xref: /openbmc/linux/fs/ext4/ioctl.c (revision 5c816641)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * linux/fs/ext4/ioctl.c
4  *
5  * Copyright (C) 1993, 1994, 1995
6  * Remy Card (card@masi.ibp.fr)
7  * Laboratoire MASI - Institut Blaise Pascal
8  * Universite Pierre et Marie Curie (Paris VI)
9  */
10 
11 #include <linux/fs.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <linux/quotaops.h>
18 #include <linux/random.h>
19 #include <linux/uuid.h>
20 #include <linux/uaccess.h>
21 #include <linux/delay.h>
22 #include <linux/iversion.h>
23 #include <linux/fileattr.h>
24 #include "ext4_jbd2.h"
25 #include "ext4.h"
26 #include <linux/fsmap.h>
27 #include "fsmap.h"
28 #include <trace/events/ext4.h>
29 
30 typedef void ext4_update_sb_callback(struct ext4_super_block *es,
31 				       const void *arg);
32 
33 /*
34  * Superblock modification callback function for changing file system
35  * label
36  */
37 static void ext4_sb_setlabel(struct ext4_super_block *es, const void *arg)
38 {
39 	/* Sanity check, this should never happen */
40 	BUILD_BUG_ON(sizeof(es->s_volume_name) < EXT4_LABEL_MAX);
41 
42 	memcpy(es->s_volume_name, (char *)arg, EXT4_LABEL_MAX);
43 }
44 
45 static
46 int ext4_update_primary_sb(struct super_block *sb, handle_t *handle,
47 			   ext4_update_sb_callback func,
48 			   const void *arg)
49 {
50 	int err = 0;
51 	struct ext4_sb_info *sbi = EXT4_SB(sb);
52 	struct buffer_head *bh = sbi->s_sbh;
53 	struct ext4_super_block *es = sbi->s_es;
54 
55 	trace_ext4_update_sb(sb, bh->b_blocknr, 1);
56 
57 	BUFFER_TRACE(bh, "get_write_access");
58 	err = ext4_journal_get_write_access(handle, sb,
59 					    bh,
60 					    EXT4_JTR_NONE);
61 	if (err)
62 		goto out_err;
63 
64 	lock_buffer(bh);
65 	func(es, arg);
66 	ext4_superblock_csum_set(sb);
67 	unlock_buffer(bh);
68 
69 	if (buffer_write_io_error(bh) || !buffer_uptodate(bh)) {
70 		ext4_msg(sbi->s_sb, KERN_ERR, "previous I/O error to "
71 			 "superblock detected");
72 		clear_buffer_write_io_error(bh);
73 		set_buffer_uptodate(bh);
74 	}
75 
76 	err = ext4_handle_dirty_metadata(handle, NULL, bh);
77 	if (err)
78 		goto out_err;
79 	err = sync_dirty_buffer(bh);
80 out_err:
81 	ext4_std_error(sb, err);
82 	return err;
83 }
84 
85 /*
86  * Update one backup superblock in the group 'grp' using the callback
87  * function 'func' and argument 'arg'. If the handle is NULL the
88  * modification is not journalled.
89  *
90  * Returns: 0 when no modification was done (no superblock in the group)
91  *	    1 when the modification was successful
92  *	   <0 on error
93  */
94 static int ext4_update_backup_sb(struct super_block *sb,
95 				 handle_t *handle, ext4_group_t grp,
96 				 ext4_update_sb_callback func, const void *arg)
97 {
98 	int err = 0;
99 	ext4_fsblk_t sb_block;
100 	struct buffer_head *bh;
101 	unsigned long offset = 0;
102 	struct ext4_super_block *es;
103 
104 	if (!ext4_bg_has_super(sb, grp))
105 		return 0;
106 
107 	/*
108 	 * For the group 0 there is always 1k padding, so we have
109 	 * either adjust offset, or sb_block depending on blocksize
110 	 */
111 	if (grp == 0) {
112 		sb_block = 1 * EXT4_MIN_BLOCK_SIZE;
113 		offset = do_div(sb_block, sb->s_blocksize);
114 	} else {
115 		sb_block = ext4_group_first_block_no(sb, grp);
116 		offset = 0;
117 	}
118 
119 	trace_ext4_update_sb(sb, sb_block, handle ? 1 : 0);
120 
121 	bh = ext4_sb_bread(sb, sb_block, 0);
122 	if (IS_ERR(bh))
123 		return PTR_ERR(bh);
124 
125 	if (handle) {
126 		BUFFER_TRACE(bh, "get_write_access");
127 		err = ext4_journal_get_write_access(handle, sb,
128 						    bh,
129 						    EXT4_JTR_NONE);
130 		if (err)
131 			goto out_bh;
132 	}
133 
134 	es = (struct ext4_super_block *) (bh->b_data + offset);
135 	lock_buffer(bh);
136 	if (ext4_has_metadata_csum(sb) &&
137 	    es->s_checksum != ext4_superblock_csum(sb, es)) {
138 		ext4_msg(sb, KERN_ERR, "Invalid checksum for backup "
139 		"superblock %llu\n", sb_block);
140 		unlock_buffer(bh);
141 		err = -EFSBADCRC;
142 		goto out_bh;
143 	}
144 	func(es, arg);
145 	if (ext4_has_metadata_csum(sb))
146 		es->s_checksum = ext4_superblock_csum(sb, es);
147 	set_buffer_uptodate(bh);
148 	unlock_buffer(bh);
149 
150 	if (err)
151 		goto out_bh;
152 
153 	if (handle) {
154 		err = ext4_handle_dirty_metadata(handle, NULL, bh);
155 		if (err)
156 			goto out_bh;
157 	} else {
158 		BUFFER_TRACE(bh, "marking dirty");
159 		mark_buffer_dirty(bh);
160 	}
161 	err = sync_dirty_buffer(bh);
162 
163 out_bh:
164 	brelse(bh);
165 	ext4_std_error(sb, err);
166 	return (err) ? err : 1;
167 }
168 
169 /*
170  * Update primary and backup superblocks using the provided function
171  * func and argument arg.
172  *
173  * Only the primary superblock and at most two backup superblock
174  * modifications are journalled; the rest is modified without journal.
175  * This is safe because e2fsck will re-write them if there is a problem,
176  * and we're very unlikely to ever need more than two backups.
177  */
178 static
179 int ext4_update_superblocks_fn(struct super_block *sb,
180 			       ext4_update_sb_callback func,
181 			       const void *arg)
182 {
183 	handle_t *handle;
184 	ext4_group_t ngroups;
185 	unsigned int three = 1;
186 	unsigned int five = 5;
187 	unsigned int seven = 7;
188 	int err = 0, ret, i;
189 	ext4_group_t grp, primary_grp;
190 	struct ext4_sb_info *sbi = EXT4_SB(sb);
191 
192 	/*
193 	 * We can't update superblocks while the online resize is running
194 	 */
195 	if (test_and_set_bit_lock(EXT4_FLAGS_RESIZING,
196 				  &sbi->s_ext4_flags)) {
197 		ext4_msg(sb, KERN_ERR, "Can't modify superblock while"
198 			 "performing online resize");
199 		return -EBUSY;
200 	}
201 
202 	/*
203 	 * We're only going to update primary superblock and two
204 	 * backup superblocks in this transaction.
