xref: /openbmc/linux/fs/ext4/ioctl.c (revision 11788d9b)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * linux/fs/ext4/ioctl.c
4  *
5  * Copyright (C) 1993, 1994, 1995
6  * Remy Card (card@masi.ibp.fr)
7  * Laboratoire MASI - Institut Blaise Pascal
8  * Universite Pierre et Marie Curie (Paris VI)
9  */
10 
11 #include <linux/fs.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <linux/quotaops.h>
18 #include <linux/random.h>
19 #include <linux/uuid.h>
20 #include <linux/uaccess.h>
21 #include <linux/delay.h>
22 #include <linux/iversion.h>
23 #include "ext4_jbd2.h"
24 #include "ext4.h"
25 #include <linux/fsmap.h>
26 #include "fsmap.h"
27 #include <trace/events/ext4.h>
28 
29 /**
30  * Swap memory between @a and @b for @len bytes.
31  *
32  * @a:          pointer to first memory area
33  * @b:          pointer to second memory area
34  * @len:        number of bytes to swap
35  *
36  */
37 static void memswap(void *a, void *b, size_t len)
38 {
39 	unsigned char *ap, *bp;
40 
41 	ap = (unsigned char *)a;
42 	bp = (unsigned char *)b;
43 	while (len-- > 0) {
44 		swap(*ap, *bp);
45 		ap++;
46 		bp++;
47 	}
48 }
49 
50 /**
51  * Swap i_data and associated attributes between @inode1 and @inode2.
52  * This function is used for the primary swap between inode1 and inode2
53  * and also to revert this primary swap in case of errors.
54  *
55  * Therefore you have to make sure, that calling this method twice
56  * will revert all changes.
57  *
58  * @inode1:     pointer to first inode
59  * @inode2:     pointer to second inode
60  */
61 static void swap_inode_data(struct inode *inode1, struct inode *inode2)
62 {
63 	loff_t isize;
64 	struct ext4_inode_info *ei1;
65 	struct ext4_inode_info *ei2;
66 	unsigned long tmp;
67 
68 	ei1 = EXT4_I(inode1);
69 	ei2 = EXT4_I(inode2);
70 
71 	swap(inode1->i_version, inode2->i_version);
72 	swap(inode1->i_atime, inode2->i_atime);
73 	swap(inode1->i_mtime, inode2->i_mtime);
74 
75 	memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
76 	tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
77 	ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
78 		(ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
79 	ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
80 	swap(ei1->i_disksize, ei2->i_disksize);
81 	ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
82 	ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
83 
84 	isize = i_size_read(inode1);
85 	i_size_write(inode1, i_size_read(inode2));
86 	i_size_write(inode2, isize);
87 }
88 
89 static void reset_inode_seed(struct inode *inode)
90 {
91 	struct ext4_inode_info *ei = EXT4_I(inode);
92 	struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
93 	__le32 inum = cpu_to_le32(inode->i_ino);
94 	__le32 gen = cpu_to_le32(inode->i_generation);
95 	__u32 csum;
96 
97 	if (!ext4_has_metadata_csum(inode->i_sb))
98 		return;
99 
100 	csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
101 	ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
102 }
103 
104 /**
105  * Swap the information from the given @inode and the inode
106  * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
107  * important fields of the inodes.
108  *
109  * @sb:         the super block of the filesystem
110  * @inode:      the inode to swap with EXT4_BOOT_LOADER_INO
111  *
112  */
113 static long swap_inode_boot_loader(struct super_block *sb,
114 				struct inode *inode)
115 {
116 	handle_t *handle;
117 	int err;
118 	struct inode *inode_bl;
119 	struct ext4_inode_info *ei_bl;
120 	qsize_t size, size_bl, diff;
121 	blkcnt_t blocks;
122 	unsigned short bytes;
123 
124 	inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL);
125 	if (IS_ERR(inode_bl))
126 		return PTR_ERR(inode_bl);
127 	ei_bl = EXT4_I(inode_bl);
128 
129 	/* Protect orig inodes against a truncate and make sure,
130 	 * that only 1 swap_inode_boot_loader is running. */
131 	lock_two_nondirectories(inode, inode_bl);
132 
133 	if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
134 	    IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
135 	    (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
136 	    ext4_has_inline_data(inode)) {
137 		err = -EINVAL;
138 		goto journal_err_out;
139 	}
140 
141 	if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
142 	    !inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) {
143 		err = -EPERM;
144 		goto journal_err_out;
145 	}
146 
147 	down_write(&EXT4_I(inode)->i_mmap_sem);
148 	err = filemap_write_and_wait(inode->i_mapping);
149 	if (err)
150 		goto err_out;
151 
152 	err = filemap_write_and_wait(inode_bl->i_mapping);
153 	if (err)
154 		goto err_out;
155 
156 	/* Wait for all existing dio workers */
157 	inode_dio_wait(inode);
158 	inode_dio_wait(inode_bl);
159 
160 	truncate_inode_pages(&inode->i_data, 0);
161 	truncate_inode_pages(&inode_bl->i_data, 0);
162 
163 	handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
164 	if (IS_ERR(handle)) {
165 		err = -EINVAL;
166 		goto err_out;
167 	}
168 
169 	/* Protect extent tree against block allocations via delalloc */
170 	ext4_double_down_write_data_sem(inode, inode_bl);
