1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/ioctl.c 4 * 5 * Copyright (C) 1993, 1994, 1995 6 * Remy Card (card@masi.ibp.fr) 7 * Laboratoire MASI - Institut Blaise Pascal 8 * Universite Pierre et Marie Curie (Paris VI) 9 */ 10 11 #include <linux/fs.h> 12 #include <linux/capability.h> 13 #include <linux/time.h> 14 #include <linux/compat.h> 15 #include <linux/mount.h> 16 #include <linux/file.h> 17 #include <linux/quotaops.h> 18 #include <linux/uuid.h> 19 #include <linux/uaccess.h> 20 #include <linux/delay.h> 21 #include "ext4_jbd2.h" 22 #include "ext4.h" 23 #include <linux/fsmap.h> 24 #include "fsmap.h" 25 #include <trace/events/ext4.h> 26 27 /** 28 * Swap memory between @a and @b for @len bytes. 29 * 30 * @a: pointer to first memory area 31 * @b: pointer to second memory area 32 * @len: number of bytes to swap 33 * 34 */ 35 static void memswap(void *a, void *b, size_t len) 36 { 37 unsigned char *ap, *bp; 38 39 ap = (unsigned char *)a; 40 bp = (unsigned char *)b; 41 while (len-- > 0) { 42 swap(*ap, *bp); 43 ap++; 44 bp++; 45 } 46 } 47 48 /** 49 * Swap i_data and associated attributes between @inode1 and @inode2. 50 * This function is used for the primary swap between inode1 and inode2 51 * and also to revert this primary swap in case of errors. 52 * 53 * Therefore you have to make sure, that calling this method twice 54 * will revert all changes. 55 * 56 * @inode1: pointer to first inode 57 * @inode2: pointer to second inode 58 */ 59 static void swap_inode_data(struct inode *inode1, struct inode *inode2) 60 { 61 loff_t isize; 62 struct ext4_inode_info *ei1; 63 struct ext4_inode_info *ei2; 64 65 ei1 = EXT4_I(inode1); 66 ei2 = EXT4_I(inode2); 67 68 swap(inode1->i_flags, inode2->i_flags); 69 swap(inode1->i_version, inode2->i_version); 70 swap(inode1->i_blocks, inode2->i_blocks); 71 swap(inode1->i_bytes, inode2->i_bytes); 72 swap(inode1->i_atime, inode2->i_atime); 73 swap(inode1->i_mtime, inode2->i_mtime); 74 75 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data)); 76 swap(ei1->i_flags, ei2->i_flags); 77 swap(ei1->i_disksize, ei2->i_disksize); 78 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS); 79 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS); 80 81 isize = i_size_read(inode1); 82 i_size_write(inode1, i_size_read(inode2)); 83 i_size_write(inode2, isize); 84 } 85 86 /** 87 * Swap the information from the given @inode and the inode 88 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other 89 * important fields of the inodes. 90 * 91 * @sb: the super block of the filesystem 92 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO 93 * 94 */ 95 static long swap_inode_boot_loader(struct super_block *sb, 96 struct inode *inode) 97 { 98 handle_t *handle; 99 int err; 100 struct inode *inode_bl; 101 struct ext4_inode_info *ei_bl; 102 struct ext4_sb_info *sbi = EXT4_SB(sb); 103 104 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode)) 105 return -EINVAL; 106 107 if (!inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) 108 return -EPERM; 109 110 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO); 111 if (IS_ERR(inode_bl)) 112 return PTR_ERR(inode_bl); 113 ei_bl = EXT4_I(inode_bl); 114 115 filemap_flush(inode->i_mapping); 116 filemap_flush(inode_bl->i_mapping); 117 118 /* Protect orig inodes against a truncate and make sure, 119 * that only 1 swap_inode_boot_loader is running. */ 120 lock_two_nondirectories(inode, inode_bl); 121 122 truncate_inode_pages(&inode->i_data, 0); 123 truncate_inode_pages(&inode_bl->i_data, 0); 124 125 /* Wait for all existing dio workers */ 126 ext4_inode_block_unlocked_dio(inode); 127 ext4_inode_block_unlocked_dio(inode_bl); 128 inode_dio_wait(inode); 129 inode_dio_wait(inode_bl); 130 131 