1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * linux/fs/ext4/ioctl.c 4 * 5 * Copyright (C) 1993, 1994, 1995 6 * Remy Card (card@masi.ibp.fr) 7 * Laboratoire MASI - Institut Blaise Pascal 8 * Universite Pierre et Marie Curie (Paris VI) 9 */ 10 11 #include <linux/fs.h> 12 #include <linux/capability.h> 13 #include <linux/time.h> 14 #include <linux/compat.h> 15 #include <linux/mount.h> 16 #include <linux/file.h> 17 #include <linux/quotaops.h> 18 #include <linux/random.h> 19 #include <linux/uuid.h> 20 #include <linux/uaccess.h> 21 #include <linux/delay.h> 22 #include <linux/iversion.h> 23 #include "ext4_jbd2.h" 24 #include "ext4.h" 25 #include <linux/fsmap.h> 26 #include "fsmap.h" 27 #include <trace/events/ext4.h> 28 29 /** 30 * Swap memory between @a and @b for @len bytes. 31 * 32 * @a: pointer to first memory area 33 * @b: pointer to second memory area 34 * @len: number of bytes to swap 35 * 36 */ 37 static void memswap(void *a, void *b, size_t len) 38 { 39 unsigned char *ap, *bp; 40 41 ap = (unsigned char *)a; 42 bp = (unsigned char *)b; 43 while (len-- > 0) { 44 swap(*ap, *bp); 45 ap++; 46 bp++; 47 } 48 } 49 50 /** 51 * Swap i_data and associated attributes between @inode1 and @inode2. 52 * This function is used for the primary swap between inode1 and inode2 53 * and also to revert this primary swap in case of errors. 54 * 55 * Therefore you have to make sure, that calling this method twice 56 * will revert all changes. 57 * 58 * @inode1: pointer to first inode 59 * @inode2: pointer to second inode 60 */ 61 static void swap_inode_data(struct inode *inode1, struct inode *inode2) 62 { 63 loff_t isize; 64 struct ext4_inode_info *ei1; 65 struct ext4_inode_info *ei2; 66 67 ei1 = EXT4_I(inode1); 68 ei2 = EXT4_I(inode2); 69 70 swap(inode1->i_version, inode2->i_version); 71 swap(inode1->i_blocks, inode2->i_blocks); 72 swap(inode1->i_bytes, inode2->i_bytes); 73 swap(inode1->i_atime, inode2->i_atime); 74 swap(inode1->i_mtime, inode2->i_mtime); 75 76 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data)); 77 swap(ei1->i_flags, ei2->i_flags); 78 swap(ei1->i_disksize, ei2->i_disksize); 79 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS); 80 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS); 81 82 isize = i_size_read(inode1); 83 i_size_write(inode1, i_size_read(inode2)); 84 i_size_write(inode2, isize); 85 } 86 87 static void reset_inode_seed(struct inode *inode) 88 { 89 struct ext4_inode_info *ei = EXT4_I(inode); 90 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); 91 __le32 inum = cpu_to_le32(inode->i_ino); 92 __le32 gen = cpu_to_le32(inode->i_generation); 93 __u32 csum; 94 95 if (!ext4_has_metadata_csum(inode->i_sb)) 96 return; 97 98 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum)); 99 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen)); 100 } 101 102 /** 103 * Swap the information from the given @inode and the inode 104 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other 105 * important fields of the inodes. 106 * 107 * @sb: the super block of the filesystem 108 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO 109 * 110 */ 111 static long swap_inode_boot_loader(struct super_block *sb, 112 struct inode *inode) 113 { 114 handle_t *handle; 115 int err; 116 struct inode *inode_bl; 117 struct ext4_inode_info *ei_bl; 118 119 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) || 120 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) || 121 ext4_has_inline_data(inode)) 122 return -EINVAL; 123 124 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) || 125 !inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) 126 return -EPERM; 127 128 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL); 129 if (IS_ERR(inode_bl)) 130 return PTR_ERR(inode_bl); 131 ei_bl = EXT4_I(inode_bl); 132 133 filemap_flush(inode->i_mapping); 134 filemap_flush(inode_bl->i_mapping); 135 136 /* Protect orig inodes