205 	 */
206 	handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 3);
207 	if (IS_ERR(handle)) {
208 		err = PTR_ERR(handle);
209 		goto out;
210 	}
211 
212 	/* Update primary superblock */
213 	err = ext4_update_primary_sb(sb, handle, func, arg);
214 	if (err) {
215 		ext4_msg(sb, KERN_ERR, "Failed to update primary "
216 			 "superblock");
217 		goto out_journal;
218 	}
219 
220 	primary_grp = ext4_get_group_number(sb, sbi->s_sbh->b_blocknr);
221 	ngroups = ext4_get_groups_count(sb);
222 
223 	/*
224 	 * Update backup superblocks. We have to start from group 0
225 	 * because it might not be where the primary superblock is
226 	 * if the fs is mounted with -o sb=<backup_sb_block>
227 	 */
228 	i = 0;
229 	grp = 0;
230 	while (grp < ngroups) {
231 		/* Skip primary superblock */
232 		if (grp == primary_grp)
233 			goto next_grp;
234 
235 		ret = ext4_update_backup_sb(sb, handle, grp, func, arg);
236 		if (ret < 0) {
237 			/* Ignore bad checksum; try to update next sb */
238 			if (ret == -EFSBADCRC)
239 				goto next_grp;
240 			err = ret;
241 			goto out_journal;
242 		}
243 
244 		i += ret;
245 		if (handle && i > 1) {
246 			/*
247 			 * We're only journalling primary superblock and
248 			 * two backup superblocks; the rest is not
249 			 * journalled.
250 			 */
251 			err = ext4_journal_stop(handle);
252 			if (err)
253 				goto out;
254 			handle = NULL;
255 		}
256 next_grp:
257 		grp = ext4_list_backups(sb, &three, &five, &seven);
258 	}
259 
260 out_journal:
261 	if (handle) {
262 		ret = ext4_journal_stop(handle);
263 		if (ret && !err)
264 			err = ret;
265 	}
266 out:
267 	clear_bit_unlock(EXT4_FLAGS_RESIZING, &sbi->s_ext4_flags);
268 	smp_mb__after_atomic();
269 	return err ? err : 0;
270 }
271 
272 /**
273  * Swap memory between @a and @b for @len bytes.
274  *
275  * @a:          pointer to first memory area
276  * @b:          pointer to second memory area
277  * @len:        number of bytes to swap
278  *
279  */
280 static void memswap(void *a, void *b, size_t len)
281 {
282 	unsigned char *ap, *bp;
283 
284 	ap = (unsigned char *)a;
285 	bp = (unsigned char *)b;
286 	while (len-- > 0) {
287 		swap(*ap, *bp);
288 		ap++;
289 		bp++;
290 	}
291 }
292 
293 /**
294  * Swap i_data and associated attributes between @inode1 and @inode2.
295  * This function is used for the primary swap between inode1 and inode2
296  * and also to revert this primary swap in case of errors.
297  *
298  * Therefore you have to make sure, that calling this method twice
299  * will revert all changes.
300  *
301  * @inode1:     pointer to first inode
302  * @inode2:     pointer to second inode
303  */
304 static void swap_inode_data(struct inode *inode1, struct inode *inode2)
305 {
306 	loff_t isize;
307 	struct ext4_inode_info *ei1;
308 	struct ext4_inode_info *ei2;
309 	unsigned long tmp;
310 
311 	ei1 = EXT4_I(inode1);
312 	ei2 = EXT4_I(inode2);
313 
314 	swap(inode1->i_version, inode2->i_version);
315 	swap(inode1->i_atime, inode2->i_atime);
316 	swap(inode1->i_mtime, inode2->i_mtime);
317 
318 	memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
319 	tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
320 	ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
321 		(ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
322 	ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
323 	swap(ei1->i_disksize, ei2->i_disksize);
324 	ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
325 	ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
326 
327 	isize = i_size_read(inode1);
328 	i_size_write(inode1, i_size_read(inode2));
329 	i_size_write(inode2, isize);
330 }
331 
332 void ext4_reset_inode_seed(struct inode *inode)
333 {
334 	struct ext4_inode_info *ei = EXT4_I(inode);
335 	struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
336 	__le32 inum = cpu_to_le32(inode->i_ino);
337 	__le32 gen = cpu_to_le32(inode->i_generation);
338 	__u32 csum;
339 
340 	if (!ext4_has_metadata_csum(inode->i_sb))
341 		return;
342 
343 	csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
344 	ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
345 }
346 
347 /**
348  * Swap the information from the given @inode and the inode
349  * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
350  * important fields of the inodes.
351  *
352  * @sb:         the super block of the filesystem
353  * @mnt_userns:	user namespace of the mount the inode was found from
354  * @inode:      the inode to swap with EXT4_BOOT_LOADER_INO
355  *
356  */
357 static long swap_inode_boot_loader(struct super_block *sb,
358 				struct user_namespace *mnt_userns,
359 				struct inode *inode)
360 {
361 	handle_t *handle;
362 	int err;
363 	struct inode *inode_bl;
364 	struct ext4_inode_info *ei_bl;
365 	qsize_t size, size_bl, diff;
366 	blkcnt_t blocks;
367 	unsigned short bytes;
368 
369 	inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL);
370 	if (IS_ERR(inode_bl))
371 		return PTR_ERR(inode_bl);
372 	ei_bl = EXT4_I(inode_bl);
373 
374 	/* Protect orig inodes against a truncate and make sure,
375 	 * that only 1 swap_inode_boot_loader is running. */
376 	lock_two_nondirectories(inode, inode_bl);
377 
378 	if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
379 	    IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
380 	    (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
381 	    ext4_has_inline_data(inode)) {
382 		err = -EINVAL;
383 		goto journal_err_out;
384 	}
385 
386 	if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
387 	    !inode_owner_or_capable(mnt_userns, inode) ||
388 	    !capable(CAP_SYS_ADMIN)) {
389 		err = -EPERM;
390 		goto journal_err_out;
391 	}
392 
393 	filemap_invalidate_lock(inode->i_mapping);
394 	err = filemap_write_and_wait(inode->i_mapping);
395 	if (err)
396 		goto err_out;
397 
398 	err = filemap_write_and_wait(inode_bl->i_mapping);
399 	if (err)
400 		goto err_out;
401 
402 	/* Wait for all existing dio workers */
403 	inode_dio_wait(inode);
404 	inode_dio_wait(inode_bl);
405 
406 	truncate_inode_pages(&inode->i_data, 0);
407 	truncate_inode_pages(&inode_bl->i_data, 0);
408 
409 	handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
410 	if (IS_ERR(handle)) {
411 		err = -EINVAL;
412 		goto err_out;
413 	}
414 	ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_SWAP_BOOT, handle);
