xref: /linux/fs/ext4/ioctl.c (revision ecba1060583635ab55092072441ff903b5e9a659) 
1 /*
2  * linux/fs/ext4/ioctl.c
3  *
4  * Copyright (C) 1993, 1994, 1995
5  * Remy Card (card@masi.ibp.fr)
6  * Laboratoire MASI - Institut Blaise Pascal
7  * Universite Pierre et Marie Curie (Paris VI)
8  */
9 
10 #include <linux/fs.h>
11 #include <linux/jbd2.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <asm/uaccess.h>
18 #include "ext4_jbd2.h"
19 #include "ext4.h"
20 
21 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
22 {
23 	struct inode *inode = filp->f_dentry->d_inode;
24 	struct ext4_inode_info *ei = EXT4_I(inode);
25 	unsigned int flags;
26 
27 	ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
28 
29 	switch (cmd) {
30 	case EXT4_IOC_GETFLAGS:
31 		ext4_get_inode_flags(ei);
32 		flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
33 		return put_user(flags, (int __user *) arg);
34 	case EXT4_IOC_SETFLAGS: {
35 		handle_t *handle = NULL;
36 		int err, migrate = 0;
37 		struct ext4_iloc iloc;
38 		unsigned int oldflags;
39 		unsigned int jflag;
40 
41 		if (!is_owner_or_cap(inode))
42 			return -EACCES;
43 
44 		if (get_user(flags, (int __user *) arg))
45 			return -EFAULT;
46 
47 		err = mnt_want_write(filp->f_path.mnt);
48 		if (err)
49 			return err;
50 
51 		flags = ext4_mask_flags(inode->i_mode, flags);
52 
53 		err = -EPERM;
54 		mutex_lock(&inode->i_mutex);
55 		/* Is it quota file? Do not allow user to mess with it */
56 		if (IS_NOQUOTA(inode))
57 			goto flags_out;
58 
59 		oldflags = ei->i_flags;
60 
61 		/* The JOURNAL_DATA flag is modifiable only by root */
62 		jflag = flags & EXT4_JOURNAL_DATA_FL;
63 
64 		/*
65 		 * The IMMUTABLE and APPEND_ONLY flags can only be changed by
66 		 * the relevant capability.
67 		 *
68 		 * This test looks nicer. Thanks to Pauline Middelink
69 		 */
70 		if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
71 			if (!capable(CAP_LINUX_IMMUTABLE))
72 				goto flags_out;
73 		}
74 
75 		/*
76 		 * The JOURNAL_DATA flag can only be changed by
77 		 * the relevant capability.
78 		 */
79 		if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
80 			if (!capable(CAP_SYS_RESOURCE))
81 				goto flags_out;
82 		}
83 		if (oldflags & EXT4_EXTENTS_FL) {
84 			/* We don't support clearning extent flags */
85 			if (!(flags & EXT4_EXTENTS_FL)) {
86 				err = -EOPNOTSUPP;
87 				goto flags_out;
88 			}
89 		} else if (flags & EXT4_EXTENTS_FL) {
90 			/* migrate the file */
91 			migrate = 1;
92 			flags &= ~EXT4_EXTENTS_FL;
93 		}
94 
95 		handle = ext4_journal_start(inode, 1);
96 		if (IS_ERR(handle)) {
97 			err = PTR_ERR(handle);
98 			goto flags_out;
99 		}
100 		if (IS_SYNC(inode))
101 			ext4_handle_sync(handle);
102 		err = ext4_reserve_inode_write(handle, inode, &iloc);
103 		if (err)
104 			goto flags_err;
105 
106 		flags = flags & EXT4_FL_USER_MODIFIABLE;
107 		flags |= oldflags & ~EXT4_FL_USER_MODIFIABLE;
108 		ei->i_flags = flags;
109 
110 		ext4_set_inode_flags(inode);
111 		inode->i_ctime = ext4_current_time(inode);
112 
113 		err = ext4_mark_iloc_dirty(handle, inode, &iloc);
114 flags_err:
115 		ext4_journal_stop(handle);
116 		if (err)
117 			goto flags_out;
118 
119 		if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL))
120 			err = ext4_change_inode_journal_flag(inode, jflag);
