Gitiles
Code Review Sign In
192.168.1.100 / T103 / 1f884588077ad3476b9c91cbb0ee9ee0332bbb68 / . / src / kernel / linux / v4.14 / fs / ext4 / ioctl.c
blob: 9dbb5542167a2b595c75c407d27382b2f1922b6c [file] [log] [blame]
rjw1f884582022-01-06 17:20:42 +0800[diff] [blame^]1// SPDX-License-Identifier: GPL-2.0
2/*
3 * linux/fs/ext4/ioctl.c
4 *
5 * Copyright (C) 1993, 1994, 1995
6 * Remy Card (card@masi.ibp.fr)
7 * Laboratoire MASI - Institut Blaise Pascal
8 * Universite Pierre et Marie Curie (Paris VI)
9 */
10
11#include <linux/fs.h>
12#include <linux/capability.h>
13#include <linux/time.h>
14#include <linux/compat.h>
15#include <linux/mount.h>
16#include <linux/file.h>
17#include <linux/quotaops.h>
18#include <linux/uuid.h>
19#include <linux/uaccess.h>
20#include <linux/delay.h>
21#include "ext4_jbd2.h"
22#include "ext4.h"
23#include <linux/fsmap.h>
24#include "fsmap.h"
25#include <trace/events/ext4.h>
26
27/**
28 * Swap memory between @a and @b for @len bytes.
29 *
30 * @a: pointer to first memory area
31 * @b: pointer to second memory area
32 * @len: number of bytes to swap
33 *
34 */
35static void memswap(void *a, void *b, size_t len)
36{
37 unsigned char *ap, *bp;
38
39 ap = (unsigned char *)a;
40 bp = (unsigned char *)b;
41 while (len-- > 0) {
42 swap(*ap, *bp);
43 ap++;
44 bp++;
45 }
46}
47
48/**
49 * Swap i_data and associated attributes between @inode1 and @inode2.
50 * This function is used for the primary swap between inode1 and inode2
51 * and also to revert this primary swap in case of errors.
52 *
53 * Therefore you have to make sure, that calling this method twice
54 * will revert all changes.
55 *
56 * @inode1: pointer to first inode
57 * @inode2: pointer to second inode
58 */
59static void swap_inode_data(struct inode *inode1, struct inode *inode2)
60{
61 loff_t isize;
62 struct ext4_inode_info *ei1;
63 struct ext4_inode_info *ei2;
64 unsigned long tmp;
65
66 ei1 = EXT4_I(inode1);
67 ei2 = EXT4_I(inode2);
68
69 swap(inode1->i_flags, inode2->i_flags);
70 swap(inode1->i_version, inode2->i_version);
71 swap(inode1->i_blocks, inode2->i_blocks);
72 swap(inode1->i_bytes, inode2->i_bytes);
73 swap(inode1->i_atime, inode2->i_atime);
74 swap(inode1->i_mtime, inode2->i_mtime);
75
76 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
77 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
78 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
79 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
80 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
81 swap(ei1->i_disksize, ei2->i_disksize);
82 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
83 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
84
85 isize = i_size_read(inode1);
86 i_size_write(inode1, i_size_read(inode2));
87 i_size_write(inode2, isize);
88}
89
90/**
91 * Swap the information from the given @inode and the inode
92 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
93 * important fields of the inodes.