415 
416 	/* Protect extent tree against block allocations via delalloc */
417 	ext4_double_down_write_data_sem(inode, inode_bl);
418 
419 	if (inode_bl->i_nlink == 0) {
420 		/* this inode has never been used as a BOOT_LOADER */
421 		set_nlink(inode_bl, 1);
422 		i_uid_write(inode_bl, 0);
423 		i_gid_write(inode_bl, 0);
424 		inode_bl->i_flags = 0;
425 		ei_bl->i_flags = 0;
426 		inode_set_iversion(inode_bl, 1);
427 		i_size_write(inode_bl, 0);
428 		inode_bl->i_mode = S_IFREG;
429 		if (ext4_has_feature_extents(sb)) {
430 			ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
431 			ext4_ext_tree_init(handle, inode_bl);
432 		} else
433 			memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
434 	}
435 
436 	err = dquot_initialize(inode);
437 	if (err)
438 		goto err_out1;
439 
440 	size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
441 	size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
442 	diff = size - size_bl;
443 	swap_inode_data(inode, inode_bl);
444 
445 	inode->i_ctime = inode_bl->i_ctime = current_time(inode);
446 
447 	inode->i_generation = prandom_u32();
448 	inode_bl->i_generation = prandom_u32();
449 	ext4_reset_inode_seed(inode);
450 	ext4_reset_inode_seed(inode_bl);
451 
452 	ext4_discard_preallocations(inode, 0);
453 
454 	err = ext4_mark_inode_dirty(handle, inode);
455 	if (err < 0) {
456 		/* No need to update quota information. */
457 		ext4_warning(inode->i_sb,
458 			"couldn't mark inode #%lu dirty (err %d)",
459 			inode->i_ino, err);
460 		/* Revert all changes: */
461 		swap_inode_data(inode, inode_bl);
462 		ext4_mark_inode_dirty(handle, inode);
463 		goto err_out1;
464 	}
465 
466 	blocks = inode_bl->i_blocks;
467 	bytes = inode_bl->i_bytes;
468 	inode_bl->i_blocks = inode->i_blocks;
469 	inode_bl->i_bytes = inode->i_bytes;
470 	err = ext4_mark_inode_dirty(handle, inode_bl);
471 	if (err < 0) {
472 		/* No need to update quota information. */
473 		ext4_warning(inode_bl->i_sb,
474 			"couldn't mark inode #%lu dirty (err %d)",
475 			inode_bl->i_ino, err);
476 		goto revert;
477 	}
478 
479 	/* Bootloader inode should not be counted into quota information. */
480 	if (diff > 0)
481 		dquot_free_space(inode, diff);
482 	else
483 		err = dquot_alloc_space(inode, -1 * diff);
484 
485 	if (err < 0) {
486 revert:
487 		/* Revert all changes: */
488 		inode_bl->i_blocks = blocks;
489 		inode_bl->i_bytes = bytes;
490 		swap_inode_data(inode, inode_bl);
491 		ext4_mark_inode_dirty(handle, inode);
492 		ext4_mark_inode_dirty(handle, inode_bl);
493 	}
494 
495 err_out1:
496 	ext4_journal_stop(handle);
497 	ext4_double_up_write_data_sem(inode, inode_bl);
498 
499 err_out:
500 	filemap_invalidate_unlock(inode->i_mapping);
501 journal_err_out:
502 	unlock_two_nondirectories(inode, inode_bl);
503 	iput(inode_bl);
504 	return err;
505 }
506 
507 #ifdef CONFIG_FS_ENCRYPTION
508 static int uuid_is_zero(__u8 u[16])
509 {
510 	int	i;
511 
512 	for (i = 0; i < 16; i++)
513 		if (u[i])
514 			return 0;
515 	return 1;
516 }
517 #endif
518 
519 /*
520  * If immutable is set and we are not clearing it, we're not allowed to change
521  * anything else in the inode.  Don't error out if we're only trying to set
522  * immutable on an immutable file.
523  */
524 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
525 				      unsigned int flags)
526 {
527 	struct ext4_inode_info *ei = EXT4_I(inode);
528 	unsigned int oldflags = ei->i_flags;
529 
530 	if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
531 		return 0;
532 
533 	if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
534 		return -EPERM;
535 	if (ext4_has_feature_project(inode->i_sb) &&
536 	    __kprojid_val(ei->i_projid) != new_projid)
537 		return -EPERM;
538 
539 	return 0;
540 }
541 
542 static void ext4_dax_dontcache(struct inode *inode, unsigned int flags)
543 {
544 	struct ext4_inode_info *ei = EXT4_I(inode);
545 
546 	if (S_ISDIR(inode->i_mode))
547 		return;
548 
549 	if (test_opt2(inode->i_sb, DAX_NEVER) ||
550 	    test_opt(inode->i_sb, DAX_ALWAYS))
551 		return;
552 
553 	if ((ei->i_flags ^ flags) & EXT4_DAX_FL)
554 		d_mark_dontcache(inode);
555 }
556 
557 static bool dax_compatible(struct inode *inode, unsigned int oldflags,
558 			   unsigned int flags)
559 {
560 	/* Allow the DAX flag to be changed on inline directories */
561 	if (S_ISDIR(inode->i_mode)) {
562 		flags &= ~EXT4_INLINE_DATA_FL;
563 		oldflags &= ~EXT4_INLINE_DATA_FL;
564 	}
565 
566 	if (flags & EXT4_DAX_FL) {
567 		if ((oldflags & EXT4_DAX_MUT_EXCL) ||
568 		     ext4_test_inode_state(inode,
569 					  EXT4_STATE_VERITY_IN_PROGRESS)) {
570 			return false;
571 		}
572 	}
573 
574 	if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL))
575 			return false;
576 
577 	return true;
578 }
579 
580 static int ext4_ioctl_setflags(struct inode *inode,
581 			       unsigned int flags)
582 {
583 	struct ext4_inode_info *ei = EXT4_I(inode);
584 	handle_t *handle = NULL;
585 	int err = -EPERM, migrate = 0;
586 	struct ext4_iloc iloc;
587 	unsigned int oldflags, mask, i;
588 	struct super_block *sb = inode->i_sb;
589 
590 	/* Is it quota file? Do not allow user to mess with it */
591 	if (ext4_is_quota_file(inode))
592 		goto flags_out;
593 
594 	oldflags = ei->i_flags;
595 	/*
596 	 * The JOURNAL_DATA flag can only be changed by
597 	 * the relevant capability.
598 	 */
599 	if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
600 		if (!capable(CAP_SYS_RESOURCE))
601 			goto flags_out;
602 	}
603 
604 	if (!dax_compatible(inode, oldflags, flags)) {
605 		err = -EOPNOTSUPP;
606 		goto flags_out;
607 	}
608 
609 	if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
610 		migrate = 1;
611 
612 	if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) {
613 		if (!ext4_has_feature_casefold(sb)) {
614 			err = -EOPNOTSUPP;
615 			goto flags_out;
616 		}
617 
618 		if (!S_ISDIR(inode->i_mode)) {
619 			err = -ENOTDIR;
620 			goto flags_out;
621 		}
622 
623 		if (!ext4_empty_dir(inode)) {
624 			err = -ENOTEMPTY;
625 			goto flags_out;
626 		}
627 	}
628 
629 	/*
630 	 * Wait for all pending directio and then flush all the dirty pages
631 	 * for this file.  The flush marks all the pages readonly, so any
632 	 * subsequent attempt to write to the file (particularly mmap pages)
633 	 * will come through the filesystem and fail.
