xref: /openbmc/linux/fs/ext4/ioctl.c (revision 93f5715e)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * linux/fs/ext4/ioctl.c
4  *
5  * Copyright (C) 1993, 1994, 1995
6  * Remy Card (card@masi.ibp.fr)
7  * Laboratoire MASI - Institut Blaise Pascal
8  * Universite Pierre et Marie Curie (Paris VI)
9  */
10 
11 #include <linux/fs.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <linux/quotaops.h>
18 #include <linux/random.h>
19 #include <linux/uuid.h>
20 #include <linux/uaccess.h>
21 #include <linux/delay.h>
22 #include <linux/iversion.h>
23 #include "ext4_jbd2.h"
24 #include "ext4.h"
25 #include <linux/fsmap.h>
26 #include "fsmap.h"
27 #include <trace/events/ext4.h>
28 
29 /**
30  * Swap memory between @a and @b for @len bytes.
31  *
32  * @a:          pointer to first memory area
33  * @b:          pointer to second memory area
34  * @len:        number of bytes to swap
35  *
36  */
37 static void memswap(void *a, void *b, size_t len)
38 {
39 	unsigned char *ap, *bp;
40 
41 	ap = (unsigned char *)a;
42 	bp = (unsigned char *)b;
43 	while (len-- > 0) {
44 		swap(*ap, *bp);
45 		ap++;
46 		bp++;
47 	}
48 }
49 
50 /**
51  * Swap i_data and associated attributes between @inode1 and @inode2.
52  * This function is used for the primary swap between inode1 and inode2
53  * and also to revert this primary swap in case of errors.
54  *
55  * Therefore you have to make sure, that calling this method twice
56  * will revert all changes.
57  *
58  * @inode1:     pointer to first inode
59  * @inode2:     pointer to second inode
60  */
61 static void swap_inode_data(struct inode *inode1, struct inode *inode2)
62 {
63 	loff_t isize;
64 	struct ext4_inode_info *ei1;
65 	struct ext4_inode_info *ei2;
66 
67 	ei1 = EXT4_I(inode1);
68 	ei2 = EXT4_I(inode2);
69 
70 	swap(inode1->i_flags, inode2->i_flags);
71 	swap(inode1->i_version, inode2->i_version);
72 	swap(inode1->i_blocks, inode2->i_blocks);
73 	swap(inode1->i_bytes, inode2->i_bytes);
74 	swap(inode1->i_atime, inode2->i_atime);
75 	swap(inode1->i_mtime, inode2->i_mtime);
76 
77 	memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
78 	swap(ei1->i_flags, ei2->i_flags);
79 	swap(ei1->i_disksize, ei2->i_disksize);
80 	ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
81 	ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
82 
83 	isize = i_size_read(inode1);
84 	i_size_write(inode1, i_size_read(inode2));
85 	i_size_write(inode2, isize);
86 }
87 
88 /**
89  * Swap the information from the given @inode and the inode
90  * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
91  * important fields of the inodes.
92  *
93  * @sb:         the super block of the filesystem
94  * @inode:      the inode to swap with EXT4_BOOT_LOADER_INO
95  *
96  */
97 static long swap_inode_boot_loader(struct super_block *sb,
98 				struct inode *inode)
99 {
100 	handle_t *handle;
101 	int err;
102 	struct inode *inode_bl;
103 	struct ext4_inode_info *ei_bl;
104 
105 	if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode))
106 		return -EINVAL;
107 
108 	if (!inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN))
109 		return -EPERM;
110 
111 	inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO);
112 	if (IS_ERR(inode_bl))
113 		return PTR_ERR(inode_bl);
114 	ei_bl = EXT4_I(inode_bl);
115 
116 	filemap_flush(inode->i_mapping);
117 	filemap_flush(inode_bl->i_mapping);
118 
119 	/* Protect orig inodes against a truncate and make sure,
120 	 * that only 1 swap_inode_boot_loader is running. */
121 	lock_two_nondirectories(inode, inode_bl);
122 
123 	truncate_inode_pages(&inode->i_data, 0);
124 	truncate_inode_pages(&inode_bl->i_data, 0);
125 
126 	/* Wait for all existing dio workers */
127 	inode_dio_wait(inode);
128 	inode_dio_wait(inode_bl);
129 
130 	handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
131 	if (IS_ERR(handle)) {
132 		err = -EINVAL;
133 		goto journal_err_out;
134 	}
135 
136 	/* Protect extent tree against block allocations via delalloc */
137 	ext4_double_down_write_data_sem(inode, inode_bl);
138 
139 	if (inode_bl->i_nlink == 0) {
140 		/* this inode has never been used as a BOOT_LOADER */
141 		set_nlink(inode_bl, 1);
142 		i_uid_write(inode_bl, 0);
143 		i_gid_write(inode_bl, 0);
144 		inode_bl->i_flags = 0;
