1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/ioctl.c 4 * 5 * Copyright (C) 1993, 1994, 1995 6 * Remy Card (card@masi.ibp.fr) 7 * Laboratoire MASI - Institut Blaise Pascal 8 * Universite Pierre et Marie Curie (Paris VI) 9 */ 10 11 #include <linux/fs.h> 12 #include <linux/capability.h> 13 #include <linux/time.h> 14 #include <linux/compat.h> 15 #include <linux/mount.h> 16 #include <linux/file.h> 17 #include <linux/quotaops.h> 18 #include <linux/random.h> 19 #include <linux/uaccess.h> 20 #include <linux/delay.h> 21 #include <linux/iversion.h> 22 #include <linux/fileattr.h> 23 #include <linux/uuid.h> 24 #include "ext4_jbd2.h" 25 #include "ext4.h" 26 #include <linux/fsmap.h> 27 #include "fsmap.h" 28 #include <trace/events/ext4.h> 29 30 typedef void ext4_update_sb_callback(struct ext4_super_block *es, 31 const void *arg); 32 33 /* 34 * Superblock modification callback function for changing file system 35 * label 36 */ 37 static void ext4_sb_setlabel(struct ext4_super_block *es, const void *arg) 38 { 39 /* Sanity check, this should never happen */ 40 BUILD_BUG_ON(sizeof(es->s_volume_name) < EXT4_LABEL_MAX); 41 42 memcpy(es->s_volume_name, (char *)arg, EXT4_LABEL_MAX); 43 } 44 45 /* 46 * Superblock modification callback function for changing file system 47 * UUID. 48 */ 49 static void ext4_sb_setuuid(struct ext4_super_block *es, const void *arg) 50 { 51 memcpy(es->s_uuid, (__u8 *)arg, UUID_SIZE); 52 } 53 54 static 55 int ext4_update_primary_sb(struct super_block *sb, handle_t *handle, 56 ext4_update_sb_callback func, 57 const void *arg) 58 { 59 int err = 0; 60 struct ext4_sb_info *sbi = EXT4_SB(sb); 61 struct buffer_head *bh = sbi->s_sbh; 62 struct ext4_super_block *es = sbi->s_es; 63 64 trace_ext4_update_sb(sb, bh->b_blocknr, 1); 65 66 BUFFER_TRACE(bh, "get_write_access"); 67 err = ext4_journal_get_write_access(handle, sb, 68 bh, 69 EXT4_JTR_NONE); 70 if (err) 71 goto out_err; 72 73 lock_buffer(bh); 74 func(es, arg); 75 ext4_superblock_csum_set(sb); 76 unlock_buffer(bh); 77 78 if (buffer_write_io_error(bh) || !buffer_uptodate(bh)) { 79 ext4_msg(sbi->s_sb, KERN_ERR, "previous I/O error to " 80 "superblock detected"); 81 clear_buffer_write_io_error(bh); 82 set_buffer_uptodate(bh); 83 } 84 85 err = ext4_handle_dirty_metadata(handle, NULL, bh); 86 if (err) 87 goto out_err; 88 err = sync_dirty_buffer(bh); 89 out_err: 90 ext4_std_error(sb, err); 91 return err; 92 } 93 94 /* 95 * Update one backup superblock in the group 'grp' using the callback 96 * function 'func' and argument 'arg'. If the handle is NULL the 97 * modification is not journalled. 98 * 99 * Returns: 0 when no modification was done (no superblock in the group) 100 * 1 when the modification was successful 101 * <0 on error 102 */ 103 static int ext4_update_backup_sb(struct super_block *sb, 104 handle_t *handle, ext4_group_t grp, 105 ext4_update_sb_callback func, const void *arg) 106 { 107 int err = 0; 108 ext4_fsblk_t sb_block; 109 struct buffer_head *bh; 110 unsigned long offset = 0; 111 struct ext4_super_block *es; 112 113 if (!ext4_bg_has_super(sb, grp)) 114 return 0; 115 116 /* 117 * For the group 0 there is always 1k padding, so we have 118 * either adjust offset, or sb_block depending on blocksize 119 */ 120 if (grp == 0) { 121 sb_block = 1 * EXT4_MIN_BLOCK_SIZE; 122 offset = do_div(sb_block, sb->s_blocksize); 123 } else { 124 sb_block = ext4_group_first_block_no(sb, grp); 125 offset = 0; 126 } 127 128 trace_ext4_update_sb(sb, sb_block, handle ? 1 : 0); 129 130 bh = ext4_sb_bread(sb, sb_block, 0); 131 if (IS_ERR(bh)) 132 return PTR_ERR(bh); 133 134 if (handle) { 135 BUFFER_TRACE(bh, "get_write_access"); 136 err = ext4_journal_get_write_access(handle, sb, 137 bh, 138 EXT4_JTR_NONE); 139 if (err) 140 goto out_bh; 141 } 142 143 es = (struct ext4_super_block *) (bh->b_data + offset); 144 lock_buffer(bh); 145 if (ext4_has_metadata_csum(sb) && 146 es->s_checksum != ext4_superblock_csum(sb, es)) { 147 ext4_msg(sb, KERN_ERR, "Invalid checksum for backup " 148 "superblock %llu", sb_block); 149 unlock_buffer(bh); 150 goto out_bh; 151 } 152 func(es, arg); 153 if (ext4_has_metadata_csum(sb)) 154 es->s_checksum = ext4_superblock_csum(sb, es); 155 set_buffer_uptodate(bh); 156 unlock_buffer(bh); 157 158 if (err) 159 goto out_bh; 160 161 if (handle) { 162 err = ext4_handle_dirty_metadata(handle, NULL, bh); 163 if (err) 164 goto out_bh; 165 } else { 166 BUFFER_TRACE(bh, "marking dirty"); 167 mark_buffer_dirty(bh); 168 } 169 err = sync_dirty_buffer(bh); 170 171 out_bh: 172 brelse(bh); 173 ext4_std_error(sb, err); 174 return (err) ? err : 1; 175 } 176 177 /* 178 * Update primary and backup superblocks using the provided function 179 * func and argument arg. 180 * 181 * Only the primary superblock and at most two backup superblock 182 * modifications are journalled; the rest is modified without journal. 183 * This is safe because e2fsck will re-write them if there is a problem, 184 * and we're very unlikely to ever need more than two backups. 185 */ 186 static 187 int ext4_update_superblocks_fn(struct super_block *sb, 188 ext4_update_sb_callback func, 189 const void *arg) 190 { 191 handle_t *handle; 192 ext4_group_t ngroups; 193 unsigned int three = 1; 194 unsigned int five = 5; 195 unsigned int seven = 7; 196 int err = 0, ret, i; 197 ext4_group_t grp, primary_grp; 198 struct ext4_sb_info *sbi = EXT4_SB(sb); 199 200 /* 201 * We can't update superblocks while the online resize is running 202 */ 203 if (test_and_set_bit_lock(EXT4_FLAGS_RESIZING, 204 &sbi->s_ext4_flags)) { 205 ext4_msg(sb, KERN_ERR, "Can't modify superblock while" 206 "performing online resize"); 207 return -EBUSY; 208 } 209 210 /* 211 * We're only going to update primary superblock and two 212 * backup superblocks in this transaction. 