1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/ioctl.c 4 * 5 * Copyright (C) 1993, 1994, 1995 6 * Remy Card (card@masi.ibp.fr) 7 * Laboratoire MASI - Institut Blaise Pascal 8 * Universite Pierre et Marie Curie (Paris VI) 9 */ 10 11 #include <linux/fs.h> 12 #include <linux/capability.h> 13 #include <linux/time.h> 14 #include <linux/compat.h> 15 #include <linux/mount.h> 16 #include <linux/file.h> 17 #include <linux/quotaops.h> 18 #include <linux/random.h> 19 #include <linux/uuid.h> 20 #include <linux/uaccess.h> 21 #include <linux/delay.h> 22 #include "ext4_jbd2.h" 23 #include "ext4.h" 24 #include <linux/fsmap.h> 25 #include "fsmap.h" 26 #include <trace/events/ext4.h> 27 28 /** 29 * Swap memory between @a and @b for @len bytes. 30 * 31 * @a: pointer to first memory area 32 * @b: pointer to second memory area 33 * @len: number of bytes to swap 34 * 35 */ 36 static void memswap(void *a, void *b, size_t len) 37 { 38 unsigned char *ap, *bp; 39 40 ap = (unsigned char *)a; 41 bp = (unsigned char *)b; 42 while (len-- > 0) { 43 swap(*ap, *bp); 44 ap++; 45 bp++; 46 } 47 } 48 49 /** 50 * Swap i_data and associated attributes between @inode1 and @inode2. 51 * This function is used for the primary swap between inode1 and inode2 52 * and also to revert this primary swap in case of errors. 53 * 54 * Therefore you have to make sure, that calling this method twice 55 * will revert all changes. 56 * 57 * @inode1: pointer to first inode 58 * @inode2: pointer to second inode 59 */ 60 static void swap_inode_data(struct inode *inode1, struct inode *inode2) 61 { 62 loff_t isize; 63 struct ext4_inode_info *ei1; 64 struct ext4_inode_info *ei2; 65 66 ei1 = EXT4_I(inode1); 67 ei2 = EXT4_I(inode2); 68 69 swap(inode1->i_flags, inode2->i_flags); 70 swap(inode1->i_version, inode2->i_version); 71 swap(inode1->i_blocks, inode2->i_blocks); 72 swap(inode1->i_bytes, inode2->i_bytes); 73 swap(inode1->i_atime, inode2->i_atime); 74 swap(inode1->i_mtime, inode2->i_mtime); 75 76 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data)); 77 swap(ei1->i_flags, ei2->i_flags); 78 swap(ei1->i_disksize, ei2->i_disksize); 79 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS); 80 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS); 81 82 isize = i_size_read(inode1); 83 i_size_write(inode1, i_size_read(inode2)); 84 i_size_write(inode2, isize); 85 } 86 87 /** 88 * Swap the information from the given @inode and the inode 89 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other 90 * important fields of the inodes. 91 * 92 * @sb: the super block of the filesystem 93 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO 94 * 95 */ 96 static long swap_inode_boot_loader(struct super_block *sb, 97 struct inode *inode) 98 { 99 handle_t *handle; 100 int err; 101 struct inode *inode_bl; 102 struct ext4_inode_info *ei_bl; 103 104 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode)) 105 return -EINVAL; 106 107 if (!inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) 108 return -EPERM; 109 110 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO); 111 if (IS_ERR(inode_bl)) 112 return PTR_ERR(inode_bl); 113 ei_bl = EXT4_I(inode_bl); 114 115 filemap_flush(inode->i_mapping); 116 filemap_flush(inode_bl->i_mapping); 117 118 /* Protect orig inodes against a truncate and make sure, 119 * that only 1 swap_inode_boot_loader is running. */ 120 lock_two_nondirectories(inode, inode_bl); 121 122 truncate_inode_pages(&inode->i_data, 0); 123 truncate_inode_pages(&inode_bl->i_data, 0); 124 125 /* Wait for all existing dio workers */ 126 ext4_inode_block_unlocked_dio(inode); 127 ext4_inode_block_unlocked_dio(inode_bl); 128 inode_dio_wait(inode); 129 inode_dio_wait(inode_bl); 130 131 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2); 