171 
172 	if (inode_bl->i_nlink == 0) {
173 		/* this inode has never been used as a BOOT_LOADER */
174 		set_nlink(inode_bl, 1);
175 		i_uid_write(inode_bl, 0);
176 		i_gid_write(inode_bl, 0);
177 		inode_bl->i_flags = 0;
178 		ei_bl->i_flags = 0;
179 		inode_set_iversion(inode_bl, 1);
180 		i_size_write(inode_bl, 0);
181 		inode_bl->i_mode = S_IFREG;
182 		if (ext4_has_feature_extents(sb)) {
183 			ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
184 			ext4_ext_tree_init(handle, inode_bl);
185 		} else
186 			memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
187 	}
188 
189 	err = dquot_initialize(inode);
190 	if (err)
191 		goto err_out1;
192 
193 	size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
194 	size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
195 	diff = size - size_bl;
196 	swap_inode_data(inode, inode_bl);
197 
198 	inode->i_ctime = inode_bl->i_ctime = current_time(inode);
199 
200 	inode->i_generation = prandom_u32();
201 	inode_bl->i_generation = prandom_u32();
202 	reset_inode_seed(inode);
203 	reset_inode_seed(inode_bl);
204 
205 	ext4_discard_preallocations(inode);
206 
207 	err = ext4_mark_inode_dirty(handle, inode);
208 	if (err < 0) {
209 		/* No need to update quota information. */
210 		ext4_warning(inode->i_sb,
211 			"couldn't mark inode #%lu dirty (err %d)",
212 			inode->i_ino, err);
213 		/* Revert all changes: */
214 		swap_inode_data(inode, inode_bl);
215 		ext4_mark_inode_dirty(handle, inode);
216 		goto err_out1;
217 	}
218 
219 	blocks = inode_bl->i_blocks;
220 	bytes = inode_bl->i_bytes;
221 	inode_bl->i_blocks = inode->i_blocks;
222 	inode_bl->i_bytes = inode->i_bytes;
223 	err = ext4_mark_inode_dirty(handle, inode_bl);
224 	if (err < 0) {
225 		/* No need to update quota information. */
226 		ext4_warning(inode_bl->i_sb,
227 			"couldn't mark inode #%lu dirty (err %d)",
228 			inode_bl->i_ino, err);
229 		goto revert;
230 	}
231 
232 	/* Bootloader inode should not be counted into quota information. */
233 	if (diff > 0)
234 		dquot_free_space(inode, diff);
235 	else
236 		err = dquot_alloc_space(inode, -1 * diff);
237 
238 	if (err < 0) {
239 revert:
240 		/* Revert all changes: */
241 		inode_bl->i_blocks = blocks;
242 		inode_bl->i_bytes = bytes;
243 		swap_inode_data(inode, inode_bl);
244 		ext4_mark_inode_dirty(handle, inode);
245 		ext4_mark_inode_dirty(handle, inode_bl);
246 	}
247 
248 err_out1:
249 	ext4_journal_stop(handle);
250 	ext4_double_up_write_data_sem(inode, inode_bl);
251 
252 err_out:
253 	up_write(&EXT4_I(inode)->i_mmap_sem);
254 journal_err_out:
255 	unlock_two_nondirectories(inode, inode_bl);
256 	iput(inode_bl);
257 	return err;
258 }
259 
260 #ifdef CONFIG_FS_ENCRYPTION
261 static int uuid_is_zero(__u8 u[16])
262 {
263 	int	i;
264 
265 	for (i = 0; i < 16; i++)
266 		if (u[i])
267 			return 0;
268 	return 1;
269 }
270 #endif
271 
272 /*
273  * If immutable is set and we are not clearing it, we're not allowed to change
274  * anything else in the inode.  Don't error out if we're only trying to set
275  * immutable on an immutable file.
276  */
277 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
278 				      unsigned int flags)
279 {
280 	struct ext4_inode_info *ei = EXT4_I(inode);
281 	unsigned int oldflags = ei->i_flags;
282 
283 	if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
284 		return 0;
285 
286 	if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
287 		return -EPERM;
288 	if (ext4_has_feature_project(inode->i_sb) &&
289 	    __kprojid_val(ei->i_projid) != new_projid)
290 		return -EPERM;
291 
292 	return 0;
293 }
294 
295 static void ext4_dax_dontcache(struct inode *inode, unsigned int flags)
296 {
297 	struct ext4_inode_info *ei = EXT4_I(inode);
298 
299 	if (S_ISDIR(inode->i_mode))
300 		return;
301 
302 	if (test_opt2(inode->i_sb, DAX_NEVER) ||
303 	    test_opt(inode->i_sb, DAX_ALWAYS))
304 		return;
305 
306 	if ((ei->i_flags ^ flags) & EXT4_DAX_FL)
307 		d_mark_dontcache(inode);
308 }
309 
310 static bool dax_compatible(struct inode *inode, unsigned int oldflags,
311 			   unsigned int flags)
312 {
313 	if (flags & EXT4_DAX_FL) {
314 		if ((oldflags & EXT4_DAX_MUT_EXCL) ||
315 		     ext4_test_inode_state(inode,
316 					  EXT4_STATE_VERITY_IN_PROGRESS)) {
317 			return false;
318 		}
319 	}
320 
321 	if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL))
322 			return false;
323 
324 	return true;
325 }
326 
327 static int ext4_ioctl_setflags(struct inode *inode,
328 			       unsigned int flags)
329 {
330 	struct ext4_inode_info *ei = EXT4_I(inode);
331 	handle_t *handle = NULL;
332 	int err = -EPERM, migrate = 0;
333 	struct ext4_iloc iloc;
334 	unsigned int oldflags, mask, i;
335 	struct super_block *sb = inode->i_sb;
336 
337 	/* Is it quota file? Do not allow user to mess with it */
338 	if (ext4_is_quota_file(inode))
339 		goto flags_out;
340 
341 	oldflags = ei->i_flags;
342 
343 	err = vfs_ioc_setflags_prepare(inode, oldflags, flags);
344 	if (err)
345 		goto flags_out;
346 
347 	/*
348 	 * The JOURNAL_DATA flag can only be changed by
349 	 * the relevant capability.