145 		ei_bl->i_flags = 0;
146 		inode_set_iversion(inode_bl, 1);
147 		i_size_write(inode_bl, 0);
148 		inode_bl->i_mode = S_IFREG;
149 		if (ext4_has_feature_extents(sb)) {
150 			ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
151 			ext4_ext_tree_init(handle, inode_bl);
152 		} else
153 			memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
154 	}
155 
156 	swap_inode_data(inode, inode_bl);
157 
158 	inode->i_ctime = inode_bl->i_ctime = current_time(inode);
159 
160 	inode->i_generation = prandom_u32();
161 	inode_bl->i_generation = prandom_u32();
162 
163 	ext4_discard_preallocations(inode);
164 
165 	err = ext4_mark_inode_dirty(handle, inode);
166 	if (err < 0) {
167 		ext4_warning(inode->i_sb,
168 			"couldn't mark inode #%lu dirty (err %d)",
169 			inode->i_ino, err);
170 		/* Revert all changes: */
171 		swap_inode_data(inode, inode_bl);
172 	} else {
173 		err = ext4_mark_inode_dirty(handle, inode_bl);
174 		if (err < 0) {
175 			ext4_warning(inode_bl->i_sb,
176 				"couldn't mark inode #%lu dirty (err %d)",
177 				inode_bl->i_ino, err);
178 			/* Revert all changes: */
179 			swap_inode_data(inode, inode_bl);
180 			ext4_mark_inode_dirty(handle, inode);
181 		}
182 	}
183 	ext4_journal_stop(handle);
184 	ext4_double_up_write_data_sem(inode, inode_bl);
185 
186 journal_err_out:
187 	unlock_two_nondirectories(inode, inode_bl);
188 	iput(inode_bl);
189 	return err;
190 }
191 
192 #ifdef CONFIG_EXT4_FS_ENCRYPTION
193 static int uuid_is_zero(__u8 u[16])
194 {
195 	int	i;
196 
197 	for (i = 0; i < 16; i++)
198 		if (u[i])
199 			return 0;
200 	return 1;
201 }
202 #endif
203 
204 static int ext4_ioctl_setflags(struct inode *inode,
205 			       unsigned int flags)
206 {
207 	struct ext4_inode_info *ei = EXT4_I(inode);
208 	handle_t *handle = NULL;
209 	int err = -EPERM, migrate = 0;
210 	struct ext4_iloc iloc;
211 	unsigned int oldflags, mask, i;
212 	unsigned int jflag;
213 
214 	/* Is it quota file? Do not allow user to mess with it */
215 	if (ext4_is_quota_file(inode))
216 		goto flags_out;
217 
218 	oldflags = ei->i_flags;
219 
220 	/* The JOURNAL_DATA flag is modifiable only by root */
221 	jflag = flags & EXT4_JOURNAL_DATA_FL;
222 
223 	/*
224 	 * The IMMUTABLE and APPEND_ONLY flags can only be changed by
225 	 * the relevant capability.
226 	 *
227 	 * This test looks nicer. Thanks to Pauline Middelink
228 	 */
229 	if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
230 		if (!capable(CAP_LINUX_IMMUTABLE))
231 			goto flags_out;
232 	}
233 
234 	/*
235 	 * The JOURNAL_DATA flag can only be changed by
236 	 * the relevant capability.
237 	 */
238 	if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
239 		if (!capable(CAP_SYS_RESOURCE))
240 			goto flags_out;
241 	}
242 	if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
243 		migrate = 1;
244 
245 	if (flags & EXT4_EOFBLOCKS_FL) {
246 		/* we don't support adding EOFBLOCKS flag */
247 		if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
248 			err = -EOPNOTSUPP;
249 			goto flags_out;
250 		}
251 	} else if (oldflags & EXT4_EOFBLOCKS_FL) {
252 		err = ext4_truncate(inode);
253 		if (err)
254 			goto flags_out;
255 	}
256 
257 	handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
258 	if (IS_ERR(handle)) {
259 		err = PTR_ERR(handle);
260 		goto flags_out;
261 	}
262 	if (IS_SYNC(inode))
263 		ext4_handle_sync(handle);
264 	err = ext4_reserve_inode_write(handle, inode, &iloc);
265 	if (err)
266 		goto flags_err;
267 
268 	for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
269 		if (!(mask & EXT4_FL_USER_MODIFIABLE))
270 			continue;
271 		/* These flags get special treatment later */
272 		if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
273 			continue;
274 		if (mask & flags)
275 			ext4_set_inode_flag(inode, i);
276 		else
277 			ext4_clear_inode_flag(inode, i);
278 	}
279 
280 	ext4_set_inode_flags(inode);
281 	inode->i_ctime = current_time(inode);
282 
283 	err = ext4_mark_iloc_dirty(handle, inode, &iloc);
284 flags_err:
285 	ext4_journal_stop(handle);
286 	if (err)
287 		goto flags_out;
288 
289 	if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
290 		/*
291 		 * Changes to the journaling mode can cause unsafe changes to
292 		 * S_DAX if we are using the DAX mount option.
