1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/ioctl.c 4 * 5 * Copyright (C) 1993, 1994, 1995 6 * Remy Card (card@masi.ibp.fr) 7 * Laboratoire MASI - Institut Blaise Pascal 8 * Universite Pierre et Marie Curie (Paris VI) 9 */ 10 11 #include <linux/fs.h> 12 #include <linux/capability.h> 13 #include <linux/time.h> 14 #include <linux/compat.h> 15 #include <linux/mount.h> 16 #include <linux/file.h> 17 #include <linux/quotaops.h> 18 #include <linux/random.h> 19 #include <linux/uuid.h> 20 #include <linux/uaccess.h> 21 #include <linux/delay.h> 22 #include <linux/iversion.h> 23 #include <linux/fileattr.h> 24 #include "ext4_jbd2.h" 25 #include "ext4.h" 26 #include <linux/fsmap.h> 27 #include "fsmap.h" 28 #include <trace/events/ext4.h> 29 30 typedef void ext4_update_sb_callback(struct ext4_super_block *es, 31 const void *arg); 32 33 /* 34 * Superblock modification callback function for changing file system 35 * label 36 */ 37 static void ext4_sb_setlabel(struct ext4_super_block *es, const void *arg) 38 { 39 /* Sanity check, this should never happen */ 40 BUILD_BUG_ON(sizeof(es->s_volume_name) < EXT4_LABEL_MAX); 41 42 memcpy(es->s_volume_name, (char *)arg, EXT4_LABEL_MAX); 43 } 44 45 static 46 int ext4_update_primary_sb(struct super_block *sb, handle_t *handle, 47 ext4_update_sb_callback func, 48 const void *arg) 49 { 50 int err = 0; 51 struct ext4_sb_info *sbi = EXT4_SB(sb); 52 struct buffer_head *bh = sbi->s_sbh; 53 struct ext4_super_block *es = sbi->s_es; 54 55 trace_ext4_update_sb(sb, bh->b_blocknr, 1); 56 57 BUFFER_TRACE(bh, "get_write_access"); 58 err = ext4_journal_get_write_access(handle, sb, 59 bh, 60 EXT4_JTR_NONE); 61 if (err) 62 goto out_err; 63 64 lock_buffer(bh); 65 func(es, arg); 66 ext4_superblock_csum_set(sb); 67 unlock_buffer(bh); 68 69 if (buffer_write_io_error(bh) || !buffer_uptodate(bh)) { 70 ext4_msg(sbi->s_sb, KERN_ERR, "previous I/O error to " 71 "superblock detected"); 72 clear_buffer_write_io_error(bh); 73 set_buffer_uptodate(bh); 74 } 75 76 err = ext4_handle_dirty_metadata(handle, NULL, bh); 77 if (err) 78 goto out_err; 79 err = sync_dirty_buffer(bh); 80 out_err: 81 ext4_std_error(sb, err); 82 return err; 83 } 84 85 /* 86 * Update one backup superblock in the group 'grp' using the callback 87 * function 'func' and argument 'arg'. If the handle is NULL the 88 * modification is not journalled. 89 * 90 * Returns: 0 when no modification was done (no superblock in the group) 91 * 1 when the modification was successful 92 * <0 on error 93 */ 94 static int ext4_update_backup_sb(struct super_block *sb, 95 handle_t *handle, ext4_group_t grp, 96 ext4_update_sb_callback func, const void *arg) 97 { 98 int err = 0; 99 ext4_fsblk_t sb_block; 100 struct buffer_head *bh; 101 unsigned long offset = 0; 102 struct ext4_super_block *es; 103 104 if (!ext4_bg_has_super(sb, grp)) 105 return 0; 106 107 /* 108 * For the group 0 there is always 1k padding, so we have 109 * either adjust offset, or sb_block depending on blocksize 110 */ 111 if (grp == 0) { 112 sb_block = 1 * EXT4_MIN_BLOCK_SIZE; 113 offset = do_div(sb_block, sb->s_blocksize); 114 } else { 115 sb_block = ext4_group_first_block_no(sb, grp); 116 offset = 0; 117 } 118 119 trace_ext4_update_sb(sb, sb_block, handle ? 1 : 0); 120 121 bh = ext4_sb_bread(sb, sb_block, 0); 122 if (IS_ERR(bh)) 123 return PTR_ERR(bh); 124 125 if (handle) { 126 BUFFER_TRACE(bh, "get_write_access"); 127 err = ext4_journal_get_write_access(handle, sb, 128 bh, 129 EXT4_JTR_NONE); 130 if (err) 131 goto out_bh; 132 } 133 134 es = (struct ext4_super_block *) (bh->b_data + offset); 135 lock_buffer(bh); 136 if (ext4_has_metadata_csum(sb) && 137 es->s_checksum != ext4_superblock_csum(sb, es)) { 138 ext4_msg(sb, KERN_ERR, "Invalid checksum for backup " 139 "superblock %llu\n", sb_block); 140 unlock_buffer(bh); 141 err = -EFSBADCRC; 142 goto out_bh; 143 } 144 func(es, arg); 145 if (ext4_has_metadata_csum(sb)) 146 es->s_checksum = ext4_superblock_csum(sb, es); 147 set_buffer_uptodate(bh); 148 unlock_buffer(bh); 149 150 if (err) 151 goto out_bh; 152 153 if (handle) { 154 err = ext4_handle_dirty_metadata(handle, NULL, bh); 155 if (err) 156 goto out_bh; 157 } else { 158 BUFFER_TRACE(bh, "marking dirty"); 159 mark_buffer_dirty(bh); 160 } 161 err = sync_dirty_buffer(bh); 162 163 out_bh: 164 brelse(bh); 165 ext4_std_error(sb, err); 166 return (err) ? err : 1; 167 } 168 169 /* 170 * Update primary and backup superblocks using the provided function 171 * func and argument arg. 172 * 173 * Only the primary superblock and at most two backup superblock 174 * modifications are journalled; the rest is modified without journal. 175 * This is safe because e2fsck will re-write them if there is a problem, 176 * and we're very unlikely to ever need more than two backups. 177 */ 178 static 179 int ext4_update_superblocks_fn(struct super_block *sb, 180 ext4_update_sb_callback func, 181 const void *arg) 182 { 183 handle_t *handle; 184 ext4_group_t ngroups; 185 unsigned int three = 1; 186 unsigned int five = 5; 187 unsigned int seven = 7; 188 int err = 0, ret, i; 189 ext4_group_t grp, primary_grp; 190 struct ext4_sb_info *sbi = EXT4_SB(sb); 191 192 /* 193 * We can't update superblocks while the online resize is running 194 */ 195 if (test_and_set_bit_lock(EXT4_FLAGS_RESIZING, 196 &sbi->s_ext4_flags)) { 197 ext4_msg(sb, KERN_ERR, "Can't modify superblock while" 198 "performing online resize"); 199 return -EBUSY; 200 } 201 202 /* 203 * We're only going to update primary superblock and two 204 * backup superblocks in this transaction. 