xref: /linux/fs/ext4/ioctl.c (revision e80a48bade619ec5a92230b3d4ae84bfc2746822)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * linux/fs/ext4/ioctl.c
4  *
5  * Copyright (C) 1993, 1994, 1995
6  * Remy Card (card@masi.ibp.fr)
7  * Laboratoire MASI - Institut Blaise Pascal
8  * Universite Pierre et Marie Curie (Paris VI)
9  */
10 
11 #include <linux/fs.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <linux/quotaops.h>
18 #include <linux/random.h>
19 #include <linux/uaccess.h>
20 #include <linux/delay.h>
21 #include <linux/iversion.h>
22 #include <linux/fileattr.h>
23 #include <linux/uuid.h>
24 #include "ext4_jbd2.h"
25 #include "ext4.h"
26 #include <linux/fsmap.h>
27 #include "fsmap.h"
28 #include <trace/events/ext4.h>
29 
30 typedef void ext4_update_sb_callback(struct ext4_super_block *es,
31 				       const void *arg);
32 
33 /*
34  * Superblock modification callback function for changing file system
35  * label
36  */
37 static void ext4_sb_setlabel(struct ext4_super_block *es, const void *arg)
38 {
39 	/* Sanity check, this should never happen */
40 	BUILD_BUG_ON(sizeof(es->s_volume_name) < EXT4_LABEL_MAX);
41 
42 	memcpy(es->s_volume_name, (char *)arg, EXT4_LABEL_MAX);
43 }
44 
45 /*
46  * Superblock modification callback function for changing file system
47  * UUID.
48  */
49 static void ext4_sb_setuuid(struct ext4_super_block *es, const void *arg)
50 {
51 	memcpy(es->s_uuid, (__u8 *)arg, UUID_SIZE);
52 }
53 
54 static
55 int ext4_update_primary_sb(struct super_block *sb, handle_t *handle,
56 			   ext4_update_sb_callback func,
57 			   const void *arg)
58 {
59 	int err = 0;
60 	struct ext4_sb_info *sbi = EXT4_SB(sb);
61 	struct buffer_head *bh = sbi->s_sbh;
62 	struct ext4_super_block *es = sbi->s_es;
63 
64 	trace_ext4_update_sb(sb, bh->b_blocknr, 1);
65 
66 	BUFFER_TRACE(bh, "get_write_access");
67 	err = ext4_journal_get_write_access(handle, sb,
68 					    bh,
69 					    EXT4_JTR_NONE);
70 	if (err)
71 		goto out_err;
72 
73 	lock_buffer(bh);
74 	func(es, arg);
75 	ext4_superblock_csum_set(sb);
76 	unlock_buffer(bh);
77 
78 	if (buffer_write_io_error(bh) || !buffer_uptodate(bh)) {
79 		ext4_msg(sbi->s_sb, KERN_ERR, "previous I/O error to "
80 			 "superblock detected");
81 		clear_buffer_write_io_error(bh);
82 		set_buffer_uptodate(bh);
83 	}
84 
85 	err = ext4_handle_dirty_metadata(handle, NULL, bh);
86 	if (err)
87 		goto out_err;
88 	err = sync_dirty_buffer(bh);
89 out_err:
90 	ext4_std_error(sb, err);
91 	return err;
92 }
93 
94 /*
95  * Update one backup superblock in the group 'grp' using the callback
96  * function 'func' and argument 'arg'. If the handle is NULL the
97  * modification is not journalled.
98  *
99  * Returns: 0 when no modification was done (no superblock in the group)
100  *	    1 when the modification was successful
101  *	   <0 on error
102  */
103 static int ext4_update_backup_sb(struct super_block *sb,
104 				 handle_t *handle, ext4_group_t grp,
105 				 ext4_update_sb_callback func, const void *arg)
106 {
107 	int err = 0;
108 	ext4_fsblk_t sb_block;
109 	struct buffer_head *bh;
110 	unsigned long offset = 0;
111 	struct ext4_super_block *es;
112 
113 	if (!ext4_bg_has_super(sb, grp))
114 		return 0;
115 
116 	/*
117 	 * For the group 0 there is always 1k padding, so we have
118 	 * either adjust offset, or sb_block depending on blocksize
119 	 */
120 	if (grp == 0) {
121 		sb_block = 1 * EXT4_MIN_BLOCK_SIZE;
122 		offset = do_div(sb_block, sb->s_blocksize);
123 	} else {
124 		sb_block = ext4_group_first_block_no(sb, grp);
125 		offset = 0;
126 	}
127 
128 	trace_ext4_update_sb(sb, sb_block, handle ? 1 : 0);
129 
130 	bh = ext4_sb_bread(sb, sb_block, 0);
131 	if (IS_ERR(bh))
132 		return PTR_ERR(bh);
133 
134 	if (handle) {
135 		BUFFER_TRACE(bh, "get_write_access");
136 		err = ext4_journal_get_write_access(handle, sb,
137 						    bh,
138 						    EXT4_JTR_NONE);
139 		if (err)
140 			goto out_bh;
141 	}
142 
143 	es = (struct ext4_super_block *) (bh->b_data + offset);
144 	lock_buffer(bh);
145 	if (ext4_has_metadata_csum(sb) &&
146 	    es->s_checksum != ext4_superblock_csum(sb, es)) {
147 		ext4_msg(sb, KERN_ERR, "Invalid checksum for backup "
148 		"superblock %llu", sb_block);
149 		unlock_buffer(bh);
150 		goto out_bh;
151 	}
152 	func(es, arg);
153 	if (ext4_has_metadata_csum(sb))
154 		es->s_checksum = ext4_superblock_csum(sb, es);
155 	set_buffer_uptodate(bh);
156 	unlock_buffer(bh);
157 
158 	if (err)
159 		goto out_bh;
160 
161 	if (handle) {
162 		err = ext4_handle_dirty_metadata(handle, NULL, bh);
163 		if (err)
164 			goto out_bh;
165 	} else {
166 		BUFFER_TRACE(bh, "marking dirty");
167 		mark_buffer_dirty(bh);
168 	}
169 	err = sync_dirty_buffer(bh);
170 
171 out_bh:
172 	brelse(bh);
173 	ext4_std_error(sb, err);
174 	return (err) ? err : 1;
175 }
176 
177 /*
178  * Update primary and backup superblocks using the provided function
179  * func and argument arg.
180  *
181  * Only the primary superblock and at most two backup superblock
182  * modifications are journalled; the rest is modified without journal.
183  * This is safe because e2fsck will re-write them if there is a problem,
184  * and we're very unlikely to ever need more than two backups.
185  */
186 static
187 int ext4_update_superblocks_fn(struct super_block *sb,
188 			       ext4_update_sb_callback func,
189 			       const void *arg)
190 {
191 	handle_t *handle;
192 	ext4_group_t ngroups;
193 	unsigned int three = 1;
194 	unsigned int five = 5;
195 	unsigned int seven = 7;
196 	int err = 0, ret, i;
197 	ext4_group_t grp, primary_grp;
198 	struct ext4_sb_info *sbi = EXT4_SB(sb);
199 
200 	/*
201 	 * We can't update superblocks while the online resize is running
202 	 */
203 	if (test_and_set_bit_lock(EXT4_FLAGS_RESIZING,
204 				  &sbi->s_ext4_flags)) {
205 		ext4_msg(sb, KERN_ERR, "Can't modify superblock while"
206 			 "performing online resize");
207 		return -EBUSY;
208 	}
209 
210 	/*
211 	 * We're only going to update primary superblock and two
212 	 * backup superblocks in this transaction.