293 		 */
294 		if (test_opt(inode->i_sb, DAX)) {
295 			err = -EBUSY;
296 			goto flags_out;
297 		}
298 
299 		err = ext4_change_inode_journal_flag(inode, jflag);
300 		if (err)
301 			goto flags_out;
302 	}
303 	if (migrate) {
304 		if (flags & EXT4_EXTENTS_FL)
305 			err = ext4_ext_migrate(inode);
306 		else
307 			err = ext4_ind_migrate(inode);
308 	}
309 
310 flags_out:
311 	return err;
312 }
313 
314 #ifdef CONFIG_QUOTA
315 static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
316 {
317 	struct inode *inode = file_inode(filp);
318 	struct super_block *sb = inode->i_sb;
319 	struct ext4_inode_info *ei = EXT4_I(inode);
320 	int err, rc;
321 	handle_t *handle;
322 	kprojid_t kprojid;
323 	struct ext4_iloc iloc;
324 	struct ext4_inode *raw_inode;
325 	struct dquot *transfer_to[MAXQUOTAS] = { };
326 
327 	if (!ext4_has_feature_project(sb)) {
328 		if (projid != EXT4_DEF_PROJID)
329 			return -EOPNOTSUPP;
330 		else
331 			return 0;
332 	}
333 
334 	if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
335 		return -EOPNOTSUPP;
336 
337 	kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
338 
339 	if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
340 		return 0;
341 
342 	err = mnt_want_write_file(filp);
343 	if (err)
344 		return err;
345 
346 	err = -EPERM;
347 	inode_lock(inode);
348 	/* Is it quota file? Do not allow user to mess with it */
349 	if (ext4_is_quota_file(inode))
350 		goto out_unlock;
351 
352 	err = ext4_get_inode_loc(inode, &iloc);
353 	if (err)
354 		goto out_unlock;
355 
356 	raw_inode = ext4_raw_inode(&iloc);
357 	if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
358 		err = ext4_expand_extra_isize(inode,
359 					      EXT4_SB(sb)->s_want_extra_isize,
360 					      &iloc);
361 		if (err)
362 			goto out_unlock;
363 	} else {
364 		brelse(iloc.bh);
365 	}
366 
367 	dquot_initialize(inode);
368 
369 	handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
370 		EXT4_QUOTA_INIT_BLOCKS(sb) +
371 		EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
372 	if (IS_ERR(handle)) {
373 		err = PTR_ERR(handle);
374 		goto out_unlock;
375 	}
376 
377 	err = ext4_reserve_inode_write(handle, inode, &iloc);
378 	if (err)
379 		goto out_stop;
380 
381 	transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
382 	if (!IS_ERR(transfer_to[PRJQUOTA])) {
383 
384 		/* __dquot_transfer() calls back ext4_get_inode_usage() which
385 		 * counts xattr inode references.