205 */ 206 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 3); 207 if (IS_ERR(handle)) { 208 err = PTR_ERR(handle); 209 goto out; 210 } 211 212 /* Update primary superblock */ 213 err = ext4_update_primary_sb(sb, handle, func, arg); 214 if (err) { 215 ext4_msg(sb, KERN_ERR, "Failed to update primary " 216 "superblock"); 217 goto out_journal; 218 } 219 220 primary_grp = ext4_get_group_number(sb, sbi->s_sbh->b_blocknr); 221 ngroups = ext4_get_groups_count(sb); 222 223 /* 224 * Update backup superblocks. We have to start from group 0 225 * because it might not be where the primary superblock is 226 * if the fs is mounted with -o sb=<backup_sb_block> 227 */ 228 i = 0; 229 grp = 0; 230 while (grp < ngroups) { 231 /* Skip primary superblock */ 232 if (grp == primary_grp) 233 goto next_grp; 234 235 ret = ext4_update_backup_sb(sb, handle, grp, func, arg); 236 if (ret < 0) { 237 /* Ignore bad checksum; try to update next sb */ 238 if (ret == -EFSBADCRC) 239 goto next_grp; 240 err = ret; 241 goto out_journal; 242 } 243 244 i += ret; 245 if (handle && i > 1) { 246 /* 247 * We're only journalling primary superblock and 248 * two backup superblocks; the rest is not 249 * journalled. 250 */ 251 err = ext4_journal_stop(handle); 252 if (err) 253 goto out; 254 handle = NULL; 255 } 256 next_grp: 257 grp = ext4_list_backups(sb, &three, &five, &seven); 258 } 259 260 out_journal: 261 if (handle) { 262 ret = ext4_journal_stop(handle); 263 if (ret && !err) 264 err = ret; 265 } 266 out: 267 clear_bit_unlock(EXT4_FLAGS_RESIZING, &sbi->s_ext4_flags); 268 smp_mb__after_atomic(); 269 return err ? err : 0; 270 } 271 272 /* 273 * Swap memory between @a and @b for @len bytes. 274 * 275 * @a: pointer to first memory area 276 * @b: pointer to second memory area 277 * @len: number of bytes to swap 278 * 279 */ 280 static void memswap(void *a, void *b, size_t len) 281 { 282 unsigned char *ap, *bp; 283 284 ap = (unsigned char *)a; 285 bp = (unsigned char *)b; 286 while (len-- > 0) { 287 swap(*ap, *bp); 288 ap++; 289 bp++; 290 } 291 } 292 293 /* 294 * Swap i_data and associated attributes between @inode1 and @inode2. 295 * This function is used for the primary swap between inode1 and inode2 296 * and also to revert this primary swap in case of errors. 297 * 298 * Therefore you have to make sure, that calling this method twice 299 * will revert all changes. 300 * 301 * @inode1: pointer to first inode 302 * @inode2: pointer to second inode 303 */ 304 static void swap_inode_data(struct inode *inode1, struct inode *inode2) 305 { 306 loff_t isize; 307 struct ext4_inode_info *ei1; 308 struct ext4_inode_info *ei2; 309 unsigned long tmp; 310 311 ei1 = EXT4_I(inode1); 312 ei2 = EXT4_I(inode2); 313 314 swap(inode1->i_version, inode2->i_version); 315 swap(inode1->i_atime, inode2->i_atime); 316 swap(inode1->i_mtime, inode2->i_mtime); 317 318 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data)); 319 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP; 320 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) | 321 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP); 322 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP); 323 swap(ei1->i_disksize, ei2->i_disksize); 324 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS); 325 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS); 326 327 isize = i_size_read(inode1); 328 i_size_write(inode1, i_size_read(inode2)); 329 i_size_write(inode2, isize); 330 } 331 332 void ext4_reset_inode_seed(struct inode *inode) 333 { 334 struct ext4_inode_info *ei = EXT4_I(inode); 335 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); 336 __le32 inum = cpu_to_le32(inode->i_ino); 337 __le32 gen = cpu_to_le32(inode->i_generation); 338 __u32 csum; 339 340 if (!ext4_has_metadata_csum(inode->i_sb)) 341 return; 342 343 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum)); 344 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen)); 345 } 346 347 /* 348 * Swap the information from the given @inode and the inode 349 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other 350 * important fields of the inodes. 351 * 352 * @sb: the super block of the filesystem 353 * @mnt_userns: user namespace of the mount the inode was found from 354 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO 355 * 356 */ 357 static long swap_inode_boot_loader(struct super_block *sb, 358 struct user_namespace *mnt_userns, 359 struct inode *inode) 360 { 361 handle_t *handle; 362 int err; 363 struct inode *inode_bl; 364 struct ext4_inode_info *ei_bl; 365 qsize_t size, size_bl, diff; 366 blkcnt_t blocks; 367 unsigned short bytes; 368 369 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL); 370 if (IS_ERR(inode_bl)) 371 return PTR_ERR(inode_bl); 372 ei_bl = EXT4_I(inode_bl); 373 374 /* Protect orig inodes against a truncate and make sure, 375 * that only 1 swap_inode_boot_loader is running. */ 376 lock_two_nondirectories(inode, inode_bl); 377 378 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) || 379 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) || 380 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) || 381 ext4_has_inline_data(inode)) { 382 err = -EINVAL; 383 goto journal_err_out; 384 } 385 386 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) || 387 !inode_owner_or_capable(mnt_userns, inode) || 388 !capable(CAP_SYS_ADMIN)) { 389 err = -EPERM; 390 goto journal_err_out; 391 } 392 393 filemap_invalidate_lock(inode->i_mapping); 394 err = filemap_write_and_wait(inode->i_mapping); 395 if (err) 396 goto err_out; 397 398 err = filemap_write_and_wait(inode_bl->i_mapping); 399 if (err) 400 goto err_out; 401 402 /* Wait for all existing dio workers */ 403 inode_dio_wait(inode); 404 inode_dio_wait(inode_bl); 405 406 truncate_inode_pages(&inode->i_data, 0); 407 truncate_inode_pages(&inode_bl->i_data, 0); 408 409 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2); 410 if (IS_ERR(handle)) { 411 err = -EINVAL; 412 goto err_out; 413 } 414 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_SWAP_BOOT, handle); 415 416 /* Protect extent tree against block allocations via delalloc */ 417 ext4_double_down_write_data_sem(inode, inode_bl); 