against a truncate and make sure, 137 * that only 1 swap_inode_boot_loader is running. */ 138 lock_two_nondirectories(inode, inode_bl); 139 140 /* Wait for all existing dio workers */ 141 inode_dio_wait(inode); 142 inode_dio_wait(inode_bl); 143 144 truncate_inode_pages(&inode->i_data, 0); 145 truncate_inode_pages(&inode_bl->i_data, 0); 146 147 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2); 148 if (IS_ERR(handle)) { 149 err = -EINVAL; 150 goto journal_err_out; 151 } 152 153 /* Protect extent tree against block allocations via delalloc */ 154 ext4_double_down_write_data_sem(inode, inode_bl); 155 156 if (inode_bl->i_nlink == 0) { 157 /* this inode has never been used as a BOOT_LOADER */ 158 set_nlink(inode_bl, 1); 159 i_uid_write(inode_bl, 0); 160 i_gid_write(inode_bl, 0); 161 inode_bl->i_flags = 0; 162 ei_bl->i_flags = 0; 163 inode_set_iversion(inode_bl, 1); 164 i_size_write(inode_bl, 0); 165 inode_bl->i_mode = S_IFREG; 166 if (ext4_has_feature_extents(sb)) { 167 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS); 168 ext4_ext_tree_init(handle, inode_bl); 169 } else 170 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data)); 171 } 172 173 swap_inode_data(inode, inode_bl); 174 175 inode->i_ctime = inode_bl->i_ctime = current_time(inode); 176 177 inode->i_generation = prandom_u32(); 178 inode_bl->i_generation = prandom_u32(); 179 reset_inode_seed(inode); 180 reset_inode_seed(inode_bl); 181 182 ext4_discard_preallocations(inode); 183 184 err = ext4_mark_inode_dirty(handle, inode); 185 if (err < 0) { 186 ext4_warning(inode->i_sb, 187 "couldn't mark inode #%lu dirty (err %d)", 188 inode->i_ino, err); 189 /* Revert all changes: */ 190 swap_inode_data(inode, inode_bl); 191 ext4_mark_inode_dirty(handle, inode); 192 } else { 193 err = ext4_mark_inode_dirty(handle, inode_bl); 194 if (err < 0) { 195 ext4_warning(inode_bl->i_sb, 196 "couldn't mark inode #%lu dirty (err %d)", 197 inode_bl->i_ino, err); 198 /* Revert all changes: */ 199 swap_inode_data(inode, inode_bl); 200 ext4_mark_inode_dirty(handle, inode); 201 ext4_mark_inode_dirty(handle, inode_bl); 202 } 203 } 204 ext4_journal_stop(handle); 205 ext4_double_up_write_data_sem(inode, inode_bl); 206 207 journal_err_out: 208 unlock_two_nondirectories(inode, inode_bl); 209 iput(inode_bl); 210 return err; 211 } 212 213 #ifdef CONFIG_EXT4_FS_ENCRYPTION 214 static int uuid_is_zero(__u8 u[16]) 215 { 216 int i; 217 218 for (i = 0; i < 16; i++) 219 if (u[i]) 220 return 0; 221 return 1; 222 } 223 #endif 224 225 static int ext4_ioctl_setflags(struct inode *inode, 226 unsigned int flags) 227 { 228 struct ext4_inode_info *ei = EXT4_I(inode); 229 handle_t *handle = NULL; 230 int err = -EPERM, migrate = 0; 231 struct ext4_iloc iloc; 232 unsigned int oldflags, mask, i; 233 unsigned int jflag; 234 235 /* Is it quota file? Do not allow user to mess with it */ 236 if (ext4_is_quota_file(inode)) 237 goto flags_out; 238 239 oldflags = ei->i_flags; 240 241 /* The JOURNAL_DATA flag is modifiable only by root */ 242 jflag = flags & EXT4_JOURNAL_DATA_FL; 243 244 /* 245 * The IMMUTABLE and APPEND_ONLY flags can only be changed by 246 * the relevant capability. 247 * 248 * This test looks nicer. Thanks to Pauline Middelink 249 */ 250 if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) { 251 if (!capable(CAP_LINUX_IMMUTABLE)) 252 goto flags_out; 253 } 254 255 /* 256 * The JOURNAL_DATA flag can only be changed by 257 * the relevant capability. 258 */ 259 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 260 if (!capable(CAP_SYS_RESOURCE)) 261 goto flags_out; 262 } 263 if ((flags ^ oldflags) & EXT4_EXTENTS_FL) 264 migrate = 1; 265 266 if (flags & EXT4_EOFBLOCKS_FL) { 267 /* we don't support adding EOFBLOCKS flag */ 268 if (!