xref: /openbmc/linux/fs/ext4/ioctl.c (revision 9fb29c73)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * linux/fs/ext4/ioctl.c
4  *
5  * Copyright (C) 1993, 1994, 1995
6  * Remy Card (card@masi.ibp.fr)
7  * Laboratoire MASI - Institut Blaise Pascal
8  * Universite Pierre et Marie Curie (Paris VI)
9  */
10 
11 #include <linux/fs.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <linux/quotaops.h>
18 #include <linux/random.h>
19 #include <linux/uuid.h>
20 #include <linux/uaccess.h>
21 #include <linux/delay.h>
22 #include <linux/iversion.h>
23 #include "ext4_jbd2.h"
24 #include "ext4.h"
25 #include <linux/fsmap.h>
26 #include "fsmap.h"
27 #include <trace/events/ext4.h>
28 
29 /**
30  * Swap memory between @a and @b for @len bytes.
31  *
32  * @a:          pointer to first memory area
33  * @b:          pointer to second memory area
34  * @len:        number of bytes to swap
35  *
36  */
37 static void memswap(void *a, void *b, size_t len)
38 {
39 	unsigned char *ap, *bp;
40 
41 	ap = (unsigned char *)a;
42 	bp = (unsigned char *)b;
43 	while (len-- > 0) {
44 		swap(*ap, *bp);
45 		ap++;
46 		bp++;
47 	}
48 }
49 
50 /**
51  * Swap i_data and associated attributes between @inode1 and @inode2.
52  * This function is used for the primary swap between inode1 and inode2
53  * and also to revert this primary swap in case of errors.
54  *
55  * Therefore you have to make sure, that calling this method twice
56  * will revert all changes.
57  *
58  * @inode1:     pointer to first inode
59  * @inode2:     pointer to second inode
60  */
61 static void swap_inode_data(struct inode *inode1, struct inode *inode2)
62 {
63 	loff_t isize;
64 	struct ext4_inode_info *ei1;
65 	struct ext4_inode_info *ei2;
66 
67 	ei1 = EXT4_I(inode1);
68 	ei2 = EXT4_I(inode2);
69 
70 	swap(inode1->i_version, inode2->i_version);
71 	swap(inode1->i_blocks, inode2->i_blocks);
72 	swap(inode1->i_bytes, inode2->i_bytes);
73 	swap(inode1->i_atime, inode2->i_atime);
74 	swap(inode1->i_mtime, inode2->i_mtime);
75 
76 	memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
77 	swap(ei1->i_flags, ei2->i_flags);
78 	swap(ei1->i_disksize, ei2->i_disksize);
79 	ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
80 	ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
81 
82 	isize = i_size_read(inode1);
83 	i_size_write(inode1, i_size_read(inode2));
84 	i_size_write(inode2, isize);
85 }
86 
87 static void reset_inode_seed(struct inode *inode)
88 {
89 	struct ext4_inode_info *ei = EXT4_I(inode);
90 	struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
91 	__le32 inum = cpu_to_le32(inode->i_ino);
92 	__le32 gen = cpu_to_le32(inode->i_generation);
93 	__u32 csum;
94 
95 	if (!ext4_has_metadata_csum(inode->i_sb))
96 		return;
97 
98 	csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
99 	ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
100 }
101 
102 /**
103  * Swap the information from the given @inode and the inode
104  * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
105  * important fields of the inodes.
106  *
107  * @sb:         the super block of the filesystem
108  * @inode:      the inode to swap with EXT4_BOOT_LOADER_INO
109  *
110  */
111 static long swap_inode_boot_loader(struct super_block *sb,
112 				struct inode *inode)
113 {
114 	handle_t *handle;
115 	int err;
116 	struct inode *inode_bl;
117 	struct ext4_inode_info *ei_bl;
118 
119 	if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
120 	    IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
121 	    ext4_has_inline_data(inode))
122 		return -EINVAL;
123 
124 	if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
125 	    !inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN))
126 		return -EPERM;
127 
128 	inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL);
