1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/ioctl.c 4 * 5 * Copyright (C) 1993, 1994, 1995 6 * Remy Card (card@masi.ibp.fr) 7 * Laboratoire MASI - Institut Blaise Pascal 8 * Universite Pierre et Marie Curie (Paris VI) 9 */ 10 11 #include <linux/fs.h> 12 #include <linux/capability.h> 13 #include <linux/time.h> 14 #include <linux/compat.h> 15 #include <linux/mount.h> 16 #include <linux/file.h> 17 #include <linux/quotaops.h> 18 #include <linux/random.h> 19 #include <linux/uuid.h> 20 #include <linux/uaccess.h> 21 #include <linux/delay.h> 22 #include <linux/iversion.h> 23 #include "ext4_jbd2.h" 24 #include "ext4.h" 25 #include <linux/fsmap.h> 26 #include "fsmap.h" 27 #include <trace/events/ext4.h> 28 29 /** 30 * Swap memory between @a and @b for @len bytes. 31 * 32 * @a: pointer to first memory area 33 * @b: pointer to second memory area 34 * @len: number of bytes to swap 35 * 36 */ 37 static void memswap(void *a, void *b, size_t len) 38 { 39 unsigned char *ap, *bp; 40 41 ap = (unsigned char *)a; 42 bp = (unsigned char *)b; 43 while (len-- > 0) { 44 swap(*ap, *bp); 45 ap++; 46 bp++; 47 } 48 } 49 50 /** 51 * Swap i_data and associated attributes between @inode1 and @inode2. 52 * This function is used for the primary swap between inode1 and inode2 53 * and also to revert this primary swap in case of errors. 54 * 55 * Therefore you have to make sure, that calling this method twice 56 * will revert all changes. 57 * 58 * @inode1: pointer to first inode 59 * @inode2: pointer to second inode 60 */ 61 static void swap_inode_data(struct inode *inode1, struct inode *inode2) 62 { 63 loff_t isize; 64 struct ext4_inode_info *ei1; 65 struct ext4_inode_info *ei2; 66 unsigned long tmp; 67 68 ei1 = EXT4_I(inode1); 69 ei2 = EXT4_I(inode2); 70 71 swap(inode1->i_version, inode2->i_version); 72 swap(inode1->i_atime, inode2->i_atime); 73 swap(inode1->i_mtime, inode2->i_mtime); 74 75 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data)); 76 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP; 77 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) | 78 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP); 79 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP); 80 swap(ei1->i_disksize, ei2->i_disksize); 81 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS); 82 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS); 83 84 isize = i_size_read(inode1); 85 i_size_write(inode1, i_size_read(inode2)); 86 i_size_write(inode2, isize); 87 } 88 89 static void reset_inode_seed(struct inode *inode) 90 { 91 struct ext4_inode_info *ei = EXT4_I(inode); 92 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); 93 __le32 inum = cpu_to_le32(inode->i_ino); 94 __le32 gen = cpu_to_le32(inode->i_generation); 95 __u32 csum; 96 97 if (!ext4_has_metadata_csum(inode->i_sb)) 98 return; 99 100 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum)); 101 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen)); 102 } 103 104 /** 105 * Swap the information from the given @inode and the inode 106 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other 107 * important fields of the inodes. 108 * 109 * @sb: the super block of the filesystem 110 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO 111 * 112 */ 113 static long swap_inode_boot_loader(struct super_block *sb, 114 struct inode *inode) 115 { 116 handle_t *handle; 117 int err; 118 struct inode *inode_bl; 119 struct ext4_inode_info *ei_bl; 120 qsize_t size, size_bl, diff; 121 blkcnt_t blocks; 122 unsigned short bytes; 123 124 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL); 125 if (IS_ERR(inode_bl)) 126 return PTR_ERR(inode_bl); 127 ei_bl = EXT4_I(inode_bl); 128 129 /* Protect orig inodes against a truncate and make sure, 130 * that only 1 swap_inode_boot_loader is running. */ 131 lock_two_nondirectories(inode, inode_bl); 132 133 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) || 134 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) || 135 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) || 136 ext4_has_inline_data(inode)) { 137 err = -EINVAL; 138 goto journal_err_out; 139 } 140 141 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) || 142 !inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) { 143 err = -EPERM; 144 goto journal_err_out; 145 } 146 147 down_write(&EXT4_I(inode)->i_mmap_sem); 148 err = filemap_write_and_wait(inode->i_mapping); 149 if (err) 150 goto err_out; 151 152 err = filemap_write_and_wait(inode_bl->i_mapping); 153 if (err) 154 goto err_out; 155 156 /* Wait for all existing dio workers */ 157 inode_dio_wait(inode); 158 inode_dio_wait(inode_bl); 159 160 truncate_inode_pages(&inode->i_data, 0); 161 truncate_inode_pages(&inode_bl->i_data, 0); 162 163 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2); 164 if (IS_ERR(handle)) { 165 err = -EINVAL; 166 goto err_out; 167 } 168 169 /* Protect extent tree against block allocations via delalloc */ 170 ext4_double_down_write_data_sem(inode, inode_bl); 171 172 if (inode_bl->i_nlink == 0) { 173 /* this inode has never been used as a BOOT_LOADER */ 174 set_nlink(inode_bl, 1); 175 i_uid_write(inode_bl, 0); 176 i_gid_write(inode_bl, 0); 177 inode_bl->i_flags = 0; 178 ei_bl->i_flags = 0; 179 inode_set_iversion(inode_bl, 1); 180 i_size_write(inode_bl, 0); 181 inode_bl->i_mode = S_IFREG; 182 if (ext4_has_feature_extents(sb)) { 183 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS); 184 ext4_ext_tree_init(handle, inode_bl); 185 } else 186 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data)); 187 } 188 189 err = dquot_initialize(inode); 190 if (err) 191 goto err_out1; 192 193 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes; 194 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes; 195 diff = size - size_bl; 196 swap_inode_data(inode, inode_bl); 197 198 inode->i_ctime = inode_bl->i_ctime = current_time(inode); 199 200 inode->i_generation = prandom_u32(); 201 inode_bl->i_generation = prandom_u32(); 202 reset_inode_seed(inode); 203 reset_inode_seed(inode_bl); 204 205 ext4_discard_preallocations(inode); 206 207 err = ext4_mark_inode_dirty(handle, inode); 208 if (err < 0) { 209 /* No need to update quota information. */ 210 ext4_warning(inode->i_sb, 211 "couldn't mark inode #%lu dirty (err %d)", 212 inode->i_ino, err); 213 /* Revert all changes: */ 214 swap_inode_data(inode, inode_bl); 215 ext4_mark_inode_dirty(handle, inode); 216 goto err_out1; 217 } 218 219 blocks = inode_bl->i_blocks; 220 bytes = inode_bl->i_bytes; 221 inode_bl->i_blocks = inode->i_blocks; 222 inode_bl->i_bytes = inode->i_bytes; 223 err = ext4_mark_inode_dirty(handle, inode_bl); 224 if (err < 0) { 225 /* No need to update quota information. */ 226 ext4_warning(inode_bl->i_sb, 227 "couldn't mark inode #%lu dirty (err %d)", 228 inode_bl->i_ino, err); 229 goto revert; 230 } 231 232 /* Bootloader inode should not be counted into quota information. */ 233 if (diff > 0) 234 dquot_free_space(inode, diff); 235 else 236 err = dquot_alloc_space(inode, -1 * diff); 237 238 if (err < 0) { 239 revert: 240 /* Revert all changes: */ 241 inode_bl->i_blocks = blocks; 242 inode_bl->i_bytes = bytes; 243 swap_inode_data(inode, inode_bl); 244 ext4_mark_inode_dirty(handle, inode); 245 ext4_mark_inode_dirty(handle, inode_bl); 246 } 247 248 err_out1: 249 ext4_journal_stop(handle); 250 ext4_double_up_write_data_sem(inode, inode_bl); 251 252 err_out: 253 up_write(&EXT4_I(inode)->i_mmap_sem); 254 journal_err_out: 255 unlock_two_nondirectories(inode, inode_bl); 256 iput(inode_bl); 257 return err; 258 } 259 260 #ifdef CONFIG_FS_ENCRYPTION 261 static int uuid_is_zero(__u8 u[16]) 262 { 263 int i; 264 265 for (i = 0; i < 16; i++) 266 if (u[i]) 267 return 0; 268 return 1; 269 } 270 #endif 271 272 /* 273 * If immutable is set and we are not clearing it, we're not allowed to change 274 * anything else in the inode. Don't error out if we're only trying to set 275 * immutable on an immutable file. 276 */ 277 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid, 278 unsigned int flags) 279 { 280 struct ext4_inode_info *ei = EXT4_I(inode); 281 unsigned int oldflags = ei->i_flags; 282 283 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL)) 284 return 0; 285 286 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL)) 287 return -EPERM; 288 if (ext4_has_feature_project(inode->i_sb) && 289 __kprojid_val(ei->i_projid) != new_projid) 290 return -EPERM; 291 292 return 0; 293 } 294 295 static int ext4_ioctl_setflags(struct inode *inode, 296 unsigned int flags) 297 { 298 struct ext4_inode_info *ei = EXT4_I(inode); 299 handle_t *handle = NULL; 300 int err = -EPERM, migrate = 0; 301 struct ext4_iloc iloc; 302 unsigned int oldflags, mask, i; 303 unsigned int jflag; 304 struct super_block *sb = inode->i_sb; 305 306 /* Is it quota file? Do not allow user to mess with it */ 307 if (ext4_is_quota_file(inode)) 308 goto flags_out; 309 310 oldflags = ei->i_flags; 311 312 /* The JOURNAL_DATA flag is modifiable only by root */ 313 jflag = flags & EXT4_JOURNAL_DATA_FL; 314 315 err = vfs_ioc_setflags_prepare(inode, oldflags, flags); 316 if (err) 317 goto flags_out; 318 319 /* 320 * The JOURNAL_DATA flag can only be changed by 321 * the relevant capability. 