386 		 */
387 		down_read(&EXT4_I(inode)->xattr_sem);
388 		err = __dquot_transfer(inode, transfer_to);
389 		up_read(&EXT4_I(inode)->xattr_sem);
390 		dqput(transfer_to[PRJQUOTA]);
391 		if (err)
392 			goto out_dirty;
393 	}
394 
395 	EXT4_I(inode)->i_projid = kprojid;
396 	inode->i_ctime = current_time(inode);
397 out_dirty:
398 	rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
399 	if (!err)
400 		err = rc;
401 out_stop:
402 	ext4_journal_stop(handle);
403 out_unlock:
404 	inode_unlock(inode);
405 	mnt_drop_write_file(filp);
406 	return err;
407 }
408 #else
409 static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
410 {
411 	if (projid != EXT4_DEF_PROJID)
412 		return -EOPNOTSUPP;
413 	return 0;
414 }
415 #endif
416 
417 /* Transfer internal flags to xflags */
418 static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
419 {
420 	__u32 xflags = 0;
421 
422 	if (iflags & EXT4_SYNC_FL)
423 		xflags |= FS_XFLAG_SYNC;
424 	if (iflags & EXT4_IMMUTABLE_FL)
425 		xflags |= FS_XFLAG_IMMUTABLE;
426 	if (iflags & EXT4_APPEND_FL)
427 		xflags |= FS_XFLAG_APPEND;
428 	if (iflags & EXT4_NODUMP_FL)
429 		xflags |= FS_XFLAG_NODUMP;
430 	if (iflags & EXT4_NOATIME_FL)
431 		xflags |= FS_XFLAG_NOATIME;
432 	if (iflags & EXT4_PROJINHERIT_FL)
433 		xflags |= FS_XFLAG_PROJINHERIT;
434 	return xflags;
435 }
436 
437 #define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
438 				  FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
439 				  FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT)
440 
441 /* Transfer xflags flags to internal */
442 static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
443 {
444 	unsigned long iflags = 0;
445 
446 	if (xflags & FS_XFLAG_SYNC)
447 		iflags |= EXT4_SYNC_FL;
448 	if (xflags & FS_XFLAG_IMMUTABLE)
449 		iflags |= EXT4_IMMUTABLE_FL;
450 	if (xflags & FS_XFLAG_APPEND)
451 		iflags |= EXT4_APPEND_FL;
452 	if (xflags & FS_XFLAG_NODUMP)
453 		iflags |= EXT4_NODUMP_FL;
454 	if (xflags & FS_XFLAG_NOATIME)
455 		iflags |= EXT4_NOATIME_FL;
456 	if (xflags & FS_XFLAG_PROJINHERIT)
457 		iflags |= EXT4_PROJINHERIT_FL;
458 
459 	return iflags;
460 }
461 
462 static int ext4_shutdown(struct super_block *sb, unsigned long arg)
463 {
464 	struct ext4_sb_info *sbi = EXT4_SB(sb);
465 	__u32 flags;
466 
467 	if (!capable(CAP_SYS_ADMIN))
468 		return -EPERM;
469 
470 	if (get_user(flags, (__u32 __user *)arg))
471 		return -EFAULT;
472 
473 	if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
474 		return -EINVAL;
475 
476 	if (ext4_forced_shutdown(sbi))
477 		return 0;
478 
479 	ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
480 	trace_ext4_shutdown(sb, flags);
481 
482 	switch (flags) {
483 	case EXT4_GOING_FLAGS_DEFAULT:
484 		freeze_bdev(sb->s_bdev);
485 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
486 		thaw_bdev(sb->s_bdev, sb);
487 		break;
488 	case EXT4_GOING_FLAGS_LOGFLUSH:
489 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
490 		if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
491 			(void) ext4_force_commit(sb);
492 			jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
493 		}
494 		break;
495 	case EXT4_GOING_FLAGS_NOLOGFLUSH:
496 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
497 		if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
498 			jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
499 		break;
500 	default:
501 		return -EINVAL;
502 	}
503 	clear_opt(sb, DISCARD);
504 	return 0;
505 }
506 
507 struct getfsmap_info {
508 	struct super_block	*gi_sb;
509 	struct fsmap_head __user *gi_data;
510 	unsigned int		gi_idx;
511 	__u32			gi_last_flags;
512 };
513 
514 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
515 {
516 	struct getfsmap_info *info = priv;
517 	struct fsmap fm;
518 
519 	trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
520 
521 	info->gi_last_flags = xfm->fmr_flags;
522 	ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
523 	if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
524 			sizeof(struct fsmap)))
525 		return -EFAULT;
526 
527 	return 0;
528 }
529 
530 static int ext4_ioc_getfsmap(struct super_block *sb,
531 			     struct fsmap_head __user *arg)
532 {
533 	struct getfsmap_info info = {0};
534 	struct ext4_fsmap_head xhead = {0};
535 	struct fsmap_head head;
536 	bool aborted = false;
537 	int error;
538 
539 	if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
540 		return -EFAULT;
541 	if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
542 	    memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
543 		       sizeof(head.fmh_keys[0].fmr_reserved)) ||
544 	    memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
545 		       sizeof(head.fmh_keys[1].fmr_reserved)))
546 		return -EINVAL;
547 	/*
548 	 * ext4 doesn't report file extents at all, so the only valid
549 	 * file offsets are the magic ones (all zeroes or all ones).
