1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/ioctl.c 4 * 5 * Copyright (C) 1993, 1994, 1995 6 * Remy Card (card@masi.ibp.fr) 7 * Laboratoire MASI - Institut Blaise Pascal 8 * Universite Pierre et Marie Curie (Paris VI) 9 */ 10 11 #include <linux/fs.h> 12 #include <linux/capability.h> 13 #include <linux/time.h> 14 #include <linux/compat.h> 15 #include <linux/mount.h> 16 #include <linux/file.h> 17 #include <linux/quotaops.h> 18 #include <linux/random.h> 19 #include <linux/uaccess.h> 20 #include <linux/delay.h> 21 #include <linux/iversion.h> 22 #include <linux/fileattr.h> 23 #include <linux/uuid.h> 24 #include "ext4_jbd2.h" 25 #include "ext4.h" 26 #include <linux/fsmap.h> 27 #include "fsmap.h" 28 #include <trace/events/ext4.h> 29 #include <linux/fserror.h> 30 31 typedef void ext4_update_sb_callback(struct ext4_sb_info *sbi, 32 struct ext4_super_block *es, 33 const void *arg); 34 35 /* 36 * Superblock modification callback function for changing file system 37 * label 38 */ 39 static void ext4_sb_setlabel(struct ext4_sb_info *sbi, 40 struct ext4_super_block *es, const void *arg) 41 { 42 /* Sanity check, this should never happen */ 43 BUILD_BUG_ON(sizeof(es->s_volume_name) < EXT4_LABEL_MAX); 44 45 memcpy(es->s_volume_name, (char *)arg, EXT4_LABEL_MAX); 46 } 47 48 /* 49 * Superblock modification callback function for changing file system 50 * UUID. 51 */ 52 static void ext4_sb_setuuid(struct ext4_sb_info *sbi, 53 struct ext4_super_block *es, const void *arg) 54 { 55 memcpy(es->s_uuid, (__u8 *)arg, UUID_SIZE); 56 } 57 58 static 59 int ext4_update_primary_sb(struct super_block *sb, handle_t *handle, 60 ext4_update_sb_callback func, 61 const void *arg) 62 { 63 int err = 0; 64 struct ext4_sb_info *sbi = EXT4_SB(sb); 65 struct buffer_head *bh = sbi->s_sbh; 66 struct ext4_super_block *es = sbi->s_es; 67 68 trace_ext4_update_sb(sb, bh->b_blocknr, 1); 69 70 BUFFER_TRACE(bh, "get_write_access"); 71 err = ext4_journal_get_write_access(handle, sb, 72 bh, 73 EXT4_JTR_NONE); 74 if (err) 75 goto out_err; 76 77 lock_buffer(bh); 78 func(sbi, es, arg); 79 ext4_superblock_csum_set(sb); 80 unlock_buffer(bh); 81 82 if (buffer_write_io_error(bh) || !buffer_uptodate(bh)) { 83 ext4_msg(sbi->s_sb, KERN_ERR, "previous I/O error to " 84 "superblock detected"); 85 clear_buffer_write_io_error(bh); 86 set_buffer_uptodate(bh); 87 } 88 89 err = ext4_handle_dirty_metadata(handle, NULL, bh); 90 if (err) 91 goto out_err; 92 err = sync_dirty_buffer(bh); 93 out_err: 94 ext4_std_error(sb, err); 95 return err; 96 } 97 98 /* 99 * Update one backup superblock in the group 'grp' using the callback 100 * function 'func' and argument 'arg'. If the handle is NULL the 101 * modification is not journalled. 102 * 103 * Returns: 0 when no modification was done (no superblock in the group) 104 * 1 when the modification was successful 105 * <0 on error 106 */ 107 static int ext4_update_backup_sb(struct super_block *sb, 108 handle_t *handle, ext4_group_t grp, 109 ext4_update_sb_callback func, const void *arg) 110 { 111 int err = 0; 112 ext4_fsblk_t sb_block; 113 struct buffer_head *bh; 114 unsigned long offset = 0; 115 struct ext4_super_block *es; 116 117 if (!ext4_bg_has_super(sb, grp)) 118 return 0; 119 120 /* 121 * For the group 0 there is always 1k padding, so we have 122 * either adjust offset, or sb_block depending on blocksize 123 */ 124 if (grp == 0) { 125 sb_block = 1 * EXT4_MIN_BLOCK_SIZE; 126 offset = do_div(sb_block, sb->s_blocksize); 127 } else { 128 sb_block = ext4_group_first_block_no(sb, grp); 129 offset = 0; 130 } 131 132 trace_ext4_update_sb(sb, sb_block, handle ? 1 : 0); 133 134 bh = ext4_sb_bread(sb, sb_block, 0); 135 if (IS_ERR(bh)) 136 return PTR_ERR(bh); 137 138 if (handle) { 139 BUFFER_TRACE(bh, "get_write_access"); 140 err = ext4_journal_get_write_access(handle, sb, 141 bh, 142 EXT4_JTR_NONE); 143 if (err) 144 goto out_bh; 145 } 146 147 es = (struct ext4_super_block *) (bh->b_data + offset); 148 lock_buffer(bh); 149 if (ext4_has_feature_metadata_csum(sb) && 150 es->s_checksum != ext4_superblock_csum(es)) { 151 ext4_msg(sb, KERN_ERR, "Invalid checksum for backup " 152 "superblock %llu", sb_block); 153 unlock_buffer(bh); 154 goto out_bh; 155 } 156 func(EXT4_SB(sb), es, arg); 157 if (ext4_has_feature_metadata_csum(sb)) 158 es->s_checksum = ext4_superblock_csum(es); 159 set_buffer_uptodate(bh); 160 unlock_buffer(bh); 161 162 if (handle) { 163 err = ext4_handle_dirty_metadata(handle, NULL, bh); 164 if (err) 165 goto out_bh; 166 } else { 167 BUFFER_TRACE(bh, "marking dirty"); 168 mark_buffer_dirty(bh); 169 } 170 err = sync_dirty_buffer(bh); 171 172 out_bh: 173 brelse(bh); 174 ext4_std_error(sb, err); 175 return (err) ? err : 1; 176 } 177 178 /* 179 * Update primary and backup superblocks using the provided function 180 * func and argument arg. 181 * 182 * Only the primary superblock and at most two backup superblock 183 * modifications are journalled; the rest is modified without journal. 184 * This is safe because e2fsck will re-write them if there is a problem, 185 * and we're very unlikely to ever need more than two backups. 186 */ 187 static 188 int ext4_update_superblocks_fn(struct super_block *sb, 189 ext4_update_sb_callback func, 190 const void *arg) 191 { 192 handle_t *handle; 193 ext4_group_t ngroups; 194 unsigned int three = 1; 195 unsigned int five = 5; 196 unsigned int seven = 7; 197 int err = 0, ret, i; 198 ext4_group_t grp, primary_grp; 199 struct ext4_sb_info *sbi = EXT4_SB(sb); 200 201 /* 202 * We can't update superblocks while the online resize is running 203 */ 204 if (test_and_set_bit_lock(EXT4_FLAGS_RESIZING, 205 &sbi->s_ext4_flags)) { 206 ext4_msg(sb, KERN_ERR, "Can't modify superblock while" 207 "performing online resize"); 208 return -EBUSY; 209 } 210 211 /* 212 * We're only going to update primary superblock and two 213 * backup superblocks in this transaction. 214 */ 215 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 3); 216 if (IS_ERR(handle)) { 217 err = PTR_ERR(handle); 218 goto out; 219 } 220 221 /* Update primary superblock */ 222 err = ext4_update_primary_sb(sb, handle, func, arg); 223 if (err) { 224 ext4_msg(sb, KERN_ERR, "Failed to update primary " 225 "superblock"); 226 goto out_journal; 227 } 228 229 primary_grp = ext4_get_group_number(sb, sbi->s_sbh->b_blocknr); 230 ngroups = ext4_get_groups_count(sb); 231 232 /* 233 * Update backup superblocks. We have to start from group 0 234 * because it might not be where the primary superblock is 235 * if the fs is mounted with -o sb=<backup_sb_block> 236 */ 237 i = 0; 238 grp = 0; 239 while (grp < ngroups) { 240 /* Skip primary superblock */ 241 if (grp == primary_grp) 242 goto next_grp; 243 244 ret = ext4_update_backup_sb(sb, handle, grp, func, arg); 245 if (ret < 0) { 246 /* Ignore bad checksum; try to update next sb */ 247 if (ret == -EFSBADCRC) 248 goto next_grp; 249 err = ret; 250 goto out_journal; 251 } 252 253 i += ret; 254 if (handle && i > 1) { 255 /* 256 * We're only journalling primary superblock and 257 * two backup superblocks; the rest is not 258 * journalled. 259 */ 260 err = ext4_journal_stop(handle); 261 if (err) 262 goto out; 263 handle = NULL; 264 } 265 next_grp: 266 grp = ext4_list_backups(sb, &three, &five, &seven); 267 } 268 269 out_journal: 270 if (handle) { 271 ret = ext4_journal_stop(handle); 272 if (ret && !err) 273 err = ret; 274 } 275 out: 276 clear_bit_unlock(EXT4_FLAGS_RESIZING, &sbi->s_ext4_flags); 277 smp_mb__after_atomic(); 278 return err ? err : 0; 279 } 280 281 /* 282 * Swap memory between @a and @b for @len bytes. 