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2); 132 if (IS_ERR(handle)) { 133 err = -EINVAL; 134 goto journal_err_out; 135 } 136 137 /* Protect extent tree against block allocations via delalloc */ 138 ext4_double_down_write_data_sem(inode, inode_bl); 139 140 if (inode_bl->i_nlink == 0) { 141 /* this inode has never been used as a BOOT_LOADER */ 142 set_nlink(inode_bl, 1); 143 i_uid_write(inode_bl, 0); 144 i_gid_write(inode_bl, 0); 145 inode_bl->i_flags = 0; 146 ei_bl->i_flags = 0; 147 inode_bl->i_version = 1; 148 i_size_write(inode_bl, 0); 149 inode_bl->i_mode = S_IFREG; 150 if (ext4_has_feature_extents(sb)) { 151 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS); 152 ext4_ext_tree_init(handle, inode_bl); 153 } else 154 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data)); 155 } 156 157 swap_inode_data(inode, inode_bl); 158 159 inode->i_ctime = inode_bl->i_ctime = current_time(inode); 160 161 spin_lock(&sbi->s_next_gen_lock); 162 inode->i_generation = sbi->s_next_generation++; 163 inode_bl->i_generation = sbi->s_next_generation++; 164 spin_unlock(&sbi->s_next_gen_lock); 165 166 ext4_discard_preallocations(inode); 167 168 err = ext4_mark_inode_dirty(handle, inode); 169 if (err < 0) { 170 ext4_warning(inode->i_sb, 171 "couldn't mark inode #%lu dirty (err %d)", 172 inode->i_ino, err); 173 /* Revert all changes: */ 174 swap_inode_data(inode, inode_bl); 175 } else { 176 err = ext4_mark_inode_dirty(handle, inode_bl); 177 if (err < 0) { 178 ext4_warning(inode_bl->i_sb, 179 "couldn't mark inode #%lu dirty (err %d)", 180 inode_bl->i_ino, err); 181 /* Revert all changes: */ 182 swap_inode_data(inode, inode_bl); 183 ext4_mark_inode_dirty(handle, inode); 184 } 185 } 186 ext4_journal_stop(handle); 187 ext4_double_up_write_data_sem(inode, inode_bl); 188 189 journal_err_out: 190 ext4_inode_resume_unlocked_dio(inode); 191 ext4_inode_resume_unlocked_dio(inode_bl); 192 unlock_two_nondirectories(inode, inode_bl); 193 iput(inode_bl); 194 return err; 195 } 196 197 #ifdef CONFIG_EXT4_FS_ENCRYPTION 198 static int uuid_is_zero(__u8 u[16]) 199 { 200 int i; 201 202 for (i = 0; i < 16; i++) 203 if (u[i]) 204 return 0; 205 return 1; 206 } 207 #endif 208 209 static int ext4_ioctl_setflags(struct inode *inode, 210 unsigned int flags) 211 { 212 struct ext4_inode_info *ei = EXT4_I(inode); 213 handle_t *handle = NULL; 214 int err = -EPERM, migrate = 0; 215 struct ext4_iloc iloc; 216 unsigned int oldflags, mask, i; 217 unsigned int jflag; 218 219 /* Is it quota file? Do not allow user to mess with it */ 220 if (ext4_is_quota_file(inode)) 221 goto flags_out; 222 223 oldflags = ei->i_flags; 224 225 /* The JOURNAL_DATA flag is modifiable only by root */ 226 jflag = flags & EXT4_JOURNAL_DATA_FL; 227 228 /* 229 * The IMMUTABLE and APPEND_ONLY flags can only be changed by 230 * the relevant capability. 231 * 232 * This test looks nicer. Thanks to Pauline Middelink 233 */ 234 if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) { 235 if (!capable(CAP_LINUX_IMMUTABLE)) 236 goto flags_out; 237 } 238 239 /* 240 * The JOURNAL_DATA flag can only be changed by 241 * the relevant capability. 242 */ 243 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 244 if (!capable(CAP_SYS_RESOURCE)) 245 goto flags_out; 246 } 247 if ((flags ^ oldflags) & EXT4_EXTENTS_FL) 248 migrate = 1; 249 250 if (flags & EXT4_EOFBLOCKS_FL) { 251 /* we don't support adding EOFBLOCKS flag */ 252 if (!(oldflags & EXT4_EOFBLOCKS_FL)) { 253 err = -EOPNOTSUPP; 254 goto flags_out; 255 } 256 } else if (oldflags & EXT4_EOFBLOCKS_FL) { 257 err = ext4_truncate(inode); 258 if (err) 259 goto flags_out; 260 } 261 262 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 263 if (IS_ERR(handle)) { 264 err = PTR_ERR(handle); 265 goto flags_out; 266 } 267 if (IS_SYNC(inode)) 268 ext4_handle_sync(handle); 269 err = ext4_reserve_inode_write(handle, inode, &iloc); 270 if (err) 271 goto flags_err; 272 273 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) { 274 if (!