1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/ioctl.c 4 * 5 * Copyright (C) 1993, 1994, 1995 6 * Remy Card (card@masi.ibp.fr) 7 * Laboratoire MASI - Institut Blaise Pascal 8 * Universite Pierre et Marie Curie (Paris VI) 9 */ 10 11 #include <linux/fs.h> 12 #include <linux/capability.h> 13 #include <linux/time.h> 14 #include <linux/compat.h> 15 #include <linux/mount.h> 16 #include <linux/file.h> 17 #include <linux/quotaops.h> 18 #include <linux/random.h> 19 #include <linux/uaccess.h> 20 #include <linux/delay.h> 21 #include <linux/iversion.h> 22 #include <linux/fileattr.h> 23 #include "ext4_jbd2.h" 24 #include "ext4.h" 25 #include <linux/fsmap.h> 26 #include "fsmap.h" 27 #include <trace/events/ext4.h> 28 29 typedef void ext4_update_sb_callback(struct ext4_super_block *es, 30 const void *arg); 31 32 /* 33 * Superblock modification callback function for changing file system 34 * label 35 */ 36 static void ext4_sb_setlabel(struct ext4_super_block *es, const void *arg) 37 { 38 /* Sanity check, this should never happen */ 39 BUILD_BUG_ON(sizeof(es->s_volume_name) < EXT4_LABEL_MAX); 40 41 memcpy(es->s_volume_name, (char *)arg, EXT4_LABEL_MAX); 42 } 43 44 static 45 int ext4_update_primary_sb(struct super_block *sb, handle_t *handle, 46 ext4_update_sb_callback func, 47 const void *arg) 48 { 49 int err = 0; 50 struct ext4_sb_info *sbi = EXT4_SB(sb); 51 struct buffer_head *bh = sbi->s_sbh; 52 struct ext4_super_block *es = sbi->s_es; 53 54 trace_ext4_update_sb(sb, bh->b_blocknr, 1); 55 56 BUFFER_TRACE(bh, "get_write_access"); 57 err = ext4_journal_get_write_access(handle, sb, 58 bh, 59 EXT4_JTR_NONE); 60 if (err) 61 goto out_err; 62 63 lock_buffer(bh); 64 func(es, arg); 65 ext4_superblock_csum_set(sb); 66 unlock_buffer(bh); 67 68 if (buffer_write_io_error(bh) || !buffer_uptodate(bh)) { 69 ext4_msg(sbi->s_sb, KERN_ERR, "previous I/O error to " 70 "superblock detected"); 71 clear_buffer_write_io_error(bh); 72 set_buffer_uptodate(bh); 73 } 74 75 err = ext4_handle_dirty_metadata(handle, NULL, bh); 76 if (err) 77 goto out_err; 78 err = sync_dirty_buffer(bh); 79 out_err: 80 ext4_std_error(sb, err); 81 return err; 82 } 83 84 /* 85 * Update one backup superblock in the group 'grp' using the callback 86 * function 'func' and argument 'arg'. If the handle is NULL the 87 * modification is not journalled. 88 * 89 * Returns: 0 when no modification was done (no superblock in the group) 90 * 1 when the modification was successful 91 * <0 on error 92 */ 93 static int ext4_update_backup_sb(struct super_block *sb, 94 handle_t *handle, ext4_group_t grp, 95 ext4_update_sb_callback func, const void *arg) 96 { 97 int err = 0; 98 ext4_fsblk_t sb_block; 99 struct buffer_head *bh; 100 unsigned long offset = 0; 101 struct ext4_super_block *es; 102 103 if (!ext4_bg_has_super(sb, grp)) 104 return 0; 105 106 /* 107 * For the group 0 there is always 1k padding, so we have 108 * either adjust offset, or sb_block depending on blocksize 109 */ 110 if (grp == 0) { 111 sb_block = 1 * EXT4_MIN_BLOCK_SIZE; 112 offset = do_div(sb_block, sb->s_blocksize); 113 } else { 114 sb_block = ext4_group_first_block_no(sb, grp); 115 offset = 0; 116 } 117 118 trace_ext4_update_sb(sb, sb_block, handle ? 1 : 0); 119 120 bh = ext4_sb_bread(sb, sb_block, 0); 121 if (IS_ERR(bh)) 122 return PTR_ERR(bh); 123 124 if (handle) { 125 BUFFER_TRACE(bh, "get_write_access"); 126 err = ext4_journal_get_write_access(handle, sb, 127 bh, 128 EXT4_JTR_NONE); 129 if (err) 130 goto out_bh; 131 } 132 133 es = (struct ext4_super_block *) (bh->b_data + offset); 134 lock_buffer(bh); 135 if (ext4_has_metadata_csum(sb) && 136 es->s_checksum != ext4_superblock_csum(sb, es)) { 137 ext4_msg(sb, KERN_ERR, "Invalid checksum for backup " 138 "superblock %llu\n", sb_block); 139 unlock_buffer(bh); 140 err = -EFSBADCRC; 141 goto out_bh; 142 } 143 func(es, arg); 144 if (ext4_has_metadata_csum(sb)) 145 es->s_checksum = ext4_superblock_csum(sb, es); 146 set_buffer_uptodate(bh); 147 unlock_buffer(bh); 148 149 if (err) 150 goto out_bh; 151 152 if (handle) { 153 err = ext4_handle_dirty_metadata(handle, NULL, bh); 154 if (err) 155 goto out_bh; 156 } else { 157 BUFFER_TRACE(bh, "marking dirty"); 158 mark_buffer_dirty(bh); 159 } 160 err = sync_dirty_buffer(bh); 161 162 out_bh: 163 brelse(bh); 164 ext4_std_error(sb, err); 165 return (err) ? err : 1; 166 } 167 168 /* 169 * Update primary and backup superblocks using the provided function 170 * func and argument arg. 171 * 172 * Only the primary superblock and at most two backup superblock 173 * modifications are journalled; the rest is modified without journal. 174 * This is safe because e2fsck will re-write them if there is a problem, 175 * and we're very unlikely to ever need more than two backups. 176 */ 177 static 178 int ext4_update_superblocks_fn(struct super_block *sb, 179 ext4_update_sb_callback func, 180 const void *arg) 181 { 182 handle_t *handle; 183 ext4_group_t ngroups; 184 unsigned int three = 1; 185 unsigned int five = 5; 186 unsigned int seven = 7; 187 int err = 0, ret, i; 188 ext4_group_t grp, primary_grp; 189 struct ext4_sb_info *sbi = EXT4_SB(sb); 190 191 /* 192 * We can't update superblocks while the online resize is running 193 */ 194 if (test_and_set_bit_lock(EXT4_FLAGS_RESIZING, 195 &sbi->s_ext4_flags)) { 196 ext4_msg(sb, KERN_ERR, "Can't modify superblock while" 197 "performing online resize"); 198 return -EBUSY; 199 } 200 201 /* 202 * We're only going to update primary superblock and two 203 * backup superblocks in this transaction. 