1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/ioctl.c 4 * 5 * Copyright (C) 1993, 1994, 1995 6 * Remy Card (card@masi.ibp.fr) 7 * Laboratoire MASI - Institut Blaise Pascal 8 * Universite Pierre et Marie Curie (Paris VI) 9 */ 10 11 #include <linux/fs.h> 12 #include <linux/capability.h> 13 #include <linux/time.h> 14 #include <linux/compat.h> 15 #include <linux/mount.h> 16 #include <linux/file.h> 17 #include <linux/quotaops.h> 18 #include <linux/random.h> 19 #include <linux/uuid.h> 20 #include <linux/uaccess.h> 21 #include <linux/delay.h> 22 #include <linux/iversion.h> 23 #include <linux/fileattr.h> 24 #include "ext4_jbd2.h" 25 #include "ext4.h" 26 #include <linux/fsmap.h> 27 #include "fsmap.h" 28 #include <trace/events/ext4.h> 29 30 /** 31 * Swap memory between @a and @b for @len bytes. 32 * 33 * @a: pointer to first memory area 34 * @b: pointer to second memory area 35 * @len: number of bytes to swap 36 * 37 */ 38 static void memswap(void *a, void *b, size_t len) 39 { 40 unsigned char *ap, *bp; 41 42 ap = (unsigned char *)a; 43 bp = (unsigned char *)b; 44 while (len-- > 0) { 45 swap(*ap, *bp); 46 ap++; 47 bp++; 48 } 49 } 50 51 /** 52 * Swap i_data and associated attributes between @inode1 and @inode2. 53 * This function is used for the primary swap between inode1 and inode2 54 * and also to revert this primary swap in case of errors. 55 * 56 * Therefore you have to make sure, that calling this method twice 57 * will revert all changes. 58 * 59 * @inode1: pointer to first inode 60 * @inode2: pointer to second inode 61 */ 62 static void swap_inode_data(struct inode *inode1, struct inode *inode2) 63 { 64 loff_t isize; 65 struct ext4_inode_info *ei1; 66 struct ext4_inode_info *ei2; 67 unsigned long tmp; 68 69 ei1 = EXT4_I(inode1); 70 ei2 = EXT4_I(inode2); 71 72 swap(inode1->i_version, inode2->i_version); 73 swap(inode1->i_atime, inode2->i_atime); 74 swap(inode1->i_mtime, inode2->i_mtime); 75 76 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data)); 77 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP; 78 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) | 79 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP); 80 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP); 81 swap(ei1->i_disksize, ei2->i_disksize); 82 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS); 83 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS); 84 85 isize = i_size_read(inode1); 86 i_size_write(inode1, i_size_read(inode2)); 87 i_size_write(inode2, isize); 88 } 89 90 void ext4_reset_inode_seed(struct inode *inode) 91 { 92 struct ext4_inode_info *ei = EXT4_I(inode); 93 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); 94 __le32 inum = cpu_to_le32(inode->i_ino); 95 __le32 gen = cpu_to_le32(inode->i_generation); 96 __u32 csum; 97 98 if (!ext4_has_metadata_csum(inode->i_sb)) 99 return; 100 101 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum)); 102 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen)); 103 } 104 105 /** 106 * Swap the information from the given @inode and the inode 107 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other 108 * important fields of the inodes. 109 * 110 * @sb: the super block of the filesystem 111 * @mnt_userns: user namespace of the mount the inode was found from 112 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO 113 * 114 */ 115 static long swap_inode_boot_loader(struct super_block *sb, 116 struct user_namespace *mnt_userns, 117 struct inode *inode) 118 { 119 handle_t *handle; 120 int err; 121 struct inode *inode_bl; 122 struct ext4_inode_info *ei_bl; 123 qsize_t size, size_bl, diff; 124 blkcnt_t blocks; 125 unsigned short bytes; 126 127 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL); 128 if (IS_ERR(inode_bl)) 129 return PTR_ERR(inode_bl); 130 ei_bl = EXT4_I(inode_bl); 131 132 /* Protect orig inodes against a truncate and make sure, 133 * that only 1 swap_inode_boot_loader is running. */ 134 lock_two_nondirectories(inode, inode_bl); 135 136 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) || 137 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) || 138 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) || 139 ext4_has_inline_data(inode)) { 140 err = -EINVAL; 141 goto journal_err_out; 142 } 143 144 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) || 145 !inode_owner_or_capable(mnt_userns, inode) || 146 !capable(CAP_SYS_ADMIN)) { 147 err = -EPERM; 148 goto journal_err_out; 149 } 150 151 down_write(&EXT4_I(inode)->i_mmap_sem); 152 