(mask & EXT4_FL_USER_MODIFIABLE)) 275 continue; 276 /* These flags get special treatment later */ 277 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL) 278 continue; 279 if (mask & flags) 280 ext4_set_inode_flag(inode, i); 281 else 282 ext4_clear_inode_flag(inode, i); 283 } 284 285 ext4_set_inode_flags(inode); 286 inode->i_ctime = current_time(inode); 287 288 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 289 flags_err: 290 ext4_journal_stop(handle); 291 if (err) 292 goto flags_out; 293 294 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) 295 err = ext4_change_inode_journal_flag(inode, jflag); 296 if (err) 297 goto flags_out; 298 if (migrate) { 299 if (flags & EXT4_EXTENTS_FL) 300 err = ext4_ext_migrate(inode); 301 else 302 err = ext4_ind_migrate(inode); 303 } 304 305 flags_out: 306 return err; 307 } 308 309 #ifdef CONFIG_QUOTA 310 static int ext4_ioctl_setproject(struct file *filp, __u32 projid) 311 { 312 struct inode *inode = file_inode(filp); 313 struct super_block *sb = inode->i_sb; 314 struct ext4_inode_info *ei = EXT4_I(inode); 315 int err, rc; 316 handle_t *handle; 317 kprojid_t kprojid; 318 struct ext4_iloc iloc; 319 struct ext4_inode *raw_inode; 320 struct dquot *transfer_to[MAXQUOTAS] = { }; 321 322 if (!ext4_has_feature_project(sb)) { 323 if (projid != EXT4_DEF_PROJID) 324 return -EOPNOTSUPP; 325 else 326 return 0; 327 } 328 329 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE) 330 return -EOPNOTSUPP; 331 332 kprojid = make_kprojid(&init_user_ns, (projid_t)projid); 333 334 if (projid_eq(kprojid, EXT4_I(inode)->i_projid)) 335 return 0; 336 337 err = mnt_want_write_file(filp); 338 if (err) 339 return err; 340 341 err = -EPERM; 342 inode_lock(inode); 343 /* Is it quota file? Do not allow user to mess with it */ 344 if (ext4_is_quota_file(inode)) 345 goto out_unlock; 346 347 err = ext4_get_inode_loc(inode, &iloc); 348 if (err) 349 goto out_unlock; 350 351 raw_inode = ext4_raw_inode(&iloc); 352 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) { 353 err = ext4_expand_extra_isize(inode, 354 EXT4_SB(sb)->s_want_extra_isize, 355 &iloc); 356 if (err) 357 goto out_unlock; 358 } else { 359 brelse(iloc.bh); 360 } 361 362 dquot_initialize(inode); 363 364 handle = ext4_journal_start(inode, EXT4_HT_QUOTA, 365 EXT4_QUOTA_INIT_BLOCKS(sb) + 366 EXT4_QUOTA_DEL_BLOCKS(sb) + 3); 367 if (IS_ERR(handle)) { 368 err = PTR_ERR(handle); 369 goto out_unlock; 370 } 371 372 err = ext4_reserve_inode_write(handle, inode, &iloc); 373 if (err) 374 goto out_stop; 375 376 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid)); 377 if (!IS_ERR(transfer_to[PRJQUOTA])) { 378 379 /* __dquot_transfer() calls back ext4_get_inode_usage() which 380 * counts xattr inode references. 381 */ 382 down_read(&EXT4_I(inode)->xattr_sem); 383 err = __dquot_transfer(inode, transfer_to); 384 up_read(&EXT4_I(inode)->xattr_sem); 385 dqput(transfer_to[PRJQUOTA]); 386 if (err) 387 goto out_dirty; 388 } 389 390 EXT4_I(inode)->i_projid = kprojid; 391 inode->i_ctime = current_time(inode); 392 out_dirty: 393 rc = ext4_mark_iloc_dirty(handle, inode, &iloc); 394 if (!err) 395 err = rc; 396 out_stop: 397 ext4_journal_stop(handle); 398 out_unlock: 399 inode_unlock(inode); 400 mnt_drop_write_file(filp); 401 return err; 402 } 403 #else 404 static int ext4_ioctl_setproject(struct file *filp, __u32 projid) 405 { 406 if (projid != EXT4_DEF_PROJID) 407 return -EOPNOTSUPP; 408 return 0; 409 } 410 #endif 411 412 /* Transfer internal flags to xflags */ 413 static inline __u32 ext4_iflags_to_xflags(unsigned