94 *
95 * @sb: the super block of the filesystem
96 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
97 *
98 */
99static long swap_inode_boot_loader(struct super_block *sb,
100 struct inode *inode)
101{
102 handle_t *handle;
103 int err;
104 struct inode *inode_bl;
105 struct ext4_inode_info *ei_bl;
106 struct ext4_sb_info *sbi = EXT4_SB(sb);
107
108 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode))
109 return -EINVAL;
110
111 if (!inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN))
112 return -EPERM;
113
114 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL);
115 if (IS_ERR(inode_bl))
116 return PTR_ERR(inode_bl);
117 ei_bl = EXT4_I(inode_bl);
118
119 filemap_flush(inode->i_mapping);
120 filemap_flush(inode_bl->i_mapping);
121
122 /* Protect orig inodes against a truncate and make sure,
123 * that only 1 swap_inode_boot_loader is running. */
124 lock_two_nondirectories(inode, inode_bl);
125
126 truncate_inode_pages(&inode->i_data, 0);
127 truncate_inode_pages(&inode_bl->i_data, 0);
128
129 /* Wait for all existing dio workers */
130 ext4_inode_block_unlocked_dio(inode);
131 ext4_inode_block_unlocked_dio(inode_bl);
132 inode_dio_wait(inode);
133 inode_dio_wait(inode_bl);
134
135 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
136 if (IS_ERR(handle)) {
137 err = -EINVAL;
138 goto journal_err_out;
139 }
140
141 /* Protect extent tree against block allocations via delalloc */
142 ext4_double_down_write_data_sem(inode, inode_bl);
143
144 if (inode_bl->i_nlink == 0) {
145 /* this inode has never been used as a BOOT_LOADER */
146 set_nlink(inode_bl, 1);
147 i_uid_write(inode_bl, 0);
148 i_gid_write(inode_bl, 0);
149 inode_bl->i_flags = 0;
150 ei_bl->i_flags = 0;
151 inode_bl->i_version = 1;
152 i_size_write(inode_bl, 0);
153 inode_bl->i_mode = S_IFREG;
154 if (ext4_has_feature_extents(sb)) {
155 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
156 ext4_ext_tree_init(handle, inode_bl);
157 } else
158 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
159 }
160
161 swap_inode_data(inode, inode_bl);
162
163 inode->i_ctime = inode_bl->i_ctime = current_time(inode);
164
165 spin_lock(&sbi->s_next_gen_lock);
166 inode->i_generation = sbi->s_next_generation++;
167 inode_bl->i_generation = sbi->s_next_generation++;
168 spin_unlock(&sbi->s_next_gen_lock);
169
170 ext4_discard_preallocations(inode);
171
172 err = ext4_mark_inode_dirty(handle, inode);
173 if (err < 0) {
174 ext4_warning(inode->i_sb,
175 "couldn't mark inode #%lu dirty (err %d)",
176 inode->i_ino, err);
177 /* Revert all changes: */
178 swap_inode_data(inode, inode_bl);
179 } else {
180 err = ext4_mark_inode_dirty(handle, inode_bl);
181 if (err < 0) {
182 ext4_warning(inode_bl->i_sb,
183 "couldn't mark inode #%lu dirty (err %d)",
184 inode_bl->i_ino, err);
185 /* Revert all changes: */
186 swap_inode_data(inode, inode_bl);
187 ext4_mark_inode_dirty(handle, inode);
188 }
189 }
190 ext4_journal_stop(handle);
191 ext4_double_up_write_data_sem(inode, inode_bl);
192
193journal_err_out:
194 ext4_inode_resume_unlocked_dio(inode);
195 ext4_inode_resume_unlocked_dio(inode_bl);
196 unlock_two_nondirectories(inode, inode_bl);
197 iput(inode_bl);
198 return err;
199}
200
201#ifdef CONFIG_EXT4_FS_ENCRYPTION
202static int uuid_is_zero(__u8 u[16])
203{
204 int i;
205
206 for (i = 0; i < 16; i++)
207 if (u[i])
208 return 0;
209 return 1;
210}
211#endif
212
213/*
214 * If immutable is set and we are not clearing it, we're not allowed to change
215 * anything else in the inode. Don't error out if we're only trying to set
216 * immutable on an immutable file.
217 */
218static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
219 unsigned int flags)
220{
221 struct ext4_inode_info *ei = EXT4_I(inode);
222 unsigned int oldflags = ei->i_flags;
223
224 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
225 return 0;
226
227 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
228 return -EPERM;
229 if (ext4_has_feature_project(inode->i_sb) &&
230 __kprojid_val(ei->i_projid) != new_projid)
231 return -EPERM;
232
233 return 0;
234}
235
236static int ext4_ioctl_setflags(struct inode *inode,
237 unsigned int flags)
238{
239 struct ext4_inode_info *ei = EXT4_I(inode);
240 handle_t *handle = NULL;
241 int err = -EPERM, migrate = 0;
242 struct ext4_iloc iloc;
243 unsigned int oldflags, mask, i;
244 unsigned int jflag;
245
246 /* Is it quota file? Do not allow user to mess with it */
247 if (ext4_is_quota_file(inode))
248 goto flags_out;
249
250 oldflags = ei->i_flags;
251
252 /* The JOURNAL_DATA flag is modifiable only by root */
253 jflag = flags & EXT4_JOURNAL_DATA_FL;
254
255 /*
256 * The IMMUTABLE and APPEND_ONLY flags can only be changed by
257 * the relevant capability.
258 *
259 * This test looks nicer. Thanks to Pauline Middelink
260 */
261 if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
262 if (!capable(CAP_LINUX_IMMUTABLE))
263 goto flags_out;
264 }
265
266 /*
267 * The JOURNAL_DATA flag can only be changed by
268 * the relevant capability.