634 	 */
635 	if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
636 	    (flags & EXT4_IMMUTABLE_FL)) {
637 		inode_dio_wait(inode);
638 		err = filemap_write_and_wait(inode->i_mapping);
639 		if (err)
640 			goto flags_out;
641 	}
642 
643 	handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
644 	if (IS_ERR(handle)) {
645 		err = PTR_ERR(handle);
646 		goto flags_out;
647 	}
648 	if (IS_SYNC(inode))
649 		ext4_handle_sync(handle);
650 	err = ext4_reserve_inode_write(handle, inode, &iloc);
651 	if (err)
652 		goto flags_err;
653 
654 	ext4_dax_dontcache(inode, flags);
655 
656 	for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
657 		if (!(mask & EXT4_FL_USER_MODIFIABLE))
658 			continue;
659 		/* These flags get special treatment later */
660 		if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
661 			continue;
662 		if (mask & flags)
663 			ext4_set_inode_flag(inode, i);
664 		else
665 			ext4_clear_inode_flag(inode, i);
666 	}
667 
668 	ext4_set_inode_flags(inode, false);
669 
670 	inode->i_ctime = current_time(inode);
671 
672 	err = ext4_mark_iloc_dirty(handle, inode, &iloc);
673 flags_err:
674 	ext4_journal_stop(handle);
675 	if (err)
676 		goto flags_out;
677 
678 	if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
679 		/*
680 		 * Changes to the journaling mode can cause unsafe changes to
681 		 * S_DAX if the inode is DAX
682 		 */
683 		if (IS_DAX(inode)) {
684 			err = -EBUSY;
685 			goto flags_out;
686 		}
687 
688 		err = ext4_change_inode_journal_flag(inode,
689 						     flags & EXT4_JOURNAL_DATA_FL);
690 		if (err)
691 			goto flags_out;
692 	}
693 	if (migrate) {
694 		if (flags & EXT4_EXTENTS_FL)
695 			err = ext4_ext_migrate(inode);
696 		else
697 			err = ext4_ind_migrate(inode);
698 	}
699 
700 flags_out:
701 	return err;
702 }
703 
704 #ifdef CONFIG_QUOTA
705 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
706 {
707 	struct super_block *sb = inode->i_sb;
708 	struct ext4_inode_info *ei = EXT4_I(inode);
709 	int err, rc;
710 	handle_t *handle;
711 	kprojid_t kprojid;
712 	struct ext4_iloc iloc;
713 	struct ext4_inode *raw_inode;
714 	struct dquot *transfer_to[MAXQUOTAS] = { };
715 
716 	if (!ext4_has_feature_project(sb)) {
717 		if (projid != EXT4_DEF_PROJID)
718 			return -EOPNOTSUPP;
719 		else
720 			return 0;
721 	}
722 
723 	if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
724 		return -EOPNOTSUPP;
725 
726 	kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
727 
728 	if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
729 		return 0;
730 
731 	err = -EPERM;
732 	/* Is it quota file? Do not allow user to mess with it */
733 	if (ext4_is_quota_file(inode))
734 		return err;
735 
736 	err = ext4_get_inode_loc(inode, &iloc);
737 	if (err)
738 		return err;
739 
740 	raw_inode = ext4_raw_inode(&iloc);
741 	if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
742 		err = ext4_expand_extra_isize(inode,
743 					      EXT4_SB(sb)->s_want_extra_isize,
744 					      &iloc);
745 		if (err)
746 			return err;
747 	} else {
748 		brelse(iloc.bh);
749 	}
750 
751 	err = dquot_initialize(inode);
752 	if (err)
753 		return err;
754 
755 	handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
756 		EXT4_QUOTA_INIT_BLOCKS(sb) +
757 		EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
758 	if (IS_ERR(handle))
759 		return PTR_ERR(handle);
760 
761 	err = ext4_reserve_inode_write(handle, inode, &iloc);
762 	if (err)
763 		goto out_stop;
764 
765 	transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
766 	if (!IS_ERR(transfer_to[PRJQUOTA])) {
767 
768 		/* __dquot_transfer() calls back ext4_get_inode_usage() which
769 		 * counts xattr inode references.
770 		 */
771 		down_read(&EXT4_I(inode)->xattr_sem);
772 		err = __dquot_transfer(inode, transfer_to);
773 		up_read(&EXT4_I(inode)->xattr_sem);
774 		dqput(transfer_to[PRJQUOTA]);
775 		if (err)
776 			goto out_dirty;
777 	}
778 
779 	EXT4_I(inode)->i_projid = kprojid;
780 	inode->i_ctime = current_time(inode);
781 out_dirty:
782 	rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
783 	if (!err)
784 		err = rc;
785 out_stop:
786 	ext4_journal_stop(handle);
787 	return err;
788 }
789 #else
790 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
791 {
792 	if (projid != EXT4_DEF_PROJID)
793 		return -EOPNOTSUPP;
794 	return 0;
795 }
796 #endif
797 
798 static int ext4_shutdown(struct super_block *sb, unsigned long arg)
799 {
800 	struct ext4_sb_info *sbi = EXT4_SB(sb);
801 	__u32 flags;
802 
803 	if (!capable(CAP_SYS_ADMIN))
804 		return -EPERM;
805 
806 	if (get_user(flags, (__u32 __user *)arg))
807 		return -EFAULT;
808 
809 	if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
810 		return -EINVAL;
811 
812 	if (ext4_forced_shutdown(sbi))
813 		return 0;
814 
815 	ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
816 	trace_ext4_shutdown(sb, flags);
817 
818 	switch (flags) {
819 	case EXT4_GOING_FLAGS_DEFAULT:
820 		freeze_bdev(sb->s_bdev);
821 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
822 		thaw_bdev(sb->s_bdev);
823 		break;
824 	case EXT4_GOING_FLAGS_LOGFLUSH:
825 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
826 		if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
827 			(void) ext4_force_commit(sb);
828 			jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
829 		}
830 		break;
831 	case EXT4_GOING_FLAGS_NOLOGFLUSH:
832 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
833 		if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
834 			jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
835 		break;
836 	default:
837 		return -EINVAL;
838 	}
839 	clear_opt(sb, DISCARD);
840 	return 0;
841 }
842 
843 struct getfsmap_info {
844 	struct super_block	*gi_sb;
845 	struct fsmap_head __user *gi_data;
846 	unsigned int		gi_idx;
847 	__u32			gi_last_flags;
848 };
849 
850 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
851 {
852 	struct getfsmap_info *info = priv;
853 	struct fsmap fm;
854 
855 	trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
856 
857 	info->gi_last_flags = xfm->fmr_flags;
858 	ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
859 	if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
860 			sizeof(struct fsmap)))
861 		return -EFAULT;
862 
863 	return 0;
864 }
865 
866 static int ext4_ioc_getfsmap(struct super_block *sb,
867 			     struct fsmap_head __user *arg)
868 {
869 	struct getfsmap_info info = { NULL };
870 	struct ext4_fsmap_head xhead = {0};
871 	struct fsmap_head head;
872 	bool aborted = false;
873 	int error;
874 
875 	if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
876 		return -EFAULT;
877 	if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
878 	    memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
879 		       sizeof(head.fmh_keys[0].fmr_reserved)) ||
880 	    memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
881 		       sizeof(head.fmh_keys[1].fmr_reserved)))
882 		return -EINVAL;
883 	/*
884 	 * ext4 doesn't report file extents at all, so the only valid
885 	 * file offsets are the magic ones (all zeroes or all ones).
