1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/ioctl.c 4 * 5 * Copyright (C) 1993, 1994, 1995 6 * Remy Card (card@masi.ibp.fr) 7 * Laboratoire MASI - Institut Blaise Pascal 8 * Universite Pierre et Marie Curie (Paris VI) 9 */ 10 11 #include <linux/fs.h> 12 #include <linux/capability.h> 13 #include <linux/time.h> 14 #include <linux/compat.h> 15 #include <linux/mount.h> 16 #include <linux/file.h> 17 #include <linux/quotaops.h> 18 #include <linux/random.h> 19 #include <linux/uuid.h> 20 #include <linux/uaccess.h> 21 #include <linux/delay.h> 22 #include <linux/iversion.h> 23 #include "ext4_jbd2.h" 24 #include "ext4.h" 25 #include <linux/fsmap.h> 26 #include "fsmap.h" 27 #include <trace/events/ext4.h> 28 29 /** 30 * Swap memory between @a and @b for @len bytes. 31 * 32 * @a: pointer to first memory area 33 * @b: pointer to second memory area 34 * @len: number of bytes to swap 35 * 36 */ 37 static void memswap(void *a, void *b, size_t len) 38 { 39 unsigned char *ap, *bp; 40 41 ap = (unsigned char *)a; 42 bp = (unsigned char *)b; 43 while (len-- > 0) { 44 swap(*ap, *bp); 45 ap++; 46 bp++; 47 } 48 } 49 50 /** 51 * Swap i_data and associated attributes between @inode1 and @inode2. 52 * This function is used for the primary swap between inode1 and inode2 53 * and also to revert this primary swap in case of errors. 54 * 55 * Therefore you have to make sure, that calling this method twice 56 * will revert all changes. 57 * 58 * @inode1: pointer to first inode 59 * @inode2: pointer to second inode 60 */ 61 static void swap_inode_data(struct inode *inode1, struct inode *inode2) 62 { 63 loff_t isize; 64 struct ext4_inode_info *ei1; 65 struct ext4_inode_info *ei2; 66 unsigned long tmp; 67 68 ei1 = EXT4_I(inode1); 69 ei2 = EXT4_I(inode2); 70 71 swap(inode1->i_version, inode2->i_version); 72 swap(inode1->i_atime, inode2->i_atime); 73 swap(inode1->i_mtime, inode2->i_mtime); 74 75 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data)); 76 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP; 77 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) | 78 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP); 79 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP); 80 swap(ei1->i_disksize, ei2->i_disksize); 81 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS); 82 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS); 83 84 isize = i_size_read(inode1); 85 i_size_write(inode1, i_size_read(inode2)); 86 i_size_write(inode2, isize); 87 } 88 89 static void reset_inode_seed(struct inode *inode) 90 { 91 struct ext4_inode_info *ei = EXT4_I(inode); 92 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); 93 __le32 inum = cpu_to_le32(inode->i_ino); 94 __le32 gen = cpu_to_le32(inode->i_generation); 95 __u32 csum; 96 97 if (!ext4_has_metadata_csum(inode->i_sb)) 98 return; 99 100 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum)); 101 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen)); 102 } 103 104 /** 105 * Swap the information from the given @inode and the inode 106 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other 107 * important fields of the inodes. 108 * 109 * @sb: the super block of the filesystem 110 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO 111 * 112 */ 113 static long swap_inode_boot_loader(struct super_block *sb, 114 struct inode *inode) 115 { 116 handle_t *handle; 117 int err; 118 struct inode *inode_bl; 119 struct ext4_inode_info *ei_bl; 120 qsize_t size, size_bl, diff; 121 blkcnt_t blocks; 122 unsigned short bytes; 123 124 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL); 125 if (IS_ERR(inode_bl)) 126 return PTR_ERR(inode_bl); 127 ei_bl = EXT4_I(inode_bl); 128 129 /* Protect orig inodes against a truncate and make sure, 130 * that only 1 swap_inode_boot_loader is running. */ 131 lock_two_nondirectories(inode, inode_bl); 132 133 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) || 134 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) || 135 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) || 136 ext4_has_inline_data(inode)) { 137 err = -EINVAL; 138 goto journal_err_out; 