418 419 if (inode_bl->i_nlink == 0) { 420 /* this inode has never been used as a BOOT_LOADER */ 421 set_nlink(inode_bl, 1); 422 i_uid_write(inode_bl, 0); 423 i_gid_write(inode_bl, 0); 424 inode_bl->i_flags = 0; 425 ei_bl->i_flags = 0; 426 inode_set_iversion(inode_bl, 1); 427 i_size_write(inode_bl, 0); 428 inode_bl->i_mode = S_IFREG; 429 if (ext4_has_feature_extents(sb)) { 430 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS); 431 ext4_ext_tree_init(handle, inode_bl); 432 } else 433 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data)); 434 } 435 436 err = dquot_initialize(inode); 437 if (err) 438 goto err_out1; 439 440 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes; 441 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes; 442 diff = size - size_bl; 443 swap_inode_data(inode, inode_bl); 444 445 inode->i_ctime = inode_bl->i_ctime = current_time(inode); 446 447 inode->i_generation = prandom_u32(); 448 inode_bl->i_generation = prandom_u32(); 449 ext4_reset_inode_seed(inode); 450 ext4_reset_inode_seed(inode_bl); 451 452 ext4_discard_preallocations(inode, 0); 453 454 err = ext4_mark_inode_dirty(handle, inode); 455 if (err < 0) { 456 /* No need to update quota information. */ 457 ext4_warning(inode->i_sb, 458 "couldn't mark inode #%lu dirty (err %d)", 459 inode->i_ino, err); 460 /* Revert all changes: */ 461 swap_inode_data(inode, inode_bl); 462 ext4_mark_inode_dirty(handle, inode); 463 goto err_out1; 464 } 465 466 blocks = inode_bl->i_blocks; 467 bytes = inode_bl->i_bytes; 468 inode_bl->i_blocks = inode->i_blocks; 469 inode_bl->i_bytes = inode->i_bytes; 470 err = ext4_mark_inode_dirty(handle, inode_bl); 471 if (err < 0) { 472 /* No need to update quota information. */ 473 ext4_warning(inode_bl->i_sb, 474 "couldn't mark inode #%lu dirty (err %d)", 475 inode_bl->i_ino, err); 476 goto revert; 477 } 478 479 /* Bootloader inode should not be counted into quota information. */ 480 if (diff > 0) 481 dquot_free_space(inode, diff); 482 else 483 err = dquot_alloc_space(inode, -1 * diff); 484 485 if (err < 0) { 486 revert: 487 /* Revert all changes: */ 488 inode_bl->i_blocks = blocks; 489 inode_bl->i_bytes = bytes; 490 swap_inode_data(inode, inode_bl); 491 ext4_mark_inode_dirty(handle, inode); 492 ext4_mark_inode_dirty(handle, inode_bl); 493 } 494 495 err_out1: 496 ext4_journal_stop(handle); 497 ext4_double_up_write_data_sem(inode, inode_bl); 498 499 err_out: 500 filemap_invalidate_unlock(inode->i_mapping); 501 journal_err_out: 502 unlock_two_nondirectories(inode, inode_bl); 503 iput(inode_bl); 504 return err; 505 } 506 507 #ifdef CONFIG_FS_ENCRYPTION 508 static int uuid_is_zero(__u8 u[16]) 509 { 510 int i; 511 512 for (i = 0; i < 16; i++) 513 if (u[i]) 514 return 0; 515 return 1; 516 } 517 #endif 518 519 /* 520 * If immutable is set and we are not clearing it, we're not allowed to change 521 * anything else in the inode. Don't error out if we're only trying to set 522 * immutable on an immutable file. 523 */ 524 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid, 525 unsigned int flags) 526 { 527 struct ext4_inode_info *ei = EXT4_I(inode); 528 unsigned int oldflags = ei->i_flags; 529 530 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL)) 531 return 0; 532 533 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL)) 534 return -EPERM; 535 if (ext4_has_feature_project(inode->i_sb) && 536 __kprojid_val(ei->i_projid) != new_projid) 537 return -EPERM; 538 539 return 0; 540 } 541 542 static void ext4_dax_dontcache(struct inode *inode, unsigned int flags) 543 { 544 struct ext4_inode_info *ei = EXT4_I(inode); 545 546 if (S_ISDIR(inode->i_mode)) 547 return; 548 549 if (test_opt2(inode->i_sb, DAX_NEVER) || 550 test_opt(inode->i_sb, DAX_ALWAYS)) 551 return; 552 553 if ((ei->i_flags ^ flags) & EXT4_DAX_FL) 554 d_mark_dontcache(inode); 555 } 556 557 static bool dax_compatible(struct inode *inode, unsigned int oldflags, 558 unsigned int flags) 559 { 560 /* Allow the DAX flag to be changed on inline directories */ 561 if (S_ISDIR(inode->i_mode)) { 562 flags &= ~EXT4_INLINE_DATA_FL; 563 oldflags &= ~EXT4_INLINE_DATA_FL; 564 } 565 566 if (flags & EXT4_DAX_FL) { 567 if ((oldflags & EXT4_DAX_MUT_EXCL) || 568 ext4_test_inode_state(inode, 569 EXT4_STATE_VERITY_IN_PROGRESS)) { 570 return false; 571 } 572 } 573 574 if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL)) 575 return false; 576 577 return true; 578 } 579 580 static int ext4_ioctl_setflags(struct inode *inode, 581 unsigned int flags) 582 { 583 struct ext4_inode_info *ei = EXT4_I(inode); 584 handle_t *handle = NULL; 585 int err = -EPERM, migrate = 0; 586 struct ext4_iloc iloc; 587 unsigned int oldflags, mask, i; 588 struct super_block *sb = inode->i_sb; 589 590 /* Is it quota file? Do not allow user to mess with it */ 591 if (ext4_is_quota_file(inode)) 592 goto flags_out; 593 594 oldflags = ei->i_flags; 595 /* 596 * The JOURNAL_DATA flag can only be changed by 597 * the relevant capability. 598 */ 599 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 600 if (!capable(CAP_SYS_RESOURCE)) 601 goto flags_out; 602 } 603 604 if (!dax_compatible(inode, oldflags, flags)) { 605 err = -EOPNOTSUPP; 606 goto flags_out; 607 } 608 609 if ((flags ^ oldflags) & EXT4_EXTENTS_FL) 610 migrate = 1; 611 612 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) { 613 if (!ext4_has_feature_casefold(sb)) { 614 err = -EOPNOTSUPP; 615 goto flags_out; 616 } 617 618 if (!S_ISDIR(inode->i_mode)) { 619 err = -ENOTDIR; 620 goto flags_out; 621 } 622 623 if (!ext4_empty_dir(inode)) { 624 err = -ENOTEMPTY; 625 goto flags_out; 626 } 627 } 628 629 /* 630 * Wait for all pending directio and then flush all the dirty pages 631 * for this file. The flush marks all the pages readonly, so any 632 * subsequent attempt to write to the file (particularly mmap pages) 633 * will come through the filesystem and fail. 634 */ 635 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) && 636 (flags & EXT4_IMMUTABLE_FL)) { 637 inode_dio_wait(inode); 638 err = filemap_write_and_wait(inode->i_mapping); 639 if (err) 640 goto flags_out; 641 } 642 643 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 644 if (IS_ERR(handle)) { 645 err = PTR_ERR(handle); 646 goto flags_out; 647 } 648 if (IS_SYNC(inode)) 649 ext4_handle_sync(handle); 650 err = ext4_reserve_inode_write(handle, inode, &iloc); 651 if (err) 652 goto flags_err; 653 654 ext4_dax_dontcache(inode, flags); 655 656 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) { 657 if (!