129 	if (IS_ERR(inode_bl))
130 		return PTR_ERR(inode_bl);
131 	ei_bl = EXT4_I(inode_bl);
132 
133 	filemap_flush(inode->i_mapping);
134 	filemap_flush(inode_bl->i_mapping);
135 
136 	/* Protect orig inodes against a truncate and make sure,
137 	 * that only 1 swap_inode_boot_loader is running. */
138 	lock_two_nondirectories(inode, inode_bl);
139 
140 	/* Wait for all existing dio workers */
141 	inode_dio_wait(inode);
142 	inode_dio_wait(inode_bl);
143 
144 	truncate_inode_pages(&inode->i_data, 0);
145 	truncate_inode_pages(&inode_bl->i_data, 0);
146 
147 	handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
148 	if (IS_ERR(handle)) {
149 		err = -EINVAL;
150 		goto journal_err_out;
151 	}
152 
153 	/* Protect extent tree against block allocations via delalloc */
154 	ext4_double_down_write_data_sem(inode, inode_bl);
155 
156 	if (inode_bl->i_nlink == 0) {
157 		/* this inode has never been used as a BOOT_LOADER */
158 		set_nlink(inode_bl, 1);
159 		i_uid_write(inode_bl, 0);
160 		i_gid_write(inode_bl, 0);
161 		inode_bl->i_flags = 0;
162 		ei_bl->i_flags = 0;
163 		inode_set_iversion(inode_bl, 1);
164 		i_size_write(inode_bl, 0);
165 		inode_bl->i_mode = S_IFREG;
166 		if (ext4_has_feature_extents(sb)) {
167 			ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
168 			ext4_ext_tree_init(handle, inode_bl);
169 		} else
170 			memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
171 	}
172 
173 	swap_inode_data(inode, inode_bl);
174 
175 	inode->i_ctime = inode_bl->i_ctime = current_time(inode);
176 
177 	inode->i_generation = prandom_u32();
178 	inode_bl->i_generation = prandom_u32();
179 	reset_inode_seed(inode);
180 	reset_inode_seed(inode_bl);
181 
182 	ext4_discard_preallocations(inode);
183 
184 	err = ext4_mark_inode_dirty(handle, inode);
185 	if (err < 0) {
186 		ext4_warning(inode->i_sb,
187 			"couldn't mark inode #%lu dirty (err %d)",
188 			inode->i_ino, err);
189 		/* Revert all changes: */
190 		swap_inode_data(inode, inode_bl);
191 		ext4_mark_inode_dirty(handle, inode);
192 	} else {
193 		err = ext4_mark_inode_dirty(handle, inode_bl);
194 		if (err < 0) {
195 			ext4_warning(inode_bl->i_sb,
196 				"couldn't mark inode #%lu dirty (err %d)",
197 				inode_bl->i_ino, err);
198 			/* Revert all changes: */
199 			swap_inode_data(inode, inode_bl);
200 			ext4_mark_inode_dirty(handle, inode);
201 			ext4_mark_inode_dirty(handle, inode_bl);
202 		}
203 	}
204 	ext4_journal_stop(handle);
205 	ext4_double_up_write_data_sem(inode, inode_bl);
206 
207 journal_err_out:
208 	unlock_two_nondirectories(inode, inode_bl);
209 	iput(inode_bl);
210 	return err;
211 }
212 
213 #ifdef CONFIG_EXT4_FS_ENCRYPTION
214 static int uuid_is_zero(__u8 u[16])
215 {
216 	int	i;
217 
218 	for (i = 0; i < 16; i++)
219 		if (u[i])
220 			return 0;
221 	return 1;
222 }
223 #endif
224 
225 static int ext4_ioctl_setflags(struct inode *inode,
226 			       unsigned int flags)
227 {
228 	struct ext4_inode_info *ei = EXT4_I(inode);
229 	handle_t *handle = NULL;
230 	int err = -EPERM, migrate = 0;
231 	struct ext4_iloc iloc;
232 	unsigned int oldflags, mask, i;
233 	unsigned int jflag;
234 
235 	/* Is it quota file? Do not allow user to mess with it */
236 	if (ext4_is_quota_file(inode))
237 		goto flags_out;
238 
239 	oldflags = ei->i_flags;
240 
241 	/* The JOURNAL_DATA flag is modifiable only by root */
242 	jflag = flags & EXT4_JOURNAL_DATA_FL;
243 
244 	/*
245 	 * The IMMUTABLE and APPEND_ONLY flags can only be changed by
246 	 * the relevant capability.
247 	 *
248 	 * This test looks nicer. Thanks to Pauline Middelink
249 	 */
250 	if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
251 		if (!capable(CAP_LINUX_IMMUTABLE))
252 			goto flags_out;
253 	}
254 
255 	/*
256 	 * The JOURNAL_DATA flag can only be changed by
257 	 * the relevant capability.