322 */ 323 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 324 if (!capable(CAP_SYS_RESOURCE)) 325 goto flags_out; 326 } 327 if ((flags ^ oldflags) & EXT4_EXTENTS_FL) 328 migrate = 1; 329 330 if (flags & EXT4_EOFBLOCKS_FL) { 331 /* we don't support adding EOFBLOCKS flag */ 332 if (!(oldflags & EXT4_EOFBLOCKS_FL)) { 333 err = -EOPNOTSUPP; 334 goto flags_out; 335 } 336 } else if (oldflags & EXT4_EOFBLOCKS_FL) { 337 err = ext4_truncate(inode); 338 if (err) 339 goto flags_out; 340 } 341 342 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) { 343 if (!ext4_has_feature_casefold(sb)) { 344 err = -EOPNOTSUPP; 345 goto flags_out; 346 } 347 348 if (!S_ISDIR(inode->i_mode)) { 349 err = -ENOTDIR; 350 goto flags_out; 351 } 352 353 if (!ext4_empty_dir(inode)) { 354 err = -ENOTEMPTY; 355 goto flags_out; 356 } 357 } 358 359 /* 360 * Wait for all pending directio and then flush all the dirty pages 361 * for this file. The flush marks all the pages readonly, so any 362 * subsequent attempt to write to the file (particularly mmap pages) 363 * will come through the filesystem and fail. 364 */ 365 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) && 366 (flags & EXT4_IMMUTABLE_FL)) { 367 inode_dio_wait(inode); 368 err = filemap_write_and_wait(inode->i_mapping); 369 if (err) 370 goto flags_out; 371 } 372 373 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 374 if (IS_ERR(handle)) { 375 err = PTR_ERR(handle); 376 goto flags_out; 377 } 378 if (IS_SYNC(inode)) 379 ext4_handle_sync(handle); 380 err = ext4_reserve_inode_write(handle, inode, &iloc); 381 if (err) 382 goto flags_err; 383 384 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) { 385 if (!(mask & EXT4_FL_USER_MODIFIABLE)) 386 continue; 387 /* These flags get special treatment later */ 388 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL) 389 continue; 390 if (mask & flags) 391 ext4_set_inode_flag(inode, i); 392 else 393 ext4_clear_inode_flag(inode, i); 394 } 395 396 ext4_set_inode_flags(inode); 397 inode->i_ctime = current_time(inode); 398 399 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 400 flags_err: 401 ext4_journal_stop(handle); 402 if (err) 403 goto flags_out; 404 405 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 406 /* 407 * Changes to the journaling mode can cause unsafe changes to 408 * S_DAX if we are using the DAX mount option. 409 */ 410 if (test_opt(inode->i_sb, DAX)) { 411 err = -EBUSY; 412 goto flags_out; 413 } 414 415 err = ext4_change_inode_journal_flag(inode, jflag); 416 if (err) 417 goto flags_out; 418 } 419 if (migrate) { 420 if (flags & EXT4_EXTENTS_FL) 421 err = ext4_ext_migrate(inode); 422 else 423 err = ext4_ind_migrate(inode); 424 } 425 426 flags_out: 427 return err; 428 } 429 430 #ifdef CONFIG_QUOTA 431 static int ext4_ioctl_setproject(struct file *filp, __u32 projid) 432 { 433 struct inode *inode = file_inode(filp); 434 struct super_block *sb = inode->i_sb; 435 struct ext4_inode_info *ei = EXT4_I(inode); 436 int err, rc; 437 handle_t *handle; 438 kprojid_t kprojid; 439 struct ext4_iloc iloc; 440 struct ext4_inode *raw_inode; 441 struct dquot *transfer_to[MAXQUOTAS] = { }; 442 443 if (!ext4_has_feature_project(sb)) { 444 if (projid != EXT4_DEF_PROJID) 445 return -EOPNOTSUPP; 446 else 447 return 0; 448 } 449 450 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE) 451 return -EOPNOTSUPP; 452 453 kprojid = make_kprojid(&init_user_ns, (projid_t)projid); 454 455 if (projid_eq(kprojid, EXT4_I(inode)->i_projid)) 456 return 0; 457 458 err = -EPERM; 459 /* Is it quota file? Do not allow user to mess with it */ 460 if (ext4_is_quota_file(inode)) 461 return err; 462 463 err = ext4_get_inode_loc(inode, &iloc); 464 if (err) 465 return err; 466 467 raw_inode = ext4_raw_inode(&iloc); 468 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) { 469 err = ext4_expand_extra_isize(inode, 470 EXT4_SB(sb)->s_want_extra_isize, 471 &iloc); 472 if (err) 473 return err; 474 } else { 475 brelse(iloc.bh); 476 } 477 478 err = dquot_initialize(inode); 479 if (err) 480 return err; 481 482 handle = ext4_journal_start(inode, EXT4_HT_QUOTA, 483 EXT4_QUOTA_INIT_BLOCKS(sb) + 484 EXT4_QUOTA_DEL_BLOCKS(sb) + 3); 485 if (IS_ERR(handle)) 486 return PTR_ERR(handle); 487 488 err = ext4_reserve_inode_write(handle, inode, &iloc); 489 if (err) 490 goto out_stop; 491 492 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid)); 493 if (!IS_ERR(transfer_to[PRJQUOTA])) { 494 495 /* __dquot_transfer() calls back ext4_get_inode_usage() which 496 * counts xattr inode references. 