213 	 */
214 	handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 3);
215 	if (IS_ERR(handle)) {
216 		err = PTR_ERR(handle);
217 		goto out;
218 	}
219 
220 	/* Update primary superblock */
221 	err = ext4_update_primary_sb(sb, handle, func, arg);
222 	if (err) {
223 		ext4_msg(sb, KERN_ERR, "Failed to update primary "
224 			 "superblock");
225 		goto out_journal;
226 	}
227 
228 	primary_grp = ext4_get_group_number(sb, sbi->s_sbh->b_blocknr);
229 	ngroups = ext4_get_groups_count(sb);
230 
231 	/*
232 	 * Update backup superblocks. We have to start from group 0
233 	 * because it might not be where the primary superblock is
234 	 * if the fs is mounted with -o sb=<backup_sb_block>
235 	 */
236 	i = 0;
237 	grp = 0;
238 	while (grp < ngroups) {
239 		/* Skip primary superblock */
240 		if (grp == primary_grp)
241 			goto next_grp;
242 
243 		ret = ext4_update_backup_sb(sb, handle, grp, func, arg);
244 		if (ret < 0) {
245 			/* Ignore bad checksum; try to update next sb */
246 			if (ret == -EFSBADCRC)
247 				goto next_grp;
248 			err = ret;
249 			goto out_journal;
250 		}
251 
252 		i += ret;
253 		if (handle && i > 1) {
254 			/*
255 			 * We're only journalling primary superblock and
256 			 * two backup superblocks; the rest is not
257 			 * journalled.
258 			 */
259 			err = ext4_journal_stop(handle);
260 			if (err)
261 				goto out;
262 			handle = NULL;
263 		}
264 next_grp:
265 		grp = ext4_list_backups(sb, &three, &five, &seven);
266 	}
267 
268 out_journal:
269 	if (handle) {
270 		ret = ext4_journal_stop(handle);
271 		if (ret && !err)
272 			err = ret;
273 	}
274 out:
275 	clear_bit_unlock(EXT4_FLAGS_RESIZING, &sbi->s_ext4_flags);
276 	smp_mb__after_atomic();
277 	return err ? err : 0;
278 }
279 
280 /*
281  * Swap memory between @a and @b for @len bytes.
282  *
283  * @a:          pointer to first memory area
284  * @b:          pointer to second memory area
285  * @len:        number of bytes to swap
286  *
287  */
288 static void memswap(void *a, void *b, size_t len)
289 {
290 	unsigned char *ap, *bp;
291 
292 	ap = (unsigned char *)a;
293 	bp = (unsigned char *)b;
294 	while (len-- > 0) {
295 		swap(*ap, *bp);
296 		ap++;
297 		bp++;
298 	}
299 }
300 
301 /*
302  * Swap i_data and associated attributes between @inode1 and @inode2.
303  * This function is used for the primary swap between inode1 and inode2
304  * and also to revert this primary swap in case of errors.
305  *
306  * Therefore you have to make sure, that calling this method twice
307  * will revert all changes.
308  *
309  * @inode1:     pointer to first inode
310  * @inode2:     pointer to second inode
311  */
312 static void swap_inode_data(struct inode *inode1, struct inode *inode2)
313 {
314 	loff_t isize;
315 	struct ext4_inode_info *ei1;
316 	struct ext4_inode_info *ei2;
317 	unsigned long tmp;
318 
319 	ei1 = EXT4_I(inode1);
320 	ei2 = EXT4_I(inode2);
321 
322 	swap(inode1->i_version, inode2->i_version);
323 	swap(inode1->i_atime, inode2->i_atime);
324 	swap(inode1->i_mtime, inode2->i_mtime);
325 
326 	memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
327 	tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
328 	ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
329 		(ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
330 	ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
331 	swap(ei1->i_disksize, ei2->i_disksize);
332 	ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
333 	ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
334 
335 	isize = i_size_read(inode1);
336 	i_size_write(inode1, i_size_read(inode2));
337 	i_size_write(inode2, isize);
338 }
339 
340 void ext4_reset_inode_seed(struct inode *inode)
341 {
342 	struct ext4_inode_info *ei = EXT4_I(inode);
343 	struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
344 	__le32 inum = cpu_to_le32(inode->i_ino);
345 	__le32 gen = cpu_to_le32(inode->i_generation);
346 	__u32 csum;
347 
348 	if (!ext4_has_metadata_csum(inode->i_sb))
349 		return;
350 
351 	csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
352 	ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
353 }
354 
355 /*
356  * Swap the information from the given @inode and the inode
357  * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
358  * important fields of the inodes.
359  *
360  * @sb:         the super block of the filesystem
361  * @mnt_userns:	user namespace of the mount the inode was found from
362  * @inode:      the inode to swap with EXT4_BOOT_LOADER_INO
363  *
364  */
365 static long swap_inode_boot_loader(struct super_block *sb,
366 				struct user_namespace *mnt_userns,
367 				struct inode *inode)
368 {
369 	handle_t *handle;
370 	int err;
371 	struct inode *inode_bl;
372 	struct ext4_inode_info *ei_bl;
373 	qsize_t size, size_bl, diff;
374 	blkcnt_t blocks;
375 	unsigned short bytes;
376 
377 	inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO,
378 			EXT4_IGET_SPECIAL | EXT4_IGET_BAD);
379 	if (IS_ERR(inode_bl))
380 		return PTR_ERR(inode_bl);
381 	ei_bl = EXT4_I(inode_bl);
382 
383 	/* Protect orig inodes against a truncate and make sure,
384 	 * that only 1 swap_inode_boot_loader is running. */
385 	lock_two_nondirectories(inode, inode_bl);
386 
387 	if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
388 	    IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
389 	    (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
390 	    ext4_has_inline_data(inode)) {
391 		err = -EINVAL;
392 		goto journal_err_out;
393 	}
394 
395 	if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
396 	    !inode_owner_or_capable(mnt_userns, inode) ||
397 	    !capable(CAP_SYS_ADMIN)) {
398 		err = -EPERM;
399 		goto journal_err_out;
400 	}
401 
402 	filemap_invalidate_lock(inode->i_mapping);
403 	err = filemap_write_and_wait(inode->i_mapping);
404 	if (err)
405 		goto err_out;
406 
407 	err = filemap_write_and_wait(inode_bl->i_mapping);
408 	if (err)
409 		goto err_out;
410 
411 	/* Wait for all existing dio workers */
412 	inode_dio_wait(inode);
413 	inode_dio_wait(inode_bl);
414 
415 	truncate_inode_pages(&inode->i_data, 0);
416 	truncate_inode_pages(&inode_bl->i_data, 0);
417 
418 	handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
419 	if (IS_ERR(handle)) {
420 		err = -EINVAL;