258 	 */
259 	if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
260 		if (!capable(CAP_SYS_RESOURCE))
261 			goto flags_out;
262 	}
263 	if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
264 		migrate = 1;
265 
266 	if (flags & EXT4_EOFBLOCKS_FL) {
267 		/* we don't support adding EOFBLOCKS flag */
268 		if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
269 			err = -EOPNOTSUPP;
270 			goto flags_out;
271 		}
272 	} else if (oldflags & EXT4_EOFBLOCKS_FL) {
273 		err = ext4_truncate(inode);
274 		if (err)
275 			goto flags_out;
276 	}
277 
278 	handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
279 	if (IS_ERR(handle)) {
280 		err = PTR_ERR(handle);
281 		goto flags_out;
282 	}
283 	if (IS_SYNC(inode))
284 		ext4_handle_sync(handle);
285 	err = ext4_reserve_inode_write(handle, inode, &iloc);
286 	if (err)
287 		goto flags_err;
288 
289 	for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
290 		if (!(mask & EXT4_FL_USER_MODIFIABLE))
291 			continue;
292 		/* These flags get special treatment later */
293 		if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
294 			continue;
295 		if (mask & flags)
296 			ext4_set_inode_flag(inode, i);
297 		else
298 			ext4_clear_inode_flag(inode, i);
299 	}
300 
301 	ext4_set_inode_flags(inode);
302 	inode->i_ctime = current_time(inode);
303 
304 	err = ext4_mark_iloc_dirty(handle, inode, &iloc);
305 flags_err:
306 	ext4_journal_stop(handle);
307 	if (err)
308 		goto flags_out;
309 
310 	if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
311 		/*
312 		 * Changes to the journaling mode can cause unsafe changes to
313 		 * S_DAX if we are using the DAX mount option.
314 		 */
315 		if (test_opt(inode->i_sb, DAX)) {
316 			err = -EBUSY;
317 			goto flags_out;
318 		}
319 
320 		err = ext4_change_inode_journal_flag(inode, jflag);
321 		if (err)
322 			goto flags_out;
323 	}
324 	if (migrate) {
325 		if (flags & EXT4_EXTENTS_FL)
326 			err = ext4_ext_migrate(inode);
327 		else
328 			err = ext4_ind_migrate(inode);
329 	}
330 
331 flags_out:
332 	return err;
333 }
334 
335 #ifdef CONFIG_QUOTA
336 static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
337 {
338 	struct inode *inode = file_inode(filp);
339 	struct super_block *sb = inode->i_sb;
340 	struct ext4_inode_info *ei = EXT4_I(inode);
341 	int err, rc;
342 	handle_t *handle;
343 	kprojid_t kprojid;
344 	struct ext4_iloc iloc;
345 	struct ext4_inode *raw_inode;
346 	struct dquot *transfer_to[MAXQUOTAS] = { };
347 
348 	if (!ext4_has_feature_project(sb)) {
349 		if (projid != EXT4_DEF_PROJID)
350 			return -EOPNOTSUPP;
351 		else
352 			return 0;
353 	}
354 
355 	if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
356 		return -EOPNOTSUPP;
357 
358 	kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
359 
360 	if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
361 		return 0;
362 
363 	err = -EPERM;
364 	/* Is it quota file? Do not allow user to mess with it */
365 	if (ext4_is_quota_file(inode))
366 		return err;
367 
368 	err = ext4_get_inode_loc(inode, &iloc);
369 	if (err)
370 		return err;
371 
372 	raw_inode = ext4_raw_inode(&iloc);
373 	if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
374 		err = ext4_expand_extra_isize(inode,
375 					      EXT4_SB(sb)->s_want_extra_isize,
376 					      &iloc);
377 		if (err)
378 			return err;
379 	} else {
380 		brelse(iloc.bh);
381 	}
382 
383 	err = dquot_initialize(inode);
384 	if (err)
385 		return err;
386 
387 	handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
388 		EXT4_QUOTA_INIT_BLOCKS(sb) +
389 		EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
390 	if (IS_ERR(handle))
391 		return PTR_ERR(handle);
392 
393 	err = ext4_reserve_inode_write(handle, inode, &iloc);
394 	if (err)
395 		goto out_stop;
396 
397 	transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
398 	if (!IS_ERR(transfer_to[PRJQUOTA])) {
399 
400 		/* __dquot_transfer() calls back ext4_get_inode_usage() which
401 		 * counts xattr inode references.
