xref: /openbmc/linux/fs/ext4/ioctl.c (revision b24413180f5600bcb3bb70fbed5cf186b60864bd)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * linux/fs/ext4/ioctl.c
4  *
5  * Copyright (C) 1993, 1994, 1995
6  * Remy Card (card@masi.ibp.fr)
7  * Laboratoire MASI - Institut Blaise Pascal
8  * Universite Pierre et Marie Curie (Paris VI)
9  */
10 
11 #include <linux/fs.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <linux/quotaops.h>
18 #include <linux/uuid.h>
19 #include <linux/uaccess.h>
20 #include <linux/delay.h>
21 #include "ext4_jbd2.h"
22 #include "ext4.h"
23 #include <linux/fsmap.h>
24 #include "fsmap.h"
25 #include <trace/events/ext4.h>
26 
27 /**
28  * Swap memory between @a and @b for @len bytes.
29  *
30  * @a:          pointer to first memory area
31  * @b:          pointer to second memory area
32  * @len:        number of bytes to swap
33  *
34  */
35 static void memswap(void *a, void *b, size_t len)
36 {
37 	unsigned char *ap, *bp;
38 
39 	ap = (unsigned char *)a;
40 	bp = (unsigned char *)b;
41 	while (len-- > 0) {
42 		swap(*ap, *bp);
43 		ap++;
44 		bp++;
45 	}
46 }
47 
48 /**
49  * Swap i_data and associated attributes between @inode1 and @inode2.
50  * This function is used for the primary swap between inode1 and inode2
51  * and also to revert this primary swap in case of errors.
52  *
53  * Therefore you have to make sure, that calling this method twice
54  * will revert all changes.
55  *
56  * @inode1:     pointer to first inode
57  * @inode2:     pointer to second inode
58  */
59 static void swap_inode_data(struct inode *inode1, struct inode *inode2)
60 {
61 	loff_t isize;
62 	struct ext4_inode_info *ei1;
63 	struct ext4_inode_info *ei2;
64 
65 	ei1 = EXT4_I(inode1);
66 	ei2 = EXT4_I(inode2);
67 
68 	swap(inode1->i_flags, inode2->i_flags);
69 	swap(inode1->i_version, inode2->i_version);
70 	swap(inode1->i_blocks, inode2->i_blocks);
71 	swap(inode1->i_bytes, inode2->i_bytes);
72 	swap(inode1->i_atime, inode2->i_atime);
73 	swap(inode1->i_mtime, inode2->i_mtime);
74 
75 	memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
76 	swap(ei1->i_flags, ei2->i_flags);
77 	swap(ei1->i_disksize, ei2->i_disksize);
78 	ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
79 	ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
80 
81 	isize = i_size_read(inode1);
82 	i_size_write(inode1, i_size_read(inode2));
83 	i_size_write(inode2, isize);
84 }
85 
86 /**
87  * Swap the information from the given @inode and the inode
88  * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
89  * important fields of the inodes.
90  *
91  * @sb:         the super block of the filesystem
92  * @inode:      the inode to swap with EXT4_BOOT_LOADER_INO
93  *
94  */
95 static long swap_inode_boot_loader(struct super_block *sb,
96 				struct inode *inode)
97 {
98 	handle_t *handle;
99 	int err;
100 	struct inode *inode_bl;
101 	struct ext4_inode_info *ei_bl;
102 	struct ext4_sb_info *sbi = EXT4_SB(sb);
103 
104 	if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode))
105 		return -EINVAL;
106 
107 	if (!inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN))
108 		return -EPERM;
109 
110 	inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO);
111 	if (IS_ERR(inode_bl))
112 		return PTR_ERR(inode_bl);
113 	ei_bl = EXT4_I(inode_bl);
114 
115 	filemap_flush(inode->i_mapping);
116 	filemap_flush(inode_bl->i_mapping);
117 
118 	/* Protect orig inodes against a truncate and make sure,
119 	 * that only 1 swap_inode_boot_loader is running. */
120 	lock_two_nondirectories(inode, inode_bl);
121 