421 		goto err_out;
422 	}
423 	ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_SWAP_BOOT, handle);
424 
425 	/* Protect extent tree against block allocations via delalloc */
426 	ext4_double_down_write_data_sem(inode, inode_bl);
427 
428 	if (is_bad_inode(inode_bl) || !S_ISREG(inode_bl->i_mode)) {
429 		/* this inode has never been used as a BOOT_LOADER */
430 		set_nlink(inode_bl, 1);
431 		i_uid_write(inode_bl, 0);
432 		i_gid_write(inode_bl, 0);
433 		inode_bl->i_flags = 0;
434 		ei_bl->i_flags = 0;
435 		inode_set_iversion(inode_bl, 1);
436 		i_size_write(inode_bl, 0);
437 		inode_bl->i_mode = S_IFREG;
438 		if (ext4_has_feature_extents(sb)) {
439 			ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
440 			ext4_ext_tree_init(handle, inode_bl);
441 		} else
442 			memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
443 	}
444 
445 	err = dquot_initialize(inode);
446 	if (err)
447 		goto err_out1;
448 
449 	size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
450 	size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
451 	diff = size - size_bl;
452 	swap_inode_data(inode, inode_bl);
453 
454 	inode->i_ctime = inode_bl->i_ctime = current_time(inode);
455 	inode_inc_iversion(inode);
456 
457 	inode->i_generation = get_random_u32();
458 	inode_bl->i_generation = get_random_u32();
459 	ext4_reset_inode_seed(inode);
460 	ext4_reset_inode_seed(inode_bl);
461 
462 	ext4_discard_preallocations(inode, 0);
463 
464 	err = ext4_mark_inode_dirty(handle, inode);
465 	if (err < 0) {
466 		/* No need to update quota information. */
467 		ext4_warning(inode->i_sb,
468 			"couldn't mark inode #%lu dirty (err %d)",
469 			inode->i_ino, err);
470 		/* Revert all changes: */
471 		swap_inode_data(inode, inode_bl);
472 		ext4_mark_inode_dirty(handle, inode);
473 		goto err_out1;
474 	}
475 
476 	blocks = inode_bl->i_blocks;
477 	bytes = inode_bl->i_bytes;
478 	inode_bl->i_blocks = inode->i_blocks;
479 	inode_bl->i_bytes = inode->i_bytes;
480 	err = ext4_mark_inode_dirty(handle, inode_bl);
481 	if (err < 0) {
482 		/* No need to update quota information. */
483 		ext4_warning(inode_bl->i_sb,
484 			"couldn't mark inode #%lu dirty (err %d)",
485 			inode_bl->i_ino, err);
486 		goto revert;
487 	}
488 
489 	/* Bootloader inode should not be counted into quota information. */
490 	if (diff > 0)
491 		dquot_free_space(inode, diff);
492 	else
493 		err = dquot_alloc_space(inode, -1 * diff);
494 
495 	if (err < 0) {
496 revert:
497 		/* Revert all changes: */
498 		inode_bl->i_blocks = blocks;
499 		inode_bl->i_bytes = bytes;
500 		swap_inode_data(inode, inode_bl);
501 		ext4_mark_inode_dirty(handle, inode);
502 		ext4_mark_inode_dirty(handle, inode_bl);
503 	}
504 
505 err_out1:
506 	ext4_journal_stop(handle);
507 	ext4_double_up_write_data_sem(inode, inode_bl);
508 
509 err_out:
510 	filemap_invalidate_unlock(inode->i_mapping);
511 journal_err_out:
512 	unlock_two_nondirectories(inode, inode_bl);
513 	iput(inode_bl);
514 	return err;
515 }
516 
517 /*
518  * If immutable is set and we are not clearing it, we're not allowed to change
519  * anything else in the inode.  Don't error out if we're only trying to set
520  * immutable on an immutable file.
521  */
522 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
523 				      unsigned int flags)
524 {
525 	struct ext4_inode_info *ei = EXT4_I(inode);
526 	unsigned int oldflags = ei->i_flags;
527 
528 	if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
529 		return 0;
530 
531 	if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
532 		return -EPERM;
533 	if (ext4_has_feature_project(inode->i_sb) &&
534 	    __kprojid_val(ei->i_projid) != new_projid)
535 		return -EPERM;
536 
537 	return 0;
538 }
539 
540 static void ext4_dax_dontcache(struct inode *inode, unsigned int flags)
541 {
542 	struct ext4_inode_info *ei = EXT4_I(inode);
543 
544 	if (S_ISDIR(inode->i_mode))
545 		return;
546 
547 	if (test_opt2(inode->i_sb, DAX_NEVER) ||
548 	    test_opt(inode->i_sb, DAX_ALWAYS))
549 		return;
550 
551 	if ((ei->i_flags ^ flags) & EXT4_DAX_FL)
552 		d_mark_dontcache(inode);
553 }
554 
555 static bool dax_compatible(struct inode *inode, unsigned int oldflags,
556 			   unsigned int flags)
557 {
558 	/* Allow the DAX flag to be changed on inline directories */
559 	if (S_ISDIR(inode->i_mode)) {
560 		flags &= ~EXT4_INLINE_DATA_FL;
561 		oldflags &= ~EXT4_INLINE_DATA_FL;
562 	}
563 
564 	if (flags & EXT4_DAX_FL) {
565 		if ((oldflags & EXT4_DAX_MUT_EXCL) ||
566 		     ext4_test_inode_state(inode,
567 					  EXT4_STATE_VERITY_IN_PROGRESS)) {
568 			return false;
569 		}
570 	}
571 
572 	if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL))
573 			return false;
574 
575 	return true;
576 }
577 
578 static int ext4_ioctl_setflags(struct inode *inode,
579 			       unsigned int flags)
580 {
581 	struct ext4_inode_info *ei = EXT4_I(inode);
582 	handle_t *handle = NULL;
583 	int err = -EPERM, migrate = 0;
584 	struct ext4_iloc iloc;
585 	unsigned int oldflags, mask, i;
586 	struct super_block *sb = inode->i_sb;
587 
588 	/* Is it quota file? Do not allow user to mess with it */
589 	if (ext4_is_quota_file(inode))
590 		goto flags_out;
591 
592 	oldflags = ei->i_flags;
593 	/*
594 	 * The JOURNAL_DATA flag can only be changed by
595 	 * the relevant capability.
596 	 */
597 	if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
598 		if (!capable(CAP_SYS_RESOURCE))
599 			goto flags_out;
600 	}
601 
602 	if (!dax_compatible(inode, oldflags, flags)) {
603 		err = -EOPNOTSUPP;
604 		goto flags_out;
605 	}
606 
607 	if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
608 		migrate = 1;
609 
610 	if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) {
611 		if (!ext4_has_feature_casefold(sb)) {
612 			err = -EOPNOTSUPP;
613 			goto flags_out;
614 		}
615 
616 		if (!S_ISDIR(inode->i_mode)) {
617 			err = -ENOTDIR;
618 			goto flags_out;
619 		}
620 
621 		if (!ext4_empty_dir(inode)) {
622 			err = -ENOTEMPTY;
623 			goto flags_out;
624 		}
625 	}
626 
627 	/*
628 	 * Wait for all pending directio and then flush all the dirty pages
629 	 * for this file.  The flush marks all the pages readonly, so any
630 	 * subsequent attempt to write to the file (particularly mmap pages)
631 	 * will come through the filesystem and fail.