139 } 140 141 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) || 142 !inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) { 143 err = -EPERM; 144 goto journal_err_out; 145 } 146 147 down_write(&EXT4_I(inode)->i_mmap_sem); 148 err = filemap_write_and_wait(inode->i_mapping); 149 if (err) 150 goto err_out; 151 152 err = filemap_write_and_wait(inode_bl->i_mapping); 153 if (err) 154 goto err_out; 155 156 /* Wait for all existing dio workers */ 157 inode_dio_wait(inode); 158 inode_dio_wait(inode_bl); 159 160 truncate_inode_pages(&inode->i_data, 0); 161 truncate_inode_pages(&inode_bl->i_data, 0); 162 163 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2); 164 if (IS_ERR(handle)) { 165 err = -EINVAL; 166 goto err_out; 167 } 168 169 /* Protect extent tree against block allocations via delalloc */ 170 ext4_double_down_write_data_sem(inode, inode_bl); 171 172 if (inode_bl->i_nlink == 0) { 173 /* this inode has never been used as a BOOT_LOADER */ 174 set_nlink(inode_bl, 1); 175 i_uid_write(inode_bl, 0); 176 i_gid_write(inode_bl, 0); 177 inode_bl->i_flags = 0; 178 ei_bl->i_flags = 0; 179 inode_set_iversion(inode_bl, 1); 180 i_size_write(inode_bl, 0); 181 inode_bl->i_mode = S_IFREG; 182 if (ext4_has_feature_extents(sb)) { 183 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS); 184 ext4_ext_tree_init(handle, inode_bl); 185 } else 186 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data)); 187 } 188 189 err = dquot_initialize(inode); 190 if (err) 191 goto err_out1; 192 193 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes; 194 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes; 195 diff = size - size_bl; 196 swap_inode_data(inode, inode_bl); 197 198 inode->i_ctime = inode_bl->i_ctime = current_time(inode); 199 200 inode->i_generation = prandom_u32(); 201 inode_bl->i_generation = prandom_u32(); 202 reset_inode_seed(inode); 203 reset_inode_seed(inode_bl); 204 205 ext4_discard_preallocations(inode); 206 207 err = ext4_mark_inode_dirty(handle, inode); 208 if (err < 0) { 209 /* No need to update quota information. */ 210 ext4_warning(inode->i_sb, 211 "couldn't mark inode #%lu dirty (err %d)", 212 inode->i_ino, err); 213 /* Revert all changes: */ 214 swap_inode_data(inode, inode_bl); 215 ext4_mark_inode_dirty(handle, inode); 216 goto err_out1; 217 } 218 219 blocks = inode_bl->i_blocks; 220 bytes = inode_bl->i_bytes; 221 inode_bl->i_blocks = inode->i_blocks; 222 inode_bl->i_bytes = inode->i_bytes; 223 err = ext4_mark_inode_dirty(handle, inode_bl); 224 if (err < 0) { 225 /* No need to update quota information. */ 226 ext4_warning(inode_bl->i_sb, 227 "couldn't mark inode #%lu dirty (err %d)", 228 inode_bl->i_ino, err); 229 goto revert; 230 } 231 232 /* Bootloader inode should not be counted into quota information. */ 233 if (diff > 0) 234 dquot_free_space(inode, diff); 235 else 236 err = dquot_alloc_space(inode, -1 * diff); 237 238 if (err < 0) { 239 revert: 240 /* Revert all changes: */ 241 inode_bl->i_blocks = blocks; 242 inode_bl->i_bytes = bytes; 243 swap_inode_data(inode, inode_bl); 244 ext4_mark_inode_dirty(handle, inode); 245 ext4_mark_inode_dirty(handle, inode_bl); 246 } 247 248 err_out1: 249 ext4_journal_stop(handle); 250 ext4_double_up_write_data_sem(inode, inode_bl); 251 252 err_out: 253 up_write(&EXT4_I(inode)->i_mmap_sem); 254 journal_err_out: 255 unlock_two_nondirectories(inode, inode_bl); 256 iput(inode_bl); 257 return err; 258 } 259 260 #ifdef CONFIG_FS_ENCRYPTION 261 static int uuid_is_zero(__u8 u[16]) 262 { 263 int i; 264 265 for (i = 0; i < 16; i++) 266 if (u[i]) 267 return 0; 268 return 1; 269 } 270 #endif 271 272 static int ext4_ioctl_setflags(struct inode *inode, 273 unsigned int flags) 274 { 275 struct ext4_inode_info *ei = EXT4_I(inode); 276 handle_t *handle = NULL; 277 int err = -EPERM, migrate = 0; 278 struct ext4_iloc iloc; 279 unsigned int oldflags, mask, i; 280 unsigned int jflag; 281 282 /* Is it quota file? Do not allow user to mess with it */ 283 if (ext4_is_quota_file(inode)) 284 goto flags_out; 285 286 oldflags = ei->i_flags; 287 288 /* The JOURNAL_DATA flag is modifiable only by root */ 289 jflag = flags & EXT4_JOURNAL_DATA_FL; 290 291 /* 292 * The IMMUTABLE and APPEND_ONLY flags can only be changed by 293 * the relevant capability. 