(mask & EXT4_FL_USER_MODIFIABLE)) 658 continue; 659 /* These flags get special treatment later */ 660 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL) 661 continue; 662 if (mask & flags) 663 ext4_set_inode_flag(inode, i); 664 else 665 ext4_clear_inode_flag(inode, i); 666 } 667 668 ext4_set_inode_flags(inode, false); 669 670 inode->i_ctime = current_time(inode); 671 672 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 673 flags_err: 674 ext4_journal_stop(handle); 675 if (err) 676 goto flags_out; 677 678 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 679 /* 680 * Changes to the journaling mode can cause unsafe changes to 681 * S_DAX if the inode is DAX 682 */ 683 if (IS_DAX(inode)) { 684 err = -EBUSY; 685 goto flags_out; 686 } 687 688 err = ext4_change_inode_journal_flag(inode, 689 flags & EXT4_JOURNAL_DATA_FL); 690 if (err) 691 goto flags_out; 692 } 693 if (migrate) { 694 if (flags & EXT4_EXTENTS_FL) 695 err = ext4_ext_migrate(inode); 696 else 697 err = ext4_ind_migrate(inode); 698 } 699 700 flags_out: 701 return err; 702 } 703 704 #ifdef CONFIG_QUOTA 705 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid) 706 { 707 struct super_block *sb = inode->i_sb; 708 struct ext4_inode_info *ei = EXT4_I(inode); 709 int err, rc; 710 handle_t *handle; 711 kprojid_t kprojid; 712 struct ext4_iloc iloc; 713 struct ext4_inode *raw_inode; 714 struct dquot *transfer_to[MAXQUOTAS] = { }; 715 716 if (!ext4_has_feature_project(sb)) { 717 if (projid != EXT4_DEF_PROJID) 718 return -EOPNOTSUPP; 719 else 720 return 0; 721 } 722 723 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE) 724 return -EOPNOTSUPP; 725 726 kprojid = make_kprojid(&init_user_ns, (projid_t)projid); 727 728 if (projid_eq(kprojid, EXT4_I(inode)->i_projid)) 729 return 0; 730 731 err = -EPERM; 732 /* Is it quota file? Do not allow user to mess with it */ 733 if (ext4_is_quota_file(inode)) 734 return err; 735 736 err = ext4_get_inode_loc(inode, &iloc); 737 if (err) 738 return err; 739 740 raw_inode = ext4_raw_inode(&iloc); 741 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) { 742 err = ext4_expand_extra_isize(inode, 743 EXT4_SB(sb)->s_want_extra_isize, 744 &iloc); 745 if (err) 746 return err; 747 } else { 748 brelse(iloc.bh); 749 } 750 751 err = dquot_initialize(inode); 752 if (err) 753 return err; 754 755 handle = ext4_journal_start(inode, EXT4_HT_QUOTA, 756 EXT4_QUOTA_INIT_BLOCKS(sb) + 757 EXT4_QUOTA_DEL_BLOCKS(sb) + 3); 758 if (IS_ERR(handle)) 759 return PTR_ERR(handle); 760 761 err = ext4_reserve_inode_write(handle, inode, &iloc); 762 if (err) 763 goto out_stop; 764 765 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid)); 766 if (!IS_ERR(transfer_to[PRJQUOTA])) { 767 768 /* __dquot_transfer() calls back ext4_get_inode_usage() which 769 * counts xattr inode references. 770 */ 771 down_read(&EXT4_I(inode)->xattr_sem); 772 err = __dquot_transfer(inode, transfer_to); 773 up_read(&EXT4_I(inode)->xattr_sem); 774 dqput(transfer_to[PRJQUOTA]); 775 if (err) 776 goto out_dirty; 777 } 778 779 EXT4_I(inode)->i_projid = kprojid; 780 inode->i_ctime = current_time(inode); 781 out_dirty: 782 rc = ext4_mark_iloc_dirty(handle, inode, &iloc); 783 if (!err) 784 err = rc; 785 out_stop: 786 ext4_journal_stop(handle); 787 return err; 788 } 789 #else 790 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid) 791 { 792 if (projid != EXT4_DEF_PROJID) 793 return -EOPNOTSUPP; 794 return 0; 795 } 796 #endif 797 798 static int ext4_shutdown(struct super_block *sb, unsigned long arg) 799 { 800 struct ext4_sb_info *sbi = EXT4_SB(sb); 801 __u32 flags; 802 803 if (!capable(CAP_SYS_ADMIN)) 804 return -EPERM; 805 806 if (get_user(flags, (__u32 __user *)arg)) 807 return -EFAULT; 808 809 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH) 810 return -EINVAL; 811 812 if (ext4_forced_shutdown(sbi)) 813 return 0; 814 815 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags); 816 trace_ext4_shutdown(sb, flags); 817 818 switch (flags) { 819 case EXT4_GOING_FLAGS_DEFAULT: 820 freeze_bdev(sb->s_bdev); 821 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 822 thaw_bdev(sb->s_bdev); 823 break; 824 case EXT4_GOING_FLAGS_LOGFLUSH: 825 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 826 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { 827 (void) ext4_force_commit(sb); 828 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 829 } 830 break; 831 case EXT4_GOING_FLAGS_NOLOGFLUSH: 832 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 833 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) 834 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 835 break; 836 default: 837 return -EINVAL; 838 } 839 clear_opt(sb, DISCARD); 840 return 0; 841 } 842 843 struct getfsmap_info { 844 struct super_block *gi_sb; 845 struct fsmap_head __user *gi_data; 846 unsigned int gi_idx; 847 __u32 gi_last_flags; 848 }; 849 850 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv) 851 { 852 struct getfsmap_info *info = priv; 853 struct fsmap fm; 854 855 trace_ext4_getfsmap_mapping(info->gi_sb, xfm); 856 857 info->gi_last_flags = xfm->fmr_flags; 858 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm); 859 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm, 860 sizeof(struct fsmap))) 861 return -EFAULT; 862 863 return 0; 864 } 865 866 static int ext4_ioc_getfsmap(struct super_block *sb, 867 struct fsmap_head __user *arg) 868 { 869 struct getfsmap_info info = { NULL }; 870 struct ext4_fsmap_head xhead = {0}; 871 struct fsmap_head head; 872 bool aborted = false; 873 int error; 874 875 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) 876 return -EFAULT; 877 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || 878 memchr_inv(head.fmh_keys[0].fmr_reserved, 0, 879 sizeof(head.fmh_keys[0].fmr_reserved)) || 880 memchr_inv(head.fmh_keys[1].fmr_reserved, 0, 881 sizeof(head.fmh_keys[1].fmr_reserved))) 882 return -EINVAL; 883 /* 884 * ext4 doesn't report file extents at all, so the only valid 885 * file offsets are the magic ones (all zeroes or all ones). 