204 */ 205 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 3); 206 if (IS_ERR(handle)) { 207 err = PTR_ERR(handle); 208 goto out; 209 } 210 211 /* Update primary superblock */ 212 err = ext4_update_primary_sb(sb, handle, func, arg); 213 if (err) { 214 ext4_msg(sb, KERN_ERR, "Failed to update primary " 215 "superblock"); 216 goto out_journal; 217 } 218 219 primary_grp = ext4_get_group_number(sb, sbi->s_sbh->b_blocknr); 220 ngroups = ext4_get_groups_count(sb); 221 222 /* 223 * Update backup superblocks. We have to start from group 0 224 * because it might not be where the primary superblock is 225 * if the fs is mounted with -o sb=<backup_sb_block> 226 */ 227 i = 0; 228 grp = 0; 229 while (grp < ngroups) { 230 /* Skip primary superblock */ 231 if (grp == primary_grp) 232 goto next_grp; 233 234 ret = ext4_update_backup_sb(sb, handle, grp, func, arg); 235 if (ret < 0) { 236 /* Ignore bad checksum; try to update next sb */ 237 if (ret == -EFSBADCRC) 238 goto next_grp; 239 err = ret; 240 goto out_journal; 241 } 242 243 i += ret; 244 if (handle && i > 1) { 245 /* 246 * We're only journalling primary superblock and 247 * two backup superblocks; the rest is not 248 * journalled. 249 */ 250 err = ext4_journal_stop(handle); 251 if (err) 252 goto out; 253 handle = NULL; 254 } 255 next_grp: 256 grp = ext4_list_backups(sb, &three, &five, &seven); 257 } 258 259 out_journal: 260 if (handle) { 261 ret = ext4_journal_stop(handle); 262 if (ret && !err) 263 err = ret; 264 } 265 out: 266 clear_bit_unlock(EXT4_FLAGS_RESIZING, &sbi->s_ext4_flags); 267 smp_mb__after_atomic(); 268 return err ? err : 0; 269 } 270 271 /* 272 * Swap memory between @a and @b for @len bytes. 273 * 274 * @a: pointer to first memory area 275 * @b: pointer to second memory area 276 * @len: number of bytes to swap 277 * 278 */ 279 static void memswap(void *a, void *b, size_t len) 280 { 281 unsigned char *ap, *bp; 282 283 ap = (unsigned char *)a; 284 bp = (unsigned char *)b; 285 while (len-- > 0) { 286 swap(*ap, *bp); 287 ap++; 288 bp++; 289 } 290 } 291 292 /* 293 * Swap i_data and associated attributes between @inode1 and @inode2. 294 * This function is used for the primary swap between inode1 and inode2 295 * and also to revert this primary swap in case of errors. 296 * 297 * Therefore you have to make sure, that calling this method twice 298 * will revert all changes. 299 * 300 * @inode1: pointer to first inode 301 * @inode2: pointer to second inode 302 */ 303 static void swap_inode_data(struct inode *inode1, struct inode *inode2) 304 { 305 loff_t isize; 306 struct ext4_inode_info *ei1; 307 struct ext4_inode_info *ei2; 308 unsigned long tmp; 309 310 ei1 = EXT4_I(inode1); 311 ei2 = EXT4_I(inode2); 312 313 swap(inode1->i_version, inode2->i_version); 314 swap(inode1->i_atime, inode2->i_atime); 315 swap(inode1->i_mtime, inode2->i_mtime); 316 317 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data)); 318 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP; 319 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) | 320 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP); 321 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP); 322 swap(ei1->i_disksize, ei2->i_disksize); 323 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS); 324 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS); 325 326 isize = i_size_read(inode1); 327 i_size_write(inode1, i_size_read(inode2)); 328 i_size_write(inode2, isize); 329 } 330 331 void ext4_reset_inode_seed(struct inode *inode) 332 { 333 struct ext4_inode_info *ei = EXT4_I(inode); 334 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); 335 __le32 inum = cpu_to_le32(inode->i_ino); 336 __le32 gen = cpu_to_le32(inode->i_generation); 337 __u32 csum; 338 339 if (!ext4_has_metadata_csum(inode->i_sb)) 340 return; 341 342 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum)); 343 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen)); 344 } 345 346 /* 347 * Swap the information from the given @inode and the inode 348 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other 349 * important fields of the inodes. 350 * 351 * @sb: the super block of the filesystem 352 * @mnt_userns: user namespace of the mount the inode was found from 353 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO 354 * 355 */ 356 static long swap_inode_boot_loader(struct super_block *sb, 357 struct user_namespace *mnt_userns, 358 struct inode *inode) 359 { 360 handle_t *handle; 361 int err; 362 struct inode *inode_bl; 363 struct ext4_inode_info *ei_bl; 364 qsize_t size, size_bl, diff; 365 blkcnt_t blocks; 366 unsigned short bytes; 367 368 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL); 369 if (IS_ERR(inode_bl)) 370 return PTR_ERR(inode_bl); 371 ei_bl = EXT4_I(inode_bl); 372 373 /* Protect orig inodes against a truncate and make sure, 374 * that only 1 swap_inode_boot_loader is running. */ 375 lock_two_nondirectories(inode, inode_bl); 376 377 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) || 378 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) || 379 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) || 380 ext4_has_inline_data(inode)) { 381 err = -EINVAL; 382 goto journal_err_out; 383 } 384 385 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) || 386 !inode_owner_or_capable(mnt_userns, inode) || 387 !capable(CAP_SYS_ADMIN)) { 388 err = -EPERM; 389 goto journal_err_out; 390 } 391 392 filemap_invalidate_lock(inode->i_mapping); 393 err = filemap_write_and_wait(inode->i_mapping); 394 if (err) 395 goto err_out; 396 397 err = filemap_write_and_wait(inode_bl->i_mapping); 398 if (err) 399 goto err_out; 400 401 /* Wait for all existing dio workers */ 402 inode_dio_wait(inode); 403 inode_dio_wait(inode_bl); 404 405 truncate_inode_pages(&inode->i_data, 0); 406 truncate_inode_pages(&inode_bl->i_data, 0); 407 408 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2); 409 if (IS_ERR(handle)) { 410 err = -EINVAL; 411 goto err_out; 412 } 413 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_SWAP_BOOT, handle); 414 415 /* Protect extent tree against block allocations via delalloc */ 416 ext4_double_down_write_data_sem(inode, inode_bl); 417 418 if (inode_bl->i_nlink == 0) { 419 /* this inode has never been used as a BOOT_LOADER */ 420 set_nlink(inode_bl, 1); 421 i_uid_write(inode_bl, 0); 422 i_gid_write(inode_bl, 0); 423 inode_bl->i_flags = 0; 424 ei_bl->i_flags = 0; 425 inode_set_iversion(inode_bl, 1); 426 i_size_write(inode_bl, 0); 427 inode_bl->i_mode = S_IFREG; 428 if (ext4_has_feature_extents(sb)) { 429 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS); 430 ext4_ext_tree_init(handle, inode_bl); 431 } else 432 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data)); 433 } 434 435 err = dquot_initialize(inode); 436 if (err) 437 goto err_out1; 438 439 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes; 440 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes; 441 diff = size - size_bl; 442 swap_inode_data(inode, inode_bl); 443 444 inode->i_ctime = inode_bl->i_ctime = current_time(inode); 445 446 inode->i_generation = prandom_u32(); 447 inode_bl->i_generation = prandom_u32(); 448 ext4_reset_inode_seed(inode); 449 ext4_reset_inode_seed(inode_bl); 450 451 ext4_discard_preallocations(inode, 0); 452 453 err = ext4_mark_inode_dirty(handle, inode); 454 if (err < 0) { 455 /* No need to update quota information. */ 456 ext4_warning(inode->i_sb, 457 "couldn't mark inode #%lu dirty (err %d)", 458 inode->i_ino, err); 459 /* Revert all changes: */ 460 swap_inode_data(inode, inode_bl); 461 ext4_mark_inode_dirty(handle, inode); 462 goto err_out1; 463 } 464 465 blocks = inode_bl->i_blocks; 466 bytes = inode_bl->i_bytes; 467 inode_bl->i_blocks = inode->i_blocks; 468 inode_bl->i_bytes = inode->i_bytes; 469 err = ext4_mark_inode_dirty(handle, inode_bl); 470 if (err < 0) { 471 /* No need to update quota information. */ 472 ext4_warning(inode_bl->i_sb, 473 "couldn't mark inode #%lu dirty (err %d)", 474 inode_bl->i_ino, err); 475 goto revert; 476 } 477 478 /* Bootloader inode should not be counted into quota information. */ 479 if (diff > 0) 480 dquot_free_space(inode, diff); 481 else 482 err = dquot_alloc_space(inode, -1 * diff); 483 484 if (err < 0) { 485 revert: 486 /* Revert all changes: */ 487 inode_bl->i_blocks = blocks; 488 inode_bl->i_bytes = bytes; 489 swap_inode_data(inode, inode_bl); 490 ext4_mark_inode_dirty(handle, inode); 491 ext4_mark_inode_dirty(handle, inode_bl); 492 } 493 494 err_out1: 495 ext4_journal_stop(handle); 496 ext4_double_up_write_data_sem(inode, inode_bl); 497 498 err_out: 499 filemap_invalidate_unlock(inode->i_mapping); 500 journal_err_out: 501 unlock_two_nondirectories(inode, inode_bl); 502 iput(inode_bl); 503 return err; 504 } 505 506 /* 507 * If immutable is set and we are not clearing it, we're not allowed to change 508 * anything else in the inode. Don't error out if we're only trying to set 509 * immutable on an immutable file. 510 */ 511 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid, 512 unsigned int flags) 513 { 514 struct ext4_inode_info *ei = EXT4_I(inode); 515 unsigned int oldflags = ei->i_flags; 516 517 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL)) 518 return 0; 519 520 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL)) 521 return -EPERM; 522 if (ext4_has_feature_project(inode->i_sb) && 523 __kprojid_val(ei->i_projid) != new_projid) 524 return -EPERM; 525 526 return 0; 527 } 528 529 static void ext4_dax_dontcache(struct inode *inode, unsigned int flags) 530 { 531 struct ext4_inode_info *ei = EXT4_I(inode); 532 533 if (S_ISDIR(inode->i_mode)) 534 return; 535 536 if (test_opt2(inode->i_sb, DAX_NEVER) || 537 test_opt(inode->i_sb, DAX_ALWAYS)) 538 return; 539 540 if ((ei->i_flags ^ flags) & EXT4_DAX_FL) 541 d_mark_dontcache(inode); 542 } 543 544 static bool dax_compatible(struct inode *inode, unsigned int oldflags, 545 unsigned int flags) 546 { 547 /* Allow the DAX flag to be changed on inline directories */ 548 if (S_ISDIR(inode->i_mode)) { 549 flags &= ~EXT4_INLINE_DATA_FL; 550 oldflags &= ~EXT4_INLINE_DATA_FL; 551 } 552 553 if (flags & EXT4_DAX_FL) { 554 if ((oldflags & EXT4_DAX_MUT_EXCL) || 555 ext4_test_inode_state(inode, 556 EXT4_STATE_VERITY_IN_PROGRESS)) { 557 return false; 558 } 559 } 560 561 if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL)) 562 return false; 563 564 return true; 565 } 566 567 static int ext4_ioctl_setflags(struct inode *inode, 568 unsigned int flags) 569 { 570 struct ext4_inode_info *ei = EXT4_I(inode); 571 handle_t *handle = NULL; 572 int err = -EPERM, migrate = 0; 573 struct ext4_iloc iloc; 574 unsigned int oldflags, mask, i; 575 struct super_block *sb = inode->i_sb; 576 577 /* Is it quota file? Do not allow user to mess with it */ 578 if (ext4_is_quota_file(inode)) 579 goto flags_out; 580 581 oldflags = ei->i_flags; 582 /* 583 * The JOURNAL_DATA flag can only be changed by 584 * the relevant capability. 