xref: /linux/fs/ext4/ioctl.c (revision 44eeab67416711db9b84610ef18c99a60415dff8) 
1 /*
2  * linux/fs/ext4/ioctl.c
3  *
4  * Copyright (C) 1993, 1994, 1995
5  * Remy Card (card@masi.ibp.fr)
6  * Laboratoire MASI - Institut Blaise Pascal
7  * Universite Pierre et Marie Curie (Paris VI)
8  */
9 
10 #include <linux/fs.h>
11 #include <linux/jbd2.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/smp_lock.h>
16 #include <linux/mount.h>
17 #include <linux/file.h>
18 #include <asm/uaccess.h>
19 #include "ext4_jbd2.h"
20 #include "ext4.h"
21 
22 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
23 {
24 	struct inode *inode = filp->f_dentry->d_inode;
25 	struct ext4_inode_info *ei = EXT4_I(inode);
26 	unsigned int flags;
27 
28 	ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
29 
30 	switch (cmd) {
31 	case EXT4_IOC_GETFLAGS:
32 		ext4_get_inode_flags(ei);
33 		flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
34 		return put_user(flags, (int __user *) arg);
35 	case EXT4_IOC_SETFLAGS: {
36 		handle_t *handle = NULL;
37 		int err, migrate = 0;
38 		struct ext4_iloc iloc;
39 		unsigned int oldflags;
40 		unsigned int jflag;
41 
42 		if (!is_owner_or_cap(inode))
43 			return -EACCES;
44 
45 		if (get_user(flags, (int __user *) arg))
46 			return -EFAULT;
47 
48 		err = mnt_want_write(filp->f_path.mnt);
49 		if (err)
50 			return err;
51 
52 		flags = ext4_mask_flags(inode->i_mode, flags);
53 
54 		err = -EPERM;
55 		mutex_lock(&inode->i_mutex);
56 		/* Is it quota file? Do not allow user to mess with it */
57 		if (IS_NOQUOTA(inode))
58 			goto flags_out;
59 
60 		oldflags = ei->i_flags;
61 
62 		/* The JOURNAL_DATA flag is modifiable only by root */
63 		jflag = flags & EXT4_JOURNAL_DATA_FL;
64 
65 		/*
66 		 * The IMMUTABLE and APPEND_ONLY flags can only be changed by
67 		 * the relevant capability.
68 		 *
69 		 * This test looks nicer. Thanks to Pauline Middelink
70 		 */
71 		if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
72 			if (!capable(CAP_LINUX_IMMUTABLE))
73 				goto flags_out;
74 		}
75 
76 		/*
77 		 * The JOURNAL_DATA flag can only be changed by
78 		 * the relevant capability.
79 		 */
80 		if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
81 			if (!capable(CAP_SYS_RESOURCE))
82 				goto flags_out;
83 		}
84 		if (oldflags & EXT4_EXTENTS_FL) {
85 			/* We don't support clearning extent flags */
86 			if (!(flags & EXT4_EXTENTS_FL)) {
87 				err = -EOPNOTSUPP;
88 				goto flags_out;
89 			}
90 		} else if (flags & EXT4_EXTENTS_FL) {
91 			/* migrate the file */
92 			migrate = 1;
93 			flags &= ~EXT4_EXTENTS_FL;
94 		}
95 
96 		handle = ext4_journal_start(inode, 1);
97 		if (IS_ERR(handle)) {
98 			err = PTR_ERR(handle);
99 			goto flags_out;
100 		}
101 		if (IS_SYNC(inode))
102 			ext4_handle_sync(handle);
103 		err = ext4_reserve_inode_write(handle, inode, &iloc);
104 		if (err)
105 			goto flags_err;
106 
107 		flags = flags & EXT4_FL_USER_MODIFIABLE;
108 		flags |= oldflags & ~EXT4_FL_USER_MODIFIABLE;
109 		ei->i_flags = flags;
110 
111 		ext4_set_inode_flags(inode);
112 		inode->i_ctime = ext4_current_time(inode);
113 
114 		err = ext4_mark_iloc_dirty(handle, inode, &iloc);
115 flags_err:
116 		ext4_journal_stop(handle);
117 		if (err)
118 			goto flags_out;
119 
120 		if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL))