132 if (IS_ERR(handle)) { 133 err = -EINVAL; 134 goto journal_err_out; 135 } 136 137 /* Protect extent tree against block allocations via delalloc */ 138 ext4_double_down_write_data_sem(inode, inode_bl); 139 140 if (inode_bl->i_nlink == 0) { 141 /* this inode has never been used as a BOOT_LOADER */ 142 set_nlink(inode_bl, 1); 143 i_uid_write(inode_bl, 0); 144 i_gid_write(inode_bl, 0); 145 inode_bl->i_flags = 0; 146 ei_bl->i_flags = 0; 147 inode_bl->i_version = 1; 148 i_size_write(inode_bl, 0); 149 inode_bl->i_mode = S_IFREG; 150 if (ext4_has_feature_extents(sb)) { 151 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS); 152 ext4_ext_tree_init(handle, inode_bl); 153 } else 154 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data)); 155 } 156 157 swap_inode_data(inode, inode_bl); 158 159 inode->i_ctime = inode_bl->i_ctime = current_time(inode); 160 161 inode->i_generation = prandom_u32(); 162 inode_bl->i_generation = prandom_u32(); 163 164 ext4_discard_preallocations(inode); 165 166 err = ext4_mark_inode_dirty(handle, inode); 167 if (err < 0) { 168 ext4_warning(inode->i_sb, 169 "couldn't mark inode #%lu dirty (err %d)", 170 inode->i_ino, err); 171 /* Revert all changes: */ 172 swap_inode_data(inode, inode_bl); 173 } else { 174 err = ext4_mark_inode_dirty(handle, inode_bl); 175 if (err < 0) { 176 ext4_warning(inode_bl->i_sb, 177 "couldn't mark inode #%lu dirty (err %d)", 178 inode_bl->i_ino, err); 179 /* Revert all changes: */ 180 swap_inode_data(inode, inode_bl); 181 ext4_mark_inode_dirty(handle, inode); 182 } 183 } 184 ext4_journal_stop(handle); 185 ext4_double_up_write_data_sem(inode, inode_bl); 186 187 journal_err_out: 188 ext4_inode_resume_unlocked_dio(inode); 189 ext4_inode_resume_unlocked_dio(inode_bl); 190 unlock_two_nondirectories(inode, inode_bl); 191 iput(inode_bl); 192 return err; 193 } 194 195 #ifdef CONFIG_EXT4_FS_ENCRYPTION 196 static int uuid_is_zero(__u8 u[16]) 197 { 198 int i; 199 200 for (i = 0; i < 16; i++) 201 if (u[i]) 202 return 0; 203 return 1; 204 } 205 #endif 206 207 static int ext4_ioctl_setflags(struct inode *inode, 208 unsigned int flags) 209 { 210 struct ext4_inode_info *ei = EXT4_I(inode); 211 handle_t *handle = NULL; 212 int err = -EPERM, migrate = 0; 213 struct ext4_iloc iloc; 214 unsigned int oldflags, mask, i; 215 unsigned int jflag; 216 217 /* Is it quota file? Do not allow user to mess with it */ 218 if (ext4_is_quota_file(inode)) 219 goto flags_out; 220 221 oldflags = ei->i_flags; 222 223 /* The JOURNAL_DATA flag is modifiable only by root */ 224 jflag = flags & EXT4_JOURNAL_DATA_FL; 225 226 /* 227 * The IMMUTABLE and APPEND_ONLY flags can only be changed by 228 * the relevant capability. 229 * 230 * This test looks nicer. Thanks to Pauline Middelink 231 */ 232 if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) { 233 if (!capable(CAP_LINUX_IMMUTABLE)) 234 goto flags_out; 235 } 236 237 /* 238 * The JOURNAL_DATA flag can only be changed by 239 * the relevant capability. 240 */ 241 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 242 if (!capable(CAP_SYS_RESOURCE)) 243 goto flags_out; 244 } 245 if ((flags ^ oldflags) & EXT4_EXTENTS_FL) 246 migrate = 1; 247 248 if (flags & EXT4_EOFBLOCKS_FL) { 249 /* we don't support adding EOFBLOCKS flag */ 250 if (!(oldflags & EXT4_EOFBLOCKS_FL)) { 251 err = -EOPNOTSUPP; 252 goto flags_out; 253 } 254 } else if (oldflags & EXT4_EOFBLOCKS_FL) { 255 err = ext4_truncate(inode); 256 if (err) 257 goto flags_out; 258 } 259 260 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 261 if (IS_ERR(handle)) { 262 err = PTR_ERR(handle); 263 goto flags_out; 264 } 265 if (IS_SYNC(inode)) 266 ext4_handle_sync(handle); 267 err = ext4_reserve_inode_write(handle, inode, &iloc); 268 if (err) 269 goto flags_err; 270 271 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) { 272 if (!