122 	truncate_inode_pages(&inode->i_data, 0);
123 	truncate_inode_pages(&inode_bl->i_data, 0);
124 
125 	/* Wait for all existing dio workers */
126 	ext4_inode_block_unlocked_dio(inode);
127 	ext4_inode_block_unlocked_dio(inode_bl);
128 	inode_dio_wait(inode);
129 	inode_dio_wait(inode_bl);
130 
131 	handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
132 	if (IS_ERR(handle)) {
133 		err = -EINVAL;
134 		goto journal_err_out;
135 	}
136 
137 	/* Protect extent tree against block allocations via delalloc */
138 	ext4_double_down_write_data_sem(inode, inode_bl);
139 
140 	if (inode_bl->i_nlink == 0) {
141 		/* this inode has never been used as a BOOT_LOADER */
142 		set_nlink(inode_bl, 1);
143 		i_uid_write(inode_bl, 0);
144 		i_gid_write(inode_bl, 0);
145 		inode_bl->i_flags = 0;
146 		ei_bl->i_flags = 0;
147 		inode_bl->i_version = 1;
148 		i_size_write(inode_bl, 0);
149 		inode_bl->i_mode = S_IFREG;
150 		if (ext4_has_feature_extents(sb)) {
151 			ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
152 			ext4_ext_tree_init(handle, inode_bl);
153 		} else
154 			memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
155 	}
156 
157 	swap_inode_data(inode, inode_bl);
158 
159 	inode->i_ctime = inode_bl->i_ctime = current_time(inode);
160 
161 	spin_lock(&sbi->s_next_gen_lock);
162 	inode->i_generation = sbi->s_next_generation++;
163 	inode_bl->i_generation = sbi->s_next_generation++;
164 	spin_unlock(&sbi->s_next_gen_lock);
165 
166 	ext4_discard_preallocations(inode);
167 
168 	err = ext4_mark_inode_dirty(handle, inode);
169 	if (err < 0) {
170 		ext4_warning(inode->i_sb,
171 			"couldn't mark inode #%lu dirty (err %d)",
172 			inode->i_ino, err);
173 		/* Revert all changes: */
174 		swap_inode_data(inode, inode_bl);
175 	} else {
176 		err = ext4_mark_inode_dirty(handle, inode_bl);
177 		if (err < 0) {
178 			ext4_warning(inode_bl->i_sb,
179 				"couldn't mark inode #%lu dirty (err %d)",
180 				inode_bl->i_ino, err);
181 			/* Revert all changes: */
182 			swap_inode_data(inode, inode_bl);
183 			ext4_mark_inode_dirty(handle, inode);
184 		}
185 	}
186 	ext4_journal_stop(handle);
187 	ext4_double_up_write_data_sem(inode, inode_bl);
188 
189 journal_err_out:
190 	ext4_inode_resume_unlocked_dio(inode);
191 	ext4_inode_resume_unlocked_dio(inode_bl);
192 	unlock_two_nondirectories(inode, inode_bl);
193 	iput(inode_bl);
194 	return err;
195 }
196 
197 #ifdef CONFIG_EXT4_FS_ENCRYPTION
198 static int uuid_is_zero(__u8 u[16])
199 {
200 	int	i;
201 
202 	for (i = 0; i < 16; i++)
203 		if (u[i])
204 			return 0;
205 	return 1;
206 }
207 #endif
208 
209 static int ext4_ioctl_setflags(struct inode *inode,
210 			       unsigned int flags)
211 {
212 	struct ext4_inode_info *ei = EXT4_I(inode);
213 	handle_t *handle = NULL;
214 	int err = -EPERM, migrate = 0;
215 	struct ext4_iloc iloc;
216 	unsigned int oldflags, mask, i;
217 	unsigned int jflag;
218 
219 	/* Is it quota file? Do not allow user to mess with it */
220 	if (ext4_is_quota_file(inode))
221 		goto flags_out;
222 
223 	oldflags = ei->i_flags;
224 
225 	/* The JOURNAL_DATA flag is modifiable only by root */
226 	jflag = flags & EXT4_JOURNAL_DATA_FL;
227 
228 	/*
229 	 * The IMMUTABLE and APPEND_ONLY flags can only be changed by
230 	 * the relevant capability.
231 	 *
232 	 * This test looks nicer. Thanks to Pauline Middelink
233 	 */
234 	if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
235 		if (!capable(CAP_LINUX_IMMUTABLE))
236 			goto flags_out;
237 	}
238 
239 	/*
240 	 * The JOURNAL_DATA flag can only be changed by
241 	 * the relevant capability.