550 	 */
551 	if (head.fmh_keys[0].fmr_offset ||
552 	    (head.fmh_keys[1].fmr_offset != 0 &&
553 	     head.fmh_keys[1].fmr_offset != -1ULL))
554 		return -EINVAL;
555 
556 	xhead.fmh_iflags = head.fmh_iflags;
557 	xhead.fmh_count = head.fmh_count;
558 	ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
559 	ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
560 
561 	trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
562 	trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
563 
564 	info.gi_sb = sb;
565 	info.gi_data = arg;
566 	error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
567 	if (error == EXT4_QUERY_RANGE_ABORT) {
568 		error = 0;
569 		aborted = true;
570 	} else if (error)
571 		return error;
572 
573 	/* If we didn't abort, set the "last" flag in the last fmx */
574 	if (!aborted && info.gi_idx) {
575 		info.gi_last_flags |= FMR_OF_LAST;
576 		if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
577 				 &info.gi_last_flags,
578 				 sizeof(info.gi_last_flags)))
579 			return -EFAULT;
580 	}
581 
582 	/* copy back header */
583 	head.fmh_entries = xhead.fmh_entries;
584 	head.fmh_oflags = xhead.fmh_oflags;
585 	if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
586 		return -EFAULT;
587 
588 	return 0;
589 }
590 
591 static long ext4_ioctl_group_add(struct file *file,
592 				 struct ext4_new_group_data *input)
593 {
594 	struct super_block *sb = file_inode(file)->i_sb;
595 	int err, err2=0;
596 
597 	err = ext4_resize_begin(sb);
598 	if (err)
599 		return err;
600 
601 	if (ext4_has_feature_bigalloc(sb)) {
602 		ext4_msg(sb, KERN_ERR,
603 			 "Online resizing not supported with bigalloc");
604 		err = -EOPNOTSUPP;
605 		goto group_add_out;
606 	}
607 
608 	err = mnt_want_write_file(file);
609 	if (err)
610 		goto group_add_out;
611 
612 	err = ext4_group_add(sb, input);
613 	if (EXT4_SB(sb)->s_journal) {
614 		jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
615 		err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
616 		jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
617 	}
618 	if (err == 0)
619 		err = err2;
620 	mnt_drop_write_file(file);
621 	if (!err && ext4_has_group_desc_csum(sb) &&
622 	    test_opt(sb, INIT_INODE_TABLE))
623 		err = ext4_register_li_request(sb, input->group);
624 group_add_out:
625 	ext4_resize_end(sb);
626 	return err;
627 }
628 
629 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
630 {
631 	struct inode *inode = file_inode(filp);
632 	struct super_block *sb = inode->i_sb;
633 	struct ext4_inode_info *ei = EXT4_I(inode);
634 	unsigned int flags;
635 
636 	ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
637 
638 	switch (cmd) {
639 	case FS_IOC_GETFSMAP:
640 		return ext4_ioc_getfsmap(sb, (void __user *)arg);
641 	case EXT4_IOC_GETFLAGS:
642 		flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
643 		return put_user(flags, (int __user *) arg);
644 	case EXT4_IOC_SETFLAGS: {
645 		int err;
646 
647 		if (!inode_owner_or_capable(inode))
648 			return -EACCES;
649 
650 		if (get_user(flags, (int __user *) arg))
651 			return -EFAULT;
652 
653 		if (flags & ~EXT4_FL_USER_VISIBLE)
654 			return -EOPNOTSUPP;
655 		/*
656 		 * chattr(1) grabs flags via GETFLAGS, modifies the result and
657 		 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
658 		 * more restrictive than just silently masking off visible but
659 		 * not settable flags as we always did.
660 		 */
661 		flags &= EXT4_FL_USER_MODIFIABLE;
662 		if (ext4_mask_flags(inode->i_mode, flags) != flags)
663 			return -EOPNOTSUPP;
664 
665 		err = mnt_want_write_file(filp);
666 		if (err)
667 			return err;
668 
669 		inode_lock(inode);
670 		err = ext4_ioctl_setflags(inode, flags);
671 		inode_unlock(inode);
672 		mnt_drop_write_file(filp);
673 		return err;
674 	}
675 	case EXT4_IOC_GETVERSION:
676 	case EXT4_IOC_GETVERSION_OLD:
677 		return put_user(inode->i_generation, (int __user *) arg);
678 	case EXT4_IOC_SETVERSION:
679 	case EXT4_IOC_SETVERSION_OLD: {
680 		handle_t *handle;
681 		struct ext4_iloc iloc;