497 */ 498 down_read(&EXT4_I(inode)->xattr_sem); 499 err = __dquot_transfer(inode, transfer_to); 500 up_read(&EXT4_I(inode)->xattr_sem); 501 dqput(transfer_to[PRJQUOTA]); 502 if (err) 503 goto out_dirty; 504 } 505 506 EXT4_I(inode)->i_projid = kprojid; 507 inode->i_ctime = current_time(inode); 508 out_dirty: 509 rc = ext4_mark_iloc_dirty(handle, inode, &iloc); 510 if (!err) 511 err = rc; 512 out_stop: 513 ext4_journal_stop(handle); 514 return err; 515 } 516 #else 517 static int ext4_ioctl_setproject(struct file *filp, __u32 projid) 518 { 519 if (projid != EXT4_DEF_PROJID) 520 return -EOPNOTSUPP; 521 return 0; 522 } 523 #endif 524 525 /* Transfer internal flags to xflags */ 526 static inline __u32 ext4_iflags_to_xflags(unsigned long iflags) 527 { 528 __u32 xflags = 0; 529 530 if (iflags & EXT4_SYNC_FL) 531 xflags |= FS_XFLAG_SYNC; 532 if (iflags & EXT4_IMMUTABLE_FL) 533 xflags |= FS_XFLAG_IMMUTABLE; 534 if (iflags & EXT4_APPEND_FL) 535 xflags |= FS_XFLAG_APPEND; 536 if (iflags & EXT4_NODUMP_FL) 537 xflags |= FS_XFLAG_NODUMP; 538 if (iflags & EXT4_NOATIME_FL) 539 xflags |= FS_XFLAG_NOATIME; 540 if (iflags & EXT4_PROJINHERIT_FL) 541 xflags |= FS_XFLAG_PROJINHERIT; 542 return xflags; 543 } 544 545 #define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \ 546 FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \ 547 FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT) 548 549 /* Transfer xflags flags to internal */ 550 static inline unsigned long ext4_xflags_to_iflags(__u32 xflags) 551 { 552 unsigned long iflags = 0; 553 554 if (xflags & FS_XFLAG_SYNC) 555 iflags |= EXT4_SYNC_FL; 556 if (xflags & FS_XFLAG_IMMUTABLE) 557 iflags |= EXT4_IMMUTABLE_FL; 558 if (xflags & FS_XFLAG_APPEND) 559 iflags |= EXT4_APPEND_FL; 560 if (xflags & FS_XFLAG_NODUMP) 561 iflags |= EXT4_NODUMP_FL; 562 if (xflags & FS_XFLAG_NOATIME) 563 iflags |= EXT4_NOATIME_FL; 564 if (xflags & FS_XFLAG_PROJINHERIT) 565 iflags |= EXT4_PROJINHERIT_FL; 566 567 return iflags; 568 } 569 570 static int ext4_shutdown(struct super_block *sb, unsigned long arg) 571 { 572 struct ext4_sb_info *sbi = EXT4_SB(sb); 573 __u32 flags; 574 575 if (!capable(CAP_SYS_ADMIN)) 576 return -EPERM; 577 578 if (get_user(flags, (__u32 __user *)arg)) 579 return -EFAULT; 580 581 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH) 582 return -EINVAL; 583 584 if (ext4_forced_shutdown(sbi)) 585 return 0; 586 587 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags); 588 trace_ext4_shutdown(sb, flags); 589 590 switch (flags) { 591 case EXT4_GOING_FLAGS_DEFAULT: 592 freeze_bdev(sb->s_bdev); 593 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 594 thaw_bdev(sb->s_bdev, sb); 595 break; 596 case EXT4_GOING_FLAGS_LOGFLUSH: 597 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 598 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { 599 (void) ext4_force_commit(sb); 600 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 601 } 602 break; 603 case EXT4_GOING_FLAGS_NOLOGFLUSH: 604 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 605 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) 606 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 607 break; 608 default: 609 return -EINVAL; 610 } 611 clear_opt(sb, DISCARD); 612 return 0; 613 } 614 615 struct getfsmap_info { 616 struct super_block *gi_sb; 617 struct fsmap_head __user *gi_data; 618 unsigned int gi_idx; 619 __u32 gi_last_flags; 620 }; 621 622 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv) 623 { 624 struct getfsmap_info *info = priv; 625 struct fsmap fm; 626 627 trace_ext4_getfsmap_mapping(info->gi_sb, xfm); 628 629 info->gi_last_flags = xfm->fmr_flags; 630 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm); 631 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm, 632 sizeof(struct fsmap))) 633 return -EFAULT; 634 635 return 0; 636 } 637 638 static int ext4_ioc_getfsmap(struct super_block *sb, 639 struct fsmap_head __user *arg) 640 { 641 struct getfsmap_info info = { NULL }; 642 struct ext4_fsmap_head xhead = {0}; 643 struct fsmap_head head; 644 bool aborted = false; 645 int error; 646 647 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) 648 return -EFAULT; 649 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || 650 memchr_inv(head.fmh_keys[0].fmr_reserved, 0, 651 sizeof(head.fmh_keys[0].fmr_reserved)) || 652 memchr_inv(head.fmh_keys[1].fmr_reserved, 0, 653 sizeof(head.fmh_keys[1].fmr_reserved))) 654 return -EINVAL; 655 /* 656 * ext4 doesn't report file extents at all, so the only valid 657 * file offsets are the magic ones (all zeroes or all ones). 