1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/ioctl.c 4 * 5 * Copyright (C) 1993, 1994, 1995 6 * Remy Card (card@masi.ibp.fr) 7 * Laboratoire MASI - Institut Blaise Pascal 8 * Universite Pierre et Marie Curie (Paris VI) 9 */ 10 11 #include <linux/fs.h> 12 #include <linux/capability.h> 13 #include <linux/time.h> 14 #include <linux/compat.h> 15 #include <linux/mount.h> 16 #include <linux/file.h> 17 #include <linux/quotaops.h> 18 #include <linux/random.h> 19 #include <linux/uuid.h> 20 #include <linux/uaccess.h> 21 #include <linux/delay.h> 22 #include <linux/iversion.h> 23 #include "ext4_jbd2.h" 24 #include "ext4.h" 25 #include <linux/fsmap.h> 26 #include "fsmap.h" 27 #include <trace/events/ext4.h> 28 29 /** 30 * Swap memory between @a and @b for @len bytes. 31 * 32 * @a: pointer to first memory area 33 * @b: pointer to second memory area 34 * @len: number of bytes to swap 35 * 36 */ 37 static void memswap(void *a, void *b, size_t len) 38 { 39 unsigned char *ap, *bp; 40 41 ap = (unsigned char *)a; 42 bp = (unsigned char *)b; 43 while (len-- > 0) { 44 swap(*ap, *bp); 45 ap++; 46 bp++; 47 } 48 } 49 50 /** 51 * Swap i_data and associated attributes between @inode1 and @inode2. 52 * This function is used for the primary swap between inode1 and inode2 53 * and also to revert this primary swap in case of errors. 54 * 55 * Therefore you have to make sure, that calling this method twice 56 * will revert all changes. 57 * 58 * @inode1: pointer to first inode 59 * @inode2: pointer to second inode 60 */ 61 static void swap_inode_data(struct inode *inode1, struct inode *inode2) 62 { 63 loff_t isize; 64 struct ext4_inode_info *ei1; 65 struct ext4_inode_info *ei2; 66 unsigned long tmp; 67 68 ei1 = EXT4_I(inode1); 69 ei2 = EXT4_I(inode2); 70 71 swap(inode1->i_version, inode2->i_version); 72 swap(inode1->i_atime, inode2->i_atime); 73 swap(inode1->i_mtime, inode2->i_mtime); 74 75 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data)); 76 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP; 77 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) | 78 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP); 79 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP); 80 swap(ei1->i_disksize, ei2->i_disksize); 81 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS); 82 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS); 83 84 isize = i_size_read(inode1); 85 i_size_write(inode1, i_size_read(inode2)); 86 i_size_write(inode2, isize); 87 } 88 89 static void reset_inode_seed(struct inode *inode) 90 { 91 struct ext4_inode_info *ei = EXT4_I(inode); 92 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); 93 __le32 inum = cpu_to_le32(inode->i_ino); 94 __le32 gen = cpu_to_le32(inode->i_generation); 95 __u32 csum; 96 97 if (!ext4_has_metadata_csum(inode->i_sb)) 98 return; 99 100 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum)); 101 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen)); 102 } 103 104 /** 105 * Swap the information from the given @inode and the inode 106 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other 107 * important fields of the inodes. 108 * 109 * @sb: the super block of the filesystem 110 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO 111 * 112 */ 113 static long swap_inode_boot_loader(struct super_block *sb, 114 struct inode *inode) 115 { 116 handle_t *handle; 117 int err; 118 struct inode *inode_bl; 119 struct ext4_inode_info *ei_bl; 120 qsize_t size, size_bl, diff; 121 blkcnt_t blocks; 122 unsigned short bytes; 123 124 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL); 125 if (IS_ERR(inode_bl)) 126 return PTR_ERR(inode_bl); 127 ei_bl = EXT4_I(inode_bl); 128 129 /* Protect orig inodes against a truncate and make sure, 130 * that only 1 swap_inode_boot_loader is running. */ 131 lock_two_nondirectories(inode, inode_bl); 132 133 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) || 134 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) || 135 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) || 136 ext4_has_inline_data(inode)) { 137 err = -EINVAL; 138 goto journal_err_out; 139 } 140 141 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) || 