121 			err = ext4_change_inode_journal_flag(inode, jflag);
122 		if (err)
123 			goto flags_out;
124 		if (migrate)
125 			err = ext4_ext_migrate(inode);
126 flags_out:
127 		mutex_unlock(&inode->i_mutex);
128 		mnt_drop_write(filp->f_path.mnt);
129 		return err;
130 	}
131 	case EXT4_IOC_GETVERSION:
132 	case EXT4_IOC_GETVERSION_OLD:
133 		return put_user(inode->i_generation, (int __user *) arg);
134 	case EXT4_IOC_SETVERSION:
135 	case EXT4_IOC_SETVERSION_OLD: {
136 		handle_t *handle;
137 		struct ext4_iloc iloc;
138 		__u32 generation;
139 		int err;
140 
141 		if (!is_owner_or_cap(inode))
142 			return -EPERM;
143 
144 		err = mnt_want_write(filp->f_path.mnt);
145 		if (err)
146 			return err;
147 		if (get_user(generation, (int __user *) arg)) {
148 			err = -EFAULT;
149 			goto setversion_out;
150 		}
151 
152 		handle = ext4_journal_start(inode, 1);
153 		if (IS_ERR(handle)) {
154 			err = PTR_ERR(handle);
155 			goto setversion_out;
156 		}
157 		err = ext4_reserve_inode_write(handle, inode, &iloc);
158 		if (err == 0) {
159 			inode->i_ctime = ext4_current_time(inode);
160 			inode->i_generation = generation;
161 			err = ext4_mark_iloc_dirty(handle, inode, &iloc);
162 		}
163 		ext4_journal_stop(handle);
164 setversion_out:
165 		mnt_drop_write(filp->f_path.mnt);
166 		return err;
167 	}
168 #ifdef CONFIG_JBD2_DEBUG
169 	case EXT4_IOC_WAIT_FOR_READONLY:
170 		/*
171 		 * This is racy - by the time we're woken up and running,
172 		 * the superblock could be released.  And the module could
173 		 * have been unloaded.  So sue me.
174 		 *
175 		 * Returns 1 if it slept, else zero.
176 		 */
177 		{
178 			struct super_block *sb = inode->i_sb;
179 			DECLARE_WAITQUEUE(wait, current);
180 			int ret = 0;
181 
182 			set_current_state(TASK_INTERRUPTIBLE);
183 			add_wait_queue(&EXT4_SB(sb)->ro_wait_queue, &wait);
184 			if (timer_pending(&EXT4_SB(sb)->turn_ro_timer)) {
185 				schedule();
186 				ret = 1;
187 			}
188 			remove_wait_queue(&EXT4_SB(sb)->ro_wait_queue, &wait);
189 			return ret;
190 		}
191 #endif
192 	case EXT4_IOC_GROUP_EXTEND: {
193 		ext4_fsblk_t n_blocks_count;
194 		struct super_block *sb = inode->i_sb;
195 		int err, err2;
196 
197 		if (!capable(CAP_SYS_RESOURCE))
198 			return -EPERM;
199 
200 		if (get_user(n_blocks_count, (__u32 __user *)arg))
201 			return -EFAULT;
202 
203 		err = mnt_want_write(filp->f_path.mnt);
204 		if (err)
205 			return err;
206 
207 		err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
208 		jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
209 		err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
210 		jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
211 		if (err == 0)
212 			err = err2;
213 		mnt_drop_write(filp->f_path.mnt);
214 
215 		return err;
216 	}
217 
218 	case EXT4_IOC_MOVE_EXT: {
219 		struct move_extent me;
220 		struct file *donor_filp;
221 		int err;
222 
223 		if (copy_from_user(&me,
224 			(struct move_extent __user *)arg, sizeof(me)))
225 			return -EFAULT;
226 
227 		donor_filp = fget(me.donor_fd);
228 		if (!donor_filp)
229 			return -EBADF;
230 
231 		if (!capable(CAP_DAC_OVERRIDE)) {
232 			if ((current->real_cred->fsuid != inode->i_uid) ||
233 				!(inode->i_mode & S_IRUSR) ||
234 				!(donor_filp->f_dentry->d_inode->i_mode &