(oldflags & EXT4_EOFBLOCKS_FL)) { 269 err = -EOPNOTSUPP; 270 goto flags_out; 271 } 272 } else if (oldflags & EXT4_EOFBLOCKS_FL) { 273 err = ext4_truncate(inode); 274 if (err) 275 goto flags_out; 276 } 277 278 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 279 if (IS_ERR(handle)) { 280 err = PTR_ERR(handle); 281 goto flags_out; 282 } 283 if (IS_SYNC(inode)) 284 ext4_handle_sync(handle); 285 err = ext4_reserve_inode_write(handle, inode, &iloc); 286 if (err) 287 goto flags_err; 288 289 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) { 290 if (!(mask & EXT4_FL_USER_MODIFIABLE)) 291 continue; 292 /* These flags get special treatment later */ 293 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL) 294 continue; 295 if (mask & flags) 296 ext4_set_inode_flag(inode, i); 297 else 298 ext4_clear_inode_flag(inode, i); 299 } 300 301 ext4_set_inode_flags(inode); 302 inode->i_ctime = current_time(inode); 303 304 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 305 flags_err: 306 ext4_journal_stop(handle); 307 if (err) 308 goto flags_out; 309 310 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) { 311 /* 312 * Changes to the journaling mode can cause unsafe changes to 313 * S_DAX if we are using the DAX mount option. 314 */ 315 if (test_opt(inode->i_sb, DAX)) { 316 err = -EBUSY; 317 goto flags_out; 318 } 319 320 err = ext4_change_inode_journal_flag(inode, jflag); 321 if (err) 322 goto flags_out; 323 } 324 if (migrate) { 325 if (flags & EXT4_EXTENTS_FL) 326 err = ext4_ext_migrate(inode); 327 else 328 err = ext4_ind_migrate(inode); 329 } 330 331 flags_out: 332 return err; 333 } 334 335 #ifdef CONFIG_QUOTA 336 static int ext4_ioctl_setproject(struct file *filp, __u32 projid) 337 { 338 struct inode *inode = file_inode(filp); 339 struct super_block *sb = inode->i_sb; 340 struct ext4_inode_info *ei = EXT4_I(inode); 341 int err, rc; 342 handle_t *handle; 343 kprojid_t kprojid; 344 struct ext4_iloc iloc; 345 struct ext4_inode *raw_inode; 346 struct dquot *transfer_to[MAXQUOTAS] = { }; 347 348 if (!ext4_has_feature_project(sb)) { 349 if (projid != EXT4_DEF_PROJID) 350 return -EOPNOTSUPP; 351 else 352 return 0; 353 } 354 355 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE) 356 return -EOPNOTSUPP; 357 358 kprojid = make_kprojid(&init_user_ns, (projid_t)projid); 359 360 if (projid_eq(kprojid, EXT4_I(inode)->i_projid)) 361 return 0; 362 363 err = -EPERM; 364 /* Is it quota file? Do not allow user to mess with it */ 365 if (ext4_is_quota_file(inode)) 366 return err; 367 368 err = ext4_get_inode_loc(inode, &iloc); 369 if (err) 370 return err; 371 372 raw_inode = ext4_raw_inode(&iloc); 373 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) { 374 err = ext4_expand_extra_isize(inode, 375 EXT4_SB(sb)->s_want_extra_isize, 376 &iloc); 377 if (err) 378 return err; 379 } else { 380 brelse(iloc.bh); 381 } 382 383 err = dquot_initialize(inode); 384 if (err) 385 return err; 386 387 handle = ext4_journal_start(inode, EXT4_HT_QUOTA, 388 EXT4_QUOTA_INIT_BLOCKS(sb) + 389 EXT4_QUOTA_DEL_BLOCKS(sb) + 3); 390 if (IS_ERR(handle)) 391 return PTR_ERR(handle); 392 393 err = ext4_reserve_inode_write(handle, inode, &iloc); 394 if (err) 395 goto out_stop; 396 397 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid)); 398 if (!IS_ERR(transfer_to[PRJQUOTA])) { 399 400 /* __dquot_transfer() calls back ext4_get_inode_usage() which 401 * counts xattr inode references. 402 */ 403 down_read(&EXT4_I(inode)->xattr_sem); 404 err = __dquot_transfer(inode, transfer_to); 405 up_read(&EXT4_I(inode)->xattr_sem); 406 dqput(transfer_to[PRJQUOTA]); 407 if (err) 408 goto out_dirty; 409 } 410 411 EXT4_I(inode)->i_projid = kprojid; 412 inode->i_ctime = current_time(inode); 413 out_dirty: 414 rc = ext4_mark_iloc_dirty(handle, inode, &iloc); 415 if (!err) 416 err = rc; 417 out_stop: 418 ext4_journal_stop(handle); 419 return err; 420 } 421 #else 422 static int ext4_ioctl_setproject(struct file *filp, __u32 projid) 423 { 424 if (projid != EXT4_DEF_PROJID) 425 return -EOPNOTSUPP; 426 return 0; 427 } 428 #endif 429 430 /* Transfer internal flags to xflags */ 431 