350 	 */
351 	if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
352 		if (!capable(CAP_SYS_RESOURCE))
353 			goto flags_out;
354 	}
355 
356 	if (!dax_compatible(inode, oldflags, flags)) {
357 		err = -EOPNOTSUPP;
358 		goto flags_out;
359 	}
360 
361 	if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
362 		migrate = 1;
363 
364 	if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) {
365 		if (!ext4_has_feature_casefold(sb)) {
366 			err = -EOPNOTSUPP;
367 			goto flags_out;
368 		}
369 
370 		if (!S_ISDIR(inode->i_mode)) {
371 			err = -ENOTDIR;
372 			goto flags_out;
373 		}
374 
375 		if (!ext4_empty_dir(inode)) {
376 			err = -ENOTEMPTY;
377 			goto flags_out;
378 		}
379 	}
380 
381 	/*
382 	 * Wait for all pending directio and then flush all the dirty pages
383 	 * for this file.  The flush marks all the pages readonly, so any
384 	 * subsequent attempt to write to the file (particularly mmap pages)
385 	 * will come through the filesystem and fail.
386 	 */
387 	if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
388 	    (flags & EXT4_IMMUTABLE_FL)) {
389 		inode_dio_wait(inode);
390 		err = filemap_write_and_wait(inode->i_mapping);
391 		if (err)
392 			goto flags_out;
393 	}
394 
395 	handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
396 	if (IS_ERR(handle)) {
397 		err = PTR_ERR(handle);
398 		goto flags_out;
399 	}
400 	if (IS_SYNC(inode))
401 		ext4_handle_sync(handle);
402 	err = ext4_reserve_inode_write(handle, inode, &iloc);
403 	if (err)
404 		goto flags_err;
405 
406 	ext4_dax_dontcache(inode, flags);
407 
408 	for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
409 		if (!(mask & EXT4_FL_USER_MODIFIABLE))
410 			continue;
411 		/* These flags get special treatment later */
412 		if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
413 			continue;
414 		if (mask & flags)
415 			ext4_set_inode_flag(inode, i);
416 		else
417 			ext4_clear_inode_flag(inode, i);
418 	}
419 
420 	ext4_set_inode_flags(inode, false);
421 
422 	inode->i_ctime = current_time(inode);
423 
424 	err = ext4_mark_iloc_dirty(handle, inode, &iloc);
425 flags_err:
426 	ext4_journal_stop(handle);
427 	if (err)
428 		goto flags_out;
429 
430 	if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
431 		/*
432 		 * Changes to the journaling mode can cause unsafe changes to
433 		 * S_DAX if the inode is DAX
434 		 */
435 		if (IS_DAX(inode)) {
436 			err = -EBUSY;
437 			goto flags_out;
438 		}
439 
440 		err = ext4_change_inode_journal_flag(inode,
441 						     flags & EXT4_JOURNAL_DATA_FL);
442 		if (err)
443 			goto flags_out;
444 	}
445 	if (migrate) {
446 		if (flags & EXT4_EXTENTS_FL)
447 			err = ext4_ext_migrate(inode);
448 		else
449 			err = ext4_ind_migrate(inode);
450 	}
451 
452 flags_out:
453 	return err;
454 }
455 
456 #ifdef CONFIG_QUOTA
457 static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
458 {
459 	struct inode *inode = file_inode(filp);
460 	struct super_block *sb = inode->i_sb;
461 	struct ext4_inode_info *ei = EXT4_I(inode);
462 	int err, rc;
463 	handle_t *handle;
464 	kprojid_t kprojid;
465 	struct ext4_iloc iloc;
466 	struct ext4_inode *raw_inode;
467 	struct dquot *transfer_to[MAXQUOTAS] = { };
468 
469 	if (!ext4_has_feature_project(sb)) {
470 		if (projid != EXT4_DEF_PROJID)
471 			return -EOPNOTSUPP;
472 		else
473 			return 0;
474 	}
475 
476 	if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
477 		return -EOPNOTSUPP;
478 
479 	kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
480 
481 	if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
482 		return 0;
483 
484 	err = -EPERM;
485 	/* Is it quota file? Do not allow user to mess with it */
486 	if (ext4_is_quota_file(inode))
487 		return err;
488 
489 	err = ext4_get_inode_loc(inode, &iloc);
490 	if (err)
491 		return err;
492 
493 	raw_inode = ext4_raw_inode(&iloc);
494 	if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
495 		err = ext4_expand_extra_isize(inode,
496 					      EXT4_SB(sb)->s_want_extra_isize,
497 					      &iloc);
498 		if (err)
499 			return err;
500 	} else {
501 		brelse(iloc.bh);
502 	}
503 
504 	err = dquot_initialize(inode);
505 	if (err)
506 		return err;
507 
508 	handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
509 		EXT4_QUOTA_INIT_BLOCKS(sb) +
510 		EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
511 	if (IS_ERR(handle))
512 		return PTR_ERR(handle);
513 
514 	err = ext4_reserve_inode_write(handle, inode, &iloc);
515 	if (err)
516 		goto out_stop;
517 
518 	transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
519 	if (!IS_ERR(transfer_to[PRJQUOTA])) {
520 
521 		/* __dquot_transfer() calls back ext4_get_inode_usage() which
522 		 * counts xattr inode references.
