flags_out; 254 } 255 } else if (oldflags & EXT4_EOFBLOCKS_FL) { 256 err = ext4_truncate(inode); 257 if (err) 258 goto flags_out; 259 } 260 261 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 262 if (IS_ERR(handle)) { 263 err = PTR_ERR(handle); 264 goto flags_out; 265 } 266 if (IS_SYNC(inode)) 267 ext4_handle_sync(handle); 268 err = ext4_reserve_inode_write(handle, inode, &iloc); 269 if (err) 270 goto flags_err; 271 272 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) { 273 if (!(mask & EXT4_FL_USER_MODIFIABLE)) 274 continue; 275 /* These flags get special treatment later */ 276 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL) 277 continue; 278 if (mask & flags) 279 ext4_set_inode_flag(inode, i); 280 else 281 ext4_clear_inode_flag(inode, i); 282 } 283 284 ext4_set_inode_flags(inode); 285 inode->i_ctime = current_time(inode); 286 287 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 288 flags_err: 289 ext4_journal_stop(handle); 290 if (err) 291 goto flags_out; 292 293 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 294 /* 295 * Changes to the journaling mode can cause unsafe changes to 296 * S_DAX if we are using the DAX mount option. 297 */ 298 if (test_opt(inode->i_sb, DAX)) { 299 err = -EBUSY; 300 goto flags_out; 301 } 302 303 err = ext4_change_inode_journal_flag(inode, jflag); 304 if (err) 305 goto flags_out; 306 } 307 if (migrate) { 308 if (flags & EXT4_EXTENTS_FL) 309 err = ext4_ext_migrate(inode); 310 else 311 err = ext4_ind_migrate(inode); 312 } 313 314 flags_out: 315 return err; 316 } 317 318 #ifdef CONFIG_QUOTA 319 static int ext4_ioctl_setproject(struct file *filp, __u32 projid) 320 { 321 struct inode *inode = file_inode(filp); 322 struct super_block *sb = inode->i_sb; 323 struct ext4_inode_info *ei = EXT4_I(inode); 324 int err, rc; 325 handle_t *handle; 326 kprojid_t kprojid; 327 struct ext4_iloc iloc; 328 struct ext4_inode *raw_inode; 329 struct dquot *transfer_to[MAXQUOTAS] = { }; 330 331 if (!ext4_has_feature_project(sb)) { 332 if (projid != EXT4_DEF_PROJID) 333 return -EOPNOTSUPP; 334 else 335 return 0; 336 } 337 338 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE) 339 return -EOPNOTSUPP; 340 341 kprojid = make_kprojid(&init_user_ns, (projid_t)projid); 342 343 if (projid_eq(kprojid, EXT4_I(inode)->i_projid)) 344 return 0; 345 346 err = mnt_want_write_file(filp); 347 if (err) 348 return err; 349 350 err = -EPERM; 351 inode_lock(inode); 352 /* Is it quota file? Do not allow user to mess with it */ 353 if (ext4_is_quota_file(inode)) 354 goto out_unlock; 355 356 err = ext4_get_inode_loc(inode, &iloc); 357 if (err) 358 goto out_unlock; 359 360 raw_inode = ext4_raw_inode(&iloc); 361 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) { 362 err = ext4_expand_extra_isize(inode, 363 EXT4_SB(sb)->s_want_extra_isize, 364 &iloc); 365 if (err) 366 goto out_unlock; 367 } else { 368 brelse(iloc.bh); 369 } 370 371 dquot_initialize(inode); 372 373 handle = ext4_journal_start(inode, EXT4_HT_QUOTA, 374 EXT4_QUOTA_INIT_BLOCKS(sb) + 375 EXT4_QUOTA_DEL_BLOCKS(sb) + 3); 376 if (IS_ERR(handle)) { 377 err = PTR_ERR(handle); 378 goto out_unlock; 379 } 380 381 err = ext4_reserve_inode_write(handle, inode, &iloc); 382 if (err) 383 goto out_stop; 384 385 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid)); 386 if (!IS_ERR(transfer_to[PRJQUOTA])) { 387 388 /* __dquot_transfer() calls back ext4_get_inode_usage() which 389 * counts xattr inode references. 