585 */ 586 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 587 if (!capable(CAP_SYS_RESOURCE)) 588 goto flags_out; 589 } 590 591 if (!dax_compatible(inode, oldflags, flags)) { 592 err = -EOPNOTSUPP; 593 goto flags_out; 594 } 595 596 if ((flags ^ oldflags) & EXT4_EXTENTS_FL) 597 migrate = 1; 598 599 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) { 600 if (!ext4_has_feature_casefold(sb)) { 601 err = -EOPNOTSUPP; 602 goto flags_out; 603 } 604 605 if (!S_ISDIR(inode->i_mode)) { 606 err = -ENOTDIR; 607 goto flags_out; 608 } 609 610 if (!ext4_empty_dir(inode)) { 611 err = -ENOTEMPTY; 612 goto flags_out; 613 } 614 } 615 616 /* 617 * Wait for all pending directio and then flush all the dirty pages 618 * for this file. The flush marks all the pages readonly, so any 619 * subsequent attempt to write to the file (particularly mmap pages) 620 * will come through the filesystem and fail. 621 */ 622 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) && 623 (flags & EXT4_IMMUTABLE_FL)) { 624 inode_dio_wait(inode); 625 err = filemap_write_and_wait(inode->i_mapping); 626 if (err) 627 goto flags_out; 628 } 629 630 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 631 if (IS_ERR(handle)) { 632 err = PTR_ERR(handle); 633 goto flags_out; 634 } 635 if (IS_SYNC(inode)) 636 ext4_handle_sync(handle); 637 err = ext4_reserve_inode_write(handle, inode, &iloc); 638 if (err) 639 goto flags_err; 640 641 ext4_dax_dontcache(inode, flags); 642 643 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) { 644 if (!(mask & EXT4_FL_USER_MODIFIABLE)) 645 continue; 646 /* These flags get special treatment later */ 647 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL) 648 continue; 649 if (mask & flags) 650 ext4_set_inode_flag(inode, i); 651 else 652 ext4_clear_inode_flag(inode, i); 653 } 654 655 ext4_set_inode_flags(inode, false); 656 657 inode->i_ctime = current_time(inode); 658 659 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 660 flags_err: 661 ext4_journal_stop(handle); 662 if (err) 663 goto flags_out; 664 665 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 666 /* 667 * Changes to the journaling mode can cause unsafe changes to 668 * S_DAX if the inode is DAX 669 */ 670 if (IS_DAX(inode)) { 671 err = -EBUSY; 672 goto flags_out; 673 } 674 675 err = ext4_change_inode_journal_flag(inode, 676 flags & EXT4_JOURNAL_DATA_FL); 677 if (err) 678 goto flags_out; 679 } 680 if (migrate) { 681 if (flags & EXT4_EXTENTS_FL) 682 err = ext4_ext_migrate(inode); 683 else 684 err = ext4_ind_migrate(inode); 685 } 686 687 flags_out: 688 return err; 689 } 690 691 #ifdef CONFIG_QUOTA 692 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid) 693 { 694 struct super_block *sb = inode->i_sb; 695 struct ext4_inode_info *ei = EXT4_I(inode); 696 int err, rc; 697 handle_t *handle; 698 kprojid_t kprojid; 699 struct ext4_iloc iloc; 700 struct ext4_inode *raw_inode; 701 struct dquot *transfer_to[MAXQUOTAS] = { }; 702 703 if (!ext4_has_feature_project(sb)) { 704 if (projid != EXT4_DEF_PROJID) 705 return -EOPNOTSUPP; 706 else 707 return 0; 708 } 709 710 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE) 711 return -EOPNOTSUPP; 712 713 kprojid = make_kprojid(&init_user_ns, (projid_t)projid); 714 715 if (projid_eq(kprojid, EXT4_I(inode)->i_projid)) 716 return 0; 717 718 err = -EPERM; 719 /* Is it quota file? Do not allow user to mess with it */ 720 if (ext4_is_quota_file(inode)) 721 return err; 722 723 err = ext4_get_inode_loc(inode, &iloc); 724 if (err) 725 return err; 726 727 raw_inode = ext4_raw_inode(&iloc); 728 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) { 729 err = ext4_expand_extra_isize(inode, 730 EXT4_SB(sb)->s_want_extra_isize, 731 &iloc); 732 if (err) 733 return err; 734 } else { 735 brelse(iloc.bh); 736 } 737 738 err = dquot_initialize(inode); 739 if (err) 740 return err; 741 742 handle = ext4_journal_start(inode, EXT4_HT_QUOTA, 743 EXT4_QUOTA_INIT_BLOCKS(sb) + 744 EXT4_QUOTA_DEL_BLOCKS(sb) + 3); 745 if (IS_ERR(handle)) 746 return PTR_ERR(handle); 747 748 err = ext4_reserve_inode_write(handle, inode, &iloc); 749 if (err) 750 goto out_stop; 751 752 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid)); 753 if (!IS_ERR(transfer_to[PRJQUOTA])) { 754 755 /* __dquot_transfer() calls back ext4_get_inode_usage() which 756 * counts xattr inode references. 757 */ 758 down_read(&EXT4_I(inode)->xattr_sem); 759 err = __dquot_transfer(inode, transfer_to); 760 up_read(&EXT4_I(inode)->xattr_sem); 761 dqput(transfer_to[PRJQUOTA]); 762 if (err) 763 goto out_dirty; 764 } 765 766 EXT4_I(inode)->i_projid = kprojid; 767 inode->i_ctime = current_time(inode); 768 out_dirty: 769 rc = ext4_mark_iloc_dirty(handle, inode, &iloc); 770 if (!err) 771 err = rc; 772 out_stop: 773 ext4_journal_stop(handle); 774 return err; 775 } 776 #else 777 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid) 778 { 779 if (projid != EXT4_DEF_PROJID) 780 return -EOPNOTSUPP; 781 return 0; 782 } 783 #endif 784 785 static int ext4_shutdown(struct super_block *sb, unsigned long arg) 786 { 787 struct ext4_sb_info *sbi = EXT4_SB(sb); 788 __u32 flags; 789 790 if (!capable(CAP_SYS_ADMIN)) 791 return -EPERM; 792 793 if (get_user(flags, (__u32 __user *)arg)) 794 return -EFAULT; 795 796 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH) 797 return -EINVAL; 798 799 if (ext4_forced_shutdown(sbi)) 800 return 0; 801 802 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags); 803 trace_ext4_shutdown(sb, flags); 804 805 switch (flags) { 806 case EXT4_GOING_FLAGS_DEFAULT: 807 freeze_bdev(sb->s_bdev); 808 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 809 thaw_bdev(sb->s_bdev); 810 break; 811 case EXT4_GOING_FLAGS_LOGFLUSH: 812 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 813 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { 814 (void) ext4_force_commit(sb); 815 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 816 } 817 break; 818 case EXT4_GOING_FLAGS_NOLOGFLUSH: 819 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 820 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) 821 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 822 break; 823 default: 824 return -EINVAL; 825 } 826 clear_opt(sb, DISCARD); 827 return 0; 828 } 829 830 struct getfsmap_info { 831 struct super_block *gi_sb; 832 struct fsmap_head __user *gi_data; 833 unsigned int gi_idx; 834 __u32 gi_last_flags; 835 }; 836 837 