523 		 */
524 		down_read(&EXT4_I(inode)->xattr_sem);
525 		err = __dquot_transfer(inode, transfer_to);
526 		up_read(&EXT4_I(inode)->xattr_sem);
527 		dqput(transfer_to[PRJQUOTA]);
528 		if (err)
529 			goto out_dirty;
530 	}
531 
532 	EXT4_I(inode)->i_projid = kprojid;
533 	inode->i_ctime = current_time(inode);
534 out_dirty:
535 	rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
536 	if (!err)
537 		err = rc;
538 out_stop:
539 	ext4_journal_stop(handle);
540 	return err;
541 }
542 #else
543 static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
544 {
545 	if (projid != EXT4_DEF_PROJID)
546 		return -EOPNOTSUPP;
547 	return 0;
548 }
549 #endif
550 
551 /* Transfer internal flags to xflags */
552 static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
553 {
554 	__u32 xflags = 0;
555 
556 	if (iflags & EXT4_SYNC_FL)
557 		xflags |= FS_XFLAG_SYNC;
558 	if (iflags & EXT4_IMMUTABLE_FL)
559 		xflags |= FS_XFLAG_IMMUTABLE;
560 	if (iflags & EXT4_APPEND_FL)
561 		xflags |= FS_XFLAG_APPEND;
562 	if (iflags & EXT4_NODUMP_FL)
563 		xflags |= FS_XFLAG_NODUMP;
564 	if (iflags & EXT4_NOATIME_FL)
565 		xflags |= FS_XFLAG_NOATIME;
566 	if (iflags & EXT4_PROJINHERIT_FL)
567 		xflags |= FS_XFLAG_PROJINHERIT;
568 	if (iflags & EXT4_DAX_FL)
569 		xflags |= FS_XFLAG_DAX;
570 	return xflags;
571 }
572 
573 #define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
574 				  FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
575 				  FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT | \
576 				  FS_XFLAG_DAX)
577 
578 /* Transfer xflags flags to internal */
579 static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
580 {
581 	unsigned long iflags = 0;
582 
583 	if (xflags & FS_XFLAG_SYNC)
584 		iflags |= EXT4_SYNC_FL;
585 	if (xflags & FS_XFLAG_IMMUTABLE)
586 		iflags |= EXT4_IMMUTABLE_FL;
587 	if (xflags & FS_XFLAG_APPEND)
588 		iflags |= EXT4_APPEND_FL;
589 	if (xflags & FS_XFLAG_NODUMP)
590 		iflags |= EXT4_NODUMP_FL;
591 	if (xflags & FS_XFLAG_NOATIME)
592 		iflags |= EXT4_NOATIME_FL;
593 	if (xflags & FS_XFLAG_PROJINHERIT)
594 		iflags |= EXT4_PROJINHERIT_FL;
595 	if (xflags & FS_XFLAG_DAX)
596 		iflags |= EXT4_DAX_FL;
597 
598 	return iflags;
599 }
600 
601 static int ext4_shutdown(struct super_block *sb, unsigned long arg)
602 {
603 	struct ext4_sb_info *sbi = EXT4_SB(sb);
604 	__u32 flags;
605 
606 	if (!capable(CAP_SYS_ADMIN))
607 		return -EPERM;
608 
609 	if (get_user(flags, (__u32 __user *)arg))
610 		return -EFAULT;
611 
612 	if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
613 		return -EINVAL;
614 
615 	if (ext4_forced_shutdown(sbi))
616 		return 0;
617 
618 	ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
619 	trace_ext4_shutdown(sb, flags);
620 
621 	switch (flags) {
622 	case EXT4_GOING_FLAGS_DEFAULT:
623 		freeze_bdev(sb->s_bdev);
624 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
625 		thaw_bdev(sb->s_bdev, sb);
626 		break;
627 	case EXT4_GOING_FLAGS_LOGFLUSH:
628 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
629 		if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
630 			(void) ext4_force_commit(sb);
631 			jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
632 		}
633 		break;
634 	case EXT4_GOING_FLAGS_NOLOGFLUSH:
635 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
636 		if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
637 			jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
638 		break;
639 	default:
640 		return -EINVAL;
641 	}
642 	clear_opt(sb, DISCARD);
643 	return 0;
644 }
645 
646 struct getfsmap_info {
647 	struct super_block	*gi_sb;
648 	struct fsmap_head __user *gi_data;
649 	unsigned int		gi_idx;
650 	__u32			gi_last_flags;
651 };
652 
653 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
654 {
655 	struct getfsmap_info *info = priv;
656 	struct fsmap fm;
657 
658 	trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
659 
660 	info->gi_last_flags = xfm->fmr_flags;
661 	ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
662 	if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
663 			sizeof(struct fsmap)))
664 		return -EFAULT;
665 
666 	return 0;
667 }
668 
669 static int ext4_ioc_getfsmap(struct super_block *sb,
670 			     struct fsmap_head __user *arg)
671 {
672 	struct getfsmap_info info = { NULL };
673 	struct ext4_fsmap_head xhead = {0};
674 	struct fsmap_head head;
675 	bool aborted = false;
676 	int error;
677 
678 	if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
679 		return -EFAULT;
680 	if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
681 	    memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
682 		       sizeof(head.fmh_keys[0].fmr_reserved)) ||
683 	    memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
684 		       sizeof(head.fmh_keys[1].fmr_reserved)))
685 		return -EINVAL;
686 	/*
687 	 * ext4 doesn't report file extents at all, so the only valid
688 	 * file offsets are the magic ones (all zeroes or all ones).