283 * 284 * @a: pointer to first memory area 285 * @b: pointer to second memory area 286 * @len: number of bytes to swap 287 * 288 */ 289 static void memswap(void *a, void *b, size_t len) 290 { 291 unsigned char *ap, *bp; 292 293 ap = (unsigned char *)a; 294 bp = (unsigned char *)b; 295 while (len-- > 0) { 296 swap(*ap, *bp); 297 ap++; 298 bp++; 299 } 300 } 301 302 /* 303 * Swap i_data and associated attributes between @inode1 and @inode2. 304 * This function is used for the primary swap between inode1 and inode2 305 * and also to revert this primary swap in case of errors. 306 * 307 * Therefore you have to make sure, that calling this method twice 308 * will revert all changes. 309 * 310 * @inode1: pointer to first inode 311 * @inode2: pointer to second inode 312 */ 313 static void swap_inode_data(struct inode *inode1, struct inode *inode2) 314 { 315 loff_t isize; 316 struct ext4_inode_info *ei1; 317 struct ext4_inode_info *ei2; 318 unsigned long tmp; 319 struct timespec64 ts1, ts2; 320 321 ei1 = EXT4_I(inode1); 322 ei2 = EXT4_I(inode2); 323 324 swap(inode1->i_version, inode2->i_version); 325 326 ts1 = inode_get_atime(inode1); 327 ts2 = inode_get_atime(inode2); 328 inode_set_atime_to_ts(inode1, ts2); 329 inode_set_atime_to_ts(inode2, ts1); 330 331 ts1 = inode_get_mtime(inode1); 332 ts2 = inode_get_mtime(inode2); 333 inode_set_mtime_to_ts(inode1, ts2); 334 inode_set_mtime_to_ts(inode2, ts1); 335 336 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data)); 337 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP; 338 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) | 339 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP); 340 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP); 341 swap(ei1->i_disksize, ei2->i_disksize); 342 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS); 343 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS); 344 345 isize = i_size_read(inode1); 346 i_size_write(inode1, i_size_read(inode2)); 347 i_size_write(inode2, isize); 348 } 349 350 void ext4_reset_inode_seed(struct inode *inode) 351 { 352 struct ext4_inode_info *ei = EXT4_I(inode); 353 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); 354 __le32 inum = cpu_to_le32(inode->i_ino); 355 __le32 gen = cpu_to_le32(inode->i_generation); 356 __u32 csum; 357 358 if (!ext4_has_feature_metadata_csum(inode->i_sb)) 359 return; 360 361 csum = ext4_chksum(sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum)); 362 ei->i_csum_seed = ext4_chksum(csum, (__u8 *)&gen, sizeof(gen)); 363 } 364 365 /* 366 * Swap the information from the given @inode and the inode 367 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other 368 * important fields of the inodes. 369 * 370 * @sb: the super block of the filesystem 371 * @idmap: idmap of the mount the inode was found from 372 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO 373 * 374 */ 375 static long swap_inode_boot_loader(struct super_block *sb, 376 struct mnt_idmap *idmap, 377 struct inode *inode) 378 { 379 handle_t *handle; 380 int err; 381 struct inode *inode_bl; 382 struct ext4_inode_info *ei_bl; 383 qsize_t size, size_bl, diff; 384 blkcnt_t blocks; 385 unsigned short bytes; 386 387 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, 388 EXT4_IGET_SPECIAL | EXT4_IGET_BAD); 389 if (IS_ERR(inode_bl)) 390 return PTR_ERR(inode_bl); 391 ei_bl = EXT4_I(inode_bl); 392 393 /* Protect orig inodes against a truncate and make sure, 394 * that only 1 swap_inode_boot_loader is running. */ 395 lock_two_nondirectories(inode, inode_bl); 396 397 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) || 398 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) || 399 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) || 400 ext4_has_inline_data(inode)) { 401 err = -EINVAL; 402 goto journal_err_out; 403 } 404 405 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) || 406 !inode_owner_or_capable(idmap, inode) || 407 !capable(CAP_SYS_ADMIN)) { 408 err = -EPERM; 409 goto journal_err_out; 410 } 411 412 filemap_invalidate_lock(inode->i_mapping); 413 err = filemap_write_and_wait(inode->i_mapping); 414 if (err) 415 goto err_out; 416 417 err = filemap_write_and_wait(inode_bl->i_mapping); 418 if (err) 419 goto err_out; 420 421 /* Wait for all existing dio workers */ 422 inode_dio_wait(inode); 423 inode_dio_wait(inode_bl); 424 425 truncate_inode_pages(&inode->i_data, 0); 426 truncate_inode_pages(&inode_bl->i_data, 0); 427 428 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2); 429 if (IS_ERR(handle)) { 430 err = -EINVAL; 431 goto err_out; 432 } 433 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_SWAP_BOOT, handle); 434 435 /* Protect extent tree against block allocations via delalloc */ 436 ext4_double_down_write_data_sem(inode, inode_bl); 437 438 if (is_bad_inode(inode_bl) || !S_ISREG(inode_bl->i_mode)) { 439 /* this inode has never been used as a BOOT_LOADER */ 440 set_nlink(inode_bl, 1); 441 i_uid_write(inode_bl, 0); 442 i_gid_write(inode_bl, 0); 443 inode_bl->i_flags = 0; 444 ei_bl->i_flags = 0; 445 inode_set_iversion(inode_bl, 1); 446 i_size_write(inode_bl, 0); 447 EXT4_I(inode_bl)->i_disksize = inode_bl->i_size; 448 inode_bl->i_mode = S_IFREG; 449 if (ext4_has_feature_extents(sb)) { 450 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS); 451 ext4_ext_tree_init(handle, inode_bl); 452 } else 453 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data)); 454 } 455 456 err = dquot_initialize(inode); 457 if (err) 458 goto err_out1; 459 460 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes; 461 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes; 462 diff = size - size_bl; 463 swap_inode_data(inode, inode_bl); 464 465 inode_set_ctime_current(inode); 466 inode_set_ctime_current(inode_bl); 467 inode_inc_iversion(inode); 468 469 inode->i_generation = get_random_u32(); 470 inode_bl->i_generation = get_random_u32(); 471 ext4_reset_inode_seed(inode); 472 ext4_reset_inode_seed(inode_bl); 473 474 ext4_discard_preallocations(inode); 475 476 err = ext4_mark_inode_dirty(handle, inode); 477 if (err < 0) { 478 /* No need to update quota information. */ 479 ext4_warning(inode->i_sb, 480 "couldn't mark inode #%llu dirty (err %d)", 481 inode->i_ino, err); 482 /* Revert all changes: */ 483 swap_inode_data(inode, inode_bl); 484 ext4_mark_inode_dirty(handle, inode); 485 goto err_out1; 486 } 487 488 blocks = inode_bl->i_blocks; 489 bytes = inode_bl->i_bytes; 490 inode_bl->i_blocks = inode->i_blocks; 491 inode_bl->i_bytes = inode->i_bytes; 492 err = ext4_mark_inode_dirty(handle, inode_bl); 493 if (err < 0) { 494 /* No need to update quota information. */ 495 ext4_warning(inode_bl->i_sb, 496 "couldn't mark inode #%llu dirty (err %d)", 497 inode_bl->i_ino, err); 498 goto revert; 499 } 500 501 /* Bootloader inode should not be counted into quota information. */ 502 if (diff > 0) 503 dquot_free_space(inode, diff); 504 else 505 err = dquot_alloc_space(inode, -1 * diff); 506 507 if (err < 0) { 508 revert: 509 /* Revert all changes: */ 510 inode_bl->i_blocks = blocks; 511 inode_bl->i_bytes = bytes; 512 swap_inode_data(inode, inode_bl); 513 ext4_mark_inode_dirty(handle, inode); 514 ext4_mark_inode_dirty(handle, inode_bl); 515 } 516 517 err_out1: 518 ext4_journal_stop(handle); 519 ext4_double_up_write_data_sem(inode, inode_bl); 520 521 err_out: 522 filemap_invalidate_unlock(inode->i_mapping); 523 journal_err_out: 524 unlock_two_nondirectories(inode, inode_bl); 525 iput(inode_bl); 526 return err; 527 } 528 529 /* 530 * If immutable is set and we are not clearing it, we're not allowed to change 531 * anything else in the inode. Don't error out if we're only trying