269 */
270 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
271 if (!capable(CAP_SYS_RESOURCE))
272 goto flags_out;
273 }
274 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
275 migrate = 1;
276
277 if (flags & EXT4_EOFBLOCKS_FL) {
278 /* we don't support adding EOFBLOCKS flag */
279 if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
280 err = -EOPNOTSUPP;
281 goto flags_out;
282 }
283 } else if (oldflags & EXT4_EOFBLOCKS_FL) {
284 err = ext4_truncate(inode);
285 if (err)
286 goto flags_out;
287 }
288
289 /*
290 * Wait for all pending directio and then flush all the dirty pages
291 * for this file. The flush marks all the pages readonly, so any
292 * subsequent attempt to write to the file (particularly mmap pages)
293 * will come through the filesystem and fail.
294 */
295 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
296 (flags & EXT4_IMMUTABLE_FL)) {
297 inode_dio_wait(inode);
298 err = filemap_write_and_wait(inode->i_mapping);
299 if (err)
300 goto flags_out;
301 }
302
303 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
304 if (IS_ERR(handle)) {
305 err = PTR_ERR(handle);
306 goto flags_out;
307 }
308 if (IS_SYNC(inode))
309 ext4_handle_sync(handle);
310 err = ext4_reserve_inode_write(handle, inode, &iloc);
311 if (err)
312 goto flags_err;
313
314 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
315 if (!(mask & EXT4_FL_USER_MODIFIABLE))
316 continue;
317 /* These flags get special treatment later */
318 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
319 continue;
320 if (mask & flags)
321 ext4_set_inode_flag(inode, i);
322 else
323 ext4_clear_inode_flag(inode, i);
324 }
325
326 ext4_set_inode_flags(inode);
327 inode->i_ctime = current_time(inode);
328
329 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
330flags_err:
331 ext4_journal_stop(handle);
332 if (err)
333 goto flags_out;
334
335 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
336 /*
337 * Changes to the journaling mode can cause unsafe changes to
338 * S_DAX if we are using the DAX mount option.
339 */
340 if (test_opt(inode->i_sb, DAX)) {
341 err = -EBUSY;
342 goto flags_out;
343 }
344
345 err = ext4_change_inode_journal_flag(inode, jflag);
346 if (err)
347 goto flags_out;
348 }
349 if (migrate) {
350 if (flags & EXT4_EXTENTS_FL)
351 err = ext4_ext_migrate(inode);
352 else
353 err = ext4_ind_migrate(inode);
354 }
355
356flags_out:
357 return err;
358}
359
360#ifdef CONFIG_QUOTA
361static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
362{
363 struct inode *inode = file_inode(filp);
364 struct super_block *sb = inode->i_sb;
365 struct ext4_inode_info *ei = EXT4_I(inode);
366 int err, rc;
367 handle_t *handle;
368 kprojid_t kprojid;
369 struct ext4_iloc iloc;
370 struct ext4_inode *raw_inode;
371 struct dquot *transfer_to[MAXQUOTAS] = { };
372
373 if (!ext4_has_feature_project(sb)) {
374 if (projid != EXT4_DEF_PROJID)
375 return -EOPNOTSUPP;
376 else
377 return 0;
378 }
379
380 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
381 return -EOPNOTSUPP;
382
383 kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
384
385 if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
386 return 0;
387
388 err = -EPERM;
389 /* Is it quota file? Do not allow user to mess with it */
390 if (ext4_is_quota_file(inode))
391 return err;
392
393 err = ext4_get_inode_loc(inode, &iloc);
394 if (err)
395 return err;
396
397 raw_inode = ext4_raw_inode(&iloc);
398 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
399 err = ext4_expand_extra_isize(inode,
400 EXT4_SB(sb)->s_want_extra_isize,
401 &iloc);
402 if (err)
403 return err;
404 } else {
405 brelse(iloc.bh);
406 }
407
408 err = dquot_initialize(inode);
409 if (err)
410 return err;
411
412 handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
413 EXT4_QUOTA_INIT_BLOCKS(sb) +
414 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
415 if (IS_ERR(handle))
416 return PTR_ERR(handle);
417
418 err = ext4_reserve_inode_write(handle, inode, &iloc);
419 if (err)
420 goto out_stop;
421
422 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
423 if (!IS_ERR(transfer_to[PRJQUOTA])) {
424
425 /* __dquot_transfer() calls back ext4_get_inode_usage() which
426 * counts xattr inode references.