(mask & EXT4_FL_USER_MODIFIABLE)) 273 continue; 274 /* These flags get special treatment later */ 275 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL) 276 continue; 277 if (mask & flags) 278 ext4_set_inode_flag(inode, i); 279 else 280 ext4_clear_inode_flag(inode, i); 281 } 282 283 ext4_set_inode_flags(inode); 284 inode->i_ctime = current_time(inode); 285 286 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 287 flags_err: 288 ext4_journal_stop(handle); 289 if (err) 290 goto flags_out; 291 292 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 293 /* 294 * Changes to the journaling mode can cause unsafe changes to 295 * S_DAX if we are using the DAX mount option. 296 */ 297 if (test_opt(inode->i_sb, DAX)) { 298 err = -EBUSY; 299 goto flags_out; 300 } 301 302 err = ext4_change_inode_journal_flag(inode, jflag); 303 if (err) 304 goto flags_out; 305 } 306 if (migrate) { 307 if (flags & EXT4_EXTENTS_FL) 308 err = ext4_ext_migrate(inode); 309 else 310 err = ext4_ind_migrate(inode); 311 } 312 313 flags_out: 314 return err; 315 } 316 317 #ifdef CONFIG_QUOTA 318 static int ext4_ioctl_setproject(struct file *filp, __u32 projid) 319 { 320 struct inode *inode = file_inode(filp); 321 struct super_block *sb = inode->i_sb; 322 struct ext4_inode_info *ei = EXT4_I(inode); 323 int err, rc; 324 handle_t *handle; 325 kprojid_t kprojid; 326 struct ext4_iloc iloc; 327 struct ext4_inode *raw_inode; 328 struct dquot *transfer_to[MAXQUOTAS] = { }; 329 330 if (!ext4_has_feature_project(sb)) { 331 if (projid != EXT4_DEF_PROJID) 332 return -EOPNOTSUPP; 333 else 334 return 0; 335 } 336 337 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE) 338 return -EOPNOTSUPP; 339 340 kprojid = make_kprojid(&init_user_ns, (projid_t)projid); 341 342 if (projid_eq(kprojid, EXT4_I(inode)->i_projid)) 343 return 0; 344 345 err = mnt_want_write_file(filp); 346 if (err) 347 return err; 348 349 err = -EPERM; 350 inode_lock(inode); 351 /* Is it quota file? Do not allow user to mess with it */ 352 if (ext4_is_quota_file(inode)) 353 goto out_unlock; 354 355 err = ext4_get_inode_loc(inode, &iloc); 356 if (err) 357 goto out_unlock; 358 359 raw_inode = ext4_raw_inode(&iloc); 360 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) { 361 err = ext4_expand_extra_isize(inode, 362 EXT4_SB(sb)->s_want_extra_isize, 363 &iloc); 364 if (err) 365 goto out_unlock; 366 } else { 367 brelse(iloc.bh); 368 } 369 370 dquot_initialize(inode); 371 372 handle = ext4_journal_start(inode, EXT4_HT_QUOTA, 373 EXT4_QUOTA_INIT_BLOCKS(sb) + 374 EXT4_QUOTA_DEL_BLOCKS(sb) + 3); 375 if (IS_ERR(handle)) { 376 err = PTR_ERR(handle); 377 goto out_unlock; 378 } 379 380 err = ext4_reserve_inode_write(handle, inode, &iloc); 381 if (err) 382 goto out_stop; 383 384 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid)); 385 if (!IS_ERR(transfer_to[PRJQUOTA])) { 386 387 /* __dquot_transfer() calls back ext4_get_inode_usage() which 388 * counts xattr inode references. 389 */ 390 down_read(&EXT4_I(inode)->xattr_sem); 391 err = __dquot_transfer(inode, transfer_to); 392 up_read(&EXT4_I(inode)->xattr_sem); 393 dqput(transfer_to[PRJQUOTA]); 394 if (err) 395 goto out_dirty; 396 } 397 398 EXT4_I(inode)->i_projid = kprojid; 399 inode->i_ctime = current_time(inode); 400 out_dirty: 401 rc = ext4_mark_iloc_dirty(handle, inode, &iloc); 402 if (!err) 403 err = rc; 404 out_stop: 405 ext4_journal_stop(handle); 406 out_unlock: 407 inode_unlock(inode); 408 mnt_drop_write_file(filp); 409 return err; 410 } 411 #else 412 static int ext4_ioctl_setproject(struct file *filp, __u32 projid) 413 { 414 if (projid != EXT4_DEF_PROJID) 415 return -EOPNOTSUPP; 416 return 