to set 532 * immutable on an immutable file. 533 */ 534 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid, 535 unsigned int flags) 536 { 537 struct ext4_inode_info *ei = EXT4_I(inode); 538 unsigned int oldflags = ei->i_flags; 539 540 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL)) 541 return 0; 542 543 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL)) 544 return -EPERM; 545 if (ext4_has_feature_project(inode->i_sb) && 546 __kprojid_val(ei->i_projid) != new_projid) 547 return -EPERM; 548 549 return 0; 550 } 551 552 static void ext4_dax_dontcache(struct inode *inode, unsigned int flags) 553 { 554 struct ext4_inode_info *ei = EXT4_I(inode); 555 556 if (S_ISDIR(inode->i_mode)) 557 return; 558 559 if (test_opt2(inode->i_sb, DAX_NEVER) || 560 test_opt(inode->i_sb, DAX_ALWAYS)) 561 return; 562 563 if ((ei->i_flags ^ flags) & EXT4_DAX_FL) 564 d_mark_dontcache(inode); 565 } 566 567 static bool dax_compatible(struct inode *inode, unsigned int oldflags, 568 unsigned int flags) 569 { 570 /* Allow the DAX flag to be changed on inline directories */ 571 if (S_ISDIR(inode->i_mode)) { 572 flags &= ~EXT4_INLINE_DATA_FL; 573 oldflags &= ~EXT4_INLINE_DATA_FL; 574 } 575 576 if (flags & EXT4_DAX_FL) { 577 if ((oldflags & EXT4_DAX_MUT_EXCL) || 578 ext4_test_inode_state(inode, 579 EXT4_STATE_VERITY_IN_PROGRESS)) { 580 return false; 581 } 582 } 583 584 if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL)) 585 return false; 586 587 return true; 588 } 589 590 static int ext4_ioctl_setflags(struct inode *inode, 591 unsigned int flags) 592 { 593 struct ext4_inode_info *ei = EXT4_I(inode); 594 handle_t *handle = NULL; 595 int err = -EPERM, migrate = 0; 596 struct ext4_iloc iloc; 597 unsigned int oldflags, mask, i; 598 struct super_block *sb = inode->i_sb; 599 600 /* Is it quota file? Do not allow user to mess with it */ 601 if (ext4_is_quota_file(inode)) 602 goto flags_out; 603 604 oldflags = ei->i_flags; 605 /* 606 * The JOURNAL_DATA flag can only be changed by 607 * the relevant capability. 608 */ 609 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 610 if (!capable(CAP_SYS_RESOURCE)) 611 goto flags_out; 612 } 613 614 if (!dax_compatible(inode, oldflags, flags)) { 615 err = -EOPNOTSUPP; 616 goto flags_out; 617 } 618 619 if ((flags ^ oldflags) & EXT4_EXTENTS_FL) 620 migrate = 1; 621 622 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) { 623 if (!ext4_has_feature_casefold(sb)) { 624 err = -EOPNOTSUPP; 625 goto flags_out; 626 } 627 628 if (!S_ISDIR(inode->i_mode)) { 629 err = -ENOTDIR; 630 goto flags_out; 631 } 632 633 if (!ext4_empty_dir(inode)) { 634 err = -ENOTEMPTY; 635 goto flags_out; 636 } 637 } 638 639 /* 640 * Wait for all pending directio and then flush all the dirty pages 641 * for this file. The flush marks all the pages readonly, so any 642 * subsequent attempt to write to the file (particularly mmap pages) 643 * will come through the filesystem and fail. 644 */ 645 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) && 646 (flags & EXT4_IMMUTABLE_FL)) { 647 inode_dio_wait(inode); 648 err = filemap_write_and_wait(inode->i_mapping); 649 if (err) 650 goto flags_out; 651 } 652 653 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 654 if (IS_ERR(handle)) { 655 err = PTR_ERR(handle); 656 goto flags_out; 657 } 658 if (IS_SYNC(inode)) 659 ext4_handle_sync(handle); 660 err = ext4_reserve_inode_write(handle, inode, &iloc); 661 if (err) 662 goto flags_err; 663 664 ext4_dax_dontcache(inode, flags); 665 666 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) { 667 if (!(mask & EXT4_FL_USER_MODIFIABLE)) 668 continue; 669 /* These flags get special treatment later */ 670 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL) 671 continue; 672 if (mask & flags) 673 ext4_set_inode_flag(inode, i); 674 else 675 ext4_clear_inode_flag(inode, i); 676 } 677 678 ext4_set_inode_flags(inode, false); 679 680 inode_set_ctime_current(inode); 681 inode_inc_iversion(inode); 682 683 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 684 flags_err: 685 ext4_journal_stop(handle); 686 if (err) 687 goto flags_out; 688 689 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 690 /* 691 * Changes to the journaling mode can cause unsafe changes to 692 * S_DAX if the inode is DAX 693 */ 694 if (IS_DAX(inode)) { 695 err = -EBUSY; 696 goto flags_out; 697 } 698 699 err = ext4_change_inode_journal_flag(inode, 700 flags & EXT4_JOURNAL_DATA_FL); 701 if (err) 702 goto flags_out; 703 } 704 if (migrate) { 705 if (flags & EXT4_EXTENTS_FL) 706 err = ext4_ext_migrate(inode); 707 else 708 err = ext4_ind_migrate(inode); 709 } 710 711 flags_out: 712 return err; 713 } 714 715 #ifdef CONFIG_QUOTA 716 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid) 717 { 718 struct super_block *sb = inode->i_sb; 719 struct ext4_inode_info *ei = EXT4_I(inode); 720 int err, rc; 721 handle_t *handle; 722 kprojid_t kprojid; 723 struct ext4_iloc iloc; 724 struct ext4_inode *raw_inode; 725 struct dquot *transfer_to[MAXQUOTAS] = { }; 726 727 if (!ext4_has_feature_project(sb)) { 728 if (projid != EXT4_DEF_PROJID) 729 return -EOPNOTSUPP; 730 else 731 return 0; 732 } 733 734 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE) 735 return -EOPNOTSUPP; 736 737 kprojid = make_kprojid(&init_user_ns, (projid_t)projid); 738 739 if (projid_eq(kprojid, EXT4_I(inode)->i_projid)) 740 return 0; 741 742 err = -EPERM; 743 /* Is it quota file? Do not allow user to mess with it */ 744 if (ext4_is_quota_file(inode)) 745 return err; 746 747 err = dquot_initialize(inode); 748 if (err) 749 return err; 750 751 err = ext4_get_inode_loc(inode, &iloc); 752 if (err) 753 return err; 754 755 raw_inode = ext4_raw_inode(&iloc); 756 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) { 757 err = ext4_expand_extra_isize(inode, 758 EXT4_SB(sb)->s_want_extra_isize, 759 &iloc); 760 if (err) 761 return err; 762 } else { 763 brelse(iloc.bh); 764 } 765 766 handle = ext4_journal_start(inode, EXT4_HT_QUOTA, 767 EXT4_QUOTA_INIT_BLOCKS(sb) + 768 EXT4_QUOTA_DEL_BLOCKS(sb) + 3); 769 if (IS_ERR(handle)) 770 return PTR_ERR(handle); 771 772 err = ext4_reserve_inode_write(handle, inode, &iloc); 773 if (err) 774 goto out_stop; 775 776 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid)); 777 if (!IS_ERR(transfer_to[PRJQUOTA])) { 778 779 /* __dquot_transfer() calls back ext4_get_inode_usage() which 780 * counts xattr inode references. 781 */ 782 down_read(&EXT4_I(inode)->xattr_sem); 783 err = __dquot_transfer(inode, transfer_to); 784 up_read(&EXT4_I(inode)->xattr_sem); 785 dqput(transfer_to[PRJQUOTA]); 786 if (err) 787 goto out_dirty; 788 } 789 790 EXT4_I(inode)->i_projid = kprojid; 791 inode_set_ctime_current(inode); 792 inode_inc_iversion(inode); 793 out_dirty: 794 rc = ext4_mark_iloc_dirty(handle, inode, &iloc); 795 if (!err) 796 err = rc; 797 out_stop: 798 ext4_journal_stop(handle); 799 return err; 800 } 801 #else 802 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid) 803 { 804 if (projid != EXT4_DEF_PROJID) 805 return -EOPNOTSUPP; 806 return 0; 807 } 808 #endif 809 810 int ext4_force_shutdown(struct super_block *sb, u32 flags) 811 { 812 struct ext4_sb_info *sbi = EXT4_SB(sb); 813 int ret; 814 815 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH) 816 return -EINVAL; 817 818 if (ext4_forced_shutdown(sb)) 819 return 0; 820 821 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags); 822 trace_ext4_shutdown(sb, flags); 823 824 switch (flags) { 825 case EXT4_GOING_FLAGS_DEFAULT: 826 ret = bdev_freeze(sb->s_bdev); 827 if (ret) 828 return ret; 829 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 830 bdev_thaw(sb->s_bdev); 831 break; 832 case EXT4_GOING_FLAGS_LOGFLUSH: 833 /* 834 * Call ext4_force_commit() before setting EXT4_FLAGS_SHUTDOWN. 