390 */ 391 down_read(&EXT4_I(inode)->xattr_sem); 392 err = __dquot_transfer(inode, transfer_to); 393 up_read(&EXT4_I(inode)->xattr_sem); 394 dqput(transfer_to[PRJQUOTA]); 395 if (err) 396 goto out_dirty; 397 } 398 399 EXT4_I(inode)->i_projid = kprojid; 400 inode->i_ctime = current_time(inode); 401 out_dirty: 402 rc = ext4_mark_iloc_dirty(handle, inode, &iloc); 403 if (!err) 404 err = rc; 405 out_stop: 406 ext4_journal_stop(handle); 407 out_unlock: 408 inode_unlock(inode); 409 mnt_drop_write_file(filp); 410 return err; 411 } 412 #else 413 static int ext4_ioctl_setproject(struct file *filp, __u32 projid) 414 { 415 if (projid != EXT4_DEF_PROJID) 416 return -EOPNOTSUPP; 417 return 0; 418 } 419 #endif 420 421 /* Transfer internal flags to xflags */ 422 static inline __u32 ext4_iflags_to_xflags(unsigned long iflags) 423 { 424 __u32 xflags = 0; 425 426 if (iflags & EXT4_SYNC_FL) 427 xflags |= FS_XFLAG_SYNC; 428 if (iflags & EXT4_IMMUTABLE_FL) 429 xflags |= FS_XFLAG_IMMUTABLE; 430 if (iflags & EXT4_APPEND_FL) 431 xflags |= FS_XFLAG_APPEND; 432 if (iflags & EXT4_NODUMP_FL) 433 xflags |= FS_XFLAG_NODUMP; 434 if (iflags & EXT4_NOATIME_FL) 435 xflags |= FS_XFLAG_NOATIME; 436 if (iflags & EXT4_PROJINHERIT_FL) 437 xflags |= FS_XFLAG_PROJINHERIT; 438 return xflags; 439 } 440 441 #define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \ 442 FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \ 443 FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT) 444 445 /* Transfer xflags flags to internal */ 446 static inline unsigned long ext4_xflags_to_iflags(__u32 xflags) 447 { 448 unsigned long iflags = 0; 449 450 if (xflags & FS_XFLAG_SYNC) 451 iflags |= EXT4_SYNC_FL; 452 if (xflags & FS_XFLAG_IMMUTABLE) 453 iflags |= EXT4_IMMUTABLE_FL; 454 if (xflags & FS_XFLAG_APPEND) 455 iflags |= EXT4_APPEND_FL; 456 if (xflags & FS_XFLAG_NODUMP) 457 iflags |= EXT4_NODUMP_FL; 458 if (xflags & FS_XFLAG_NOATIME) 459 iflags |= EXT4_NOATIME_FL; 460 if (xflags & FS_XFLAG_PROJINHERIT) 461 iflags |= EXT4_PROJINHERIT_FL; 462 463 return iflags; 464 } 465 466 static int ext4_shutdown(struct super_block *sb, unsigned long arg) 467 { 468 struct ext4_sb_info *sbi = EXT4_SB(sb); 469 __u32 flags; 470 471 if (!capable(CAP_SYS_ADMIN)) 472 return -EPERM; 473 474 if (get_user(flags, (__u32 __user *)arg)) 475 return -EFAULT; 476 477 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH) 478 return -EINVAL; 479 480 if (ext4_forced_shutdown(sbi)) 481 return 0; 482 483 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags); 484 485 switch (flags) { 486 case EXT4_GOING_FLAGS_DEFAULT: 487 freeze_bdev(sb->s_bdev); 488 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 489 thaw_bdev(sb->s_bdev, sb); 490 break; 491 case EXT4_GOING_FLAGS_LOGFLUSH: 492 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 493 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { 494 (void) ext4_force_commit(sb); 495 jbd2_journal_abort(sbi->s_journal, 0); 496 } 497 break; 498 case EXT4_GOING_FLAGS_NOLOGFLUSH: 499 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 500 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { 501 msleep(100); 502 jbd2_journal_abort(sbi->s_journal, 0); 503 } 504 break; 505 default: 506 return -EINVAL; 507 } 508 clear_opt(sb, DISCARD); 509 return 0; 510 } 511 512 struct getfsmap_info { 513 struct super_block *gi_sb; 514 struct fsmap_head __user *gi_data; 515 unsigned int gi_idx; 516 __u32 gi_last_flags; 517 }; 518 519 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv) 520 { 521 struct getfsmap_info *info = priv; 522 struct fsmap fm; 523 524 trace_ext4_getfsmap_mapping(info->gi_sb, xfm); 525 526 info->gi_last_flags = xfm->fmr_flags; 527 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm); 528 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm, 529 sizeof(struct fsmap))) 530 return -EFAULT; 531 532 return 0; 533 } 534 535 static int ext4_ioc_getfsmap(struct super_block *sb, 536 struct fsmap_head __user *arg) 537 { 538 struct getfsmap_info info = {0}; 539 struct ext4_fsmap_head xhead = {0}; 540 struct fsmap_head head; 541 bool aborted = false; 542 int error; 543 544 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) 545 return -EFAULT; 546 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || 547 memchr_inv(head.fmh_keys[0].fmr_reserved, 0, 548 sizeof(head.fmh_keys[0].fmr_reserved)) || 549 memchr_inv(head.fmh_keys[1].fmr_reserved, 0, 550 sizeof(head.fmh_keys[1].fmr_reserved))) 551 return -EINVAL; 552 /* 553 * ext4 doesn't report file extents at all, so the only valid 554 * file offsets are the magic ones (all zeroes or all ones). 555 */ 556 if (head.fmh_keys[0].fmr_offset || 557 (head.fmh_keys[1].fmr_offset != 0 && 558 head.fmh_keys[1].fmr_offset != -1ULL)) 559 return -EINVAL; 560 561 xhead.fmh_iflags = head.fmh_iflags; 562 xhead.fmh_count = head.fmh_count; 563 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]); 564 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]); 565 566 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]); 567 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]); 568 569 info.gi_sb = sb; 570 info.gi_data = arg; 571 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info); 572 if (error == EXT4_QUERY_RANGE_ABORT) { 573 error = 0; 574 aborted = true; 575 } else if (error) 576 return error; 577 578 /* If we didn't abort, set the "last" flag in the last fmx */ 579 if (!aborted && info.gi_idx) { 580 info.gi_last_flags |= FMR_OF_LAST; 581 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags, 582 &info.gi_last_flags, 583 sizeof(info.gi_last_flags))) 584 return -EFAULT; 585 } 586 587 /* copy back header */ 588 head.fmh_entries = xhead.fmh_entries; 589 head.fmh_oflags = xhead.fmh_oflags; 590 if (copy_to_user(arg, &head, sizeof(struct fsmap_head))) 591 return -EFAULT; 592 593 return 0; 594 } 595 596 static long ext4_ioctl_group_add(struct file *file, 597 struct ext4_new_group_data *input) 598 { 599 struct super_block *sb = file_inode(file)->i_sb; 600 int err, err2=0; 601 602 err = ext4_resize_begin(sb); 603 if (err) 604 return err; 605 606 if (ext4_has_feature_bigalloc(sb)) { 607 ext4_msg(sb, KERN_ERR, 608 "Online resizing not supported with bigalloc"); 609 err = -EOPNOTSUPP; 610 goto group_add_out; 611 } 612 613 err = mnt_want_write_file(file); 614 if (err) 615 goto group_add_out; 616 617 err = ext4_group_add(sb, input); 618 