427 */
428 down_read(&EXT4_I(inode)->xattr_sem);
429 err = __dquot_transfer(inode, transfer_to);
430 up_read(&EXT4_I(inode)->xattr_sem);
431 dqput(transfer_to[PRJQUOTA]);
432 if (err)
433 goto out_dirty;
434 }
435
436 EXT4_I(inode)->i_projid = kprojid;
437 inode->i_ctime = current_time(inode);
438out_dirty:
439 rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
440 if (!err)
441 err = rc;
442out_stop:
443 ext4_journal_stop(handle);
444 return err;
445}
446#else
447static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
448{
449 if (projid != EXT4_DEF_PROJID)
450 return -EOPNOTSUPP;
451 return 0;
452}
453#endif
454
455/* Transfer internal flags to xflags */
456static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
457{
458 __u32 xflags = 0;
459
460 if (iflags & EXT4_SYNC_FL)
461 xflags |= FS_XFLAG_SYNC;
462 if (iflags & EXT4_IMMUTABLE_FL)
463 xflags |= FS_XFLAG_IMMUTABLE;
464 if (iflags & EXT4_APPEND_FL)
465 xflags |= FS_XFLAG_APPEND;
466 if (iflags & EXT4_NODUMP_FL)
467 xflags |= FS_XFLAG_NODUMP;
468 if (iflags & EXT4_NOATIME_FL)
469 xflags |= FS_XFLAG_NOATIME;
470 if (iflags & EXT4_PROJINHERIT_FL)
471 xflags |= FS_XFLAG_PROJINHERIT;
472 return xflags;
473}
474
475#define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
476 FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
477 FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT)
478
479/* Transfer xflags flags to internal */
480static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
481{
482 unsigned long iflags = 0;
483
484 if (xflags & FS_XFLAG_SYNC)
485 iflags |= EXT4_SYNC_FL;
486 if (xflags & FS_XFLAG_IMMUTABLE)
487 iflags |= EXT4_IMMUTABLE_FL;
488 if (xflags & FS_XFLAG_APPEND)
489 iflags |= EXT4_APPEND_FL;
490 if (xflags & FS_XFLAG_NODUMP)
491 iflags |= EXT4_NODUMP_FL;
492 if (xflags & FS_XFLAG_NOATIME)
493 iflags |= EXT4_NOATIME_FL;
494 if (xflags & FS_XFLAG_PROJINHERIT)
495 iflags |= EXT4_PROJINHERIT_FL;
496
497 return iflags;
498}
499
500static int ext4_shutdown(struct super_block *sb, unsigned long arg)
501{
502 struct ext4_sb_info *sbi = EXT4_SB(sb);
503 __u32 flags;
504
505 if (!capable(CAP_SYS_ADMIN))
506 return -EPERM;
507
508 if (get_user(flags, (__u32 __user *)arg))
509 return -EFAULT;
510
511 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
512 return -EINVAL;
513
514 if (ext4_forced_shutdown(sbi))
515 return 0;
516
517 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
518
519 switch (flags) {
520 case EXT4_GOING_FLAGS_DEFAULT:
521 freeze_bdev(sb->s_bdev);
522 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
523 thaw_bdev(sb->s_bdev, sb);
524 break;
525 case EXT4_GOING_FLAGS_LOGFLUSH:
526 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
527 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
528 (void) ext4_force_commit(sb);
529 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
530 }
531 break;
532 case EXT4_GOING_FLAGS_NOLOGFLUSH:
533 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
534 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
535 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
536 break;
537 default:
538 return -EINVAL;
539 }
540 clear_opt(sb, DISCARD);
541 return 0;
542}
543
544struct getfsmap_info {
545 struct super_block *gi_sb;
546 struct fsmap_head __user *gi_data;
547 unsigned int gi_idx;
548 __u32 gi_last_flags;
549};
550
551static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
552{
553 struct getfsmap_info *info = priv;
554 struct fsmap fm;
555
556 trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
557
558 info->gi_last_flags = xfm->fmr_flags;
559 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
560 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
561 sizeof(struct fsmap)))
562 return -EFAULT;
563
564 return 0;
565}
566
567static int ext4_ioc_getfsmap(struct super_block *sb,
568 struct fsmap_head __user *arg)
569{
570 struct getfsmap_info info = {0};
571 struct ext4_fsmap_head xhead = {0};
572 struct fsmap_head head;
573 bool aborted = false;
574 int error;
575
576 if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
577 return -EFAULT;
578 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
579 memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
580 sizeof(head.fmh_keys[0].fmr_reserved)) ||
581 memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
582 sizeof(head.fmh_keys[1].fmr_reserved)))
583 return -EINVAL;
584 /*
585 * ext4 doesn't report file extents at all, so the only valid
586 * file offsets are the magic ones (all zeroes or all ones).