402 		 */
403 		down_read(&EXT4_I(inode)->xattr_sem);
404 		err = __dquot_transfer(inode, transfer_to);
405 		up_read(&EXT4_I(inode)->xattr_sem);
406 		dqput(transfer_to[PRJQUOTA]);
407 		if (err)
408 			goto out_dirty;
409 	}
410 
411 	EXT4_I(inode)->i_projid = kprojid;
412 	inode->i_ctime = current_time(inode);
413 out_dirty:
414 	rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
415 	if (!err)
416 		err = rc;
417 out_stop:
418 	ext4_journal_stop(handle);
419 	return err;
420 }
421 #else
422 static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
423 {
424 	if (projid != EXT4_DEF_PROJID)
425 		return -EOPNOTSUPP;
426 	return 0;
427 }
428 #endif
429 
430 /* Transfer internal flags to xflags */
431 static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
432 {
433 	__u32 xflags = 0;
434 
435 	if (iflags & EXT4_SYNC_FL)
436 		xflags |= FS_XFLAG_SYNC;
437 	if (iflags & EXT4_IMMUTABLE_FL)
438 		xflags |= FS_XFLAG_IMMUTABLE;
439 	if (iflags & EXT4_APPEND_FL)
440 		xflags |= FS_XFLAG_APPEND;
441 	if (iflags & EXT4_NODUMP_FL)
442 		xflags |= FS_XFLAG_NODUMP;
443 	if (iflags & EXT4_NOATIME_FL)
444 		xflags |= FS_XFLAG_NOATIME;
445 	if (iflags & EXT4_PROJINHERIT_FL)
446 		xflags |= FS_XFLAG_PROJINHERIT;
447 	return xflags;
448 }
449 
450 #define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
451 				  FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
452 				  FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT)
453 
454 /* Transfer xflags flags to internal */
455 static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
456 {
457 	unsigned long iflags = 0;
458 
459 	if (xflags & FS_XFLAG_SYNC)
460 		iflags |= EXT4_SYNC_FL;
461 	if (xflags & FS_XFLAG_IMMUTABLE)
462 		iflags |= EXT4_IMMUTABLE_FL;
463 	if (xflags & FS_XFLAG_APPEND)
464 		iflags |= EXT4_APPEND_FL;
465 	if (xflags & FS_XFLAG_NODUMP)
466 		iflags |= EXT4_NODUMP_FL;
467 	if (xflags & FS_XFLAG_NOATIME)
468 		iflags |= EXT4_NOATIME_FL;
469 	if (xflags & FS_XFLAG_PROJINHERIT)
470 		iflags |= EXT4_PROJINHERIT_FL;
471 
472 	return iflags;
473 }
474 
475 static int ext4_shutdown(struct super_block *sb, unsigned long arg)
476 {
477 	struct ext4_sb_info *sbi = EXT4_SB(sb);
478 	__u32 flags;
479 
480 	if (!capable(CAP_SYS_ADMIN))
481 		return -EPERM;
482 
483 	if (get_user(flags, (__u32 __user *)arg))
484 		return -EFAULT;
485 
486 	if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
487 		return -EINVAL;
488 
489 	if (ext4_forced_shutdown(sbi))
490 		return 0;
491 
492 	ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
493 	trace_ext4_shutdown(sb, flags);
494 
495 	switch (flags) {
496 	case EXT4_GOING_FLAGS_DEFAULT:
497 		freeze_bdev(sb->s_bdev);
498 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
499 		thaw_bdev(sb->s_bdev, sb);
500 		break;
501 	case EXT4_GOING_FLAGS_LOGFLUSH:
502 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
503 		if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
504 			(void) ext4_force_commit(sb);
505 			jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
506 		}
507 		break;
508 	case EXT4_GOING_FLAGS_NOLOGFLUSH:
509 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
510 		if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
511 			jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
512 		break;
513 	default:
514 		return -EINVAL;
515 	}
516 	clear_opt(sb, DISCARD);
517 	return 0;
518 }
519 
520 struct getfsmap_info {
521 	struct super_block	*gi_sb;
522 	struct fsmap_head __user *gi_data;
523 	unsigned int		gi_idx;
524 	__u32			gi_last_flags;
525 };
526 
527 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
528 {
529 	struct getfsmap_info *info = priv;
530 	struct fsmap fm;
531 
532 	trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
533 
534 	info->gi_last_flags = xfm->fmr_flags;
535 	ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
536 	if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
537 			sizeof(struct fsmap)))
538 		return -EFAULT;
539 
540 	return 0;
541 }
542 
543 static int ext4_ioc_getfsmap(struct super_block *sb,
544 			     struct fsmap_head __user *arg)
545 {
546 	struct getfsmap_info info = {0};
547 	struct ext4_fsmap_head xhead = {0};
548 	struct fsmap_head head;
549 	bool aborted = false;
550 	int error;
551 
552 	if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
553 		return -EFAULT;
554 	if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
555 	    memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
556 		       sizeof(head.fmh_keys[0].fmr_reserved)) ||
557 	    memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
558 		       sizeof(head.fmh_keys[1].fmr_reserved)))
559 		return -EINVAL;
560 	/*
561 	 * ext4 doesn't report file extents at all, so the only valid
562 	 * file offsets are the magic ones (all zeroes or all ones).