294 * 295 * This test looks nicer. Thanks to Pauline Middelink 296 */ 297 if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) { 298 if (!capable(CAP_LINUX_IMMUTABLE)) 299 goto flags_out; 300 } 301 302 /* 303 * The JOURNAL_DATA flag can only be changed by 304 * the relevant capability. 305 */ 306 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 307 if (!capable(CAP_SYS_RESOURCE)) 308 goto flags_out; 309 } 310 if ((flags ^ oldflags) & EXT4_EXTENTS_FL) 311 migrate = 1; 312 313 if (flags & EXT4_EOFBLOCKS_FL) { 314 /* we don't support adding EOFBLOCKS flag */ 315 if (!(oldflags & EXT4_EOFBLOCKS_FL)) { 316 err = -EOPNOTSUPP; 317 goto flags_out; 318 } 319 } else if (oldflags & EXT4_EOFBLOCKS_FL) { 320 err = ext4_truncate(inode); 321 if (err) 322 goto flags_out; 323 } 324 325 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 326 if (IS_ERR(handle)) { 327 err = PTR_ERR(handle); 328 goto flags_out; 329 } 330 if (IS_SYNC(inode)) 331 ext4_handle_sync(handle); 332 err = ext4_reserve_inode_write(handle, inode, &iloc); 333 if (err) 334 goto flags_err; 335 336 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) { 337 if (!(mask & EXT4_FL_USER_MODIFIABLE)) 338 continue; 339 /* These flags get special treatment later */ 340 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL) 341 continue; 342 if (mask & flags) 343 ext4_set_inode_flag(inode, i); 344 else 345 ext4_clear_inode_flag(inode, i); 346 } 347 348 ext4_set_inode_flags(inode); 349 inode->i_ctime = current_time(inode); 350 351 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 352 flags_err: 353 ext4_journal_stop(handle); 354 if (err) 355 goto flags_out; 356 357 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 358 /* 359 * Changes to the journaling mode can cause unsafe changes to 360 * S_DAX if we are using the DAX mount option. 361 */ 362 if (test_opt(inode->i_sb, DAX)) { 363 err = -EBUSY; 364 goto flags_out; 365 } 366 367 err = ext4_change_inode_journal_flag(inode, jflag); 368 if (err) 369 goto flags_out; 370 } 371 if (migrate) { 372 if (flags & EXT4_EXTENTS_FL) 373 err = ext4_ext_migrate(inode); 374 else 375 err = ext4_ind_migrate(inode); 376 } 377 378 flags_out: 379 return err; 380 } 381 382 #ifdef CONFIG_QUOTA 383 static int ext4_ioctl_setproject(struct file *filp, __u32 projid) 384 { 385 struct inode *inode = file_inode(filp); 386 struct super_block *sb = inode->i_sb; 387 struct ext4_inode_info *ei = EXT4_I(inode); 388 int err, rc; 389 handle_t *handle; 390 kprojid_t kprojid; 391 struct ext4_iloc iloc; 392 struct ext4_inode *raw_inode; 393 struct dquot *transfer_to[MAXQUOTAS] = { }; 394 395 if (!ext4_has_feature_project(sb)) { 396 if (projid != EXT4_DEF_PROJID) 397 return -EOPNOTSUPP; 398 else 399 return 0; 400 } 401 402 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE) 403 return -EOPNOTSUPP; 404 405 kprojid = make_kprojid(&init_user_ns, (projid_t)projid); 406 407 if (projid_eq(kprojid, EXT4_I(inode)->i_projid)) 408 return 0; 409 410 err = -EPERM; 411 /* Is it quota file? Do not allow user to mess with it */ 412 if (ext4_is_quota_file(inode)) 413 return err; 414 415 err = ext4_get_inode_loc(inode, &iloc); 416 if (err) 417 return err; 418 419 raw_inode = ext4_raw_inode(&iloc); 420 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) { 421 err = ext4_expand_extra_isize(inode, 422 EXT4_SB(sb)->s_want_extra_isize, 423 &iloc); 424 if (err) 425 return err; 426 } else { 427 brelse(iloc.bh); 428 } 429 430 err = dquot_initialize(inode); 431 if (err) 432 return err; 433 434 handle = ext4_journal_start(inode, EXT4_HT_QUOTA, 435 EXT4_QUOTA_INIT_BLOCKS(sb) + 436 EXT4_QUOTA_DEL_BLOCKS(sb) + 3); 437 if (IS_ERR(handle)) 438 return PTR_ERR(handle); 439 440 err = ext4_reserve_inode_write(handle, inode, &iloc); 441 if (err) 442 goto out_stop; 443 444 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid)); 445 if (!IS_ERR(transfer_to[PRJQUOTA])) { 446 447 /* __dquot_transfer() calls back ext4_get_inode_usage() which 448 * counts xattr inode references. 