if (EXT4_SB(sb)->s_journal) { 619 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 620 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 621 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 622 } 623 if (err == 0) 624 err = err2; 625 mnt_drop_write_file(file); 626 if (!err && ext4_has_group_desc_csum(sb) && 627 test_opt(sb, INIT_INODE_TABLE)) 628 err = ext4_register_li_request(sb, input->group); 629 group_add_out: 630 ext4_resize_end(sb); 631 return err; 632 } 633 634 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 635 { 636 struct inode *inode = file_inode(filp); 637 struct super_block *sb = inode->i_sb; 638 struct ext4_inode_info *ei = EXT4_I(inode); 639 unsigned int flags; 640 641 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg); 642 643 switch (cmd) { 644 case FS_IOC_GETFSMAP: 645 return ext4_ioc_getfsmap(sb, (void __user *)arg); 646 case EXT4_IOC_GETFLAGS: 647 flags = ei->i_flags & EXT4_FL_USER_VISIBLE; 648 return put_user(flags, (int __user *) arg); 649 case EXT4_IOC_SETFLAGS: { 650 int err; 651 652 if (!inode_owner_or_capable(inode)) 653 return -EACCES; 654 655 if (get_user(flags, (int __user *) arg)) 656 return -EFAULT; 657 658 if (flags & ~EXT4_FL_USER_VISIBLE) 659 return -EOPNOTSUPP; 660 /* 661 * chattr(1) grabs flags via GETFLAGS, modifies the result and 662 * passes that to SETFLAGS. So we cannot easily make SETFLAGS 663 * more restrictive than just silently masking off visible but 664 * not settable flags as we always did. 665 */ 666 flags &= EXT4_FL_USER_MODIFIABLE; 667 if (ext4_mask_flags(inode->i_mode, flags) != flags) 668 return -EOPNOTSUPP; 669 670 err = mnt_want_write_file(filp); 671 if (err) 672 return err; 673 674 inode_lock(inode); 675 err = ext4_ioctl_setflags(inode, flags); 676 inode_unlock(inode); 677 mnt_drop_write_file(filp); 678 return err; 679 } 680 case EXT4_IOC_GETVERSION: 681 case EXT4_IOC_GETVERSION_OLD: 682 return put_user(inode->i_generation, (int __user *) arg); 683 case EXT4_IOC_SETVERSION: 684 case EXT4_IOC_SETVERSION_OLD: { 685 handle_t *handle; 686 struct ext4_iloc iloc; 687 __u32 generation; 688 int err; 689 690 if (!inode_owner_or_capable(inode)) 691 return -EPERM; 692 693 if (ext4_has_metadata_csum(inode->i_sb)) { 694 ext4_warning(sb, "Setting inode version is not " 695 "supported with metadata_csum enabled."); 696 return -ENOTTY; 697 } 698 699 err = mnt_want_write_file(filp); 700 if (err) 701 return err; 702 if (get_user(generation, (int __user *) arg)) { 703 err = -EFAULT; 704 goto setversion_out; 705 } 706 707 inode_lock(inode); 708 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 709 if (IS_ERR(handle)) { 710 err = PTR_ERR(handle); 711 goto unlock_out; 712 } 713 err = ext4_reserve_inode_write(handle, inode, &iloc); 714 if (err == 0) { 715 inode->i_ctime = current_time(inode); 716 inode->i_generation = generation; 717 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 718 } 719 ext4_journal_stop(handle); 720 721 unlock_out: 722 inode_unlock(inode); 723 setversion_out: 724 mnt_drop_write_file(filp); 725 return err; 726 } 727 case EXT4_IOC_GROUP_EXTEND: { 728 ext4_fsblk_t n_blocks_count; 729 int err, err2=0; 730 731 err = ext4_resize_begin(sb); 732 if (err) 733 return err; 734 735 if (get_user(n_blocks_count, (__u32 __user *)arg)) { 