563 	 */
564 	if (head.fmh_keys[0].fmr_offset ||
565 	    (head.fmh_keys[1].fmr_offset != 0 &&
566 	     head.fmh_keys[1].fmr_offset != -1ULL))
567 		return -EINVAL;
568 
569 	xhead.fmh_iflags = head.fmh_iflags;
570 	xhead.fmh_count = head.fmh_count;
571 	ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
572 	ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
573 
574 	trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
575 	trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
576 
577 	info.gi_sb = sb;
578 	info.gi_data = arg;
579 	error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
580 	if (error == EXT4_QUERY_RANGE_ABORT) {
581 		error = 0;
582 		aborted = true;
583 	} else if (error)
584 		return error;
585 
586 	/* If we didn't abort, set the "last" flag in the last fmx */
587 	if (!aborted && info.gi_idx) {
588 		info.gi_last_flags |= FMR_OF_LAST;
589 		if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
590 				 &info.gi_last_flags,
591 				 sizeof(info.gi_last_flags)))
592 			return -EFAULT;
593 	}
594 
595 	/* copy back header */
596 	head.fmh_entries = xhead.fmh_entries;
597 	head.fmh_oflags = xhead.fmh_oflags;
598 	if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
599 		return -EFAULT;
600 
601 	return 0;
602 }
603 
604 static long ext4_ioctl_group_add(struct file *file,
605 				 struct ext4_new_group_data *input)
606 {
607 	struct super_block *sb = file_inode(file)->i_sb;
608 	int err, err2=0;
609 
610 	err = ext4_resize_begin(sb);
611 	if (err)
612 		return err;
613 
614 	if (ext4_has_feature_bigalloc(sb)) {
615 		ext4_msg(sb, KERN_ERR,
616 			 "Online resizing not supported with bigalloc");
617 		err = -EOPNOTSUPP;
618 		goto group_add_out;
619 	}
620 
621 	err = mnt_want_write_file(file);
622 	if (err)
623 		goto group_add_out;
624 
625 	err = ext4_group_add(sb, input);
626 	if (EXT4_SB(sb)->s_journal) {
627 		jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
628 		err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
629 		jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
630 	}
631 	if (err == 0)
632 		err = err2;
633 	mnt_drop_write_file(file);
634 	if (!err && ext4_has_group_desc_csum(sb) &&
635 	    test_opt(sb, INIT_INODE_TABLE))
636 		err = ext4_register_li_request(sb, input->group);
637 group_add_out:
638 	ext4_resize_end(sb);
639 	return err;
640 }
641 
642 static int ext4_ioctl_check_project(struct inode *inode, struct fsxattr *fa)
643 {
644 	/*
645 	 * Project Quota ID state is only allowed to change from within the init
646 	 * namespace. Enforce that restriction only if we are trying to change
647 	 * the quota ID state. Everything else is allowed in user namespaces.
648 	 */
649 	if (current_user_ns() == &init_user_ns)
650 		return 0;
651 
652 	if (__kprojid_val(EXT4_I(inode)->i_projid) != fa->fsx_projid)
653 		return -EINVAL;
654 
655 	if (ext4_test_inode_flag(inode, EXT4_INODE_PROJINHERIT)) {
656 		if (!(fa->fsx_xflags & FS_XFLAG_PROJINHERIT))
657 			return -EINVAL;
658 	} else {
659 		if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT)
660 			return -EINVAL;
661 	}
662 
663 	return 0;
664 }
665 
666 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
667 {
668 	struct inode *inode = file_inode(filp);
669 	struct super_block *sb = inode->i_sb;
670 	struct ext4_inode_info *ei = EXT4_I(inode);
671 	unsigned int flags;
672 
673 	ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
674 
675 	switch (cmd) {
676 	case FS_IOC_GETFSMAP:
677 		return ext4_ioc_getfsmap(sb, (void __user *)arg);
678 	case EXT4_IOC_GETFLAGS:
679 		flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
680 		return put_user(flags, (int __user *) arg);
681 	case EXT4_IOC_SETFLAGS: {
682 		int err;
683 
684 		if (!inode_owner_or_capable(inode))
685 			return -EACCES;
686 
687 		if (get_user(flags, (int __user *) arg))
688 			return -EFAULT;
689 
690 		if (flags & ~EXT4_FL_USER_VISIBLE)
691 			return -EOPNOTSUPP;
692 		/*
693 		 * chattr(1) grabs flags via GETFLAGS, modifies the result and
694 		 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
695 		 * more restrictive than just silently masking off visible but
696 		 * not settable flags as we always did.