449 */ 450 down_read(&EXT4_I(inode)->xattr_sem); 451 err = __dquot_transfer(inode, transfer_to); 452 up_read(&EXT4_I(inode)->xattr_sem); 453 dqput(transfer_to[PRJQUOTA]); 454 if (err) 455 goto out_dirty; 456 } 457 458 EXT4_I(inode)->i_projid = kprojid; 459 inode->i_ctime = current_time(inode); 460 out_dirty: 461 rc = ext4_mark_iloc_dirty(handle, inode, &iloc); 462 if (!err) 463 err = rc; 464 out_stop: 465 ext4_journal_stop(handle); 466 return err; 467 } 468 #else 469 static int ext4_ioctl_setproject(struct file *filp, __u32 projid) 470 { 471 if (projid != EXT4_DEF_PROJID) 472 return -EOPNOTSUPP; 473 return 0; 474 } 475 #endif 476 477 /* Transfer internal flags to xflags */ 478 static inline __u32 ext4_iflags_to_xflags(unsigned long iflags) 479 { 480 __u32 xflags = 0; 481 482 if (iflags & EXT4_SYNC_FL) 483 xflags |= FS_XFLAG_SYNC; 484 if (iflags & EXT4_IMMUTABLE_FL) 485 xflags |= FS_XFLAG_IMMUTABLE; 486 if (iflags & EXT4_APPEND_FL) 487 xflags |= FS_XFLAG_APPEND; 488 if (iflags & EXT4_NODUMP_FL) 489 xflags |= FS_XFLAG_NODUMP; 490 if (iflags & EXT4_NOATIME_FL) 491 xflags |= FS_XFLAG_NOATIME; 492 if (iflags & EXT4_PROJINHERIT_FL) 493 xflags |= FS_XFLAG_PROJINHERIT; 494 return xflags; 495 } 496 497 #define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \ 498 FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \ 499 FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT) 500 501 /* Transfer xflags flags to internal */ 502 static inline unsigned long ext4_xflags_to_iflags(__u32 xflags) 503 { 504 unsigned long iflags = 0; 505 506 if (xflags & FS_XFLAG_SYNC) 507 iflags |= EXT4_SYNC_FL; 508 if (xflags & FS_XFLAG_IMMUTABLE) 509 iflags |= EXT4_IMMUTABLE_FL; 510 if (xflags & FS_XFLAG_APPEND) 511 iflags |= EXT4_APPEND_FL; 512 if (xflags & FS_XFLAG_NODUMP) 513 iflags |= EXT4_NODUMP_FL; 514 if (xflags & FS_XFLAG_NOATIME) 515 iflags |= EXT4_NOATIME_FL; 516 if (xflags & FS_XFLAG_PROJINHERIT) 517 iflags |= EXT4_PROJINHERIT_FL; 518 519 return iflags; 520 } 521 522 static int ext4_shutdown(struct super_block *sb, unsigned long arg) 523 { 524 struct ext4_sb_info *sbi = EXT4_SB(sb); 525 __u32 flags; 526 527 if (!capable(CAP_SYS_ADMIN)) 528 return -EPERM; 529 530 if (get_user(flags, (__u32 __user *)arg)) 531 return -EFAULT; 532 533 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH) 534 return -EINVAL; 535 536 if (ext4_forced_shutdown(sbi)) 537 return 0; 538 539 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags); 540 trace_ext4_shutdown(sb, flags); 541 542 switch (flags) { 543 case EXT4_GOING_FLAGS_DEFAULT: 544 freeze_bdev(sb->s_bdev); 545 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 546 thaw_bdev(sb->s_bdev, sb); 547 break; 548 case EXT4_GOING_FLAGS_LOGFLUSH: 549 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 550 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { 551 (void) ext4_force_commit(sb); 552 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 553 } 554 break; 555 case EXT4_GOING_FLAGS_NOLOGFLUSH: 556 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 557 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) 558 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 559 break; 560 default: 561 return -EINVAL; 562 } 563 clear_opt(sb, DISCARD); 564 return 0; 565 } 566 567 struct getfsmap_info { 568 struct super_block *gi_sb; 569 struct fsmap_head __user *gi_data; 570 unsigned int gi_idx; 571 __u32 gi_last_flags; 572 }; 573 574 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv) 575 { 576 struct getfsmap_info *info = priv; 577 struct fsmap fm; 578 579 trace_ext4_getfsmap_mapping(info->gi_sb, xfm); 580 581 info->gi_last_flags = xfm->fmr_flags; 582 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm); 583 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm, 584 sizeof(struct fsmap))) 585 return -EFAULT; 586 587 return 0; 588 } 589 590 static int ext4_ioc_getfsmap(struct super_block *sb, 591 struct fsmap_head __user *arg) 592 { 593 struct getfsmap_info info = {0}; 594 struct ext4_fsmap_head xhead = {0}; 595 struct fsmap_head head; 596 bool aborted = false; 597 int error; 598 599 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) 600 return -EFAULT; 601 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || 602 memchr_inv(head.fmh_keys[0].fmr_reserved, 0, 603 sizeof(head.fmh_keys[0].fmr_reserved)) || 604 memchr_inv(head.fmh_keys[1].fmr_reserved, 0, 605 sizeof(head.fmh_keys[1].fmr_reserved))) 606 return -EINVAL; 607 /* 608 * ext4 doesn't report file extents at all, so the only valid 609 * file offsets are the magic ones (all zeroes or all ones). 