213 */ 214 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 3); 215 if (IS_ERR(handle)) { 216 err = PTR_ERR(handle); 217 goto out; 218 } 219 220 /* Update primary superblock */ 221 err = ext4_update_primary_sb(sb, handle, func, arg); 222 if (err) { 223 ext4_msg(sb, KERN_ERR, "Failed to update primary " 224 "superblock"); 225 goto out_journal; 226 } 227 228 primary_grp = ext4_get_group_number(sb, sbi->s_sbh->b_blocknr); 229 ngroups = ext4_get_groups_count(sb); 230 231 /* 232 * Update backup superblocks. We have to start from group 0 233 * because it might not be where the primary superblock is 234 * if the fs is mounted with -o sb=<backup_sb_block> 235 */ 236 i = 0; 237 grp = 0; 238 while (grp < ngroups) { 239 /* Skip primary superblock */ 240 if (grp == primary_grp) 241 goto next_grp; 242 243 ret = ext4_update_backup_sb(sb, handle, grp, func, arg); 244 if (ret < 0) { 245 /* Ignore bad checksum; try to update next sb */ 246 if (ret == -EFSBADCRC) 247 goto next_grp; 248 err = ret; 249 goto out_journal; 250 } 251 252 i += ret; 253 if (handle && i > 1) { 254 /* 255 * We're only journalling primary superblock and 256 * two backup superblocks; the rest is not 257 * journalled. 258 */ 259 err = ext4_journal_stop(handle); 260 if (err) 261 goto out; 262 handle = NULL; 263 } 264 next_grp: 265 grp = ext4_list_backups(sb, &three, &five, &seven); 266 } 267 268 out_journal: 269 if (handle) { 270 ret = ext4_journal_stop(handle); 271 if (ret && !err) 272 err = ret; 273 } 274 out: 275 clear_bit_unlock(EXT4_FLAGS_RESIZING, &sbi->s_ext4_flags); 276 smp_mb__after_atomic(); 277 return err ? err : 0; 278 } 279 280 /* 281 * Swap memory between @a and @b for @len bytes. 282 * 283 * @a: pointer to first memory area 284 * @b: pointer to second memory area 285 * @len: number of bytes to swap 286 * 287 */ 288 static void memswap(void *a, void *b, size_t len) 289 { 290 unsigned char *ap, *bp; 291 292 ap = (unsigned char *)a; 293 bp = (unsigned char *)b; 294 while (len-- > 0) { 295 swap(*ap, *bp); 296 ap++; 297 bp++; 298 } 299 } 300 301 /* 302 * Swap i_data and associated attributes between @inode1 and @inode2. 303 * This function is used for the primary swap between inode1 and inode2 304 * and also to revert this primary swap in case of errors. 305 * 306 * Therefore you have to make sure, that calling this method twice 307 * will revert all changes. 308 * 309 * @inode1: pointer to first inode 310 * @inode2: pointer to second inode 311 */ 312 static void swap_inode_data(struct inode *inode1, struct inode *inode2) 313 { 314 loff_t isize; 315 struct ext4_inode_info *ei1; 316 struct ext4_inode_info *ei2; 317 unsigned long tmp; 318 319 ei1 = EXT4_I(inode1); 320 ei2 = EXT4_I(inode2); 321 322 swap(inode1->i_version, inode2->i_version); 323 swap(inode1->i_atime, inode2->i_atime); 324 swap(inode1->i_mtime, inode2->i_mtime); 325 326 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data)); 327 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP; 328 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) | 329 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP); 330 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP); 331 swap(ei1->i_disksize, ei2->i_disksize); 332 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS); 333 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS); 334 335 isize = i_size_read(inode1); 336 i_size_write(inode1, i_size_read(inode2)); 337 i_size_write(inode2, isize); 338 } 339 340 void ext4_reset_inode_seed(struct inode *inode) 341 { 342 struct ext4_inode_info *ei = EXT4_I(inode); 343 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); 344 __le32 inum = cpu_to_le32(inode->i_ino); 345 __le32 gen = cpu_to_le32(inode->i_generation); 346 __u32 csum; 347 348 if (!ext4_has_metadata_csum(inode->i_sb)) 349 return; 350 351 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum)); 352 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen)); 353 } 354 355 /* 356 * Swap the information from the given @inode and the inode 357 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other 358 * important fields of the inodes. 359 * 360 * @sb: the super block of the filesystem 361 * @mnt_userns: user namespace of the mount the inode was found from 362 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO 363 * 364 */ 365 static long swap_inode_boot_loader(struct super_block *sb, 366 struct user_namespace *mnt_userns, 367 struct inode *inode) 368 { 369 handle_t *handle; 370 int err; 371 struct inode *inode_bl; 372 struct ext4_inode_info *ei_bl; 373 qsize_t size, size_bl, diff; 374 blkcnt_t blocks; 375 unsigned short bytes; 376 377 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, 378 EXT4_IGET_SPECIAL | EXT4_IGET_BAD); 379 if (IS_ERR(inode_bl)) 380 return PTR_ERR(inode_bl); 381 ei_bl = EXT4_I(inode_bl); 382 383 /* Protect orig inodes against a truncate and make sure, 384 * that only 1 swap_inode_boot_loader is running. */ 385 lock_two_nondirectories(inode, inode_bl); 386 387 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) || 388 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) || 389 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) || 390 ext4_has_inline_data(inode)) { 391 err = -EINVAL; 392 goto journal_err_out; 393 } 394 395 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) || 396 !inode_owner_or_capable(mnt_userns, inode) || 397 !capable(CAP_SYS_ADMIN)) { 398 err = -EPERM; 399 goto journal_err_out; 400 } 401 402 filemap_invalidate_lock(inode->i_mapping); 403 err = filemap_write_and_wait(inode->i_mapping); 404 if (err) 405 goto err_out; 406 407 err = filemap_write_and_wait(inode_bl->i_mapping); 408 if (err) 409 goto err_out; 410 411 /* Wait for all existing dio workers */ 412 inode_dio_wait(inode); 413 inode_dio_wait(inode_bl); 414 415 truncate_inode_pages(&inode->i_data, 0); 416 truncate_inode_pages(&inode_bl->i_data, 0); 417 418 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2); 419 if (IS_ERR(handle)) { 420 err = -EINVAL; 421 goto err_out; 422 } 423 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_SWAP_BOOT, handle); 424 425 /* Protect extent tree against block allocations via delalloc */ 426 ext4_double_down_write_data_sem(inode, inode_bl); 427 428 if (is_bad_inode(inode_bl) || !S_ISREG(inode_bl->i_mode)) { 429 /* this inode has never been