142 !inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) { 143 err = -EPERM; 144 goto journal_err_out; 145 } 146 147 down_write(&EXT4_I(inode)->i_mmap_sem); 148 err = filemap_write_and_wait(inode->i_mapping); 149 if (err) 150 goto err_out; 151 152 err = filemap_write_and_wait(inode_bl->i_mapping); 153 if (err) 154 goto err_out; 155 156 /* Wait for all existing dio workers */ 157 inode_dio_wait(inode); 158 inode_dio_wait(inode_bl); 159 160 truncate_inode_pages(&inode->i_data, 0); 161 truncate_inode_pages(&inode_bl->i_data, 0); 162 163 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2); 164 if (IS_ERR(handle)) { 165 err = -EINVAL; 166 goto err_out; 167 } 168 169 /* Protect extent tree against block allocations via delalloc */ 170 ext4_double_down_write_data_sem(inode, inode_bl); 171 172 if (inode_bl->i_nlink == 0) { 173 /* this inode has never been used as a BOOT_LOADER */ 174 set_nlink(inode_bl, 1); 175 i_uid_write(inode_bl, 0); 176 i_gid_write(inode_bl, 0); 177 inode_bl->i_flags = 0; 178 ei_bl->i_flags = 0; 179 inode_set_iversion(inode_bl, 1); 180 i_size_write(inode_bl, 0); 181 inode_bl->i_mode = S_IFREG; 182 if (ext4_has_feature_extents(sb)) { 183 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS); 184 ext4_ext_tree_init(handle, inode_bl); 185 } else 186 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data)); 187 } 188 189 err = dquot_initialize(inode); 190 if (err) 191 goto err_out1; 192 193 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes; 194 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes; 195 diff = size - size_bl; 196 swap_inode_data(inode, inode_bl); 197 198 inode->i_ctime = inode_bl->i_ctime = current_time(inode); 199 200 inode->i_generation = prandom_u32(); 201 inode_bl->i_generation = prandom_u32(); 202 reset_inode_seed(inode); 203 reset_inode_seed(inode_bl); 204 205 ext4_discard_preallocations(inode); 206 207 err = ext4_mark_inode_dirty(handle, inode); 208 if (err < 0) { 209 /* No need to update quota information. */ 210 ext4_warning(inode->i_sb, 211 "couldn't mark inode #%lu dirty (err %d)", 212 inode->i_ino, err); 213 /* Revert all changes: */ 214 swap_inode_data(inode, inode_bl); 215 ext4_mark_inode_dirty(handle, inode); 216 goto err_out1; 217 } 218 219 blocks = inode_bl->i_blocks; 220 bytes = inode_bl->i_bytes; 221 inode_bl->i_blocks = inode->i_blocks; 222 inode_bl->i_bytes = inode->i_bytes; 223 err = ext4_mark_inode_dirty(handle, inode_bl); 224 if (err < 0) { 225 /* No need to update quota information. */ 226 ext4_warning(inode_bl->i_sb, 227 "couldn't mark inode #%lu dirty (err %d)", 228 inode_bl->i_ino, err); 229 goto revert; 230 } 231 232 /* Bootloader inode should not be counted into quota information. */ 233 if (diff > 0) 234 dquot_free_space(inode, diff); 235 else 236 err = dquot_alloc_space(inode, -1 * diff); 237 238 if (err < 0) { 239 revert: 240 /* Revert all changes: */ 241 inode_bl->i_blocks = blocks; 242 inode_bl->i_bytes = bytes; 243 swap_inode_data(inode, inode_bl); 244 ext4_mark_inode_dirty(handle, inode); 245 ext4_mark_inode_dirty(handle, inode_bl); 246 } 247 248 err_out1: 249 ext4_journal_stop(handle); 250 ext4_double_up_write_data_sem(inode, inode_bl); 251 252 err_out: 253 up_write(&EXT4_I(inode)->i_mmap_sem); 254 journal_err_out: 255 unlock_two_nondirectories(inode, inode_bl); 256 iput(inode_bl); 257 return err; 258 } 259 260 #ifdef CONFIG_FS_ENCRYPTION 261 static int uuid_is_zero(__u8 u[16]) 262 { 263 int i; 264 265 for (i = 0; i < 16; i++) 266 if (u[i]) 267 return 0; 268 return 1; 269 } 270 #endif 271 272 static int ext4_ioctl_setflags(struct inode *inode, 273 unsigned int flags) 274 { 275 struct ext4_inode_info *ei = EXT4_I(inode); 276 handle_t *handle = NULL; 277 int err = -EPERM, migrate = 0; 278 struct ext4_iloc iloc; 279 unsigned int oldflags, mask, i; 280 unsigned int jflag; 281 struct super_block *sb = inode->i_sb; 282 283 /* Is it quota file? Do not allow user to mess with it */ 284 if (ext4_is_quota_file(inode)) 285 goto flags_out; 286 287 oldflags = ei->i_flags; 288 289 /* The JOURNAL_DATA flag is modifiable only by root */ 290 jflag = flags & EXT4_JOURNAL_DATA_FL; 291 292 /* 293 * The IMMUTABLE and APPEND_ONLY flags can only be changed by 294 * the relevant capability. 