long iflags) 414 { 415 __u32 xflags = 0; 416 417 if (iflags & EXT4_SYNC_FL) 418 xflags |= FS_XFLAG_SYNC; 419 if (iflags & EXT4_IMMUTABLE_FL) 420 xflags |= FS_XFLAG_IMMUTABLE; 421 if (iflags & EXT4_APPEND_FL) 422 xflags |= FS_XFLAG_APPEND; 423 if (iflags & EXT4_NODUMP_FL) 424 xflags |= FS_XFLAG_NODUMP; 425 if (iflags & EXT4_NOATIME_FL) 426 xflags |= FS_XFLAG_NOATIME; 427 if (iflags & EXT4_PROJINHERIT_FL) 428 xflags |= FS_XFLAG_PROJINHERIT; 429 return xflags; 430 } 431 432 #define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \ 433 FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \ 434 FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT) 435 436 /* Transfer xflags flags to internal */ 437 static inline unsigned long ext4_xflags_to_iflags(__u32 xflags) 438 { 439 unsigned long iflags = 0; 440 441 if (xflags & FS_XFLAG_SYNC) 442 iflags |= EXT4_SYNC_FL; 443 if (xflags & FS_XFLAG_IMMUTABLE) 444 iflags |= EXT4_IMMUTABLE_FL; 445 if (xflags & FS_XFLAG_APPEND) 446 iflags |= EXT4_APPEND_FL; 447 if (xflags & FS_XFLAG_NODUMP) 448 iflags |= EXT4_NODUMP_FL; 449 if (xflags & FS_XFLAG_NOATIME) 450 iflags |= EXT4_NOATIME_FL; 451 if (xflags & FS_XFLAG_PROJINHERIT) 452 iflags |= EXT4_PROJINHERIT_FL; 453 454 return iflags; 455 } 456 457 static int ext4_shutdown(struct super_block *sb, unsigned long arg) 458 { 459 struct ext4_sb_info *sbi = EXT4_SB(sb); 460 __u32 flags; 461 462 if (!capable(CAP_SYS_ADMIN)) 463 return -EPERM; 464 465 if (get_user(flags, (__u32 __user *)arg)) 466 return -EFAULT; 467 468 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH) 469 return -EINVAL; 470 471 if (ext4_forced_shutdown(sbi)) 472 return 0; 473 474 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags); 475 476 switch (flags) { 477 case EXT4_GOING_FLAGS_DEFAULT: 478 freeze_bdev(sb->s_bdev); 479 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 480 thaw_bdev(sb->s_bdev, sb); 481 break; 482 case EXT4_GOING_FLAGS_LOGFLUSH: 483 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 484 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { 485 (void) ext4_force_commit(sb); 486 jbd2_journal_abort(sbi->s_journal, 0); 487 } 488 break; 489 case EXT4_GOING_FLAGS_NOLOGFLUSH: 490 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 491 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { 492 msleep(100); 493 jbd2_journal_abort(sbi->s_journal, 0); 494 } 495 break; 496 default: 497 return -EINVAL; 498 } 499 clear_opt(sb, DISCARD); 500 return 0; 501 } 502 503 struct getfsmap_info { 504 struct super_block *gi_sb; 505 struct fsmap_head __user *gi_data; 506 unsigned int gi_idx; 507 __u32 gi_last_flags; 508 }; 509 510 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv) 511 { 512 struct getfsmap_info *info = priv; 513 struct fsmap fm; 514 515 trace_ext4_getfsmap_mapping(info->gi_sb, xfm); 516 517 info->gi_last_flags = xfm->fmr_flags; 518 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm); 519 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm, 520 sizeof(struct fsmap))) 521 return -EFAULT; 522 523 return 0; 524 } 525 526 static int ext4_ioc_getfsmap(struct super_block *sb, 527 struct fsmap_head __user *arg) 528 { 529 struct getfsmap_info info = {0}; 530 struct ext4_fsmap_head xhead = {0}; 531 struct fsmap_head head; 532 bool aborted = false; 533 int error; 534 535 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) 536 return -EFAULT; 537 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || 538 memchr_inv(head.fmh_keys[0].fmr_reserved, 0, 539 sizeof(head.fmh_keys[0].fmr_reserved)) || 540 memchr_inv(head.fmh_keys[1].fmr_reserved, 0, 541 sizeof(head.fmh_keys[1].fmr_reserved))) 542 return -EINVAL; 543 /* 544 * ext4 doesn't report file extents at all, so the only valid 545 * file offsets are the magic ones (all zeroes or all ones). 