err = filemap_write_and_wait(inode->i_mapping); 153 if (err) 154 goto err_out; 155 156 err = filemap_write_and_wait(inode_bl->i_mapping); 157 if (err) 158 goto err_out; 159 160 /* Wait for all existing dio workers */ 161 inode_dio_wait(inode); 162 inode_dio_wait(inode_bl); 163 164 truncate_inode_pages(&inode->i_data, 0); 165 truncate_inode_pages(&inode_bl->i_data, 0); 166 167 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2); 168 if (IS_ERR(handle)) { 169 err = -EINVAL; 170 goto err_out; 171 } 172 ext4_fc_start_ineligible(sb, EXT4_FC_REASON_SWAP_BOOT); 173 174 /* Protect extent tree against block allocations via delalloc */ 175 ext4_double_down_write_data_sem(inode, inode_bl); 176 177 if (inode_bl->i_nlink == 0) { 178 /* this inode has never been used as a BOOT_LOADER */ 179 set_nlink(inode_bl, 1); 180 i_uid_write(inode_bl, 0); 181 i_gid_write(inode_bl, 0); 182 inode_bl->i_flags = 0; 183 ei_bl->i_flags = 0; 184 inode_set_iversion(inode_bl, 1); 185 i_size_write(inode_bl, 0); 186 inode_bl->i_mode = S_IFREG; 187 if (ext4_has_feature_extents(sb)) { 188 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS); 189 ext4_ext_tree_init(handle, inode_bl); 190 } else 191 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data)); 192 } 193 194 err = dquot_initialize(inode); 195 if (err) 196 goto err_out1; 197 198 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes; 199 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes; 200 diff = size - size_bl; 201 swap_inode_data(inode, inode_bl); 202 203 inode->i_ctime = inode_bl->i_ctime = current_time(inode); 204 205 inode->i_generation = prandom_u32(); 206 inode_bl->i_generation = prandom_u32(); 207 ext4_reset_inode_seed(inode); 208 ext4_reset_inode_seed(inode_bl); 209 210 ext4_discard_preallocations(inode, 0); 211 212 err = ext4_mark_inode_dirty(handle, inode); 213 if (err < 0) { 214 /* No need to update quota information. */ 215 ext4_warning(inode->i_sb, 216 "couldn't mark inode #%lu dirty (err %d)", 217 inode->i_ino, err); 218 /* Revert all changes: */ 219 swap_inode_data(inode, inode_bl); 220 ext4_mark_inode_dirty(handle, inode); 221 goto err_out1; 222 } 223 224 blocks = inode_bl->i_blocks; 225 bytes = inode_bl->i_bytes; 226 inode_bl->i_blocks = inode->i_blocks; 227 inode_bl->i_bytes = inode->i_bytes; 228 err = ext4_mark_inode_dirty(handle, inode_bl); 229 if (err < 0) { 230 /* No need to update quota information. */ 231 ext4_warning(inode_bl->i_sb, 232 "couldn't mark inode #%lu dirty (err %d)", 233 inode_bl->i_ino, err); 234 goto revert; 235 } 236 237 /* Bootloader inode should not be counted into quota information. */ 238 if (diff > 0) 239 dquot_free_space(inode, diff); 240 else 241 err = dquot_alloc_space(inode, -1 * diff); 242 243 if (err < 0) { 244 revert: 245 /* Revert all changes: */ 246 inode_bl->i_blocks = blocks; 247 inode_bl->i_bytes = bytes; 248 swap_inode_data(inode, inode_bl); 249 ext4_mark_inode_dirty(handle, inode); 250 ext4_mark_inode_dirty(handle, inode_bl); 251 } 252 253 err_out1: 254 ext4_journal_stop(handle); 255 ext4_fc_stop_ineligible(sb); 256 ext4_double_up_write_data_sem(inode, inode_bl); 257 258 err_out: 259 up_write(&EXT4_I(inode)->i_mmap_sem); 260 journal_err_out: 261 unlock_two_nondirectories(inode, inode_bl); 262 iput(inode_bl); 263 return err; 264 } 265 266 #ifdef CONFIG_FS_ENCRYPTION 267 static int uuid_is_zero(__u8 u[16]) 268 { 269 int i; 270 271 for (i = 0; i < 16; i++) 272 if (u[i]) 273 return 0; 274 return 1; 275 } 276 #endif 277 278 /* 279 * If immutable is set and we are not clearing it, we're not allowed to change 280 * anything else in the inode. Don't error out if we're only trying to set 281 * immutable on an immutable file. 282 */ 283 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid, 284 unsigned int flags) 285 { 286 struct ext4_inode_info *ei = EXT4_I(inode); 287 unsigned int oldflags = ei->i_flags; 288 289 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL)) 290 return 0; 291 292 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL)) 293 return -EPERM; 294 if (ext4_has_feature_project(inode->i_sb) && 295 __kprojid_val(ei->i_projid) != new_projid) 296 return -EPERM; 297 298 return 0; 299 } 300 301 static void ext4_dax_dontcache(struct inode *inode, unsigned int flags) 302 { 303 struct ext4_inode_info *ei = EXT4_I(inode); 304 305 if (S_ISDIR(inode->i_mode)) 306 return; 307 308 if (test_opt2(inode->i_sb, DAX_NEVER) || 309 test_opt(inode->i_sb, DAX_ALWAYS)) 310 return; 311 312 if ((ei->i_flags ^ flags) & EXT4_DAX_FL) 313 