587 */
588 if (head.fmh_keys[0].fmr_offset ||
589 (head.fmh_keys[1].fmr_offset != 0 &&
590 head.fmh_keys[1].fmr_offset != -1ULL))
591 return -EINVAL;
592
593 xhead.fmh_iflags = head.fmh_iflags;
594 xhead.fmh_count = head.fmh_count;
595 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
596 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
597
598 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
599 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
600
601 info.gi_sb = sb;
602 info.gi_data = arg;
603 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
604 if (error == EXT4_QUERY_RANGE_ABORT) {
605 error = 0;
606 aborted = true;
607 } else if (error)
608 return error;
609
610 /* If we didn't abort, set the "last" flag in the last fmx */
611 if (!aborted && info.gi_idx) {
612 info.gi_last_flags |= FMR_OF_LAST;
613 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
614 &info.gi_last_flags,
615 sizeof(info.gi_last_flags)))
616 return -EFAULT;
617 }
618
619 /* copy back header */
620 head.fmh_entries = xhead.fmh_entries;
621 head.fmh_oflags = xhead.fmh_oflags;
622 if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
623 return -EFAULT;
624
625 return 0;
626}
627
628static int ext4_ioctl_check_project(struct inode *inode, struct fsxattr *fa)
629{
630 /*
631 * Project Quota ID state is only allowed to change from within the init
632 * namespace. Enforce that restriction only if we are trying to change
633 * the quota ID state. Everything else is allowed in user namespaces.
634 */
635 if (current_user_ns() == &init_user_ns)
636 return 0;
637
638 if (__kprojid_val(EXT4_I(inode)->i_projid) != fa->fsx_projid)
639 return -EINVAL;
640
641 if (ext4_test_inode_flag(inode, EXT4_INODE_PROJINHERIT)) {
642 if (!(fa->fsx_xflags & FS_XFLAG_PROJINHERIT))
643 return -EINVAL;
644 } else {
645 if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT)
646 return -EINVAL;
647 }
648
649 return 0;
650}
651
652long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
653{
654 struct inode *inode = file_inode(filp);
655 struct super_block *sb = inode->i_sb;
656 struct ext4_inode_info *ei = EXT4_I(inode);
657 unsigned int flags;
658
659 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
660
661 switch (cmd) {
662 case FS_IOC_GETFSMAP:
663 return ext4_ioc_getfsmap(sb, (void __user *)arg);
664 case EXT4_IOC_GETFLAGS:
665 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
666 return put_user(flags, (int __user *) arg);
667 case EXT4_IOC_SETFLAGS: {
668 int err;
669
670 if (!inode_owner_or_capable(inode))
671 return -EACCES;
672
673 if (get_user(flags, (int __user *) arg))
674 return -EFAULT;
675
676 if (flags & ~EXT4_FL_USER_VISIBLE)
677 return -EOPNOTSUPP;
678 /*
679 * chattr(1) grabs flags via GETFLAGS, modifies the result and
680 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
681 * more restrictive than just silently masking off visible but
682 * not settable flags as we always did.
683 */
684 flags &= EXT4_FL_USER_MODIFIABLE;
685 if (ext4_mask_flags(inode->i_mode, flags) != flags)
686 return -EOPNOTSUPP;
687
688 err = mnt_want_write_file(filp);
689 if (err)
690 return err;
691
692 inode_lock(inode);
693 err = ext4_ioctl_check_immutable(inode,
694 from_kprojid(&init_user_ns, ei->i_projid),
695 flags);
696 if (!err)
697 err = ext4_ioctl_setflags(inode, flags);
698 inode_unlock(inode);
699 mnt_drop_write_file(filp);
700 return err;
701 }
702 case EXT4_IOC_GETVERSION:
703 case EXT4_IOC_GETVERSION_OLD:
704 return put_user(inode->i_generation, (int __user *) arg);
705 case EXT4_IOC_SETVERSION:
706 case EXT4_IOC_SETVERSION_OLD: {
707 handle_t *handle;
708 struct ext4_iloc iloc;
709 __u32 generation;
710 int err;
711
712 if (!inode_owner_or_capable(inode))
713 return -EPERM;
714
715 if (ext4_has_metadata_csum(inode->i_sb)) {
716 ext4_warning(sb, "Setting inode version is not "
717 "supported with metadata_csum enabled.");
718 return -ENOTTY;
719 }
720
721 err = mnt_want_write_file(filp);
722 if (err)
723 return err;
724 if (get_user(generation, (int __user *) arg)) {
725 err = -EFAULT;
726 goto setversion_out;
727 }
728