242 	 */
243 	if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
244 		if (!capable(CAP_SYS_RESOURCE))
245 			goto flags_out;
246 	}
247 	if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
248 		migrate = 1;
249 
250 	if (flags & EXT4_EOFBLOCKS_FL) {
251 		/* we don't support adding EOFBLOCKS flag */
252 		if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
253 			err = -EOPNOTSUPP;
254 			goto flags_out;
255 		}
256 	} else if (oldflags & EXT4_EOFBLOCKS_FL) {
257 		err = ext4_truncate(inode);
258 		if (err)
259 			goto flags_out;
260 	}
261 
262 	handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
263 	if (IS_ERR(handle)) {
264 		err = PTR_ERR(handle);
265 		goto flags_out;
266 	}
267 	if (IS_SYNC(inode))
268 		ext4_handle_sync(handle);
269 	err = ext4_reserve_inode_write(handle, inode, &iloc);
270 	if (err)
271 		goto flags_err;
272 
273 	for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
274 		if (!(mask & EXT4_FL_USER_MODIFIABLE))
275 			continue;
276 		/* These flags get special treatment later */
277 		if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
278 			continue;
279 		if (mask & flags)
280 			ext4_set_inode_flag(inode, i);
281 		else
282 			ext4_clear_inode_flag(inode, i);
283 	}
284 
285 	ext4_set_inode_flags(inode);
286 	inode->i_ctime = current_time(inode);
287 
288 	err = ext4_mark_iloc_dirty(handle, inode, &iloc);
289 flags_err:
290 	ext4_journal_stop(handle);
291 	if (err)
292 		goto flags_out;
293 
294 	if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL))
295 		err = ext4_change_inode_journal_flag(inode, jflag);
296 	if (err)
297 		goto flags_out;
298 	if (migrate) {
299 		if (flags & EXT4_EXTENTS_FL)
300 			err = ext4_ext_migrate(inode);
301 		else
302 			err = ext4_ind_migrate(inode);
303 	}
304 
305 flags_out:
306 	return err;
307 }
308 
309 #ifdef CONFIG_QUOTA
310 static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
311 {
312 	struct inode *inode = file_inode(filp);
313 	struct super_block *sb = inode->i_sb;
314 	struct ext4_inode_info *ei = EXT4_I(inode);
315 	int err, rc;
316 	handle_t *handle;
317 	kprojid_t kprojid;
318 	struct ext4_iloc iloc;
319 	struct ext4_inode *raw_inode;
320 	struct dquot *transfer_to[MAXQUOTAS] = { };
321 
322 	if (!ext4_has_feature_project(sb)) {
323 		if (projid != EXT4_DEF_PROJID)
324 			return -EOPNOTSUPP;
325 		else
326 			return 0;
327 	}
328 
329 	if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
330 		return -EOPNOTSUPP;
331 
332 	kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
333 
334 	if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
335 		return 0;
336 
337 	err = mnt_want_write_file(filp);
338 	if (err)
339 		return err;
340 
341 	err = -EPERM;
342 	inode_lock(inode);
343 	/* Is it quota file? Do not allow user to mess with it */
344 	if (ext4_is_quota_file(inode))
345 		goto out_unlock;
346 
347 	err = ext4_get_inode_loc(inode, &iloc);
348 	if (err)
349 		goto out_unlock;
350 
351 	raw_inode = ext4_raw_inode(&iloc);
352 	if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
353 		err = ext4_expand_extra_isize(inode,
354 					      EXT4_SB(sb)->s_want_extra_isize,
355 					      &iloc);
356 		if (err)
357 			goto out_unlock;
358 	} else {
359 		brelse(iloc.bh);
360 	}
361 
362 	dquot_initialize(inode);
363 
364 	handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
365 		EXT4_QUOTA_INIT_BLOCKS(sb) +
366 		EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
367 	if (IS_ERR(handle)) {
368 		err = PTR_ERR(handle);
369 		goto out_unlock;
370 	}
371 
372 	err = ext4_reserve_inode_write(handle, inode, &iloc);
373 	if (err)
374 		goto out_stop;
375 
376 	transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
377 	if (!IS_ERR(transfer_to[PRJQUOTA])) {
378 
379 		/* __dquot_transfer() calls back ext4_get_inode_usage() which
380 		 * counts xattr inode references.