697 		 */
698 		flags &= EXT4_FL_USER_MODIFIABLE;
699 		if (ext4_mask_flags(inode->i_mode, flags) != flags)
700 			return -EOPNOTSUPP;
701 
702 		err = mnt_want_write_file(filp);
703 		if (err)
704 			return err;
705 
706 		inode_lock(inode);
707 		err = ext4_ioctl_setflags(inode, flags);
708 		inode_unlock(inode);
709 		mnt_drop_write_file(filp);
710 		return err;
711 	}
712 	case EXT4_IOC_GETVERSION:
713 	case EXT4_IOC_GETVERSION_OLD:
714 		return put_user(inode->i_generation, (int __user *) arg);
715 	case EXT4_IOC_SETVERSION:
716 	case EXT4_IOC_SETVERSION_OLD: {
717 		handle_t *handle;
718 		struct ext4_iloc iloc;
719 		__u32 generation;
720 		int err;
721 
722 		if (!inode_owner_or_capable(inode))
723 			return -EPERM;
724 
725 		if (ext4_has_metadata_csum(inode->i_sb)) {
726 			ext4_warning(sb, "Setting inode version is not "
727 				     "supported with metadata_csum enabled.");
728 			return -ENOTTY;
729 		}
730 
731 		err = mnt_want_write_file(filp);
732 		if (err)
733 			return err;
734 		if (get_user(generation, (int __user *) arg)) {
735 			err = -EFAULT;
736 			goto setversion_out;
737 		}
738 
739 		inode_lock(inode);
740 		handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
741 		if (IS_ERR(handle)) {
742 			err = PTR_ERR(handle);
743 			goto unlock_out;
744 		}
745 		err = ext4_reserve_inode_write(handle, inode, &iloc);
746 		if (err == 0) {
747 			inode->i_ctime = current_time(inode);
748 			inode->i_generation = generation;
749 			err = ext4_mark_iloc_dirty(handle, inode, &iloc);
750 		}
751 		ext4_journal_stop(handle);
752 
753 unlock_out:
754 		inode_unlock(inode);
755 setversion_out:
756 		mnt_drop_write_file(filp);
757 		return err;
758 	}
759 	case EXT4_IOC_GROUP_EXTEND: {
760 		ext4_fsblk_t n_blocks_count;
761 		int err, err2=0;
762 
763 		err = ext4_resize_begin(sb);
764 		if (err)
765 			return err;
766 
767 		if (get_user(n_blocks_count, (__u32 __user *)arg)) {
768 			err = -EFAULT;
769 			goto group_extend_out;
770 		}
771 
772 		if (ext4_has_feature_bigalloc(sb)) {
773 			ext4_msg(sb, KERN_ERR,
774 				 "Online resizing not supported with bigalloc");
775 			err = -EOPNOTSUPP;
776 			goto group_extend_out;
777 		}
778 
779 		err = mnt_want_write_file(filp);
780 		if (err)
781 			goto group_extend_out;
782 
783 		err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
784 		if (EXT4_SB(sb)->s_journal) {
785 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
786 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
787 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
788 		}
789 		if (err == 0)
790 			err = err2;
791 		mnt_drop_write_file(filp);
792 group_extend_out:
793 		ext4_resize_end(sb);
794 		return err;
795 	}
796 
797 	case EXT4_IOC_MOVE_EXT: {
798 		struct move_extent me;
799 		struct fd donor;
800 		int err;
801 
802 		if (!(filp->f_mode & FMODE_READ) ||
803 		    !(filp->f_mode & FMODE_WRITE))
804 			return -EBADF;
805 
806 		if (copy_from_user(&me,
807 			(struct move_extent __user *)arg, sizeof(me)))
808 			return -EFAULT;
809 		me.moved_len = 0;
810 
811 		donor = fdget(me.donor_fd);
812 		if (!donor.file)
813 			return -EBADF;
814 
815 		if (!(donor.file->f_mode & FMODE_WRITE)) {
816 			err = -EBADF;
817 			goto mext_out;
818 		}
819 
820 		if (ext4_has_feature_bigalloc(sb)) {
821 			ext4_msg(sb, KERN_ERR,
822 				 "Online defrag not supported with bigalloc");
823 			err = -EOPNOTSUPP;
824 			goto mext_out;
825 		} else if (IS_DAX(inode)) {
826 			ext4_msg(sb, KERN_ERR,
827 				 "Online defrag not supported with DAX");
828 			err = -EOPNOTSUPP;
829 			goto mext_out;
830 		}
831 
832 		err = mnt_want_write_file(filp);
833 		if (err)
834 			goto mext_out;
835 
836 		err = ext4_move_extents(filp, donor.file, me.orig_start,
837 					me.donor_start, me.len, &me.moved_len);
838 		mnt_drop_write_file(filp);
839 
840 		if (copy_to_user((struct move_extent __user *)arg,
841 				 &me, sizeof(me)))
842 			err = -EFAULT;
843 mext_out:
844 		fdput(donor);
845 		return err;
846 	}
847 
848 	case EXT4_IOC_GROUP_ADD: {
849 		struct ext4_new_group_data input;
850 
851 		if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
852 				sizeof(input)))
853 			return -EFAULT;
854 
855 		return ext4_ioctl_group_add(filp, &input);
856 	}
857 
858 	case EXT4_IOC_MIGRATE:
859 	{
860 		int err;
861 		if (!inode_owner_or_capable(inode))
862 			return -EACCES;
863 
864 		err = mnt_want_write_file(filp);
865 		if (err)
866 			return err;
867 		/*
868 		 * inode_mutex prevent write and truncate on the file.
869 		 * Read still goes through. We take i_data_sem in
870 		 * ext4_ext_swap_inode_data before we switch the
871 		 * inode format to prevent read.