736 err = -EFAULT; 737 goto group_extend_out; 738 } 739 740 if (ext4_has_feature_bigalloc(sb)) { 741 ext4_msg(sb, KERN_ERR, 742 "Online resizing not supported with bigalloc"); 743 err = -EOPNOTSUPP; 744 goto group_extend_out; 745 } 746 747 err = mnt_want_write_file(filp); 748 if (err) 749 goto group_extend_out; 750 751 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count); 752 if (EXT4_SB(sb)->s_journal) { 753 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 754 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 755 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 756 } 757 if (err == 0) 758 err = err2; 759 mnt_drop_write_file(filp); 760 group_extend_out: 761 ext4_resize_end(sb); 762 return err; 763 } 764 765 case EXT4_IOC_MOVE_EXT: { 766 struct move_extent me; 767 struct fd donor; 768 int err; 769 770 if (!(filp->f_mode & FMODE_READ) || 771 !(filp->f_mode & FMODE_WRITE)) 772 return -EBADF; 773 774 if (copy_from_user(&me, 775 (struct move_extent __user *)arg, sizeof(me))) 776 return -EFAULT; 777 me.moved_len = 0; 778 779 donor = fdget(me.donor_fd); 780 if (!donor.file) 781 return -EBADF; 782 783 if (!(donor.file->f_mode & FMODE_WRITE)) { 784 err = -EBADF; 785 goto mext_out; 786 } 787 788 if (ext4_has_feature_bigalloc(sb)) { 789 ext4_msg(sb, KERN_ERR, 790 "Online defrag not supported with bigalloc"); 791 err = -EOPNOTSUPP; 792 goto mext_out; 793 } else if (IS_DAX(inode)) { 794 ext4_msg(sb, KERN_ERR, 795 "Online defrag not supported with DAX"); 796 err = -EOPNOTSUPP; 797 goto mext_out; 798 } 799 800 err = mnt_want_write_file(filp); 801 if (err) 802 goto mext_out; 803 804 err = ext4_move_extents(filp, donor.file, me.orig_start, 805 me.donor_start, me.len, &me.moved_len); 806 mnt_drop_write_file(filp); 807 808 if (copy_to_user((struct move_extent __user *)arg, 809 &me, sizeof(me))) 810 err = -EFAULT; 811 mext_out: 812 fdput(donor); 813 return err; 814 } 815 816 case EXT4_IOC_GROUP_ADD: { 817 struct ext4_new_group_data input; 818 819 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg, 820 sizeof(input))) 821 return -EFAULT; 822 823 return ext4_ioctl_group_add(filp, &input); 824 } 825 826 case EXT4_IOC_MIGRATE: 827 { 828 int err; 829 if (!inode_owner_or_capable(inode)) 830 return -EACCES; 831 832 err = mnt_want_write_file(filp); 833 if (err) 834 return err; 835 /* 836 * inode_mutex prevent write and truncate on the file. 837 * Read still goes through. We take i_data_sem in 838 * ext4_ext_swap_inode_data before we switch the 839 * inode format to prevent read. 840 */ 841 inode_lock((inode)); 842 err = ext4_ext_migrate(inode); 843 inode_unlock((inode)); 844 mnt_drop_write_file(filp); 845 return err; 846 } 847 848 case EXT4_IOC_ALLOC_DA_BLKS: 849 { 850 int err; 851 if (!inode_owner_or_capable(inode)) 852 return -EACCES; 853 854 err = mnt_want_write_file(filp); 855 if (err) 856 return err; 857 err = ext4_alloc_da_blocks(inode); 858 mnt_drop_write_file(filp); 859 return err; 860 } 861 862 case EXT4_IOC_SWAP_BOOT: 863 { 864 int err; 865 if (!