886 */ 887 if (head.fmh_keys[0].fmr_offset || 888 (head.fmh_keys[1].fmr_offset != 0 && 889 head.fmh_keys[1].fmr_offset != -1ULL)) 890 return -EINVAL; 891 892 xhead.fmh_iflags = head.fmh_iflags; 893 xhead.fmh_count = head.fmh_count; 894 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]); 895 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]); 896 897 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]); 898 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]); 899 900 info.gi_sb = sb; 901 info.gi_data = arg; 902 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info); 903 if (error == EXT4_QUERY_RANGE_ABORT) 904 aborted = true; 905 else if (error) 906 return error; 907 908 /* If we didn't abort, set the "last" flag in the last fmx */ 909 if (!aborted && info.gi_idx) { 910 info.gi_last_flags |= FMR_OF_LAST; 911 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags, 912 &info.gi_last_flags, 913 sizeof(info.gi_last_flags))) 914 return -EFAULT; 915 } 916 917 /* copy back header */ 918 head.fmh_entries = xhead.fmh_entries; 919 head.fmh_oflags = xhead.fmh_oflags; 920 if (copy_to_user(arg, &head, sizeof(struct fsmap_head))) 921 return -EFAULT; 922 923 return 0; 924 } 925 926 static long ext4_ioctl_group_add(struct file *file, 927 struct ext4_new_group_data *input) 928 { 929 struct super_block *sb = file_inode(file)->i_sb; 930 int err, err2=0; 931 932 err = ext4_resize_begin(sb); 933 if (err) 934 return err; 935 936 if (ext4_has_feature_bigalloc(sb)) { 937 ext4_msg(sb, KERN_ERR, 938 "Online resizing not supported with bigalloc"); 939 err = -EOPNOTSUPP; 940 goto group_add_out; 941 } 942 943 err = mnt_want_write_file(file); 944 if (err) 945 goto group_add_out; 946 947 err = ext4_group_add(sb, input); 948 if (EXT4_SB(sb)->s_journal) { 949 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 950 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0); 951 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 952 } 953 if (err == 0) 954 err = err2; 955 mnt_drop_write_file(file); 956 if (!err && ext4_has_group_desc_csum(sb) && 957 test_opt(sb, INIT_INODE_TABLE)) 958 err = ext4_register_li_request(sb, input->group); 959 group_add_out: 960 ext4_resize_end(sb); 961 return err; 962 } 963 964 int ext4_fileattr_get(struct dentry *dentry, struct fileattr *fa) 965 { 966 struct inode *inode = d_inode(dentry); 967 struct ext4_inode_info *ei = EXT4_I(inode); 968 u32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE; 969 970 if (S_ISREG(inode->i_mode)) 971 flags &= ~FS_PROJINHERIT_FL; 972 973 fileattr_fill_flags(fa, flags); 974 if (ext4_has_feature_project(inode->i_sb)) 975 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid); 976 977 return 0; 978 } 979 980 int ext4_fileattr_set(struct user_namespace *mnt_userns, 981 struct dentry *dentry, struct fileattr *fa) 982 { 983 struct inode *inode = d_inode(dentry); 984 u32 flags = fa->flags; 985 int err = -EOPNOTSUPP; 986 987 if (flags & ~EXT4_FL_USER_VISIBLE) 988 goto out; 989 990 /* 991 * chattr(1) grabs flags via GETFLAGS, modifies the result and 992 * passes that to SETFLAGS. So we cannot easily make SETFLAGS 993 * more restrictive than just silently masking off visible but 994 * not settable flags as we always did. 995 */ 996 flags &= EXT4_FL_USER_MODIFIABLE; 997 if (ext4_mask_flags(inode->i_mode, flags) != flags) 998 goto out; 999 err = ext4_ioctl_check_immutable(inode, fa->fsx_projid, flags); 1000 if (err) 1001 goto out; 1002 err = ext4_ioctl_setflags(inode, flags); 1003 if (err) 1004 goto out; 1005 err = ext4_ioctl_setproject(inode, fa->fsx_projid); 1006 out: 1007 return err; 1008 } 1009 1010 /* So that the fiemap access checks can't overflow on 32 bit machines. */ 1011 #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent)) 1012 1013 static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg) 1014 { 1015 struct fiemap fiemap; 1016 struct fiemap __user *ufiemap = (struct fiemap __user *) arg; 1017 struct fiemap_extent_info fieinfo = { 0, }; 1018 struct inode *inode = file_inode(filp); 1019 int error; 1020 1021 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap))) 1022 return -EFAULT; 1023 1024 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS) 1025 return -EINVAL; 1026 1027 fieinfo.fi_flags = fiemap.fm_flags; 1028 fieinfo.fi_extents_max = fiemap.fm_extent_count; 1029 fieinfo.fi_extents_start = ufiemap->fm_extents; 1030 1031 error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start, 1032 fiemap.fm_length); 1033 fiemap.fm_flags = fieinfo.fi_flags; 1034 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped; 1035 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap))) 1036 error = -EFAULT; 1037 1038 return error; 1039 } 1040 1041 static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg) 1042 { 1043 int err = 0; 1044 __u32 flags = 0; 1045 unsigned int flush_flags = 0; 1046 struct super_block *sb = file_inode(filp)->i_sb; 1047 1048 if (copy_from_user(&flags, (__u32 __user *)arg, 1049 sizeof(__u32))) 1050 return -EFAULT; 1051 1052 if (!capable(CAP_SYS_ADMIN)) 1053 return -EPERM; 1054 