632 	 */
633 	if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
634 	    (flags & EXT4_IMMUTABLE_FL)) {
635 		inode_dio_wait(inode);
636 		err = filemap_write_and_wait(inode->i_mapping);
637 		if (err)
638 			goto flags_out;
639 	}
640 
641 	handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
642 	if (IS_ERR(handle)) {
643 		err = PTR_ERR(handle);
644 		goto flags_out;
645 	}
646 	if (IS_SYNC(inode))
647 		ext4_handle_sync(handle);
648 	err = ext4_reserve_inode_write(handle, inode, &iloc);
649 	if (err)
650 		goto flags_err;
651 
652 	ext4_dax_dontcache(inode, flags);
653 
654 	for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
655 		if (!(mask & EXT4_FL_USER_MODIFIABLE))
656 			continue;
657 		/* These flags get special treatment later */
658 		if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
659 			continue;
660 		if (mask & flags)
661 			ext4_set_inode_flag(inode, i);
662 		else
663 			ext4_clear_inode_flag(inode, i);
664 	}
665 
666 	ext4_set_inode_flags(inode, false);
667 
668 	inode->i_ctime = current_time(inode);
669 	inode_inc_iversion(inode);
670 
671 	err = ext4_mark_iloc_dirty(handle, inode, &iloc);
672 flags_err:
673 	ext4_journal_stop(handle);
674 	if (err)
675 		goto flags_out;
676 
677 	if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
678 		/*
679 		 * Changes to the journaling mode can cause unsafe changes to
680 		 * S_DAX if the inode is DAX
681 		 */
682 		if (IS_DAX(inode)) {
683 			err = -EBUSY;
684 			goto flags_out;
685 		}
686 
687 		err = ext4_change_inode_journal_flag(inode,
688 						     flags & EXT4_JOURNAL_DATA_FL);
689 		if (err)
690 			goto flags_out;
691 	}
692 	if (migrate) {
693 		if (flags & EXT4_EXTENTS_FL)
694 			err = ext4_ext_migrate(inode);
695 		else
696 			err = ext4_ind_migrate(inode);
697 	}
698 
699 flags_out:
700 	return err;
701 }
702 
703 #ifdef CONFIG_QUOTA
704 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
705 {
706 	struct super_block *sb = inode->i_sb;
707 	struct ext4_inode_info *ei = EXT4_I(inode);
708 	int err, rc;
709 	handle_t *handle;
710 	kprojid_t kprojid;
711 	struct ext4_iloc iloc;
712 	struct ext4_inode *raw_inode;
713 	struct dquot *transfer_to[MAXQUOTAS] = { };
714 
715 	if (!ext4_has_feature_project(sb)) {
716 		if (projid != EXT4_DEF_PROJID)
717 			return -EOPNOTSUPP;
718 		else
719 			return 0;
720 	}
721 
722 	if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
723 		return -EOPNOTSUPP;
724 
725 	kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
726 
727 	if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
728 		return 0;
729 
730 	err = -EPERM;
731 	/* Is it quota file? Do not allow user to mess with it */
732 	if (ext4_is_quota_file(inode))
733 		return err;
734 
735 	err = dquot_initialize(inode);
736 	if (err)
737 		return err;
738 
739 	err = ext4_get_inode_loc(inode, &iloc);
740 	if (err)
741 		return err;
742 
743 	raw_inode = ext4_raw_inode(&iloc);
744 	if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
745 		err = ext4_expand_extra_isize(inode,
746 					      EXT4_SB(sb)->s_want_extra_isize,
747 					      &iloc);
748 		if (err)
749 			return err;
750 	} else {
751 		brelse(iloc.bh);
752 	}
753 
754 	handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
755 		EXT4_QUOTA_INIT_BLOCKS(sb) +
756 		EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
757 	if (IS_ERR(handle))
758 		return PTR_ERR(handle);
759 
760 	err = ext4_reserve_inode_write(handle, inode, &iloc);
761 	if (err)
762 		goto out_stop;
763 
764 	transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
765 	if (!IS_ERR(transfer_to[PRJQUOTA])) {
766 
767 		/* __dquot_transfer() calls back ext4_get_inode_usage() which
768 		 * counts xattr inode references.
769 		 */
770 		down_read(&EXT4_I(inode)->xattr_sem);
771 		err = __dquot_transfer(inode, transfer_to);
772 		up_read(&EXT4_I(inode)->xattr_sem);
773 		dqput(transfer_to[PRJQUOTA]);
774 		if (err)
775 			goto out_dirty;
776 	}
777 
778 	EXT4_I(inode)->i_projid = kprojid;
779 	inode->i_ctime = current_time(inode);
780 	inode_inc_iversion(inode);
781 out_dirty:
782 	rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
783 	if (!err)
784 		err = rc;
785 out_stop:
786 	ext4_journal_stop(handle);
787 	return err;
788 }
789 #else
790 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
791 {
792 	if (projid != EXT4_DEF_PROJID)
793 		return -EOPNOTSUPP;
794 	return 0;
795 }
796 #endif
797 
798 static int ext4_shutdown(struct super_block *sb, unsigned long arg)
799 {
800 	struct ext4_sb_info *sbi = EXT4_SB(sb);
801 	__u32 flags;
802 
803 	if (!capable(CAP_SYS_ADMIN))
804 		return -EPERM;
805 
806 	if (get_user(flags, (__u32 __user *)arg))
807 		return -EFAULT;
808 
809 	if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
810 		return -EINVAL;
811 
812 	if (ext4_forced_shutdown(sbi))
813 		return 0;
814 
815 	ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
816 	trace_ext4_shutdown(sb, flags);
817 
818 	switch (flags) {
819 	case EXT4_GOING_FLAGS_DEFAULT:
820 		freeze_bdev(sb->s_bdev);
821 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
822 		thaw_bdev(sb->s_bdev);
823 		break;
824 	case EXT4_GOING_FLAGS_LOGFLUSH:
825 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
826 		if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
827 			(void) ext4_force_commit(sb);
828 			jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
829 		}
830 		break;
831 	case EXT4_GOING_FLAGS_NOLOGFLUSH:
832 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
833 		if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
834 			jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
835 		break;
836 	default:
837 		return -EINVAL;
838 	}
839 	clear_opt(sb, DISCARD);
840 	return 0;
841 }
842 
843 struct getfsmap_info {
844 	struct super_block	*gi_sb;
845 	struct fsmap_head __user *gi_data;
846 	unsigned int		gi_idx;
847 	__u32			gi_last_flags;
848 };
849 
850 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
851 {
852 	struct getfsmap_info *info = priv;
853 	struct fsmap fm;
854 
855 	trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
856 
857 	info->gi_last_flags = xfm->fmr_flags;
858 	ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
859 	if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
860 			sizeof(struct fsmap)))
861 		return -EFAULT;
862 
863 	return 0;
864 }
865 
866 static int ext4_ioc_getfsmap(struct super_block *sb,
867 			     struct fsmap_head __user *arg)
868 {
869 	struct getfsmap_info info = { NULL };
870 	struct ext4_fsmap_head xhead = {0};
871 	struct fsmap_head head;
872 	bool aborted = false;
873 	int error;
874 
875 	if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
876 		return -EFAULT;
877 	if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
878 	    memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
879 		       sizeof(head.fmh_keys[0].fmr_reserved)) ||
880 	    memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
881 		       sizeof(head.fmh_keys[1].fmr_reserved)))
882 		return -EINVAL;
883 	/*
884 	 * ext4 doesn't report file extents at all, so the only valid
885 	 * file offsets are the magic ones (all zeroes or all ones).