static inline __u32 ext4_iflags_to_xflags(unsigned long iflags) 432 { 433 __u32 xflags = 0; 434 435 if (iflags & EXT4_SYNC_FL) 436 xflags |= FS_XFLAG_SYNC; 437 if (iflags & EXT4_IMMUTABLE_FL) 438 xflags |= FS_XFLAG_IMMUTABLE; 439 if (iflags & EXT4_APPEND_FL) 440 xflags |= FS_XFLAG_APPEND; 441 if (iflags & EXT4_NODUMP_FL) 442 xflags |= FS_XFLAG_NODUMP; 443 if (iflags & EXT4_NOATIME_FL) 444 xflags |= FS_XFLAG_NOATIME; 445 if (iflags & EXT4_PROJINHERIT_FL) 446 xflags |= FS_XFLAG_PROJINHERIT; 447 return xflags; 448 } 449 450 #define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \ 451 FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \ 452 FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT) 453 454 /* Transfer xflags flags to internal */ 455 static inline unsigned long ext4_xflags_to_iflags(__u32 xflags) 456 { 457 unsigned long iflags = 0; 458 459 if (xflags & FS_XFLAG_SYNC) 460 iflags |= EXT4_SYNC_FL; 461 if (xflags & FS_XFLAG_IMMUTABLE) 462 iflags |= EXT4_IMMUTABLE_FL; 463 if (xflags & FS_XFLAG_APPEND) 464 iflags |= EXT4_APPEND_FL; 465 if (xflags & FS_XFLAG_NODUMP) 466 iflags |= EXT4_NODUMP_FL; 467 if (xflags & FS_XFLAG_NOATIME) 468 iflags |= EXT4_NOATIME_FL; 469 if (xflags & FS_XFLAG_PROJINHERIT) 470 iflags |= EXT4_PROJINHERIT_FL; 471 472 return iflags; 473 } 474 475 static int ext4_shutdown(struct super_block *sb, unsigned long arg) 476 { 477 struct ext4_sb_info *sbi = EXT4_SB(sb); 478 __u32 flags; 479 480 if (!capable(CAP_SYS_ADMIN)) 481 return -EPERM; 482 483 if (get_user(flags, (__u32 __user *)arg)) 484 return -EFAULT; 485 486 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH) 487 return -EINVAL; 488 489 if (ext4_forced_shutdown(sbi)) 490 return 0; 491 492 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags); 493 trace_ext4_shutdown(sb, flags); 494 495 switch (flags) { 496 case EXT4_GOING_FLAGS_DEFAULT: 497 freeze_bdev(sb->s_bdev); 498 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 499 thaw_bdev(sb->s_bdev, sb); 500 break; 501 case EXT4_GOING_FLAGS_LOGFLUSH: 502 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 503 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) { 504 (void) ext4_force_commit(sb); 505 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 506 } 507 break; 508 case EXT4_GOING_FLAGS_NOLOGFLUSH: 509 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags); 510 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) 511 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN); 512 break; 513 default: 514 return -EINVAL; 515 } 516 clear_opt(sb, DISCARD); 517 return 0; 518 } 519 520 struct getfsmap_info { 521 struct super_block *gi_sb; 522 struct fsmap_head __user *gi_data; 523 unsigned int gi_idx; 524 __u32 gi_last_flags; 525 }; 526 527 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv) 528 { 529 struct getfsmap_info *info = priv; 530 struct fsmap fm; 531 532 trace_ext4_getfsmap_mapping(info->gi_sb, xfm); 533 534 info->gi_last_flags = xfm->fmr_flags; 535 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm); 536 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm, 537 sizeof(struct fsmap))) 538 return -EFAULT; 539 540 return 0; 541 } 542 543 static int ext4_ioc_getfsmap(struct super_block *sb, 544 struct fsmap_head __user *arg) 545 { 546 struct getfsmap_info info = {0}; 547 struct ext4_fsmap_head xhead = {0}; 548 struct fsmap_head head; 549 bool aborted = false; 550 int error; 551 552 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) 553 return -EFAULT; 554 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || 555 memchr_inv(head.fmh_keys[0].fmr_reserved, 0, 556 sizeof(head.fmh_keys[0].fmr_reserved)) || 557 memchr_inv(head.fmh_keys[1].fmr_reserved, 0, 558 sizeof(head.fmh_keys[1].fmr_reserved))) 559 return -EINVAL; 560 /* 561 * ext4 doesn't report file extents at all, so the only valid 562 * file offsets are the magic ones (all zeroes or all ones). 