235 				S_IRUSR)) {
236 				fput(donor_filp);
237 				return -EACCES;
238 			}
239 		}
240 
241 		err = ext4_move_extents(filp, donor_filp, me.orig_start,
242 					me.donor_start, me.len, &me.moved_len);
243 		fput(donor_filp);
244 
245 		if (!err)
246 			if (copy_to_user((struct move_extent *)arg,
247 				&me, sizeof(me)))
248 				return -EFAULT;
249 		return err;
250 	}
251 
252 	case EXT4_IOC_GROUP_ADD: {
253 		struct ext4_new_group_data input;
254 		struct super_block *sb = inode->i_sb;
255 		int err, err2;
256 
257 		if (!capable(CAP_SYS_RESOURCE))
258 			return -EPERM;
259 
260 		if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
261 				sizeof(input)))
262 			return -EFAULT;
263 
264 		err = mnt_want_write(filp->f_path.mnt);
265 		if (err)
266 			return err;
267 
268 		err = ext4_group_add(sb, &input);
269 		jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
270 		err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
271 		jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
272 		if (err == 0)
273 			err = err2;
274 		mnt_drop_write(filp->f_path.mnt);
275 
276 		return err;
277 	}
278 
279 	case EXT4_IOC_MIGRATE:
280 	{
281 		int err;
282 		if (!is_owner_or_cap(inode))
283 			return -EACCES;
284 
285 		err = mnt_want_write(filp->f_path.mnt);
286 		if (err)
287 			return err;
288 		/*
289 		 * inode_mutex prevent write and truncate on the file.
290 		 * Read still goes through. We take i_data_sem in
291 		 * ext4_ext_swap_inode_data before we switch the
292 		 * inode format to prevent read.
293 		 */
294 		mutex_lock(&(inode->i_mutex));
295 		err = ext4_ext_migrate(inode);
296 		mutex_unlock(&(inode->i_mutex));
297 		mnt_drop_write(filp->f_path.mnt);
298 		return err;
299 	}
300 
301 	case EXT4_IOC_ALLOC_DA_BLKS:
302 	{
303 		int err;
304 		if (!is_owner_or_cap(inode))
305 			return -EACCES;
306 
307 		err = mnt_want_write(filp->f_path.mnt);
308 		if (err)
309 			return err;
310 		err = ext4_alloc_da_blocks(inode);
311 		mnt_drop_write(filp->f_path.mnt);
312 		return err;
313 	}
314 
315 	default:
316 		return -ENOTTY;
317 	}
318 }
319 
320 #ifdef CONFIG_COMPAT
321 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
322 {
323 	/* These are just misnamed, they actually get/put from/to user an int */
324 	switch (cmd) {
325 	case EXT4_IOC32_GETFLAGS:
326 		cmd = EXT4_IOC_GETFLAGS;
327 		break;
328 	case EXT4_IOC32_SETFLAGS:
329 		cmd = EXT4_IOC_SETFLAGS;
330 		break;
331 	case EXT4_IOC32_GETVERSION:
332 		cmd = EXT4_IOC_GETVERSION;
333 		break;
334 	case EXT4_IOC32_SETVERSION:
335 		cmd = EXT4_IOC_SETVERSION;
336 		break;
337 	case EXT4_IOC32_GROUP_EXTEND:
338 		cmd = EXT4_IOC_GROUP_EXTEND;
339 		break;
340 	case EXT4_IOC32_GETVERSION_OLD:
341 		cmd = EXT4_IOC_GETVERSION_OLD;
342 		break;
343 	case EXT4_IOC32_SETVERSION_OLD:
344 		cmd = EXT4_IOC_SETVERSION_OLD;
345 		break;
346 #ifdef CONFIG_JBD2_DEBUG
347 	case EXT4_IOC32_WAIT_FOR_READONLY:
348 		cmd = EXT4_IOC_WAIT_FOR_READONLY;
349 		break;
350 #endif
351 	case EXT4_IOC32_GETRSVSZ:
352 		cmd = EXT4_IOC_GETRSVSZ;
353 		break;
354 	case EXT4_IOC32_SETRSVSZ:
355 		cmd = EXT4_IOC_SETRSVSZ;
356 		break;
357 	case EXT4_IOC_GROUP_ADD:
358 		break;
359 	default:
360 		return -ENOIOCTLCMD;
361 	}
362 	return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
363 }
364 #endif
365