295 * 296 * This test looks nicer. Thanks to Pauline Middelink 297 */ 298 if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) { 299 if (!capable(CAP_LINUX_IMMUTABLE)) 300 goto flags_out; 301 } 302 303 /* 304 * The JOURNAL_DATA flag can only be changed by 305 * the relevant capability. 306 */ 307 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 308 if (!capable(CAP_SYS_RESOURCE)) 309 goto flags_out; 310 } 311 if ((flags ^ oldflags) & EXT4_EXTENTS_FL) 312 migrate = 1; 313 314 if (flags & EXT4_EOFBLOCKS_FL) { 315 /* we don't support adding EOFBLOCKS flag */ 316 if (!(oldflags & EXT4_EOFBLOCKS_FL)) { 317 err = -EOPNOTSUPP; 318 goto flags_out; 319 } 320 } else if (oldflags & EXT4_EOFBLOCKS_FL) { 321 err = ext4_truncate(inode); 322 if (err) 323 goto flags_out; 324 } 325 326 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) { 327 if (!ext4_has_feature_casefold(sb)) { 328 err = -EOPNOTSUPP; 329 goto flags_out; 330 } 331 332 if (!S_ISDIR(inode->i_mode)) { 333 err = -ENOTDIR; 334 goto flags_out; 335 } 336 337 if (!ext4_empty_dir(inode)) { 338 err = -ENOTEMPTY; 339 goto flags_out; 340 } 341 } 342 343 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 344 if (IS_ERR(handle)) { 345 err = PTR_ERR(handle); 346 goto flags_out; 347 } 348 if (IS_SYNC(inode)) 349 ext4_handle_sync(handle); 350 err = ext4_reserve_inode_write(handle, inode, &iloc); 351 if (err) 352 goto flags_err; 353 354 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) { 355 if (!(mask & EXT4_FL_USER_MODIFIABLE)) 356 continue; 357 /* These flags get special treatment later */ 358 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL) 359 continue; 360 if (mask & flags) 361 ext4_set_inode_flag(inode, i); 362 else 363 ext4_clear_inode_flag(inode, i); 364 } 365 366 ext4_set_inode_flags(inode); 367 inode->i_ctime = current_time(inode); 368 369 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 370 flags_err: 371 ext4_journal_stop(handle); 372 if (err) 373 goto flags_out; 374 375 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 376 /* 377 * Changes to the journaling mode can cause unsafe changes to 378 * S_DAX if we are using the DAX mount option. 379 */ 380 if (test_opt(inode->i_sb, DAX)) { 381 err = -EBUSY; 382 goto flags_out; 383 } 384 385 err = ext4_change_inode_journal_flag(inode, jflag); 386 if (err) 387 goto flags_out; 388 } 389 if (migrate) { 390 if (flags & EXT4_EXTENTS_FL) 391 err = ext4_ext_migrate(inode); 392 else 393 err = ext4_ind_migrate(inode); 394 } 395 396 flags_out: 397 return err; 398 } 399 400 #ifdef CONFIG_QUOTA 401 static int ext4_ioctl_setproject(struct file *filp, __u32 projid) 402 { 403 struct inode *inode = file_inode(filp); 404 struct super_block *sb = inode->i_sb; 405 struct ext4_inode_info *ei = EXT4_I(inode); 406 int err, rc; 407 handle_t *handle; 408 kprojid_t kprojid; 409 struct ext4_iloc iloc; 410 struct ext4_inode *raw_inode; 411 struct dquot *transfer_to[MAXQUOTAS] = { }; 412 413 if (!ext4_has_feature_project(sb)) { 414 if (projid != EXT4_DEF_PROJID) 415 return -EOPNOTSUPP; 416 else 417 return 0; 418 } 419 420 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE) 421 return -EOPNOTSUPP; 422 423 kprojid = make_kprojid(&init_user_ns, (projid_t)projid); 424 425 if (projid_eq(kprojid, EXT4_I(inode)->i_projid)) 426 return 0; 427 428 err = -EPERM; 429 /* Is it quota file? Do not allow user to mess with it */ 430 if (ext4_is_quota_file(inode)) 431 return err; 432 433 err = ext4_get_inode_loc(inode, &iloc); 434 if (err) 435 return err; 436 437 raw_inode = ext4_raw_inode(&iloc); 438 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) { 439 err = ext4_expand_extra_isize(inode, 440 EXT4_SB(sb)->s_want_extra_isize, 441 &iloc); 442 if (err) 443 return err; 444 } else { 445 brelse(iloc.bh); 446 } 447 448 err = dquot_initialize(inode); 449 if (err) 450 return err; 451 452 handle = ext4_journal_start(inode, EXT4_HT_QUOTA, 453 EXT4_QUOTA_INIT_BLOCKS(sb) + 454 EXT4_QUOTA_DEL_BLOCKS(sb) + 3); 455 if (IS_ERR(handle)) 456 return PTR_ERR(handle); 457 458 err = ext4_reserve_inode_write(handle, inode, &iloc); 459 if (err) 460 goto out_stop; 461 462 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid)); 463 if (!IS_ERR(transfer_to[PRJQUOTA])) { 464 465 /* __dquot_transfer() calls back ext4_get_inode_usage() which 466 * counts xattr inode references. 