546 */ 547 if (head.fmh_keys[0].fmr_offset || 548 (head.fmh_keys[1].fmr_offset != 0 && 549 head.fmh_keys[1].fmr_offset != -1ULL)) 550 return -EINVAL; 551 552 xhead.fmh_iflags = head.fmh_iflags; 553 xhead.fmh_count = head.fmh_count; 554 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]); 555 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]); 556 557 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]); 558 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]); 559 560 info.gi_sb = sb; 561 info.gi_data = arg; 562 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info); 563 if (error == EXT4_QUERY_RANGE_ABORT) { 564 error = 0; 565 aborted = true; 566 } else if (error) 567 return error; 568 569 /* If we didn't abort, set the "last" flag in the last fmx */ 570 if (!aborted && info.gi_idx) { 571 info.gi_last_flags |= FMR_OF_LAST; 572 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags, 573 &info.gi_last_flags, 574 sizeof(info.gi_last_flags))) 575 return -EFAULT; 576 } 577 578 /* copy back header */ 579 head.fmh_entries = xhead.fmh_entries; 580 head.fmh_oflags = xhead.fmh_oflags; 581 if (copy_to_user(arg, &head, sizeof(struct fsmap_head))) 582 return -EFAULT; 583 584 return 0; 585 } 586 587 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 588 { 589 struct inode *inode = file_inode(filp); 590 struct super_block *sb = inode->i_sb; 591 struct ext4_inode_info *ei = EXT4_I(inode); 592 unsigned int flags; 593 594 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg); 595 596 switch (cmd) { 597 case FS_IOC_GETFSMAP: 598 return ext4_ioc_getfsmap(sb, (void __user *)arg); 599 case EXT4_IOC_GETFLAGS: 600 flags = ei->i_flags & EXT4_FL_USER_VISIBLE; 601 return put_user(flags, (int __user *) arg); 602 case EXT4_IOC_SETFLAGS: { 603 int err; 604 605 if (!inode_owner_or_capable(inode)) 606 return -EACCES; 607 608 if (get_user(flags, (int __user *) arg)) 609 return -EFAULT; 610 611 if (flags & ~EXT4_FL_USER_VISIBLE) 612 return -EOPNOTSUPP; 613 /* 614 * chattr(1) grabs flags via GETFLAGS, modifies the result and 615 * passes that to SETFLAGS. So we cannot easily make SETFLAGS 616 * more restrictive than just silently masking off visible but 617 * not settable flags as we always did. 618 */ 619 flags &= EXT4_FL_USER_MODIFIABLE; 620 if (ext4_mask_flags(inode->i_mode, flags) != flags) 621 return -EOPNOTSUPP; 622 623 err = mnt_want_write_file(filp); 624 if (err) 625 return err; 626 627 inode_lock(inode); 628 err = ext4_ioctl_setflags(inode, flags); 629 inode_unlock(inode); 630 mnt_drop_write_file(filp); 631 return err; 632 } 633 case EXT4_IOC_GETVERSION: 634 case EXT4_IOC_GETVERSION_OLD: 635 return put_user(inode->i_generation, (int __user *) arg); 636 case EXT4_IOC_SETVERSION: 637 case EXT4_IOC_SETVERSION_OLD: { 638 handle_t *handle; 639 struct ext4_iloc iloc; 640 __u32 generation; 641 int err; 642 643 if (!inode_owner_or_capable(inode)) 644 return -EPERM; 645 646 if (ext4_has_metadata_csum(inode->i_sb)) { 647 ext4_warning(sb, "Setting inode version is not " 648 "supported with metadata_csum enabled."); 649 return -ENOTTY; 650 } 651 652 err = mnt_want_write_file(filp); 653 if (err) 654 return err; 655 if (get_user(generation, (int __user *) arg)) { 656 err = -EFAULT; 657 goto setversion_out; 658 } 659 660 inode_lock(inode); 661 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 662 if (IS_ERR(handle)) { 663 err = PTR_ERR(handle); 664 goto unlock_out; 665 } 666 err = ext4_reserve_inode_write(handle, inode, &iloc); 667 if (err == 0) { 668 inode->i_ctime = current_time(inode); 669 inode->i_generation = generation; 670 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 671 } 672 ext4_journal_stop(handle); 673 674 unlock_out: 675 