835 * This is because in data=ordered mode, journal commit 836 * triggers data writeback which fails if shutdown is already 837 * set, causing the journal to be aborted prematurely before 838 * the commit succeeds. 839 */ 840 (void) ext4_force_commit(sb); 841 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 842 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) 843 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 844 break; 845 case EXT4_GOING_FLAGS_NOLOGFLUSH: 846 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 847 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) 848 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 849 break; 850 default: 851 return -EINVAL; 852 } 853 clear_opt(sb, DISCARD); 854 fserror_report_shutdown(sb, GFP_KERNEL); 855 return 0; 856 } 857 858 static int ext4_ioctl_shutdown(struct super_block *sb, unsigned long arg) 859 { 860 u32 flags; 861 862 if (!capable(CAP_SYS_ADMIN)) 863 return -EPERM; 864 865 if (get_user(flags, (__u32 __user *)arg)) 866 return -EFAULT; 867 868 return ext4_force_shutdown(sb, flags); 869 } 870 871 struct getfsmap_info { 872 struct super_block *gi_sb; 873 struct fsmap_head __user *gi_data; 874 unsigned int gi_idx; 875 __u32 gi_last_flags; 876 }; 877 878 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv) 879 { 880 struct getfsmap_info *info = priv; 881 struct fsmap fm; 882 883 trace_ext4_getfsmap_mapping(info->gi_sb, xfm); 884 885 info->gi_last_flags = xfm->fmr_flags; 886 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm); 887 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm, 888 sizeof(struct fsmap))) 889 return -EFAULT; 890 891 return 0; 892 } 893 894 static int ext4_ioc_getfsmap(struct super_block *sb, 895 struct fsmap_head __user *arg) 896 { 897 struct getfsmap_info info = { NULL }; 898 struct ext4_fsmap_head xhead = {0}; 899 struct fsmap_head head; 900 bool aborted = false; 901 int error; 902 903 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) 904 return -EFAULT; 905 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || 906 memchr_inv(head.fmh_keys[0].fmr_reserved, 0, 907 sizeof(head.fmh_keys[0].fmr_reserved)) || 908 memchr_inv(head.fmh_keys[1].fmr_reserved, 0, 909 sizeof(head.fmh_keys[1].fmr_reserved))) 910 return -EINVAL; 911 /* 912 * ext4 doesn't report file extents at all, so the only valid 913 * file offsets are the magic ones (all zeroes or all ones). 914 */ 915 if (head.fmh_keys[0].fmr_offset || 916 (head.fmh_keys[1].fmr_offset != 0 && 917 head.fmh_keys[1].fmr_offset != -1ULL)) 918 return -EINVAL; 919 920 xhead.fmh_iflags = head.fmh_iflags; 921 xhead.fmh_count = head.fmh_count; 922 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]); 923 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]); 924 925 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]); 926 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]); 927 928 info.gi_sb = sb; 929 info.gi_data = arg; 930 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info); 931 if (error == EXT4_QUERY_RANGE_ABORT) 932 aborted = true; 933 else if (error) 934 return error; 935 936 /* If we didn't abort, set the "last" flag in the last fmx */ 937 if (!aborted && info.gi_idx) { 938 info.gi_last_flags |= FMR_OF_LAST; 939 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags, 940 &info.gi_last_flags, 941 sizeof(info.gi_last_flags))) 942 return -EFAULT; 943 } 944 945 /* copy back header */ 946 head.fmh_entries = xhead.fmh_entries; 947 head.fmh_oflags = xhead.fmh_oflags; 948 if (copy_to_user(arg, &head, sizeof(struct fsmap_head))) 949 return -EFAULT; 950 951 return 0; 952 } 953 954 static long ext4_ioctl_group_add(struct file *file, 955 struct ext4_new_group_data *input) 956 { 957 struct super_block *sb = file_inode(file)->i_sb; 958 int err, err2=0; 959 960 err = ext4_resize_begin(sb); 961 if (err) 962 return err; 963 964 if (ext4_has_feature_bigalloc(sb)) { 965 ext4_msg(sb, KERN_ERR, 966 "Online resizing not supported with bigalloc"); 967 err = -EOPNOTSUPP; 968 goto group_add_out; 969 } 970 971 err = mnt_want_write_file(file); 972 if (err) 973 goto group_add_out; 974 975 err = ext4_group_add(sb, input); 976 if (EXT4_SB(sb)->s_journal) { 977 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE, NULL); 978 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 979 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0); 980 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 981 } 982 if (err == 0) 983 err = err2; 984 mnt_drop_write_file(file); 985 if (!err && ext4_has_group_desc_csum(sb) && 986 test_opt(sb, INIT_INODE_TABLE)) 987 err = ext4_register_li_request(sb, input->group); 988 group_add_out: 989 err2 = ext4_resize_end(sb, false); 990 if (err == 0) 991 err = err2; 992 return err; 993 } 994 995 int ext4_fileattr_get(struct dentry *dentry, struct file_kattr *fa) 996 { 997 struct inode *inode = d_inode(dentry); 998 struct ext4_inode_info *ei = EXT4_I(inode); 999 u32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE; 1000 1001 if (S_ISREG(inode->i_mode)) 1002 flags &= ~FS_PROJINHERIT_FL; 1003 1004 fileattr_fill_flags(fa, flags); 1005 if (ext4_has_feature_project(inode->i_sb)) 1006 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid); 1007 1008 return 0; 1009 } 1010 1011 int ext4_fileattr_set(struct mnt_idmap *idmap, 1012 struct dentry *dentry, struct file_kattr *fa) 1013 { 1014 struct inode *inode = d_inode(dentry); 1015 u32 flags = fa->flags; 1016 int err = -EOPNOTSUPP; 1017 1018 if (flags & ~EXT4_FL_USER_VISIBLE) 1019 goto out; 1020 1021 /* 1022 * chattr(1) grabs flags via GETFLAGS, modifies the result and 1023 * passes that to SETFLAGS. So we cannot easily make SETFLAGS 1024 * more restrictive than just silently masking off visible but 1025 * not settable flags as we always did. 1026 */ 1027 flags &= EXT4_FL_USER_MODIFIABLE; 1028 if (ext4_mask_flags(inode->i_mode, flags) != flags) 1029 goto out; 1030 err = ext4_ioctl_check_immutable(inode, fa->fsx_projid, flags); 1031 if (err) 1032 goto out; 1033 err = ext4_ioctl_setflags(inode, flags); 1034 if (err) 1035 goto out; 1036 err = ext4_ioctl_setproject(inode, fa->fsx_projid); 1037 out: 1038 return err; 1039 } 1040 1041 /* So that the fiemap access checks can't overflow on 32 bit machines. */ 1042 #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent)) 1043 1044 static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg) 1045 { 1046 struct fiemap fiemap; 1047 struct fiemap __user *ufiemap = (struct fiemap __user *) arg; 1048 struct fiemap_extent_info fieinfo = { 0, }; 1049 struct inode *inode = file_inode(filp); 1050 int error; 1051 1052 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap))) 1053 return -EFAULT; 1054 1055 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS) 1056 return -EINVAL; 1057 1058 fieinfo.fi_flags = fiemap.fm_flags; 1059 fieinfo.fi_extents_max = fiemap.fm_extent_count; 1060 fieinfo.fi_extents_start = ufiemap->fm_extents; 1061 1062 error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start, 1063 fiemap.fm_length); 1064 fiemap.fm_flags = fieinfo.fi_flags; 1065 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped; 1066 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap))) 1067 error = -EFAULT; 1068 1069 return error; 1070 } 1071 1072 static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg) 1073 { 1074 int err = 0; 1075 __u32 flags = 0; 1076 unsigned int flush_flags = 0; 1077 struct super_block *sb = file_inode(filp)->i_sb; 1078 1079 if (copy_from_user(&flags, (__u32 __user *)arg, 1080 sizeof(__u32))) 1081 return -EFAULT; 1082 1083 if (!capable(CAP_SYS_ADMIN)) 1084 return -EPERM; 1085 1086 /* check for invalid bits set */ 1087 if ((flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) || 1088 ((flags & JBD2_JOURNAL_FLUSH_DISCARD) && 1089 (flags & JBD2_JOURNAL_FLUSH_ZEROOUT))) 1090 return -EINVAL; 1091 1092 if (!EXT4_SB(sb)->s_journal) 1093 return -ENODEV; 1094 1095 if ((flags & JBD2_JOURNAL_FLUSH_DISCARD) && 1096 !bdev_max_discard_sectors(EXT4_SB(sb)->s_journal->j_dev)) 1097 return -EOPNOTSUPP; 1098 1099 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DRY_RUN) 1100 return 0; 1101 1102 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DISCARD) 1103 flush_flags |= JBD2_JOURNAL_FLUSH_DISCARD; 1104 1105 if (flags & EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT) { 1106 flush_flags |= JBD2_JOURNAL_FLUSH_ZEROOUT; 1107 pr_info_ratelimited("warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow"); 1108 } 1109 1110 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 1111 err = jbd2_journal_flush(EXT4_SB(sb)->s_journal, flush_flags); 1112 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 1113 1114 return err; 1115 } 1116 1117 static int ext4_ioctl_setlabel(struct file *filp, const char __user *user_label) 1118 { 1119 size_t len; 1120 int ret = 0; 1121 char new_label[EXT4_LABEL_MAX + 1]; 1122 struct super_block *sb = file_inode(filp)->i_sb; 1123 1124 if (!capable(CAP_SYS_ADMIN)) 1125 return -EPERM; 1126 1127 /* 1128 * Copy the maximum length allowed for ext4 label with one more to 1129 * find the required terminating null byte in order to test the 1130 * label length. The on disk label doesn't need to be null terminated. 1131 */ 1132 if (copy_from_user(new_label, user_label, EXT4_LABEL_MAX + 1)) 1133 return -EFAULT; 1134 1135 len = strnlen(new_label, EXT4_LABEL_MAX + 1); 1136 if (len > EXT4_LABEL_MAX) 1137 return -EINVAL; 1138 1139 /* 1140 * Clear the buffer after the new label 1141 */ 1142 memset(new_label + len, 0, EXT4_LABEL_MAX - len); 1143 1144 ret = mnt_want_write_file(filp); 1145 if (ret) 1146 return ret; 1147 1148 ret = ext4_update_superblocks_fn(sb, ext4_sb_setlabel, new_label); 1149 1150 mnt_drop_write_file(filp); 1151 return ret; 1152 } 1153 1154 static int ext4_ioctl_getlabel(struct ext4_sb_info *sbi, char __user *user_label) 1155 { 1156 char label[EXT4_LABEL_MAX + 1]; 1157 1158 /* 1159 * EXT4_LABEL_MAX must always be smaller than FSLABEL_MAX because 1160 * FSLABEL_MAX must include terminating null byte, while s_volume_name 1161 * does not have to. 1162 */ 1163 BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX); 1164 1165 lock_buffer(sbi->s_sbh); 1166 memtostr_pad(label, sbi->s_es->s_volume_name); 1167 unlock_buffer(sbi->s_sbh); 1168 1169 if (copy_to_user(user_label, label, sizeof(label))) 1170 return -EFAULT; 1171 return 0; 1172 } 1173 1174 static int ext4_ioctl_getuuid(struct ext4_sb_info *sbi, 1175 struct fsuuid __user *ufsuuid) 1176 { 1177 struct fsuuid fsuuid; 1178 __u8 uuid[UUID_SIZE]; 1179 1180 if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid))) 1181 return -EFAULT; 1182 1183 if (fsuuid.fsu_len == 0) { 1184 fsuuid.fsu_len = UUID_SIZE; 1185 if (copy_to_user(&ufsuuid->fsu_len, &fsuuid.fsu_len, 1186 sizeof(fsuuid.fsu_len))) 1187 return -EFAULT; 1188 return 0; 1189 } 1190 1191 if (fsuuid.fsu_len < UUID_SIZE || fsuuid.fsu_flags != 0) 1192 return -EINVAL; 1193 1194 lock_buffer(sbi->s_sbh); 1195 memcpy(uuid, sbi->s_es->s_uuid, UUID_SIZE); 1196 unlock_buffer(sbi->s_sbh); 1197 1198 fsuuid.fsu_len = UUID_SIZE; 1199 if (copy_to_user(ufsuuid, &fsuuid, sizeof(fsuuid)) || 1200 copy_to_user(&ufsuuid->fsu_uuid[0], uuid, UUID_SIZE)) 1201 return -EFAULT; 1202 return 0; 1203 } 1204 1205 static int ext4_ioctl_setuuid(struct file *filp, 1206 const struct fsuuid __user *ufsuuid) 1207 { 1208 int ret = 0; 1209 struct super_block *sb = file_inode(filp)->i_sb; 1210 struct fsuuid fsuuid; 1211 __u8 uuid[UUID_SIZE]; 1212 1213 if (!capable(CAP_SYS_ADMIN)) 1214 return -EPERM; 1215 1216 /* 1217 * If any checksums (group descriptors or metadata) are being used 1218 * then the checksum seed feature is required to change the UUID. 1219 */ 1220 if (((ext4_has_feature_gdt_csum(sb) || 1221 ext4_has_feature_metadata_csum(sb)) 1222 && !ext4_has_feature_csum_seed(sb)) 1223 || ext4_has_feature_stable_inodes(sb)) 1224 return -EOPNOTSUPP; 1225 1226 if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid))) 1227 return -EFAULT; 1228 1229 if (fsuuid.fsu_len != UUID_SIZE || fsuuid.fsu_flags != 0) 1230 return -EINVAL; 1231 1232 if (copy_from_user(uuid, &ufsuuid->fsu_uuid[0], UUID_SIZE)) 1233 return -EFAULT; 1234 1235 ret = mnt_want_write_file(filp); 1236 if (ret) 1237 return ret; 1238 1239 ret = ext4_update_superblocks_fn(sb, ext4_sb_setuuid, &uuid); 1240 mnt_drop_write_file(filp); 1241 1242 return ret; 1243 } 1244 1245 1246 #define TUNE_OPS_SUPPORTED (EXT4_TUNE_FL_ERRORS_BEHAVIOR | \ 1247 EXT4_TUNE_FL_MNT_COUNT | EXT4_TUNE_FL_MAX_MNT_COUNT | \ 1248 EXT4_TUNE_FL_CHECKINTRVAL | EXT4_TUNE_FL_LAST_CHECK_TIME | \ 1249 EXT4_TUNE_FL_RESERVED_BLOCKS | EXT4_TUNE_FL_RESERVED_UID | \ 1250 EXT4_TUNE_FL_RESERVED_GID | EXT4_TUNE_FL_DEFAULT_MNT_OPTS | \ 1251 EXT4_TUNE_FL_DEF_HASH_ALG | EXT4_TUNE_FL_RAID_STRIDE | \ 1252 EXT4_TUNE_FL_RAID_STRIPE_WIDTH | EXT4_TUNE_FL_MOUNT_OPTS | \ 1253 EXT4_TUNE_FL_FEATURES | EXT4_TUNE_FL_EDIT_FEATURES | \ 1254 EXT4_TUNE_FL_FORCE_FSCK | EXT4_TUNE_FL_ENCODING | \ 1255 EXT4_TUNE_FL_ENCODING_FLAGS) 1256 1257 #define EXT4_TUNE_SET_COMPAT_SUPP \ 1258 (EXT4_FEATURE_COMPAT_DIR_INDEX | \ 1259 EXT4_FEATURE_COMPAT_STABLE_INODES) 1260 #define EXT4_TUNE_SET_INCOMPAT_SUPP \ 1261 (EXT4_FEATURE_INCOMPAT_EXTENTS | \ 1262 EXT4_FEATURE_INCOMPAT_EA_INODE | \ 1263 EXT4_FEATURE_INCOMPAT_ENCRYPT | \ 1264 EXT4_FEATURE_INCOMPAT_CSUM_SEED | \ 1265 EXT4_FEATURE_INCOMPAT_LARGEDIR | \ 1266 EXT4_FEATURE_INCOMPAT_CASEFOLD) 1267 #define EXT4_TUNE_SET_RO_COMPAT_SUPP \ 1268 (EXT4_FEATURE_RO_COMPAT_LARGE_FILE | \ 1269 EXT4_FEATURE_RO_COMPAT_DIR_NLINK | \ 1270 EXT4_FEATURE_RO_COMPAT_EXTRA_ISIZE | \ 1271 EXT4_FEATURE_RO_COMPAT_PROJECT | \ 1272 EXT4_FEATURE_RO_COMPAT_VERITY) 1273 1274 #define EXT4_TUNE_CLEAR_COMPAT_SUPP (0) 1275 #define EXT4_TUNE_CLEAR_INCOMPAT_SUPP (0) 1276 #define EXT4_TUNE_CLEAR_RO_COMPAT_SUPP (0) 1277 1278 #define SB_ENC_SUPP_MASK (SB_ENC_STRICT_MODE_FL | \ 1279 SB_ENC_NO_COMPAT_FALLBACK_FL) 1280 1281 static int ext4_ioctl_get_tune_sb(struct ext4_sb_info *sbi, 1282 struct ext4_tune_sb_params __user *params) 1283 { 1284 struct ext4_tune_sb_params ret; 1285 struct ext4_super_block *es = sbi->s_es; 1286 1287 memset(&ret, 0, sizeof(ret)); 1288 ret.set_flags = TUNE_OPS_SUPPORTED; 1289 ret.errors_behavior = le16_to_cpu(es->s_errors); 1290 ret.mnt_count = le16_to_cpu(es->s_mnt_count); 1291 ret.max_mnt_count = le16_to_cpu(es->s_max_mnt_count); 1292 ret.checkinterval = le32_to_cpu(es->s_checkinterval); 1293 ret.last_check_time = le32_to_cpu(es->s_lastcheck); 1294 ret.reserved_blocks = ext4_r_blocks_count(es); 1295 ret.blocks_count = ext4_blocks_count(es); 1296 ret.reserved_uid = ext4_get_resuid(es); 1297 ret.reserved_gid = ext4_get_resgid(es); 1298 ret.default_mnt_opts = le32_to_cpu(es->s_default_mount_opts); 1299 ret.def_hash_alg = es->s_def_hash_version; 1300 ret.raid_stride = le16_to_cpu(es->s_raid_stride); 1301 ret.raid_stripe_width = le32_to_cpu(es->s_raid_stripe_width); 1302 ret.encoding = le16_to_cpu(es->s_encoding); 1303 ret.encoding_flags = le16_to_cpu(es->s_encoding_flags); 1304 strscpy_pad(ret.mount_opts, es->s_mount_opts); 1305 ret.feature_compat = le32_to_cpu(es->s_feature_compat); 