729 inode_lock(inode);
730 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
731 if (IS_ERR(handle)) {
732 err = PTR_ERR(handle);
733 goto unlock_out;
734 }
735 err = ext4_reserve_inode_write(handle, inode, &iloc);
736 if (err == 0) {
737 inode->i_ctime = current_time(inode);
738 inode->i_generation = generation;
739 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
740 }
741 ext4_journal_stop(handle);
742
743unlock_out:
744 inode_unlock(inode);
745setversion_out:
746 mnt_drop_write_file(filp);
747 return err;
748 }
749 case EXT4_IOC_GROUP_EXTEND: {
750 ext4_fsblk_t n_blocks_count;
751 int err, err2=0;
752
753 err = ext4_resize_begin(sb);
754 if (err)
755 return err;
756
757 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
758 err = -EFAULT;
759 goto group_extend_out;
760 }
761
762 if (ext4_has_feature_bigalloc(sb)) {
763 ext4_msg(sb, KERN_ERR,
764 "Online resizing not supported with bigalloc");
765 err = -EOPNOTSUPP;
766 goto group_extend_out;
767 }
768
769 err = mnt_want_write_file(filp);
770 if (err)
771 goto group_extend_out;
772
773 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
774 if (EXT4_SB(sb)->s_journal) {
775 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
776 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
777 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
778 }
779 if (err == 0)
780 err = err2;
781 mnt_drop_write_file(filp);
782group_extend_out:
783 ext4_resize_end(sb);
784 return err;
785 }
786
787 case EXT4_IOC_MOVE_EXT: {
788 struct move_extent me;
789 struct fd donor;
790 int err;
791
792 if (!(filp->f_mode & FMODE_READ) ||
793 !(filp->f_mode & FMODE_WRITE))
794 return -EBADF;
795
796 if (copy_from_user(&me,
797 (struct move_extent __user *)arg, sizeof(me)))
798 return -EFAULT;
799 me.moved_len = 0;
800
801 donor = fdget(me.donor_fd);
802 if (!donor.file)
803 return -EBADF;
804
805 if (!(donor.file->f_mode & FMODE_WRITE)) {
806 err = -EBADF;
807 goto mext_out;
808 }
809
810 if (ext4_has_feature_bigalloc(sb)) {
811 ext4_msg(sb, KERN_ERR,
812 "Online defrag not supported with bigalloc");
813 err = -EOPNOTSUPP;
814 goto mext_out;
815 } else if (IS_DAX(inode)) {
816 ext4_msg(sb, KERN_ERR,
817 "Online defrag not supported with DAX");
818 err = -EOPNOTSUPP;
819 goto mext_out;
820 }
821
822 err = mnt_want_write_file(filp);
823 if (err)
824 goto mext_out;
825
826 err = ext4_move_extents(filp, donor.file, me.orig_start,
827 me.donor_start, me.len, &me.moved_len);
828 mnt_drop_write_file(filp);
829
830 if (copy_to_user((struct move_extent __user *)arg,
831 &me, sizeof(me)))
832 err = -EFAULT;
833mext_out:
834 fdput(donor);
835 return err;
836 }
837
838 case EXT4_IOC_GROUP_ADD: {
839 struct ext4_new_group_data input;
840 int err, err2=0;
841
842 err = ext4_resize_begin(sb);
843 if (err)
844 return err;
845
846 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
847 sizeof(input))) {
848 err = -EFAULT;
849 goto group_add_out;
850 }
851
852 if (ext4_has_feature_bigalloc(sb)) {
853 ext4_msg(sb, KERN_ERR,
854 "Online resizing not supported with bigalloc");
855 err = -EOPNOTSUPP;
856 goto group_add_out;
857 }
858
859 err = mnt_want_write_file(filp);
860 if (err)
861 goto group_add_out;
862
863 err = ext4_group_add(sb, &input);
864 if (EXT4_SB(sb)->s_journal) {
865 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
866 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
867 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
868 }
869 if (err == 0)
870 err = err2;
871 mnt_drop_write_file(filp);
872 if (!err && ext4_has_group_desc_csum(sb) &&
873 test_opt(sb, INIT_INODE_TABLE))
874 err = ext4_register_li_request(sb, input.group);
875group_add_out:
876 ext4_resize_end(sb);
877 return err;
878 }
879
880 case EXT4_IOC_MIGRATE:
881 {
882 int err;
883 if (!inode_owner_or_capable(inode))
884 return -EACCES;
885
886 err = mnt_want_write_file(filp);
887 if (err)
888 return err;
889 /*
890 * inode_mutex prevent write and truncate on the file.
891 * Read still goes through. We take i_data_sem in
892 * ext4_ext_swap_inode_data before we switch the
893 * inode format to prevent read.