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv) 838 { 839 struct getfsmap_info *info = priv; 840 struct fsmap fm; 841 842 trace_ext4_getfsmap_mapping(info->gi_sb, xfm); 843 844 info->gi_last_flags = xfm->fmr_flags; 845 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm); 846 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm, 847 sizeof(struct fsmap))) 848 return -EFAULT; 849 850 return 0; 851 } 852 853 static int ext4_ioc_getfsmap(struct super_block *sb, 854 struct fsmap_head __user *arg) 855 { 856 struct getfsmap_info info = { NULL }; 857 struct ext4_fsmap_head xhead = {0}; 858 struct fsmap_head head; 859 bool aborted = false; 860 int error; 861 862 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) 863 return -EFAULT; 864 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || 865 memchr_inv(head.fmh_keys[0].fmr_reserved, 0, 866 sizeof(head.fmh_keys[0].fmr_reserved)) || 867 memchr_inv(head.fmh_keys[1].fmr_reserved, 0, 868 sizeof(head.fmh_keys[1].fmr_reserved))) 869 return -EINVAL; 870 /* 871 * ext4 doesn't report file extents at all, so the only valid 872 * file offsets are the magic ones (all zeroes or all ones). 873 */ 874 if (head.fmh_keys[0].fmr_offset || 875 (head.fmh_keys[1].fmr_offset != 0 && 876 head.fmh_keys[1].fmr_offset != -1ULL)) 877 return -EINVAL; 878 879 xhead.fmh_iflags = head.fmh_iflags; 880 xhead.fmh_count = head.fmh_count; 881 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]); 882 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]); 883 884 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]); 885 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]); 886 887 info.gi_sb = sb; 888 info.gi_data = arg; 889 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info); 890 if (error == EXT4_QUERY_RANGE_ABORT) 891 aborted = true; 892 else if (error) 893 return error; 894 895 /* If we didn't abort, set the "last" flag in the last fmx */ 896 if (!aborted && info.gi_idx) { 897 info.gi_last_flags |= FMR_OF_LAST; 898 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags, 899 &info.gi_last_flags, 900 sizeof(info.gi_last_flags))) 901 return -EFAULT; 902 } 903 904 /* copy back header */ 905 head.fmh_entries = xhead.fmh_entries; 906 head.fmh_oflags = xhead.fmh_oflags; 907 if (copy_to_user(arg, &head, sizeof(struct fsmap_head))) 908 return -EFAULT; 909 910 return 0; 911 } 912 913 static long ext4_ioctl_group_add(struct file *file, 914 struct ext4_new_group_data *input) 915 { 916 struct super_block *sb = file_inode(file)->i_sb; 917 int err, err2=0; 918 919 err = ext4_resize_begin(sb); 920 if (err) 921 return err; 922 923 if (ext4_has_feature_bigalloc(sb)) { 924 ext4_msg(sb, KERN_ERR, 925 "Online resizing not supported with bigalloc"); 926 err = -EOPNOTSUPP; 927 goto group_add_out; 928 } 929 930 err = mnt_want_write_file(file); 931 if (err) 932 goto group_add_out; 933 934 err = ext4_group_add(sb, input); 935 if (EXT4_SB(sb)->s_journal) { 936 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 937 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0); 938 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 939 } 940 if (err == 0) 941 err = err2; 942 mnt_drop_write_file(file); 943 if (!err && ext4_has_group_desc_csum(sb) && 944 test_opt(sb, INIT_INODE_TABLE)) 945 err = ext4_register_li_request(sb, input->group); 946 group_add_out: 947 err2 = ext4_resize_end(sb, false); 948 if (err == 0) 949 err = err2; 950 return err; 951 } 952 953 int ext4_fileattr_get(struct dentry *dentry, struct fileattr *fa) 954 { 955 struct inode *inode = d_inode(dentry); 956 struct ext4_inode_info *ei = EXT4_I(inode); 957 u32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE; 958 959 if (S_ISREG(inode->i_mode)) 960 flags &= ~FS_PROJINHERIT_FL; 961 962 fileattr_fill_flags(fa, flags); 963 if (ext4_has_feature_project(inode->i_sb)) 964 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid); 965 966 return 0; 967 } 968 969 int ext4_fileattr_set(struct user_namespace *mnt_userns, 970 struct dentry *dentry, struct fileattr *fa) 971 { 972 struct inode *inode = d_inode(dentry); 973 u32 flags = fa->flags; 974 int err = -EOPNOTSUPP; 975 976 if (flags & ~EXT4_FL_USER_VISIBLE) 977 goto out; 978 979 /* 980 * chattr(1) grabs flags via GETFLAGS, modifies the result and 981 * passes that to SETFLAGS. So we cannot easily make SETFLAGS 982 * more restrictive than just silently masking off visible but 983 * not settable flags as we always did. 984 */ 985 flags &= EXT4_FL_USER_MODIFIABLE; 986 if (ext4_mask_flags(inode->i_mode, flags) != flags) 987 goto out; 988 err = ext4_ioctl_check_immutable(inode, fa->fsx_projid, flags); 989 if (err) 990 goto out; 991 err = ext4_ioctl_setflags(inode, flags); 992 if (err) 993 goto out; 994 err = ext4_ioctl_setproject(inode, fa->fsx_projid); 995 out: 996 return err; 997 } 998 999 /* So that the fiemap access checks can't overflow on 32 bit machines. */ 1000 #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent)) 1001 1002 static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg) 1003 { 1004 struct fiemap fiemap; 1005 struct fiemap __user *ufiemap = (struct fiemap __user *) arg; 1006 struct fiemap_extent_info fieinfo = { 0, }; 1007 struct inode *inode = file_inode(filp); 1008 int error; 1009 1010 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap))) 1011 return -EFAULT; 1012 1013 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS) 1014 return -EINVAL; 1015 1016 fieinfo.fi_flags = fiemap.fm_flags; 1017 fieinfo.fi_extents_max = fiemap.fm_extent_count; 1018 fieinfo.fi_extents_start = ufiemap->fm_extents; 1019 1020 error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start, 1021 fiemap.fm_length); 1022 fiemap.fm_flags = fieinfo.fi_flags; 1023 