886 	 */
887 	if (head.fmh_keys[0].fmr_offset ||
888 	    (head.fmh_keys[1].fmr_offset != 0 &&
889 	     head.fmh_keys[1].fmr_offset != -1ULL))
890 		return -EINVAL;
891 
892 	xhead.fmh_iflags = head.fmh_iflags;
893 	xhead.fmh_count = head.fmh_count;
894 	ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
895 	ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
896 
897 	trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
898 	trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
899 
900 	info.gi_sb = sb;
901 	info.gi_data = arg;
902 	error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
903 	if (error == EXT4_QUERY_RANGE_ABORT)
904 		aborted = true;
905 	else if (error)
906 		return error;
907 
908 	/* If we didn't abort, set the "last" flag in the last fmx */
909 	if (!aborted && info.gi_idx) {
910 		info.gi_last_flags |= FMR_OF_LAST;
911 		if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
912 				 &info.gi_last_flags,
913 				 sizeof(info.gi_last_flags)))
914 			return -EFAULT;
915 	}
916 
917 	/* copy back header */
918 	head.fmh_entries = xhead.fmh_entries;
919 	head.fmh_oflags = xhead.fmh_oflags;
920 	if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
921 		return -EFAULT;
922 
923 	return 0;
924 }
925 
926 static long ext4_ioctl_group_add(struct file *file,
927 				 struct ext4_new_group_data *input)
928 {
929 	struct super_block *sb = file_inode(file)->i_sb;
930 	int err, err2=0;
931 
932 	err = ext4_resize_begin(sb);
933 	if (err)
934 		return err;
935 
936 	if (ext4_has_feature_bigalloc(sb)) {
937 		ext4_msg(sb, KERN_ERR,
938 			 "Online resizing not supported with bigalloc");
939 		err = -EOPNOTSUPP;
940 		goto group_add_out;
941 	}
942 
943 	err = mnt_want_write_file(file);
944 	if (err)
945 		goto group_add_out;
946 
947 	err = ext4_group_add(sb, input);
948 	if (EXT4_SB(sb)->s_journal) {
949 		jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
950 		err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
951 		jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
952 	}
953 	if (err == 0)
954 		err = err2;
955 	mnt_drop_write_file(file);
956 	if (!err && ext4_has_group_desc_csum(sb) &&
957 	    test_opt(sb, INIT_INODE_TABLE))
958 		err = ext4_register_li_request(sb, input->group);
959 group_add_out:
960 	ext4_resize_end(sb);
961 	return err;
962 }
963 
964 int ext4_fileattr_get(struct dentry *dentry, struct fileattr *fa)
965 {
966 	struct inode *inode = d_inode(dentry);
967 	struct ext4_inode_info *ei = EXT4_I(inode);
968 	u32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
969 
970 	if (S_ISREG(inode->i_mode))
971 		flags &= ~FS_PROJINHERIT_FL;
972 
973 	fileattr_fill_flags(fa, flags);
974 	if (ext4_has_feature_project(inode->i_sb))
975 		fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid);
976 
977 	return 0;
978 }
979 
980 int ext4_fileattr_set(struct user_namespace *mnt_userns,
981 		      struct dentry *dentry, struct fileattr *fa)
982 {
983 	struct inode *inode = d_inode(dentry);
984 	u32 flags = fa->flags;
985 	int err = -EOPNOTSUPP;
986 
987 	if (flags & ~EXT4_FL_USER_VISIBLE)
988 		goto out;
989 
990 	/*
991 	 * chattr(1) grabs flags via GETFLAGS, modifies the result and
992 	 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
993 	 * more restrictive than just silently masking off visible but
994 	 * not settable flags as we always did.
995 	 */
996 	flags &= EXT4_FL_USER_MODIFIABLE;
997 	if (ext4_mask_flags(inode->i_mode, flags) != flags)
998 		goto out;
999 	err = ext4_ioctl_check_immutable(inode, fa->fsx_projid, flags);
1000 	if (err)
1001 		goto out;
1002 	err = ext4_ioctl_setflags(inode, flags);
1003 	if (err)
1004 		goto out;
1005 	err = ext4_ioctl_setproject(inode, fa->fsx_projid);
1006 out:
1007 	return err;
1008 }
1009 
1010 /* So that the fiemap access checks can't overflow on 32 bit machines. */
1011 #define FIEMAP_MAX_EXTENTS	(UINT_MAX / sizeof(struct fiemap_extent))
1012 
1013 static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg)
1014 {
1015 	struct fiemap fiemap;
1016 	struct fiemap __user *ufiemap = (struct fiemap __user *) arg;
1017 	struct fiemap_extent_info fieinfo = { 0, };
1018 	struct inode *inode = file_inode(filp);
1019 	int error;
1020 
1021 	if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap)))
1022 		return -EFAULT;
1023 
1024 	if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS)
1025 		return -EINVAL;
1026 
1027 	fieinfo.fi_flags = fiemap.fm_flags;
1028 	fieinfo.fi_extents_max = fiemap.fm_extent_count;
1029 	fieinfo.fi_extents_start = ufiemap->fm_extents;
1030 
1031 	error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start,
1032 			fiemap.fm_length);
1033 	fiemap.fm_flags = fieinfo.fi_flags;
1034 	fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
1035 	if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap)))
1036 		error = -EFAULT;
1037 
1038 	return error;
1039 }
1040 
1041 static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg)
1042 {
1043 	int err = 0;
1044 	__u32 flags = 0;
1045 	unsigned int flush_flags = 0;
1046 	struct super_block *sb = file_inode(filp)->i_sb;
1047 	struct request_queue *q;
1048 
1049 	if (copy_from_user(&flags, (__u32 __user *)arg,
1050 				sizeof(__u32)))
1051 		return -EFAULT;
1052 
1053 	if (!capable(CAP_SYS_ADMIN))
1054 		return -EPERM;
1055 
1056 	/* check for invalid bits set */
1057 	if ((flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) ||
1058 				((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
1059 				(flags & JBD2_JOURNAL_FLUSH_ZEROOUT)))
1060 		return -EINVAL;
1061 
1062 	if (!EXT4_SB(sb)->s_journal)
1063 		return -ENODEV;
1064 
1065 	if (flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID)
1066 		return -EINVAL;
1067 
1068 	q = bdev_get_queue(EXT4_SB(sb)->s_journal->j_dev);
1069 	if (!q)
1070 		return -ENXIO;
1071 	if ((flags & JBD2_JOURNAL_FLUSH_DISCARD) && !blk_queue_discard(q))
1072 		return -EOPNOTSUPP;
1073 
1074 	if (flags & EXT4_IOC_CHECKPOINT_FLAG_DRY_RUN)
1075 		return 0;
1076 
1077 	if (flags & EXT4_IOC_CHECKPOINT_FLAG_DISCARD)
1078 		flush_flags |= JBD2_JOURNAL_FLUSH_DISCARD;
1079 
1080 	if (flags & EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT) {
1081 		flush_flags |= JBD2_JOURNAL_FLUSH_ZEROOUT;
1082 		pr_info_ratelimited("warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow");
1083 	}
1084 
1085 	jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1086 	err = jbd2_journal_flush(EXT4_SB(sb)->s_journal, flush_flags);
1087 	jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1088 
1089 	return err;
1090 }
1091 
1092 static int ext4_ioctl_setlabel(struct file *filp, const char __user *user_label)
1093 {
1094 	size_t len;
1095 	int ret = 0;
1096 	char new_label[EXT4_LABEL_MAX + 1];
1097 	struct super_block *sb = file_inode(filp)->i_sb;
1098 
1099 	if (!capable(CAP_SYS_ADMIN))
1100 		return -EPERM;
1101 
1102 	/*
1103 	 * Copy the maximum length allowed for ext4 label with one more to
1104 	 * find the required terminating null byte in order to test the
1105 	 * label length. The on disk label doesn't need to be null terminated.