689 	 */
690 	if (head.fmh_keys[0].fmr_offset ||
691 	    (head.fmh_keys[1].fmr_offset != 0 &&
692 	     head.fmh_keys[1].fmr_offset != -1ULL))
693 		return -EINVAL;
694 
695 	xhead.fmh_iflags = head.fmh_iflags;
696 	xhead.fmh_count = head.fmh_count;
697 	ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
698 	ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
699 
700 	trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
701 	trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
702 
703 	info.gi_sb = sb;
704 	info.gi_data = arg;
705 	error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
706 	if (error == EXT4_QUERY_RANGE_ABORT) {
707 		error = 0;
708 		aborted = true;
709 	} else if (error)
710 		return error;
711 
712 	/* If we didn't abort, set the "last" flag in the last fmx */
713 	if (!aborted && info.gi_idx) {
714 		info.gi_last_flags |= FMR_OF_LAST;
715 		if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
716 				 &info.gi_last_flags,
717 				 sizeof(info.gi_last_flags)))
718 			return -EFAULT;
719 	}
720 
721 	/* copy back header */
722 	head.fmh_entries = xhead.fmh_entries;
723 	head.fmh_oflags = xhead.fmh_oflags;
724 	if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
725 		return -EFAULT;
726 
727 	return 0;
728 }
729 
730 static long ext4_ioctl_group_add(struct file *file,
731 				 struct ext4_new_group_data *input)
732 {
733 	struct super_block *sb = file_inode(file)->i_sb;
734 	int err, err2=0;
735 
736 	err = ext4_resize_begin(sb);
737 	if (err)
738 		return err;
739 
740 	if (ext4_has_feature_bigalloc(sb)) {
741 		ext4_msg(sb, KERN_ERR,
742 			 "Online resizing not supported with bigalloc");
743 		err = -EOPNOTSUPP;
744 		goto group_add_out;
745 	}
746 
747 	err = mnt_want_write_file(file);
748 	if (err)
749 		goto group_add_out;
750 
751 	err = ext4_group_add(sb, input);
752 	if (EXT4_SB(sb)->s_journal) {
753 		jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
754 		err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
755 		jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
756 	}
757 	if (err == 0)
758 		err = err2;
759 	mnt_drop_write_file(file);
760 	if (!err && ext4_has_group_desc_csum(sb) &&
761 	    test_opt(sb, INIT_INODE_TABLE))
762 		err = ext4_register_li_request(sb, input->group);
763 group_add_out:
764 	ext4_resize_end(sb);
765 	return err;
766 }
767 
768 static void ext4_fill_fsxattr(struct inode *inode, struct fsxattr *fa)
769 {
770 	struct ext4_inode_info *ei = EXT4_I(inode);
771 
772 	simple_fill_fsxattr(fa, ext4_iflags_to_xflags(ei->i_flags &
773 						      EXT4_FL_USER_VISIBLE));
774 
775 	if (ext4_has_feature_project(inode->i_sb))
776 		fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid);
777 }
778 
779 /* So that the fiemap access checks can't overflow on 32 bit machines. */
780 #define FIEMAP_MAX_EXTENTS	(UINT_MAX / sizeof(struct fiemap_extent))
781 
782 static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg)
783 {
784 	struct fiemap fiemap;
785 	struct fiemap __user *ufiemap = (struct fiemap __user *) arg;
786 	struct fiemap_extent_info fieinfo = { 0, };
787 	struct inode *inode = file_inode(filp);
788 	int error;
789 
790 	if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap)))
791 		return -EFAULT;
792 
793 	if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS)
794 		return -EINVAL;
795 
796 	fieinfo.fi_flags = fiemap.fm_flags;
797 	fieinfo.fi_extents_max = fiemap.fm_extent_count;
798 	fieinfo.fi_extents_start = ufiemap->fm_extents;
799 
800 	error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start,
801 			fiemap.fm_length);
802 	fiemap.fm_flags = fieinfo.fi_flags;
803 	fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
804 	if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap)))
805 		error = -EFAULT;
806 
807 	return error;
808 }
809 
810 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
811 {
812 	struct inode *inode = file_inode(filp);
813 	struct super_block *sb = inode->i_sb;
814 	struct ext4_inode_info *ei = EXT4_I(inode);
815 	unsigned int flags;
816 
817 	ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
818 
819 	switch (cmd) {
820 	case FS_IOC_GETFSMAP:
821 		return ext4_ioc_getfsmap(sb, (void __user *)arg);
822 	case EXT4_IOC_GETFLAGS:
823 		flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
824 		if (S_ISREG(inode->i_mode))
825 			flags &= ~EXT4_PROJINHERIT_FL;
826 		return put_user(flags, (int __user *) arg);
827 	case EXT4_IOC_SETFLAGS: {
828 		int err;
829 
830 		if (!inode_owner_or_capable(inode))
831 			return -EACCES;
832 
833 		if (get_user(flags, (int __user *) arg))
834 			return -EFAULT;
835 
836 		if (flags & ~EXT4_FL_USER_VISIBLE)
837 			return -EOPNOTSUPP;
838 		/*
839 		 * chattr(1) grabs flags via GETFLAGS, modifies the result and
840 		 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
841 		 * more restrictive than just silently masking off visible but
842 		 * not settable flags as we always did.
843 		 */
844 		flags &= EXT4_FL_USER_MODIFIABLE;
845 		if (ext4_mask_flags(inode->i_mode, flags) != flags)
846 			return -EOPNOTSUPP;
847 
848 		err = mnt_want_write_file(filp);
849 		if (err)
850 			return err;
851 
852 		inode_lock(inode);
853 		err = ext4_ioctl_check_immutable(inode,
854 				from_kprojid(&init_user_ns, ei->i_projid),
855 				flags);
856 		if (!err)
857 			err = ext4_ioctl_setflags(inode, flags);
858 		inode_unlock(inode);
859 		mnt_drop_write_file(filp);
860 		return err;
861 	}
862 	case EXT4_IOC_GETVERSION:
863 	case EXT4_IOC_GETVERSION_OLD:
864 		return put_user(inode->i_generation, (int __user *) arg);
865 	case EXT4_IOC_SETVERSION:
866 	case EXT4_IOC_SETVERSION_OLD: {
867 		handle_t *handle;
868 		struct ext4_iloc iloc;
869 		__u32 generation;
870 		int err;
871 
872 		if (!inode_owner_or_capable(inode))
873 			return -EPERM;
874 
875 		if (ext4_has_metadata_csum(inode->i_sb)) {
876 			ext4_warning(sb, "Setting inode version is not "
877 				     "supported with metadata_csum enabled.");
878 			return -ENOTTY;
879 		}
880 
881 		err = mnt_want_write_file(filp);