894 */
895 inode_lock((inode));
896 err = ext4_ext_migrate(inode);
897 inode_unlock((inode));
898 mnt_drop_write_file(filp);
899 return err;
900 }
901
902 case EXT4_IOC_ALLOC_DA_BLKS:
903 {
904 int err;
905 if (!inode_owner_or_capable(inode))
906 return -EACCES;
907
908 err = mnt_want_write_file(filp);
909 if (err)
910 return err;
911 err = ext4_alloc_da_blocks(inode);
912 mnt_drop_write_file(filp);
913 return err;
914 }
915
916 case EXT4_IOC_SWAP_BOOT:
917 {
918 int err;
919 if (!(filp->f_mode & FMODE_WRITE))
920 return -EBADF;
921 err = mnt_want_write_file(filp);
922 if (err)
923 return err;
924 err = swap_inode_boot_loader(sb, inode);
925 mnt_drop_write_file(filp);
926 return err;
927 }
928
929 case EXT4_IOC_RESIZE_FS: {
930 ext4_fsblk_t n_blocks_count;
931 int err = 0, err2 = 0;
932 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
933
934 if (ext4_has_feature_bigalloc(sb)) {
935 ext4_msg(sb, KERN_ERR,
936 "Online resizing not (yet) supported with bigalloc");
937 return -EOPNOTSUPP;
938 }
939
940 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
941 sizeof(__u64))) {
942 return -EFAULT;
943 }
944
945 err = ext4_resize_begin(sb);
946 if (err)
947 return err;
948
949 err = mnt_want_write_file(filp);
950 if (err)
951 goto resizefs_out;
952
953 err = ext4_resize_fs(sb, n_blocks_count);
954 if (EXT4_SB(sb)->s_journal) {
955 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
956 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
957 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
958 }
959 if (err == 0)
960 err = err2;
961 mnt_drop_write_file(filp);
962 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
963 ext4_has_group_desc_csum(sb) &&
964 test_opt(sb, INIT_INODE_TABLE))
965 err = ext4_register_li_request(sb, o_group);
966
967resizefs_out:
968 ext4_resize_end(sb);
969 return err;
970 }
971
972 case FITRIM:
973 {
974 struct request_queue *q = bdev_get_queue(sb->s_bdev);
975 struct fstrim_range range;
976 int ret = 0;
977
978 if (!capable(CAP_SYS_ADMIN))
979 return -EPERM;
980
981 if (!blk_queue_discard(q))
982 return -EOPNOTSUPP;
983
984 /*
985 * We haven't replayed the journal, so we cannot use our
986 * block-bitmap-guided storage zapping commands.
987 */
988 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
989 return -EROFS;
990
991 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
992 sizeof(range)))
993 return -EFAULT;
994
995 range.minlen = max((unsigned int)range.minlen,
996 q->limits.discard_granularity);
997 ret = ext4_trim_fs(sb, &range);
998 if (ret < 0)
999 return ret;
1000
1001 if (copy_to_user((struct fstrim_range __user *)arg, &range,
1002 sizeof(range)))
1003 return -EFAULT;
1004
1005 return 0;
1006 }
1007 case EXT4_IOC_PRECACHE_EXTENTS:
1008 return ext4_ext_precache(inode);
1009
1010 case EXT4_IOC_SET_ENCRYPTION_POLICY:
1011 if (!ext4_has_feature_encrypt(sb))
1012 return -EOPNOTSUPP;
1013 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1014
1015 case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
1016#ifdef CONFIG_EXT4_FS_ENCRYPTION
1017 int err, err2;
1018 struct ext4_sb_info *sbi = EXT4_SB(sb);
1019 handle_t *handle;
1020
1021 if (!ext4_has_feature_encrypt(sb))
1022 return -EOPNOTSUPP;
1023 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
1024 err = mnt_want_write_file(filp);
1025 if (err)
1026 return err;
1027 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
1028 if (IS_ERR(handle)) {
1029 err = PTR_ERR(handle);
1030 goto pwsalt_err_exit;
1031 }
1032 err = ext4_journal_get_write_access(handle, sbi->s_sbh);
1033 if (err)
1034 goto pwsalt_err_journal;
1035 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
1036 err = ext4_handle_dirty_metadata(handle, NULL,
1037 sbi->s_sbh);
1038 pwsalt_err_journal:
1039 err2 = ext4_journal_stop(handle);
1040 if (err2 && !err)
1041 err = err2;
1042 pwsalt_err_exit:
1043 mnt_drop_write_file(filp);
1044 if (err)
1045 return err;
1046 }
1047 if (copy_to_user((void __user *) arg,
1048 sbi->s_es->s_encrypt_pw_salt, 16))