1106 	 */
1107 	if (copy_from_user(new_label, user_label, EXT4_LABEL_MAX + 1))
1108 		return -EFAULT;
1109 
1110 	len = strnlen(new_label, EXT4_LABEL_MAX + 1);
1111 	if (len > EXT4_LABEL_MAX)
1112 		return -EINVAL;
1113 
1114 	/*
1115 	 * Clear the buffer after the new label
1116 	 */
1117 	memset(new_label + len, 0, EXT4_LABEL_MAX - len);
1118 
1119 	ret = mnt_want_write_file(filp);
1120 	if (ret)
1121 		return ret;
1122 
1123 	ret = ext4_update_superblocks_fn(sb, ext4_sb_setlabel, new_label);
1124 
1125 	mnt_drop_write_file(filp);
1126 	return ret;
1127 }
1128 
1129 static int ext4_ioctl_getlabel(struct ext4_sb_info *sbi, char __user *user_label)
1130 {
1131 	char label[EXT4_LABEL_MAX + 1];
1132 
1133 	/*
1134 	 * EXT4_LABEL_MAX must always be smaller than FSLABEL_MAX because
1135 	 * FSLABEL_MAX must include terminating null byte, while s_volume_name
1136 	 * does not have to.
1137 	 */
1138 	BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX);
1139 
1140 	memset(label, 0, sizeof(label));
1141 	lock_buffer(sbi->s_sbh);
1142 	strncpy(label, sbi->s_es->s_volume_name, EXT4_LABEL_MAX);
1143 	unlock_buffer(sbi->s_sbh);
1144 
1145 	if (copy_to_user(user_label, label, sizeof(label)))
1146 		return -EFAULT;
1147 	return 0;
1148 }
1149 
1150 static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1151 {
1152 	struct inode *inode = file_inode(filp);
1153 	struct super_block *sb = inode->i_sb;
1154 	struct user_namespace *mnt_userns = file_mnt_user_ns(filp);
1155 
1156 	ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
1157 
1158 	switch (cmd) {
1159 	case FS_IOC_GETFSMAP:
1160 		return ext4_ioc_getfsmap(sb, (void __user *)arg);
1161 	case EXT4_IOC_GETVERSION:
1162 	case EXT4_IOC_GETVERSION_OLD:
1163 		return put_user(inode->i_generation, (int __user *) arg);
1164 	case EXT4_IOC_SETVERSION:
1165 	case EXT4_IOC_SETVERSION_OLD: {
1166 		handle_t *handle;
1167 		struct ext4_iloc iloc;
1168 		__u32 generation;
1169 		int err;
1170 
1171 		if (!inode_owner_or_capable(mnt_userns, inode))
1172 			return -EPERM;
1173 
1174 		if (ext4_has_metadata_csum(inode->i_sb)) {
1175 			ext4_warning(sb, "Setting inode version is not "
1176 				     "supported with metadata_csum enabled.");
1177 			return -ENOTTY;
1178 		}
1179 
1180 		err = mnt_want_write_file(filp);
1181 		if (err)
1182 			return err;
1183 		if (get_user(generation, (int __user *) arg)) {
1184 			err = -EFAULT;
1185 			goto setversion_out;
1186 		}
1187 
1188 		inode_lock(inode);
1189 		handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
1190 		if (IS_ERR(handle)) {
1191 			err = PTR_ERR(handle);
1192 			goto unlock_out;
1193 		}
1194 		err = ext4_reserve_inode_write(handle, inode, &iloc);
1195 		if (err == 0) {
1196 			inode->i_ctime = current_time(inode);
1197 			inode->i_generation = generation;
1198 			err = ext4_mark_iloc_dirty(handle, inode, &iloc);
1199 		}
1200 		ext4_journal_stop(handle);
1201 
1202 unlock_out:
1203 		inode_unlock(inode);
1204 setversion_out:
1205 		mnt_drop_write_file(filp);
1206 		return err;
1207 	}
1208 	case EXT4_IOC_GROUP_EXTEND: {
1209 		ext4_fsblk_t n_blocks_count;
1210 		int err, err2=0;
1211 
1212 		err = ext4_resize_begin(sb);
1213 		if (err)
1214 			return err;
1215 
1216 		if (get_user(n_blocks_count, (__u32 __user *)arg)) {
1217 			err = -EFAULT;
1218 			goto group_extend_out;
1219 		}
1220 
1221 		if (ext4_has_feature_bigalloc(sb)) {
1222 			ext4_msg(sb, KERN_ERR,
1223 				 "Online resizing not supported with bigalloc");
1224 			err = -EOPNOTSUPP;
1225 			goto group_extend_out;
1226 		}
1227 
1228 		err = mnt_want_write_file(filp);
1229 		if (err)
1230 			goto group_extend_out;
1231 
1232 		err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
1233 		if (EXT4_SB(sb)->s_journal) {
1234 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1235 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1236 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1237 		}
1238 		if (err == 0)
1239 			err = err2;
1240 		mnt_drop_write_file(filp);
1241 group_extend_out:
1242 		ext4_resize_end(sb);
1243 		return err;
1244 	}
1245 
1246 	case EXT4_IOC_MOVE_EXT: {
1247 		struct move_extent me;
1248 		struct fd donor;
1249 		int err;
1250 
1251 		if (!(filp->f_mode & FMODE_READ) ||
1252 		    !(filp->f_mode & FMODE_WRITE))
1253 			return -EBADF;
1254 
1255 		if (copy_from_user(&me,
1256 			(struct move_extent __user *)arg, sizeof(me)))
1257 			return -EFAULT;
1258 		me.moved_len = 0;
1259 
1260 		donor = fdget(me.donor_fd);
1261 		if (!donor.file)
1262 			return -EBADF;
1263 
1264 		if (!(donor.file->f_mode & FMODE_WRITE)) {
1265 			err = -EBADF;
1266 			goto mext_out;
1267 		}
1268 
1269 		if (ext4_has_feature_bigalloc(sb)) {
1270 			ext4_msg(sb, KERN_ERR,
1271 				 "Online defrag not supported with bigalloc");
1272 			err = -EOPNOTSUPP;
1273 			goto mext_out;
1274 		} else if (IS_DAX(inode)) {
1275 			ext4_msg(sb, KERN_ERR,
1276 				 "Online defrag not supported with DAX");
1277 			err = -EOPNOTSUPP;
1278 			goto mext_out;
1279 		}
1280 
1281 		err = mnt_want_write_file(filp);
1282 		if (err)
1283 			goto mext_out;
1284 
1285 		err = ext4_move_extents(filp, donor.file, me.orig_start,
1286 					me.donor_start, me.len, &me.moved_len);
1287 		mnt_drop_write_file(filp);
1288 
1289 		if (copy_to_user((struct move_extent __user *)arg,
1290 				 &me, sizeof(me)))
1291 			err = -EFAULT;
1292 mext_out:
1293 		fdput(donor);
1294 		return err;
1295 	}
1296 
1297 	case EXT4_IOC_GROUP_ADD: {
1298 		struct ext4_new_group_data input;
1299 
1300 		if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
1301 				sizeof(input)))
1302 			return -EFAULT;
1303 
1304 		return ext4_ioctl_group_add(filp, &input);
1305 	}
1306 
1307 	case EXT4_IOC_MIGRATE:
1308 	{
1309 		int err;
1310 		if (!inode_owner_or_capable(mnt_userns, inode))
1311 			return -EACCES;
1312 
1313 		err = mnt_want_write_file(filp);
1314 		if (err)
1315 			return err;
1316 		/*
1317 		 * inode_mutex prevent write and truncate on the file.