121 		if (err)
122 			goto flags_out;
123 		if (migrate)
124 			err = ext4_ext_migrate(inode);
125 flags_out:
126 		mutex_unlock(&inode->i_mutex);
127 		mnt_drop_write(filp->f_path.mnt);
128 		return err;
129 	}
130 	case EXT4_IOC_GETVERSION:
131 	case EXT4_IOC_GETVERSION_OLD:
132 		return put_user(inode->i_generation, (int __user *) arg);
133 	case EXT4_IOC_SETVERSION:
134 	case EXT4_IOC_SETVERSION_OLD: {
135 		handle_t *handle;
136 		struct ext4_iloc iloc;
137 		__u32 generation;
138 		int err;
139 
140 		if (!is_owner_or_cap(inode))
141 			return -EPERM;
142 
143 		err = mnt_want_write(filp->f_path.mnt);
144 		if (err)
145 			return err;
146 		if (get_user(generation, (int __user *) arg)) {
147 			err = -EFAULT;
148 			goto setversion_out;
149 		}
150 
151 		handle = ext4_journal_start(inode, 1);
152 		if (IS_ERR(handle)) {
153 			err = PTR_ERR(handle);
154 			goto setversion_out;
155 		}
156 		err = ext4_reserve_inode_write(handle, inode, &iloc);
157 		if (err == 0) {
158 			inode->i_ctime = ext4_current_time(inode);
159 			inode->i_generation = generation;
160 			err = ext4_mark_iloc_dirty(handle, inode, &iloc);
161 		}
162 		ext4_journal_stop(handle);
163 setversion_out:
164 		mnt_drop_write(filp->f_path.mnt);
165 		return err;
166 	}
167 #ifdef CONFIG_JBD2_DEBUG
168 	case EXT4_IOC_WAIT_FOR_READONLY:
169 		/*
170 		 * This is racy - by the time we're woken up and running,
171 		 * the superblock could be released.  And the module could
172 		 * have been unloaded.  So sue me.
173 		 *
174 		 * Returns 1 if it slept, else zero.
175 		 */
176 		{
177 			struct super_block *sb = inode->i_sb;
178 			DECLARE_WAITQUEUE(wait, current);
179 			int ret = 0;
180 
181 			set_current_state(TASK_INTERRUPTIBLE);
182 			add_wait_queue(&EXT4_SB(sb)->ro_wait_queue, &wait);
183 			if (timer_pending(&EXT4_SB(sb)->turn_ro_timer)) {
184 				schedule();
185 				ret = 1;
186 			}
187 			remove_wait_queue(&EXT4_SB(sb)->ro_wait_queue, &wait);
188 			return ret;
189 		}
190 #endif
191 	case EXT4_IOC_GROUP_EXTEND: {
192 		ext4_fsblk_t n_blocks_count;
193 		struct super_block *sb = inode->i_sb;
194 		int err, err2=0;
195 
196 		if (!capable(CAP_SYS_RESOURCE))
197 			return -EPERM;
198 
199 		if (get_user(n_blocks_count, (__u32 __user *)arg))
200 			return -EFAULT;
201 
202 		err = mnt_want_write(filp->f_path.mnt);
203 		if (err)
204 			return err;
205 
206 		err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
207 		if (EXT4_SB(sb)->s_journal) {
208 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
209 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
210 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
211 		}
212 		if (err == 0)
213 			err = err2;
214 		mnt_drop_write(filp->f_path.mnt);
215 
216 		return err;
217 	}
218 
219 	case EXT4_IOC_MOVE_EXT: {
220 		struct move_extent me;
221 		struct file *donor_filp;
222 		int err;
223 
224 		if (copy_from_user(&me,
225 			(struct move_extent __user *)arg, sizeof(me)))
226 			return -EFAULT;
227 
228 		donor_filp = fget(me.donor_fd);
229 		if (!donor_filp)
230 			return -EBADF;
231 
232 		if (!capable(CAP_DAC_OVERRIDE)) {
233 			if ((current->real_cred->fsuid != inode->i_uid) ||
234 				!(inode->i_mode & S_IRUSR) ||
235 				!(donor_filp->f_dentry->d_inode->i_mode &
236 				S_IRUSR)) {
237 				fput(donor_filp);