d_mark_dontcache(inode); 314 } 315 316 static bool dax_compatible(struct inode *inode, unsigned int oldflags, 317 unsigned int flags) 318 { 319 if (flags & EXT4_DAX_FL) { 320 if ((oldflags & EXT4_DAX_MUT_EXCL) || 321 ext4_test_inode_state(inode, 322 EXT4_STATE_VERITY_IN_PROGRESS)) { 323 return false; 324 } 325 } 326 327 if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL)) 328 return false; 329 330 return true; 331 } 332 333 static int ext4_ioctl_setflags(struct inode *inode, 334 unsigned int flags) 335 { 336 struct ext4_inode_info *ei = EXT4_I(inode); 337 handle_t *handle = NULL; 338 int err = -EPERM, migrate = 0; 339 struct ext4_iloc iloc; 340 unsigned int oldflags, mask, i; 341 struct super_block *sb = inode->i_sb; 342 343 /* Is it quota file? Do not allow user to mess with it */ 344 if (ext4_is_quota_file(inode)) 345 goto flags_out; 346 347 oldflags = ei->i_flags; 348 /* 349 * The JOURNAL_DATA flag can only be changed by 350 * the relevant capability. 351 */ 352 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 353 if (!capable(CAP_SYS_RESOURCE)) 354 goto flags_out; 355 } 356 357 if (!dax_compatible(inode, oldflags, flags)) { 358 err = -EOPNOTSUPP; 359 goto flags_out; 360 } 361 362 if ((flags ^ oldflags) & EXT4_EXTENTS_FL) 363 migrate = 1; 364 365 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) { 366 if (!ext4_has_feature_casefold(sb)) { 367 err = -EOPNOTSUPP; 368 goto flags_out; 369 } 370 371 if (!S_ISDIR(inode->i_mode)) { 372 err = -ENOTDIR; 373 goto flags_out; 374 } 375 376 if (!ext4_empty_dir(inode)) { 377 err = -ENOTEMPTY; 378 goto flags_out; 379 } 380 } 381 382 /* 383 * Wait for all pending directio and then flush all the dirty pages 384 * for this file. The flush marks all the pages readonly, so any 385 * subsequent attempt to write to the file (particularly mmap pages) 386 * will come through the filesystem and fail. 387 */ 388 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) && 389 (flags & EXT4_IMMUTABLE_FL)) { 390 inode_dio_wait(inode); 391 err = filemap_write_and_wait(inode->i_mapping); 392 if (err) 393 goto flags_out; 394 } 395 396 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 397 if (IS_ERR(handle)) { 398 err = PTR_ERR(handle); 399 goto flags_out; 400 } 401 if (IS_SYNC(inode)) 402 ext4_handle_sync(handle); 403 err = ext4_reserve_inode_write(handle, inode, &iloc); 404 if (err) 405 goto flags_err; 406 407 ext4_dax_dontcache(inode, flags); 408 409 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) { 410 if (!(mask & EXT4_FL_USER_MODIFIABLE)) 411 continue; 412 /* These flags get special treatment later */ 413 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL) 414 continue; 415 if (mask & flags) 416 ext4_set_inode_flag(inode, i); 417 else 418 ext4_clear_inode_flag(inode, i); 419 } 420 421 ext4_set_inode_flags(inode, false); 422 423 inode->i_ctime = current_time(inode); 424 425 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 426 flags_err: 427 ext4_journal_stop(handle); 428 if (err) 429 goto flags_out; 430 431 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 432 /* 433 * Changes to the journaling mode can cause unsafe changes to 434 * S_DAX if the inode is DAX 435 */ 436 if (IS_DAX(inode)) { 437 err = -EBUSY; 438 goto flags_out; 439 } 440 441 err = ext4_change_inode_journal_flag(inode, 442 flags & EXT4_JOURNAL_DATA_FL); 443 if (err) 444 goto flags_out; 445 } 446 if (migrate) { 447 if (flags & EXT4_EXTENTS_FL) 448 err = ext4_ext_migrate(inode); 449 else 450 err = ext4_ind_migrate(inode); 451 } 452 453 flags_out: 454 return err; 455 } 456 457 #ifdef CONFIG_QUOTA 458 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid) 459 { 460 struct super_block *sb = inode->i_sb; 461 struct ext4_inode_info *ei = EXT4_I(inode); 462 int err, rc; 463 handle_t *handle; 464 kprojid_t kprojid; 465 struct ext4_iloc iloc; 466 struct ext4_inode *raw_inode; 467 struct dquot *transfer_to[MAXQUOTAS] = { }; 468 469 if (!ext4_has_feature_project(sb)) { 470 if (projid != EXT4_DEF_PROJID) 471 return -EOPNOTSUPP; 472 else 473 return 0; 474 } 475 476 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE) 477 return -EOPNOTSUPP; 478 479 kprojid = make_kprojid(&init_user_ns, (projid_t)projid); 480 481 if (projid_eq(kprojid, EXT4_I(inode)->i_projid)) 482 return 0; 483 484 err = -EPERM; 485 /* Is it quota file? Do not allow user to mess with it */ 486 if (ext4_is_quota_file(inode)) 487 return err; 488 489 err = ext4_get_inode_loc(inode, &iloc); 490 if (err) 491 return err; 492 493 raw_inode = ext4_raw_inode(&iloc); 494 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) { 495 err = ext4_expand_extra_isize(inode, 496 EXT4_SB(sb)->s_want_extra_isize, 497 &iloc); 498 if (err) 499 return err; 500 } else { 501 brelse(iloc.bh); 502 } 503 504 err = dquot_initialize(inode); 505 if (err) 506 return err; 507 508 handle = ext4_journal_start(inode, EXT4_HT_QUOTA, 509 EXT4_QUOTA_INIT_BLOCKS(sb) + 510 EXT4_QUOTA_DEL_BLOCKS(sb) + 3); 511 if (IS_ERR(handle)) 512 return PTR_ERR(handle); 513 514 err = ext4_reserve_inode_write(handle, inode, &iloc); 515 if (err) 516 goto out_stop; 517 518 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid)); 519 if (!IS_ERR(transfer_to[PRJQUOTA])) { 520 521 /* __dquot_transfer() calls back ext4_get_inode_usage() which 522 * counts xattr inode references. 523 */ 524 down_read(&EXT4_I(inode)->xattr_sem); 525 err = __dquot_transfer(inode, transfer_to); 526 up_read(&EXT4_I(inode)->xattr_sem); 527 dqput(transfer_to[PRJQUOTA]); 528 if (err) 529 goto out_dirty; 530 } 531 532 EXT4_I(inode)->i_projid = kprojid; 533 inode->i_ctime = current_time(inode); 534 out_dirty: 535 rc = ext4_mark_iloc_dirty(handle, inode, &iloc); 536 if (!err) 537 err = rc; 538 out_stop: 539 ext4_journal_stop(handle); 540 return err; 541 } 542 #else 543 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid) 544 { 545 if (projid != EXT4_DEF_PROJID) 546 return -EOPNOTSUPP; 547 return 0; 548 } 549 #endif 550 551 static int ext4_shutdown(struct super_block *sb, unsigned long arg) 552 { 553 struct ext4_sb_info *sbi = EXT4_SB(sb); 554 __u32 flags; 555 556 if (!capable(CAP_SYS_ADMIN)) 557 return -EPERM; 558 559 if (get_user(flags, (__u32 __user *)arg)) 560 return -EFAULT; 561 562 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH) 563 return -EINVAL; 564 565 if (ext4_forced_shutdown(sbi)) 566 return 0; 567 568 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags); 569 trace_ext4_shutdown(sb, flags); 570 571 switch (flags) { 572 case EXT4_GOING_FLAGS_DEFAULT: 573 freeze_bdev(sb->s_bdev); 574 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 575 thaw_bdev(sb->s_bdev); 576 break; 577 case EXT4_GOING_FLAGS_LOGFLUSH: 578 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 579 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { 580 (void) ext4_force_commit(sb); 581 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 582 } 583 break; 584 case EXT4_GOING_FLAGS_NOLOGFLUSH: 585 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 586 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) 587 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 588 break; 589 default: 590 return -EINVAL; 591 } 592 clear_opt(sb, DISCARD); 593 return 0; 594 } 595 596 struct getfsmap_info { 597 struct super_block *gi_sb; 598 struct fsmap_head __user *gi_data; 599 unsigned int gi_idx; 600 __u32 gi_last_flags; 601 }; 602 603 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv) 604 { 605 struct getfsmap_info *info = priv; 606 struct fsmap fm; 607 608 trace_ext4_getfsmap_mapping(info->gi_sb, xfm); 609 610 info->gi_last_flags = xfm->fmr_flags; 611 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm); 612 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm, 613 sizeof(struct fsmap))) 614 return -EFAULT; 615 616 return 0; 617 } 618 619 static int ext4_ioc_getfsmap(struct super_block *sb, 620 struct fsmap_head __user *arg) 621 { 622 struct getfsmap_info info = { NULL }; 623 struct ext4_fsmap_head xhead = {0}; 624 struct fsmap_head head; 625 bool aborted = false; 626 int error; 627 628 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) 629 return -EFAULT; 630 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || 631 memchr_inv(head.fmh_keys[0].fmr_reserved, 0, 632 sizeof(head.fmh_keys[0].fmr_reserved)) || 633 memchr_inv(head.fmh_keys[1].fmr_reserved, 0, 634 sizeof(head.fmh_keys[1].fmr_reserved))) 635 return -EINVAL; 636 /* 637 * ext4 doesn't report file extents at all, so the only valid 638 * file offsets are the magic ones (all zeroes or all ones). 