682 		__u32 generation;
683 		int err;
684 
685 		if (!inode_owner_or_capable(inode))
686 			return -EPERM;
687 
688 		if (ext4_has_metadata_csum(inode->i_sb)) {
689 			ext4_warning(sb, "Setting inode version is not "
690 				     "supported with metadata_csum enabled.");
691 			return -ENOTTY;
692 		}
693 
694 		err = mnt_want_write_file(filp);
695 		if (err)
696 			return err;
697 		if (get_user(generation, (int __user *) arg)) {
698 			err = -EFAULT;
699 			goto setversion_out;
700 		}
701 
702 		inode_lock(inode);
703 		handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
704 		if (IS_ERR(handle)) {
705 			err = PTR_ERR(handle);
706 			goto unlock_out;
707 		}
708 		err = ext4_reserve_inode_write(handle, inode, &iloc);
709 		if (err == 0) {
710 			inode->i_ctime = current_time(inode);
711 			inode->i_generation = generation;
712 			err = ext4_mark_iloc_dirty(handle, inode, &iloc);
713 		}
714 		ext4_journal_stop(handle);
715 
716 unlock_out:
717 		inode_unlock(inode);
718 setversion_out:
719 		mnt_drop_write_file(filp);
720 		return err;
721 	}
722 	case EXT4_IOC_GROUP_EXTEND: {
723 		ext4_fsblk_t n_blocks_count;
724 		int err, err2=0;
725 
726 		err = ext4_resize_begin(sb);
727 		if (err)
728 			return err;
729 
730 		if (get_user(n_blocks_count, (__u32 __user *)arg)) {
731 			err = -EFAULT;
732 			goto group_extend_out;
733 		}
734 
735 		if (ext4_has_feature_bigalloc(sb)) {
736 			ext4_msg(sb, KERN_ERR,
737 				 "Online resizing not supported with bigalloc");
738 			err = -EOPNOTSUPP;
739 			goto group_extend_out;
740 		}
741 
742 		err = mnt_want_write_file(filp);
743 		if (err)
744 			goto group_extend_out;
745 
746 		err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
747 		if (EXT4_SB(sb)->s_journal) {
748 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
749 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
750 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
751 		}
752 		if (err == 0)
753 			err = err2;
754 		mnt_drop_write_file(filp);
755 group_extend_out:
756 		ext4_resize_end(sb);
757 		return err;
758 	}
759 
760 	case EXT4_IOC_MOVE_EXT: {
761 		struct move_extent me;
762 		struct fd donor;
763 		int err;
764 
765 		if (!(filp->f_mode & FMODE_READ) ||
766 		    !(filp->f_mode & FMODE_WRITE))
767 			return -EBADF;
768 
769 		if (copy_from_user(&me,
770 			(struct move_extent __user *)arg, sizeof(me)))
771 			return -EFAULT;
772 		me.moved_len = 0;
773 
774 		donor = fdget(me.donor_fd);
775 		if (!donor.file)
776 			return -EBADF;
777 
778 		if (!(donor.file->f_mode & FMODE_WRITE)) {
779 			err = -EBADF;
780 			goto mext_out;
781 		}
782 
783 		if (ext4_has_feature_bigalloc(sb)) {
784 			ext4_msg(sb, KERN_ERR,
785 				 "Online defrag not supported with bigalloc");
786 			err = -EOPNOTSUPP;
787 			goto mext_out;
788 		} else if (IS_DAX(inode)) {
789 			ext4_msg(sb, KERN_ERR,
790 				 "Online defrag not supported with DAX");
791 			err = -EOPNOTSUPP;
792 			goto mext_out;
793 		}
794 
795 		err = mnt_want_write_file(filp);
796 		if (err)
797 			goto mext_out;
798 
799 		err = ext4_move_extents(filp, donor.file, me.orig_start,
800 					me.donor_start, me.len, &me.moved_len);
801 		mnt_drop_write_file(filp);
802 
803 		if (copy_to_user((struct move_extent __user *)arg,
804 				 &me, sizeof(me)))
805 			err = -EFAULT;
806 mext_out:
807 		fdput(donor);
808 		return err;
809 	}
810 
811 	case EXT4_IOC_GROUP_ADD: {
812 		struct ext4_new_group_data input;
813 
814 		if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
815 				sizeof(input)))
816 			return -EFAULT;
817 
818 		return ext4_ioctl_group_add(filp, &input);
819 	}
820 
821 	case EXT4_IOC_MIGRATE:
822 	{
823 		int err;
824 		if (!inode_owner_or_capable(inode))
825 			return -EACCES;
826 
827 		err = mnt_want_write_file(filp);
828 		if (err)
829 			return err;
830 		/*
831 		 * inode_mutex prevent write and truncate on the file.
832 		 * Read still goes through. We take i_data_sem in
833 		 * ext4_ext_swap_inode_data before we switch the
834 		 * inode format to prevent read.