used as a BOOT_LOADER */ 430 set_nlink(inode_bl, 1); 431 i_uid_write(inode_bl, 0); 432 i_gid_write(inode_bl, 0); 433 inode_bl->i_flags = 0; 434 ei_bl->i_flags = 0; 435 inode_set_iversion(inode_bl, 1); 436 i_size_write(inode_bl, 0); 437 inode_bl->i_mode = S_IFREG; 438 if (ext4_has_feature_extents(sb)) { 439 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS); 440 ext4_ext_tree_init(handle, inode_bl); 441 } else 442 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data)); 443 } 444 445 err = dquot_initialize(inode); 446 if (err) 447 goto err_out1; 448 449 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes; 450 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes; 451 diff = size - size_bl; 452 swap_inode_data(inode, inode_bl); 453 454 inode->i_ctime = inode_bl->i_ctime = current_time(inode); 455 inode_inc_iversion(inode); 456 457 inode->i_generation = get_random_u32(); 458 inode_bl->i_generation = get_random_u32(); 459 ext4_reset_inode_seed(inode); 460 ext4_reset_inode_seed(inode_bl); 461 462 ext4_discard_preallocations(inode, 0); 463 464 err = ext4_mark_inode_dirty(handle, inode); 465 if (err < 0) { 466 /* No need to update quota information. */ 467 ext4_warning(inode->i_sb, 468 "couldn't mark inode #%lu dirty (err %d)", 469 inode->i_ino, err); 470 /* Revert all changes: */ 471 swap_inode_data(inode, inode_bl); 472 ext4_mark_inode_dirty(handle, inode); 473 goto err_out1; 474 } 475 476 blocks = inode_bl->i_blocks; 477 bytes = inode_bl->i_bytes; 478 inode_bl->i_blocks = inode->i_blocks; 479 inode_bl->i_bytes = inode->i_bytes; 480 err = ext4_mark_inode_dirty(handle, inode_bl); 481 if (err < 0) { 482 /* No need to update quota information. */ 483 ext4_warning(inode_bl->i_sb, 484 "couldn't mark inode #%lu dirty (err %d)", 485 inode_bl->i_ino, err); 486 goto revert; 487 } 488 489 /* Bootloader inode should not be counted into quota information. */ 490 if (diff > 0) 491 dquot_free_space(inode, diff); 492 else 493 err = dquot_alloc_space(inode, -1 * diff); 494 495 if (err < 0) { 496 revert: 497 /* Revert all changes: */ 498 inode_bl->i_blocks = blocks; 499 inode_bl->i_bytes = bytes; 500 swap_inode_data(inode, inode_bl); 501 ext4_mark_inode_dirty(handle, inode); 502 ext4_mark_inode_dirty(handle, inode_bl); 503 } 504 505 err_out1: 506 ext4_journal_stop(handle); 507 ext4_double_up_write_data_sem(inode, inode_bl); 508 509 err_out: 510 filemap_invalidate_unlock(inode->i_mapping); 511 journal_err_out: 512 unlock_two_nondirectories(inode, inode_bl); 513 iput(inode_bl); 514 return err; 515 } 516 517 /* 518 * If immutable is set and we are not clearing it, we're not allowed to change 519 * anything else in the inode. Don't error out if we're only trying to set 520 * immutable on an immutable file. 521 */ 522 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid, 523 unsigned int flags) 524 { 525 struct ext4_inode_info *ei = EXT4_I(inode); 526 unsigned int oldflags = ei->i_flags; 527 528 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL)) 529 return 0; 530 531 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL)) 532 return -EPERM; 533 if (ext4_has_feature_project(inode->i_sb) && 534 __kprojid_val(ei->i_projid) != new_projid) 535 return -EPERM; 536 537 return 0; 538 } 539 540 static void ext4_dax_dontcache(struct inode *inode, unsigned int flags) 541 { 542 struct ext4_inode_info *ei = EXT4_I(inode); 543 544 if (S_ISDIR(inode->i_mode)) 545 return; 546 547 if (test_opt2(inode->i_sb, DAX_NEVER) || 548 test_opt(inode->i_sb, DAX_ALWAYS)) 549 return; 550 551 if ((ei->i_flags ^ flags) & EXT4_DAX_FL) 552 d_mark_dontcache(inode); 553 } 554 555 static bool dax_compatible(struct inode *inode, unsigned int oldflags, 556 unsigned int flags) 557 { 558 /* Allow the DAX flag to be changed on inline directories */ 559 if (S_ISDIR(inode->i_mode)) { 560 flags &= ~EXT4_INLINE_DATA_FL; 561 oldflags &= ~EXT4_INLINE_DATA_FL; 562 } 563 564 if (flags & EXT4_DAX_FL) { 565 if ((oldflags & EXT4_DAX_MUT_EXCL) || 566 ext4_test_inode_state(inode, 567 EXT4_STATE_VERITY_IN_PROGRESS)) { 568 return false; 569 } 570 } 571 572 if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL)) 573 return false; 574 575 return true; 576 } 577 578 static int ext4_ioctl_setflags(struct inode *inode, 579 unsigned int flags) 580 { 581 struct ext4_inode_info *ei = EXT4_I(inode); 582 handle_t *handle = NULL; 583 int err = -EPERM, migrate = 0; 584 struct ext4_iloc iloc; 585 unsigned int oldflags, mask, i; 586 struct super_block *sb = inode->i_sb; 587 588 /* Is it quota file? Do not allow user to mess with it */ 589 if (ext4_is_quota_file(inode)) 590 goto flags_out; 591 592 oldflags = ei->i_flags; 593 /* 594 * The JOURNAL_DATA flag can only be changed by 595 * the relevant capability. 596 */ 597 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 598 if (!capable(CAP_SYS_RESOURCE)) 599 goto flags_out; 600 } 601 602 if (!dax_compatible(inode, oldflags, flags)) { 603 err = -EOPNOTSUPP; 604 goto flags_out; 605 } 606 607 if ((flags ^ oldflags) & EXT4_EXTENTS_FL) 608 migrate = 1; 609 610 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) { 611 if (!ext4_has_feature_casefold(sb)) { 612 err = -EOPNOTSUPP; 613 goto flags_out; 614 } 615 616 if (!S_ISDIR(inode->i_mode)) { 617 err = -ENOTDIR; 618 goto flags_out; 619 } 620 621 if (!ext4_empty_dir(inode)) { 622 err = -ENOTEMPTY; 623 goto flags_out; 624 } 625 } 626 627 /* 628 * Wait for all pending directio and then flush all the dirty pages 629 * for this file. The flush marks all the pages readonly, so any 630 * subsequent attempt to write to the file (particularly mmap pages) 631 * will come through the filesystem and fail. 632 */ 633 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) && 634 (flags & EXT4_IMMUTABLE_FL)) { 635 inode_dio_wait(inode); 636 err = filemap_write_and_wait(inode->i_mapping); 637 if (err) 638 goto flags_out; 639 } 640 641 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 642 if (IS_ERR(handle)) { 643 err = PTR_ERR(handle); 644 goto flags_out; 645 } 646 if (IS_SYNC(inode)) 647 ext4_handle_sync(handle); 648 err = ext4_reserve_inode_write(handle, inode, &iloc); 649 if (err) 650 goto flags_err; 651 652 ext4_dax_dontcache(inode, flags); 653 654 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) { 655 if (!