872 		 */
873 		inode_lock((inode));
874 		err = ext4_ext_migrate(inode);
875 		inode_unlock((inode));
876 		mnt_drop_write_file(filp);
877 		return err;
878 	}
879 
880 	case EXT4_IOC_ALLOC_DA_BLKS:
881 	{
882 		int err;
883 		if (!inode_owner_or_capable(inode))
884 			return -EACCES;
885 
886 		err = mnt_want_write_file(filp);
887 		if (err)
888 			return err;
889 		err = ext4_alloc_da_blocks(inode);
890 		mnt_drop_write_file(filp);
891 		return err;
892 	}
893 
894 	case EXT4_IOC_SWAP_BOOT:
895 	{
896 		int err;
897 		if (!(filp->f_mode & FMODE_WRITE))
898 			return -EBADF;
899 		err = mnt_want_write_file(filp);
900 		if (err)
901 			return err;
902 		err = swap_inode_boot_loader(sb, inode);
903 		mnt_drop_write_file(filp);
904 		return err;
905 	}
906 
907 	case EXT4_IOC_RESIZE_FS: {
908 		ext4_fsblk_t n_blocks_count;
909 		int err = 0, err2 = 0;
910 		ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
911 
912 		if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
913 				   sizeof(__u64))) {
914 			return -EFAULT;
915 		}
916 
917 		err = ext4_resize_begin(sb);
918 		if (err)
919 			return err;
920 
921 		err = mnt_want_write_file(filp);
922 		if (err)
923 			goto resizefs_out;
924 
925 		err = ext4_resize_fs(sb, n_blocks_count);
926 		if (EXT4_SB(sb)->s_journal) {
927 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
928 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
929 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
930 		}
931 		if (err == 0)
932 			err = err2;
933 		mnt_drop_write_file(filp);
934 		if (!err && (o_group > EXT4_SB(sb)->s_groups_count) &&
935 		    ext4_has_group_desc_csum(sb) &&
936 		    test_opt(sb, INIT_INODE_TABLE))
937 			err = ext4_register_li_request(sb, o_group);
938 
939 resizefs_out:
940 		ext4_resize_end(sb);
941 		return err;
942 	}
943 
944 	case FITRIM:
945 	{
946 		struct request_queue *q = bdev_get_queue(sb->s_bdev);
947 		struct fstrim_range range;
948 		int ret = 0;
949 
950 		if (!capable(CAP_SYS_ADMIN))
951 			return -EPERM;
952 
953 		if (!blk_queue_discard(q))
954 			return -EOPNOTSUPP;
955 
956 		if (copy_from_user(&range, (struct fstrim_range __user *)arg,
957 		    sizeof(range)))
958 			return -EFAULT;
959 
960 		range.minlen = max((unsigned int)range.minlen,
961 				   q->limits.discard_granularity);
962 		ret = ext4_trim_fs(sb, &range);
963 		if (ret < 0)
964 			return ret;
965 
966 		if (copy_to_user((struct fstrim_range __user *)arg, &range,
967 		    sizeof(range)))
968 			return -EFAULT;
969 
970 		return 0;
971 	}
972 	case EXT4_IOC_PRECACHE_EXTENTS:
973 		return ext4_ext_precache(inode);
974 
975 	case EXT4_IOC_SET_ENCRYPTION_POLICY:
976 		if (!ext4_has_feature_encrypt(sb))
977 			return -EOPNOTSUPP;
978 		return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
979 
980 	case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
981 #ifdef CONFIG_EXT4_FS_ENCRYPTION
982 		int err, err2;
983 		struct ext4_sb_info *sbi = EXT4_SB(sb);
984 		handle_t *handle;
985 
986 		if (!ext4_has_feature_encrypt(sb))
987 			return -EOPNOTSUPP;
988 		if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
989 			err = mnt_want_write_file(filp);
990 			if (err)
991 				return err;
992 			handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
993 			if (IS_ERR(handle)) {
994 				err = PTR_ERR(handle);
995 				goto pwsalt_err_exit;
996 			}
997 			err = ext4_journal_get_write_access(handle, sbi->s_sbh);
998 			if (err)
999 				goto pwsalt_err_journal;
1000 			generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
1001 			err = ext4_handle_dirty_metadata(handle, NULL,
1002 							 sbi->s_sbh);
1003 		pwsalt_err_journal:
1004 			err2 = ext4_journal_stop(handle);
1005 			if (err2 && !err)
1006 				err = err2;
1007 		pwsalt_err_exit:
1008 			mnt_drop_write_file(filp);
1009 			if (err)
1010 				return err;
1011 		}
1012 		if (copy_to_user((void __user *) arg,
1013 				 sbi->s_es->s_encrypt_pw_salt, 16))
1014 			return -EFAULT;
1015 		return 0;