835 		 */
836 		inode_lock((inode));
837 		err = ext4_ext_migrate(inode);
838 		inode_unlock((inode));
839 		mnt_drop_write_file(filp);
840 		return err;
841 	}
842 
843 	case EXT4_IOC_ALLOC_DA_BLKS:
844 	{
845 		int err;
846 		if (!inode_owner_or_capable(inode))
847 			return -EACCES;
848 
849 		err = mnt_want_write_file(filp);
850 		if (err)
851 			return err;
852 		err = ext4_alloc_da_blocks(inode);
853 		mnt_drop_write_file(filp);
854 		return err;
855 	}
856 
857 	case EXT4_IOC_SWAP_BOOT:
858 	{
859 		int err;
860 		if (!(filp->f_mode & FMODE_WRITE))
861 			return -EBADF;
862 		err = mnt_want_write_file(filp);
863 		if (err)
864 			return err;
865 		err = swap_inode_boot_loader(sb, inode);
866 		mnt_drop_write_file(filp);
867 		return err;
868 	}
869 
870 	case EXT4_IOC_RESIZE_FS: {
871 		ext4_fsblk_t n_blocks_count;
872 		int err = 0, err2 = 0;
873 		ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
874 
875 		if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
876 				   sizeof(__u64))) {
877 			return -EFAULT;
878 		}
879 
880 		err = ext4_resize_begin(sb);
881 		if (err)
882 			return err;
883 
884 		err = mnt_want_write_file(filp);
885 		if (err)
886 			goto resizefs_out;
887 
888 		err = ext4_resize_fs(sb, n_blocks_count);
889 		if (EXT4_SB(sb)->s_journal) {
890 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
891 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
892 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
893 		}
894 		if (err == 0)
895 			err = err2;
896 		mnt_drop_write_file(filp);
897 		if (!err && (o_group > EXT4_SB(sb)->s_groups_count) &&
898 		    ext4_has_group_desc_csum(sb) &&
899 		    test_opt(sb, INIT_INODE_TABLE))
900 			err = ext4_register_li_request(sb, o_group);
901 
902 resizefs_out:
903 		ext4_resize_end(sb);
904 		return err;
905 	}
906 
907 	case FITRIM:
908 	{
909 		struct request_queue *q = bdev_get_queue(sb->s_bdev);
910 		struct fstrim_range range;
911 		int ret = 0;
912 
913 		if (!capable(CAP_SYS_ADMIN))
914 			return -EPERM;
915 
916 		if (!blk_queue_discard(q))
917 			return -EOPNOTSUPP;
918 
919 		if (copy_from_user(&range, (struct fstrim_range __user *)arg,
920 		    sizeof(range)))
921 			return -EFAULT;
922 
923 		range.minlen = max((unsigned int)range.minlen,
924 				   q->limits.discard_granularity);
925 		ret = ext4_trim_fs(sb, &range);
926 		if (ret < 0)
927 			return ret;
928 
929 		if (copy_to_user((struct fstrim_range __user *)arg, &range,
930 		    sizeof(range)))
931 			return -EFAULT;
932 
933 		return 0;
934 	}
935 	case EXT4_IOC_PRECACHE_EXTENTS:
936 		return ext4_ext_precache(inode);
937 
938 	case EXT4_IOC_SET_ENCRYPTION_POLICY:
939 		if (!ext4_has_feature_encrypt(sb))
940 			return -EOPNOTSUPP;
941 		return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
942 
943 	case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
944 #ifdef CONFIG_EXT4_FS_ENCRYPTION
945 		int err, err2;
946 		struct ext4_sb_info *sbi = EXT4_SB(sb);
947 		handle_t *handle;
948 
949 		if (!ext4_has_feature_encrypt(sb))
950 			return -EOPNOTSUPP;
951 		if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
952 			err = mnt_want_write_file(filp);
953 			if (err)
954 				return err;
955 			handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
956 			if (IS_ERR(handle)) {
957 				err = PTR_ERR(handle);
958 				goto pwsalt_err_exit;
959 			}
960 			err = ext4_journal_get_write_access(handle, sbi->s_sbh);
961 			if (err)
962 				goto pwsalt_err_journal;
963 			generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
964 			err = ext4_handle_dirty_metadata(handle, NULL,
965 							 sbi->s_sbh);
966 		pwsalt_err_journal:
967 			err2 = ext4_journal_stop(handle);
968 			if (err2 && !err)
969 				err = err2;
970 		pwsalt_err_exit:
971 			mnt_drop_write_file(filp);
972 			if (err)
973 				return err;
974 		}
975 		if (copy_to_user((void __user *) arg,
976 				 sbi->s_es->s_encrypt_pw_salt, 16))