(filp->f_mode & FMODE_WRITE)) 866 return -EBADF; 867 err = mnt_want_write_file(filp); 868 if (err) 869 return err; 870 err = swap_inode_boot_loader(sb, inode); 871 mnt_drop_write_file(filp); 872 return err; 873 } 874 875 case EXT4_IOC_RESIZE_FS: { 876 ext4_fsblk_t n_blocks_count; 877 int err = 0, err2 = 0; 878 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count; 879 880 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg, 881 sizeof(__u64))) { 882 return -EFAULT; 883 } 884 885 err = ext4_resize_begin(sb); 886 if (err) 887 return err; 888 889 err = mnt_want_write_file(filp); 890 if (err) 891 goto resizefs_out; 892 893 err = ext4_resize_fs(sb, n_blocks_count); 894 if (EXT4_SB(sb)->s_journal) { 895 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 896 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 897 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 898 } 899 if (err == 0) 900 err = err2; 901 mnt_drop_write_file(filp); 902 if (!err && (o_group > EXT4_SB(sb)->s_groups_count) && 903 ext4_has_group_desc_csum(sb) && 904 test_opt(sb, INIT_INODE_TABLE)) 905 err = ext4_register_li_request(sb, o_group); 906 907 resizefs_out: 908 ext4_resize_end(sb); 909 return err; 910 } 911 912 case FITRIM: 913 { 914 struct request_queue *q = bdev_get_queue(sb->s_bdev); 915 struct fstrim_range range; 916 int ret = 0; 917 918 if (!capable(CAP_SYS_ADMIN)) 919 return -EPERM; 920 921 if (!blk_queue_discard(q)) 922 return -EOPNOTSUPP; 923 924 if (copy_from_user(&range, (struct fstrim_range __user *)arg, 925 sizeof(range))) 926 return -EFAULT; 927 928 range.minlen = max((unsigned int)range.minlen, 929 q->limits.discard_granularity); 930 ret = ext4_trim_fs(sb, &range); 931 if (ret < 0) 932 return ret; 933 934 if (copy_to_user((struct fstrim_range __user *)arg, &range, 935 sizeof(range))) 936 return -EFAULT; 937 938 return 0; 939 } 940 case EXT4_IOC_PRECACHE_EXTENTS: 941 return ext4_ext_precache(inode); 942 943 case EXT4_IOC_SET_ENCRYPTION_POLICY: 944 if (!ext4_has_feature_encrypt(sb)) 945 return -EOPNOTSUPP; 946 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg); 947 948 case EXT4_IOC_GET_ENCRYPTION_PWSALT: { 949 #ifdef CONFIG_EXT4_FS_ENCRYPTION 950 int err, err2; 951 struct ext4_sb_info *sbi = EXT4_SB(sb); 952 handle_t *handle; 953 954 if (!ext4_has_feature_encrypt(sb)) 955 return -EOPNOTSUPP; 956 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) { 957 err = mnt_want_write_file(filp); 958 if (err) 959 return err; 960 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1); 961 if (IS_ERR(handle)) { 962 err = PTR_ERR(handle); 963 goto pwsalt_err_exit; 964 } 965 err = ext4_journal_get_write_access(handle, sbi->s_sbh); 966 if (err) 967 goto pwsalt_err_journal; 968 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt); 969 err = ext4_handle_dirty_metadata(handle, NULL, 970 sbi->s_sbh); 971 pwsalt_err_journal: 972 err2 = ext4_journal_stop(handle); 973 if (err2 && !err) 974 err = err2; 975 pwsalt_err_exit: 976 mnt_drop_write_file(filp); 977 if (err) 978 return err; 979 } 980 if (copy_to_user((void __user *) arg, 981 sbi->s_es->s_encrypt_pw_salt, 16)) 982 return -EFAULT; 983 return 0; 984 #else 985 return -EOPNOTSUPP; 986 #endif 987 } 988 case EXT4_IOC_GET_ENCRYPTION_POLICY: 989 return fscrypt_ioctl_get_policy(filp, (void __user *)arg); 990 991 case EXT4_IOC_FSGETXATTR: 992 { 993 struct fsxattr fa; 994 995 memset(&fa, 0, sizeof(struct fsxattr)); 996 fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE); 997 998 if (ext4_has_feature_project(inode->i_sb)) { 999 