inode_unlock(inode); 676 setversion_out: 677 mnt_drop_write_file(filp); 678 return err; 679 } 680 case EXT4_IOC_GROUP_EXTEND: { 681 ext4_fsblk_t n_blocks_count; 682 int err, err2=0; 683 684 err = ext4_resize_begin(sb); 685 if (err) 686 return err; 687 688 if (get_user(n_blocks_count, (__u32 __user *)arg)) { 689 err = -EFAULT; 690 goto group_extend_out; 691 } 692 693 if (ext4_has_feature_bigalloc(sb)) { 694 ext4_msg(sb, KERN_ERR, 695 "Online resizing not supported with bigalloc"); 696 err = -EOPNOTSUPP; 697 goto group_extend_out; 698 } 699 700 err = mnt_want_write_file(filp); 701 if (err) 702 goto group_extend_out; 703 704 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count); 705 if (EXT4_SB(sb)->s_journal) { 706 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 707 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 708 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 709 } 710 if (err == 0) 711 err = err2; 712 mnt_drop_write_file(filp); 713 group_extend_out: 714 ext4_resize_end(sb); 715 return err; 716 } 717 718 case EXT4_IOC_MOVE_EXT: { 719 struct move_extent me; 720 struct fd donor; 721 int err; 722 723 if (!(filp->f_mode & FMODE_READ) || 724 !(filp->f_mode & FMODE_WRITE)) 725 return -EBADF; 726 727 if (copy_from_user(&me, 728 (struct move_extent __user *)arg, sizeof(me))) 729 return -EFAULT; 730 me.moved_len = 0; 731 732 donor = fdget(me.donor_fd); 733 if (!donor.file) 734 return -EBADF; 735 736 if (!(donor.file->f_mode & FMODE_WRITE)) { 737 err = -EBADF; 738 goto mext_out; 739 } 740 741 if (ext4_has_feature_bigalloc(sb)) { 742 ext4_msg(sb, KERN_ERR, 743 "Online defrag not supported with bigalloc"); 744 err = -EOPNOTSUPP; 745 goto mext_out; 746 } else if (IS_DAX(inode)) { 747 ext4_msg(sb, KERN_ERR, 748 "Online defrag not supported with DAX"); 749 err = -EOPNOTSUPP; 750 goto mext_out; 751 } 752 753 err = mnt_want_write_file(filp); 754 if (err) 755 goto mext_out; 756 757 err = ext4_move_extents(filp, donor.file, me.orig_start, 758 me.donor_start, me.len, &me.moved_len); 759 mnt_drop_write_file(filp); 760 761 if (copy_to_user((struct move_extent __user *)arg, 762 &me, sizeof(me))) 763 err = -EFAULT; 764 mext_out: 765 fdput(donor); 766 return err; 767 } 768 769 case EXT4_IOC_GROUP_ADD: { 770 struct ext4_new_group_data input; 771 int err, err2=0; 772 773 err = ext4_resize_begin(sb); 774 if (err) 775 return err; 776 777 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg, 778 sizeof(input))) { 779 err = -EFAULT; 780 goto group_add_out; 781 } 782 783 if (ext4_has_feature_bigalloc(sb)) { 784 ext4_msg(sb, KERN_ERR, 785 "Online resizing not supported with bigalloc"); 786 err = -EOPNOTSUPP; 787 goto group_add_out; 788 } 789 790 err = mnt_want_write_file(filp); 791 if (err) 792 goto group_add_out; 793 794 err = ext4_group_add(sb, &input); 795 if (EXT4_SB(sb)->s_journal) { 796 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 797 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 798 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 799 } 800 if (err == 0) 801 err = err2; 802 mnt_drop_write_file(filp); 803 if (!err && ext4_has_group_desc_csum(sb) && 804 test_opt(sb, INIT_INODE_TABLE)) 805 err = ext4_register_li_request(sb, input.group); 806 group_add_out: 807 ext4_resize_end(sb); 808 return err; 809 } 810 811 case EXT4_IOC_MIGRATE: 812 { 813 int err; 814 if (!inode_owner_or_capable(inode)) 815 return -EACCES; 816 817 err = mnt_want_write_file(filp); 818 if (err) 819 return err; 820 /* 821 * inode_mutex prevent write and truncate on the file. 822 * Read still goes through. We take i_data_sem in 823 * ext4_ext_swap_inode_data before we switch the 824 * inode format to prevent read. 825 */ 826 inode_lock((inode)); 827 err = ext4_ext_migrate(inode); 828 inode_unlock((inode)); 829 mnt_drop_write_file(filp); 830 return err; 831 } 832 833 case EXT4_IOC_ALLOC_DA_BLKS: 834 { 835 int err; 836 if (!inode_owner_or_capable(inode)) 837 return -EACCES; 838 839 err = mnt_want_write_file(filp); 840 if (err) 841 return err; 842 err = ext4_alloc_da_blocks(inode); 843 mnt_drop_write_file(filp); 844 return err; 845 } 846 847 case EXT4_IOC_SWAP_BOOT: 848 { 849 int err; 850 if (!