467 */ 468 down_read(&EXT4_I(inode)->xattr_sem); 469 err = __dquot_transfer(inode, transfer_to); 470 up_read(&EXT4_I(inode)->xattr_sem); 471 dqput(transfer_to[PRJQUOTA]); 472 if (err) 473 goto out_dirty; 474 } 475 476 EXT4_I(inode)->i_projid = kprojid; 477 inode->i_ctime = current_time(inode); 478 out_dirty: 479 rc = ext4_mark_iloc_dirty(handle, inode, &iloc); 480 if (!err) 481 err = rc; 482 out_stop: 483 ext4_journal_stop(handle); 484 return err; 485 } 486 #else 487 static int ext4_ioctl_setproject(struct file *filp, __u32 projid) 488 { 489 if (projid != EXT4_DEF_PROJID) 490 return -EOPNOTSUPP; 491 return 0; 492 } 493 #endif 494 495 /* Transfer internal flags to xflags */ 496 static inline __u32 ext4_iflags_to_xflags(unsigned long iflags) 497 { 498 __u32 xflags = 0; 499 500 if (iflags & EXT4_SYNC_FL) 501 xflags |= FS_XFLAG_SYNC; 502 if (iflags & EXT4_IMMUTABLE_FL) 503 xflags |= FS_XFLAG_IMMUTABLE; 504 if (iflags & EXT4_APPEND_FL) 505 xflags |= FS_XFLAG_APPEND; 506 if (iflags & EXT4_NODUMP_FL) 507 xflags |= FS_XFLAG_NODUMP; 508 if (iflags & EXT4_NOATIME_FL) 509 xflags |= FS_XFLAG_NOATIME; 510 if (iflags & EXT4_PROJINHERIT_FL) 511 xflags |= FS_XFLAG_PROJINHERIT; 512 return xflags; 513 } 514 515 #define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \ 516 FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \ 517 FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT) 518 519 /* Transfer xflags flags to internal */ 520 static inline unsigned long ext4_xflags_to_iflags(__u32 xflags) 521 { 522 unsigned long iflags = 0; 523 524 if (xflags & FS_XFLAG_SYNC) 525 iflags |= EXT4_SYNC_FL; 526 if (xflags & FS_XFLAG_IMMUTABLE) 527 iflags |= EXT4_IMMUTABLE_FL; 528 if (xflags & FS_XFLAG_APPEND) 529 iflags |= EXT4_APPEND_FL; 530 if (xflags & FS_XFLAG_NODUMP) 531 iflags |= EXT4_NODUMP_FL; 532 if (xflags & FS_XFLAG_NOATIME) 533 iflags |= EXT4_NOATIME_FL; 534 if (xflags & FS_XFLAG_PROJINHERIT) 535 iflags |= EXT4_PROJINHERIT_FL; 536 537 return iflags; 538 } 539 540 static int ext4_shutdown(struct super_block *sb, unsigned long arg) 541 { 542 struct ext4_sb_info *sbi = EXT4_SB(sb); 543 __u32 flags; 544 545 if (!capable(CAP_SYS_ADMIN)) 546 return -EPERM; 547 548 if (get_user(flags, (__u32 __user *)arg)) 549 return -EFAULT; 550 551 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH) 552 return -EINVAL; 553 554 if (ext4_forced_shutdown(sbi)) 555 return 0; 556 557 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags); 558 trace_ext4_shutdown(sb, flags); 559 560 switch (flags) { 561 case EXT4_GOING_FLAGS_DEFAULT: 562 freeze_bdev(sb->s_bdev); 563 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 564 thaw_bdev(sb->s_bdev, sb); 565 break; 566 case EXT4_GOING_FLAGS_LOGFLUSH: 567 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 568 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { 569 (void) ext4_force_commit(sb); 570 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 571 } 572 break; 573 case EXT4_GOING_FLAGS_NOLOGFLUSH: 574 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 575 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) 576 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 577 break; 578 default: 579 return -EINVAL; 580 } 581 clear_opt(sb, DISCARD); 582 return 0; 583 } 584 585 struct getfsmap_info { 586 struct super_block *gi_sb; 587 struct fsmap_head __user *gi_data; 588 unsigned int gi_idx; 589 __u32 gi_last_flags; 590 }; 591 592 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv) 593 { 594 struct getfsmap_info *info = priv; 595 struct fsmap fm; 596 597 trace_ext4_getfsmap_mapping(info->gi_sb, xfm); 598 599 info->gi_last_flags = xfm->fmr_flags; 600 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm); 601 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm, 602 sizeof(struct fsmap))) 603 return -EFAULT; 604 605 return 0; 606 } 607 608 static int ext4_ioc_getfsmap(struct super_block *sb, 609 struct fsmap_head __user *arg) 610 { 611 struct getfsmap_info info = {0}; 612 struct ext4_fsmap_head xhead = {0}; 613 struct fsmap_head head; 614 bool aborted = false; 615 int error; 616 617 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) 618 return -EFAULT; 619 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || 620 memchr_inv(head.fmh_keys[0].fmr_reserved, 0, 621 sizeof(head.fmh_keys[0].fmr_reserved)) || 622 memchr_inv(head.fmh_keys[1].fmr_reserved, 0, 623 sizeof(head.fmh_keys[1].fmr_reserved))) 624 return -EINVAL; 625 /* 626 * ext4 doesn't report file extents at all, so the only valid 627 * file offsets are the magic ones (all zeroes or all ones). 628 */ 629 if (head.fmh_keys[0].fmr_offset || 630 (head.fmh_keys[1].fmr_offset != 0 && 631 head.fmh_keys[1].fmr_offset != -1ULL)) 632 return -EINVAL; 633 634 xhead.fmh_iflags = head.fmh_iflags; 635 xhead.fmh_count = head.fmh_count; 636 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]); 637 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]); 638 639 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]); 640 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]); 641 642 info.gi_sb = sb; 643 info.gi_data = arg; 644 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info); 645 if (error == EXT4_QUERY_RANGE_ABORT) { 646 error = 0; 647 aborted = true; 648 } else if (error) 649 return error; 650 651 /* If we didn't abort, set the "last" flag in the last fmx */ 652 if (!aborted && info.gi_idx) { 653 info.gi_last_flags |= FMR_OF_LAST; 654 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags, 655 &info.gi_last_flags, 656 sizeof(info.gi_last_flags))) 657 return -EFAULT; 658 } 659 660 /* copy back header */ 661 head.fmh_entries = xhead.fmh_entries; 662 head.fmh_oflags = xhead.fmh_oflags; 663 if (copy_to_user(arg, &head, sizeof(struct fsmap_head))) 664 return -EFAULT; 665 666 return 0; 667 } 668 669 static long ext4_ioctl_group_add(struct file *file, 670 struct ext4_new_group_data *input) 671 { 672 struct super_block *sb = file_inode(file)->i_sb; 673 int err, err2=0; 674 675 err = ext4_resize_begin(sb); 676 if (err) 677 return err; 678 679 if (ext4_has_feature_bigalloc(sb)) { 680 ext4_msg(sb, KERN_ERR, 681 "Online resizing not supported with bigalloc"); 682 err = -EOPNOTSUPP; 683 goto group_add_out; 684 } 685 686 err = mnt_want_write_file(file); 687 if (err) 688 goto group_add_out; 689 690 err = ext4_group_add(sb, input); 691 if (EXT4_SB(sb)->s_journal) { 692 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 693 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 694 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 695 } 696 if (err == 0) 697 err = err2; 698 mnt_drop_write_file(file); 699 if (!err && ext4_has_group_desc_csum(sb) && 700 test_opt(sb, INIT_INODE_TABLE)) 701 err = ext4_register_li_request(sb, input->group); 702 group_add_out: 703 ext4_resize_end(sb); 704 return err; 705 } 706 707 static int ext4_ioctl_check_project(struct inode *inode, struct fsxattr *fa) 708 { 709 /* 710 * Project Quota ID state is only allowed to change from within the init 711 * namespace. Enforce that restriction only if we are trying to change 712 * the quota ID state. Everything else is allowed in user namespaces. 713 */ 714 if (current_user_ns() == &init_user_ns) 715 return 0; 716 717 if (__kprojid_val(EXT4_I(inode)->i_projid) != fa->fsx_projid) 718 return -EINVAL; 719 720 if (ext4_test_inode_flag(inode, EXT4_INODE_PROJINHERIT)) { 721 if (!(fa->fsx_xflags & FS_XFLAG_PROJINHERIT)) 722 return -EINVAL; 723 } else { 724 if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT) 725 return -EINVAL; 726 } 727 728 return 0; 729 } 730 731 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 732 { 733 struct inode *inode = file_inode(filp); 734 struct super_block *sb = inode->i_sb; 735 struct ext4_inode_info *ei = EXT4_I(inode); 736 unsigned int flags; 737 738 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg); 739 740 switch (cmd) { 741 case FS_IOC_GETFSMAP: 742 return ext4_ioc_getfsmap(sb, (void __user *)arg); 743 case EXT4_IOC_GETFLAGS: 744 flags = ei->i_flags & EXT4_FL_USER_VISIBLE; 745 return