977 			return -EFAULT;
978 		return 0;
979 #else
980 		return -EOPNOTSUPP;
981 #endif
982 	}
983 	case EXT4_IOC_GET_ENCRYPTION_POLICY:
984 		return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
985 
986 	case EXT4_IOC_FSGETXATTR:
987 	{
988 		struct fsxattr fa;
989 
990 		memset(&fa, 0, sizeof(struct fsxattr));
991 		fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE);
992 
993 		if (ext4_has_feature_project(inode->i_sb)) {
994 			fa.fsx_projid = (__u32)from_kprojid(&init_user_ns,
995 				EXT4_I(inode)->i_projid);
996 		}
997 
998 		if (copy_to_user((struct fsxattr __user *)arg,
999 				 &fa, sizeof(fa)))
1000 			return -EFAULT;
1001 		return 0;
1002 	}
1003 	case EXT4_IOC_FSSETXATTR:
1004 	{
1005 		struct fsxattr fa;
1006 		int err;
1007 
1008 		if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1009 				   sizeof(fa)))
1010 			return -EFAULT;
1011 
1012 		/* Make sure caller has proper permission */
1013 		if (!inode_owner_or_capable(inode))
1014 			return -EACCES;
1015 
1016 		if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1017 			return -EOPNOTSUPP;
1018 
1019 		flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1020 		if (ext4_mask_flags(inode->i_mode, flags) != flags)
1021 			return -EOPNOTSUPP;
1022 
1023 		err = mnt_want_write_file(filp);
1024 		if (err)
1025 			return err;
1026 
1027 		inode_lock(inode);
1028 		flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1029 			 (flags & EXT4_FL_XFLAG_VISIBLE);
1030 		err = ext4_ioctl_setflags(inode, flags);
1031 		inode_unlock(inode);
1032 		mnt_drop_write_file(filp);
1033 		if (err)
1034 			return err;
1035 
1036 		err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1037 		if (err)
1038 			return err;
1039 
1040 		return 0;
1041 	}
1042 	case EXT4_IOC_SHUTDOWN:
1043 		return ext4_shutdown(sb, arg);
1044 	default:
1045 		return -ENOTTY;
1046 	}
1047 }
1048 
1049 #ifdef CONFIG_COMPAT
1050 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1051 {
1052 	/* These are just misnamed, they actually get/put from/to user an int */
1053 	switch (cmd) {
1054 	case EXT4_IOC32_GETFLAGS:
1055 		cmd = EXT4_IOC_GETFLAGS;
1056 		break;
1057 	case EXT4_IOC32_SETFLAGS:
1058 		cmd = EXT4_IOC_SETFLAGS;
1059 		break;
1060 	case EXT4_IOC32_GETVERSION:
1061 		cmd = EXT4_IOC_GETVERSION;
1062 		break;
1063 	case EXT4_IOC32_SETVERSION:
1064 		cmd = EXT4_IOC_SETVERSION;
1065 		break;
1066 	case EXT4_IOC32_GROUP_EXTEND:
1067 		cmd = EXT4_IOC_GROUP_EXTEND;
1068 		break;
1069 	case EXT4_IOC32_GETVERSION_OLD:
1070 		cmd = EXT4_IOC_GETVERSION_OLD;
1071 		break;
1072 	case EXT4_IOC32_SETVERSION_OLD:
1073 		cmd = EXT4_IOC_SETVERSION_OLD;
1074 		break;
1075 	case EXT4_IOC32_GETRSVSZ:
1076 		cmd = EXT4_IOC_GETRSVSZ;
1077 		break;
1078 	case EXT4_IOC32_SETRSVSZ:
1079 		cmd = EXT4_IOC_SETRSVSZ;
1080 		break;
1081 	case EXT4_IOC32_GROUP_ADD: {
1082 		struct compat_ext4_new_group_input __user *uinput;
1083 		struct ext4_new_group_data input;
1084 		int err;
1085 
1086 		uinput = compat_ptr(arg);
1087 		err = get_user(input.group, &uinput->group);
1088 		err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1089 		err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1090 		err |= get_user(input.inode_table, &uinput->inode_table);
1091 		err |= get_user(input.blocks_count, &uinput->blocks_count);
1092 		err |= get_user(input.reserved_blocks,
1093 				&uinput->reserved_blocks);
1094 		if (err)
1095 			return -EFAULT;
1096 		return ext4_ioctl_group_add(file, &input);
1097 	}
1098 	case EXT4_IOC_MOVE_EXT:
1099 	case EXT4_IOC_RESIZE_FS:
1100 	case EXT4_IOC_PRECACHE_EXTENTS:
1101 	case EXT4_IOC_SET_ENCRYPTION_POLICY:
1102 	case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1103 	case EXT4_IOC_GET_ENCRYPTION_POLICY:
1104 	case EXT4_IOC_SHUTDOWN:
1105 	case FS_IOC_GETFSMAP:
1106 		break;
1107 	default:
1108 		return -ENOIOCTLCMD;
1109 	}
1110 	return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1111 }
1112 #endif
1113