639 */ 640 if (head.fmh_keys[0].fmr_offset || 641 (head.fmh_keys[1].fmr_offset != 0 && 642 head.fmh_keys[1].fmr_offset != -1ULL)) 643 return -EINVAL; 644 645 xhead.fmh_iflags = head.fmh_iflags; 646 xhead.fmh_count = head.fmh_count; 647 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]); 648 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]); 649 650 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]); 651 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]); 652 653 info.gi_sb = sb; 654 info.gi_data = arg; 655 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info); 656 if (error == EXT4_QUERY_RANGE_ABORT) { 657 error = 0; 658 aborted = true; 659 } else if (error) 660 return error; 661 662 /* If we didn't abort, set the "last" flag in the last fmx */ 663 if (!aborted && info.gi_idx) { 664 info.gi_last_flags |= FMR_OF_LAST; 665 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags, 666 &info.gi_last_flags, 667 sizeof(info.gi_last_flags))) 668 return -EFAULT; 669 } 670 671 /* copy back header */ 672 head.fmh_entries = xhead.fmh_entries; 673 head.fmh_oflags = xhead.fmh_oflags; 674 if (copy_to_user(arg, &head, sizeof(struct fsmap_head))) 675 return -EFAULT; 676 677 return 0; 678 } 679 680 static long ext4_ioctl_group_add(struct file *file, 681 struct ext4_new_group_data *input) 682 { 683 struct super_block *sb = file_inode(file)->i_sb; 684 int err, err2=0; 685 686 err = ext4_resize_begin(sb); 687 if (err) 688 return err; 689 690 if (ext4_has_feature_bigalloc(sb)) { 691 ext4_msg(sb, KERN_ERR, 692 "Online resizing not supported with bigalloc"); 693 err = -EOPNOTSUPP; 694 goto group_add_out; 695 } 696 697 err = mnt_want_write_file(file); 698 if (err) 699 goto group_add_out; 700 701 err = ext4_group_add(sb, input); 702 if (EXT4_SB(sb)->s_journal) { 703 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 704 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 705 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 706 } 707 if (err == 0) 708 err = err2; 709 mnt_drop_write_file(file); 710 if (!err && ext4_has_group_desc_csum(sb) && 711 test_opt(sb, INIT_INODE_TABLE)) 712 err = ext4_register_li_request(sb, input->group); 713 group_add_out: 714 ext4_resize_end(sb); 715 return err; 716 } 717 718 int ext4_fileattr_get(struct dentry *dentry, struct fileattr *fa) 719 { 720 struct inode *inode = d_inode(dentry); 721 struct ext4_inode_info *ei = EXT4_I(inode); 722 u32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE; 723 724 if (S_ISREG(inode->i_mode)) 725 flags &= ~FS_PROJINHERIT_FL; 726 727 fileattr_fill_flags(fa, flags); 728 if (ext4_has_feature_project(inode->i_sb)) 729 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid); 730 731 return 0; 732 } 733 734 int ext4_fileattr_set(struct user_namespace *mnt_userns, 735 struct dentry *dentry, struct fileattr *fa) 736 { 737 struct inode *inode = d_inode(dentry); 738 u32 flags = fa->flags; 739 int err = -EOPNOTSUPP; 740 741 ext4_fc_start_update(inode); 742 if (flags & ~EXT4_FL_USER_VISIBLE) 743 goto out; 744 745 /* 746 * chattr(1) grabs flags via GETFLAGS, modifies the result and 747 * passes that to SETFLAGS. So we cannot easily make SETFLAGS 748 * more restrictive than just silently masking off visible but 749 * not settable flags as we always did. 750 */ 751 flags &= EXT4_FL_USER_MODIFIABLE; 752 if (ext4_mask_flags(inode->i_mode, flags) != flags) 753 goto out; 754 err = ext4_ioctl_check_immutable(inode, fa->fsx_projid, flags); 755 if (err) 756 goto out; 757 err = ext4_ioctl_setflags(inode, flags); 758 if (err) 759 goto out; 760 err = ext4_ioctl_setproject(inode, fa->fsx_projid); 761 out: 762 ext4_fc_stop_update(inode); 763 return err; 764 } 765 766 /* So that the fiemap access checks can't overflow on 32 bit machines. */ 767 #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent)) 768 769 static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg) 770 { 771 struct fiemap fiemap; 772 struct fiemap __user *ufiemap = (struct fiemap __user *) arg; 773 struct fiemap_extent_info fieinfo = { 0, }; 774 struct inode *inode = file_inode(filp); 775 int error; 776 777 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap))) 778 return -EFAULT; 779 780 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS) 781 return -EINVAL; 782 783 fieinfo.fi_flags = fiemap.fm_flags; 784 fieinfo.fi_extents_max = fiemap.fm_extent_count; 785 fieinfo.fi_extents_start = ufiemap->fm_extents; 786 787 error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start, 788 fiemap.fm_length); 789 fiemap.fm_flags = fieinfo.fi_flags; 790 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped; 791 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap))) 792 error = -EFAULT; 793 794 return error; 795 } 796 797 static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 798 { 799 struct inode *inode = file_inode(filp); 800 struct super_block *sb = inode->i_sb; 801 struct user_namespace *mnt_userns = file_mnt_user_ns(filp); 802 803 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg); 