381 		 */
382 		down_read(&EXT4_I(inode)->xattr_sem);
383 		err = __dquot_transfer(inode, transfer_to);
384 		up_read(&EXT4_I(inode)->xattr_sem);
385 		dqput(transfer_to[PRJQUOTA]);
386 		if (err)
387 			goto out_dirty;
388 	}
389 
390 	EXT4_I(inode)->i_projid = kprojid;
391 	inode->i_ctime = current_time(inode);
392 out_dirty:
393 	rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
394 	if (!err)
395 		err = rc;
396 out_stop:
397 	ext4_journal_stop(handle);
398 out_unlock:
399 	inode_unlock(inode);
400 	mnt_drop_write_file(filp);
401 	return err;
402 }
403 #else
404 static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
405 {
406 	if (projid != EXT4_DEF_PROJID)
407 		return -EOPNOTSUPP;
408 	return 0;
409 }
410 #endif
411 
412 /* Transfer internal flags to xflags */
413 static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
414 {
415 	__u32 xflags = 0;
416 
417 	if (iflags & EXT4_SYNC_FL)
418 		xflags |= FS_XFLAG_SYNC;
419 	if (iflags & EXT4_IMMUTABLE_FL)
420 		xflags |= FS_XFLAG_IMMUTABLE;
421 	if (iflags & EXT4_APPEND_FL)
422 		xflags |= FS_XFLAG_APPEND;
423 	if (iflags & EXT4_NODUMP_FL)
424 		xflags |= FS_XFLAG_NODUMP;
425 	if (iflags & EXT4_NOATIME_FL)
426 		xflags |= FS_XFLAG_NOATIME;
427 	if (iflags & EXT4_PROJINHERIT_FL)
428 		xflags |= FS_XFLAG_PROJINHERIT;
429 	return xflags;
430 }
431 
432 #define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
433 				  FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
434 				  FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT)
435 
436 /* Transfer xflags flags to internal */
437 static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
438 {
439 	unsigned long iflags = 0;
440 
441 	if (xflags & FS_XFLAG_SYNC)
442 		iflags |= EXT4_SYNC_FL;
443 	if (xflags & FS_XFLAG_IMMUTABLE)
444 		iflags |= EXT4_IMMUTABLE_FL;
445 	if (xflags & FS_XFLAG_APPEND)
446 		iflags |= EXT4_APPEND_FL;
447 	if (xflags & FS_XFLAG_NODUMP)
448 		iflags |= EXT4_NODUMP_FL;
449 	if (xflags & FS_XFLAG_NOATIME)
450 		iflags |= EXT4_NOATIME_FL;
451 	if (xflags & FS_XFLAG_PROJINHERIT)
452 		iflags |= EXT4_PROJINHERIT_FL;
453 
454 	return iflags;
455 }
456 
457 static int ext4_shutdown(struct super_block *sb, unsigned long arg)
458 {
459 	struct ext4_sb_info *sbi = EXT4_SB(sb);
460 	__u32 flags;
461 
462 	if (!capable(CAP_SYS_ADMIN))
463 		return -EPERM;
464 
465 	if (get_user(flags, (__u32 __user *)arg))
466 		return -EFAULT;
467 
468 	if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
469 		return -EINVAL;
470 
471 	if (ext4_forced_shutdown(sbi))
472 		return 0;
473 
474 	ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
475 
476 	switch (flags) {
477 	case EXT4_GOING_FLAGS_DEFAULT:
478 		freeze_bdev(sb->s_bdev);
479 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
480 		thaw_bdev(sb->s_bdev, sb);
481 		break;
482 	case EXT4_GOING_FLAGS_LOGFLUSH:
483 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
484 		if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
485 			(void) ext4_force_commit(sb);
486 			jbd2_journal_abort(sbi->s_journal, 0);
487 		}
488 		break;
489 	case EXT4_GOING_FLAGS_NOLOGFLUSH:
490 		set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
491 		if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
492 			msleep(100);
493 			jbd2_journal_abort(sbi->s_journal, 0);
494 		}
495 		break;
496 	default:
497 		return -EINVAL;
498 	}
499 	clear_opt(sb, DISCARD);
500 	return 0;
501 }
502 
503 struct getfsmap_info {
504 	struct super_block	*gi_sb;
505 	struct fsmap_head __user *gi_data;
506 	unsigned int		gi_idx;
507 	__u32			gi_last_flags;
508 };
509 
510 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
511 {
512 	struct getfsmap_info *info = priv;
513 	struct fsmap fm;
514 
515 	trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
516 
517 	info->gi_last_flags = xfm->fmr_flags;
518 	ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
519 	if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
520 			sizeof(struct fsmap)))
521 		return -EFAULT;
522 
523 	return 0;
524 }
525 
526 static int ext4_ioc_getfsmap(struct super_block *sb,
527 			     struct fsmap_head __user *arg)
528 {
529 	struct getfsmap_info info = {0};
530 	struct ext4_fsmap_head xhead = {0};
531 	struct fsmap_head head;
532 	bool aborted = false;
533 	int error;
534 
535 	if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
536 		return -EFAULT;
537 	if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
538 	    memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
539 		       sizeof(head.fmh_keys[0].fmr_reserved)) ||
540 	    memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
541 		       sizeof(head.fmh_keys[1].fmr_reserved)))
542 		return -EINVAL;
543 	/*
544 	 * ext4 doesn't report file extents at all, so the only valid
545 	 * file offsets are the magic ones (all zeroes or all ones).