886 	 */
887 	if (head.fmh_keys[0].fmr_offset ||
888 	    (head.fmh_keys[1].fmr_offset != 0 &&
889 	     head.fmh_keys[1].fmr_offset != -1ULL))
890 		return -EINVAL;
891 
892 	xhead.fmh_iflags = head.fmh_iflags;
893 	xhead.fmh_count = head.fmh_count;
894 	ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
895 	ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
896 
897 	trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
898 	trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
899 
900 	info.gi_sb = sb;
901 	info.gi_data = arg;
902 	error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
903 	if (error == EXT4_QUERY_RANGE_ABORT)
904 		aborted = true;
905 	else if (error)
906 		return error;
907 
908 	/* If we didn't abort, set the "last" flag in the last fmx */
909 	if (!aborted && info.gi_idx) {
910 		info.gi_last_flags |= FMR_OF_LAST;
911 		if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
912 				 &info.gi_last_flags,
913 				 sizeof(info.gi_last_flags)))
914 			return -EFAULT;
915 	}
916 
917 	/* copy back header */
918 	head.fmh_entries = xhead.fmh_entries;
919 	head.fmh_oflags = xhead.fmh_oflags;
920 	if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
921 		return -EFAULT;
922 
923 	return 0;
924 }
925 
926 static long ext4_ioctl_group_add(struct file *file,
927 				 struct ext4_new_group_data *input)
928 {
929 	struct super_block *sb = file_inode(file)->i_sb;
930 	int err, err2=0;
931 
932 	err = ext4_resize_begin(sb);
933 	if (err)
934 		return err;
935 
936 	if (ext4_has_feature_bigalloc(sb)) {
937 		ext4_msg(sb, KERN_ERR,
938 			 "Online resizing not supported with bigalloc");
939 		err = -EOPNOTSUPP;
940 		goto group_add_out;
941 	}
942 
943 	err = mnt_want_write_file(file);
944 	if (err)
945 		goto group_add_out;
946 
947 	err = ext4_group_add(sb, input);
948 	if (EXT4_SB(sb)->s_journal) {
949 		jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
950 		err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
951 		jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
952 	}
953 	if (err == 0)
954 		err = err2;
955 	mnt_drop_write_file(file);
956 	if (!err && ext4_has_group_desc_csum(sb) &&
957 	    test_opt(sb, INIT_INODE_TABLE))
958 		err = ext4_register_li_request(sb, input->group);
959 group_add_out:
960 	err2 = ext4_resize_end(sb, false);
961 	if (err == 0)
962 		err = err2;
963 	return err;
964 }
965 
966 int ext4_fileattr_get(struct dentry *dentry, struct fileattr *fa)
967 {
968 	struct inode *inode = d_inode(dentry);
969 	struct ext4_inode_info *ei = EXT4_I(inode);
970 	u32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
971 
972 	if (S_ISREG(inode->i_mode))
973 		flags &= ~FS_PROJINHERIT_FL;
974 
975 	fileattr_fill_flags(fa, flags);
976 	if (ext4_has_feature_project(inode->i_sb))
977 		fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid);
978 
979 	return 0;
980 }
981 
982 int ext4_fileattr_set(struct user_namespace *mnt_userns,
983 		      struct dentry *dentry, struct fileattr *fa)
984 {
985 	struct inode *inode = d_inode(dentry);
986 	u32 flags = fa->flags;
987 	int err = -EOPNOTSUPP;
988 
989 	if (flags & ~EXT4_FL_USER_VISIBLE)
990 		goto out;
991 
992 	/*
993 	 * chattr(1) grabs flags via GETFLAGS, modifies the result and
994 	 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
995 	 * more restrictive than just silently masking off visible but
996 	 * not settable flags as we always did.
997 	 */
998 	flags &= EXT4_FL_USER_MODIFIABLE;
999 	if (ext4_mask_flags(inode->i_mode, flags) != flags)
1000 		goto out;
1001 	err = ext4_ioctl_check_immutable(inode, fa->fsx_projid, flags);
1002 	if (err)
1003 		goto out;
1004 	err = ext4_ioctl_setflags(inode, flags);
1005 	if (err)
1006 		goto out;
1007 	err = ext4_ioctl_setproject(inode, fa->fsx_projid);
1008 out:
1009 	return err;
1010 }
1011 
1012 /* So that the fiemap access checks can't overflow on 32 bit machines. */
1013 #define FIEMAP_MAX_EXTENTS	(UINT_MAX / sizeof(struct fiemap_extent))
1014 
1015 static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg)
1016 {
1017 	struct fiemap fiemap;
1018 	struct fiemap __user *ufiemap = (struct fiemap __user *) arg;
1019 	struct fiemap_extent_info fieinfo = { 0, };
1020 	struct inode *inode = file_inode(filp);
1021 	int error;
1022 
1023 	if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap)))
1024 		return -EFAULT;
1025 
1026 	if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS)
1027 		return -EINVAL;
1028 
1029 	fieinfo.fi_flags = fiemap.fm_flags;
1030 	fieinfo.fi_extents_max = fiemap.fm_extent_count;
1031 	fieinfo.fi_extents_start = ufiemap->fm_extents;
1032 
1033 	error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start,
1034 			fiemap.fm_length);
1035 	fiemap.fm_flags = fieinfo.fi_flags;
1036 	fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
1037 	if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap)))
1038 		error = -EFAULT;
1039 
1040 	return error;
1041 }
1042 
1043 static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg)
1044 {
1045 	int err = 0;
1046 	__u32 flags = 0;
1047 	unsigned int flush_flags = 0;
1048 	struct super_block *sb = file_inode(filp)->i_sb;
1049 
1050 	if (copy_from_user(&flags, (__u32 __user *)arg,
1051 				sizeof(__u32)))
1052 		return -EFAULT;
1053 
1054 	if (!capable(CAP_SYS_ADMIN))
1055 		return -EPERM;
1056 
1057 	/* check for invalid bits set */
1058 	if ((flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) ||
1059 				((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
1060 				(flags & JBD2_JOURNAL_FLUSH_ZEROOUT)))
1061 		return -EINVAL;
1062 
1063 	if (!EXT4_SB(sb)->s_journal)
1064 		return -ENODEV;
1065 
1066 	if ((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
1067 	    !bdev_max_discard_sectors(EXT4_SB(sb)->s_journal->j_dev))
1068 		return -EOPNOTSUPP;
1069 
1070 	if (flags & EXT4_IOC_CHECKPOINT_FLAG_DRY_RUN)
1071 		return 0;
1072 
1073 	if (flags & EXT4_IOC_CHECKPOINT_FLAG_DISCARD)
1074 		flush_flags |= JBD2_JOURNAL_FLUSH_DISCARD;
1075 
1076 	if (flags & EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT) {
1077 		flush_flags |= JBD2_JOURNAL_FLUSH_ZEROOUT;
1078 		pr_info_ratelimited("warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow");
1079 	}
1080 
1081 	jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1082 	err = jbd2_journal_flush(EXT4_SB(sb)->s_journal, flush_flags);
1083 	jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1084 
1085 	return err;
1086 }
1087 
1088 static int ext4_ioctl_setlabel(struct file *filp, const char __user *user_label)
1089 {
1090 	size_t len;
1091 	int ret = 0;
1092 	char new_label[EXT4_LABEL_MAX + 1];
1093 	struct super_block *sb = file_inode(filp)->i_sb;
1094 
1095 	if (!capable(CAP_SYS_ADMIN))
1096 		return -EPERM;
1097 
1098 	/*
1099 	 * Copy the maximum length allowed for ext4 label with one more to
1100 	 * find the required terminating null byte in order to test the
1101 	 * label length. The on disk label doesn't need to be null terminated.
1102 	 */
1103 	if (copy_from_user(new_label, user_label, EXT4_LABEL_MAX + 1))
1104 		return -EFAULT;
1105 
1106 	len = strnlen(new_label, EXT4_LABEL_MAX + 1);
1107 	if (len > EXT4_LABEL_MAX)
1108 		return -EINVAL;
1109 
1110 	/*
1111 	 * Clear the buffer after the new label
1112 	 */
1113 	memset(new_label + len, 0, EXT4_LABEL_MAX - len);
1114 
1115 	ret = mnt_want_write_file(filp);
1116 	if (ret)
1117 		return ret;
1118 
1119 	ret = ext4_update_superblocks_fn(sb, ext4_sb_setlabel, new_label);
1120 
1121 	mnt_drop_write_file(filp);
1122 	return ret;
1123 }
1124 
1125 static int ext4_ioctl_getlabel(struct ext4_sb_info *sbi, char __user *user_label)
1126 {
1127 	char label[EXT4_LABEL_MAX + 1];
1128 
1129 	/*
1130 	 * EXT4_LABEL_MAX must always be smaller than FSLABEL_MAX because
1131 	 * FSLABEL_MAX must include terminating null byte, while s_volume_name
1132 	 * does not have to.