882 		if (err)
883 			return err;
884 		if (get_user(generation, (int __user *) arg)) {
885 			err = -EFAULT;
886 			goto setversion_out;
887 		}
888 
889 		inode_lock(inode);
890 		handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
891 		if (IS_ERR(handle)) {
892 			err = PTR_ERR(handle);
893 			goto unlock_out;
894 		}
895 		err = ext4_reserve_inode_write(handle, inode, &iloc);
896 		if (err == 0) {
897 			inode->i_ctime = current_time(inode);
898 			inode->i_generation = generation;
899 			err = ext4_mark_iloc_dirty(handle, inode, &iloc);
900 		}
901 		ext4_journal_stop(handle);
902 
903 unlock_out:
904 		inode_unlock(inode);
905 setversion_out:
906 		mnt_drop_write_file(filp);
907 		return err;
908 	}
909 	case EXT4_IOC_GROUP_EXTEND: {
910 		ext4_fsblk_t n_blocks_count;
911 		int err, err2=0;
912 
913 		err = ext4_resize_begin(sb);
914 		if (err)
915 			return err;
916 
917 		if (get_user(n_blocks_count, (__u32 __user *)arg)) {
918 			err = -EFAULT;
919 			goto group_extend_out;
920 		}
921 
922 		if (ext4_has_feature_bigalloc(sb)) {
923 			ext4_msg(sb, KERN_ERR,
924 				 "Online resizing not supported with bigalloc");
925 			err = -EOPNOTSUPP;
926 			goto group_extend_out;
927 		}
928 
929 		err = mnt_want_write_file(filp);
930 		if (err)
931 			goto group_extend_out;
932 
933 		err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
934 		if (EXT4_SB(sb)->s_journal) {
935 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
936 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
937 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
938 		}
939 		if (err == 0)
940 			err = err2;
941 		mnt_drop_write_file(filp);
942 group_extend_out:
943 		ext4_resize_end(sb);
944 		return err;
945 	}
946 
947 	case EXT4_IOC_MOVE_EXT: {
948 		struct move_extent me;
949 		struct fd donor;
950 		int err;
951 
952 		if (!(filp->f_mode & FMODE_READ) ||
953 		    !(filp->f_mode & FMODE_WRITE))
954 			return -EBADF;
955 
956 		if (copy_from_user(&me,
957 			(struct move_extent __user *)arg, sizeof(me)))
958 			return -EFAULT;
959 		me.moved_len = 0;
960 
961 		donor = fdget(me.donor_fd);
962 		if (!donor.file)
963 			return -EBADF;
964 
965 		if (!(donor.file->f_mode & FMODE_WRITE)) {
966 			err = -EBADF;
967 			goto mext_out;
968 		}
969 
970 		if (ext4_has_feature_bigalloc(sb)) {
971 			ext4_msg(sb, KERN_ERR,
972 				 "Online defrag not supported with bigalloc");
973 			err = -EOPNOTSUPP;
974 			goto mext_out;
975 		} else if (IS_DAX(inode)) {
976 			ext4_msg(sb, KERN_ERR,
977 				 "Online defrag not supported with DAX");
978 			err = -EOPNOTSUPP;
979 			goto mext_out;
980 		}
981 
982 		err = mnt_want_write_file(filp);
983 		if (err)
984 			goto mext_out;
985 
986 		err = ext4_move_extents(filp, donor.file, me.orig_start,
987 					me.donor_start, me.len, &me.moved_len);
988 		mnt_drop_write_file(filp);
989 
990 		if (copy_to_user((struct move_extent __user *)arg,
991 				 &me, sizeof(me)))
992 			err = -EFAULT;
993 mext_out:
994 		fdput(donor);
995 		return err;
996 	}
997 
998 	case EXT4_IOC_GROUP_ADD: {
999 		struct ext4_new_group_data input;
1000 
1001 		if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
1002 				sizeof(input)))
1003 			return -EFAULT;
1004 
1005 		return ext4_ioctl_group_add(filp, &input);
1006 	}
1007 
1008 	case EXT4_IOC_MIGRATE:
1009 	{
1010 		int err;
1011 		if (!inode_owner_or_capable(inode))
1012 			return -EACCES;
1013 
1014 		err = mnt_want_write_file(filp);
1015 		if (err)
1016 			return err;
1017 		/*
1018 		 * inode_mutex prevent write and truncate on the file.
1019 		 * Read still goes through. We take i_data_sem in
1020 		 * ext4_ext_swap_inode_data before we switch the
1021 		 * inode format to prevent read.
1022 		 */
1023 		inode_lock((inode));
1024 		err = ext4_ext_migrate(inode);
1025 		inode_unlock((inode));
1026 		mnt_drop_write_file(filp);
1027 		return err;
1028 	}
1029 
1030 	case EXT4_IOC_ALLOC_DA_BLKS:
1031 	{
1032 		int err;
1033 		if (!inode_owner_or_capable(inode))
1034 			return -EACCES;
1035 
1036 		err = mnt_want_write_file(filp);
1037 		if (err)
1038 			return err;
1039 		err = ext4_alloc_da_blocks(inode);
1040 		mnt_drop_write_file(filp);
1041 		return err;
1042 	}
1043 
1044 	case EXT4_IOC_SWAP_BOOT:
1045 	{
1046 		int err;
1047 		if (!(filp->f_mode & FMODE_WRITE))
1048 			return -EBADF;
1049 		err = mnt_want_write_file(filp);
1050 		if (err)
1051 			return err;
1052 		err = swap_inode_boot_loader(sb, inode);
1053 		mnt_drop_write_file(filp);
1054 		return err;
1055 	}
1056 
1057 	case EXT4_IOC_RESIZE_FS: {
1058 		ext4_fsblk_t n_blocks_count;
1059 		int err = 0, err2 = 0;
1060 		ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
1061 
1062 		if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1063 				   sizeof(__u64))) {
1064 			return -EFAULT;
1065 		}
1066 
1067 		err = ext4_resize_begin(sb);
1068 		if (err)
1069 			return err;
1070 
1071 		err = mnt_want_write_file(filp);
1072 		if (err)
1073 			goto resizefs_out;
1074 
1075 		err = ext4_resize_fs(sb, n_blocks_count);
1076 		if (EXT4_SB(sb)->s_journal) {
1077 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1078 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
1079 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1080 		}
1081 		if (err == 0)
1082 			err = err2;
1083 		mnt_drop_write_file(filp);
1084 		if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1085 		    ext4_has_group_desc_csum(sb) &&
1086 		    test_opt(sb, INIT_INODE_TABLE))
1087 			err = ext4_register_li_request(sb, o_group);
1088 
1089 resizefs_out:
1090 		ext4_resize_end(sb);
1091 		return err;
1092 	}
1093 
1094 	case FITRIM:
1095 	{
1096 		struct request_queue *q = bdev_get_queue(sb->s_bdev);
1097 		struct fstrim_range range;
1098 		int ret = 0;
1099 
1100 		if (!capable(CAP_SYS_ADMIN))
1101 			return -EPERM;
1102 
1103 		if (!blk_queue_discard(q))
1104 			return -EOPNOTSUPP;
1105 
1106 		/*
1107 		 * We haven't replayed the journal, so we cannot use our
1108 		 * block-bitmap-guided storage zapping commands.