1016 #else
1017 		return -EOPNOTSUPP;
1018 #endif
1019 	}
1020 	case EXT4_IOC_GET_ENCRYPTION_POLICY:
1021 		return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1022 
1023 	case EXT4_IOC_FSGETXATTR:
1024 	{
1025 		struct fsxattr fa;
1026 
1027 		memset(&fa, 0, sizeof(struct fsxattr));
1028 		fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE);
1029 
1030 		if (ext4_has_feature_project(inode->i_sb)) {
1031 			fa.fsx_projid = (__u32)from_kprojid(&init_user_ns,
1032 				EXT4_I(inode)->i_projid);
1033 		}
1034 
1035 		if (copy_to_user((struct fsxattr __user *)arg,
1036 				 &fa, sizeof(fa)))
1037 			return -EFAULT;
1038 		return 0;
1039 	}
1040 	case EXT4_IOC_FSSETXATTR:
1041 	{
1042 		struct fsxattr fa;
1043 		int err;
1044 
1045 		if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1046 				   sizeof(fa)))
1047 			return -EFAULT;
1048 
1049 		/* Make sure caller has proper permission */
1050 		if (!inode_owner_or_capable(inode))
1051 			return -EACCES;
1052 
1053 		if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1054 			return -EOPNOTSUPP;
1055 
1056 		flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1057 		if (ext4_mask_flags(inode->i_mode, flags) != flags)
1058 			return -EOPNOTSUPP;
1059 
1060 		err = mnt_want_write_file(filp);
1061 		if (err)
1062 			return err;
1063 
1064 		inode_lock(inode);
1065 		err = ext4_ioctl_check_project(inode, &fa);
1066 		if (err)
1067 			goto out;
1068 		flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1069 			 (flags & EXT4_FL_XFLAG_VISIBLE);
1070 		err = ext4_ioctl_setflags(inode, flags);
1071 		if (err)
1072 			goto out;
1073 		err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1074 out:
1075 		inode_unlock(inode);
1076 		mnt_drop_write_file(filp);
1077 		return err;
1078 	}
1079 	case EXT4_IOC_SHUTDOWN:
1080 		return ext4_shutdown(sb, arg);
1081 	default:
1082 		return -ENOTTY;
1083 	}
1084 }
1085 
1086 #ifdef CONFIG_COMPAT
1087 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1088 {
1089 	/* These are just misnamed, they actually get/put from/to user an int */
1090 	switch (cmd) {
1091 	case EXT4_IOC32_GETFLAGS:
1092 		cmd = EXT4_IOC_GETFLAGS;
1093 		break;
1094 	case EXT4_IOC32_SETFLAGS:
1095 		cmd = EXT4_IOC_SETFLAGS;
1096 		break;
1097 	case EXT4_IOC32_GETVERSION:
1098 		cmd = EXT4_IOC_GETVERSION;
1099 		break;
1100 	case EXT4_IOC32_SETVERSION:
1101 		cmd = EXT4_IOC_SETVERSION;
1102 		break;
1103 	case EXT4_IOC32_GROUP_EXTEND:
1104 		cmd = EXT4_IOC_GROUP_EXTEND;
1105 		break;
1106 	case EXT4_IOC32_GETVERSION_OLD:
1107 		cmd = EXT4_IOC_GETVERSION_OLD;
1108 		break;
1109 	case EXT4_IOC32_SETVERSION_OLD:
1110 		cmd = EXT4_IOC_SETVERSION_OLD;
1111 		break;
1112 	case EXT4_IOC32_GETRSVSZ:
1113 		cmd = EXT4_IOC_GETRSVSZ;
1114 		break;
1115 	case EXT4_IOC32_SETRSVSZ:
1116 		cmd = EXT4_IOC_SETRSVSZ;
1117 		break;
1118 	case EXT4_IOC32_GROUP_ADD: {
1119 		struct compat_ext4_new_group_input __user *uinput;
1120 		struct ext4_new_group_data input;
1121 		int err;
1122 
1123 		uinput = compat_ptr(arg);
1124 		err = get_user(input.group, &uinput->group);
1125 		err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1126 		err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1127 		err |= get_user(input.inode_table, &uinput->inode_table);
1128 		err |= get_user(input.blocks_count, &uinput->blocks_count);
1129 		err |= get_user(input.reserved_blocks,
1130 				&uinput->reserved_blocks);
1131 		if (err)
1132 			return -EFAULT;
1133 		return ext4_ioctl_group_add(file, &input);
1134 	}
1135 	case EXT4_IOC_MOVE_EXT:
1136 	case EXT4_IOC_RESIZE_FS:
1137 	case EXT4_IOC_PRECACHE_EXTENTS:
1138 	case EXT4_IOC_SET_ENCRYPTION_POLICY:
1139 	case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1140 	case EXT4_IOC_GET_ENCRYPTION_POLICY:
1141 	case EXT4_IOC_SHUTDOWN:
1142 	case FS_IOC_GETFSMAP:
1143 		break;
1144 	default:
1145 		return -ENOIOCTLCMD;
1146 	}
1147 	return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1148 }
1149 #endif
1150