1306 ret.feature_incompat = le32_to_cpu(es->s_feature_incompat); 1307 ret.feature_ro_compat = le32_to_cpu(es->s_feature_ro_compat); 1308 ret.set_feature_compat_mask = EXT4_TUNE_SET_COMPAT_SUPP; 1309 ret.set_feature_incompat_mask = EXT4_TUNE_SET_INCOMPAT_SUPP; 1310 ret.set_feature_ro_compat_mask = EXT4_TUNE_SET_RO_COMPAT_SUPP; 1311 ret.clear_feature_compat_mask = EXT4_TUNE_CLEAR_COMPAT_SUPP; 1312 ret.clear_feature_incompat_mask = EXT4_TUNE_CLEAR_INCOMPAT_SUPP; 1313 ret.clear_feature_ro_compat_mask = EXT4_TUNE_CLEAR_RO_COMPAT_SUPP; 1314 if (copy_to_user(params, &ret, sizeof(ret))) 1315 return -EFAULT; 1316 return 0; 1317 } 1318 1319 static void ext4_sb_setparams(struct ext4_sb_info *sbi, 1320 struct ext4_super_block *es, const void *arg) 1321 { 1322 const struct ext4_tune_sb_params *params = arg; 1323 1324 if (params->set_flags & EXT4_TUNE_FL_ERRORS_BEHAVIOR) 1325 es->s_errors = cpu_to_le16(params->errors_behavior); 1326 if (params->set_flags & EXT4_TUNE_FL_MNT_COUNT) 1327 es->s_mnt_count = cpu_to_le16(params->mnt_count); 1328 if (params->set_flags & EXT4_TUNE_FL_MAX_MNT_COUNT) 1329 es->s_max_mnt_count = cpu_to_le16(params->max_mnt_count); 1330 if (params->set_flags & EXT4_TUNE_FL_CHECKINTRVAL) 1331 es->s_checkinterval = cpu_to_le32(params->checkinterval); 1332 if (params->set_flags & EXT4_TUNE_FL_LAST_CHECK_TIME) 1333 es->s_lastcheck = cpu_to_le32(params->last_check_time); 1334 if (params->set_flags & EXT4_TUNE_FL_RESERVED_BLOCKS) { 1335 ext4_fsblk_t blk = params->reserved_blocks; 1336 1337 es->s_r_blocks_count_lo = cpu_to_le32((u32)blk); 1338 es->s_r_blocks_count_hi = cpu_to_le32(blk >> 32); 1339 } 1340 if (params->set_flags & EXT4_TUNE_FL_RESERVED_UID) { 1341 int uid = params->reserved_uid; 1342 1343 es->s_def_resuid = cpu_to_le16(uid & 0xFFFF); 1344 es->s_def_resuid_hi = cpu_to_le16(uid >> 16); 1345 } 1346 if (params->set_flags & EXT4_TUNE_FL_RESERVED_GID) { 1347 int gid = params->reserved_gid; 1348 1349 es->s_def_resgid = cpu_to_le16(gid & 0xFFFF); 1350 es->s_def_resgid_hi = cpu_to_le16(gid >> 16); 1351 } 1352 if (params->set_flags & EXT4_TUNE_FL_DEFAULT_MNT_OPTS) 1353 es->s_default_mount_opts = cpu_to_le32(params->default_mnt_opts); 1354 if (params->set_flags & EXT4_TUNE_FL_DEF_HASH_ALG) 1355 es->s_def_hash_version = params->def_hash_alg; 1356 if (params->set_flags & EXT4_TUNE_FL_RAID_STRIDE) 1357 es->s_raid_stride = cpu_to_le16(params->raid_stride); 1358 if (params->set_flags & EXT4_TUNE_FL_RAID_STRIPE_WIDTH) 1359 es->s_raid_stripe_width = 1360 cpu_to_le32(params->raid_stripe_width); 1361 if (params->set_flags & EXT4_TUNE_FL_ENCODING) 1362 es->s_encoding = cpu_to_le16(params->encoding); 1363 if (params->set_flags & EXT4_TUNE_FL_ENCODING_FLAGS) 1364 es->s_encoding_flags = cpu_to_le16(params->encoding_flags); 1365 strscpy_pad(es->s_mount_opts, params->mount_opts); 1366 if (params->set_flags & EXT4_TUNE_FL_EDIT_FEATURES) { 1367 es->s_feature_compat |= 1368 cpu_to_le32(params->set_feature_compat_mask); 1369 es->s_feature_incompat |= 1370 cpu_to_le32(params->set_feature_incompat_mask); 1371 es->s_feature_ro_compat |= 1372 cpu_to_le32(params->set_feature_ro_compat_mask); 1373 es->s_feature_compat &= 1374 ~cpu_to_le32(params->clear_feature_compat_mask); 1375 es->s_feature_incompat &= 1376 ~cpu_to_le32(params->clear_feature_incompat_mask); 1377 es->s_feature_ro_compat &= 1378 ~cpu_to_le32(params->clear_feature_ro_compat_mask); 1379 if (params->set_feature_compat_mask & 1380 EXT4_FEATURE_COMPAT_DIR_INDEX) 1381 es->s_def_hash_version = sbi->s_def_hash_version; 1382 if (params->set_feature_incompat_mask & 1383 EXT4_FEATURE_INCOMPAT_CSUM_SEED) 1384 es->s_checksum_seed = cpu_to_le32(sbi->s_csum_seed); 1385 } 1386 if (params->set_flags & EXT4_TUNE_FL_FORCE_FSCK) 1387 es->s_state |= cpu_to_le16(EXT4_ERROR_FS); 1388 } 1389 1390 static int ext4_ioctl_set_tune_sb(struct file *filp, 1391 struct ext4_tune_sb_params __user *in) 1392 { 1393 struct ext4_tune_sb_params params; 1394 struct super_block *sb = file_inode(filp)->i_sb; 1395 struct ext4_sb_info *sbi = EXT4_SB(sb); 1396 struct ext4_super_block *es = sbi->s_es; 1397 int enabling_casefold = 0; 1398 int ret; 1399 1400 if (!capable(CAP_SYS_ADMIN)) 1401 return -EPERM; 1402 1403 if (copy_from_user(¶ms, in, sizeof(params))) 1404 return -EFAULT; 1405 1406 if (strnlen(params.mount_opts, sizeof(params.mount_opts)) == 1407 sizeof(params.mount_opts)) 1408 return -E2BIG; 1409 1410 if ((params.set_flags & ~TUNE_OPS_SUPPORTED) != 0) 1411 return -EOPNOTSUPP; 1412 1413 if ((params.set_flags & EXT4_TUNE_FL_ERRORS_BEHAVIOR) && 1414 (params.errors_behavior > EXT4_ERRORS_PANIC)) 1415 return -EINVAL; 1416 1417 if ((params.set_flags & EXT4_TUNE_FL_RESERVED_BLOCKS) && 1418 (params.reserved_blocks > ext4_blocks_count(sbi->s_es) / 2)) 1419 return -EINVAL; 1420 if ((params.set_flags & EXT4_TUNE_FL_DEF_HASH_ALG) && 1421 ((params.def_hash_alg > DX_HASH_LAST) || 1422 (params.def_hash_alg == DX_HASH_SIPHASH))) 1423 return -EINVAL; 1424 if ((params.set_flags & EXT4_TUNE_FL_FEATURES) && 1425 (params.set_flags & EXT4_TUNE_FL_EDIT_FEATURES)) 1426 return -EINVAL; 1427 1428 if (params.set_flags & EXT4_TUNE_FL_FEATURES) { 1429 params.set_feature_compat_mask = 1430 params.feature_compat & 1431 ~le32_to_cpu(es->s_feature_compat); 1432 params.set_feature_incompat_mask = 1433 params.feature_incompat & 1434 ~le32_to_cpu(es->s_feature_incompat); 1435 params.set_feature_ro_compat_mask = 1436 params.feature_ro_compat & 1437 ~le32_to_cpu(es->s_feature_ro_compat); 1438 params.clear_feature_compat_mask = 1439 ~params.feature_compat & 1440 le32_to_cpu(es->s_feature_compat); 1441 params.clear_feature_incompat_mask = 1442 ~params.feature_incompat & 1443 le32_to_cpu(es->s_feature_incompat); 1444 params.clear_feature_ro_compat_mask = 1445 ~params.feature_ro_compat & 1446 le32_to_cpu(es->s_feature_ro_compat); 1447 params.set_flags |= EXT4_TUNE_FL_EDIT_FEATURES; 1448 } 1449 if (params.set_flags & EXT4_TUNE_FL_EDIT_FEATURES) { 1450 if ((params.set_feature_compat_mask & 1451 ~EXT4_TUNE_SET_COMPAT_SUPP) || 1452 (params.set_feature_incompat_mask & 1453 ~EXT4_TUNE_SET_INCOMPAT_SUPP) || 1454 (params.set_feature_ro_compat_mask & 1455 ~EXT4_TUNE_SET_RO_COMPAT_SUPP) || 1456 (params.clear_feature_compat_mask & 1457 ~EXT4_TUNE_CLEAR_COMPAT_SUPP) || 1458 (params.clear_feature_incompat_mask & 1459 ~EXT4_TUNE_CLEAR_INCOMPAT_SUPP) || 1460 (params.clear_feature_ro_compat_mask & 1461 ~EXT4_TUNE_CLEAR_RO_COMPAT_SUPP)) 1462 return -EOPNOTSUPP; 1463 1464 /* 1465 * Filter out the features that are already set from 1466 * the set_mask. 1467 */ 1468 params.set_feature_compat_mask &= 1469 ~le32_to_cpu(es->s_feature_compat); 1470 params.set_feature_incompat_mask &= 1471 ~le32_to_cpu(es->s_feature_incompat); 1472 params.set_feature_ro_compat_mask &= 1473 ~le32_to_cpu(es->s_feature_ro_compat); 1474 if ((params.set_feature_incompat_mask & 1475 EXT4_FEATURE_INCOMPAT_CASEFOLD)) { 1476 enabling_casefold = 1; 1477 if (!(params.set_flags & EXT4_TUNE_FL_ENCODING)) { 1478 params.encoding = EXT4_ENC_UTF8_12_1; 1479 params.set_flags |= EXT4_TUNE_FL_ENCODING; 1480 } 1481 if (!(params.set_flags & EXT4_TUNE_FL_ENCODING_FLAGS)) { 1482 params.encoding_flags = 0; 1483 params.set_flags |= EXT4_TUNE_FL_ENCODING_FLAGS; 1484 } 1485 } 1486 if ((params.set_feature_compat_mask & 1487 EXT4_FEATURE_COMPAT_DIR_INDEX)) { 1488 uuid_t uu; 1489 1490 memcpy(&uu, sbi->s_hash_seed, UUID_SIZE); 1491 if (uuid_is_null(&uu)) 1492 generate_random_uuid((char *) 1493 &sbi->s_hash_seed); 1494 if (params.set_flags & EXT4_TUNE_FL_DEF_HASH_ALG) 1495 sbi->s_def_hash_version = params.def_hash_alg; 1496 else if (sbi->s_def_hash_version == 0) 1497 sbi->s_def_hash_version = DX_HASH_HALF_MD4; 1498 if (!