658 */ 659 if (head.fmh_keys[0].fmr_offset || 660 (head.fmh_keys[1].fmr_offset != 0 && 661 head.fmh_keys[1].fmr_offset != -1ULL)) 662 return -EINVAL; 663 664 xhead.fmh_iflags = head.fmh_iflags; 665 xhead.fmh_count = head.fmh_count; 666 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]); 667 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]); 668 669 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]); 670 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]); 671 672 info.gi_sb = sb; 673 info.gi_data = arg; 674 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info); 675 if (error == EXT4_QUERY_RANGE_ABORT) { 676 error = 0; 677 aborted = true; 678 } else if (error) 679 return error; 680 681 /* If we didn't abort, set the "last" flag in the last fmx */ 682 if (!aborted && info.gi_idx) { 683 info.gi_last_flags |= FMR_OF_LAST; 684 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags, 685 &info.gi_last_flags, 686 sizeof(info.gi_last_flags))) 687 return -EFAULT; 688 } 689 690 /* copy back header */ 691 head.fmh_entries = xhead.fmh_entries; 692 head.fmh_oflags = xhead.fmh_oflags; 693 if (copy_to_user(arg, &head, sizeof(struct fsmap_head))) 694 return -EFAULT; 695 696 return 0; 697 } 698 699 static long ext4_ioctl_group_add(struct file *file, 700 struct ext4_new_group_data *input) 701 { 702 struct super_block *sb = file_inode(file)->i_sb; 703 int err, err2=0; 704 705 err = ext4_resize_begin(sb); 706 if (err) 707 return err; 708 709 if (ext4_has_feature_bigalloc(sb)) { 710 ext4_msg(sb, KERN_ERR, 711 "Online resizing not supported with bigalloc"); 712 err = -EOPNOTSUPP; 713 goto group_add_out; 714 } 715 716 err = mnt_want_write_file(file); 717 if (err) 718 goto group_add_out; 719 720 err = ext4_group_add(sb, input); 721 if (EXT4_SB(sb)->s_journal) { 722 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 723 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 724 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 725 } 726 if (err == 0) 727 err = err2; 728 mnt_drop_write_file(file); 729 if (!err && ext4_has_group_desc_csum(sb) && 730 test_opt(sb, INIT_INODE_TABLE)) 731 err = ext4_register_li_request(sb, input->group); 732 group_add_out: 733 ext4_resize_end(sb); 734 return err; 735 } 736 737 static void ext4_fill_fsxattr(struct inode *inode, struct fsxattr *fa) 738 { 739 struct ext4_inode_info *ei = EXT4_I(inode); 740 741 simple_fill_fsxattr(fa, ext4_iflags_to_xflags(ei->i_flags & 742 EXT4_FL_USER_VISIBLE)); 743 744 if (ext4_has_feature_project(inode->i_sb)) 745 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid); 746 } 747 748 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 749 { 750 struct inode *inode = file_inode(filp); 751 struct super_block *sb = inode->i_sb; 752 struct ext4_inode_info *ei = EXT4_I(inode); 753 unsigned int flags; 754 755 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg); 756 757 switch (cmd) { 758 case FS_IOC_GETFSMAP: 759 return ext4_ioc_getfsmap(sb, (void __user *)arg); 760 case EXT4_IOC_GETFLAGS: 761 flags = ei->i_flags & EXT4_FL_USER_VISIBLE; 762 if (S_ISREG(inode->i_mode)) 763 flags &= ~EXT4_PROJINHERIT_FL; 764 return put_user(flags, (int __user *) arg); 765 case EXT4_IOC_SETFLAGS: { 766 int err; 767 768 if (!inode_owner_or_capable(inode)) 769 return -EACCES; 770 771 if (get_user(flags, (int __user *) arg)) 772 return -EFAULT; 773 774 if (flags & ~EXT4_FL_USER_VISIBLE) 775 return -EOPNOTSUPP; 776 /* 777 * chattr(1) grabs flags via GETFLAGS, modifies the result and 778 * passes that to SETFLAGS. So we cannot easily make SETFLAGS 779 * more restrictive than just silently masking off visible but 780 * not settable flags as we always did. 781 */ 782 flags &= EXT4_FL_USER_MODIFIABLE; 783 if (ext4_mask_flags(inode->i_mode, flags) != flags) 784 return -EOPNOTSUPP; 785 786 err = mnt_want_write_file(filp); 787 if (err) 788 return err; 789 790 inode_lock(inode); 791 err = ext4_ioctl_check_immutable(inode, 792 