put_user(flags, (int __user *) arg); 746 case EXT4_IOC_SETFLAGS: { 747 int err; 748 749 if (!inode_owner_or_capable(inode)) 750 return -EACCES; 751 752 if (get_user(flags, (int __user *) arg)) 753 return -EFAULT; 754 755 if (flags & ~EXT4_FL_USER_VISIBLE) 756 return -EOPNOTSUPP; 757 /* 758 * chattr(1) grabs flags via GETFLAGS, modifies the result and 759 * passes that to SETFLAGS. So we cannot easily make SETFLAGS 760 * more restrictive than just silently masking off visible but 761 * not settable flags as we always did. 762 */ 763 flags &= EXT4_FL_USER_MODIFIABLE; 764 if (ext4_mask_flags(inode->i_mode, flags) != flags) 765 return -EOPNOTSUPP; 766 767 err = mnt_want_write_file(filp); 768 if (err) 769 return err; 770 771 inode_lock(inode); 772 err = ext4_ioctl_setflags(inode, flags); 773 inode_unlock(inode); 774 mnt_drop_write_file(filp); 775 return err; 776 } 777 case EXT4_IOC_GETVERSION: 778 case EXT4_IOC_GETVERSION_OLD: 779 return put_user(inode->i_generation, (int __user *) arg); 780 case EXT4_IOC_SETVERSION: 781 case EXT4_IOC_SETVERSION_OLD: { 782 handle_t *handle; 783 struct ext4_iloc iloc; 784 __u32 generation; 785 int err; 786 787 if (!inode_owner_or_capable(inode)) 788 return -EPERM; 789 790 if (ext4_has_metadata_csum(inode->i_sb)) { 791 ext4_warning(sb, "Setting inode version is not " 792 "supported with metadata_csum enabled."); 793 return -ENOTTY; 794 } 795 796 err = mnt_want_write_file(filp); 797 if (err) 798 return err; 799 if (get_user(generation, (int __user *) arg)) { 800 err = -EFAULT; 801 goto setversion_out; 802 } 803 804 inode_lock(inode); 805 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 806 if (IS_ERR(handle)) { 807 err = PTR_ERR(handle); 808 goto unlock_out; 809 } 810 err = ext4_reserve_inode_write(handle, inode, &iloc); 811 if (err == 0) { 812 inode->i_ctime = current_time(inode); 813 inode->i_generation = generation; 814 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 815 } 816 ext4_journal_stop(handle); 817 818 unlock_out: 819 inode_unlock(inode); 820 setversion_out: 821 mnt_drop_write_file(filp); 822 return err; 823 } 824 case EXT4_IOC_GROUP_EXTEND: { 825 ext4_fsblk_t n_blocks_count; 826 int err, err2=0; 827 828 err = ext4_resize_begin(sb); 829 if (err) 830 return err; 831 832 if (get_user(n_blocks_count, (__u32 __user *)arg)) { 833 err = -EFAULT; 834 goto group_extend_out; 835 } 836 837 if (ext4_has_feature_bigalloc(sb)) { 838 ext4_msg(sb, KERN_ERR, 839 "Online resizing not supported with bigalloc"); 840 err = -EOPNOTSUPP; 841 goto group_extend_out; 842 } 843 844 err = mnt_want_write_file(filp); 845 if (err) 846 goto group_extend_out; 847 848 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count); 849 if (EXT4_SB(sb)->s_journal) { 850 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 851 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 852 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 853 } 854 if (err == 0) 855 err = err2; 856 mnt_drop_write_file(filp); 857 group_extend_out: 858 ext4_resize_end(sb); 859 return err; 860 } 861 862 case EXT4_IOC_MOVE_EXT: { 863 struct move_extent me; 864 struct fd donor; 865 int err; 866 867 if (!(filp->f_mode & FMODE_READ) || 868 !(filp->f_mode & FMODE_WRITE)) 869 return -EBADF; 870 871 if (copy_from_user(&me, 872 (struct move_extent __user *)arg, sizeof(me))) 873 return -EFAULT; 874 me.moved_len = 0; 875 876 donor = fdget(me.donor_fd); 877 if (!donor.file) 878 return -EBADF; 879 880 if (!(donor.file->f_mode & FMODE_WRITE)) { 881 err = -EBADF; 882 goto mext_out; 883 } 884 885 if (ext4_has_feature_bigalloc(sb)) { 886 ext4_msg(sb, KERN_ERR, 887 "Online defrag not supported with bigalloc"); 888 err = -EOPNOTSUPP; 889 goto mext_out; 890 } else if (IS_DAX(inode)) { 891 ext4_msg(sb, KERN_ERR, 892 "Online defrag not supported with DAX"); 893 err = -EOPNOTSUPP; 894 goto mext_out; 895 } 896 897 err = mnt_want_write_file(filp); 898 if (err) 899 goto mext_out; 900 901 err = ext4_move_extents(filp, donor.file, me.orig_start, 902 me.donor_start, me.len, &me.moved_len); 903 mnt_drop_write_file(filp); 904 905 if (copy_to_user((struct move_extent __user *)arg, 906 &me, sizeof(me))) 907 err = -EFAULT; 908 