1133 	 */
1134 	BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX);
1135 
1136 	memset(label, 0, sizeof(label));
1137 	lock_buffer(sbi->s_sbh);
1138 	strncpy(label, sbi->s_es->s_volume_name, EXT4_LABEL_MAX);
1139 	unlock_buffer(sbi->s_sbh);
1140 
1141 	if (copy_to_user(user_label, label, sizeof(label)))
1142 		return -EFAULT;
1143 	return 0;
1144 }
1145 
1146 static int ext4_ioctl_getuuid(struct ext4_sb_info *sbi,
1147 			struct fsuuid __user *ufsuuid)
1148 {
1149 	struct fsuuid fsuuid;
1150 	__u8 uuid[UUID_SIZE];
1151 
1152 	if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid)))
1153 		return -EFAULT;
1154 
1155 	if (fsuuid.fsu_len == 0) {
1156 		fsuuid.fsu_len = UUID_SIZE;
1157 		if (copy_to_user(&ufsuuid->fsu_len, &fsuuid.fsu_len,
1158 					sizeof(fsuuid.fsu_len)))
1159 			return -EFAULT;
1160 		return 0;
1161 	}
1162 
1163 	if (fsuuid.fsu_len < UUID_SIZE || fsuuid.fsu_flags != 0)
1164 		return -EINVAL;
1165 
1166 	lock_buffer(sbi->s_sbh);
1167 	memcpy(uuid, sbi->s_es->s_uuid, UUID_SIZE);
1168 	unlock_buffer(sbi->s_sbh);
1169 
1170 	fsuuid.fsu_len = UUID_SIZE;
1171 	if (copy_to_user(ufsuuid, &fsuuid, sizeof(fsuuid)) ||
1172 	    copy_to_user(&ufsuuid->fsu_uuid[0], uuid, UUID_SIZE))
1173 		return -EFAULT;
1174 	return 0;
1175 }
1176 
1177 static int ext4_ioctl_setuuid(struct file *filp,
1178 			const struct fsuuid __user *ufsuuid)
1179 {
1180 	int ret = 0;
1181 	struct super_block *sb = file_inode(filp)->i_sb;
1182 	struct fsuuid fsuuid;
1183 	__u8 uuid[UUID_SIZE];
1184 
1185 	if (!capable(CAP_SYS_ADMIN))
1186 		return -EPERM;
1187 
1188 	/*
1189 	 * If any checksums (group descriptors or metadata) are being used
1190 	 * then the checksum seed feature is required to change the UUID.
1191 	 */
1192 	if (((ext4_has_feature_gdt_csum(sb) || ext4_has_metadata_csum(sb))
1193 			&& !ext4_has_feature_csum_seed(sb))
1194 		|| ext4_has_feature_stable_inodes(sb))
1195 		return -EOPNOTSUPP;
1196 
1197 	if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid)))
1198 		return -EFAULT;
1199 
1200 	if (fsuuid.fsu_len != UUID_SIZE || fsuuid.fsu_flags != 0)
1201 		return -EINVAL;
1202 
1203 	if (copy_from_user(uuid, &ufsuuid->fsu_uuid[0], UUID_SIZE))
1204 		return -EFAULT;
1205 
1206 	ret = mnt_want_write_file(filp);
1207 	if (ret)
1208 		return ret;
1209 
1210 	ret = ext4_update_superblocks_fn(sb, ext4_sb_setuuid, &uuid);
1211 	mnt_drop_write_file(filp);
1212 
1213 	return ret;
1214 }
1215 
1216 static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1217 {
1218 	struct inode *inode = file_inode(filp);
1219 	struct super_block *sb = inode->i_sb;
1220 	struct user_namespace *mnt_userns = file_mnt_user_ns(filp);
1221 
1222 	ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
1223 
1224 	switch (cmd) {
1225 	case FS_IOC_GETFSMAP:
1226 		return ext4_ioc_getfsmap(sb, (void __user *)arg);
1227 	case EXT4_IOC_GETVERSION:
1228 	case EXT4_IOC_GETVERSION_OLD:
1229 		return put_user(inode->i_generation, (int __user *) arg);
1230 	case EXT4_IOC_SETVERSION:
1231 	case EXT4_IOC_SETVERSION_OLD: {
1232 		handle_t *handle;
1233 		struct ext4_iloc iloc;
1234 		__u32 generation;
1235 		int err;
1236 
1237 		if (!inode_owner_or_capable(mnt_userns, inode))
1238 			return -EPERM;
1239 
1240 		if (ext4_has_metadata_csum(inode->i_sb)) {
1241 			ext4_warning(sb, "Setting inode version is not "
1242 				     "supported with metadata_csum enabled.");
1243 			return -ENOTTY;
1244 		}
1245 
1246 		err = mnt_want_write_file(filp);
1247 		if (err)
1248 			return err;
1249 		if (get_user(generation, (int __user *) arg)) {
1250 			err = -EFAULT;
1251 			goto setversion_out;
1252 		}
1253 
1254 		inode_lock(inode);
1255 		handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
1256 		if (IS_ERR(handle)) {
1257 			err = PTR_ERR(handle);
1258 			goto unlock_out;
1259 		}
1260 		err = ext4_reserve_inode_write(handle, inode, &iloc);
1261 		if (err == 0) {
1262 			inode->i_ctime = current_time(inode);
1263 			inode_inc_iversion(inode);
1264 			inode->i_generation = generation;
1265 			err = ext4_mark_iloc_dirty(handle, inode, &iloc);
1266 		}
1267 		ext4_journal_stop(handle);
1268 
1269 unlock_out:
1270 		inode_unlock(inode);
1271 setversion_out:
1272 		mnt_drop_write_file(filp);
1273 		return err;
1274 	}
1275 	case EXT4_IOC_GROUP_EXTEND: {
1276 		ext4_fsblk_t n_blocks_count;
1277 		int err, err2=0;
1278 
1279 		err = ext4_resize_begin(sb);
1280 		if (err)
1281 			return err;
1282 
1283 		if (get_user(n_blocks_count, (__u32 __user *)arg)) {
1284 			err = -EFAULT;
1285 			goto group_extend_out;
1286 		}
1287 
1288 		if (ext4_has_feature_bigalloc(sb)) {
1289 			ext4_msg(sb, KERN_ERR,
1290 				 "Online resizing not supported with bigalloc");
1291 			err = -EOPNOTSUPP;
1292 			goto group_extend_out;
1293 		}
1294 
1295 		err = mnt_want_write_file(filp);
1296 		if (err)
1297 			goto group_extend_out;
1298 
1299 		err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
1300 		if (EXT4_SB(sb)->s_journal) {
1301 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1302 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1303 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1304 		}
1305 		if (err == 0)
1306 			err = err2;
1307 		mnt_drop_write_file(filp);
1308 group_extend_out:
1309 		err2 = ext4_resize_end(sb, false);
1310 		if (err == 0)
1311 			err = err2;
1312 		return err;
1313 	}
1314 
1315 	case EXT4_IOC_MOVE_EXT: {
1316 		struct move_extent me;
1317 		struct fd donor;
1318 		int err;
1319 
1320 		if (!(filp->f_mode & FMODE_READ) ||
1321 		    !(filp->f_mode & FMODE_WRITE))
1322 			return -EBADF;
1323 
1324 		if (copy_from_user(&me,
1325 			(struct move_extent __user *)arg, sizeof(me)))
1326 			return -EFAULT;
1327 		me.moved_len = 0;
1328 
1329 		donor = fdget(me.donor_fd);
1330 		if (!donor.file)
1331 			return -EBADF;
1332 
1333 		if (!(donor.file->f_mode & FMODE_WRITE)) {
1334 			err = -EBADF;
1335 			goto mext_out;
1336 		}
1337 
1338 		if (ext4_has_feature_bigalloc(sb)) {
1339 			ext4_msg(sb, KERN_ERR,
1340 				 "Online defrag not supported with bigalloc");
1341 			err = -EOPNOTSUPP;
1342 			goto mext_out;
1343 		} else if (IS_DAX(inode)) {
1344 			ext4_msg(sb, KERN_ERR,
1345 				 "Online defrag not supported with DAX");
1346 			err = -EOPNOTSUPP;
1347 			goto mext_out;
1348 		}
1349 
1350 		err = mnt_want_write_file(filp);
1351 		if (err)
1352 			goto mext_out;
1353 
1354 		err = ext4_move_extents(filp, donor.file, me.orig_start,
1355 					me.donor_start, me.len, &me.moved_len);
1356 		mnt_drop_write_file(filp);
1357 
1358 		if (copy_to_user((struct move_extent __user *)arg,
1359 				 &me, sizeof(me)))
1360 			err = -EFAULT;
1361 mext_out:
1362 		fdput(donor);
1363 		return err;
1364 	}
1365 
1366 	case EXT4_IOC_GROUP_ADD: {
1367 		struct ext4_new_group_data input;
1368 
1369 		if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
1370 				sizeof(input)))
1371 			return -EFAULT;
1372 
1373 		return ext4_ioctl_group_add(filp, &input);
1374 	}
1375 
1376 	case EXT4_IOC_MIGRATE:
1377 	{
1378 		int err;
1379 		if (!inode_owner_or_capable(mnt_userns, inode))
1380 			return -EACCES;
1381 
1382 		err = mnt_want_write_file(filp);
1383 		if (err)
1384 			return err;
1385 		/*
1386 		 * inode_mutex prevent write and truncate on the file.