546 	 */
547 	if (head.fmh_keys[0].fmr_offset ||
548 	    (head.fmh_keys[1].fmr_offset != 0 &&
549 	     head.fmh_keys[1].fmr_offset != -1ULL))
550 		return -EINVAL;
551 
552 	xhead.fmh_iflags = head.fmh_iflags;
553 	xhead.fmh_count = head.fmh_count;
554 	ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
555 	ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
556 
557 	trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
558 	trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
559 
560 	info.gi_sb = sb;
561 	info.gi_data = arg;
562 	error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
563 	if (error == EXT4_QUERY_RANGE_ABORT) {
564 		error = 0;
565 		aborted = true;
566 	} else if (error)
567 		return error;
568 
569 	/* If we didn't abort, set the "last" flag in the last fmx */
570 	if (!aborted && info.gi_idx) {
571 		info.gi_last_flags |= FMR_OF_LAST;
572 		if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
573 				 &info.gi_last_flags,
574 				 sizeof(info.gi_last_flags)))
575 			return -EFAULT;
576 	}
577 
578 	/* copy back header */
579 	head.fmh_entries = xhead.fmh_entries;
580 	head.fmh_oflags = xhead.fmh_oflags;
581 	if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
582 		return -EFAULT;
583 
584 	return 0;
585 }
586 
587 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
588 {
589 	struct inode *inode = file_inode(filp);
590 	struct super_block *sb = inode->i_sb;
591 	struct ext4_inode_info *ei = EXT4_I(inode);
592 	unsigned int flags;
593 
594 	ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
595 
596 	switch (cmd) {
597 	case FS_IOC_GETFSMAP:
598 		return ext4_ioc_getfsmap(sb, (void __user *)arg);
599 	case EXT4_IOC_GETFLAGS:
600 		flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
601 		return put_user(flags, (int __user *) arg);
602 	case EXT4_IOC_SETFLAGS: {
603 		int err;
604 
605 		if (!inode_owner_or_capable(inode))
606 			return -EACCES;
607 
608 		if (get_user(flags, (int __user *) arg))
609 			return -EFAULT;
610 
611 		if (flags & ~EXT4_FL_USER_VISIBLE)
612 			return -EOPNOTSUPP;
613 		/*
614 		 * chattr(1) grabs flags via GETFLAGS, modifies the result and
615 		 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
616 		 * more restrictive than just silently masking off visible but
617 		 * not settable flags as we always did.
618 		 */
619 		flags &= EXT4_FL_USER_MODIFIABLE;
620 		if (ext4_mask_flags(inode->i_mode, flags) != flags)
621 			return -EOPNOTSUPP;
622 
623 		err = mnt_want_write_file(filp);
624 		if (err)
625 			return err;
626 
627 		inode_lock(inode);
628 		err = ext4_ioctl_setflags(inode, flags);
629 		inode_unlock(inode);
630 		mnt_drop_write_file(filp);
631 		return err;
632 	}
633 	case EXT4_IOC_GETVERSION:
634 	case EXT4_IOC_GETVERSION_OLD:
635 		return put_user(inode->i_generation, (int __user *) arg);
636 	case EXT4_IOC_SETVERSION:
637 	case EXT4_IOC_SETVERSION_OLD: {
638 		handle_t *handle;
639 		struct ext4_iloc iloc;
640 		__u32 generation;
641 		int err;
642 
643 		if (!inode_owner_or_capable(inode))
644 			return -EPERM;
645 
646 		if (ext4_has_metadata_csum(inode->i_sb)) {
647 			ext4_warning(sb, "Setting inode version is not "
648 				     "supported with metadata_csum enabled.");
649 			return -ENOTTY;
650 		}
651 
652 		err = mnt_want_write_file(filp);
653 		if (err)
654 			return err;
655 		if (get_user(generation, (int __user *) arg)) {
656 			err = -EFAULT;
657 			goto setversion_out;
658 		}
659 
660 		inode_lock(inode);
661 		handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
662 		if (IS_ERR(handle)) {
663 			err = PTR_ERR(handle);
664 			goto unlock_out;
665 		}
666 		err = ext4_reserve_inode_write(handle, inode, &iloc);
667 		if (err == 0) {
668 			inode->i_ctime = current_time(inode);
669 			inode->i_generation = generation;
670 			err = ext4_mark_iloc_dirty(handle, inode, &iloc);
671 		}
672 		ext4_journal_stop(handle);
673 
674 unlock_out:
675 		inode_unlock(inode);