(mask & EXT4_FL_USER_MODIFIABLE)) 656 continue; 657 /* These flags get special treatment later */ 658 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL) 659 continue; 660 if (mask & flags) 661 ext4_set_inode_flag(inode, i); 662 else 663 ext4_clear_inode_flag(inode, i); 664 } 665 666 ext4_set_inode_flags(inode, false); 667 668 inode->i_ctime = current_time(inode); 669 inode_inc_iversion(inode); 670 671 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 672 flags_err: 673 ext4_journal_stop(handle); 674 if (err) 675 goto flags_out; 676 677 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 678 /* 679 * Changes to the journaling mode can cause unsafe changes to 680 * S_DAX if the inode is DAX 681 */ 682 if (IS_DAX(inode)) { 683 err = -EBUSY; 684 goto flags_out; 685 } 686 687 err = ext4_change_inode_journal_flag(inode, 688 flags & EXT4_JOURNAL_DATA_FL); 689 if (err) 690 goto flags_out; 691 } 692 if (migrate) { 693 if (flags & EXT4_EXTENTS_FL) 694 err = ext4_ext_migrate(inode); 695 else 696 err = ext4_ind_migrate(inode); 697 } 698 699 flags_out: 700 return err; 701 } 702 703 #ifdef CONFIG_QUOTA 704 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid) 705 { 706 struct super_block *sb = inode->i_sb; 707 struct ext4_inode_info *ei = EXT4_I(inode); 708 int err, rc; 709 handle_t *handle; 710 kprojid_t kprojid; 711 struct ext4_iloc iloc; 712 struct ext4_inode *raw_inode; 713 struct dquot *transfer_to[MAXQUOTAS] = { }; 714 715 if (!ext4_has_feature_project(sb)) { 716 if (projid != EXT4_DEF_PROJID) 717 return -EOPNOTSUPP; 718 else 719 return 0; 720 } 721 722 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE) 723 return -EOPNOTSUPP; 724 725 kprojid = make_kprojid(&init_user_ns, (projid_t)projid); 726 727 if (projid_eq(kprojid, EXT4_I(inode)->i_projid)) 728 return 0; 729 730 err = -EPERM; 731 /* Is it quota file? Do not allow user to mess with it */ 732 if (ext4_is_quota_file(inode)) 733 return err; 734 735 err = dquot_initialize(inode); 736 if (err) 737 return err; 738 739 err = ext4_get_inode_loc(inode, &iloc); 740 if (err) 741 return err; 742 743 raw_inode = ext4_raw_inode(&iloc); 744 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) { 745 err = ext4_expand_extra_isize(inode, 746 EXT4_SB(sb)->s_want_extra_isize, 747 &iloc); 748 if (err) 749 return err; 750 } else { 751 brelse(iloc.bh); 752 } 753 754 handle = ext4_journal_start(inode, EXT4_HT_QUOTA, 755 EXT4_QUOTA_INIT_BLOCKS(sb) + 756 EXT4_QUOTA_DEL_BLOCKS(sb) + 3); 757 if (IS_ERR(handle)) 758 return PTR_ERR(handle); 759 760 err = ext4_reserve_inode_write(handle, inode, &iloc); 761 if (err) 762 goto out_stop; 763 764 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid)); 765 if (!IS_ERR(transfer_to[PRJQUOTA])) { 766 767 /* __dquot_transfer() calls back ext4_get_inode_usage() which 768 * counts xattr inode references. 769 */ 770 down_read(&EXT4_I(inode)->xattr_sem); 771 err = __dquot_transfer(inode, transfer_to); 772 up_read(&EXT4_I(inode)->xattr_sem); 773 dqput(transfer_to[PRJQUOTA]); 774 if (err) 775 goto out_dirty; 776 } 777 778 EXT4_I(inode)->i_projid = kprojid; 779 inode->i_ctime = current_time(inode); 780 inode_inc_iversion(inode); 781 out_dirty: 782 rc = ext4_mark_iloc_dirty(handle, inode, &iloc); 783 if (!err) 784 err = rc; 785 out_stop: 786 ext4_journal_stop(handle); 787 return err; 788 } 789 #else 790 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid) 791 { 792 if (projid != EXT4_DEF_PROJID) 793 return -EOPNOTSUPP; 794 return 0; 795 } 796 #endif 797 798 static int ext4_shutdown(struct super_block *sb, unsigned long arg) 799 { 800 struct ext4_sb_info *sbi = EXT4_SB(sb); 801 __u32 flags; 802 803 if (!capable(CAP_SYS_ADMIN)) 804 return -EPERM; 805 806 if (get_user(flags, (__u32 __user *)arg)) 807 return -EFAULT; 808 809 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH) 810 return -EINVAL; 811 812 if (ext4_forced_shutdown(sbi)) 813 return 0; 814 815 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags); 816 trace_ext4_shutdown(sb, flags); 817 818 switch (flags) { 819 case EXT4_GOING_FLAGS_DEFAULT: 820 freeze_bdev(sb->s_bdev); 821 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 822 thaw_bdev(sb->s_bdev); 823 break; 824 case EXT4_GOING_FLAGS_LOGFLUSH: 825 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 826 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { 827 (void) ext4_force_commit(sb); 828 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 829 } 830 break; 831 case EXT4_GOING_FLAGS_NOLOGFLUSH: 832 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 833 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) 834 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 835 break; 836 default: 837 return -EINVAL; 838 } 839 clear_opt(sb, DISCARD); 840 return 0; 841 } 842 843 struct getfsmap_info { 844 struct super_block *gi_sb; 845 struct fsmap_head __user *gi_data; 846 unsigned int gi_idx; 847 __u32 gi_last_flags; 848 }; 849 850 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv) 851 { 852 struct getfsmap_info *info = priv; 853 struct fsmap fm; 854 855 trace_ext4_getfsmap_mapping(info->gi_sb, xfm); 856 857 info->gi_last_flags = xfm->fmr_flags; 858 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm); 859 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm, 860 sizeof(struct fsmap))) 861 return -EFAULT; 862 863 return 0; 864 } 865 866 static int ext4_ioc_getfsmap(struct super_block *sb, 867 struct fsmap_head __user *arg) 868 { 869 struct getfsmap_info info = { NULL }; 870 struct ext4_fsmap_head xhead = {0}; 871 struct fsmap_head head; 872 bool aborted = false; 873 int error; 874 875 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) 876 return -EFAULT; 877 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || 878 memchr_inv(head.fmh_keys[0].fmr_reserved, 0, 879 sizeof(head.fmh_keys[0].fmr_reserved)) || 880 memchr_inv(head.fmh_keys[1].fmr_reserved, 0, 881 sizeof(head.fmh_keys[1].fmr_reserved))) 882 return -EINVAL; 883 /* 884 * ext4 doesn't report file extents at all, so the only valid 885 * file offsets are the magic ones (all zeroes or all ones). 