(filp->f_mode & FMODE_WRITE)) 851 return -EBADF; 852 err = mnt_want_write_file(filp); 853 if (err) 854 return err; 855 err = swap_inode_boot_loader(sb, inode); 856 mnt_drop_write_file(filp); 857 return err; 858 } 859 860 case EXT4_IOC_RESIZE_FS: { 861 ext4_fsblk_t n_blocks_count; 862 int err = 0, err2 = 0; 863 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count; 864 865 if (ext4_has_feature_bigalloc(sb)) { 866 ext4_msg(sb, KERN_ERR, 867 "Online resizing not (yet) supported with bigalloc"); 868 return -EOPNOTSUPP; 869 } 870 871 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg, 872 sizeof(__u64))) { 873 return -EFAULT; 874 } 875 876 err = ext4_resize_begin(sb); 877 if (err) 878 return err; 879 880 err = mnt_want_write_file(filp); 881 if (err) 882 goto resizefs_out; 883 884 err = ext4_resize_fs(sb, n_blocks_count); 885 if (EXT4_SB(sb)->s_journal) { 886 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 887 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 888 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 889 } 890 if (err == 0) 891 err = err2; 892 mnt_drop_write_file(filp); 893 if (!err && (o_group > EXT4_SB(sb)->s_groups_count) && 894 ext4_has_group_desc_csum(sb) && 895 test_opt(sb, INIT_INODE_TABLE)) 896 err = ext4_register_li_request(sb, o_group); 897 898 resizefs_out: 899 ext4_resize_end(sb); 900 return err; 901 } 902 903 case FITRIM: 904 { 905 struct request_queue *q = bdev_get_queue(sb->s_bdev); 906 struct fstrim_range range; 907 int ret = 0; 908 909 if (!capable(CAP_SYS_ADMIN)) 910 return -EPERM; 911 912 if (!blk_queue_discard(q)) 913 return -EOPNOTSUPP; 914 915 if (copy_from_user(&range, (struct fstrim_range __user *)arg, 916 sizeof(range))) 917 return -EFAULT; 918 919 range.minlen = max((unsigned int)range.minlen, 920 q->limits.discard_granularity); 921 ret = ext4_trim_fs(sb, &range); 922 if (ret < 0) 923 return ret; 924 925 if (copy_to_user((struct fstrim_range __user *)arg, &range, 926 sizeof(range))) 927 return -EFAULT; 928 929 return 0; 930 } 931 case EXT4_IOC_PRECACHE_EXTENTS: 932 return ext4_ext_precache(inode); 933 934 case EXT4_IOC_SET_ENCRYPTION_POLICY: 935 if (!ext4_has_feature_encrypt(sb)) 936 return -EOPNOTSUPP; 937 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg); 938 939 case EXT4_IOC_GET_ENCRYPTION_PWSALT: { 940 #ifdef CONFIG_EXT4_FS_ENCRYPTION 941 int err, err2; 942 struct ext4_sb_info *sbi = EXT4_SB(sb); 943 handle_t *handle; 944 945 if (!ext4_has_feature_encrypt(sb)) 946 return -EOPNOTSUPP; 947 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) { 948 err = mnt_want_write_file(filp); 949 if (err) 950 return err; 951 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1); 952 if (IS_ERR(handle)) { 953 err = PTR_ERR(handle); 954 goto pwsalt_err_exit; 955 } 956 err = ext4_journal_get_write_access(handle, sbi->s_sbh); 957 if (err) 958 goto pwsalt_err_journal; 959 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt); 960 err = ext4_handle_dirty_metadata(handle, NULL, 961 sbi->s_sbh); 962 pwsalt_err_journal: 963 err2 = ext4_journal_stop(handle); 964 if (err2 && !err) 965 err = err2; 966 pwsalt_err_exit: 967 mnt_drop_write_file(filp); 968 if (err) 969 return err; 970 } 971 if (copy_to_user((void __user *) arg, 972 sbi->s_es->s_encrypt_pw_salt, 16)) 973 return -EFAULT; 974 return 0; 975 #else 976 return -EOPNOTSUPP; 977 #endif 