610 */ 611 if (head.fmh_keys[0].fmr_offset || 612 (head.fmh_keys[1].fmr_offset != 0 && 613 head.fmh_keys[1].fmr_offset != -1ULL)) 614 return -EINVAL; 615 616 xhead.fmh_iflags = head.fmh_iflags; 617 xhead.fmh_count = head.fmh_count; 618 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]); 619 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]); 620 621 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]); 622 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]); 623 624 info.gi_sb = sb; 625 info.gi_data = arg; 626 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info); 627 if (error == EXT4_QUERY_RANGE_ABORT) { 628 error = 0; 629 aborted = true; 630 } else if (error) 631 return error; 632 633 /* If we didn't abort, set the "last" flag in the last fmx */ 634 if (!aborted && info.gi_idx) { 635 info.gi_last_flags |= FMR_OF_LAST; 636 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags, 637 &info.gi_last_flags, 638 sizeof(info.gi_last_flags))) 639 return -EFAULT; 640 } 641 642 /* copy back header */ 643 head.fmh_entries = xhead.fmh_entries; 644 head.fmh_oflags = xhead.fmh_oflags; 645 if (copy_to_user(arg, &head, sizeof(struct fsmap_head))) 646 return -EFAULT; 647 648 return 0; 649 } 650 651 static long ext4_ioctl_group_add(struct file *file, 652 struct ext4_new_group_data *input) 653 { 654 struct super_block *sb = file_inode(file)->i_sb; 655 int err, err2=0; 656 657 err = ext4_resize_begin(sb); 658 if (err) 659 return err; 660 661 if (ext4_has_feature_bigalloc(sb)) { 662 ext4_msg(sb, KERN_ERR, 663 "Online resizing not supported with bigalloc"); 664 err = -EOPNOTSUPP; 665 goto group_add_out; 666 } 667 668 err = mnt_want_write_file(file); 669 if (err) 670 goto group_add_out; 671 672 err = ext4_group_add(sb, input); 673 if (EXT4_SB(sb)->s_journal) { 674 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 675 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 676 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 677 } 678 if (err == 0) 679 err = err2; 680 mnt_drop_write_file(file); 681 if (!err && ext4_has_group_desc_csum(sb) && 682 test_opt(sb, INIT_INODE_TABLE)) 683 err = ext4_register_li_request(sb, input->group); 684 group_add_out: 685 ext4_resize_end(sb); 686 return err; 687 } 688 689 static int ext4_ioctl_check_project(struct inode *inode, struct fsxattr *fa) 690 { 691 /* 692 * Project Quota ID state is only allowed to change from within the init 693 * namespace. Enforce that restriction only if we are trying to change 694 * the quota ID state. Everything else is allowed in user namespaces. 695 */ 696 if (current_user_ns() == &init_user_ns) 697 return 0; 698 699 if (__kprojid_val(EXT4_I(inode)->i_projid) != fa->fsx_projid) 700 return -EINVAL; 701 702 if (ext4_test_inode_flag(inode, EXT4_INODE_PROJINHERIT)) { 703 if (!(fa->fsx_xflags & FS_XFLAG_PROJINHERIT)) 704 return -EINVAL; 705 } else { 706 if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT) 707 return -EINVAL; 708 } 709 710 return 0; 711 } 712 713 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 714 { 715 struct inode *inode = file_inode(filp); 716 struct super_block *sb = inode->i_sb; 717 struct ext4_inode_info *ei = EXT4_I(inode); 718 unsigned int flags; 719 720 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg); 721 722 switch (cmd) { 723 case FS_IOC_GETFSMAP: 724 return ext4_ioc_getfsmap(sb, (void __user *)arg); 725 case EXT4_IOC_GETFLAGS: 726 flags = ei->i_flags & EXT4_FL_USER_VISIBLE; 727 return put_user(flags, (int __user *) arg); 728 case EXT4_IOC_SETFLAGS: { 729 int err; 730 731 if (!inode_owner_or_capable(inode)) 732 return -EACCES; 733 734 if (get_user(flags, (int __user *) arg)) 735 return -EFAULT; 736 737 if (flags & ~EXT4_FL_USER_VISIBLE) 738 return -EOPNOTSUPP; 739 /* 740 * chattr(1) grabs flags via GETFLAGS, modifies the result and 741 * passes that to SETFLAGS. So we cannot easily make SETFLAGS 742 * more restrictive than just silently masking off visible but 743 * not settable flags as we always did. 744 */ 745 flags &= EXT4_FL_USER_MODIFIABLE; 746 if (ext4_mask_flags(inode->i_mode, flags) != flags) 747 return -EOPNOTSUPP; 748 749 err = mnt_want_write_file(filp); 750 if (err) 751 return err; 752 753 inode_lock(inode); 754 err = ext4_ioctl_setflags(inode, flags); 755 inode_unlock(inode); 756 mnt_drop_write_file(filp); 757 return err; 758 } 759 case EXT4_IOC_GETVERSION: 760 case EXT4_IOC_GETVERSION_OLD: 761 return put_user(inode->i_generation, (int __user *) arg); 762 case EXT4_IOC_SETVERSION: 763 case EXT4_IOC_SETVERSION_OLD: { 764 handle_t *handle; 765 struct ext4_iloc iloc; 766 __u32 generation; 767 int err; 768 769 if (!inode_owner_or_capable(inode)) 770 return -EPERM; 771 772 if (ext4_has_metadata_csum(inode->i_sb)) { 773 ext4_warning(sb, "Setting inode version is not " 774 "supported with metadata_csum enabled."); 775 return -ENOTTY; 776 } 777 778 err = mnt_want_write_file(filp); 779 if (err) 780 return err; 781 if (get_user(generation, (int __user *) arg)) { 782 err = -EFAULT; 783 goto setversion_out; 784 } 785 786 inode_lock(inode); 787 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 788 if (IS_ERR(handle)) { 789 err = PTR_ERR(handle); 790 goto unlock_out; 791 } 792 err = ext4_reserve_inode_write(handle, inode, &iloc); 793 if (err == 0) { 794 inode->i_ctime = current_time(inode); 795 inode->i_generation = generation; 796 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 797 } 798 ext4_journal_stop(handle); 799 800 unlock_out: 801 inode_unlock(inode); 802 setversion_out: 803 mnt_drop_write_file(filp); 804 return err; 805 } 806 case EXT4_IOC_GROUP_EXTEND: { 807 ext4_fsblk_t n_blocks_count; 808 int err, err2=0; 809 810 err = ext4_resize_begin(sb); 811 if (err) 812 return err; 813 814 if (get_user(n_blocks_count, (__u32 __user *)arg)) { 815 err = -EFAULT; 816 goto group_extend_out; 817 } 818 819 if (ext4_has_feature_bigalloc(sb)) { 820 ext4_msg(sb, KERN_ERR, 821 "Online resizing not supported with bigalloc"); 822 err = -EOPNOTSUPP; 823 goto group_extend_out; 824 } 825 826 err = mnt_want_write_file(filp); 827 if (err) 828 goto group_extend_out; 829 830 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count); 831 if (EXT4_SB(sb)->s_journal) { 832 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 833 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 834 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 835 } 836 if (err == 0) 837 err = err2; 838 mnt_drop_write_file(filp); 839 group_extend_out: 840 ext4_resize_end(sb); 841 return err; 842 } 843 844 case EXT4_IOC_MOVE_EXT: { 845 struct move_extent me; 846 struct fd donor; 847 int err; 848 849 if (!(filp->f_mode & FMODE_READ) || 850 !(filp->f_mode & FMODE_WRITE)) 851 return -EBADF; 852 853 if (copy_from_user(&me, 854 (struct move_extent __user *)arg, sizeof(me))) 855 return -EFAULT; 856 me.moved_len = 0; 857 858 donor = fdget(me.donor_fd); 859 if (!donor.file) 860 return -EBADF; 861 862 if (!(donor.file->f_mode & FMODE_WRITE)) { 863 err = -EBADF; 864 goto mext_out; 865 } 866 867 if (ext4_has_feature_bigalloc(sb)) { 868 ext4_msg(sb, KERN_ERR, 869 "Online defrag not supported with bigalloc"); 870 err = -EOPNOTSUPP; 871 goto mext_out; 872 } else if (IS_DAX(inode)) { 873 ext4_msg(sb, KERN_ERR, 874 "Online defrag not supported with DAX"); 875 err = -EOPNOTSUPP; 876 goto mext_out; 877 } 878 879 err = mnt_want_write_file(filp); 880 if (err) 881 goto mext_out; 882 883 err = ext4_move_extents(filp, donor.file, me.orig_start, 884 me.donor_start, me.len, &me.moved_len); 885 mnt_drop_write_file(filp); 886 887 if (copy_to_user((struct move_extent __user *)arg, 888 &me, sizeof(me))) 889 err = -EFAULT; 890 mext_out: 891 fdput(donor); 892 return err; 893 } 894 895 case EXT4_IOC_GROUP_ADD: { 896 struct ext4_new_group_data input; 897 898 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg, 899 sizeof(input))) 900 return -EFAULT; 901 902 return ext4_ioctl_group_add(filp, &input); 903 } 904 905 case EXT4_IOC_MIGRATE: 906 { 907 int err; 908 if (!inode_owner_or_capable(inode)) 909 return -EACCES; 910 911 err = mnt_want_write_file(filp); 912 if (err) 913 return err; 914 /* 915 * inode_mutex prevent write and truncate on the file. 916 * Read still goes through. We take i_data_sem in 917 * ext4_ext_swap_inode_data before we switch the 918 * inode format to prevent read. 919 */ 920 inode_lock((inode)); 921 err = ext4_ext_migrate(inode); 922 inode_unlock((inode)); 923 mnt_drop_write_file(filp); 924 return err; 925 } 926 927 case EXT4_IOC_ALLOC_DA_BLKS: 928 { 929 int err; 930 if (!inode_owner_or_capable(inode)) 931 return -EACCES; 932 933 err = mnt_want_write_file(filp); 934 if (err) 935 return err; 936 err = ext4_alloc_da_blocks(inode); 937 mnt_drop_write_file(filp); 938 return err; 939 } 940 941 case EXT4_IOC_SWAP_BOOT: 942 { 943 int err; 944 if (!(filp->f_mode & FMODE_WRITE)) 945 return -EBADF; 946 err = mnt_want_write_file(filp); 947 if (err) 948 return err; 949 err = swap_inode_boot_loader(sb, inode); 950 mnt_drop_write_file(filp); 951 return err; 952 } 953 954 case EXT4_IOC_RESIZE_FS: { 955 ext4_fsblk_t n_blocks_count; 956 int err = 0, err2 = 0; 957 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count; 958 959 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg, 960 sizeof(__u64))) { 961 return -EFAULT; 962 } 963 964 err = ext4_resize_begin(sb); 965 if (err) 966 return err; 967 968 err = mnt_want_write_file(filp); 969 if (err) 970 goto resizefs_out; 971 972 err = ext4_resize_fs(sb, n_blocks_count); 973 if (EXT4_SB(sb)->s_journal) { 974 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 975 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 976 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 977 } 978 if (err == 0) 979 err = err2; 980 mnt_drop_write_file(filp); 981 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) && 982 ext4_has_group_desc_csum(sb) && 983 test_opt(sb, INIT_INODE_TABLE)) 984 err = ext4_register_li_request(sb, o_group); 985 986 resizefs_out: 987 ext4_resize_end(sb); 988 return err; 989 } 990 991 case FITRIM: 992 { 993 struct request_queue *q = bdev_get_queue(sb->s_bdev); 994 struct fstrim_range range; 995 int ret = 0; 996 997 if (!capable(CAP_SYS_ADMIN)) 998 return -EPERM; 999 1000 if (!blk_queue_discard(q)) 1001 return -EOPNOTSUPP; 1002 1003 /* 1004 * We haven't replayed the journal, so we cannot use our 1005 * block-bitmap-guided storage zapping commands. 1006 */ 1007 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb)) 1008 return -EROFS; 1009 1010 if (copy_from_user(&range, (struct fstrim_range __user *)arg, 1011 sizeof(range))) 1012 return -EFAULT; 1013 1014 range.minlen = max((unsigned int)range.minlen, 1015 q->limits.discard_granularity); 1016 ret = ext4_trim_fs(sb, &range); 1017 if (ret < 0) 1018 return ret; 1019 1020 if (copy_to_user((struct fstrim_range __user *)arg, &range, 1021 sizeof(range))) 1022 return -EFAULT; 1023 1024 return 0; 1025 } 1026 case EXT4_IOC_PRECACHE_EXTENTS: 1027 return ext4_ext_precache(inode); 1028 1029 case EXT4_IOC_SET_ENCRYPTION_POLICY: 1030 if (!ext4_has_feature_encrypt(sb)) 1031 return -EOPNOTSUPP; 1032 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg); 1033 1034 case EXT4_IOC_GET_ENCRYPTION_PWSALT: { 1035 #ifdef CONFIG_FS_ENCRYPTION 1036 int err, err2; 1037 struct ext4_sb_info *sbi = EXT4_SB(sb); 1038 handle_t *handle; 1039 1040 if (!ext4_has_feature_encrypt(sb)) 1041 return -EOPNOTSUPP; 1042 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) { 1043 err = mnt_want_write_file(filp); 1044 if (err) 1045 return err; 1046 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1); 1047 if (IS_ERR(handle)) { 1048 err = PTR_ERR(handle); 1049 goto pwsalt_err_exit; 1050 } 1051 err = ext4_journal_get_write_access(handle, sbi->s_sbh); 1052 if (err) 1053 goto pwsalt_err_journal; 1054 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt); 