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped; 1024 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap))) 1025 error = -EFAULT; 1026 1027 return error; 1028 } 1029 1030 static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg) 1031 { 1032 int err = 0; 1033 __u32 flags = 0; 1034 unsigned int flush_flags = 0; 1035 struct super_block *sb = file_inode(filp)->i_sb; 1036 1037 if (copy_from_user(&flags, (__u32 __user *)arg, 1038 sizeof(__u32))) 1039 return -EFAULT; 1040 1041 if (!capable(CAP_SYS_ADMIN)) 1042 return -EPERM; 1043 1044 /* check for invalid bits set */ 1045 if ((flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) || 1046 ((flags & JBD2_JOURNAL_FLUSH_DISCARD) && 1047 (flags & JBD2_JOURNAL_FLUSH_ZEROOUT))) 1048 return -EINVAL; 1049 1050 if (!EXT4_SB(sb)->s_journal) 1051 return -ENODEV; 1052 1053 if (flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) 1054 return -EINVAL; 1055 1056 if ((flags & JBD2_JOURNAL_FLUSH_DISCARD) && 1057 !bdev_max_discard_sectors(EXT4_SB(sb)->s_journal->j_dev)) 1058 return -EOPNOTSUPP; 1059 1060 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DRY_RUN) 1061 return 0; 1062 1063 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DISCARD) 1064 flush_flags |= JBD2_JOURNAL_FLUSH_DISCARD; 1065 1066 if (flags & EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT) { 1067 flush_flags |= JBD2_JOURNAL_FLUSH_ZEROOUT; 1068 pr_info_ratelimited("warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow"); 1069 } 1070 1071 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 1072 err = jbd2_journal_flush(EXT4_SB(sb)->s_journal, flush_flags); 1073 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 1074 1075 return err; 1076 } 1077 1078 static int ext4_ioctl_setlabel(struct file *filp, const char __user *user_label) 1079 { 1080 size_t len; 1081 int ret = 0; 1082 char new_label[EXT4_LABEL_MAX + 1]; 1083 struct super_block *sb = file_inode(filp)->i_sb; 1084 1085 if (!capable(CAP_SYS_ADMIN)) 1086 return -EPERM; 1087 1088 /* 1089 * Copy the maximum length allowed for ext4 label with one more to 1090 * find the required terminating null byte in order to test the 1091 * label length. The on disk label doesn't need to be null terminated. 1092 */ 1093 if (copy_from_user(new_label, user_label, EXT4_LABEL_MAX + 1)) 1094 return -EFAULT; 1095 1096 len = strnlen(new_label, EXT4_LABEL_MAX + 1); 1097 if (len > EXT4_LABEL_MAX) 1098 return -EINVAL; 1099 1100 /* 1101 * Clear the buffer after the new label 1102 */ 1103 memset(new_label + len, 0, EXT4_LABEL_MAX - len); 1104 1105 ret = mnt_want_write_file(filp); 1106 if (ret) 1107 return ret; 1108 1109 ret = ext4_update_superblocks_fn(sb, ext4_sb_setlabel, new_label); 1110 1111 mnt_drop_write_file(filp); 1112 return ret; 1113 } 1114 1115 static int ext4_ioctl_getlabel(struct ext4_sb_info *sbi, char __user *user_label) 1116 { 1117 char label[EXT4_LABEL_MAX + 1]; 1118 1119 /* 1120 * EXT4_LABEL_MAX must always be smaller than FSLABEL_MAX because 1121 * FSLABEL_MAX must include terminating null byte, while s_volume_name 1122 * does not have to. 1123 */ 1124 BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX); 1125 1126 memset(label, 0, sizeof(label)); 1127 lock_buffer(sbi->s_sbh); 1128 strncpy(label, sbi->s_es->s_volume_name, EXT4_LABEL_MAX); 1129 unlock_buffer(sbi->s_sbh); 1130 1131 if (copy_to_user(user_label, label, sizeof(label))) 1132 return -EFAULT; 1133 return 0; 1134 } 1135 1136 static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 1137 { 1138 struct inode *inode = file_inode(filp); 1139 struct super_block *sb = inode->i_sb; 1140 struct user_namespace *mnt_userns = file_mnt_user_ns(filp); 1141 1142 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg); 1143 1144 switch (cmd) { 1145 case FS_IOC_GETFSMAP: 1146 return ext4_ioc_getfsmap(sb, (void __user *)arg); 1147 case EXT4_IOC_GETVERSION: 1148 case EXT4_IOC_GETVERSION_OLD: 1149 return put_user(inode->i_generation, (int __user *) arg); 1150 case EXT4_IOC_SETVERSION: 1151 case EXT4_IOC_SETVERSION_OLD: { 1152 handle_t *handle; 1153 struct ext4_iloc iloc; 1154 __u32 generation; 1155 int err; 1156 1157 if (!inode_owner_or_capable(mnt_userns, inode)) 1158 return -EPERM; 1159 1160 if (ext4_has_metadata_csum(inode->i_sb)) { 1161 ext4_warning(sb, "Setting inode version is not " 1162 "supported with metadata_csum enabled."); 1163 return -ENOTTY; 1164 } 1165 1166 err = mnt_want_write_file(filp); 1167 if (err) 1168 return err; 1169 if (get_user(generation, (int __user *) arg)) { 1170 err = -EFAULT; 1171 goto setversion_out; 1172 } 1173 1174 inode_lock(inode); 1175 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 1176 if (IS_ERR(handle)) { 1177 err = PTR_ERR(handle); 1178 goto unlock_out; 1179 } 1180 err = ext4_reserve_inode_write(handle, inode, &iloc); 1181 if (err == 0) { 1182 inode->i_ctime = current_time(inode); 1183 inode->i_generation = generation; 1184 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 1185 } 1186 ext4_journal_stop(handle); 1187 1188 unlock_out: 1189 inode_unlock(inode); 1190 setversion_out: 1191 mnt_drop_write_file(filp); 1192 return err; 1193 } 1194 case EXT4_IOC_GROUP_EXTEND: { 1195 ext4_fsblk_t n_blocks_count; 1196 int err, err2=0; 1197 1198 err = ext4_resize_begin(sb); 1199 if (err) 1200 return err; 1201 1202 if (get_user(n_blocks_count, (__u32 __user *)arg)) { 1203 err = -EFAULT; 1204 goto group_extend_out; 1205 } 1206 1207 if (ext4_has_feature_bigalloc(sb)) { 1208 ext4_msg(sb, KERN_ERR, 1209 "Online resizing not supported with bigalloc"); 1210 err = -EOPNOTSUPP; 1211 goto group_extend_out; 1212 } 1213 1214 err = mnt_want_write_file(filp); 1215 if (err) 1216 goto group_extend_out; 1217 1218 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count); 1219 if (EXT4_SB(sb)->s_journal) { 1220 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 1221 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0); 1222 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 1223 } 1224 if (err == 0) 1225 err = err2; 1226 mnt_drop_write_file(filp); 1227 group_extend_out: 1228 err2 = ext4_resize_end(sb, false); 1229 if (err == 0) 1230 err = err2; 1231 return err; 1232 } 1233 1234 case EXT4_IOC_MOVE_EXT: { 1235 struct move_extent me; 1236 struct fd donor; 1237 int err; 1238 1239 if (!