0; 417 } 418 #endif 419 420 /* Transfer internal flags to xflags */ 421 static inline __u32 ext4_iflags_to_xflags(unsigned long iflags) 422 { 423 __u32 xflags = 0; 424 425 if (iflags & EXT4_SYNC_FL) 426 xflags |= FS_XFLAG_SYNC; 427 if (iflags & EXT4_IMMUTABLE_FL) 428 xflags |= FS_XFLAG_IMMUTABLE; 429 if (iflags & EXT4_APPEND_FL) 430 xflags |= FS_XFLAG_APPEND; 431 if (iflags & EXT4_NODUMP_FL) 432 xflags |= FS_XFLAG_NODUMP; 433 if (iflags & EXT4_NOATIME_FL) 434 xflags |= FS_XFLAG_NOATIME; 435 if (iflags & EXT4_PROJINHERIT_FL) 436 xflags |= FS_XFLAG_PROJINHERIT; 437 return xflags; 438 } 439 440 #define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \ 441 FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \ 442 FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT) 443 444 /* Transfer xflags flags to internal */ 445 static inline unsigned long ext4_xflags_to_iflags(__u32 xflags) 446 { 447 unsigned long iflags = 0; 448 449 if (xflags & FS_XFLAG_SYNC) 450 iflags |= EXT4_SYNC_FL; 451 if (xflags & FS_XFLAG_IMMUTABLE) 452 iflags |= EXT4_IMMUTABLE_FL; 453 if (xflags & FS_XFLAG_APPEND) 454 iflags |= EXT4_APPEND_FL; 455 if (xflags & FS_XFLAG_NODUMP) 456 iflags |= EXT4_NODUMP_FL; 457 if (xflags & FS_XFLAG_NOATIME) 458 iflags |= EXT4_NOATIME_FL; 459 if (xflags & FS_XFLAG_PROJINHERIT) 460 iflags |= EXT4_PROJINHERIT_FL; 461 462 return iflags; 463 } 464 465 static int ext4_shutdown(struct super_block *sb, unsigned long arg) 466 { 467 struct ext4_sb_info *sbi = EXT4_SB(sb); 468 __u32 flags; 469 470 if (!capable(CAP_SYS_ADMIN)) 471 return -EPERM; 472 473 if (get_user(flags, (__u32 __user *)arg)) 474 return -EFAULT; 475 476 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH) 477 return -EINVAL; 478 479 if (ext4_forced_shutdown(sbi)) 480 return 0; 481 482 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags); 483 484 switch (flags) { 485 case EXT4_GOING_FLAGS_DEFAULT: 486 freeze_bdev(sb->s_bdev); 487 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 488 thaw_bdev(sb->s_bdev, sb); 489 break; 490 case EXT4_GOING_FLAGS_LOGFLUSH: 491 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 492 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { 493 (void) ext4_force_commit(sb); 494 jbd2_journal_abort(sbi->s_journal, 0); 495 } 496 break; 497 case EXT4_GOING_FLAGS_NOLOGFLUSH: 498 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 499 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { 500 msleep(100); 501 jbd2_journal_abort(sbi->s_journal, 0); 502 } 503 break; 504 default: 505 return -EINVAL; 506 } 507 clear_opt(sb, DISCARD); 508 return 0; 509 } 510 511 struct getfsmap_info { 512 struct super_block *gi_sb; 513 struct fsmap_head __user *gi_data; 514 unsigned int gi_idx; 515 __u32 gi_last_flags; 516 }; 517 518 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv) 519 { 520 struct getfsmap_info *info = priv; 521 struct fsmap fm; 522 523 trace_ext4_getfsmap_mapping(info->gi_sb, xfm); 524 525 info->gi_last_flags = xfm->fmr_flags; 526 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm); 527 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm, 528 sizeof(struct fsmap))) 529 return -EFAULT; 530 531 return 0; 532 } 533 534 static int ext4_ioc_getfsmap(struct super_block *sb, 535 struct fsmap_head __user *arg) 536 { 537 struct getfsmap_info info = {0}; 538 struct ext4_fsmap_head xhead = {0}; 539 struct fsmap_head head; 540 bool aborted = false; 541 int error; 542 543 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) 544 return -EFAULT; 545 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || 546 memchr_inv(head.fmh_keys[0].fmr_reserved, 0, 547 sizeof(head.fmh_keys[0].fmr_reserved)) || 548 memchr_inv(head.fmh_keys[1].fmr_reserved, 0, 549 sizeof(head.fmh_keys[1].fmr_reserved))) 550 return -EINVAL; 551 /* 552 * ext4 doesn't report file extents at all, so the only valid 553 * file offsets are the magic ones (all zeroes or all ones). 