from_kprojid(&init_user_ns, ei->i_projid), 793 flags); 794 if (!err) 795 err = ext4_ioctl_setflags(inode, flags); 796 inode_unlock(inode); 797 mnt_drop_write_file(filp); 798 return err; 799 } 800 case EXT4_IOC_GETVERSION: 801 case EXT4_IOC_GETVERSION_OLD: 802 return put_user(inode->i_generation, (int __user *) arg); 803 case EXT4_IOC_SETVERSION: 804 case EXT4_IOC_SETVERSION_OLD: { 805 handle_t *handle; 806 struct ext4_iloc iloc; 807 __u32 generation; 808 int err; 809 810 if (!inode_owner_or_capable(inode)) 811 return -EPERM; 812 813 if (ext4_has_metadata_csum(inode->i_sb)) { 814 ext4_warning(sb, "Setting inode version is not " 815 "supported with metadata_csum enabled."); 816 return -ENOTTY; 817 } 818 819 err = mnt_want_write_file(filp); 820 if (err) 821 return err; 822 if (get_user(generation, (int __user *) arg)) { 823 err = -EFAULT; 824 goto setversion_out; 825 } 826 827 inode_lock(inode); 828 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 829 if (IS_ERR(handle)) { 830 err = PTR_ERR(handle); 831 goto unlock_out; 832 } 833 err = ext4_reserve_inode_write(handle, inode, &iloc); 834 if (err == 0) { 835 inode->i_ctime = current_time(inode); 836 inode->i_generation = generation; 837 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 838 } 839 ext4_journal_stop(handle); 840 841 unlock_out: 842 inode_unlock(inode); 843 setversion_out: 844 mnt_drop_write_file(filp); 845 return err; 846 } 847 case EXT4_IOC_GROUP_EXTEND: { 848 ext4_fsblk_t n_blocks_count; 849 int err, err2=0; 850 851 err = ext4_resize_begin(sb); 852 if (err) 853 return err; 854 855 if (get_user(n_blocks_count, (__u32 __user *)arg)) { 856 err = -EFAULT; 857 goto group_extend_out; 858 } 859 860 if (ext4_has_feature_bigalloc(sb)) { 861 ext4_msg(sb, KERN_ERR, 862 "Online resizing not supported with bigalloc"); 863 err = -EOPNOTSUPP; 864 goto group_extend_out; 865 } 866 867 err = mnt_want_write_file(filp); 868 if (err) 869 goto group_extend_out; 870 871 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count); 872 if (EXT4_SB(sb)->s_journal) { 873 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 874 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 875 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 876 } 877 if (err == 0) 878 err = err2; 879 mnt_drop_write_file(filp); 880 group_extend_out: 881 ext4_resize_end(sb); 882 return err; 883 } 884 885 case EXT4_IOC_MOVE_EXT: { 886 struct move_extent me; 887 struct fd donor; 888 int err; 889 890 if (!(filp->f_mode & FMODE_READ) || 891 !(filp->f_mode & FMODE_WRITE)) 892 return -EBADF; 893 894 if (copy_from_user(&me, 895 (struct move_extent __user *)arg, sizeof(me))) 896 return -EFAULT; 897 me.moved_len = 0; 898 899 donor = fdget(me.donor_fd); 900 if (!donor.file) 901 return -EBADF; 902 903 if (!(donor.file->f_mode & FMODE_WRITE)) { 904 err = -EBADF; 905 goto mext_out; 906 } 907 908 if (ext4_has_feature_bigalloc(sb)) { 909 ext4_msg(sb, KERN_ERR, 910 "Online defrag not supported with bigalloc"); 911 err = -EOPNOTSUPP; 912 goto mext_out; 913 } else if (IS_DAX(inode)) { 914 ext4_msg(sb, KERN_ERR, 915 "Online defrag not supported with DAX"); 916 err = -EOPNOTSUPP; 917 goto mext_out; 918 } 919 920 err = mnt_want_write_file(filp); 921 if (err) 922 goto mext_out; 923 924 err = ext4_move_extents(filp, donor.file, me.orig_start, 925 me.donor_start, me.len, &me.moved_len); 926 mnt_drop_write_file(filp); 927 928 if (copy_to_user((struct move_extent __user *)arg, 929 &me, sizeof(me))) 930 err = -EFAULT; 931 mext_out: 932 fdput(donor); 933 return err; 934 } 935 936 case EXT4_IOC_GROUP_ADD: { 937 struct ext4_new_group_data input; 938 939 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg, 940 sizeof(input))) 941 return -EFAULT; 942 943 return ext4_ioctl_group_add(filp, &input); 944 } 945 946 case EXT4_IOC_MIGRATE: 947 { 948 int err; 949 if (!inode_owner_or_capable(inode)) 950 return -EACCES; 951 952 err = mnt_want_write_file(filp); 953 if (err) 954 return err; 955 /* 956 * inode_mutex prevent write and truncate on the file. 957 * Read still goes through. We take i_data_sem in 958 * ext4_ext_swap_inode_data before we switch the 959 * inode format to prevent read. 960 */ 961 inode_lock((inode)); 962 err = ext4_ext_migrate(inode); 963 inode_unlock((inode)); 964 mnt_drop_write_file(filp); 965 return err; 966 } 967 968 case EXT4_IOC_ALLOC_DA_BLKS: 969 { 970 int err; 971 if (!inode_owner_or_capable(inode)) 972 return -EACCES; 973 974 err = mnt_want_write_file(filp); 975 if (err) 976 return err; 977 err = ext4_alloc_da_blocks(inode); 978 mnt_drop_write_file(filp); 979 return err; 980 } 981 982 case EXT4_IOC_SWAP_BOOT: 983 { 984 int err; 985 if (!