1387 		 * Read still goes through. We take i_data_sem in
1388 		 * ext4_ext_swap_inode_data before we switch the
1389 		 * inode format to prevent read.
1390 		 */
1391 		inode_lock((inode));
1392 		err = ext4_ext_migrate(inode);
1393 		inode_unlock((inode));
1394 		mnt_drop_write_file(filp);
1395 		return err;
1396 	}
1397 
1398 	case EXT4_IOC_ALLOC_DA_BLKS:
1399 	{
1400 		int err;
1401 		if (!inode_owner_or_capable(mnt_userns, inode))
1402 			return -EACCES;
1403 
1404 		err = mnt_want_write_file(filp);
1405 		if (err)
1406 			return err;
1407 		err = ext4_alloc_da_blocks(inode);
1408 		mnt_drop_write_file(filp);
1409 		return err;
1410 	}
1411 
1412 	case EXT4_IOC_SWAP_BOOT:
1413 	{
1414 		int err;
1415 		if (!(filp->f_mode & FMODE_WRITE))
1416 			return -EBADF;
1417 		err = mnt_want_write_file(filp);
1418 		if (err)
1419 			return err;
1420 		err = swap_inode_boot_loader(sb, mnt_userns, inode);
1421 		mnt_drop_write_file(filp);
1422 		return err;
1423 	}
1424 
1425 	case EXT4_IOC_RESIZE_FS: {
1426 		ext4_fsblk_t n_blocks_count;
1427 		int err = 0, err2 = 0;
1428 		ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
1429 
1430 		if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1431 				   sizeof(__u64))) {
1432 			return -EFAULT;
1433 		}
1434 
1435 		err = ext4_resize_begin(sb);
1436 		if (err)
1437 			return err;
1438 
1439 		err = mnt_want_write_file(filp);
1440 		if (err)
1441 			goto resizefs_out;
1442 
1443 		err = ext4_resize_fs(sb, n_blocks_count);
1444 		if (EXT4_SB(sb)->s_journal) {
1445 			ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE, NULL);
1446 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1447 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1448 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1449 		}
1450 		if (err == 0)
1451 			err = err2;
1452 		mnt_drop_write_file(filp);
1453 		if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1454 		    ext4_has_group_desc_csum(sb) &&
1455 		    test_opt(sb, INIT_INODE_TABLE))
1456 			err = ext4_register_li_request(sb, o_group);
1457 
1458 resizefs_out:
1459 		err2 = ext4_resize_end(sb, true);
1460 		if (err == 0)
1461 			err = err2;
1462 		return err;
1463 	}
1464 
1465 	case FITRIM:
1466 	{
1467 		struct fstrim_range range;
1468 		int ret = 0;
1469 
1470 		if (!capable(CAP_SYS_ADMIN))
1471 			return -EPERM;
1472 
1473 		if (!bdev_max_discard_sectors(sb->s_bdev))
1474 			return -EOPNOTSUPP;
1475 
1476 		/*
1477 		 * We haven't replayed the journal, so we cannot use our
1478 		 * block-bitmap-guided storage zapping commands.
1479 		 */
1480 		if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1481 			return -EROFS;
1482 
1483 		if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1484 		    sizeof(range)))
1485 			return -EFAULT;
1486 
1487 		ret = ext4_trim_fs(sb, &range);
1488 		if (ret < 0)
1489 			return ret;
1490 
1491 		if (copy_to_user((struct fstrim_range __user *)arg, &range,
1492 		    sizeof(range)))
1493 			return -EFAULT;
1494 
1495 		return 0;
1496 	}
1497 	case EXT4_IOC_PRECACHE_EXTENTS:
1498 		return ext4_ext_precache(inode);
1499 
1500 	case FS_IOC_SET_ENCRYPTION_POLICY:
1501 		if (!ext4_has_feature_encrypt(sb))
1502 			return -EOPNOTSUPP;
1503 		return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1504 
1505 	case FS_IOC_GET_ENCRYPTION_PWSALT:
1506 		return ext4_ioctl_get_encryption_pwsalt(filp, (void __user *)arg);
1507 
1508 	case FS_IOC_GET_ENCRYPTION_POLICY:
1509 		if (!ext4_has_feature_encrypt(sb))
1510 			return -EOPNOTSUPP;
1511 		return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1512 
1513 	case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1514 		if (!ext4_has_feature_encrypt(sb))
1515 			return -EOPNOTSUPP;
1516 		return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg);
1517 
1518 	case FS_IOC_ADD_ENCRYPTION_KEY:
1519 		if (!ext4_has_feature_encrypt(sb))
1520 			return -EOPNOTSUPP;
1521 		return fscrypt_ioctl_add_key(filp, (void __user *)arg);
1522 
1523 	case FS_IOC_REMOVE_ENCRYPTION_KEY:
1524 		if (!ext4_has_feature_encrypt(sb))
1525 			return -EOPNOTSUPP;
1526 		return fscrypt_ioctl_remove_key(filp, (void __user *)arg);
1527 
1528 	case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1529 		if (!ext4_has_feature_encrypt(sb))
1530 			return -EOPNOTSUPP;
1531 		return fscrypt_ioctl_remove_key_all_users(filp,
1532 							  (void __user *)arg);
1533 	case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1534 		if (!ext4_has_feature_encrypt(sb))
1535 			return -EOPNOTSUPP;
1536 		return fscrypt_ioctl_get_key_status(filp, (void __user *)arg);
1537 
1538 	case FS_IOC_GET_ENCRYPTION_NONCE:
1539 		if (!ext4_has_feature_encrypt(sb))
1540 			return -EOPNOTSUPP;
1541 		return fscrypt_ioctl_get_nonce(filp, (void __user *)arg);
1542 
1543 	case EXT4_IOC_CLEAR_ES_CACHE:
1544 	{
1545 		if (!inode_owner_or_capable(mnt_userns, inode))
1546 			return -EACCES;
1547 		ext4_clear_inode_es(inode);
1548 		return 0;
1549 	}
1550 
1551 	case EXT4_IOC_GETSTATE:
1552 	{
1553 		__u32	state = 0;
1554 