554 */ 555 if (head.fmh_keys[0].fmr_offset || 556 (head.fmh_keys[1].fmr_offset != 0 && 557 head.fmh_keys[1].fmr_offset != -1ULL)) 558 return -EINVAL; 559 560 xhead.fmh_iflags = head.fmh_iflags; 561 xhead.fmh_count = head.fmh_count; 562 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]); 563 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]); 564 565 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]); 566 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]); 567 568 info.gi_sb = sb; 569 info.gi_data = arg; 570 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info); 571 if (error == EXT4_QUERY_RANGE_ABORT) { 572 error = 0; 573 aborted = true; 574 } else if (error) 575 return error; 576 577 /* If we didn't abort, set the "last" flag in the last fmx */ 578 if (!aborted && info.gi_idx) { 579 info.gi_last_flags |= FMR_OF_LAST; 580 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags, 581 &info.gi_last_flags, 582 sizeof(info.gi_last_flags))) 583 return -EFAULT; 584 } 585 586 /* copy back header */ 587 head.fmh_entries = xhead.fmh_entries; 588 head.fmh_oflags = xhead.fmh_oflags; 589 if (copy_to_user(arg, &head, sizeof(struct fsmap_head))) 590 return -EFAULT; 591 592 return 0; 593 } 594 595 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 596 { 597 struct inode *inode = file_inode(filp); 598 struct super_block *sb = inode->i_sb; 599 struct ext4_inode_info *ei = EXT4_I(inode); 600 unsigned int flags; 601 602 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg); 603 604 switch (cmd) { 605 case FS_IOC_GETFSMAP: 606 return ext4_ioc_getfsmap(sb, (void __user *)arg); 607 case EXT4_IOC_GETFLAGS: 608 flags = ei->i_flags & EXT4_FL_USER_VISIBLE; 609 return put_user(flags, (int __user *) arg); 610 case EXT4_IOC_SETFLAGS: { 611 int err; 612 613 if (!inode_owner_or_capable(inode)) 614 return -EACCES; 615 616 if (get_user(flags, (int __user *) arg)) 617 return -EFAULT; 618 619 if (flags & ~EXT4_FL_USER_VISIBLE) 620 return -EOPNOTSUPP; 621 /* 622 * chattr(1) grabs flags via GETFLAGS, modifies the result and 623 * passes that to SETFLAGS. So we cannot easily make SETFLAGS 624 * more restrictive than just silently masking off visible but 625 * not settable flags as we always did. 626 */ 627 flags &= EXT4_FL_USER_MODIFIABLE; 628 if (ext4_mask_flags(inode->i_mode, flags) != flags) 629 return -EOPNOTSUPP; 630 631 err = mnt_want_write_file(filp); 632 if (err) 633 return err; 634 635 inode_lock(inode); 636 err = ext4_ioctl_setflags(inode, flags); 637 inode_unlock(inode); 638 mnt_drop_write_file(filp); 639 return err; 640 } 641 case EXT4_IOC_GETVERSION: 642 case EXT4_IOC_GETVERSION_OLD: 643 return put_user(inode->i_generation, (int __user *) arg); 644 case EXT4_IOC_SETVERSION: 645 case EXT4_IOC_SETVERSION_OLD: { 646 handle_t *handle; 647 struct ext4_iloc iloc; 648 __u32 generation; 649 int err; 650 651 if (!inode_owner_or_capable(inode)) 652 return -EPERM; 653 654 if (ext4_has_metadata_csum(inode->i_sb)) { 655 ext4_warning(sb, "Setting inode version is not " 656 "supported with metadata_csum enabled."); 657 return -ENOTTY; 658 } 659 660 err = mnt_want_write_file(filp); 661 if (err) 662 return err; 663 if (get_user(generation, (int __user *) arg)) { 664 err = -EFAULT; 665 goto setversion_out; 666 } 667 668 inode_lock(inode); 669 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 670 if (IS_ERR(handle)) { 671 err = PTR_ERR(handle); 672 goto unlock_out; 673 } 674 err = ext4_reserve_inode_write(handle, inode, &iloc); 675 if (err == 0) { 676 inode->i_ctime = current_time(inode); 677 inode->i_generation = generation; 678 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 679 } 680 ext4_journal_stop(handle); 681 682 unlock_out: 683 inode_unlock(inode); 684 setversion_out: 685 mnt_drop_write_file(filp); 686 return err; 687 } 688 case EXT4_IOC_GROUP_EXTEND: { 689 ext4_fsblk_t n_blocks_count; 690 int err, err2=0; 691 692 err = ext4_resize_begin(sb); 693 if (err) 694 return err; 695 696 if (get_user(n_blocks_count, (__u32 __user *)arg)) { 697 err = -EFAULT; 698 goto group_extend_out; 699 } 700 701 if (ext4_has_feature_bigalloc(sb)) { 702 ext4_msg(sb, KERN_ERR, 703 "Online resizing not supported with bigalloc"); 704 err = -EOPNOTSUPP; 705 goto group_extend_out; 706 } 707 708 err = mnt_want_write_file(filp); 709 if (err) 710 goto group_extend_out; 711 712 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count); 713 if (EXT4_SB(sb)->s_journal) { 714 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 715 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 716 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 717 } 718 if (err == 0) 719 err = err2; 720 mnt_drop_write_file(filp); 721 group_extend_out: 722 ext4_resize_end(sb); 723 return err; 724 } 725 726 case EXT4_IOC_MOVE_EXT: { 727 struct move_extent me; 728 struct fd donor; 729 int err; 730 731 if (!(filp->f_mode & FMODE_READ) || 732 !(filp->f_mode & FMODE_WRITE)) 733 return -EBADF; 734 735 if (copy_from_user(&me, 736 (struct move_extent __user *)arg, sizeof(me))) 737 return -EFAULT; 738 me.moved_len = 0; 739 740 donor = fdget(me.donor_fd); 741 if (!donor.file) 742 return -EBADF; 743 744 if (!(donor.file->f_mode & FMODE_WRITE)) { 745 err = -EBADF; 746 goto mext_out; 747 } 748 749 if (ext4_has_feature_bigalloc(sb)) { 750 ext4_msg(sb, KERN_ERR, 751 "Online defrag not supported with bigalloc"); 752 err = -EOPNOTSUPP; 753 goto mext_out; 754 } else if (IS_DAX(inode)) { 755 ext4_msg(sb, KERN_ERR, 756 "Online defrag not supported with DAX"); 757 err = -EOPNOTSUPP; 758 goto mext_out; 759 } 760 761 err = mnt_want_write_file(filp); 762 if (err) 763 goto mext_out; 764 765 err = ext4_move_extents(filp, donor.file, me.orig_start, 766 me.donor_start, me.len, &me.moved_len); 767 mnt_drop_write_file(filp); 768 769 if (copy_to_user((struct move_extent __user *)arg, 770 &me, sizeof(me))) 771 err = -EFAULT; 772 mext_out: 773 fdput(donor); 774 return err; 775 } 776 777 case EXT4_IOC_GROUP_ADD: { 778 struct ext4_new_group_data input; 779 int err, err2=0; 780 781 err = ext4_resize_begin(sb); 782 if (err) 783 return err; 784 785 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg, 786 sizeof(input))) { 787 err = -EFAULT; 788 goto group_add_out; 789 } 790 791 if (ext4_has_feature_bigalloc(sb)) { 792 ext4_msg(sb, KERN_ERR, 793 "Online resizing not supported with bigalloc"); 794 err = -EOPNOTSUPP; 795 goto group_add_out; 796 } 797 798 err = mnt_want_write_file(filp); 799 if (err) 800 goto group_add_out; 801 802 err = ext4_group_add(sb, &input); 803 if (EXT4_SB(sb)->s_journal) { 804 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 805 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 806 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 807 } 808 if (err == 0) 809 err = err2; 810 mnt_drop_write_file(filp); 811 if (!err && ext4_has_group_desc_csum(sb) && 812 test_opt(sb, INIT_INODE_TABLE)) 813 err = ext4_register_li_request(sb, input.group); 814 group_add_out: 815 ext4_resize_end(sb); 816 return err; 817 } 818 819 case EXT4_IOC_MIGRATE: 820 { 821 int err; 822 if (!inode_owner_or_capable(inode)) 823 return -EACCES; 824 825 err = mnt_want_write_file(filp); 826 if (err) 827 return err; 828 /* 829 * inode_mutex prevent write and truncate on the file. 830 * Read still goes through. We take i_data_sem in 831 * ext4_ext_swap_inode_data before we switch the 832 * inode format to prevent read. 833 */ 834 inode_lock((inode)); 835 err = ext4_ext_migrate(inode); 836 inode_unlock((inode)); 837 mnt_drop_write_file(filp); 838 return err; 839 } 840 841 case EXT4_IOC_ALLOC_DA_BLKS: 842 { 843 int err; 844 if (!inode_owner_or_capable(inode)) 845 return -EACCES; 846 847 err = mnt_want_write_file(filp); 848 if (err) 849 return err; 850 err = ext4_alloc_da_blocks(inode); 851 mnt_drop_write_file(filp); 852 return err; 853 } 854 855 case EXT4_IOC_SWAP_BOOT: 856 { 857 int err; 858 if (!