978 } 979 case EXT4_IOC_GET_ENCRYPTION_POLICY: 980 return fscrypt_ioctl_get_policy(filp, (void __user *)arg); 981 982 case EXT4_IOC_FSGETXATTR: 983 { 984 struct fsxattr fa; 985 986 memset(&fa, 0, sizeof(struct fsxattr)); 987 fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE); 988 989 if (ext4_has_feature_project(inode->i_sb)) { 990 fa.fsx_projid = (__u32)from_kprojid(&init_user_ns, 991 EXT4_I(inode)->i_projid); 992 } 993 994 if (copy_to_user((struct fsxattr __user *)arg, 995 &fa, sizeof(fa))) 996 return -EFAULT; 997 return 0; 998 } 999 case EXT4_IOC_FSSETXATTR: 1000 { 1001 struct fsxattr fa; 1002 int err; 1003 1004 if (copy_from_user(&fa, (struct fsxattr __user *)arg, 1005 sizeof(fa))) 1006 return -EFAULT; 1007 1008 /* Make sure caller has proper permission */ 1009 if (!inode_owner_or_capable(inode)) 1010 return -EACCES; 1011 1012 if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS) 1013 return -EOPNOTSUPP; 1014 1015 flags = ext4_xflags_to_iflags(fa.fsx_xflags); 1016 if (ext4_mask_flags(inode->i_mode, flags) != flags) 1017 return -EOPNOTSUPP; 1018 1019 err = mnt_want_write_file(filp); 1020 if (err) 1021 return err; 1022 1023 inode_lock(inode); 1024 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) | 1025 (flags & EXT4_FL_XFLAG_VISIBLE); 1026 err = ext4_ioctl_setflags(inode, flags); 1027 inode_unlock(inode); 1028 mnt_drop_write_file(filp); 1029 if (err) 1030 return err; 1031 1032 err = ext4_ioctl_setproject(filp, fa.fsx_projid); 1033 if (err) 1034 return err; 1035 1036 return 0; 1037 } 1038 case EXT4_IOC_SHUTDOWN: 1039 return ext4_shutdown(sb, arg); 1040 default: 1041 return -ENOTTY; 1042 } 1043 } 1044 1045 #ifdef CONFIG_COMPAT 1046 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1047 { 1048 /* These are just misnamed, they actually get/put from/to user an int */ 1049 switch (cmd) { 1050 case EXT4_IOC32_GETFLAGS: 1051 cmd = EXT4_IOC_GETFLAGS; 1052 break; 1053 case EXT4_IOC32_SETFLAGS: 1054 cmd = EXT4_IOC_SETFLAGS; 1055 break; 1056 case EXT4_IOC32_GETVERSION: 1057 cmd = EXT4_IOC_GETVERSION; 1058 break; 1059 case EXT4_IOC32_SETVERSION: 1060 cmd = EXT4_IOC_SETVERSION; 1061 break; 1062 case EXT4_IOC32_GROUP_EXTEND: 1063 cmd = EXT4_IOC_GROUP_EXTEND; 1064 break; 1065 case EXT4_IOC32_GETVERSION_OLD: 1066 cmd = EXT4_IOC_GETVERSION_OLD; 1067 break; 1068 case EXT4_IOC32_SETVERSION_OLD: 1069 cmd = EXT4_IOC_SETVERSION_OLD; 1070 break; 1071 case EXT4_IOC32_GETRSVSZ: 1072 cmd = EXT4_IOC_GETRSVSZ; 1073 break; 1074 case EXT4_IOC32_SETRSVSZ: 1075 cmd = EXT4_IOC_SETRSVSZ; 1076 break; 1077 case EXT4_IOC32_GROUP_ADD: { 1078 struct compat_ext4_new_group_input __user *uinput; 1079 struct ext4_new_group_input input; 1080 mm_segment_t old_fs; 1081 int err; 1082 1083 uinput = compat_ptr(arg); 1084 err = get_user(input.group, &uinput->group); 1085 err |= get_user(input.block_bitmap, &uinput->block_bitmap); 1086 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap); 1087 err |= get_user(input.inode_table, &uinput->inode_table); 1088 err |= get_user(input.blocks_count, &uinput->blocks_count); 1089 err |= get_user(input.reserved_blocks, 1090 &uinput->reserved_blocks); 1091 if (err) 1092 return -EFAULT; 1093 old_fs = get_fs(); 1094 set_fs(KERNEL_DS); 1095 err = ext4_ioctl(file, EXT4_IOC_GROUP_ADD, 1096 (unsigned long) &input); 1097 set_fs(old_fs); 1098 return err; 1099 } 1100 case EXT4_IOC_MOVE_EXT: 1101 case EXT4_IOC_RESIZE_FS: 1102 case EXT4_IOC_PRECACHE_EXTENTS: 1103 case EXT4_IOC_SET_ENCRYPTION_POLICY: 1104 case EXT4_IOC_GET_ENCRYPTION_PWSALT: 1105 case EXT4_IOC_GET_ENCRYPTION_POLICY: 1106 case EXT4_IOC_SHUTDOWN: 1107 case FS_IOC_GETFSMAP: 1108 break; 1109 default: 1110 return -ENOIOCTLCMD; 1111 } 1112 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); 1113 } 1114 #endif 1115