1055 err = ext4_handle_dirty_metadata(handle, NULL, 1056 sbi->s_sbh); 1057 pwsalt_err_journal: 1058 err2 = ext4_journal_stop(handle); 1059 if (err2 && !err) 1060 err = err2; 1061 pwsalt_err_exit: 1062 mnt_drop_write_file(filp); 1063 if (err) 1064 return err; 1065 } 1066 if (copy_to_user((void __user *) arg, 1067 sbi->s_es->s_encrypt_pw_salt, 16)) 1068 return -EFAULT; 1069 return 0; 1070 #else 1071 return -EOPNOTSUPP; 1072 #endif 1073 } 1074 case EXT4_IOC_GET_ENCRYPTION_POLICY: 1075 return fscrypt_ioctl_get_policy(filp, (void __user *)arg); 1076 1077 case EXT4_IOC_FSGETXATTR: 1078 { 1079 struct fsxattr fa; 1080 1081 memset(&fa, 0, sizeof(struct fsxattr)); 1082 fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE); 1083 1084 if (ext4_has_feature_project(inode->i_sb)) { 1085 fa.fsx_projid = (__u32)from_kprojid(&init_user_ns, 1086 EXT4_I(inode)->i_projid); 1087 } 1088 1089 if (copy_to_user((struct fsxattr __user *)arg, 1090 &fa, sizeof(fa))) 1091 return -EFAULT; 1092 return 0; 1093 } 1094 case EXT4_IOC_FSSETXATTR: 1095 { 1096 struct fsxattr fa; 1097 int err; 1098 1099 if (copy_from_user(&fa, (struct fsxattr __user *)arg, 1100 sizeof(fa))) 1101 return -EFAULT; 1102 1103 /* Make sure caller has proper permission */ 1104 if (!inode_owner_or_capable(inode)) 1105 return -EACCES; 1106 1107 if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS) 1108 return -EOPNOTSUPP; 1109 1110 flags = ext4_xflags_to_iflags(fa.fsx_xflags); 1111 if (ext4_mask_flags(inode->i_mode, flags) != flags) 1112 return -EOPNOTSUPP; 1113 1114 err = mnt_want_write_file(filp); 1115 if (err) 1116 return err; 1117 1118 inode_lock(inode); 1119 err = ext4_ioctl_check_project(inode, &fa); 1120 if (err) 1121 goto out; 1122 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) | 1123 (flags & EXT4_FL_XFLAG_VISIBLE); 1124 err = ext4_ioctl_setflags(inode, flags); 1125 if (err) 1126 goto out; 1127 err = ext4_ioctl_setproject(filp, fa.fsx_projid); 1128 out: 1129 inode_unlock(inode); 1130 mnt_drop_write_file(filp); 1131 return err; 1132 } 1133 case EXT4_IOC_SHUTDOWN: 1134 return ext4_shutdown(sb, arg); 1135 default: 1136 return -ENOTTY; 1137 } 1138 } 1139 1140 #ifdef CONFIG_COMPAT 1141 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1142 { 1143 /* These are just misnamed, they actually get/put from/to user an int */ 1144 switch (cmd) { 1145 case EXT4_IOC32_GETFLAGS: 1146 cmd = EXT4_IOC_GETFLAGS; 1147 break; 1148 case EXT4_IOC32_SETFLAGS: 1149 cmd = EXT4_IOC_SETFLAGS; 1150 break; 1151 case EXT4_IOC32_GETVERSION: 1152 cmd = EXT4_IOC_GETVERSION; 1153 break; 1154 case EXT4_IOC32_SETVERSION: 1155 cmd = EXT4_IOC_SETVERSION; 1156 break; 1157 case EXT4_IOC32_GROUP_EXTEND: 1158 cmd = EXT4_IOC_GROUP_EXTEND; 1159 break; 1160 case EXT4_IOC32_GETVERSION_OLD: 1161 cmd = EXT4_IOC_GETVERSION_OLD; 1162 break; 1163 case EXT4_IOC32_SETVERSION_OLD: 1164 cmd = EXT4_IOC_SETVERSION_OLD; 1165 break; 1166 case EXT4_IOC32_GETRSVSZ: 1167 cmd = EXT4_IOC_GETRSVSZ; 1168 break; 1169 case EXT4_IOC32_SETRSVSZ: 1170 cmd = EXT4_IOC_SETRSVSZ; 1171 break; 1172 case EXT4_IOC32_GROUP_ADD: { 1173 struct compat_ext4_new_group_input __user *uinput; 1174 struct ext4_new_group_data input; 1175 int err; 1176 1177 uinput = compat_ptr(arg); 1178 err = get_user(input.group, &uinput->group); 1179 err |= get_user(input.block_bitmap, &uinput->block_bitmap); 1180 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap); 1181 err |= get_user(input.inode_table, &uinput->inode_table); 1182 err |= get_user(input.blocks_count, &uinput->blocks_count); 1183 err |= get_user(input.reserved_blocks, 1184 &uinput->reserved_blocks); 1185 if (err) 1186 return -EFAULT; 1187 return ext4_ioctl_group_add(file, &input); 1188 } 1189 case EXT4_IOC_MOVE_EXT: 1190 case EXT4_IOC_RESIZE_FS: 1191 case EXT4_IOC_PRECACHE_EXTENTS: 1192 case EXT4_IOC_SET_ENCRYPTION_POLICY: 1193 case EXT4_IOC_GET_ENCRYPTION_PWSALT: 1194 case EXT4_IOC_GET_ENCRYPTION_POLICY: 1195 case EXT4_IOC_SHUTDOWN: 1196 case FS_IOC_GETFSMAP: 1197 break; 1198 default: 1199 return -ENOIOCTLCMD; 1200 } 1201 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); 1202 } 1203 #endif 1204