(filp->f_mode & FMODE_WRITE)) 859 return -EBADF; 860 err = mnt_want_write_file(filp); 861 if (err) 862 return err; 863 err = swap_inode_boot_loader(sb, inode); 864 mnt_drop_write_file(filp); 865 return err; 866 } 867 868 case EXT4_IOC_RESIZE_FS: { 869 ext4_fsblk_t n_blocks_count; 870 int err = 0, err2 = 0; 871 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count; 872 873 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg, 874 sizeof(__u64))) { 875 return -EFAULT; 876 } 877 878 err = ext4_resize_begin(sb); 879 if (err) 880 return err; 881 882 err = mnt_want_write_file(filp); 883 if (err) 884 goto resizefs_out; 885 886 err = ext4_resize_fs(sb, n_blocks_count); 887 if (EXT4_SB(sb)->s_journal) { 888 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 889 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 890 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 891 } 892 if (err == 0) 893 err = err2; 894 mnt_drop_write_file(filp); 895 if (!err && (o_group > EXT4_SB(sb)->s_groups_count) && 896 ext4_has_group_desc_csum(sb) && 897 test_opt(sb, INIT_INODE_TABLE)) 898 err = ext4_register_li_request(sb, o_group); 899 900 resizefs_out: 901 ext4_resize_end(sb); 902 return err; 903 } 904 905 case FITRIM: 906 { 907 struct request_queue *q = bdev_get_queue(sb->s_bdev); 908 struct fstrim_range range; 909 int ret = 0; 910 911 if (!capable(CAP_SYS_ADMIN)) 912 return -EPERM; 913 914 if (!blk_queue_discard(q)) 915 return -EOPNOTSUPP; 916 917 if (copy_from_user(&range, (struct fstrim_range __user *)arg, 918 sizeof(range))) 919 return -EFAULT; 920 921 range.minlen = max((unsigned int)range.minlen, 922 q->limits.discard_granularity); 923 ret = ext4_trim_fs(sb, &range); 924 if (ret < 0) 925 return ret; 926 927 if (copy_to_user((struct fstrim_range __user *)arg, &range, 928 sizeof(range))) 929 return -EFAULT; 930 931 return 0; 932 } 933 case EXT4_IOC_PRECACHE_EXTENTS: 934 return ext4_ext_precache(inode); 935 936 case EXT4_IOC_SET_ENCRYPTION_POLICY: 937 if (!ext4_has_feature_encrypt(sb)) 938 return -EOPNOTSUPP; 939 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg); 940 941 case EXT4_IOC_GET_ENCRYPTION_PWSALT: { 942 #ifdef CONFIG_EXT4_FS_ENCRYPTION 943 int err, err2; 944 struct ext4_sb_info *sbi = EXT4_SB(sb); 945 handle_t *handle; 946 947 if (!ext4_has_feature_encrypt(sb)) 948 return -EOPNOTSUPP; 949 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) { 950 err = mnt_want_write_file(filp); 951 if (err) 952 return err; 953 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1); 954 if (IS_ERR(handle)) { 955 err = PTR_ERR(handle); 956 goto pwsalt_err_exit; 957 } 958 err = ext4_journal_get_write_access(handle, sbi->s_sbh); 959 if (err) 960 goto pwsalt_err_journal; 961 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt); 962 err = ext4_handle_dirty_metadata(handle, NULL, 963 sbi->s_sbh); 964 pwsalt_err_journal: 965 err2 = ext4_journal_stop(handle); 966 if (err2 && !err) 967 err = err2; 968 pwsalt_err_exit: 969 mnt_drop_write_file(filp); 970 if (err) 971 return err; 972 } 973 if (copy_to_user((void __user *) arg, 974 sbi->s_es->s_encrypt_pw_salt, 16)) 975 return -EFAULT; 976 return 0; 977 #else 978 return -EOPNOTSUPP; 979 #endif 980 } 