886 */ 887 if (head.fmh_keys[0].fmr_offset || 888 (head.fmh_keys[1].fmr_offset != 0 && 889 head.fmh_keys[1].fmr_offset != -1ULL)) 890 return -EINVAL; 891 892 xhead.fmh_iflags = head.fmh_iflags; 893 xhead.fmh_count = head.fmh_count; 894 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]); 895 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]); 896 897 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]); 898 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]); 899 900 info.gi_sb = sb; 901 info.gi_data = arg; 902 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info); 903 if (error == EXT4_QUERY_RANGE_ABORT) 904 aborted = true; 905 else if (error) 906 return error; 907 908 /* If we didn't abort, set the "last" flag in the last fmx */ 909 if (!aborted && info.gi_idx) { 910 info.gi_last_flags |= FMR_OF_LAST; 911 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags, 912 &info.gi_last_flags, 913 sizeof(info.gi_last_flags))) 914 return -EFAULT; 915 } 916 917 /* copy back header */ 918 head.fmh_entries = xhead.fmh_entries; 919 head.fmh_oflags = xhead.fmh_oflags; 920 if (copy_to_user(arg, &head, sizeof(struct fsmap_head))) 921 return -EFAULT; 922 923 return 0; 924 } 925 926 static long ext4_ioctl_group_add(struct file *file, 927 struct ext4_new_group_data *input) 928 { 929 struct super_block *sb = file_inode(file)->i_sb; 930 int err, err2=0; 931 932 err = ext4_resize_begin(sb); 933 if (err) 934 return err; 935 936 if (ext4_has_feature_bigalloc(sb)) { 937 ext4_msg(sb, KERN_ERR, 938 "Online resizing not supported with bigalloc"); 939 err = -EOPNOTSUPP; 940 goto group_add_out; 941 } 942 943 err = mnt_want_write_file(file); 944 if (err) 945 goto group_add_out; 946 947 err = ext4_group_add(sb, input); 948 if (EXT4_SB(sb)->s_journal) { 949 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 950 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0); 951 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 952 } 953 if (err == 0) 954 err = err2; 955 mnt_drop_write_file(file); 956 if (!err && ext4_has_group_desc_csum(sb) && 957 test_opt(sb, INIT_INODE_TABLE)) 958 err = ext4_register_li_request(sb, input->group); 959 group_add_out: 960 err2 = ext4_resize_end(sb, false); 961 if (err == 0) 962 err = err2; 963 return err; 964 } 965 966 int ext4_fileattr_get(struct dentry *dentry, struct fileattr *fa) 967 { 968 struct inode *inode = d_inode(dentry); 969 struct ext4_inode_info *ei = EXT4_I(inode); 970 u32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE; 971 972 if (S_ISREG(inode->i_mode)) 973 flags &= ~FS_PROJINHERIT_FL; 974 975 fileattr_fill_flags(fa, flags); 976 if (ext4_has_feature_project(inode->i_sb)) 977 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid); 978 979 return 0; 980 } 981 982 int ext4_fileattr_set(struct user_namespace *mnt_userns, 983 struct dentry *dentry, struct fileattr *fa) 984 { 985 struct inode *inode = d_inode(dentry); 986 u32 flags = fa->flags; 987 int err = -EOPNOTSUPP; 988 989 if (flags & ~EXT4_FL_USER_VISIBLE) 990 goto out; 991 992 /* 993 * chattr(1) grabs flags via GETFLAGS, modifies the result and 994 * passes that to SETFLAGS. So we cannot easily make SETFLAGS 995 * more restrictive than just silently masking off visible but 996 * not settable flags as we always did. 997 */ 998 flags &= EXT4_FL_USER_MODIFIABLE; 999 if (ext4_mask_flags(inode->i_mode, flags) != flags) 1000 goto out; 1001 err = ext4_ioctl_check_immutable(inode, fa->fsx_projid, flags); 1002 if (err) 1003 goto out; 1004 err = ext4_ioctl_setflags(inode, flags); 1005 if (err) 1006 goto out; 1007 err = ext4_ioctl_setproject(inode, fa->fsx_projid); 1008 out: 1009 return err; 1010 } 1011 1012 /* So that the fiemap access checks can't overflow on 32 bit machines. */ 1013 #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent)) 1014 1015 static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg) 1016 { 1017 struct fiemap fiemap; 1018 struct fiemap __user *ufiemap = (struct fiemap __user *) arg; 1019 struct fiemap_extent_info fieinfo = { 0, }; 1020 struct inode *inode = file_inode(filp); 1021 int error; 1022 1023 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap))) 1024 return -EFAULT; 1025 1026 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS) 1027 return -EINVAL; 1028 1029 fieinfo.fi_flags = fiemap.fm_flags; 1030 fieinfo.fi_extents_max = fiemap.fm_extent_count; 1031 fieinfo.fi_extents_start = ufiemap->fm_extents; 1032 1033 error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start, 1034 fiemap.fm_length); 1035 fiemap.fm_flags = fieinfo.fi_flags; 1036 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped; 1037 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap))) 1038 error = -EFAULT; 1039 1040 return error; 1041 } 1042 1043 static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg) 1044 { 1045 int err = 0; 1046 __u32 flags = 0; 1047 unsigned int flush_flags = 0; 1048 struct super_block *sb = file_inode(filp)->i_sb; 1049 1050 if (copy_from_user(&flags, (__u32 __user *)arg, 1051 sizeof(__u32))) 1052 return -EFAULT; 1053 1054 if (!capable(CAP_SYS_ADMIN)) 1055 return -EPERM; 1056 1057 /* check for invalid bits set */ 1058 if ((flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) || 1059 ((flags & JBD2_JOURNAL_FLUSH_DISCARD) && 1060 (flags & JBD2_JOURNAL_FLUSH_ZEROOUT))) 1061 return -EINVAL; 1062 1063 if (!EXT4_SB(sb)->s_journal) 1064 return -ENODEV; 1065 1066 if ((flags & JBD2_JOURNAL_FLUSH_DISCARD) && 1067 !bdev_max_discard_sectors(EXT4_SB(sb)->s_journal->j_dev)) 1068 return -EOPNOTSUPP; 1069 1070 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DRY_RUN) 1071 return 0; 1072 1073 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DISCARD) 1074 flush_flags |= JBD2_JOURNAL_FLUSH_DISCARD; 1075 1076 if (flags & EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT) { 1077 flush_flags |= JBD2_JOURNAL_FLUSH_ZEROOUT; 1078 pr_info_ratelimited("warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow"); 1079 } 1080 1081 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 1082 err = jbd2_journal_flush(EXT4_SB(sb)->s_journal, flush_flags); 1083 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 1084 1085 return err; 1086 } 1087 1088 static int ext4_ioctl_setlabel(struct file *filp, const char __user *user_label) 1089 { 1090 size_t len; 1091 int ret = 0; 1092 char new_label[EXT4_LABEL_MAX + 1]; 1093 struct super_block *sb = file_inode(filp)->i_sb; 1094 1095 if (!capable(CAP_SYS_ADMIN)) 1096 return -EPERM; 1097 1098 /* 1099 * Copy the maximum length allowed for ext4 label with one more to 1100 * find the required terminating null byte in order to test the 1101 * label length. The on disk label doesn't need to be null terminated. 1102 */ 1103 if (copy_from_user(new_label, user_label, EXT4_LABEL_MAX + 1)) 1104 return -EFAULT; 1105 1106 len = strnlen(new_label, EXT4_LABEL_MAX + 1); 1107 if (len > EXT4_LABEL_MAX) 1108 return -EINVAL; 1109 1110 /* 1111 * Clear the buffer after the new label 1112 */ 1113 memset(new_label + len, 0, EXT4_LABEL_MAX - len); 1114 1115 ret = mnt_want_write_file(filp); 1116 if (ret) 1117 return ret; 1118 1119 ret = ext4_update_superblocks_fn(sb, ext4_sb_setlabel, new_label); 1120 1121 mnt_drop_write_file(filp); 1122 return ret; 1123 } 1124 1125 static int ext4_ioctl_getlabel(struct ext4_sb_info *sbi, char __user *user_label) 1126 { 1127 char label[EXT4_LABEL_MAX + 1]; 1128 1129 /* 1130 * EXT4_LABEL_MAX must always be smaller than FSLABEL_MAX because 1131 * FSLABEL_MAX must include terminating null byte, while s_volume_name 1132 * does not have to. 1133 */ 1134 BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX); 1135 1136 memset(label, 0, sizeof(label)); 1137 lock_buffer(sbi->s_sbh); 1138 strncpy(label, sbi->s_es->s_volume_name, EXT4_LABEL_MAX); 1139 unlock_buffer(sbi->s_sbh); 1140 1141 if (copy_to_user(user_label, label, sizeof(label))) 1142 return -EFAULT; 1143 return 0; 1144 } 1145 1146 static int ext4_ioctl_getuuid(struct ext4_sb_info *sbi, 1147 struct fsuuid __user *ufsuuid) 1148 { 1149 struct fsuuid fsuuid; 1150 __u8 uuid[UUID_SIZE]; 1151 1152 if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid))) 1153 return -EFAULT; 1154 1155 if (fsuuid.fsu_len == 0) { 1156 fsuuid.fsu_len = UUID_SIZE; 1157 if (copy_to_user(&ufsuuid->fsu_len, &fsuuid.fsu_len, 1158 sizeof(fsuuid.fsu_len))) 1159 return -EFAULT; 1160 return 0; 1161 } 1162 1163 if (fsuuid.fsu_len < UUID_SIZE || fsuuid.fsu_flags != 0) 1164 return -EINVAL; 1165 1166 lock_buffer(sbi->s_sbh); 1167 memcpy(uuid, sbi->s_es->s_uuid, UUID_SIZE); 1168 unlock_buffer(sbi->s_sbh); 1169 1170 fsuuid.fsu_len = UUID_SIZE; 1171 if (copy_to_user(ufsuuid, &fsuuid, sizeof(fsuuid)) || 1172 copy_to_user(&ufsuuid->fsu_uuid[0], uuid, UUID_SIZE)) 1173 return -EFAULT; 1174 return 0; 1175 } 1176 1177 static int ext4_ioctl_setuuid(struct file *filp, 1178 const struct fsuuid __user *ufsuuid) 1179 { 1180 int ret = 0; 1181 struct super_block *sb = file_inode(filp)->i_sb; 1182 struct fsuuid fsuuid; 1183 __u8 uuid[UUID_SIZE]; 1184 1185 if (!capable(CAP_SYS_ADMIN)) 1186 return -EPERM; 1187 1188 /* 1189 * If any checksums (group descriptors or metadata) are being used 1190 * then the checksum seed feature is required to change the UUID. 1191 */ 1192 if (((ext4_has_feature_gdt_csum(sb) || ext4_has_metadata_csum(sb)) 1193 && !ext4_has_feature_csum_seed(sb)) 1194 || ext4_has_feature_stable_inodes(sb)) 1195 return -EOPNOTSUPP; 1196 1197 if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid))) 1198 return -EFAULT; 1199 1200 if (fsuuid.fsu_len != UUID_SIZE || fsuuid.fsu_flags != 0) 1201 return -EINVAL; 1202 1203 if (copy_from_user(uuid, &ufsuuid->fsu_uuid[0], UUID_SIZE)) 1204 return -EFAULT; 1205 1206 ret = mnt_want_write_file(filp); 1207 if (ret) 1208 return ret; 1209 1210 ret = ext4_update_superblocks_fn(sb, ext4_sb_setuuid, &uuid); 1211 mnt_drop_write_file(filp); 1212 1213 return ret; 1214 } 1215 1216 static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 1217 { 1218 struct inode *inode = file_inode(filp); 1219 struct super_block *sb = inode->i_sb; 1220 struct user_namespace *mnt_userns = file_mnt_user_ns(filp); 1221 1222 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg); 1223 1224 switch (cmd) { 1225 case FS_IOC_GETFSMAP: 1226 return ext4_ioc_getfsmap(sb, (void __user *)arg); 1227 case EXT4_IOC_GETVERSION: 1228 case EXT4_IOC_GETVERSION_OLD: 1229 return put_user(inode->i_generation, (int __user *) arg); 1230 case EXT4_IOC_SETVERSION: 1231 case EXT4_IOC_SETVERSION_OLD: { 1232 handle_t *handle; 1233 struct ext4_iloc iloc; 1234 __u32 generation; 1235 int err; 1236 1237 if (!inode_owner_or_capable(mnt_userns, inode)) 1238 return -EPERM; 1239 1240 if (ext4_has_metadata_csum(inode->i_sb)) { 1241 ext4_warning(sb, "Setting inode version is not " 1242 "supported with metadata_csum enabled."); 1243 return -ENOTTY; 1244 } 1245 1246 err = mnt_want_write_file(filp); 1247 if (err) 1248 return err; 1249 if (get_user(generation, (int __user *) arg)) { 1250 err = -EFAULT; 1251 goto setversion_out; 1252 } 1253 1254 inode_lock(inode); 1255 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 1256 if (IS_ERR(handle)) { 1257 err = PTR_ERR(handle); 1258 goto unlock_out; 1259 } 1260 err = ext4_reserve_inode_write(handle, inode, &iloc); 1261 if (err == 0) { 1262 inode->i_ctime = current_time(inode); 1263 inode_inc_iversion(inode); 1264 inode->i_generation = generation; 1265 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 1266 } 1267 ext4_journal_stop(handle); 1268 1269 unlock_out: 1270 inode_unlock(inode); 1271 setversion_out: 1272 mnt_drop_write_file(filp); 1273 return err; 1274 } 1275 case EXT4_IOC_GROUP_EXTEND: { 1276 ext4_fsblk_t n_blocks_count; 1277 int err, err2=0; 1278 1279 err = ext4_resize_begin(sb); 1280 if (err) 1281 return err; 1282 1283 if (get_user(n_blocks_count, (__u32 __user *)arg)) { 1284 err = -EFAULT; 1285 goto group_extend_out; 1286 } 1287 1288 if (ext4_has_feature_bigalloc(sb)) { 1289 ext4_msg(sb, KERN_ERR, 1290 "Online resizing not supported with bigalloc"); 1291 err = -EOPNOTSUPP; 1292 goto group_extend_out; 1293 } 1294 1295 err = mnt_want_write_file(filp); 1296 if (err) 1297 goto group_extend_out; 1298 1299 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count); 1300 if (EXT4_SB(sb)->s_journal) { 1301 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 1302 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0); 1303 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 1304 } 1305 if (err == 0) 1306 err = err2; 1307 mnt_drop_write_file(filp); 1308 group_extend_out: 1309 err2 = ext4_resize_end(sb, false); 1310 if (err == 0) 1311 err = err2; 1312 return err; 1313 } 1314 1315 case EXT4_IOC_MOVE_EXT: { 1316 struct move_extent me; 1317 struct fd donor; 1318 int err; 1319 1320 if (!(filp->f_mode & FMODE_READ) || 1321 !(filp->f_mode & FMODE_WRITE)) 1322 return -EBADF; 1323 1324 if (copy_from_user(&me, 1325 (struct move_extent __user *)arg, sizeof(me))) 1326 return -EFAULT; 1327 me.moved_len = 0; 1328 1329 donor = fdget(me.donor_fd); 1330 if (!donor.file) 1331 return -EBADF; 1332 1333 if (!(donor.file->f_mode & FMODE_WRITE)) { 1334 err = -EBADF; 1335 goto mext_out; 1336 } 1337 1338 if (ext4_has_feature_bigalloc(sb)) { 1339 ext4_msg(sb, KERN_ERR, 1340 "Online defrag not supported with bigalloc"); 1341 err = -EOPNOTSUPP; 1342 goto mext_out; 1343 } else if (IS_DAX(inode)) { 1344 ext4_msg(sb, KERN_ERR, 1345 "Online defrag not supported with DAX"); 1346 err = -EOPNOTSUPP; 1347 goto mext_out; 1348 } 1349 1350 err = mnt_want_write_file(filp); 1351 if (err) 1352 goto mext_out; 1353 1354 err = ext4_move_extents(filp, donor.file, me.orig_start, 1355 me.donor_start, me.len, &me.moved_len); 1356 mnt_drop_write_file(filp); 1357 1358 if (copy_to_user((struct move_extent __user *)arg, 1359 &me, sizeof(me))) 1360 err = -EFAULT; 1361 mext_out: 1362 fdput(donor); 1363 return err; 1364 } 1365 1366 case EXT4_IOC_GROUP_ADD: { 1367 struct ext4_new_group_data input; 1368 1369 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg, 1370 sizeof(input))) 1371 return -EFAULT; 1372 1373 return ext4_ioctl_group_add(filp, &input); 1374 } 1375 1376 case EXT4_IOC_MIGRATE: 1377 { 1378 int err; 1379 if (!inode_owner_or_capable(mnt_userns, inode)) 1380 return -EACCES; 1381 1382 err = mnt_want_write_file(filp); 1383 if (err) 1384 return err; 1385 /* 1386 * inode_mutex prevent write and truncate on the file. 1387 * Read still goes through. We take i_data_sem in 1388 * ext4_ext_swap_inode_data before we switch the 1389 * inode format to prevent read. 1390 */ 1391 inode_lock((inode)); 1392 err = ext4_ext_migrate(inode); 1393 inode_unlock((inode)); 1394 mnt_drop_write_file(filp); 1395 return err; 1396 } 1397 1398 case EXT4_IOC_ALLOC_DA_BLKS: 1399 { 1400 int err; 1401 if (!inode_owner_or_capable(mnt_userns, inode)) 1402 return -EACCES; 1403 1404 err = mnt_want_write_file(filp); 1405 if (err) 1406 return err; 1407 err = ext4_alloc_da_blocks(inode); 1408 mnt_drop_write_file(filp); 1409 return err; 1410 } 1411 1412 case EXT4_IOC_SWAP_BOOT: 1413 { 1414 int err; 1415 if (!(filp->f_mode & FMODE_WRITE)) 1416 return -EBADF; 1417 err = mnt_want_write_file(filp); 1418 if (err) 1419 return err; 1420 err = swap_inode_boot_loader(sb, mnt_userns, inode); 1421 mnt_drop_write_file(filp); 1422 return err; 1423 } 1424 1425 case EXT4_IOC_RESIZE_FS: { 1426 ext4_fsblk_t n_blocks_count; 1427 int err = 0, err2 = 0; 1428 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count; 1429 1430 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg, 1431 sizeof(__u64))) { 1432 return -EFAULT; 1433 } 1434 1435 err = ext4_resize_begin(sb); 1436 if (err) 1437 return err; 1438 1439 err = mnt_want_write_file(filp); 1440 if (err) 1441 goto resizefs_out; 1442 1443 err = ext4_resize_fs(sb, n_blocks_count); 1444 if (EXT4_SB(sb)->s_journal) { 1445 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE, NULL); 1446 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 1447 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0); 1448 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 1449 } 1450 if (err == 0) 1451 err = err2; 1452 mnt_drop_write_file(filp); 1453 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) && 1454 ext4_has_group_desc_csum(sb) && 1455 test_opt(sb, INIT_INODE_TABLE)) 1456 err = ext4_register_li_request(sb, o_group); 1457 1458 resizefs_out: 1459 err2 = ext4_resize_end(sb, true); 1460 if (err == 0) 1461 err = err2; 1462 return err; 1463 } 1464 1465 case FITRIM: 1466 { 1467 struct fstrim_range range; 1468 int ret = 0; 1469 1470 if (!capable(CAP_SYS_ADMIN)) 1471 return -EPERM; 1472 1473 if (!bdev_max_discard_sectors(sb->s_bdev)) 1474 return -EOPNOTSUPP; 1475 1476 /* 1477 * We haven't replayed the journal, so we cannot use our 1478 * block-bitmap-guided storage zapping commands. 1479 */ 1480 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb)) 1481 return -EROFS; 1482 1483 if (copy_from_user(&range, (struct fstrim_range __user *)arg, 1484 sizeof(range))) 1485 return -EFAULT; 1486 1487 ret = ext4_trim_fs(sb, &range); 1488 if (ret < 0) 1489 return ret; 1490 1491 if (copy_to_user((struct fstrim_range __user *)arg, &range, 1492 sizeof(range))) 1493 return -EFAULT; 1494 1495 return 0; 1496 } 1497 case EXT4_IOC_PRECACHE_EXTENTS: 1498 return ext4_ext_precache(inode); 1499 1500 case FS_IOC_SET_ENCRYPTION_POLICY: 1501 if (!ext4_has_feature_encrypt(sb)) 1502 return -EOPNOTSUPP; 1503 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg); 1504 1505 case FS_IOC_GET_ENCRYPTION_PWSALT: 1506 return ext4_ioctl_get_encryption_pwsalt(filp, (void __user *)arg); 1507 1508 case FS_IOC_GET_ENCRYPTION_POLICY: 1509 if (!ext4_has_feature_encrypt(sb)) 1510 return -EOPNOTSUPP; 1511 return fscrypt_ioctl_get_policy(filp, (void __user *)arg); 1512 1513 case FS_IOC_GET_ENCRYPTION_POLICY_EX: 1514 if (!ext4_has_feature_encrypt(sb)) 1515 