563 */ 564 if (head.fmh_keys[0].fmr_offset || 565 (head.fmh_keys[1].fmr_offset != 0 && 566 head.fmh_keys[1].fmr_offset != -1ULL)) 567 return -EINVAL; 568 569 xhead.fmh_iflags = head.fmh_iflags; 570 xhead.fmh_count = head.fmh_count; 571 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]); 572 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]); 573 574 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]); 575 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]); 576 577 info.gi_sb = sb; 578 info.gi_data = arg; 579 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info); 580 if (error == EXT4_QUERY_RANGE_ABORT) { 581 error = 0; 582 aborted = true; 583 } else if (error) 584 return error; 585 586 /* If we didn't abort, set the "last" flag in the last fmx */ 587 if (!aborted && info.gi_idx) { 588 info.gi_last_flags |= FMR_OF_LAST; 589 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags, 590 &info.gi_last_flags, 591 sizeof(info.gi_last_flags))) 592 return -EFAULT; 593 } 594 595 /* copy back header */ 596 head.fmh_entries = xhead.fmh_entries; 597 head.fmh_oflags = xhead.fmh_oflags; 598 if (copy_to_user(arg, &head, sizeof(struct fsmap_head))) 599 return -EFAULT; 600 601 return 0; 602 } 603 604 static long ext4_ioctl_group_add(struct file *file, 605 struct ext4_new_group_data *input) 606 { 607 struct super_block *sb = file_inode(file)->i_sb; 608 int err, err2=0; 609 610 err = ext4_resize_begin(sb); 611 if (err) 612 return err; 613 614 if (ext4_has_feature_bigalloc(sb)) { 615 ext4_msg(sb, KERN_ERR, 616 "Online resizing not supported with bigalloc"); 617 err = -EOPNOTSUPP; 618 goto group_add_out; 619 } 620 621 err = mnt_want_write_file(file); 622 if (err) 623 goto group_add_out; 624 625 err = ext4_group_add(sb, input); 626 if (EXT4_SB(sb)->s_journal) { 627 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 628 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 629 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 630 } 631 if (err == 0) 632 err = err2; 633 mnt_drop_write_file(file); 634 if (!err && ext4_has_group_desc_csum(sb) && 635 test_opt(sb, INIT_INODE_TABLE)) 636 err = ext4_register_li_request(sb, input->group); 637 group_add_out: 638 ext4_resize_end(sb); 639 return err; 640 } 641 642 static int ext4_ioctl_check_project(struct inode *inode, struct fsxattr *fa) 643 { 644 /* 645 * Project Quota ID state is only allowed to change from within the init 646 * namespace. Enforce that restriction only if we are trying to change 647 * the quota ID state. Everything else is allowed in user namespaces. 648 */ 649 if (current_user_ns() == &init_user_ns) 650 return 0; 651 652 if (__kprojid_val(EXT4_I(inode)->i_projid) != fa->fsx_projid) 653 return -EINVAL; 654 655 if (ext4_test_inode_flag(inode, EXT4_INODE_PROJINHERIT)) { 656 if (!(fa->fsx_xflags & FS_XFLAG_PROJINHERIT)) 657 return -EINVAL; 658 } else { 659 if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT) 660 return -EINVAL; 661 } 662 663 return 0; 664 } 665 666 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) 667 { 668 struct inode *inode = file_inode(filp); 669 struct super_block *sb = inode->i_sb; 670 struct ext4_inode_info *ei = EXT4_I(inode); 671 unsigned int flags; 672 673 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg); 674 675 switch (cmd) { 676 case FS_IOC_GETFSMAP: 677 return ext4_ioc_getfsmap(sb, (void __user *)arg); 678 case EXT4_IOC_GETFLAGS: 679 flags = ei->i_flags & EXT4_FL_USER_VISIBLE; 680 return put_user(flags, (int __user *) arg); 681 case EXT4_IOC_SETFLAGS: { 682 int err; 683 684 if (!inode_owner_or_capable(inode)) 685 return -EACCES; 686 687 if (get_user(flags, (int __user *) arg)) 688 return -EFAULT; 689 690 if (flags & ~EXT4_FL_USER_VISIBLE) 691 return -EOPNOTSUPP; 692 /* 693 * chattr(1) grabs flags via GETFLAGS, modifies the result and 694 * passes that to SETFLAGS. So we cannot easily make SETFLAGS 695 * more restrictive than just silently masking off