981 case EXT4_IOC_GET_ENCRYPTION_POLICY: 982 return fscrypt_ioctl_get_policy(filp, (void __user *)arg); 983 984 case EXT4_IOC_FSGETXATTR: 985 { 986 struct fsxattr fa; 987 988 memset(&fa, 0, sizeof(struct fsxattr)); 989 fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE); 990 991 if (ext4_has_feature_project(inode->i_sb)) { 992 fa.fsx_projid = (__u32)from_kprojid(&init_user_ns, 993 EXT4_I(inode)->i_projid); 994 } 995 996 if (copy_to_user((struct fsxattr __user *)arg, 997 &fa, sizeof(fa))) 998 return -EFAULT; 999 return 0; 1000 } 1001 case EXT4_IOC_FSSETXATTR: 1002 { 1003 struct fsxattr fa; 1004 int err; 1005 1006 if (copy_from_user(&fa, (struct fsxattr __user *)arg, 1007 sizeof(fa))) 1008 return -EFAULT; 1009 1010 /* Make sure caller has proper permission */ 1011 if (!inode_owner_or_capable(inode)) 1012 return -EACCES; 1013 1014 if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS) 1015 return -EOPNOTSUPP; 1016 1017 flags = ext4_xflags_to_iflags(fa.fsx_xflags); 1018 if (ext4_mask_flags(inode->i_mode, flags) != flags) 1019 return -EOPNOTSUPP; 1020 1021 err = mnt_want_write_file(filp); 1022 if (err) 1023 return err; 1024 1025 inode_lock(inode); 1026 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) | 1027 (flags & EXT4_FL_XFLAG_VISIBLE); 1028 err = ext4_ioctl_setflags(inode, flags); 1029 inode_unlock(inode); 1030 mnt_drop_write_file(filp); 1031 if (err) 1032 return err; 1033 1034 err = ext4_ioctl_setproject(filp, fa.fsx_projid); 1035 if (err) 1036 return err; 1037 1038 return 0; 1039 } 1040 case EXT4_IOC_SHUTDOWN: 1041 return ext4_shutdown(sb, arg); 1042 default: 1043 return -ENOTTY; 1044 } 1045 } 1046 1047 #ifdef CONFIG_COMPAT 1048 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1049 { 1050 /* These are just misnamed, they actually get/put from/to user an int */ 1051 switch (cmd) { 1052 case EXT4_IOC32_GETFLAGS: 1053 cmd = EXT4_IOC_GETFLAGS; 1054 break; 1055 case EXT4_IOC32_SETFLAGS: 1056 cmd = EXT4_IOC_SETFLAGS; 1057 break; 1058 case EXT4_IOC32_GETVERSION: 1059 cmd = EXT4_IOC_GETVERSION; 1060 break; 1061 case EXT4_IOC32_SETVERSION: 1062 cmd = EXT4_IOC_SETVERSION; 1063 break; 1064 case EXT4_IOC32_GROUP_EXTEND: 1065 cmd = EXT4_IOC_GROUP_EXTEND; 1066 break; 1067 case EXT4_IOC32_GETVERSION_OLD: 1068 cmd = EXT4_IOC_GETVERSION_OLD; 1069 break; 1070 case EXT4_IOC32_SETVERSION_OLD: 1071 cmd = EXT4_IOC_SETVERSION_OLD; 1072 break; 1073 case EXT4_IOC32_GETRSVSZ: 1074 cmd = EXT4_IOC_GETRSVSZ; 1075 break; 1076 case EXT4_IOC32_SETRSVSZ: 1077 cmd = EXT4_IOC_SETRSVSZ; 1078 break; 1079 case EXT4_IOC32_GROUP_ADD: { 1080 struct compat_ext4_new_group_input __user *uinput; 1081 struct ext4_new_group_input input; 1082 mm_segment_t old_fs; 1083 int err; 1084 1085 uinput = compat_ptr(arg); 1086 err = get_user(input.group, &uinput->group); 1087 err |= get_user(input.block_bitmap, &uinput->block_bitmap); 1088 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap); 1089 err |= get_user(input.inode_table, &uinput->inode_table); 1090 err |= get_user(input.blocks_count, &uinput->blocks_count); 1091 err |= get_user(input.reserved_blocks, 1092 &uinput->reserved_blocks); 1093 if (err) 1094 return -EFAULT; 1095 old_fs = get_fs(); 1096 set_fs(KERNEL_DS); 1097 err = ext4_ioctl(file, EXT4_IOC_GROUP_ADD, 1098 (unsigned long) &input); 1099 set_fs(old_fs); 1100 return err; 1101 } 1102 case EXT4_IOC_MOVE_EXT: 1103 case EXT4_IOC_RESIZE_FS: 1104 case EXT4_IOC_PRECACHE_EXTENTS: 1105 case EXT4_IOC_SET_ENCRYPTION_POLICY: 1106 case EXT4_IOC_GET_ENCRYPTION_PWSALT: 1107 case EXT4_IOC_GET_ENCRYPTION_POLICY: 1108 case EXT4_IOC_SHUTDOWN: 1109 case FS_IOC_GETFSMAP: 1110 break; 1111 default: 1112 return -ENOIOCTLCMD; 1113 } 1114 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); 1115 } 1116 #endif 1117