(filp->f_mode & FMODE_READ) || 1240 !(filp->f_mode & FMODE_WRITE)) 1241 return -EBADF; 1242 1243 if (copy_from_user(&me, 1244 (struct move_extent __user *)arg, sizeof(me))) 1245 return -EFAULT; 1246 me.moved_len = 0; 1247 1248 donor = fdget(me.donor_fd); 1249 if (!donor.file) 1250 return -EBADF; 1251 1252 if (!(donor.file->f_mode & FMODE_WRITE)) { 1253 err = -EBADF; 1254 goto mext_out; 1255 } 1256 1257 if (ext4_has_feature_bigalloc(sb)) { 1258 ext4_msg(sb, KERN_ERR, 1259 "Online defrag not supported with bigalloc"); 1260 err = -EOPNOTSUPP; 1261 goto mext_out; 1262 } else if (IS_DAX(inode)) { 1263 ext4_msg(sb, KERN_ERR, 1264 "Online defrag not supported with DAX"); 1265 err = -EOPNOTSUPP; 1266 goto mext_out; 1267 } 1268 1269 err = mnt_want_write_file(filp); 1270 if (err) 1271 goto mext_out; 1272 1273 err = ext4_move_extents(filp, donor.file, me.orig_start, 1274 me.donor_start, me.len, &me.moved_len); 1275 mnt_drop_write_file(filp); 1276 1277 if (copy_to_user((struct move_extent __user *)arg, 1278 &me, sizeof(me))) 1279 err = -EFAULT; 1280 mext_out: 1281 fdput(donor); 1282 return err; 1283 } 1284 1285 case EXT4_IOC_GROUP_ADD: { 1286 struct ext4_new_group_data input; 1287 1288 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg, 1289 sizeof(input))) 1290 return -EFAULT; 1291 1292 return ext4_ioctl_group_add(filp, &input); 1293 } 1294 1295 case EXT4_IOC_MIGRATE: 1296 { 1297 int err; 1298 if (!inode_owner_or_capable(mnt_userns, inode)) 1299 return -EACCES; 1300 1301 err = mnt_want_write_file(filp); 1302 if (err) 1303 return err; 1304 /* 1305 * inode_mutex prevent write and truncate on the file. 1306 * Read still goes through. We take i_data_sem in 1307 * ext4_ext_swap_inode_data before we switch the 1308 * inode format to prevent read. 1309 */ 1310 inode_lock((inode)); 1311 err = ext4_ext_migrate(inode); 1312 inode_unlock((inode)); 1313 mnt_drop_write_file(filp); 1314 return err; 1315 } 1316 1317 case EXT4_IOC_ALLOC_DA_BLKS: 1318 { 1319 int err; 1320 if (!inode_owner_or_capable(mnt_userns, inode)) 1321 return -EACCES; 1322 1323 err = mnt_want_write_file(filp); 1324 if (err) 1325 return err; 1326 err = ext4_alloc_da_blocks(inode); 1327 mnt_drop_write_file(filp); 1328 return err; 1329 } 1330 1331 case EXT4_IOC_SWAP_BOOT: 1332 { 1333 int err; 1334 if (!(filp->f_mode & FMODE_WRITE)) 1335 return -EBADF; 1336 err = mnt_want_write_file(filp); 1337 if (err) 1338 return err; 1339 err = swap_inode_boot_loader(sb, mnt_userns, inode); 1340 mnt_drop_write_file(filp); 1341 return err; 1342 } 1343 1344 case EXT4_IOC_RESIZE_FS: { 1345 ext4_fsblk_t n_blocks_count; 1346 int err = 0, err2 = 0; 1347 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count; 1348 1349 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg, 1350 sizeof(__u64))) { 1351 return -EFAULT; 1352 } 1353 1354 err = ext4_resize_begin(sb); 1355 if (err) 1356 return err; 1357 1358 err = mnt_want_write_file(filp); 1359 if (err) 1360 goto resizefs_out; 1361 1362 err = ext4_resize_fs(sb, n_blocks_count); 1363 if (EXT4_SB(sb)->s_journal) { 1364 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE, NULL); 1365 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 1366 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0); 1367 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 1368 } 1369 if (err == 0) 1370 err = err2; 1371 mnt_drop_write_file(filp); 1372 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) && 1373 ext4_has_group_desc_csum(sb) && 1374 test_opt(sb, INIT_INODE_TABLE)) 1375 err = ext4_register_li_request(sb, o_group); 1376 1377 resizefs_out: 1378 err2 = ext4_resize_end(sb, true); 1379 if (err == 0) 1380 err = err2; 1381 return err; 1382 } 1383 1384 case FITRIM: 1385 { 1386 struct fstrim_range range; 1387 int ret = 0; 1388 1389 if (!capable(CAP_SYS_ADMIN)) 1390 return -EPERM; 1391 1392 if (!bdev_max_discard_sectors(sb->s_bdev)) 1393 return -EOPNOTSUPP; 1394 1395 /* 1396 * We haven't replayed the journal, so we cannot use our 1397 * block-bitmap-guided storage zapping commands. 1398 */ 1399 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb)) 1400 return -EROFS; 1401 1402 if (copy_from_user(&range, (struct fstrim_range __user *)arg, 1403 sizeof(range))) 1404 return -EFAULT; 1405 1406 ret = ext4_trim_fs(sb, &range); 1407 if (ret < 0) 1408 return ret; 1409 1410 if (copy_to_user((struct fstrim_range __user *)arg, &range, 1411 sizeof(range))) 1412 return -EFAULT; 1413 1414 return 0; 1415 } 1416 case EXT4_IOC_PRECACHE_EXTENTS: 1417 return ext4_ext_precache(inode); 1418 1419 case FS_IOC_SET_ENCRYPTION_POLICY: 1420 if (!ext4_has_feature_encrypt(sb)) 1421 return -EOPNOTSUPP; 1422 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg); 1423 1424 case FS_IOC_GET_ENCRYPTION_PWSALT: 1425 return ext4_ioctl_get_encryption_pwsalt(filp, (void __user *)arg); 1426 1427 case FS_IOC_GET_ENCRYPTION_POLICY: 1428 if (!ext4_has_feature_encrypt(sb)) 1429 return -EOPNOTSUPP; 1430 return fscrypt_ioctl_get_policy(filp, (void __user *)arg); 1431 1432 case FS_IOC_GET_ENCRYPTION_POLICY_EX: 1433 if (!ext4_has_feature_encrypt(sb)) 1434 return -EOPNOTSUPP; 1435 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg); 