676 setversion_out:
677 		mnt_drop_write_file(filp);
678 		return err;
679 	}
680 	case EXT4_IOC_GROUP_EXTEND: {
681 		ext4_fsblk_t n_blocks_count;
682 		int err, err2=0;
683 
684 		err = ext4_resize_begin(sb);
685 		if (err)
686 			return err;
687 
688 		if (get_user(n_blocks_count, (__u32 __user *)arg)) {
689 			err = -EFAULT;
690 			goto group_extend_out;
691 		}
692 
693 		if (ext4_has_feature_bigalloc(sb)) {
694 			ext4_msg(sb, KERN_ERR,
695 				 "Online resizing not supported with bigalloc");
696 			err = -EOPNOTSUPP;
697 			goto group_extend_out;
698 		}
699 
700 		err = mnt_want_write_file(filp);
701 		if (err)
702 			goto group_extend_out;
703 
704 		err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
705 		if (EXT4_SB(sb)->s_journal) {
706 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
707 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
708 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
709 		}
710 		if (err == 0)
711 			err = err2;
712 		mnt_drop_write_file(filp);
713 group_extend_out:
714 		ext4_resize_end(sb);
715 		return err;
716 	}
717 
718 	case EXT4_IOC_MOVE_EXT: {
719 		struct move_extent me;
720 		struct fd donor;
721 		int err;
722 
723 		if (!(filp->f_mode & FMODE_READ) ||
724 		    !(filp->f_mode & FMODE_WRITE))
725 			return -EBADF;
726 
727 		if (copy_from_user(&me,
728 			(struct move_extent __user *)arg, sizeof(me)))
729 			return -EFAULT;
730 		me.moved_len = 0;
731 
732 		donor = fdget(me.donor_fd);
733 		if (!donor.file)
734 			return -EBADF;
735 
736 		if (!(donor.file->f_mode & FMODE_WRITE)) {
737 			err = -EBADF;
738 			goto mext_out;
739 		}
740 
741 		if (ext4_has_feature_bigalloc(sb)) {
742 			ext4_msg(sb, KERN_ERR,
743 				 "Online defrag not supported with bigalloc");
744 			err = -EOPNOTSUPP;
745 			goto mext_out;
746 		} else if (IS_DAX(inode)) {
747 			ext4_msg(sb, KERN_ERR,
748 				 "Online defrag not supported with DAX");
749 			err = -EOPNOTSUPP;
750 			goto mext_out;
751 		}
752 
753 		err = mnt_want_write_file(filp);
754 		if (err)
755 			goto mext_out;
756 
757 		err = ext4_move_extents(filp, donor.file, me.orig_start,
758 					me.donor_start, me.len, &me.moved_len);
759 		mnt_drop_write_file(filp);
760 
761 		if (copy_to_user((struct move_extent __user *)arg,
762 				 &me, sizeof(me)))
763 			err = -EFAULT;
764 mext_out:
765 		fdput(donor);
766 		return err;
767 	}
768 
769 	case EXT4_IOC_GROUP_ADD: {
770 		struct ext4_new_group_data input;
771 		int err, err2=0;
772 
773 		err = ext4_resize_begin(sb);
774 		if (err)
775 			return err;
776 
777 		if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
778 				sizeof(input))) {
779 			err = -EFAULT;
780 			goto group_add_out;
781 		}
782 
783 		if (ext4_has_feature_bigalloc(sb)) {
784 			ext4_msg(sb, KERN_ERR,
785 				 "Online resizing not supported with bigalloc");
786 			err = -EOPNOTSUPP;
787 			goto group_add_out;
788 		}
789 
790 		err = mnt_want_write_file(filp);
791 		if (err)
792 			goto group_add_out;
793 
794 		err = ext4_group_add(sb, &input);
795 		if (EXT4_SB(sb)->s_journal) {
796 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
797 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
798 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
799 		}
800 		if (err == 0)
801 			err = err2;
802 		mnt_drop_write_file(filp);
803 		if (!err && ext4_has_group_desc_csum(sb) &&
804 		    test_opt(sb, INIT_INODE_TABLE))
805 			err = ext4_register_li_request(sb, input.group);
806 group_add_out:
807 		ext4_resize_end(sb);
808 		return err;
809 	}
810 
811 	case EXT4_IOC_MIGRATE:
812 	{
813 		int err;
814 		if (!inode_owner_or_capable(inode))
815 			return -EACCES;
816 
817 		err = mnt_want_write_file(filp);
818 		if (err)
819 			return err;
820 		/*
821 		 * inode_mutex prevent write and truncate on the file.
822 		 * Read still goes through. We take i_data_sem in
823 		 * ext4_ext_swap_inode_data before we switch the
824 		 * inode format to prevent read.