1055 /* check for invalid bits set */ 1056 if ((flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) || 1057 ((flags & JBD2_JOURNAL_FLUSH_DISCARD) && 1058 (flags & JBD2_JOURNAL_FLUSH_ZEROOUT))) 1059 return -EINVAL; 1060 1061 if (!EXT4_SB(sb)->s_journal) 1062 return -ENODEV; 1063 1064 if (flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) 1065 return -EINVAL; 1066 1067 if ((flags & JBD2_JOURNAL_FLUSH_DISCARD) && 1068 !bdev_max_discard_sectors(EXT4_SB(sb)->s_journal->j_dev)) 1069 return -EOPNOTSUPP; 1070 1071 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DRY_RUN) 1072 return 0; 1073 1074 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DISCARD) 1075 flush_flags |= JBD2_JOURNAL_FLUSH_DISCARD; 1076 1077 if (flags & EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT) { 1078 flush_flags |= JBD2_JOURNAL_FLUSH_ZEROOUT; 1079 pr_info_ratelimited("warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow"); 1080 } 1081 1082 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 1083 err = jbd2_journal_flush(EXT4_SB(sb)->s_journal, flush_flags); 1084 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 1085 1086 return err; 1087 } 1088 1089 static int ext4_ioctl_setlabel(struct file *filp, const char __user *user_label) 1090 { 1091 size_t len; 1092 int ret = 0; 1093 char new_label[EXT4_LABEL_MAX + 1]; 1094 struct super_block *sb = file_inode(filp)->i_sb; 1095 1096 if (!capable(CAP_SYS_ADMIN)) 1097 return -EPERM; 1098 1099 /* 1100 * Copy the maximum length allowed for ext4 label with one more to 1101 * find the required terminating null byte in order to test the 1102 * label length. The on disk label doesn't need to be null terminated. 1103 */ 1104 if (copy_from_user(new_label, user_label, EXT4_LABEL_MAX + 1)) 1105 return -EFAULT; 1106 1107 len = strnlen(new_label, EXT4_LABEL_MAX + 1); 1108 if (len > EXT4_LABEL_MAX) 1109 return -EINVAL; 1110 1111 /* 1112 * Clear the buffer after the new label 1113 */ 1114 memset(new_label + len, 0, EXT4_LABEL_MAX - len); 1115 1116 ret = mnt_want_write_file(filp); 1117 if (ret) 1118 return ret; 1119 1120 ret = ext4_update_superblocks_fn(sb, ext4_sb_setlabel, new_label); 1121 1122 mnt_drop_write_file(filp); 1123 return ret; 1124 } 1125 1126 static int ext4_ioctl_getlabel(struct ext4_sb_info *sbi, char __user *user_label) 1127 { 1128 char label[EXT4_LABEL_MAX + 1]; 1129 1130 /* 1131 * EXT4_LABEL_MAX must always be smaller than FSLABEL_MAX because 1132 * FSLABEL_MAX must include terminating null byte, while s_volume_name 1133 * does not have to. 1134 */ 1135 BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX); 1136 1137 memset(label, 0, sizeof(label)); 1138 lock_buffer(sbi->s_sbh); 1139 strncpy(label, sbi->s_es->s_volume_name, EXT4_LABEL_MAX); 1140 unlock_buffer(sbi->s_sbh); 1141 1142 if (copy_to_user(user_label, label, sizeof(label))) 1143 return -EFAULT; 1144 return 0; 1145 } 1146 1147 static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 1148 { 1149 struct inode *inode = file_inode(filp); 1150 struct super_block *sb = inode->i_sb; 1151 struct user_namespace *mnt_userns = file_mnt_user_ns(filp); 1152 1153 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg); 1154 1155 switch (cmd) { 1156 case FS_IOC_GETFSMAP: 1157 return ext4_ioc_getfsmap(sb, (void __user *)arg); 1158 case EXT4_IOC_GETVERSION: 1159 case EXT4_IOC_GETVERSION_OLD: 1160 return put_user(inode->i_generation, (int __user *) arg); 1161 case EXT4_IOC_SETVERSION: 1162 case EXT4_IOC_SETVERSION_OLD: { 1163 handle_t *handle; 1164 struct ext4_iloc iloc; 1165 __u32 generation; 1166 int err; 1167 1168 if (!inode_owner_or_capable(mnt_userns, inode)) 1169 return -EPERM; 1170 1171 if (ext4_has_metadata_csum(inode->i_sb)) { 1172 ext4_warning(sb, "Setting inode version is not " 1173 "supported with metadata_csum enabled."); 1174 return -ENOTTY; 1175 } 1176 1177 err = mnt_want_write_file(filp); 1178 if (err) 1179 return err; 1180 if (get_user(generation, (int __user *) arg)) { 1181 err = -EFAULT; 1182 goto setversion_out; 1183 } 1184 1185 inode_lock(inode); 1186 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 1187 if (IS_ERR(handle)) { 1188 err = PTR_ERR(handle); 1189 goto unlock_out; 1190 } 1191 err = ext4_reserve_inode_write(handle, inode, &iloc); 1192 if (err == 0) { 1193 inode->i_ctime = current_time(inode); 1194 inode->i_generation = generation; 1195 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 1196 } 1197 ext4_journal_stop(handle); 1198 1199 unlock_out: 1200 inode_unlock(inode); 1201 setversion_out: 1202 mnt_drop_write_file(filp); 1203 return err; 1204 } 1205 case EXT4_IOC_GROUP_EXTEND: { 1206 ext4_fsblk_t n_blocks_count; 1207 int err, err2=0; 1208 1209 err = ext4_resize_begin(sb); 1210 if (err) 1211 return err; 1212 1213 if (get_user(n_blocks_count, (__u32 __user *)arg)) { 1214 err = -EFAULT; 1215 goto group_extend_out; 1216 } 1217 1218 if (ext4_has_feature_bigalloc(sb)) { 1219 ext4_msg(sb, KERN_ERR, 1220 "Online resizing not supported with bigalloc"); 1221 err = -EOPNOTSUPP; 1222 goto group_extend_out; 1223 } 1224 1225 err = mnt_want_write_file(filp); 1226 if (err) 1227 goto group_extend_out; 1228 1229 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count); 1230 if (EXT4_SB(sb)->s_journal) { 1231 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 1232 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0); 1233 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 1234 } 1235 if (err == 0) 1236 err = err2; 1237 mnt_drop_write_file(filp); 1238 group_extend_out: 1239 ext4_resize_end(sb); 1240 return err; 1241 } 1242 1243 case EXT4_IOC_MOVE_EXT: { 1244 struct move_extent me; 1245 struct fd donor; 1246 int err; 1247 1248 if (!(filp->f_mode & FMODE_READ) || 1249 !(filp->f_mode & FMODE_WRITE)) 1250 return -EBADF; 1251 1252 if (copy_from_user(&me, 1253 (struct move_extent __user *)arg, sizeof(me))) 1254 return -EFAULT; 1255 me.moved_len = 0; 1256 1257 donor = fdget(me.donor_fd); 1258 if (!donor.file) 1259 return -EBADF; 1260 1261 if (!