visible but 696 * not settable flags as we always did. 697 */ 698 flags &= EXT4_FL_USER_MODIFIABLE; 699 if (ext4_mask_flags(inode->i_mode, flags) != flags) 700 return -EOPNOTSUPP; 701 702 err = mnt_want_write_file(filp); 703 if (err) 704 return err; 705 706 inode_lock(inode); 707 err = ext4_ioctl_setflags(inode, flags); 708 inode_unlock(inode); 709 mnt_drop_write_file(filp); 710 return err; 711 } 712 case EXT4_IOC_GETVERSION: 713 case EXT4_IOC_GETVERSION_OLD: 714 return put_user(inode->i_generation, (int __user *) arg); 715 case EXT4_IOC_SETVERSION: 716 case EXT4_IOC_SETVERSION_OLD: { 717 handle_t *handle; 718 struct ext4_iloc iloc; 719 __u32 generation; 720 int err; 721 722 if (!inode_owner_or_capable(inode)) 723 return -EPERM; 724 725 if (ext4_has_metadata_csum(inode->i_sb)) { 726 ext4_warning(sb, "Setting inode version is not " 727 "supported with metadata_csum enabled."); 728 return -ENOTTY; 729 } 730 731 err = mnt_want_write_file(filp); 732 if (err) 733 return err; 734 if (get_user(generation, (int __user *) arg)) { 735 err = -EFAULT; 736 goto setversion_out; 737 } 738 739 inode_lock(inode); 740 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1); 741 if (IS_ERR(handle)) { 742 err = PTR_ERR(handle); 743 goto unlock_out; 744 } 745 err = ext4_reserve_inode_write(handle, inode, &iloc); 746 if (err == 0) { 747 inode->i_ctime = current_time(inode); 748 inode->i_generation = generation; 749 err = ext4_mark_iloc_dirty(handle, inode, &iloc); 750 } 751 ext4_journal_stop(handle); 752 753 unlock_out: 754 inode_unlock(inode); 755 setversion_out: 756 mnt_drop_write_file(filp); 757 return err; 758 } 759 case EXT4_IOC_GROUP_EXTEND: { 760 ext4_fsblk_t n_blocks_count; 761 int err, err2=0; 762 763 err = ext4_resize_begin(sb); 764 if (err) 765 return err; 766 767 if (get_user(n_blocks_count, (__u32 __user *)arg)) { 768 err = -EFAULT; 769 goto group_extend_out; 770 } 771 772 if (ext4_has_feature_bigalloc(sb)) { 773 ext4_msg(sb, KERN_ERR, 774 "Online resizing not supported with bigalloc"); 775 err = -EOPNOTSUPP; 776 goto group_extend_out; 777 } 778 779 err = mnt_want_write_file(filp); 780 if (err) 781 goto group_extend_out; 782 783 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count); 784 if (EXT4_SB(sb)->s_journal) { 785 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 786 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 787 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 788 } 789 if (err == 0) 790 err = err2; 791 mnt_drop_write_file(filp); 792 group_extend_out: 793 ext4_resize_end(sb); 794 return err; 795 } 796 797 case EXT4_IOC_MOVE_EXT: { 798 struct move_extent me; 799 struct fd donor; 800 int err; 801 802 if (!(filp->f_mode & FMODE_READ) || 803 !(filp->f_mode & FMODE_WRITE)) 804 return -EBADF; 805 806 if (copy_from_user(&me, 807 (struct move_extent __user *)arg, sizeof(me))) 808 return -EFAULT; 809 me.moved_len = 0; 810 811 donor = fdget(me.donor_fd); 812 if (!donor.file) 813 return -EBADF; 814 815 if (!(donor.file->f_mode & FMODE_WRITE)) { 816 err = -EBADF; 817 goto mext_out; 818 } 819 820 if (ext4_has_feature_bigalloc(sb)) { 821 ext4_msg(sb, KERN_ERR, 822 "Online defrag not supported with bigalloc"); 823 err = -EOPNOTSUPP; 824 goto mext_out; 825 } else if (IS_DAX(inode)) { 826 ext4_msg(sb, KERN_ERR, 827 "Online defrag not supported with DAX"); 828 err = -EOPNOTSUPP; 829 goto mext_out; 830 } 831 832 err = mnt_want_write_file(filp); 833 if (err) 834 goto mext_out; 835 836 err = ext4_move_extents(filp, donor.file, me.orig_start, 837 me.donor_start, me.len, &me.moved_len); 838 mnt_drop_write_file(filp); 839 840 if (copy_to_user((struct move_extent __user *)arg, 841 &me, sizeof(me))) 842 err = -EFAULT; 843 mext_out: 844 fdput(donor); 845 return err; 846 } 847 848 case EXT4_IOC_GROUP_ADD: { 849 struct ext4_new_group_data input; 850 851 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg, 852 sizeof(input))) 853 return -EFAULT; 