804 805 switch (cmd) { 806 case FS_IOC_GETFSMAP: 807 return ext4_ioc_getfsmap(sb, (void __user *)arg); 808 case EXT4_IOC_GETVERSION: 809 case EXT4_IOC_GETVERSION_OLD: 810 return put_user(inode->i_generation, (int __user *) arg); 811 case EXT4_IOC_SETVERSION: 812 case EXT4_IOC_SETVERSION_OLD: { 813 handle_t *handle; 814 struct ext4_iloc iloc; 815 __u32 generation; 816 int err; 817 818 if (!inode_owner_or_capable(mnt_userns, inode)) 819 return -EPERM; 820 821 if (ext4_has_metadata_csum(inode->i_sb)) { 822 ext4_warning(sb, "Setting inode version is not " 823 "supported with metadata_csum enabled."); 824 return -ENOTTY; 825 } 826 827 err = mnt_want_write_file(filp); 828 if (err) 829 return err; 830 if (get_user(generation, (int __user *) arg)) { 831 err = -EFAULT; 832 goto setversion_out; 833 } 834 835 inode_lock(inode); 836 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 837 if (IS_ERR(handle)) { 838 err = PTR_ERR(handle); 839 goto unlock_out; 840 } 841 err = ext4_reserve_inode_write(handle, inode, &iloc); 842 if (err == 0) { 843 inode->i_ctime = current_time(inode); 844 inode->i_generation = generation; 845 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 846 } 847 ext4_journal_stop(handle); 848 849 unlock_out: 850 inode_unlock(inode); 851 setversion_out: 852 mnt_drop_write_file(filp); 853 return err; 854 } 855 case EXT4_IOC_GROUP_EXTEND: { 856 ext4_fsblk_t n_blocks_count; 857 int err, err2=0; 858 859 err = ext4_resize_begin(sb); 860 if (err) 861 return err; 862 863 if (get_user(n_blocks_count, (__u32 __user *)arg)) { 864 err = -EFAULT; 865 goto group_extend_out; 866 } 867 868 if (ext4_has_feature_bigalloc(sb)) { 869 ext4_msg(sb, KERN_ERR, 870 "Online resizing not supported with bigalloc"); 871 err = -EOPNOTSUPP; 872 goto group_extend_out; 873 } 874 875 err = mnt_want_write_file(filp); 876 if (err) 877 goto group_extend_out; 878 879 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count); 880 if (EXT4_SB(sb)->s_journal) { 881 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 882 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 883 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 884 } 885 if (err == 0) 886 err = err2; 887 mnt_drop_write_file(filp); 888 group_extend_out: 889 ext4_resize_end(sb); 890 return err; 891 } 892 893 case EXT4_IOC_MOVE_EXT: { 894 struct move_extent me; 895 struct fd donor; 896 int err; 897 898 if (!(filp->f_mode & FMODE_READ) || 899 !(filp->f_mode & FMODE_WRITE)) 900 return -EBADF; 901 902 if (copy_from_user(&me, 903 (struct move_extent __user *)arg, sizeof(me))) 904 return -EFAULT; 905 me.moved_len = 0; 906 907 donor = fdget(me.donor_fd); 908 if (!donor.file) 909 return -EBADF; 910 911 if (!(donor.file->f_mode & FMODE_WRITE)) { 912 err = -EBADF; 913 goto mext_out; 914 } 915 916 if (ext4_has_feature_bigalloc(sb)) { 917 ext4_msg(sb, KERN_ERR, 918 "Online defrag not supported with bigalloc"); 919 err = -EOPNOTSUPP; 920 goto mext_out; 921 } else if (IS_DAX(inode)) { 922 ext4_msg(sb, KERN_ERR, 923 "Online defrag not supported with DAX"); 924 err = -EOPNOTSUPP; 925 goto mext_out; 926 } 927 928 err = mnt_want_write_file(filp); 929 if (err) 930 goto mext_out; 931 932 err = ext4_move_extents(filp, donor.file, me.orig_start, 933 me.donor_start, me.len, &me.moved_len); 934 mnt_drop_write_file(filp); 935 936 if (copy_to_user((struct move_extent __user *)arg, 937 &me, sizeof(me))) 938 err = -EFAULT; 939 mext_out: 940 fdput(donor); 941 return err; 942 } 943 944 case EXT4_IOC_GROUP_ADD: { 945 struct ext4_new_group_data input; 946 947 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg, 948 sizeof(input))) 949 return -EFAULT; 950 951 return ext4_ioctl_group_add(filp, &input); 952 } 953 954 case EXT4_IOC_MIGRATE: 955 { 956 int err; 957 if (!inode_owner_or_capable(mnt_userns, inode)) 958 return -EACCES; 959 960 err = mnt_want_write_file(filp); 961 if (err) 962 return err; 963 /* 964 * inode_mutex prevent write and truncate on the file. 965 * Read still goes through. We take i_data_sem in 966 * ext4_ext_swap_inode_data before we switch the 967 * inode format to prevent read. 968 */ 969 inode_lock((inode)); 970 err = ext4_ext_migrate(inode); 971 inode_unlock((inode)); 972 mnt_drop_write_file(filp); 973 return err; 974 } 975 976 case EXT4_IOC_ALLOC_DA_BLKS: 977 { 978 int err; 979 if (!inode_owner_or_capable(mnt_userns, inode)) 980 return -EACCES; 981 982 err = mnt_want_write_file(filp); 983 if (err) 984 return err; 985 err = ext4_alloc_da_blocks(inode); 986 mnt_drop_write_file(filp); 987 return err; 988 } 989 990 case EXT4_IOC_SWAP_BOOT: 991 { 992 int err; 993 if (!