825 		 */
826 		inode_lock((inode));
827 		err = ext4_ext_migrate(inode);
828 		inode_unlock((inode));
829 		mnt_drop_write_file(filp);
830 		return err;
831 	}
832 
833 	case EXT4_IOC_ALLOC_DA_BLKS:
834 	{
835 		int err;
836 		if (!inode_owner_or_capable(inode))
837 			return -EACCES;
838 
839 		err = mnt_want_write_file(filp);
840 		if (err)
841 			return err;
842 		err = ext4_alloc_da_blocks(inode);
843 		mnt_drop_write_file(filp);
844 		return err;
845 	}
846 
847 	case EXT4_IOC_SWAP_BOOT:
848 	{
849 		int err;
850 		if (!(filp->f_mode & FMODE_WRITE))
851 			return -EBADF;
852 		err = mnt_want_write_file(filp);
853 		if (err)
854 			return err;
855 		err = swap_inode_boot_loader(sb, inode);
856 		mnt_drop_write_file(filp);
857 		return err;
858 	}
859 
860 	case EXT4_IOC_RESIZE_FS: {
861 		ext4_fsblk_t n_blocks_count;
862 		int err = 0, err2 = 0;
863 		ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
864 
865 		if (ext4_has_feature_bigalloc(sb)) {
866 			ext4_msg(sb, KERN_ERR,
867 				 "Online resizing not (yet) supported with bigalloc");
868 			return -EOPNOTSUPP;
869 		}
870 
871 		if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
872 				   sizeof(__u64))) {
873 			return -EFAULT;
874 		}
875 
876 		err = ext4_resize_begin(sb);
877 		if (err)
878 			return err;
879 
880 		err = mnt_want_write_file(filp);
881 		if (err)
882 			goto resizefs_out;
883 
884 		err = ext4_resize_fs(sb, n_blocks_count);
885 		if (EXT4_SB(sb)->s_journal) {
886 			jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
887 			err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
888 			jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
889 		}
890 		if (err == 0)
891 			err = err2;
892 		mnt_drop_write_file(filp);
893 		if (!err && (o_group > EXT4_SB(sb)->s_groups_count) &&
894 		    ext4_has_group_desc_csum(sb) &&
895 		    test_opt(sb, INIT_INODE_TABLE))
896 			err = ext4_register_li_request(sb, o_group);
897 
898 resizefs_out:
899 		ext4_resize_end(sb);
900 		return err;
901 	}
902 
903 	case FITRIM:
904 	{
905 		struct request_queue *q = bdev_get_queue(sb->s_bdev);
906 		struct fstrim_range range;
907 		int ret = 0;
908 
909 		if (!capable(CAP_SYS_ADMIN))
910 			return -EPERM;
911 
912 		if (!blk_queue_discard(q))
913 			return -EOPNOTSUPP;
914 
915 		if (copy_from_user(&range, (struct fstrim_range __user *)arg,
916 		    sizeof(range)))
917 			return -EFAULT;
918 
919 		range.minlen = max((unsigned int)range.minlen,
920 				   q->limits.discard_granularity);
921 		ret = ext4_trim_fs(sb, &range);
922 		if (ret < 0)
923 			return ret;
924 
925 		if (copy_to_user((struct fstrim_range __user *)arg, &range,
926 		    sizeof(range)))
927 			return -EFAULT;
928 
929 		return 0;
930 	}
931 	case EXT4_IOC_PRECACHE_EXTENTS:
932 		return ext4_ext_precache(inode);
933 
934 	case EXT4_IOC_SET_ENCRYPTION_POLICY:
935 		if (!ext4_has_feature_encrypt(sb))
936 			return -EOPNOTSUPP;
937 		return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
938 
939 	case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
940 #ifdef CONFIG_EXT4_FS_ENCRYPTION
941 		int err, err2;
942 		struct ext4_sb_info *sbi = EXT4_SB(sb);
943 		handle_t *handle;
944 
945 		if (!ext4_has_feature_encrypt(sb))
946 			return -EOPNOTSUPP;
947 		if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
948 			err = mnt_want_write_file(filp);
949 			if (err)
950 				return err;
951 			handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
952 			if (IS_ERR(handle)) {
953 				err = PTR_ERR(handle);
954 				goto pwsalt_err_exit;
955 			}
956 			err = ext4_journal_get_write_access(handle, sbi->s_sbh);
957 			if (err)
958 				goto pwsalt_err_journal;
959 			generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
960 			err = ext4_handle_dirty_metadata(handle, NULL,
961 							 sbi->s_sbh);
962 		pwsalt_err_journal:
963 			err2 = ext4_journal_stop(handle);
964 			if (err2 && !err)
965 				err = err2;
966 		pwsalt_err_exit:
967 			mnt_drop_write_file(filp);
968 			if (err)
969 				return err;
970 		}
971 		if (copy_to_user((void __user *) arg,
972 				 sbi->s_es->s_encrypt_pw_salt, 16))