1318 		 * Read still goes through. We take i_data_sem in
1319 		 * ext4_ext_swap_inode_data before we switch the
1320 		 * inode format to prevent read.
1321 		 */
1322 		inode_lock((inode));
1323 		err = ext4_ext_migrate(inode);
1324 		inode_unlock((inode));
1325 		mnt_drop_write_file(filp);
1326 		return err;
1327 	}
1328 
1329 	case EXT4_IOC_ALLOC_DA_BLKS:
1330 	{
1331 		int err;
1332 		if (!inode_owner_or_capable(mnt_userns, inode))
1333 			return -EACCES;
1334 
1335 		err = mnt_want_write_file(filp);
1336 		if (err)
1337 			return err;
1338 		err = ext4_alloc_da_blocks(inode);
1339 		mnt_drop_write_file(filp);
1340 		return err;
1341 	}
1342 
1343 	case EXT4_IOC_SWAP_BOOT:
1344 	{
1345 		int err;
1346 		if (!(filp->f_mode & FMODE_WRITE))
1347 			return -EBADF;
1348 		err = mnt_want_write_file(filp);
1349 		if (err)
1350 			return err;
1351 		err = swap_inode_boot_loader(sb, mnt_userns, inode);
1352 		mnt_drop_write_file(filp);
1353 		return err;
1354 	}
1355 
1356 	case EXT4_IOC_RESIZE_FS: {
1357 		ext4_fsblk_t n_blocks_count;
1358 		int err = 0, err2 = 0;
1359 		ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
1360 
1361 		if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1362 				   sizeof(__u64))) {
1363 			return -EFAULT;
1364 		}
1365 
1366 		err = ext4_resize_begin(sb);
1367 		if (err)
1368 			return err;
1369 
1370 		err = mnt_want_write_file(filp);
1371 		if (err)
1372 			goto resizefs_out;
1373 
1374 		err = ext4_resize_fs(sb, n_blocks_count);
1375 		if (EXT4_SB(sb)->s_journal) {
1376 			ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE, NULL);
1377 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1378 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1379 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1380 		}
1381 		if (err == 0)
1382 			err = err2;
1383 		mnt_drop_write_file(filp);
1384 		if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1385 		    ext4_has_group_desc_csum(sb) &&
1386 		    test_opt(sb, INIT_INODE_TABLE))
1387 			err = ext4_register_li_request(sb, o_group);
1388 
1389 resizefs_out:
1390 		ext4_resize_end(sb);
1391 		return err;
1392 	}
1393 
1394 	case FITRIM:
1395 	{
1396 		struct request_queue *q = bdev_get_queue(sb->s_bdev);
1397 		struct fstrim_range range;
1398 		int ret = 0;
1399 
1400 		if (!capable(CAP_SYS_ADMIN))
1401 			return -EPERM;
1402 
1403 		if (!blk_queue_discard(q))
1404 			return -EOPNOTSUPP;
1405 
1406 		/*
1407 		 * We haven't replayed the journal, so we cannot use our
1408 		 * block-bitmap-guided storage zapping commands.
1409 		 */
1410 		if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1411 			return -EROFS;
1412 
1413 		if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1414 		    sizeof(range)))
1415 			return -EFAULT;
1416 
1417 		ret = ext4_trim_fs(sb, &range);
1418 		if (ret < 0)
1419 			return ret;
1420 
1421 		if (copy_to_user((struct fstrim_range __user *)arg, &range,
1422 		    sizeof(range)))
1423 			return -EFAULT;
1424 
1425 		return 0;
1426 	}
1427 	case EXT4_IOC_PRECACHE_EXTENTS:
1428 		return ext4_ext_precache(inode);
1429 
1430 	case FS_IOC_SET_ENCRYPTION_POLICY:
1431 		if (!ext4_has_feature_encrypt(sb))
1432 			return -EOPNOTSUPP;
1433 		return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1434 
1435 	case FS_IOC_GET_ENCRYPTION_PWSALT: {
1436 #ifdef CONFIG_FS_ENCRYPTION
1437 		int err, err2;
1438 		struct ext4_sb_info *sbi = EXT4_SB(sb);
1439 		handle_t *handle;
1440 
1441 		if (!ext4_has_feature_encrypt(sb))
1442 			return -EOPNOTSUPP;
1443 		if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
1444 			err = mnt_want_write_file(filp);
1445 			if (err)
1446 				return err;
1447 			handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
1448 			if (IS_ERR(handle)) {
1449 				err = PTR_ERR(handle);
1450 				goto pwsalt_err_exit;
1451 			}
1452 			err = ext4_journal_get_write_access(handle, sb,
1453 							    sbi->s_sbh,
1454 							    EXT4_JTR_NONE);
1455 			if (err)
1456 				goto pwsalt_err_journal;
1457 			lock_buffer(sbi->s_sbh);
1458 			generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
1459 			ext4_superblock_csum_set(sb);
1460 			unlock_buffer(sbi->s_sbh);
1461 			err = ext4_handle_dirty_metadata(handle, NULL,
1462 							 sbi->s_sbh);
1463 		pwsalt_err_journal:
1464 			err2 = ext4_journal_stop(handle);
1465 			if (err2 && !err)
1466 				err = err2;
1467 		pwsalt_err_exit:
1468 			mnt_drop_write_file(filp);
1469 			if (err)
1470 				return err;
1471 		}
1472 		if (copy_to_user((void __user *) arg,
1473 				 sbi->s_es->s_encrypt_pw_salt, 16))
1474 			return -EFAULT;
1475 		return 0;
1476 #else
1477 		return -EOPNOTSUPP;
1478 #endif
1479 	}
1480 	case FS_IOC_GET_ENCRYPTION_POLICY:
1481 		if (!ext4_has_feature_encrypt(sb))
1482 			return -EOPNOTSUPP;
1483 		return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1484 
1485 	case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1486 		if (!ext4_has_feature_encrypt(sb))
1487 			return -EOPNOTSUPP;
1488 		return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg);
1489 
1490 	case FS_IOC_ADD_ENCRYPTION_KEY:
1491 		if (!ext4_has_feature_encrypt(sb))
1492 			return -EOPNOTSUPP;
1493 		return fscrypt_ioctl_add_key(filp, (void __user *)arg);
1494 
1495 	case FS_IOC_REMOVE_ENCRYPTION_KEY:
1496 		if (!ext4_has_feature_encrypt(sb))
1497 			return -EOPNOTSUPP;
1498 		return fscrypt_ioctl_remove_key(filp, (void __user *)arg);
1499 
1500 	case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1501 		if (!ext4_has_feature_encrypt(sb))
1502 			return -EOPNOTSUPP;
1503 		return fscrypt_ioctl_remove_key_all_users(filp,
1504 							  (void __user *)arg);
1505 	case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1506 		if (!ext4_has_feature_encrypt(sb))
1507 			return -EOPNOTSUPP;
1508 		return fscrypt_ioctl_get_key_status(filp, (void __user *)arg);
1509 
1510 	case FS_IOC_GET_ENCRYPTION_NONCE:
1511 		if (!ext4_has_feature_encrypt(sb))
1512 			return -EOPNOTSUPP;
1513 		return fscrypt_ioctl_get_nonce(filp, (void __user *)arg);
1514 
1515 	case EXT4_IOC_CLEAR_ES_CACHE:
1516 	{
1517 		if (!inode_owner_or_capable(mnt_userns, inode))
1518 			return -EACCES;
1519 		ext4_clear_inode_es(inode);
1520 		return 0;
1521 	}
1522 
1523 	case EXT4_IOC_GETSTATE:
1524 	{
1525 		__u32	state = 0;
1526 
1527 		if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED))
1528 			state |= EXT4_STATE_FLAG_EXT_PRECACHED;
1529 		if (ext4_test_inode_state(inode, EXT4_STATE_NEW))
1530 			state |= EXT4_STATE_FLAG_NEW;
1531 		if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
1532 			state |= EXT4_STATE_FLAG_NEWENTRY;
1533 		if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE))
1534 			state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE;
1535 
1536 		return put_user(state, (__u32 __user *) arg);
1537 	}
1538 
1539 	case EXT4_IOC_GET_ES_CACHE:
1540 		return ext4_ioctl_get_es_cache(filp, arg);
1541 
1542 	case EXT4_IOC_SHUTDOWN:
1543 		return ext4_shutdown(sb, arg);
1544 
1545 	case FS_IOC_ENABLE_VERITY:
1546 		if (!ext4_has_feature_verity(sb))
1547 			return -EOPNOTSUPP;
1548 		return fsverity_ioctl_enable(filp, (const void __user *)arg);
1549 
1550 	case FS_IOC_MEASURE_VERITY:
1551 		if (!ext4_has_feature_verity(sb))
1552 			return -EOPNOTSUPP;
1553 		return fsverity_ioctl_measure(filp, (void __user *)arg);
1554 
1555 	case FS_IOC_READ_VERITY_METADATA:
1556 		if (!ext4_has_feature_verity(sb))
1557 			return -EOPNOTSUPP;
1558 		return fsverity_ioctl_read_metadata(filp,
1559 						    (const void __user *)arg);
1560 
1561 	case EXT4_IOC_CHECKPOINT:
1562 		return ext4_ioctl_checkpoint(filp, arg);
1563 
1564 	case FS_IOC_GETFSLABEL:
1565 		return ext4_ioctl_getlabel(EXT4_SB(sb), (void __user *)arg);
1566 
1567 	case FS_IOC_SETFSLABEL:
1568 		return ext4_ioctl_setlabel(filp,
1569 					   (const void __user *)arg);
1570 
1571 	default:
1572 		return -ENOTTY;
1573 	}
1574 }
1575 
1576 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1577 {
1578 	return __ext4_ioctl(filp, cmd, arg);
1579 }
1580 
1581 #ifdef CONFIG_COMPAT
1582 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1583 {
1584 	/* These are just misnamed, they actually get/put from/to user an int */
1585 	switch (cmd) {
1586 	case EXT4_IOC32_GETVERSION:
1587 		cmd = EXT4_IOC_GETVERSION;
1588 		break;
1589 	case EXT4_IOC32_SETVERSION:
1590 		cmd = EXT4_IOC_SETVERSION;
1591 		break;
1592 	case EXT4_IOC32_GROUP_EXTEND:
1593 		cmd = EXT4_IOC_GROUP_EXTEND;
1594 		break;
1595 	case EXT4_IOC32_GETVERSION_OLD:
1596 		cmd = EXT4_IOC_GETVERSION_OLD;
1597 		break;
1598 	case EXT4_IOC32_SETVERSION_OLD:
1599 		cmd = EXT4_IOC_SETVERSION_OLD;
1600 		break;
1601 	case EXT4_IOC32_GETRSVSZ:
1602 		cmd = EXT4_IOC_GETRSVSZ;
1603 		break;
1604 	case EXT4_IOC32_SETRSVSZ:
1605 		cmd = EXT4_IOC_SETRSVSZ;
1606 		break;
1607 	case EXT4_IOC32_GROUP_ADD: {
1608 		struct compat_ext4_new_group_input __user *uinput;
1609 		struct ext4_new_group_data input;
1610 		int err;
1611 
1612 		uinput = compat_ptr(arg);
1613 		err = get_user(input.group, &uinput->group);
1614 		err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1615 		err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1616 		err |= get_user(input.inode_table, &uinput->inode_table);
1617 		err |= get_user(input.blocks_count, &uinput->blocks_count);
1618 		err |= get_user(input.reserved_blocks,
1619 				&uinput->reserved_blocks);
1620 		if (err)
1621 			return -EFAULT;
1622 		return ext4_ioctl_group_add(file, &input);
1623 	}
1624 	case EXT4_IOC_MOVE_EXT:
1625 	case EXT4_IOC_RESIZE_FS:
1626 	case FITRIM:
1627 	case EXT4_IOC_PRECACHE_EXTENTS:
1628 	case FS_IOC_SET_ENCRYPTION_POLICY:
1629 	case FS_IOC_GET_ENCRYPTION_PWSALT:
1630 	case FS_IOC_GET_ENCRYPTION_POLICY:
1631 	case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1632 	case FS_IOC_ADD_ENCRYPTION_KEY:
1633 	case FS_IOC_REMOVE_ENCRYPTION_KEY:
1634 	case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1635 	case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1636 	case FS_IOC_GET_ENCRYPTION_NONCE:
1637 	case EXT4_IOC_SHUTDOWN:
1638 	case FS_IOC_GETFSMAP:
1639 	case FS_IOC_ENABLE_VERITY:
1640 	case FS_IOC_MEASURE_VERITY:
1641 	case FS_IOC_READ_VERITY_METADATA:
1642 	case EXT4_IOC_CLEAR_ES_CACHE:
1643 	case EXT4_IOC_GETSTATE:
1644 	case EXT4_IOC_GET_ES_CACHE:
1645 	case EXT4_IOC_CHECKPOINT:
1646 	case FS_IOC_GETFSLABEL:
1647 	case FS_IOC_SETFSLABEL:
1648 		break;
1649 	default:
1650 		return -ENOIOCTLCMD;
1651 	}
1652 	return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1653 }
1654 #endif
1655