(filp->f_mode & FMODE_WRITE)) 994 return -EBADF; 995 err = mnt_want_write_file(filp); 996 if (err) 997 return err; 998 err = swap_inode_boot_loader(sb, mnt_userns, inode); 999 mnt_drop_write_file(filp); 1000 return err; 1001 } 1002 1003 case EXT4_IOC_RESIZE_FS: { 1004 ext4_fsblk_t n_blocks_count; 1005 int err = 0, err2 = 0; 1006 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count; 1007 1008 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg, 1009 sizeof(__u64))) { 1010 return -EFAULT; 1011 } 1012 1013 err = ext4_resize_begin(sb); 1014 if (err) 1015 return err; 1016 1017 err = mnt_want_write_file(filp); 1018 if (err) 1019 goto resizefs_out; 1020 1021 err = ext4_resize_fs(sb, n_blocks_count); 1022 if (EXT4_SB(sb)->s_journal) { 1023 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE); 1024 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 1025 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 1026 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 1027 } 1028 if (err == 0) 1029 err = err2; 1030 mnt_drop_write_file(filp); 1031 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) && 1032 ext4_has_group_desc_csum(sb) && 1033 test_opt(sb, INIT_INODE_TABLE)) 1034 err = ext4_register_li_request(sb, o_group); 1035 1036 resizefs_out: 1037 ext4_resize_end(sb); 1038 return err; 1039 } 1040 1041 case FITRIM: 1042 { 1043 struct request_queue *q = bdev_get_queue(sb->s_bdev); 1044 struct fstrim_range range; 1045 int ret = 0; 1046 1047 if (!capable(CAP_SYS_ADMIN)) 1048 return -EPERM; 1049 1050 if (!blk_queue_discard(q)) 1051 return -EOPNOTSUPP; 1052 1053 /* 1054 * We haven't replayed the journal, so we cannot use our 1055 * block-bitmap-guided storage zapping commands. 1056 */ 1057 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb)) 1058 return -EROFS; 1059 1060 if (copy_from_user(&range, (struct fstrim_range __user *)arg, 1061 sizeof(range))) 1062 return -EFAULT; 1063 1064 range.minlen = max((unsigned int)range.minlen, 1065 q->limits.discard_granularity); 1066 ret = ext4_trim_fs(sb, &range); 1067 if (ret < 0) 1068 return ret; 1069 1070 if (copy_to_user((struct fstrim_range __user *)arg, &range, 1071 sizeof(range))) 1072 return -EFAULT; 1073 1074 return 0; 1075 } 1076 case EXT4_IOC_PRECACHE_EXTENTS: 1077 return ext4_ext_precache(inode); 1078 1079 case FS_IOC_SET_ENCRYPTION_POLICY: 1080 if (!ext4_has_feature_encrypt(sb)) 1081 return -EOPNOTSUPP; 1082 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg); 1083 1084 case FS_IOC_GET_ENCRYPTION_PWSALT: { 1085 #ifdef CONFIG_FS_ENCRYPTION 1086 int err, err2; 1087 struct ext4_sb_info *sbi = EXT4_SB(sb); 1088 handle_t *handle; 1089 1090 if (!ext4_has_feature_encrypt(sb)) 1091 return -EOPNOTSUPP; 1092 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) { 1093 err = mnt_want_write_file(filp); 1094 if (err) 1095 return err; 1096 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1); 1097 if (IS_ERR(handle)) { 1098 err = PTR_ERR(handle); 1099 goto pwsalt_err_exit; 1100 } 1101 err = ext4_journal_get_write_access(handle, sbi->s_sbh); 1102 if (err) 1103 goto pwsalt_err_journal; 1104 lock_buffer(sbi->s_sbh); 1105 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt); 1106 ext4_superblock_csum_set(sb); 1107 unlock_buffer(sbi->s_sbh); 1108 err = ext4_handle_dirty_metadata(handle, NULL, 1109 sbi->s_sbh); 1110 pwsalt_err_journal: 1111 err2 = ext4_journal_stop(handle); 1112 if (err2 && !err) 1113 err = err2; 1114 pwsalt_err_exit: 1115 mnt_drop_write_file(filp); 1116 if (err) 1117 return err; 1118 } 1119 if (copy_to_user((void __user *) arg, 1120 sbi->s_es->s_encrypt_pw_salt, 16)) 1121 return -EFAULT; 1122 return 0; 1123 #else 1124 return -EOPNOTSUPP; 1125 #endif 1126 } 1127 case FS_IOC_GET_ENCRYPTION_POLICY: 1128 if (!ext4_has_feature_encrypt(sb)) 1129 return -EOPNOTSUPP; 1130 return fscrypt_ioctl_get_policy(filp, (void __user *)arg); 1131 1132 case FS_IOC_GET_ENCRYPTION_POLICY_EX: 1133 if (!ext4_has_feature_encrypt(sb)) 1134 return -EOPNOTSUPP; 1135 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg); 1136 1137 case FS_IOC_ADD_ENCRYPTION_KEY: 1138 if (!ext4_has_feature_encrypt(sb)) 1139 return -EOPNOTSUPP; 1140 return fscrypt_ioctl_add_key(filp, (void __user *)arg); 1141 1142 case FS_IOC_REMOVE_ENCRYPTION_KEY: 1143 if (!ext4_has_feature_encrypt(sb)) 1144 return -EOPNOTSUPP; 1145 return fscrypt_ioctl_remove_key(filp, (void __user *)arg); 1146 1147 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: 