854 855 return ext4_ioctl_group_add(filp, &input); 856 } 857 858 case EXT4_IOC_MIGRATE: 859 { 860 int err; 861 if (!inode_owner_or_capable(inode)) 862 return -EACCES; 863 864 err = mnt_want_write_file(filp); 865 if (err) 866 return err; 867 /* 868 * inode_mutex prevent write and truncate on the file. 869 * Read still goes through. We take i_data_sem in 870 * ext4_ext_swap_inode_data before we switch the 871 * inode format to prevent read. 872 */ 873 inode_lock((inode)); 874 err = ext4_ext_migrate(inode); 875 inode_unlock((inode)); 876 mnt_drop_write_file(filp); 877 return err; 878 } 879 880 case EXT4_IOC_ALLOC_DA_BLKS: 881 { 882 int err; 883 if (!inode_owner_or_capable(inode)) 884 return -EACCES; 885 886 err = mnt_want_write_file(filp); 887 if (err) 888 return err; 889 err = ext4_alloc_da_blocks(inode); 890 mnt_drop_write_file(filp); 891 return err; 892 } 893 894 case EXT4_IOC_SWAP_BOOT: 895 { 896 int err; 897 if (!(filp->f_mode & FMODE_WRITE)) 898 return -EBADF; 899 err = mnt_want_write_file(filp); 900 if (err) 901 return err; 902 err = swap_inode_boot_loader(sb, inode); 903 mnt_drop_write_file(filp); 904 return err; 905 } 906 907 case EXT4_IOC_RESIZE_FS: { 908 ext4_fsblk_t n_blocks_count; 909 int err = 0, err2 = 0; 910 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count; 911 912 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg, 913 sizeof(__u64))) { 914 return -EFAULT; 915 } 916 917 err = ext4_resize_begin(sb); 918 if (err) 919 return err; 920 921 err = mnt_want_write_file(filp); 922 if (err) 923 goto resizefs_out; 924 925 err = ext4_resize_fs(sb, n_blocks_count); 926 if (EXT4_SB(sb)->s_journal) { 927 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal); 928 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal); 929 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal); 930 } 931 if (err == 0) 932 err = err2; 933 mnt_drop_write_file(filp); 934 if (!err && (o_group > EXT4_SB(sb)->s_groups_count) && 935 ext4_has_group_desc_csum(sb) && 936 test_opt(sb, INIT_INODE_TABLE)) 937 err = ext4_register_li_request(sb, o_group); 938 939 resizefs_out: 940 ext4_resize_end(sb); 941 return err; 942 } 943 944 case FITRIM: 945 { 946 struct request_queue *q = bdev_get_queue(sb->s_bdev); 947 struct fstrim_range range; 948 int ret = 0; 949 950 if (!capable(CAP_SYS_ADMIN)) 951 return -EPERM; 952 953 if (!blk_queue_discard(q)) 954 return -EOPNOTSUPP; 955 956 if (copy_from_user(&range, (struct fstrim_range __user *)arg, 957 sizeof(range))) 958 return -EFAULT; 959 960 range.minlen = max((unsigned int)range.minlen, 961 q->limits.discard_granularity); 962 ret = ext4_trim_fs(sb, &range); 963 if (ret < 0) 964 return ret; 965 966 if (copy_to_user((struct fstrim_range __user *)arg, &range, 967 sizeof(range))) 968 return -EFAULT; 969 970 return 0; 971 } 972 case EXT4_IOC_PRECACHE_EXTENTS: 973 return ext4_ext_precache(inode); 974 975 case EXT4_IOC_SET_ENCRYPTION_POLICY: 976 if (!ext4_has_feature_encrypt(sb)) 977 return -EOPNOTSUPP; 978 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg); 979 980 case EXT4_IOC_GET_ENCRYPTION_PWSALT: { 981 #ifdef CONFIG_EXT4_FS_ENCRYPTION 982 int err, err2; 983 struct ext4_sb_info *sbi = EXT4_SB(sb); 984 handle_t *handle; 985 986 if (!ext4_has_feature_encrypt(sb)) 987 return -EOPNOTSUPP; 988 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) { 989 err = mnt_want_write_file(filp); 990 if (err) 991 return err; 992 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1); 993 if (IS_ERR(handle)) { 994 err = PTR_ERR(handle); 995 goto pwsalt_err_exit; 996 } 997 err = ext4_journal_get_write_access(handle, sbi->s_sbh); 998 if (err) 999 goto pwsalt_err_journal; 1000 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt); 1001 err = ext4_handle_dirty_metadata(handle, NULL, 1002 sbi->s_sbh); 1003 pwsalt_err_journal: 1004 err2 = ext4_journal_stop(handle); 1005 if (err2 && !err) 1006 err = err2; 1007 pwsalt_err_exit: 