1109 		 */
1110 		if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1111 			return -EROFS;
1112 
1113 		if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1114 		    sizeof(range)))
1115 			return -EFAULT;
1116 
1117 		range.minlen = max((unsigned int)range.minlen,
1118 				   q->limits.discard_granularity);
1119 		ret = ext4_trim_fs(sb, &range);
1120 		if (ret < 0)
1121 			return ret;
1122 
1123 		if (copy_to_user((struct fstrim_range __user *)arg, &range,
1124 		    sizeof(range)))
1125 			return -EFAULT;
1126 
1127 		return 0;
1128 	}
1129 	case EXT4_IOC_PRECACHE_EXTENTS:
1130 		return ext4_ext_precache(inode);
1131 
1132 	case EXT4_IOC_SET_ENCRYPTION_POLICY:
1133 		if (!ext4_has_feature_encrypt(sb))
1134 			return -EOPNOTSUPP;
1135 		return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1136 
1137 	case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
1138 #ifdef CONFIG_FS_ENCRYPTION
1139 		int err, err2;
1140 		struct ext4_sb_info *sbi = EXT4_SB(sb);
1141 		handle_t *handle;
1142 
1143 		if (!ext4_has_feature_encrypt(sb))
1144 			return -EOPNOTSUPP;
1145 		if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
1146 			err = mnt_want_write_file(filp);
1147 			if (err)
1148 				return err;
1149 			handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
1150 			if (IS_ERR(handle)) {
1151 				err = PTR_ERR(handle);
1152 				goto pwsalt_err_exit;
1153 			}
1154 			err = ext4_journal_get_write_access(handle, sbi->s_sbh);
1155 			if (err)
1156 				goto pwsalt_err_journal;
1157 			generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
1158 			err = ext4_handle_dirty_metadata(handle, NULL,
1159 							 sbi->s_sbh);
1160 		pwsalt_err_journal:
1161 			err2 = ext4_journal_stop(handle);
1162 			if (err2 && !err)
1163 				err = err2;
1164 		pwsalt_err_exit:
1165 			mnt_drop_write_file(filp);
1166 			if (err)
1167 				return err;
1168 		}
1169 		if (copy_to_user((void __user *) arg,
1170 				 sbi->s_es->s_encrypt_pw_salt, 16))
1171 			return -EFAULT;
1172 		return 0;
1173 #else
1174 		return -EOPNOTSUPP;
1175 #endif
1176 	}
1177 	case EXT4_IOC_GET_ENCRYPTION_POLICY:
1178 		if (!ext4_has_feature_encrypt(sb))
1179 			return -EOPNOTSUPP;
1180 		return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1181 
1182 	case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1183 		if (!ext4_has_feature_encrypt(sb))
1184 			return -EOPNOTSUPP;
1185 		return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg);
1186 
1187 	case FS_IOC_ADD_ENCRYPTION_KEY:
1188 		if (!ext4_has_feature_encrypt(sb))
1189 			return -EOPNOTSUPP;
1190 		return fscrypt_ioctl_add_key(filp, (void __user *)arg);
1191 
1192 	case FS_IOC_REMOVE_ENCRYPTION_KEY:
1193 		if (!ext4_has_feature_encrypt(sb))
1194 			return -EOPNOTSUPP;
1195 		return fscrypt_ioctl_remove_key(filp, (void __user *)arg);
1196 
1197 	case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1198 		if (!ext4_has_feature_encrypt(sb))
1199 			return -EOPNOTSUPP;
1200 		return fscrypt_ioctl_remove_key_all_users(filp,
1201 							  (void __user *)arg);
1202 	case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1203 		if (!ext4_has_feature_encrypt(sb))
1204 			return -EOPNOTSUPP;
1205 		return fscrypt_ioctl_get_key_status(filp, (void __user *)arg);
1206 
1207 	case FS_IOC_GET_ENCRYPTION_NONCE:
1208 		if (!ext4_has_feature_encrypt(sb))
1209 			return -EOPNOTSUPP;
1210 		return fscrypt_ioctl_get_nonce(filp, (void __user *)arg);
1211 
1212 	case EXT4_IOC_CLEAR_ES_CACHE:
1213 	{
1214 		if (!inode_owner_or_capable(inode))
1215 			return -EACCES;
1216 		ext4_clear_inode_es(inode);
1217 		return 0;
1218 	}
1219 
1220 	case EXT4_IOC_GETSTATE:
1221 	{
1222 		__u32	state = 0;
1223 
1224 		if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED))
1225 			state |= EXT4_STATE_FLAG_EXT_PRECACHED;
1226 		if (ext4_test_inode_state(inode, EXT4_STATE_NEW))
1227 			state |= EXT4_STATE_FLAG_NEW;
1228 		if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
1229 			state |= EXT4_STATE_FLAG_NEWENTRY;
1230 		if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE))
1231 			state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE;
1232 
1233 		return put_user(state, (__u32 __user *) arg);
1234 	}
1235 
1236 	case EXT4_IOC_GET_ES_CACHE:
1237 		return ext4_ioctl_get_es_cache(filp, arg);
1238 
1239 	case EXT4_IOC_FSGETXATTR:
1240 	{
1241 		struct fsxattr fa;
1242 
1243 		ext4_fill_fsxattr(inode, &fa);
1244 
1245 		if (copy_to_user((struct fsxattr __user *)arg,