(es->s_flags & 1499 cpu_to_le32(EXT2_FLAGS_UNSIGNED_HASH)) && 1500 !(es->s_flags & 1501 cpu_to_le32(EXT2_FLAGS_SIGNED_HASH))) { 1502 #ifdef __CHAR_UNSIGNED__ 1503 sbi->s_hash_unsigned = 3; 1504 #else 1505 sbi->s_hash_unsigned = 0; 1506 #endif 1507 } 1508 } 1509 } 1510 if (params.set_flags & EXT4_TUNE_FL_ENCODING) { 1511 if (!enabling_casefold) 1512 return -EINVAL; 1513 if (params.encoding == 0) 1514 params.encoding = EXT4_ENC_UTF8_12_1; 1515 else if (params.encoding != EXT4_ENC_UTF8_12_1) 1516 return -EINVAL; 1517 } 1518 if (params.set_flags & EXT4_TUNE_FL_ENCODING_FLAGS) { 1519 if (!enabling_casefold) 1520 return -EINVAL; 1521 if (params.encoding_flags & ~SB_ENC_SUPP_MASK) 1522 return -EINVAL; 1523 } 1524 1525 ret = mnt_want_write_file(filp); 1526 if (ret) 1527 return ret; 1528 1529 ret = ext4_update_superblocks_fn(sb, ext4_sb_setparams, ¶ms); 1530 mnt_drop_write_file(filp); 1531 1532 if (params.set_flags & EXT4_TUNE_FL_DEF_HASH_ALG) 1533 sbi->s_def_hash_version = params.def_hash_alg; 1534 1535 return ret; 1536 } 1537 1538 static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 1539 { 1540 struct inode *inode = file_inode(filp); 1541 struct super_block *sb = inode->i_sb; 1542 struct mnt_idmap *idmap = file_mnt_idmap(filp); 1543 1544 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg); 1545 1546 switch (cmd) { 1547 case FS_IOC_GETFSMAP: 1548 return ext4_ioc_getfsmap(sb, (void __user *)arg); 1549 case EXT4_IOC_GETVERSION: 1550 case EXT4_IOC_GETVERSION_OLD: 1551 return put_user(inode->i_generation, (int __user *) arg); 1552 case EXT4_IOC_SETVERSION: 1553 case EXT4_IOC_SETVERSION_OLD: { 1554 handle_t *handle; 1555 struct ext4_iloc iloc; 1556 __u32 generation; 1557 int err; 1558 1559 if (!inode_owner_or_capable(idmap, inode)) 1560 return -EPERM; 1561 1562 if (ext4_has_feature_metadata_csum(inode->i_sb)) { 1563 ext4_warning(sb, "Setting inode version is not " 1564 "supported with metadata_csum enabled."); 1565 return -ENOTTY; 1566 } 1567 1568 err = mnt_want_write_file(filp); 1569 if (err) 1570 return err; 1571 if (get_user(generation, (int __user *) arg)) { 1572 err = -EFAULT; 1573 goto setversion_out; 1574 } 1575 1576 inode_lock(inode); 1577 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 1578 if (IS_ERR(handle)) { 1579 err = PTR_ERR(handle); 1580 goto unlock_out; 1581 } 1582 err = ext4_reserve_inode_write(handle, inode, &iloc); 1583 if (err == 0) { 1584 inode_set_ctime_current(inode); 1585 inode_inc_iversion(inode); 1586 inode->i_generation = generation; 1587 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 1588 } 1589 ext4_journal_stop(handle); 1590 1591 unlock_out: 1592 inode_unlock(inode); 1593 setversion_out: 1594 mnt_drop_write_file(filp); 1595 return err; 1596 } 1597 case EXT4_IOC_GROUP_EXTEND: { 1598 ext4_fsblk_t n_blocks_count; 1599 int err, err2=0; 1600 1601 err = ext4_resize_begin(sb); 1602 if (err) 1603 return err; 1604 1605 if (get_user(n_blocks_count, (__u32 __user *)arg)) { 1606 err = -EFAULT; 1607 goto group_extend_out; 1608 } 1609 1610 if (ext4_has_feature_bigalloc(sb)) { 1611 ext4_msg(sb, KERN_ERR, 1612 "Online resizing not supported with bigalloc"); 1613 err = -EOPNOTSUPP; 1614 goto group_extend_out; 1615 } 1616 1617 err = mnt_want_write_file(filp); 1618 if (err) 1619 goto group_extend_out; 1620 1621 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count); 1622 if (EXT4_SB(sb)->s_journal) { 1623 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE, 1624 NULL); 1625 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 1626 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0); 1627 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 1628 } 1629 if (err == 0) 1630 err = err2; 1631 mnt_drop_write_file(filp); 1632 group_extend_out: 1633 err2 = ext4_resize_end(sb, false); 1634 if (err == 0) 1635 err = err2; 1636 return err; 1637 } 1638 1639 case EXT4_IOC_MOVE_EXT: { 1640 struct move_extent me; 1641 int err; 1642 1643 if (!(filp->f_mode & FMODE_READ) || 1644 !(filp->f_mode & FMODE_WRITE)) 1645 return -EBADF; 1646 1647 if (copy_from_user(&me, 1648 (struct move_extent __user *)arg, sizeof(me))) 1649 return -EFAULT; 1650 me.moved_len = 0; 1651 1652 CLASS(fd, donor)(me.donor_fd); 1653 if (fd_empty(donor)) 1654 return -EBADF; 1655 1656 if (!(fd_file(donor)->f_mode & FMODE_WRITE)) 1657 return -EBADF; 1658 1659 if (file_inode(filp)->i_sb != file_inode(fd_file(donor))->i_sb) 1660 return -EXDEV; 1661 1662 err = mnt_want_write_file(filp); 1663 if (err) 1664 return err; 1665 1666 err = ext4_move_extents(filp, fd_file(donor), me.orig_start, 1667 me.donor_start, me.len, &me.moved_len); 1668 mnt_drop_write_file(filp); 1669 1670 if (copy_to_user((struct move_extent __user *)arg, 1671 &me, sizeof(me))) 1672 err = -EFAULT; 1673 return err; 1674 } 1675 1676 case EXT4_IOC_GROUP_ADD: { 1677 struct ext4_new_group_data input; 1678 1679 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg, 1680 sizeof(input))) 1681 return -EFAULT; 1682 1683 return ext4_ioctl_group_add(filp, &input); 1684 } 1685 1686 case EXT4_IOC_MIGRATE: 1687 { 1688 int err; 1689 if (!inode_owner_or_capable(idmap, inode)) 1690 return -EACCES; 1691 1692 err = mnt_want_write_file(filp); 1693 if (err) 1694 return err; 1695 /* 1696 * inode_mutex prevent write and truncate on the file. 1697 * Read still goes through. We take i_data_sem in 1698 * ext4_ext_swap_inode_data before we switch the 1699 * inode format to prevent read. 1700 */ 1701 inode_lock((inode)); 1702 err = ext4_ext_migrate(inode); 1703 inode_unlock((inode)); 1704 mnt_drop_write_file(filp); 1705 return err; 1706 } 1707 1708 case EXT4_IOC_ALLOC_DA_BLKS: 1709 { 1710 int err; 1711 if (!inode_owner_or_capable(idmap, inode)) 1712 return -EACCES; 1713 1714 err = mnt_want_write_file(filp); 1715 if (err) 1716 return err; 1717 err = ext4_alloc_da_blocks(inode); 1718 mnt_drop_write_file(filp); 1719 return err; 1720 } 1721 1722 case EXT4_IOC_SWAP_BOOT: 1723 { 1724 int err; 1725 if (!(filp->f_mode & FMODE_WRITE)) 1726 return -EBADF; 1727 err = mnt_want_write_file(filp); 1728 if (err) 1729 return err; 1730 err = swap_inode_boot_loader(sb, idmap, inode); 1731 mnt_drop_write_file(filp); 1732 return err; 1733 } 1734 1735 case EXT4_IOC_RESIZE_FS: { 1736 ext4_fsblk_t n_blocks_count; 1737 int err = 0, err2 = 0; 1738 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count; 1739 1740 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg, 1741 sizeof(__u64))) { 1742 return -EFAULT; 1743 } 1744 1745 err = ext4_resize_begin(sb); 1746 if (err) 1747 return err; 1748 1749 err = mnt_want_write_file(filp); 1750 if (err) 1751 goto resizefs_out; 1752 1753 err = ext4_resize_fs(sb, n_blocks_count); 1754 if (EXT4_SB(sb)->s_journal) { 1755 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE, NULL); 1756 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 1757 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0); 1758 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 1759 } 1760 if (err == 0) 1761 err = err2; 1762 mnt_drop_write_file(filp); 1763 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) && 1764 ext4_has_group_desc_csum(sb) && 1765 test_opt(sb, INIT_INODE_TABLE)) 1766 err = ext4_register_li_request(sb, o_group); 1767 1768 resizefs_out: 1769 err2 = ext4_resize_end(sb, true); 1770 if (err == 0) 1771 err = err2; 1772 return err; 1773 } 1774 1775 case FITRIM: 1776 { 1777 struct fstrim_range range; 1778 int ret = 0; 1779 1780 if (!capable(CAP_SYS_ADMIN)) 1781 return -EPERM; 1782 1783 if (!bdev_max_discard_sectors(sb->s_bdev)) 1784 return -EOPNOTSUPP; 1785 1786 /* 1787 * We haven't replayed the journal, so we cannot use our 1788 * block-bitmap-guided storage zapping commands. 