1008 mnt_drop_write_file(filp); 1009 if (err) 1010 return err; 1011 } 1012 if (copy_to_user((void __user *) arg, 1013 sbi->s_es->s_encrypt_pw_salt, 16)) 1014 return -EFAULT; 1015 return 0; 1016 #else 1017 return -EOPNOTSUPP; 1018 #endif 1019 } 1020 case EXT4_IOC_GET_ENCRYPTION_POLICY: 1021 return fscrypt_ioctl_get_policy(filp, (void __user *)arg); 1022 1023 case EXT4_IOC_FSGETXATTR: 1024 { 1025 struct fsxattr fa; 1026 1027 memset(&fa, 0, sizeof(struct fsxattr)); 1028 fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE); 1029 1030 if (ext4_has_feature_project(inode->i_sb)) { 1031 fa.fsx_projid = (__u32)from_kprojid(&init_user_ns, 1032 EXT4_I(inode)->i_projid); 1033 } 1034 1035 if (copy_to_user((struct fsxattr __user *)arg, 1036 &fa, sizeof(fa))) 1037 return -EFAULT; 1038 return 0; 1039 } 1040 case EXT4_IOC_FSSETXATTR: 1041 { 1042 struct fsxattr fa; 1043 int err; 1044 1045 if (copy_from_user(&fa, (struct fsxattr __user *)arg, 1046 sizeof(fa))) 1047 return -EFAULT; 1048 1049 /* Make sure caller has proper permission */ 1050 if (!inode_owner_or_capable(inode)) 1051 return -EACCES; 1052 1053 if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS) 1054 return -EOPNOTSUPP; 1055 1056 flags = ext4_xflags_to_iflags(fa.fsx_xflags); 1057 if (ext4_mask_flags(inode->i_mode, flags) != flags) 1058 return -EOPNOTSUPP; 1059 1060 err = mnt_want_write_file(filp); 1061 if (err) 1062 return err; 1063 1064 inode_lock(inode); 1065 err = ext4_ioctl_check_project(inode, &fa); 1066 if (err) 1067 goto out; 1068 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) | 1069 (flags & EXT4_FL_XFLAG_VISIBLE); 1070 err = ext4_ioctl_setflags(inode, flags); 1071 if (err) 1072 goto out; 1073 err = ext4_ioctl_setproject(filp, fa.fsx_projid); 1074 out: 1075 inode_unlock(inode); 1076 mnt_drop_write_file(filp); 1077 return err; 1078 } 1079 case EXT4_IOC_SHUTDOWN: 1080 return ext4_shutdown(sb, arg); 1081 default: 1082 return -ENOTTY; 1083 } 1084 } 1085 1086 #ifdef CONFIG_COMPAT 1087 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg) 1088 { 1089 /* These are just misnamed, they actually get/put from/to user an int */ 1090 switch (cmd) { 1091 case EXT4_IOC32_GETFLAGS: 1092 cmd = EXT4_IOC_GETFLAGS; 1093 break; 1094 case EXT4_IOC32_SETFLAGS: 1095 cmd = EXT4_IOC_SETFLAGS; 1096 break; 1097 case EXT4_IOC32_GETVERSION: 1098 cmd = EXT4_IOC_GETVERSION; 1099 break; 1100 case EXT4_IOC32_SETVERSION: 1101 cmd = EXT4_IOC_SETVERSION; 1102 break; 1103 case EXT4_IOC32_GROUP_EXTEND: 1104 cmd = EXT4_IOC_GROUP_EXTEND; 1105 break; 1106 case EXT4_IOC32_GETVERSION_OLD: 1107 cmd = EXT4_IOC_GETVERSION_OLD; 1108 break; 1109 case EXT4_IOC32_SETVERSION_OLD: 1110 cmd = EXT4_IOC_SETVERSION_OLD; 1111 break; 1112 case EXT4_IOC32_GETRSVSZ: 1113 cmd = EXT4_IOC_GETRSVSZ; 1114 break; 1115 case EXT4_IOC32_SETRSVSZ: 1116 cmd = EXT4_IOC_SETRSVSZ; 1117 break; 1118 case EXT4_IOC32_GROUP_ADD: { 1119 struct compat_ext4_new_group_input __user *uinput; 1120 struct ext4_new_group_data input; 1121 int err; 1122 1123 uinput = compat_ptr(arg); 1124 err = get_user(input.group, &uinput->group); 1125 err |= get_user(input.block_bitmap, &uinput->block_bitmap); 1126 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap); 1127 err |= get_user(input.inode_table, &uinput->inode_table); 1128 err |= get_user(input.blocks_count, &uinput->blocks_count); 1129 err |= get_user(input.reserved_blocks, 1130 &uinput->reserved_blocks); 1131 if (err) 1132 return -EFAULT; 1133 return ext4_ioctl_group_add(file, &input); 1134 } 1135 case EXT4_IOC_MOVE_EXT: 1136 case EXT4_IOC_RESIZE_FS: 1137 case EXT4_IOC_PRECACHE_EXTENTS: 1138 case EXT4_IOC_SET_ENCRYPTION_POLICY: 1139 case EXT4_IOC_GET_ENCRYPTION_PWSALT: 1140 case EXT4_IOC_GET_ENCRYPTION_POLICY: 1141 case EXT4_IOC_SHUTDOWN: 1142 case FS_IOC_GETFSMAP: 1143 break; 1144 default: 1145 return -ENOIOCTLCMD; 1146 } 1147 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg)); 1148 } 1149 #endif 1150