1246 				 &fa, sizeof(fa)))
1247 			return -EFAULT;
1248 		return 0;
1249 	}
1250 	case EXT4_IOC_FSSETXATTR:
1251 	{
1252 		struct fsxattr fa, old_fa;
1253 		int err;
1254 
1255 		if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1256 				   sizeof(fa)))
1257 			return -EFAULT;
1258 
1259 		/* Make sure caller has proper permission */
1260 		if (!inode_owner_or_capable(inode))
1261 			return -EACCES;
1262 
1263 		if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1264 			return -EOPNOTSUPP;
1265 
1266 		flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1267 		if (ext4_mask_flags(inode->i_mode, flags) != flags)
1268 			return -EOPNOTSUPP;
1269 
1270 		err = mnt_want_write_file(filp);
1271 		if (err)
1272 			return err;
1273 
1274 		inode_lock(inode);
1275 		ext4_fill_fsxattr(inode, &old_fa);
1276 		err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa);
1277 		if (err)
1278 			goto out;
1279 		flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1280 			 (flags & EXT4_FL_XFLAG_VISIBLE);
1281 		err = ext4_ioctl_check_immutable(inode, fa.fsx_projid, flags);
1282 		if (err)
1283 			goto out;
1284 		err = ext4_ioctl_setflags(inode, flags);
1285 		if (err)
1286 			goto out;
1287 		err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1288 out:
1289 		inode_unlock(inode);
1290 		mnt_drop_write_file(filp);
1291 		return err;
1292 	}
1293 	case EXT4_IOC_SHUTDOWN:
1294 		return ext4_shutdown(sb, arg);
1295 
1296 	case FS_IOC_ENABLE_VERITY:
1297 		if (!ext4_has_feature_verity(sb))
1298 			return -EOPNOTSUPP;
1299 		return fsverity_ioctl_enable(filp, (const void __user *)arg);
1300 
1301 	case FS_IOC_MEASURE_VERITY:
1302 		if (!ext4_has_feature_verity(sb))
1303 			return -EOPNOTSUPP;
1304 		return fsverity_ioctl_measure(filp, (void __user *)arg);
1305 
1306 	default:
1307 		return -ENOTTY;
1308 	}
1309 }
1310 
1311 #ifdef CONFIG_COMPAT
1312 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1313 {
1314 	/* These are just misnamed, they actually get/put from/to user an int */
1315 	switch (cmd) {
1316 	case EXT4_IOC32_GETFLAGS:
1317 		cmd = EXT4_IOC_GETFLAGS;
1318 		break;
1319 	case EXT4_IOC32_SETFLAGS:
1320 		cmd = EXT4_IOC_SETFLAGS;
1321 		break;
1322 	case EXT4_IOC32_GETVERSION:
1323 		cmd = EXT4_IOC_GETVERSION;
1324 		break;
1325 	case EXT4_IOC32_SETVERSION:
1326 		cmd = EXT4_IOC_SETVERSION;
1327 		break;
1328 	case EXT4_IOC32_GROUP_EXTEND:
1329 		cmd = EXT4_IOC_GROUP_EXTEND;
1330 		break;
1331 	case EXT4_IOC32_GETVERSION_OLD:
1332 		cmd = EXT4_IOC_GETVERSION_OLD;
1333 		break;
1334 	case EXT4_IOC32_SETVERSION_OLD:
1335 		cmd = EXT4_IOC_SETVERSION_OLD;
1336 		break;
1337 	case EXT4_IOC32_GETRSVSZ:
1338 		cmd = EXT4_IOC_GETRSVSZ;
1339 		break;
1340 	case EXT4_IOC32_SETRSVSZ:
1341 		cmd = EXT4_IOC_SETRSVSZ;
1342 		break;
1343 	case EXT4_IOC32_GROUP_ADD: {
1344 		struct compat_ext4_new_group_input __user *uinput;
1345 		struct ext4_new_group_data input;
1346 		int err;
1347 
1348 		uinput = compat_ptr(arg);
1349 		err = get_user(input.group, &uinput->group);
1350 		err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1351 		err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1352 		err |= get_user(input.inode_table, &uinput->inode_table);
1353 		err |= get_user(input.blocks_count, &uinput->blocks_count);
1354 		err |= get_user(input.reserved_blocks,
1355 				&uinput->reserved_blocks);
1356 		if (err)
1357 			return -EFAULT;
1358 		return ext4_ioctl_group_add(file, &input);
1359 	}
1360 	case EXT4_IOC_MOVE_EXT:
1361 	case EXT4_IOC_RESIZE_FS:
1362 	case FITRIM:
1363 	case EXT4_IOC_PRECACHE_EXTENTS:
1364 	case EXT4_IOC_SET_ENCRYPTION_POLICY:
1365 	case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1366 	case EXT4_IOC_GET_ENCRYPTION_POLICY:
1367 	case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1368 	case FS_IOC_ADD_ENCRYPTION_KEY:
1369 	case FS_IOC_REMOVE_ENCRYPTION_KEY:
1370 	case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1371 	case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1372 	case FS_IOC_GET_ENCRYPTION_NONCE:
1373 	case EXT4_IOC_SHUTDOWN:
1374 	case FS_IOC_GETFSMAP:
1375 	case FS_IOC_ENABLE_VERITY:
1376 	case FS_IOC_MEASURE_VERITY:
1377 	case EXT4_IOC_CLEAR_ES_CACHE:
1378 	case EXT4_IOC_GETSTATE:
1379 	case EXT4_IOC_GET_ES_CACHE:
1380 	case EXT4_IOC_FSGETXATTR:
1381 	case EXT4_IOC_FSSETXATTR:
1382 		break;
1383 	default:
1384 		return -ENOIOCTLCMD;
1385 	}
1386 	return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1387 }
1388 #endif
1389