(donor.file->f_mode & FMODE_WRITE)) { 1262 err = -EBADF; 1263 goto mext_out; 1264 } 1265 1266 if (ext4_has_feature_bigalloc(sb)) { 1267 ext4_msg(sb, KERN_ERR, 1268 "Online defrag not supported with bigalloc"); 1269 err = -EOPNOTSUPP; 1270 goto mext_out; 1271 } else if (IS_DAX(inode)) { 1272 ext4_msg(sb, KERN_ERR, 1273 "Online defrag not supported with DAX"); 1274 err = -EOPNOTSUPP; 1275 goto mext_out; 1276 } 1277 1278 err = mnt_want_write_file(filp); 1279 if (err) 1280 goto mext_out; 1281 1282 err = ext4_move_extents(filp, donor.file, me.orig_start, 1283 me.donor_start, me.len, &me.moved_len); 1284 mnt_drop_write_file(filp); 1285 1286 if (copy_to_user((struct move_extent __user *)arg, 1287 &me, sizeof(me))) 1288 err = -EFAULT; 1289 mext_out: 1290 fdput(donor); 1291 return err; 1292 } 1293 1294 case EXT4_IOC_GROUP_ADD: { 1295 struct ext4_new_group_data input; 1296 1297 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg, 1298 sizeof(input))) 1299 return -EFAULT; 1300 1301 return ext4_ioctl_group_add(filp, &input); 1302 } 1303 1304 case EXT4_IOC_MIGRATE: 1305 { 1306 int err; 1307 if (!inode_owner_or_capable(mnt_userns, inode)) 1308 return -EACCES; 1309 1310 err = mnt_want_write_file(filp); 1311 if (err) 1312 return err; 1313 /* 1314 * inode_mutex prevent write and truncate on the file. 1315 * Read still goes through. We take i_data_sem in 1316 * ext4_ext_swap_inode_data before we switch the 1317 * inode format to prevent read. 1318 */ 1319 inode_lock((inode)); 1320 err = ext4_ext_migrate(inode); 1321 inode_unlock((inode)); 1322 mnt_drop_write_file(filp); 1323 return err; 1324 } 1325 1326 case EXT4_IOC_ALLOC_DA_BLKS: 1327 { 1328 int err; 1329 if (!inode_owner_or_capable(mnt_userns, inode)) 1330 return -EACCES; 1331 1332 err = mnt_want_write_file(filp); 1333 if (err) 1334 return err; 1335 err = ext4_alloc_da_blocks(inode); 1336 mnt_drop_write_file(filp); 1337 return err; 1338 } 1339 1340 case EXT4_IOC_SWAP_BOOT: 1341 { 1342 int err; 1343 if (!(filp->f_mode & FMODE_WRITE)) 1344 return -EBADF; 1345 err = mnt_want_write_file(filp); 1346 if (err) 1347 return err; 1348 err = swap_inode_boot_loader(sb, mnt_userns, inode); 1349 mnt_drop_write_file(filp); 1350 return err; 1351 } 1352 1353 case EXT4_IOC_RESIZE_FS: { 1354 ext4_fsblk_t n_blocks_count; 1355 int err = 0, err2 = 0; 1356 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count; 1357 1358 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg, 1359 sizeof(__u64))) { 1360 return -EFAULT; 1361 } 1362 1363 err = ext4_resize_begin(sb); 1364 if (err) 1365 return err; 1366 1367 err = mnt_want_write_file(filp); 1368 if (err) 1369 goto resizefs_out; 1370 1371 err = ext4_resize_fs(sb, n_blocks_count); 1372 if (EXT4_SB(sb)->s_journal) { 1373 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE, NULL); 1374 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 1375 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0); 1376 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 1377 } 1378 if (err == 0) 1379 err = err2; 1380 mnt_drop_write_file(filp); 1381 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) && 1382 ext4_has_group_desc_csum(sb) && 1383 test_opt(sb, INIT_INODE_TABLE)) 1384 err = ext4_register_li_request(sb, o_group); 1385 1386 resizefs_out: 1387 ext4_resize_end(sb); 1388 return err; 1389 } 1390 1391 case FITRIM: 1392 { 1393 struct fstrim_range range; 1394 int ret = 0; 1395 1396 if (!capable(CAP_SYS_ADMIN)) 1397 return -EPERM; 1398 1399 if (!bdev_max_discard_sectors(sb->s_bdev)) 1400 return -EOPNOTSUPP; 1401 1402 /* 1403 * We haven't replayed the journal, so we cannot use our 1404 * block-bitmap-guided storage zapping commands. 1405 */ 1406 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb)) 1407 return -EROFS; 1408 1409 if (copy_from_user(&range, (struct fstrim_range __user *)arg, 1410 sizeof(range))) 1411 return -EFAULT; 1412 1413 ret = ext4_trim_fs(sb, &range); 1414 if (ret < 0) 1415 return ret; 1416 1417 if (copy_to_user((struct fstrim_range __user *)arg, &range, 1418 sizeof(range))) 1419 return -EFAULT; 1420 1421 return 0; 1422 } 1423 case EXT4_IOC_PRECACHE_EXTENTS: 1424 return ext4_ext_precache(inode); 1425 1426 case FS_IOC_SET_ENCRYPTION_POLICY: 1427 if (!ext4_has_feature_encrypt(sb)) 1428 return -EOPNOTSUPP; 1429 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg); 1430 1431 case FS_IOC_GET_ENCRYPTION_PWSALT: { 1432 #ifdef CONFIG_FS_ENCRYPTION 1433 int err, err2; 1434 struct ext4_sb_info *sbi = EXT4_SB(sb); 1435 handle_t *handle; 1436 1437 if (!ext4_has_feature_encrypt(sb)) 1438 return -EOPNOTSUPP; 1439 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) { 1440 err = mnt_want_write_file(filp); 1441 if (err) 1442 return err; 1443 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1); 1444 if (IS_ERR(handle)) { 1445 err = PTR_ERR(handle); 1446 goto pwsalt_err_exit; 1447 } 1448 err = ext4_journal_get_write_access(handle, sb, 1449 sbi->s_sbh, 1450 EXT4_JTR_NONE); 1451 if (err) 1452 goto pwsalt_err_journal; 1453 lock_buffer(sbi->s_sbh); 1454 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt); 1455 ext4_superblock_csum_set(sb); 1456 unlock_buffer(sbi->s_sbh); 1457 err = ext4_handle_dirty_metadata(handle, NULL, 1458 sbi->s_sbh); 1459 pwsalt_err_journal: 1460 err2 = ext4_journal_stop(handle); 1461 if (err2 && !err) 1462 err = err2; 1463 pwsalt_err_exit: 1464 mnt_drop_write_file(filp); 1465 if (err) 1466 return err; 1467 } 1468 if (copy_to_user((void __user *) arg, 1469 sbi->s_es->s_encrypt_pw_salt, 16)) 1470 return -EFAULT; 1471 return 0; 1472 #else 1473 return -EOPNOTSUPP; 1474 #endif 1475 } 1476 case FS_IOC_GET_ENCRYPTION_POLICY: 1477 if (!ext4_has_feature_encrypt(sb)) 1478 return -EOPNOTSUPP; 1479 return fscrypt_ioctl_get_policy(filp, (void __user *)arg); 1480 1481 case FS_IOC_GET_ENCRYPTION_POLICY_EX: 1482 if (!ext4_has_feature_encrypt(sb)) 1483 return -EOPNOTSUPP; 1484 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg); 1485 1486 case FS_IOC_ADD_ENCRYPTION_KEY: 1487 if (!ext4_has_feature_encrypt(sb)) 1488 return -EOPNOTSUPP; 1489 return fscrypt_ioctl_add_key(filp, (void __user *)arg); 1490 1491 case FS_IOC_REMOVE_ENCRYPTION_KEY: 1492 if (!ext4_has_feature_encrypt(sb)) 1493 return -EOPNOTSUPP; 1494 return fscrypt_ioctl_remove_key(filp, (void __user *)arg); 1495 1496 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: 1497 if (!ext4_has_feature_encrypt(sb)) 1498 return -EOPNOTSUPP; 1499 return fscrypt_ioctl_remove_key_all_users(filp, 1500 (void __user *)arg); 1501 case FS_IOC_GET_ENCRYPTION_KEY_STATUS: 1502 if (!ext4_has_feature_encrypt(sb)) 1503 return -EOPNOTSUPP; 1504 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg); 1505 1506 case FS_IOC_GET_ENCRYPTION_NONCE: 1507 if (!ext4_has_feature_encrypt(sb)) 1508 return -EOPNOTSUPP; 1509 return fscrypt_ioctl_get_nonce(filp, (void __user *)arg); 1510 1511 case EXT4_IOC_CLEAR_ES_CACHE: 1512 { 1513 if (!inode_owner_or_capable(mnt_userns, inode)) 1514 return -EACCES; 1515 ext4_clear_inode_es(inode); 1516 return 0; 1517 } 1518 1519 case EXT4_IOC_GETSTATE: 1520 { 1521 __u32 state = 0; 1522 1523 if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED)) 1524 state |= EXT4_STATE_FLAG_EXT_PRECACHED; 1525 if (ext4_test_inode_state(inode, EXT4_STATE_NEW)) 1526 state |= EXT4_STATE_FLAG_NEW; 1527 if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY)) 1528 state |= EXT4_STATE_FLAG_NEWENTRY; 1529 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE)) 1530 state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE; 1531 1532 return put_user(state, (__u32 __user *) arg); 1533 } 1534 1535 case EXT4_IOC_GET_ES_CACHE: 1536 return ext4_ioctl_get_es_cache(filp, arg); 1537 1538 case EXT4_IOC_SHUTDOWN: 1539 return ext4_shutdown(sb, arg); 1540 1541 case FS_IOC_ENABLE_VERITY: 1542 if (!ext4_has_feature_verity(sb)) 1543 return -EOPNOTSUPP; 1544 return fsverity_ioctl_enable(filp, (const void __user *)arg); 1545 1546 case FS_IOC_MEASURE_VERITY: 1547 if (!ext4_has_feature_verity(sb)) 1548 return -EOPNOTSUPP; 1549 return fsverity_ioctl_measure(filp, (void __user *)arg); 1550 1551 case FS_IOC_READ_VERITY_METADATA: 1552 if (!ext4_has_feature_verity(sb)) 1553 return -EOPNOTSUPP; 1554 return fsverity_ioctl_read_metadata(filp, 1555 (const void __user *)arg); 1556 1557 case EXT4_IOC_CHECKPOINT: 1558 return ext4_ioctl_checkpoint(filp, arg); 1559 1560 case FS_IOC_GETFSLABEL: 1561 return ext4_ioctl_getlabel(EXT4_SB(sb), (void __user *)arg); 1562 1563 case FS_IOC_SETFSLABEL: 1564 return ext4_ioctl_setlabel(filp, 1565 (const void __user *)arg); 1566 1567 default: 1568 return -ENOTTY; 1569 } 1570 } 1571 1572 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 1573 { 1574 return __ext4_ioctl(filp, cmd, arg); 1575 } 1576 1577 #ifdef CONFIG_COMPAT 1578 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1579 { 1580 /* These are just misnamed, they actually get/put from/to user an int */ 1581 switch (cmd) { 1582 case EXT4_IOC32_GETVERSION: 1583 cmd = EXT4_IOC_GETVERSION; 1584 break; 1585 case EXT4_IOC32_SETVERSION: 1586 cmd = EXT4_IOC_SETVERSION; 1587 break; 1588 case EXT4_IOC32_GROUP_EXTEND: 1589 cmd = EXT4_IOC_GROUP_EXTEND; 1590 break; 1591 case EXT4_IOC32_GETVERSION_OLD: 1592 cmd = EXT4_IOC_GETVERSION_OLD; 1593 break; 1594 case EXT4_IOC32_SETVERSION_OLD: 1595 cmd = EXT4_IOC_SETVERSION_OLD; 1596 break; 1597 case EXT4_IOC32_GETRSVSZ: 1598 cmd = EXT4_IOC_GETRSVSZ; 1599 break; 1600 case EXT4_IOC32_SETRSVSZ: 1601 cmd = EXT4_IOC_SETRSVSZ; 1602 break; 1603 case EXT4_IOC32_GROUP_ADD: { 1604 struct compat_ext4_new_group_input __user *uinput; 1605 struct ext4_new_group_data input; 1606 int err; 1607 1608 uinput = compat_ptr(arg); 1609 err = get_user(input.group, &uinput->group); 1610 err |= get_user(input.block_bitmap, &uinput->block_bitmap); 1611 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap); 1612 err |= get_user(input.inode_table, &uinput->inode_table); 1613 err |= get_user(input.blocks_count, &uinput->blocks_count); 1614 err |= get_user(input.reserved_blocks, 1615 &uinput->reserved_blocks); 1616 if (err) 1617 return -EFAULT; 1618 return ext4_ioctl_group_add(file, &input); 1619 } 1620 case EXT4_IOC_MOVE_EXT: 1621 case EXT4_IOC_RESIZE_FS: 1622 case FITRIM: 1623 case EXT4_IOC_PRECACHE_EXTENTS: 1624 case FS_IOC_SET_ENCRYPTION_POLICY: 1625 case FS_IOC_GET_ENCRYPTION_PWSALT: 1626 case FS_IOC_GET_ENCRYPTION_POLICY: 1627 case FS_IOC_GET_ENCRYPTION_POLICY_EX: 1628 case FS_IOC_ADD_ENCRYPTION_KEY: 1629 case FS_IOC_REMOVE_ENCRYPTION_KEY: 1630 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: 1631 case FS_IOC_GET_ENCRYPTION_KEY_STATUS: 1632 case FS_IOC_GET_ENCRYPTION_NONCE: 1633 case EXT4_IOC_SHUTDOWN: 1634 case FS_IOC_GETFSMAP: 1635 case FS_IOC_ENABLE_VERITY: 1636 case FS_IOC_MEASURE_VERITY: 1637 case FS_IOC_READ_VERITY_METADATA: 1638 case EXT4_IOC_CLEAR_ES_CACHE: 1639 case EXT4_IOC_GETSTATE: 1640 case EXT4_IOC_GET_ES_CACHE: 1641 case EXT4_IOC_CHECKPOINT: 1642 case FS_IOC_GETFSLABEL: 1643 case FS_IOC_SETFSLABEL: 1644 break; 1645 default: 1646 return -ENOIOCTLCMD; 1647 } 1648 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); 1649 } 1650 #endif 1651 1652 static void set_overhead(struct ext4_super_block *es, const void *arg) 1653 { 1654 es->s_overhead_clusters = cpu_to_le32(*((unsigned long *) arg)); 1655 } 1656 1657 int ext4_update_overhead(struct super_block *sb) 1658 { 1659 struct ext4_sb_info *sbi = EXT4_SB(sb); 1660 1661 if (sb_rdonly(sb) || sbi->s_overhead == 0 || 1662 sbi->s_overhead == le32_to_cpu(sbi->s_es->s_overhead_clusters)) 1663 return 0; 1664 1665 return ext4_update_superblocks_fn(sb, set_overhead, &sbi->s_overhead); 1666 } 1667