1049 return -EFAULT;
1050 return 0;
1051#else
1052 return -EOPNOTSUPP;
1053#endif
1054 }
1055 case EXT4_IOC_GET_ENCRYPTION_POLICY:
1056 return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1057
1058 case EXT4_IOC_FSGETXATTR:
1059 {
1060 struct fsxattr fa;
1061
1062 memset(&fa, 0, sizeof(struct fsxattr));
1063 fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE);
1064
1065 if (ext4_has_feature_project(inode->i_sb)) {
1066 fa.fsx_projid = (__u32)from_kprojid(&init_user_ns,
1067 EXT4_I(inode)->i_projid);
1068 }
1069
1070 if (copy_to_user((struct fsxattr __user *)arg,
1071 &fa, sizeof(fa)))
1072 return -EFAULT;
1073 return 0;
1074 }
1075 case EXT4_IOC_FSSETXATTR:
1076 {
1077 struct fsxattr fa;
1078 int err;
1079
1080 if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1081 sizeof(fa)))
1082 return -EFAULT;
1083
1084 /* Make sure caller has proper permission */
1085 if (!inode_owner_or_capable(inode))
1086 return -EACCES;
1087
1088 if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1089 return -EOPNOTSUPP;
1090
1091 flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1092 if (ext4_mask_flags(inode->i_mode, flags) != flags)
1093 return -EOPNOTSUPP;
1094
1095 err = mnt_want_write_file(filp);
1096 if (err)
1097 return err;
1098
1099 inode_lock(inode);
1100 err = ext4_ioctl_check_project(inode, &fa);
1101 if (err)
1102 goto out;
1103 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1104 (flags & EXT4_FL_XFLAG_VISIBLE);
1105 err = ext4_ioctl_check_immutable(inode, fa.fsx_projid, flags);
1106 if (err)
1107 goto out;
1108 err = ext4_ioctl_setflags(inode, flags);
1109 if (err)
1110 goto out;
1111 err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1112out:
1113 inode_unlock(inode);
1114 mnt_drop_write_file(filp);
1115 return err;
1116 }
1117 case EXT4_IOC_SHUTDOWN:
1118 return ext4_shutdown(sb, arg);
1119 default:
1120 return -ENOTTY;
1121 }
1122}
1123
1124#ifdef CONFIG_COMPAT
1125long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1126{
1127 /* These are just misnamed, they actually get/put from/to user an int */
1128 switch (cmd) {
1129 case EXT4_IOC32_GETFLAGS:
1130 cmd = EXT4_IOC_GETFLAGS;
1131 break;
1132 case EXT4_IOC32_SETFLAGS:
1133 cmd = EXT4_IOC_SETFLAGS;
1134 break;
1135 case EXT4_IOC32_GETVERSION:
1136 cmd = EXT4_IOC_GETVERSION;
1137 break;
1138 case EXT4_IOC32_SETVERSION:
1139 cmd = EXT4_IOC_SETVERSION;
1140 break;
1141 case EXT4_IOC32_GROUP_EXTEND:
1142 cmd = EXT4_IOC_GROUP_EXTEND;
1143 break;
1144 case EXT4_IOC32_GETVERSION_OLD:
1145 cmd = EXT4_IOC_GETVERSION_OLD;
1146 break;
1147 case EXT4_IOC32_SETVERSION_OLD:
1148 cmd = EXT4_IOC_SETVERSION_OLD;
1149 break;
1150 case EXT4_IOC32_GETRSVSZ:
1151 cmd = EXT4_IOC_GETRSVSZ;
1152 break;
1153 case EXT4_IOC32_SETRSVSZ:
1154 cmd = EXT4_IOC_SETRSVSZ;
1155 break;
1156 case EXT4_IOC32_GROUP_ADD: {
1157 struct compat_ext4_new_group_input __user *uinput;
1158 struct ext4_new_group_input input;
1159 mm_segment_t old_fs;
1160 int err;
1161
1162 uinput = compat_ptr(arg);
1163 err = get_user(input.group, &uinput->group);
1164 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1165 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1166 err |= get_user(input.inode_table, &uinput->inode_table);
1167 err |= get_user(input.blocks_count, &uinput->blocks_count);
1168 err |= get_user(input.reserved_blocks,
1169 &uinput->reserved_blocks);
1170 if (err)
1171 return -EFAULT;
1172 old_fs = get_fs();
1173 set_fs(KERNEL_DS);
1174 err = ext4_ioctl(file, EXT4_IOC_GROUP_ADD,
1175 (unsigned long) &input);
1176 set_fs(old_fs);
1177 return err;
1178 }
1179 case EXT4_IOC_MOVE_EXT:
1180 case EXT4_IOC_RESIZE_FS:
1181 case EXT4_IOC_PRECACHE_EXTENTS:
1182 case EXT4_IOC_SET_ENCRYPTION_POLICY:
1183 case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1184 case EXT4_IOC_GET_ENCRYPTION_POLICY:
1185 case EXT4_IOC_SHUTDOWN:
1186 case FS_IOC_GETFSMAP:
1187 break;
1188 default:
1189 return -ENOIOCTLCMD;
1190 }
1191 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1192}
1193#endif