1148 if (!ext4_has_feature_encrypt(sb)) 1149 return -EOPNOTSUPP; 1150 return fscrypt_ioctl_remove_key_all_users(filp, 1151 (void __user *)arg); 1152 case FS_IOC_GET_ENCRYPTION_KEY_STATUS: 1153 if (!ext4_has_feature_encrypt(sb)) 1154 return -EOPNOTSUPP; 1155 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg); 1156 1157 case FS_IOC_GET_ENCRYPTION_NONCE: 1158 if (!ext4_has_feature_encrypt(sb)) 1159 return -EOPNOTSUPP; 1160 return fscrypt_ioctl_get_nonce(filp, (void __user *)arg); 1161 1162 case EXT4_IOC_CLEAR_ES_CACHE: 1163 { 1164 if (!inode_owner_or_capable(mnt_userns, inode)) 1165 return -EACCES; 1166 ext4_clear_inode_es(inode); 1167 return 0; 1168 } 1169 1170 case EXT4_IOC_GETSTATE: 1171 { 1172 __u32 state = 0; 1173 1174 if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED)) 1175 state |= EXT4_STATE_FLAG_EXT_PRECACHED; 1176 if (ext4_test_inode_state(inode, EXT4_STATE_NEW)) 1177 state |= EXT4_STATE_FLAG_NEW; 1178 if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY)) 1179 state |= EXT4_STATE_FLAG_NEWENTRY; 1180 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE)) 1181 state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE; 1182 1183 return put_user(state, (__u32 __user *) arg); 1184 } 1185 1186 case EXT4_IOC_GET_ES_CACHE: 1187 return ext4_ioctl_get_es_cache(filp, arg); 1188 1189 case EXT4_IOC_SHUTDOWN: 1190 return ext4_shutdown(sb, arg); 1191 1192 case FS_IOC_ENABLE_VERITY: 1193 if (!ext4_has_feature_verity(sb)) 1194 return -EOPNOTSUPP; 1195 return fsverity_ioctl_enable(filp, (const void __user *)arg); 1196 1197 case FS_IOC_MEASURE_VERITY: 1198 if (!ext4_has_feature_verity(sb)) 1199 return -EOPNOTSUPP; 1200 return fsverity_ioctl_measure(filp, (void __user *)arg); 1201 1202 case FS_IOC_READ_VERITY_METADATA: 1203 if (!ext4_has_feature_verity(sb)) 1204 return -EOPNOTSUPP; 1205 return fsverity_ioctl_read_metadata(filp, 1206 (const void __user *)arg); 1207 1208 default: 1209 return -ENOTTY; 1210 } 1211 } 1212 1213 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 1214 { 1215 long ret; 1216 1217 ext4_fc_start_update(file_inode(filp)); 1218 ret = __ext4_ioctl(filp, cmd, arg); 1219 ext4_fc_stop_update(file_inode(filp)); 1220 1221 return ret; 1222 } 1223 1224 #ifdef CONFIG_COMPAT 1225 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1226 { 1227 /* These are just misnamed, they actually get/put from/to user an int */ 1228 switch (cmd) { 1229 case EXT4_IOC32_GETVERSION: 1230 cmd = EXT4_IOC_GETVERSION; 1231 break; 1232 case EXT4_IOC32_SETVERSION: 1233 cmd = EXT4_IOC_SETVERSION; 1234 break; 1235 case EXT4_IOC32_GROUP_EXTEND: 1236 cmd = EXT4_IOC_GROUP_EXTEND; 1237 break; 1238 case EXT4_IOC32_GETVERSION_OLD: 1239 cmd = EXT4_IOC_GETVERSION_OLD; 1240 break; 1241 case EXT4_IOC32_SETVERSION_OLD: 1242 cmd = EXT4_IOC_SETVERSION_OLD; 1243 break; 1244 case EXT4_IOC32_GETRSVSZ: 1245 cmd = EXT4_IOC_GETRSVSZ; 1246 break; 1247 case EXT4_IOC32_SETRSVSZ: 1248 cmd = EXT4_IOC_SETRSVSZ; 1249 break; 1250 case EXT4_IOC32_GROUP_ADD: { 1251 struct compat_ext4_new_group_input __user *uinput; 1252 struct ext4_new_group_data input; 1253 int err; 1254 1255 uinput = compat_ptr(arg); 1256 err = get_user(input.group, &uinput->group); 1257 err |= get_user(input.block_bitmap, &uinput->block_bitmap); 1258 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap); 1259 err |= get_user(input.inode_table, &uinput->inode_table); 1260 err |= get_user(input.blocks_count, &uinput->blocks_count); 1261 err |= get_user(input.reserved_blocks, 1262 &uinput->reserved_blocks); 1263 if (err) 1264 return -EFAULT; 1265 return ext4_ioctl_group_add(file, &input); 1266 } 1267 case EXT4_IOC_MOVE_EXT: 1268 case EXT4_IOC_RESIZE_FS: 1269 case FITRIM: 1270 case EXT4_IOC_PRECACHE_EXTENTS: 1271 case FS_IOC_SET_ENCRYPTION_POLICY: 1272 case FS_IOC_GET_ENCRYPTION_PWSALT: 1273 case FS_IOC_GET_ENCRYPTION_POLICY: 1274 case FS_IOC_GET_ENCRYPTION_POLICY_EX: 1275 case FS_IOC_ADD_ENCRYPTION_KEY: 1276 case FS_IOC_REMOVE_ENCRYPTION_KEY: 1277 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: 1278 case FS_IOC_GET_ENCRYPTION_KEY_STATUS: 1279 case FS_IOC_GET_ENCRYPTION_NONCE: 1280 case EXT4_IOC_SHUTDOWN: 1281 case FS_IOC_GETFSMAP: 1282 case FS_IOC_ENABLE_VERITY: 1283 case FS_IOC_MEASURE_VERITY: 1284 case FS_IOC_READ_VERITY_METADATA: 1285 case EXT4_IOC_CLEAR_ES_CACHE: 1286 case EXT4_IOC_GETSTATE: 1287 case EXT4_IOC_GET_ES_CACHE: 1288 break; 1289 default: 1290 return -ENOIOCTLCMD; 1291 } 1292 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); 1293 } 1294 #endif 1295