973 			return -EFAULT;
974 		return 0;
975 #else
976 		return -EOPNOTSUPP;
977 #endif
978 	}
979 	case EXT4_IOC_GET_ENCRYPTION_POLICY:
980 		return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
981 
982 	case EXT4_IOC_FSGETXATTR:
983 	{
984 		struct fsxattr fa;
985 
986 		memset(&fa, 0, sizeof(struct fsxattr));
987 		fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE);
988 
989 		if (ext4_has_feature_project(inode->i_sb)) {
990 			fa.fsx_projid = (__u32)from_kprojid(&init_user_ns,
991 				EXT4_I(inode)->i_projid);
992 		}
993 
994 		if (copy_to_user((struct fsxattr __user *)arg,
995 				 &fa, sizeof(fa)))
996 			return -EFAULT;
997 		return 0;
998 	}
999 	case EXT4_IOC_FSSETXATTR:
1000 	{
1001 		struct fsxattr fa;
1002 		int err;
1003 
1004 		if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1005 				   sizeof(fa)))
1006 			return -EFAULT;
1007 
1008 		/* Make sure caller has proper permission */
1009 		if (!inode_owner_or_capable(inode))
1010 			return -EACCES;
1011 
1012 		if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1013 			return -EOPNOTSUPP;
1014 
1015 		flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1016 		if (ext4_mask_flags(inode->i_mode, flags) != flags)
1017 			return -EOPNOTSUPP;
1018 
1019 		err = mnt_want_write_file(filp);
1020 		if (err)
1021 			return err;
1022 
1023 		inode_lock(inode);
1024 		flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1025 			 (flags & EXT4_FL_XFLAG_VISIBLE);
1026 		err = ext4_ioctl_setflags(inode, flags);
1027 		inode_unlock(inode);
1028 		mnt_drop_write_file(filp);
1029 		if (err)
1030 			return err;
1031 
1032 		err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1033 		if (err)
1034 			return err;
1035 
1036 		return 0;
1037 	}
1038 	case EXT4_IOC_SHUTDOWN:
1039 		return ext4_shutdown(sb, arg);
1040 	default:
1041 		return -ENOTTY;
1042 	}
1043 }
1044 
1045 #ifdef CONFIG_COMPAT
1046 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1047 {
1048 	/* These are just misnamed, they actually get/put from/to user an int */
1049 	switch (cmd) {
1050 	case EXT4_IOC32_GETFLAGS:
1051 		cmd = EXT4_IOC_GETFLAGS;
1052 		break;
1053 	case EXT4_IOC32_SETFLAGS:
1054 		cmd = EXT4_IOC_SETFLAGS;
1055 		break;
1056 	case EXT4_IOC32_GETVERSION:
1057 		cmd = EXT4_IOC_GETVERSION;
1058 		break;
1059 	case EXT4_IOC32_SETVERSION:
1060 		cmd = EXT4_IOC_SETVERSION;
1061 		break;
1062 	case EXT4_IOC32_GROUP_EXTEND:
1063 		cmd = EXT4_IOC_GROUP_EXTEND;
1064 		break;
1065 	case EXT4_IOC32_GETVERSION_OLD:
1066 		cmd = EXT4_IOC_GETVERSION_OLD;
1067 		break;
1068 	case EXT4_IOC32_SETVERSION_OLD:
1069 		cmd = EXT4_IOC_SETVERSION_OLD;
1070 		break;
1071 	case EXT4_IOC32_GETRSVSZ:
1072 		cmd = EXT4_IOC_GETRSVSZ;
1073 		break;
1074 	case EXT4_IOC32_SETRSVSZ:
1075 		cmd = EXT4_IOC_SETRSVSZ;
1076 		break;
1077 	case EXT4_IOC32_GROUP_ADD: {
1078 		struct compat_ext4_new_group_input __user *uinput;
1079 		struct ext4_new_group_input input;
1080 		mm_segment_t old_fs;
1081 		int err;
1082 
1083 		uinput = compat_ptr(arg);
1084 		err = get_user(input.group, &uinput->group);
1085 		err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1086 		err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1087 		err |= get_user(input.inode_table, &uinput->inode_table);
1088 		err |= get_user(input.blocks_count, &uinput->blocks_count);
1089 		err |= get_user(input.reserved_blocks,
1090 				&uinput->reserved_blocks);
1091 		if (err)
1092 			return -EFAULT;
1093 		old_fs = get_fs();
1094 		set_fs(KERNEL_DS);
1095 		err = ext4_ioctl(file, EXT4_IOC_GROUP_ADD,
1096 				 (unsigned long) &input);
1097 		set_fs(old_fs);
1098 		return err;
1099 	}
1100 	case EXT4_IOC_MOVE_EXT:
1101 	case EXT4_IOC_RESIZE_FS:
1102 	case EXT4_IOC_PRECACHE_EXTENTS:
1103 	case EXT4_IOC_SET_ENCRYPTION_POLICY:
1104 	case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1105 	case EXT4_IOC_GET_ENCRYPTION_POLICY:
1106 	case EXT4_IOC_SHUTDOWN:
1107 	case FS_IOC_GETFSMAP:
1108 		break;
1109 	default:
1110 		return -ENOIOCTLCMD;
1111 	}
1112 	return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1113 }
1114 #endif
1115