mext_out: 909 fdput(donor); 910 return err; 911 } 912 913 case EXT4_IOC_GROUP_ADD: { 914 struct ext4_new_group_data input; 915 916 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg, 917 sizeof(input))) 918 return -EFAULT; 919 920 return ext4_ioctl_group_add(filp, &input); 921 } 922 923 case EXT4_IOC_MIGRATE: 924 { 925 int err; 926 if (!inode_owner_or_capable(inode)) 927 return -EACCES; 928 929 err = mnt_want_write_file(filp); 930 if (err) 931 return err; 932 /* 933 * inode_mutex prevent write and truncate on the file. 934 * Read still goes through. We take i_data_sem in 935 * ext4_ext_swap_inode_data before we switch the 936 * inode format to prevent read. 937 */ 938 inode_lock((inode)); 939 err = ext4_ext_migrate(inode); 940 inode_unlock((inode)); 941 mnt_drop_write_file(filp); 942 return err; 943 } 944 945 case EXT4_IOC_ALLOC_DA_BLKS: 946 { 947 int err; 948 if (!inode_owner_or_capable(inode)) 949 return -EACCES; 950 951 err = mnt_want_write_file(filp); 952 if (err) 953 return err; 954 err = ext4_alloc_da_blocks(inode); 955 mnt_drop_write_file(filp); 956 return err; 957 } 958 959 case EXT4_IOC_SWAP_BOOT: 960 { 961 int err; 962 if (!(filp->f_mode & FMODE_WRITE)) 963 return -EBADF; 964 err = mnt_want_write_file(filp); 965 if (err) 966 return err; 967 err = swap_inode_boot_loader(sb, inode); 968 mnt_drop_write_file(filp); 969 return err; 970 } 971 972 case EXT4_IOC_RESIZE_FS: { 973 ext4_fsblk_t n_blocks_count; 974 int err = 0, err2 = 0; 975 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count; 976 977 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg, 978 sizeof(__u64))) { 979 return -EFAULT; 980 } 981 982 err = ext4_resize_begin(sb); 983 if (err) 984 return err; 985 986 err = mnt_want_write_file(filp); 987 if (err) 988 goto resizefs_out; 989 990 err = ext4_resize_fs(sb, n_blocks_count); 991 if (EXT4_SB(sb)->s_journal) { 992 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 993 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 994 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 995 } 996 if (err == 0) 997 err = err2; 998 mnt_drop_write_file(filp); 999 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) && 1000 ext4_has_group_desc_csum(sb) && 1001 test_opt(sb, INIT_INODE_TABLE)) 1002 err = ext4_register_li_request(sb, o_group); 1003 1004 resizefs_out: 1005 ext4_resize_end(sb); 1006 return err; 1007 } 1008 1009 case FITRIM: 1010 { 1011 struct request_queue *q = bdev_get_queue(sb->s_bdev); 1012 struct fstrim_range range; 1013 int ret = 0; 1014 1015 if (!capable(CAP_SYS_ADMIN)) 1016 return -EPERM; 1017 1018 if (!blk_queue_discard(q)) 1019 return -EOPNOTSUPP; 1020 1021 /* 1022 * We haven't replayed the journal, so we cannot use our 1023 * block-bitmap-guided storage zapping commands. 1024 */ 1025 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb)) 1026 return -EROFS; 1027 1028 if (copy_from_user(&range, (struct fstrim_range __user *)arg, 1029 sizeof(range))) 1030 return -EFAULT; 1031 1032 range.minlen = max((unsigned int)range.minlen, 1033 q->limits.discard_granularity); 1034 ret = ext4_trim_fs(sb, &range); 1035 if (ret < 0) 1036 return ret; 1037 1038 if (copy_to_user((struct fstrim_range __user *)arg, &range, 1039 sizeof(range))) 1040 return -EFAULT; 1041 1042 return 0; 1043 } 1044 case EXT4_IOC_PRECACHE_EXTENTS: 1045 return ext4_ext_precache(inode); 1046 1047 case EXT4_IOC_SET_ENCRYPTION_POLICY: 1048 if (!ext4_has_feature_encrypt(sb)) 1049 return -EOPNOTSUPP; 1050 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg); 1051 1052 case EXT4_IOC_GET_ENCRYPTION_PWSALT: { 1053 #ifdef CONFIG_FS_ENCRYPTION 1054 int err, err2; 1055 struct ext4_sb_info *sbi = EXT4_SB(sb); 1056 handle_t *handle; 1057 1058 if (!ext4_has_feature_encrypt(sb)) 1059 return -EOPNOTSUPP; 1060 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) { 1061 err = mnt_want_write_file(filp); 1062 if (err) 1063 return err; 1064 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1); 1065 if (IS_ERR(handle)) { 1066 err = PTR_ERR(handle); 1067 goto pwsalt_err_exit; 1068 } 1069 err = ext4_journal_get_write_access(handle, sbi->s_sbh); 1070 if (err) 1071 goto pwsalt_err_journal; 1072 