1555 		if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED))
1556 			state |= EXT4_STATE_FLAG_EXT_PRECACHED;
1557 		if (ext4_test_inode_state(inode, EXT4_STATE_NEW))
1558 			state |= EXT4_STATE_FLAG_NEW;
1559 		if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
1560 			state |= EXT4_STATE_FLAG_NEWENTRY;
1561 		if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE))
1562 			state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE;
1563 
1564 		return put_user(state, (__u32 __user *) arg);
1565 	}
1566 
1567 	case EXT4_IOC_GET_ES_CACHE:
1568 		return ext4_ioctl_get_es_cache(filp, arg);
1569 
1570 	case EXT4_IOC_SHUTDOWN:
1571 		return ext4_shutdown(sb, arg);
1572 
1573 	case FS_IOC_ENABLE_VERITY:
1574 		if (!ext4_has_feature_verity(sb))
1575 			return -EOPNOTSUPP;
1576 		return fsverity_ioctl_enable(filp, (const void __user *)arg);
1577 
1578 	case FS_IOC_MEASURE_VERITY:
1579 		if (!ext4_has_feature_verity(sb))
1580 			return -EOPNOTSUPP;
1581 		return fsverity_ioctl_measure(filp, (void __user *)arg);
1582 
1583 	case FS_IOC_READ_VERITY_METADATA:
1584 		if (!ext4_has_feature_verity(sb))
1585 			return -EOPNOTSUPP;
1586 		return fsverity_ioctl_read_metadata(filp,
1587 						    (const void __user *)arg);
1588 
1589 	case EXT4_IOC_CHECKPOINT:
1590 		return ext4_ioctl_checkpoint(filp, arg);
1591 
1592 	case FS_IOC_GETFSLABEL:
1593 		return ext4_ioctl_getlabel(EXT4_SB(sb), (void __user *)arg);
1594 
1595 	case FS_IOC_SETFSLABEL:
1596 		return ext4_ioctl_setlabel(filp,
1597 					   (const void __user *)arg);
1598 
1599 	case EXT4_IOC_GETFSUUID:
1600 		return ext4_ioctl_getuuid(EXT4_SB(sb), (void __user *)arg);
1601 	case EXT4_IOC_SETFSUUID:
1602 		return ext4_ioctl_setuuid(filp, (const void __user *)arg);
1603 	default:
1604 		return -ENOTTY;
1605 	}
1606 }
1607 
1608 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1609 {
1610 	return __ext4_ioctl(filp, cmd, arg);
1611 }
1612 
1613 #ifdef CONFIG_COMPAT
1614 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1615 {
1616 	/* These are just misnamed, they actually get/put from/to user an int */
1617 	switch (cmd) {
1618 	case EXT4_IOC32_GETVERSION:
1619 		cmd = EXT4_IOC_GETVERSION;
1620 		break;
1621 	case EXT4_IOC32_SETVERSION:
1622 		cmd = EXT4_IOC_SETVERSION;
1623 		break;
1624 	case EXT4_IOC32_GROUP_EXTEND:
1625 		cmd = EXT4_IOC_GROUP_EXTEND;
1626 		break;
1627 	case EXT4_IOC32_GETVERSION_OLD:
1628 		cmd = EXT4_IOC_GETVERSION_OLD;
1629 		break;
1630 	case EXT4_IOC32_SETVERSION_OLD:
1631 		cmd = EXT4_IOC_SETVERSION_OLD;
1632 		break;
1633 	case EXT4_IOC32_GETRSVSZ:
1634 		cmd = EXT4_IOC_GETRSVSZ;
1635 		break;
1636 	case EXT4_IOC32_SETRSVSZ:
1637 		cmd = EXT4_IOC_SETRSVSZ;
1638 		break;
1639 	case EXT4_IOC32_GROUP_ADD: {
1640 		struct compat_ext4_new_group_input __user *uinput;
1641 		struct ext4_new_group_data input;
1642 		int err;
1643 
1644 		uinput = compat_ptr(arg);
1645 		err = get_user(input.group, &uinput->group);
1646 		err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1647 		err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1648 		err |= get_user(input.inode_table, &uinput->inode_table);
1649 		err |= get_user(input.blocks_count, &uinput->blocks_count);
1650 		err |= get_user(input.reserved_blocks,
1651 				&uinput->reserved_blocks);
1652 		if (err)
1653 			return -EFAULT;
1654 		return ext4_ioctl_group_add(file, &input);
1655 	}
1656 	case EXT4_IOC_MOVE_EXT:
1657 	case EXT4_IOC_RESIZE_FS:
1658 	case FITRIM:
1659 	case EXT4_IOC_PRECACHE_EXTENTS:
1660 	case FS_IOC_SET_ENCRYPTION_POLICY:
1661 	case FS_IOC_GET_ENCRYPTION_PWSALT:
1662 	case FS_IOC_GET_ENCRYPTION_POLICY:
1663 	case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1664 	case FS_IOC_ADD_ENCRYPTION_KEY:
1665 	case FS_IOC_REMOVE_ENCRYPTION_KEY:
1666 	case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1667 	case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1668 	case FS_IOC_GET_ENCRYPTION_NONCE:
1669 	case EXT4_IOC_SHUTDOWN:
1670 	case FS_IOC_GETFSMAP:
1671 	case FS_IOC_ENABLE_VERITY:
1672 	case FS_IOC_MEASURE_VERITY:
1673 	case FS_IOC_READ_VERITY_METADATA:
1674 	case EXT4_IOC_CLEAR_ES_CACHE:
1675 	case EXT4_IOC_GETSTATE:
1676 	case EXT4_IOC_GET_ES_CACHE:
1677 	case EXT4_IOC_CHECKPOINT:
1678 	case FS_IOC_GETFSLABEL:
1679 	case FS_IOC_SETFSLABEL:
1680 	case EXT4_IOC_GETFSUUID:
1681 	case EXT4_IOC_SETFSUUID:
1682 		break;
1683 	default:
1684 		return -ENOIOCTLCMD;
1685 	}
1686 	return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1687 }
1688 #endif
1689 
1690 static void set_overhead(struct ext4_super_block *es, const void *arg)
1691 {
1692 	es->s_overhead_clusters = cpu_to_le32(*((unsigned long *) arg));
1693 }
1694 
1695 int ext4_update_overhead(struct super_block *sb, bool force)
1696 {
1697 	struct ext4_sb_info *sbi = EXT4_SB(sb);
1698 
1699 	if (sb_rdonly(sb))
1700 		return 0;
1701 	if (!force &&
1702 	    (sbi->s_overhead == 0 ||
1703 	     sbi->s_overhead == le32_to_cpu(sbi->s_es->s_overhead_clusters)))
1704 		return 0;
1705 	return ext4_update_superblocks_fn(sb, set_overhead, &sbi->s_overhead);
1706 }
1707