238 				return -EACCES;
239 			}
240 		}
241 
242 		err = ext4_move_extents(filp, donor_filp, me.orig_start,
243 					me.donor_start, me.len, &me.moved_len);
244 		fput(donor_filp);
245 
246 		if (!err)
247 			if (copy_to_user((struct move_extent *)arg,
248 				&me, sizeof(me)))
249 				return -EFAULT;
250 		return err;
251 	}
252 
253 	case EXT4_IOC_GROUP_ADD: {
254 		struct ext4_new_group_data input;
255 		struct super_block *sb = inode->i_sb;
256 		int err, err2=0;
257 
258 		if (!capable(CAP_SYS_RESOURCE))
259 			return -EPERM;
260 
261 		if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
262 				sizeof(input)))
263 			return -EFAULT;
264 
265 		err = mnt_want_write(filp->f_path.mnt);
266 		if (err)
267 			return err;
268 
269 		err = ext4_group_add(sb, &input);
270 		if (EXT4_SB(sb)->s_journal) {
271 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
272 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
273 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
274 		}
275 		if (err == 0)
276 			err = err2;
277 		mnt_drop_write(filp->f_path.mnt);
278 
279 		return err;
280 	}
281 
282 	case EXT4_IOC_MIGRATE:
283 	{
284 		int err;
285 		if (!is_owner_or_cap(inode))
286 			return -EACCES;
287 
288 		err = mnt_want_write(filp->f_path.mnt);
289 		if (err)
290 			return err;
291 		/*
292 		 * inode_mutex prevent write and truncate on the file.
293 		 * Read still goes through. We take i_data_sem in
294 		 * ext4_ext_swap_inode_data before we switch the
295 		 * inode format to prevent read.
296 		 */
297 		mutex_lock(&(inode->i_mutex));
298 		err = ext4_ext_migrate(inode);
299 		mutex_unlock(&(inode->i_mutex));
300 		mnt_drop_write(filp->f_path.mnt);
301 		return err;
302 	}
303 
304 	case EXT4_IOC_ALLOC_DA_BLKS:
305 	{
306 		int err;
307 		if (!is_owner_or_cap(inode))
308 			return -EACCES;
309 
310 		err = mnt_want_write(filp->f_path.mnt);
311 		if (err)
312 			return err;
313 		err = ext4_alloc_da_blocks(inode);
314 		mnt_drop_write(filp->f_path.mnt);
315 		return err;
316 	}
317 
318 	default:
319 		return -ENOTTY;
320 	}
321 }
322 
323 #ifdef CONFIG_COMPAT
324 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
325 {
326 	/* These are just misnamed, they actually get/put from/to user an int */
327 	switch (cmd) {
328 	case EXT4_IOC32_GETFLAGS:
329 		cmd = EXT4_IOC_GETFLAGS;
330 		break;
331 	case EXT4_IOC32_SETFLAGS:
332 		cmd = EXT4_IOC_SETFLAGS;
333 		break;
334 	case EXT4_IOC32_GETVERSION:
335 		cmd = EXT4_IOC_GETVERSION;
336 		break;
337 	case EXT4_IOC32_SETVERSION:
338 		cmd = EXT4_IOC_SETVERSION;
339 		break;
340 	case EXT4_IOC32_GROUP_EXTEND:
341 		cmd = EXT4_IOC_GROUP_EXTEND;
342 		break;
343 	case EXT4_IOC32_GETVERSION_OLD:
344 		cmd = EXT4_IOC_GETVERSION_OLD;
345 		break;
346 	case EXT4_IOC32_SETVERSION_OLD:
347 		cmd = EXT4_IOC_SETVERSION_OLD;
348 		break;
349 #ifdef CONFIG_JBD2_DEBUG
350 	case EXT4_IOC32_WAIT_FOR_READONLY:
351 		cmd = EXT4_IOC_WAIT_FOR_READONLY;
352 		break;
353 #endif
354 	case EXT4_IOC32_GETRSVSZ:
355 		cmd = EXT4_IOC_GETRSVSZ;
356 		break;
357 	case EXT4_IOC32_SETRSVSZ:
358 		cmd = EXT4_IOC_SETRSVSZ;
359 		break;
360 	case EXT4_IOC_GROUP_ADD:
361 		break;
362 	default:
363 		return -ENOIOCTLCMD;
364 	}
365 	return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
366 }
367 #endif
368