return -EOPNOTSUPP; 1516 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg); 1517 1518 case FS_IOC_ADD_ENCRYPTION_KEY: 1519 if (!ext4_has_feature_encrypt(sb)) 1520 return -EOPNOTSUPP; 1521 return fscrypt_ioctl_add_key(filp, (void __user *)arg); 1522 1523 case FS_IOC_REMOVE_ENCRYPTION_KEY: 1524 if (!ext4_has_feature_encrypt(sb)) 1525 return -EOPNOTSUPP; 1526 return fscrypt_ioctl_remove_key(filp, (void __user *)arg); 1527 1528 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: 1529 if (!ext4_has_feature_encrypt(sb)) 1530 return -EOPNOTSUPP; 1531 return fscrypt_ioctl_remove_key_all_users(filp, 1532 (void __user *)arg); 1533 case FS_IOC_GET_ENCRYPTION_KEY_STATUS: 1534 if (!ext4_has_feature_encrypt(sb)) 1535 return -EOPNOTSUPP; 1536 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg); 1537 1538 case FS_IOC_GET_ENCRYPTION_NONCE: 1539 if (!ext4_has_feature_encrypt(sb)) 1540 return -EOPNOTSUPP; 1541 return fscrypt_ioctl_get_nonce(filp, (void __user *)arg); 1542 1543 case EXT4_IOC_CLEAR_ES_CACHE: 1544 { 1545 if (!inode_owner_or_capable(mnt_userns, inode)) 1546 return -EACCES; 1547 ext4_clear_inode_es(inode); 1548 return 0; 1549 } 1550 1551 case EXT4_IOC_GETSTATE: 1552 { 1553 __u32 state = 0; 1554 1555 if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED)) 1556 state |= EXT4_STATE_FLAG_EXT_PRECACHED; 1557 if (ext4_test_inode_state(inode, EXT4_STATE_NEW)) 1558 state |= EXT4_STATE_FLAG_NEW; 1559 if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY)) 1560 state |= EXT4_STATE_FLAG_NEWENTRY; 1561 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE)) 1562 state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE; 1563 1564 return put_user(state, (__u32 __user *) arg); 1565 } 1566 1567 case EXT4_IOC_GET_ES_CACHE: 1568 return ext4_ioctl_get_es_cache(filp, arg); 1569 1570 case EXT4_IOC_SHUTDOWN: 1571 return ext4_shutdown(sb, arg); 1572 1573 case FS_IOC_ENABLE_VERITY: 1574 if (!ext4_has_feature_verity(sb)) 1575 return -EOPNOTSUPP; 1576 return fsverity_ioctl_enable(filp, (const void __user *)arg); 1577 1578 case FS_IOC_MEASURE_VERITY: 1579 if (!ext4_has_feature_verity(sb)) 1580 return -EOPNOTSUPP; 1581 return fsverity_ioctl_measure(filp, (void __user *)arg); 1582 1583 case FS_IOC_READ_VERITY_METADATA: 1584 if (!ext4_has_feature_verity(sb)) 1585 return -EOPNOTSUPP; 1586 return fsverity_ioctl_read_metadata(filp, 1587 (const void __user *)arg); 1588 1589 case EXT4_IOC_CHECKPOINT: 1590 return ext4_ioctl_checkpoint(filp, arg); 1591 1592 case FS_IOC_GETFSLABEL: 1593 return ext4_ioctl_getlabel(EXT4_SB(sb), (void __user *)arg); 1594 1595 case FS_IOC_SETFSLABEL: 1596 return ext4_ioctl_setlabel(filp, 1597 (const void __user *)arg); 1598 1599 case EXT4_IOC_GETFSUUID: 1600 return ext4_ioctl_getuuid(EXT4_SB(sb), (void __user *)arg); 1601 case EXT4_IOC_SETFSUUID: 1602 return ext4_ioctl_setuuid(filp, (const void __user *)arg); 1603 default: 1604 return -ENOTTY; 1605 } 1606 } 1607 1608 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 1609 { 1610 return __ext4_ioctl(filp, cmd, arg); 1611 } 1612 1613 #ifdef CONFIG_COMPAT 1614 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1615 { 1616 /* These are just misnamed, they actually get/put from/to user an int */ 1617 switch (cmd) { 1618 case EXT4_IOC32_GETVERSION: 1619 cmd = EXT4_IOC_GETVERSION; 1620 break; 1621 case EXT4_IOC32_SETVERSION: 1622 cmd = EXT4_IOC_SETVERSION; 1623 break; 1624 case EXT4_IOC32_GROUP_EXTEND: 1625 cmd = EXT4_IOC_GROUP_EXTEND; 1626 break; 1627 case EXT4_IOC32_GETVERSION_OLD: 1628 cmd = EXT4_IOC_GETVERSION_OLD; 1629 break; 1630 case EXT4_IOC32_SETVERSION_OLD: 1631 cmd = EXT4_IOC_SETVERSION_OLD; 1632 break; 1633 case EXT4_IOC32_GETRSVSZ: 1634 cmd = EXT4_IOC_GETRSVSZ; 1635 break; 1636 case EXT4_IOC32_SETRSVSZ: 1637 cmd = EXT4_IOC_SETRSVSZ; 1638 break; 1639 case EXT4_IOC32_GROUP_ADD: { 1640 struct compat_ext4_new_group_input __user *uinput; 1641 struct ext4_new_group_data input; 1642 int err; 1643 1644 uinput = compat_ptr(arg); 1645 err = get_user(input.group, &uinput->group); 1646 err |= get_user(input.block_bitmap, &uinput->block_bitmap); 1647 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap); 1648 err |= get_user(input.inode_table, &uinput->inode_table); 1649 err |= get_user(input.blocks_count, &uinput->blocks_count); 1650 err |= get_user(input.reserved_blocks, 1651 &uinput->reserved_blocks); 1652 if (err) 1653 return -EFAULT; 1654 return ext4_ioctl_group_add(file, &input); 1655 } 1656 case EXT4_IOC_MOVE_EXT: 1657 case EXT4_IOC_RESIZE_FS: 1658 case FITRIM: 1659 case EXT4_IOC_PRECACHE_EXTENTS: 1660 case FS_IOC_SET_ENCRYPTION_POLICY: 1661 case FS_IOC_GET_ENCRYPTION_PWSALT: 1662 case FS_IOC_GET_ENCRYPTION_POLICY: 1663 case FS_IOC_GET_ENCRYPTION_POLICY_EX: 1664 case FS_IOC_ADD_ENCRYPTION_KEY: 1665 case FS_IOC_REMOVE_ENCRYPTION_KEY: 1666 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: 1667 case FS_IOC_GET_ENCRYPTION_KEY_STATUS: 1668 case FS_IOC_GET_ENCRYPTION_NONCE: 1669 case EXT4_IOC_SHUTDOWN: 1670 case FS_IOC_GETFSMAP: 1671 case FS_IOC_ENABLE_VERITY: 1672 case FS_IOC_MEASURE_VERITY: 1673 case FS_IOC_READ_VERITY_METADATA: 1674 case EXT4_IOC_CLEAR_ES_CACHE: 1675 case EXT4_IOC_GETSTATE: 1676 case EXT4_IOC_GET_ES_CACHE: 1677 case EXT4_IOC_CHECKPOINT: 1678 case FS_IOC_GETFSLABEL: 1679 case FS_IOC_SETFSLABEL: 1680 case EXT4_IOC_GETFSUUID: 1681 case EXT4_IOC_SETFSUUID: 1682 break; 1683 default: 1684 return -ENOIOCTLCMD; 1685 } 1686 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); 1687 } 1688 #endif 1689 1690 static void set_overhead(struct ext4_super_block *es, const void *arg) 1691 { 1692 es->s_overhead_clusters = cpu_to_le32(*((unsigned long *) arg)); 1693 } 1694 1695 int ext4_update_overhead(struct super_block *sb, bool force) 1696 { 1697 struct ext4_sb_info *sbi = EXT4_SB(sb); 1698 1699 if (sb_rdonly(sb)) 1700 return 0; 1701 if (!force && 1702 (sbi->s_overhead == 0 || 1703 sbi->s_overhead == le32_to_cpu(sbi->s_es->s_overhead_clusters))) 1704 return 0; 1705 return ext4_update_superblocks_fn(sb, set_overhead, &sbi->s_overhead); 1706 } 1707