1789 */ 1790 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb)) 1791 return -EROFS; 1792 1793 if (copy_from_user(&range, (struct fstrim_range __user *)arg, 1794 sizeof(range))) 1795 return -EFAULT; 1796 1797 ret = ext4_trim_fs(sb, &range); 1798 if (ret < 0) 1799 return ret; 1800 1801 if (copy_to_user((struct fstrim_range __user *)arg, &range, 1802 sizeof(range))) 1803 return -EFAULT; 1804 1805 return 0; 1806 } 1807 case EXT4_IOC_PRECACHE_EXTENTS: 1808 { 1809 int ret; 1810 1811 inode_lock_shared(inode); 1812 ret = ext4_ext_precache(inode); 1813 inode_unlock_shared(inode); 1814 return ret; 1815 } 1816 case FS_IOC_SET_ENCRYPTION_POLICY: 1817 if (!ext4_has_feature_encrypt(sb)) 1818 return -EOPNOTSUPP; 1819 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg); 1820 1821 case FS_IOC_GET_ENCRYPTION_PWSALT: 1822 return ext4_ioctl_get_encryption_pwsalt(filp, (void __user *)arg); 1823 1824 case FS_IOC_GET_ENCRYPTION_POLICY: 1825 if (!ext4_has_feature_encrypt(sb)) 1826 return -EOPNOTSUPP; 1827 return fscrypt_ioctl_get_policy(filp, (void __user *)arg); 1828 1829 case FS_IOC_GET_ENCRYPTION_POLICY_EX: 1830 if (!ext4_has_feature_encrypt(sb)) 1831 return -EOPNOTSUPP; 1832 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg); 1833 1834 case FS_IOC_ADD_ENCRYPTION_KEY: 1835 if (!ext4_has_feature_encrypt(sb)) 1836 return -EOPNOTSUPP; 1837 return fscrypt_ioctl_add_key(filp, (void __user *)arg); 1838 1839 case FS_IOC_REMOVE_ENCRYPTION_KEY: 1840 if (!ext4_has_feature_encrypt(sb)) 1841 return -EOPNOTSUPP; 1842 return fscrypt_ioctl_remove_key(filp, (void __user *)arg); 1843 1844 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: 1845 if (!ext4_has_feature_encrypt(sb)) 1846 return -EOPNOTSUPP; 1847 return fscrypt_ioctl_remove_key_all_users(filp, 1848 (void __user *)arg); 1849 case FS_IOC_GET_ENCRYPTION_KEY_STATUS: 1850 if (!ext4_has_feature_encrypt(sb)) 1851 return -EOPNOTSUPP; 1852 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg); 1853 1854 case FS_IOC_GET_ENCRYPTION_NONCE: 1855 if (!ext4_has_feature_encrypt(sb)) 1856 return -EOPNOTSUPP; 1857 return fscrypt_ioctl_get_nonce(filp, (void __user *)arg); 1858 1859 case EXT4_IOC_CLEAR_ES_CACHE: 1860 { 1861 if (!inode_owner_or_capable(idmap, inode)) 1862 return -EACCES; 1863 ext4_clear_inode_es(inode); 1864 return 0; 1865 } 1866 1867 case EXT4_IOC_GETSTATE: 1868 { 1869 __u32 state = 0; 1870 1871 if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED)) 1872 state |= EXT4_STATE_FLAG_EXT_PRECACHED; 1873 if (ext4_test_inode_state(inode, EXT4_STATE_NEW)) 1874 state |= EXT4_STATE_FLAG_NEW; 1875 if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY)) 1876 state |= EXT4_STATE_FLAG_NEWENTRY; 1877 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE)) 1878 state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE; 1879 1880 return put_user(state, (__u32 __user *) arg); 1881 } 1882 1883 case EXT4_IOC_GET_ES_CACHE: 1884 return ext4_ioctl_get_es_cache(filp, arg); 1885 1886 case EXT4_IOC_SHUTDOWN: 1887 return ext4_ioctl_shutdown(sb, arg); 1888 1889 case FS_IOC_ENABLE_VERITY: 1890 if (!ext4_has_feature_verity(sb)) 1891 return -EOPNOTSUPP; 1892 return fsverity_ioctl_enable(filp, (const void __user *)arg); 1893 1894 case FS_IOC_MEASURE_VERITY: 1895 if (!ext4_has_feature_verity(sb)) 1896 return -EOPNOTSUPP; 1897 return fsverity_ioctl_measure(filp, (void __user *)arg); 1898 1899 case FS_IOC_READ_VERITY_METADATA: 1900 if (!ext4_has_feature_verity(sb)) 1901 return -EOPNOTSUPP; 1902 return fsverity_ioctl_read_metadata(filp, 1903 (const void __user *)arg); 1904 1905 case EXT4_IOC_CHECKPOINT: 1906 return ext4_ioctl_checkpoint(filp, arg); 1907 1908 case FS_IOC_GETFSLABEL: 1909 return ext4_ioctl_getlabel(EXT4_SB(sb), (void __user *)arg); 1910 1911 case FS_IOC_SETFSLABEL: 1912 return ext4_ioctl_setlabel(filp, 1913 (const void __user *)arg); 1914 1915 case EXT4_IOC_GETFSUUID: 1916 return ext4_ioctl_getuuid(EXT4_SB(sb), (void __user *)arg); 1917 case EXT4_IOC_SETFSUUID: 1918 return ext4_ioctl_setuuid(filp, (const void __user *)arg); 1919 case EXT4_IOC_GET_TUNE_SB_PARAM: 1920 return ext4_ioctl_get_tune_sb(EXT4_SB(sb), 1921 (void __user *)arg); 1922 case EXT4_IOC_SET_TUNE_SB_PARAM: 1923 return ext4_ioctl_set_tune_sb(filp, (void __user *)arg); 1924 default: 1925 return -ENOTTY; 1926 } 1927 } 1928 1929 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 1930 { 1931 return __ext4_ioctl(filp, cmd, arg); 1932 } 1933 1934 #ifdef CONFIG_COMPAT 1935 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1936 { 1937 /* These are just misnamed, they actually get/put from/to user an int */ 1938 switch (cmd) { 1939 case EXT4_IOC32_GETVERSION: 1940 cmd = EXT4_IOC_GETVERSION; 1941 break; 1942 case EXT4_IOC32_SETVERSION: 1943 cmd = EXT4_IOC_SETVERSION; 1944 break; 1945 case EXT4_IOC32_GROUP_EXTEND: 1946 cmd = EXT4_IOC_GROUP_EXTEND; 1947 break; 1948 case EXT4_IOC32_GETVERSION_OLD: 1949 cmd = EXT4_IOC_GETVERSION_OLD; 1950 break; 1951 case EXT4_IOC32_SETVERSION_OLD: 1952 cmd = EXT4_IOC_SETVERSION_OLD; 1953 break; 1954 case EXT4_IOC32_GETRSVSZ: 1955 cmd = EXT4_IOC_GETRSVSZ; 1956 break; 1957 case EXT4_IOC32_SETRSVSZ: 1958 cmd = EXT4_IOC_SETRSVSZ; 1959 break; 1960 case EXT4_IOC32_GROUP_ADD: { 1961 struct compat_ext4_new_group_input __user *uinput; 1962 struct ext4_new_group_data input; 1963 int err; 1964 1965 uinput = compat_ptr(arg); 1966 err = get_user(input.group, &uinput->group); 1967 err |= get_user(input.block_bitmap, &uinput->block_bitmap); 1968 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap); 1969 err |= get_user(input.inode_table, &uinput->inode_table); 1970 err |= get_user(input.blocks_count, &uinput->blocks_count); 1971 err |= get_user(input.reserved_blocks, 1972 &uinput->reserved_blocks); 1973 if (err) 1974 return -EFAULT; 1975 return ext4_ioctl_group_add(file, &input); 1976 } 1977 case EXT4_IOC_MOVE_EXT: 1978 case EXT4_IOC_RESIZE_FS: 1979 case FITRIM: 1980 case EXT4_IOC_PRECACHE_EXTENTS: 1981 case FS_IOC_SET_ENCRYPTION_POLICY: 1982 case FS_IOC_GET_ENCRYPTION_PWSALT: 1983 case FS_IOC_GET_ENCRYPTION_POLICY: 1984 case FS_IOC_GET_ENCRYPTION_POLICY_EX: 1985 case FS_IOC_ADD_ENCRYPTION_KEY: 1986 case FS_IOC_REMOVE_ENCRYPTION_KEY: 1987 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: 1988 case FS_IOC_GET_ENCRYPTION_KEY_STATUS: 1989 case FS_IOC_GET_ENCRYPTION_NONCE: 1990 case EXT4_IOC_SHUTDOWN: 1991 case FS_IOC_GETFSMAP: 1992 case FS_IOC_ENABLE_VERITY: 1993 case FS_IOC_MEASURE_VERITY: 1994 case FS_IOC_READ_VERITY_METADATA: 1995 case EXT4_IOC_CLEAR_ES_CACHE: 1996 case EXT4_IOC_GETSTATE: 1997 case EXT4_IOC_GET_ES_CACHE: 1998 case EXT4_IOC_CHECKPOINT: 1999 case FS_IOC_GETFSLABEL: 2000 case FS_IOC_SETFSLABEL: 2001 case EXT4_IOC_GETFSUUID: 2002 case EXT4_IOC_SETFSUUID: 2003 break; 2004 default: 2005 return -ENOIOCTLCMD; 2006 } 2007 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); 2008 } 2009 #endif 2010 2011 static void set_overhead(struct ext4_sb_info *sbi, 2012 struct ext4_super_block *es, const void *arg) 2013 { 2014 es->s_overhead_clusters = cpu_to_le32(*((unsigned long *) arg)); 2015 } 2016 2017 int ext4_update_overhead(struct super_block *sb, bool force) 2018 { 2019 struct ext4_sb_info *sbi = EXT4_SB(sb); 2020 2021 if (ext4_emergency_state(sb) || sb_rdonly(sb)) 2022 return 0; 2023 if (!force && 2024 (sbi->s_overhead == 0 || 2025 sbi->s_overhead == le32_to_cpu(sbi->s_es->s_overhead_clusters))) 2026 return 0; 2027 return ext4_update_superblocks_fn(sb, set_overhead, &sbi->s_overhead); 2028 } 2029