fa.fsx_projid = (__u32)from_kprojid(&init_user_ns, 1000 EXT4_I(inode)->i_projid); 1001 } 1002 1003 if (copy_to_user((struct fsxattr __user *)arg, 1004 &fa, sizeof(fa))) 1005 return -EFAULT; 1006 return 0; 1007 } 1008 case EXT4_IOC_FSSETXATTR: 1009 { 1010 struct fsxattr fa; 1011 int err; 1012 1013 if (copy_from_user(&fa, (struct fsxattr __user *)arg, 1014 sizeof(fa))) 1015 return -EFAULT; 1016 1017 /* Make sure caller has proper permission */ 1018 if (!inode_owner_or_capable(inode)) 1019 return -EACCES; 1020 1021 if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS) 1022 return -EOPNOTSUPP; 1023 1024 flags = ext4_xflags_to_iflags(fa.fsx_xflags); 1025 if (ext4_mask_flags(inode->i_mode, flags) != flags) 1026 return -EOPNOTSUPP; 1027 1028 err = mnt_want_write_file(filp); 1029 if (err) 1030 return err; 1031 1032 inode_lock(inode); 1033 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) | 1034 (flags & EXT4_FL_XFLAG_VISIBLE); 1035 err = ext4_ioctl_setflags(inode, flags); 1036 inode_unlock(inode); 1037 mnt_drop_write_file(filp); 1038 if (err) 1039 return err; 1040 1041 err = ext4_ioctl_setproject(filp, fa.fsx_projid); 1042 if (err) 1043 return err; 1044 1045 return 0; 1046 } 1047 case EXT4_IOC_SHUTDOWN: 1048 return ext4_shutdown(sb, arg); 1049 default: 1050 return -ENOTTY; 1051 } 1052 } 1053 1054 #ifdef CONFIG_COMPAT 1055 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1056 { 1057 /* These are just misnamed, they actually get/put from/to user an int */ 1058 switch (cmd) { 1059 case EXT4_IOC32_GETFLAGS: 1060 cmd = EXT4_IOC_GETFLAGS; 1061 break; 1062 case EXT4_IOC32_SETFLAGS: 1063 cmd = EXT4_IOC_SETFLAGS; 1064 break; 1065 case EXT4_IOC32_GETVERSION: 1066 cmd = EXT4_IOC_GETVERSION; 1067 break; 1068 case EXT4_IOC32_SETVERSION: 1069 cmd = EXT4_IOC_SETVERSION; 1070 break; 1071 case EXT4_IOC32_GROUP_EXTEND: 1072 cmd = EXT4_IOC_GROUP_EXTEND; 1073 break; 1074 case EXT4_IOC32_GETVERSION_OLD: 1075 cmd = EXT4_IOC_GETVERSION_OLD; 1076 break; 1077 case EXT4_IOC32_SETVERSION_OLD: 1078 cmd = EXT4_IOC_SETVERSION_OLD; 1079 break; 1080 case EXT4_IOC32_GETRSVSZ: 1081 cmd = EXT4_IOC_GETRSVSZ; 1082 break; 1083 case EXT4_IOC32_SETRSVSZ: 1084 cmd = EXT4_IOC_SETRSVSZ; 1085 break; 1086 case EXT4_IOC32_GROUP_ADD: { 1087 struct compat_ext4_new_group_input __user *uinput; 1088 struct ext4_new_group_data input; 1089 int err; 1090 1091 uinput = compat_ptr(arg); 1092 err = get_user(input.group, &uinput->group); 1093 err |= get_user(input.block_bitmap, &uinput->block_bitmap); 1094 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap); 1095 err |= get_user(input.inode_table, &uinput->inode_table); 1096 err |= get_user(input.blocks_count, &uinput->blocks_count); 1097 err |= get_user(input.reserved_blocks, 1098 &uinput->reserved_blocks); 1099 if (err) 1100 return -EFAULT; 1101 return ext4_ioctl_group_add(file, &input); 1102 } 1103 case EXT4_IOC_MOVE_EXT: 1104 case EXT4_IOC_RESIZE_FS: 1105 case EXT4_IOC_PRECACHE_EXTENTS: 1106 case EXT4_IOC_SET_ENCRYPTION_POLICY: 1107 case EXT4_IOC_GET_ENCRYPTION_PWSALT: 1108 case EXT4_IOC_GET_ENCRYPTION_POLICY: 1109 case EXT4_IOC_SHUTDOWN: 1110 case FS_IOC_GETFSMAP: 1111 break; 1112 default: 1113 return -ENOIOCTLCMD; 1114 } 1115 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); 1116 } 1117 #endif 1118