(filp->f_mode & FMODE_WRITE)) 986 return -EBADF; 987 err = mnt_want_write_file(filp); 988 if (err) 989 return err; 990 err = swap_inode_boot_loader(sb, inode); 991 mnt_drop_write_file(filp); 992 return err; 993 } 994 995 case EXT4_IOC_RESIZE_FS: { 996 ext4_fsblk_t n_blocks_count; 997 int err = 0, err2 = 0; 998 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count; 999 1000 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg, 1001 sizeof(__u64))) { 1002 return -EFAULT; 1003 } 1004 1005 err = ext4_resize_begin(sb); 1006 if (err) 1007 return err; 1008 1009 err = mnt_want_write_file(filp); 1010 if (err) 1011 goto resizefs_out; 1012 1013 err = ext4_resize_fs(sb, n_blocks_count); 1014 if (EXT4_SB(sb)->s_journal) { 1015 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 1016 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 1017 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 1018 } 1019 if (err == 0) 1020 err = err2; 1021 mnt_drop_write_file(filp); 1022 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) && 1023 ext4_has_group_desc_csum(sb) && 1024 test_opt(sb, INIT_INODE_TABLE)) 1025 err = ext4_register_li_request(sb, o_group); 1026 1027 resizefs_out: 1028 ext4_resize_end(sb); 1029 return err; 1030 } 1031 1032 case FITRIM: 1033 { 1034 struct request_queue *q = bdev_get_queue(sb->s_bdev); 1035 struct fstrim_range range; 1036 int ret = 0; 1037 1038 if (!capable(CAP_SYS_ADMIN)) 1039 return -EPERM; 1040 1041 if (!blk_queue_discard(q)) 1042 return -EOPNOTSUPP; 1043 1044 /* 1045 * We haven't replayed the journal, so we cannot use our 1046 * block-bitmap-guided storage zapping commands. 1047 */ 1048 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb)) 1049 return -EROFS; 1050 1051 if (copy_from_user(&range, (struct fstrim_range __user *)arg, 1052 sizeof(range))) 1053 return -EFAULT; 1054 1055 range.minlen = max((unsigned int)range.minlen, 1056 q->limits.discard_granularity); 1057 ret = ext4_trim_fs(sb, &range); 1058 if (ret < 0) 1059 return ret; 1060 1061 if (copy_to_user((struct fstrim_range __user *)arg, &range, 1062 sizeof(range))) 1063 return -EFAULT; 1064 1065 return 0; 1066 } 1067 case EXT4_IOC_PRECACHE_EXTENTS: 1068 return ext4_ext_precache(inode); 1069 1070 case EXT4_IOC_SET_ENCRYPTION_POLICY: 1071 if (!ext4_has_feature_encrypt(sb)) 1072 return -EOPNOTSUPP; 1073 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg); 1074 1075 case EXT4_IOC_GET_ENCRYPTION_PWSALT: { 1076 #ifdef CONFIG_FS_ENCRYPTION 1077 int err, err2; 1078 struct ext4_sb_info *sbi = EXT4_SB(sb); 1079 handle_t *handle; 1080 1081 if (!ext4_has_feature_encrypt(sb)) 1082 return -EOPNOTSUPP; 1083 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) { 1084 err = mnt_want_write_file(filp); 1085 if (err) 1086 return err; 1087 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1); 1088 if (IS_ERR(handle)) { 1089 err = PTR_ERR(handle); 1090 goto pwsalt_err_exit; 1091 } 1092 err = ext4_journal_get_write_access(handle, sbi->s_sbh); 1093 if (err) 1094 goto pwsalt_err_journal; 1095 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt); 1096 err = ext4_handle_dirty_metadata(handle, NULL, 1097 sbi->s_sbh); 1098 pwsalt_err_journal: 1099 err2 = ext4_journal_stop(handle); 1100 if (err2 && !err) 1101 err = err2; 1102 pwsalt_err_exit: 1103 mnt_drop_write_file(filp); 1104 if (err) 1105 return err; 1106 } 1107 if (copy_to_user((void __user *) arg, 1108 sbi->s_es->s_encrypt_pw_salt, 16)) 1109 return -EFAULT; 1110 return 0; 1111 #else 1112 return -EOPNOTSUPP; 1113 #endif 1114 } 1115 case EXT4_IOC_GET_ENCRYPTION_POLICY: 1116 if (!ext4_has_feature_encrypt(sb)) 1117 return -EOPNOTSUPP; 1118 return fscrypt_ioctl_get_policy(filp, (void __user *)arg); 1119 1120 case FS_IOC_GET_ENCRYPTION_POLICY_EX: 1121 if (!ext4_has_feature_encrypt(sb)) 1122 return -EOPNOTSUPP; 1123 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg); 1124 1125 case FS_IOC_ADD_ENCRYPTION_KEY: 1126 if (!ext4_has_feature_encrypt(sb)) 1127 return -EOPNOTSUPP; 1128 return fscrypt_ioctl_add_key(filp, (void __user *)arg); 1129 1130 case FS_IOC_REMOVE_ENCRYPTION_KEY: 1131 if (!ext4_has_feature_encrypt(sb)) 1132 return -EOPNOTSUPP; 1133 return fscrypt_ioctl_remove_key(filp, (void __user *)arg); 1134 1135 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: 