1436 1437 case FS_IOC_ADD_ENCRYPTION_KEY: 1438 if (!ext4_has_feature_encrypt(sb)) 1439 return -EOPNOTSUPP; 1440 return fscrypt_ioctl_add_key(filp, (void __user *)arg); 1441 1442 case FS_IOC_REMOVE_ENCRYPTION_KEY: 1443 if (!ext4_has_feature_encrypt(sb)) 1444 return -EOPNOTSUPP; 1445 return fscrypt_ioctl_remove_key(filp, (void __user *)arg); 1446 1447 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: 1448 if (!ext4_has_feature_encrypt(sb)) 1449 return -EOPNOTSUPP; 1450 return fscrypt_ioctl_remove_key_all_users(filp, 1451 (void __user *)arg); 1452 case FS_IOC_GET_ENCRYPTION_KEY_STATUS: 1453 if (!ext4_has_feature_encrypt(sb)) 1454 return -EOPNOTSUPP; 1455 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg); 1456 1457 case FS_IOC_GET_ENCRYPTION_NONCE: 1458 if (!ext4_has_feature_encrypt(sb)) 1459 return -EOPNOTSUPP; 1460 return fscrypt_ioctl_get_nonce(filp, (void __user *)arg); 1461 1462 case EXT4_IOC_CLEAR_ES_CACHE: 1463 { 1464 if (!inode_owner_or_capable(mnt_userns, inode)) 1465 return -EACCES; 1466 ext4_clear_inode_es(inode); 1467 return 0; 1468 } 1469 1470 case EXT4_IOC_GETSTATE: 1471 { 1472 __u32 state = 0; 1473 1474 if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED)) 1475 state |= EXT4_STATE_FLAG_EXT_PRECACHED; 1476 if (ext4_test_inode_state(inode, EXT4_STATE_NEW)) 1477 state |= EXT4_STATE_FLAG_NEW; 1478 if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY)) 1479 state |= EXT4_STATE_FLAG_NEWENTRY; 1480 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE)) 1481 state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE; 1482 1483 return put_user(state, (__u32 __user *) arg); 1484 } 1485 1486 case EXT4_IOC_GET_ES_CACHE: 1487 return ext4_ioctl_get_es_cache(filp, arg); 1488 1489 case EXT4_IOC_SHUTDOWN: 1490 return ext4_shutdown(sb, arg); 1491 1492 case FS_IOC_ENABLE_VERITY: 1493 if (!ext4_has_feature_verity(sb)) 1494 return -EOPNOTSUPP; 1495 return fsverity_ioctl_enable(filp, (const void __user *)arg); 1496 1497 case FS_IOC_MEASURE_VERITY: 1498 if (!ext4_has_feature_verity(sb)) 1499 return -EOPNOTSUPP; 1500 return fsverity_ioctl_measure(filp, (void __user *)arg); 1501 1502 case FS_IOC_READ_VERITY_METADATA: 1503 if (!ext4_has_feature_verity(sb)) 1504 return -EOPNOTSUPP; 1505 return fsverity_ioctl_read_metadata(filp, 1506 (const void __user *)arg); 1507 1508 case EXT4_IOC_CHECKPOINT: 1509 return ext4_ioctl_checkpoint(filp, arg); 1510 1511 case FS_IOC_GETFSLABEL: 1512 return ext4_ioctl_getlabel(EXT4_SB(sb), (void __user *)arg); 1513 1514 case FS_IOC_SETFSLABEL: 1515 return ext4_ioctl_setlabel(filp, 1516 (const void __user *)arg); 1517 1518 default: 1519 return -ENOTTY; 1520 } 1521 } 1522 1523 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 1524 { 1525 return __ext4_ioctl(filp, cmd, arg); 1526 } 1527 1528 #ifdef CONFIG_COMPAT 1529 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1530 { 1531 /* These are just misnamed, they actually get/put from/to user an int */ 1532 switch (cmd) { 1533 case EXT4_IOC32_GETVERSION: 1534 cmd = EXT4_IOC_GETVERSION; 1535 break; 1536 case EXT4_IOC32_SETVERSION: 1537 cmd = EXT4_IOC_SETVERSION; 1538 break; 1539 case EXT4_IOC32_GROUP_EXTEND: 1540 cmd = EXT4_IOC_GROUP_EXTEND; 1541 break; 1542 case EXT4_IOC32_GETVERSION_OLD: 1543 cmd = EXT4_IOC_GETVERSION_OLD; 1544 break; 1545 case EXT4_IOC32_SETVERSION_OLD: 1546 cmd = EXT4_IOC_SETVERSION_OLD; 1547 break; 1548 case EXT4_IOC32_GETRSVSZ: 1549 cmd = EXT4_IOC_GETRSVSZ; 1550 break; 1551 case EXT4_IOC32_SETRSVSZ: 1552 cmd = EXT4_IOC_SETRSVSZ; 1553 break; 1554 case EXT4_IOC32_GROUP_ADD: { 1555 struct compat_ext4_new_group_input __user *uinput; 1556 struct ext4_new_group_data input; 1557 int err; 1558 1559 uinput = compat_ptr(arg); 1560 err = get_user(input.group, &uinput->group); 1561 err |= get_user(input.block_bitmap, &uinput->block_bitmap); 1562 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap); 1563 err |= get_user(input.inode_table, &uinput->inode_table); 1564 err |= get_user(input.blocks_count, &uinput->blocks_count); 1565 err |= get_user(input.reserved_blocks, 1566 &uinput->reserved_blocks); 1567 if (err) 1568 return -EFAULT; 1569 return ext4_ioctl_group_add(file, &input); 1570 } 1571 case EXT4_IOC_MOVE_EXT: 1572 case EXT4_IOC_RESIZE_FS: 1573 case FITRIM: 1574 case EXT4_IOC_PRECACHE_EXTENTS: 1575 case FS_IOC_SET_ENCRYPTION_POLICY: 1576 case FS_IOC_GET_ENCRYPTION_PWSALT: 1577 case FS_IOC_GET_ENCRYPTION_POLICY: 1578 case FS_IOC_GET_ENCRYPTION_POLICY_EX: 1579 case FS_IOC_ADD_ENCRYPTION_KEY: 1580 case FS_IOC_REMOVE_ENCRYPTION_KEY: 1581 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS: 1582 case FS_IOC_GET_ENCRYPTION_KEY_STATUS: 1583 case FS_IOC_GET_ENCRYPTION_NONCE: 1584 case EXT4_IOC_SHUTDOWN: 1585 case FS_IOC_GETFSMAP: 1586 case FS_IOC_ENABLE_VERITY: 1587 case FS_IOC_MEASURE_VERITY: 1588 case FS_IOC_READ_VERITY_METADATA: 1589 case EXT4_IOC_CLEAR_ES_CACHE: 1590 case EXT4_IOC_GETSTATE: 1591 case EXT4_IOC_GET_ES_CACHE: 1592 case EXT4_IOC_CHECKPOINT: 1593 case FS_IOC_GETFSLABEL: 1594 case FS_IOC_SETFSLABEL: 1595 break; 1596 default: 1597 return -ENOIOCTLCMD; 1598 } 1599 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); 1600 } 1601 #endif 1602 1603 static void set_overhead(struct ext4_super_block *es, const void *arg) 1604 { 1605 es->s_overhead_clusters = cpu_to_le32(*((unsigned long *) arg)); 1606 } 1607 1608 int ext4_update_overhead(struct super_block *sb, bool force) 1609 { 1610 struct ext4_sb_info *sbi = EXT4_SB(sb); 1611 1612 if (sb_rdonly(sb)) 1613 return 0; 1614 if (!force && 1615 (sbi->s_overhead == 0 || 1616 sbi->s_overhead == le32_to_cpu(sbi->s_es->s_overhead_clusters))) 1617 return 0; 1618 return ext4_update_superblocks_fn(sb, set_overhead, &sbi->s_overhead); 1619 } 1620