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt); 1073 err = ext4_handle_dirty_metadata(handle, NULL, 1074 sbi->s_sbh); 1075 pwsalt_err_journal: 1076 err2 = ext4_journal_stop(handle); 1077 if (err2 && !err) 1078 err = err2; 1079 pwsalt_err_exit: 1080 mnt_drop_write_file(filp); 1081 if (err) 1082 return err; 1083 } 1084 if (copy_to_user((void __user *) arg, 1085 sbi->s_es->s_encrypt_pw_salt, 16)) 1086 return -EFAULT; 1087 return 0; 1088 #else 1089 return -EOPNOTSUPP; 1090 #endif 1091 } 1092 case EXT4_IOC_GET_ENCRYPTION_POLICY: 1093 return fscrypt_ioctl_get_policy(filp, (void __user *)arg); 1094 1095 case EXT4_IOC_FSGETXATTR: 1096 { 1097 struct fsxattr fa; 1098 1099 memset(&fa, 0, sizeof(struct fsxattr)); 1100 fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE); 1101 1102 if (ext4_has_feature_project(inode->i_sb)) { 1103 fa.fsx_projid = (__u32)from_kprojid(&init_user_ns, 1104 EXT4_I(inode)->i_projid); 1105 } 1106 1107 if (copy_to_user((struct fsxattr __user *)arg, 1108 &fa, sizeof(fa))) 1109 return -EFAULT; 1110 return 0; 1111 } 1112 case EXT4_IOC_FSSETXATTR: 1113 { 1114 struct fsxattr fa; 1115 int err; 1116 1117 if (copy_from_user(&fa, (struct fsxattr __user *)arg, 1118 sizeof(fa))) 1119 return -EFAULT; 1120 1121 /* Make sure caller has proper permission */ 1122 if (!inode_owner_or_capable(inode)) 1123 return -EACCES; 1124 1125 if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS) 1126 return -EOPNOTSUPP; 1127 1128 flags = ext4_xflags_to_iflags(fa.fsx_xflags); 1129 if (ext4_mask_flags(inode->i_mode, flags) != flags) 1130 return -EOPNOTSUPP; 1131 1132 err = mnt_want_write_file(filp); 1133 if (err) 1134 return err; 1135 1136 inode_lock(inode); 1137 err = ext4_ioctl_check_project(inode, &fa); 1138 if (err) 1139 goto out; 1140 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) | 1141 (flags & EXT4_FL_XFLAG_VISIBLE); 1142 err = ext4_ioctl_setflags(inode, flags); 1143 if (err) 1144 goto out; 1145 err = ext4_ioctl_setproject(filp, fa.fsx_projid); 1146 out: 1147 inode_unlock(inode); 1148 mnt_drop_write_file(filp); 1149 return err; 1150 } 1151 case EXT4_IOC_SHUTDOWN: 1152 return ext4_shutdown(sb, arg); 1153 default: 1154 return -ENOTTY; 1155 } 1156 } 1157 1158 #ifdef CONFIG_COMPAT 1159 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1160 { 1161 /* These are just misnamed, they actually get/put from/to user an int */ 1162 switch (cmd) { 1163 case EXT4_IOC32_GETFLAGS: 1164 cmd = EXT4_IOC_GETFLAGS; 1165 break; 1166 case EXT4_IOC32_SETFLAGS: 1167 cmd = EXT4_IOC_SETFLAGS; 1168 break; 1169 case EXT4_IOC32_GETVERSION: 1170 cmd = EXT4_IOC_GETVERSION; 1171 break; 1172 case EXT4_IOC32_SETVERSION: 1173 cmd = EXT4_IOC_SETVERSION; 1174 break; 1175 case EXT4_IOC32_GROUP_EXTEND: 1176 cmd = EXT4_IOC_GROUP_EXTEND; 1177 break; 1178 case EXT4_IOC32_GETVERSION_OLD: 1179 cmd = EXT4_IOC_GETVERSION_OLD; 1180 break; 1181 case EXT4_IOC32_SETVERSION_OLD: 1182 cmd = EXT4_IOC_SETVERSION_OLD; 1183 break; 1184 case EXT4_IOC32_GETRSVSZ: 1185 cmd = EXT4_IOC_GETRSVSZ; 1186 break; 1187 case EXT4_IOC32_SETRSVSZ: 1188 cmd = EXT4_IOC_SETRSVSZ; 1189 break; 1190 case EXT4_IOC32_GROUP_ADD: { 1191 struct compat_ext4_new_group_input __user *uinput; 1192 struct ext4_new_group_data input; 1193 int err; 1194 1195 uinput = compat_ptr(arg); 1196 err = get_user(input.group, &uinput->group); 1197 err |= get_user(input.block_bitmap, &uinput->block_bitmap); 1198 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap); 1199 err |= get_user(input.inode_table, &uinput->inode_table); 1200 err |= get_user(input.blocks_count, &uinput->blocks_count); 1201 err |= get_user(input.reserved_blocks, 1202 &uinput->reserved_blocks); 1203 if (err) 1204 return -EFAULT; 1205 return ext4_ioctl_group_add(file, &input); 1206 } 1207 case EXT4_IOC_MOVE_EXT: 1208 case EXT4_IOC_RESIZE_FS: 1209 case EXT4_IOC_PRECACHE_EXTENTS: 1210 case EXT4_IOC_SET_ENCRYPTION_POLICY: 1211 case EXT4_IOC_GET_ENCRYPTION_PWSALT: 1212 case EXT4_IOC_GET_ENCRYPTION_POLICY: 1213 case EXT4_IOC_SHUTDOWN: 1214 case FS_IOC_GETFSMAP: 1215 break; 1216 default: 1217 return -ENOIOCTLCMD; 1218 } 1219 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); 1220 } 1221 #endif 1222