1136 if (!ext4_has_feature_encrypt(sb)) 1137 return -EOPNOTSUPP; 1138 return fscrypt_ioctl_remove_key_all_users(filp, 1139 (void __user *)arg); 1140 case FS_IOC_GET_ENCRYPTION_KEY_STATUS: 1141 if (!ext4_has_feature_encrypt(sb)) 1142 return -EOPNOTSUPP; 1143 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg); 1144 1145 case EXT4_IOC_FSGETXATTR: 1146 { 1147 struct fsxattr fa; 1148 1149 ext4_fill_fsxattr(inode, &fa); 1150 1151 if (copy_to_user((struct fsxattr __user *)arg, 1152 &fa, sizeof(fa))) 1153 return -EFAULT; 1154 return 0; 1155 } 1156 case EXT4_IOC_FSSETXATTR: 1157 { 1158 struct fsxattr fa, old_fa; 1159 int err; 1160 1161 if (copy_from_user(&fa, (struct fsxattr __user *)arg, 1162 sizeof(fa))) 1163 return -EFAULT; 1164 1165 /* Make sure caller has proper permission */ 1166 if (!inode_owner_or_capable(inode)) 1167 return -EACCES; 1168 1169 if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS) 1170 return -EOPNOTSUPP; 1171 1172 flags = ext4_xflags_to_iflags(fa.fsx_xflags); 1173 if (ext4_mask_flags(inode->i_mode, flags) != flags) 1174 return -EOPNOTSUPP; 1175 1176 err = mnt_want_write_file(filp); 1177 if (err) 1178 return err; 1179 1180 inode_lock(inode); 1181 ext4_fill_fsxattr(inode, &old_fa); 1182 err = vfs_ioc_fssetxattr_check(inode, &old_fa, &fa); 1183 if (err) 1184 goto out; 1185 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) | 1186 (flags & EXT4_FL_XFLAG_VISIBLE); 1187 err = ext4_ioctl_check_immutable(inode, fa.fsx_projid, flags); 1188 if (err) 1189 goto out; 1190 err = ext4_ioctl_setflags(inode, flags); 1191 if (err) 1192 goto out; 1193 err = ext4_ioctl_setproject(filp, fa.fsx_projid); 1194 out: 1195 inode_unlock(inode); 1196 mnt_drop_write_file(filp); 1197 return err; 1198 } 1199 case EXT4_IOC_SHUTDOWN: 1200 return ext4_shutdown(sb, arg); 1201 1202 case FS_IOC_ENABLE_VERITY: 1203 if (!ext4_has_feature_verity(sb)) 1204 return -EOPNOTSUPP; 1205 return fsverity_ioctl_enable(filp, (const void __user *)arg); 1206 1207 case FS_IOC_MEASURE_VERITY: 1208 if (!ext4_has_feature_verity(sb)) 1209 return -EOPNOTSUPP; 1210 return fsverity_ioctl_measure(filp, (void __user *)arg); 1211 1212 default: 1213 return -ENOTTY; 1214 } 1215 } 1216 1217 #ifdef CONFIG_COMPAT 1218 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1219 { 1220 /* These are just misnamed, they actually get/put from/to user an int */ 1221 switch (cmd) { 1222 case EXT4_IOC32_GETFLAGS: 1223 cmd = EXT4_IOC_GETFLAGS; 1224 break; 1225 case EXT4_IOC32_SETFLAGS: 1226 cmd = EXT4_IOC_SETFLAGS; 1227 break; 1228 case EXT4_IOC32_GETVERSION: 1229 cmd = EXT4_IOC_GETVERSION; 1230 break; 1231 case EXT4_IOC32_SETVERSION: 1232 cmd = EXT4_IOC_SETVERSION; 1233 break; 1234 case EXT4_IOC32_GROUP_EXTEND: 1235 cmd = EXT4_IOC_GROUP_EXTEND; 1236 break; 1237 case EXT4_IOC32_GETVERSION_OLD: 1238 cmd = EXT4_IOC_GETVERSION_OLD; 1239 break; 1240 case EXT4_IOC32_SETVERSION_OLD: 1241 cmd = EXT4_IOC_SETVERSION_OLD; 1242 break; 1243 case EXT4_IOC32_GETRSVSZ: 1244 cmd = EXT4_IOC_GETRSVSZ; 1245 break; 1246 case EXT4_IOC32_SETRSVSZ: 1247 cmd = EXT4_IOC_SETRSVSZ; 1248 break; 1249 case EXT4_IOC32_GROUP_ADD: { 1250 struct compat_ext4_new_group_input __user *uinput; 1251 struct ext4_new_group_data input; 1252 int err; 1253 1254 uinput = compat_ptr(arg); 1255 err = get_user(input.group, &uinput->group); 1256 err |= get_user(input.block_bitmap, &uinput->block_bitmap); 1257 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap); 1258 err |= get_user(input.inode_table, &uinput->inode_table); 1259 err |= get_user(input.blocks_count, &uinput->blocks_count); 1260 err |= get_user(input.reserved_blocks, 1261 &uinput->reserved_blocks); 1262 if (err) 1263 return -EFAULT; 1264 return ext4_ioctl_group_add(file, &input); 1265 } 1266 case EXT4_IOC_MOVE_EXT: 1267 case EXT4_IOC_RESIZE_FS: 1268 case EXT4_IOC_PRECACHE_EXTENTS: 1269 case EXT4_IOC_SET_ENCRYPTION_POLICY: 1270 case EXT4_IOC_GET_ENCRYPTION_PWSALT: 1271 case EXT4_IOC_GET_ENCRYPTION_POLICY: 1272 case FS_IOC_GET_ENCRYPTION_POLICY_EX: 1273 case FS_IOC_ADD_ENCRYPTION_KEY: 1274 case FS_IOC_REMOVE_ENCRYPTION_KEY: 1275 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: 1276 case FS_IOC_GET_ENCRYPTION_KEY_STATUS: 1277 case EXT4_IOC_SHUTDOWN: 1278 case FS_IOC_GETFSMAP: 1279 case FS_IOC_ENABLE_VERITY: 1280 case FS_IOC_MEASURE_VERITY: 1281 break; 1282 default: 1283 return -ENOIOCTLCMD; 1284 } 1285 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); 1286 } 1287 #endif 1288