1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * linux/fs/ext4/ioctl.c
4 *
5 * Copyright (C) 1993, 1994, 1995
6 * Remy Card (card@masi.ibp.fr)
7 * Laboratoire MASI - Institut Blaise Pascal
8 * Universite Pierre et Marie Curie (Paris VI)
9 */
10
11 #include <linux/fs.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <linux/quotaops.h>
18 #include <linux/random.h>
19 #include <linux/uaccess.h>
20 #include <linux/delay.h>
21 #include <linux/iversion.h>
22 #include <linux/fileattr.h>
23 #include <linux/uuid.h>
24 #include "ext4_jbd2.h"
25 #include "ext4.h"
26 #include <linux/fsmap.h>
27 #include "fsmap.h"
28 #include <trace/events/ext4.h>
29
30 typedef void ext4_update_sb_callback(struct ext4_super_block *es,
31 const void *arg);
32
33 /*
34 * Superblock modification callback function for changing file system
35 * label
36 */
ext4_sb_setlabel(struct ext4_super_block * es,const void * arg)37 static void ext4_sb_setlabel(struct ext4_super_block *es, const void *arg)
38 {
39 /* Sanity check, this should never happen */
40 BUILD_BUG_ON(sizeof(es->s_volume_name) < EXT4_LABEL_MAX);
41
42 memcpy(es->s_volume_name, (char *)arg, EXT4_LABEL_MAX);
43 }
44
45 /*
46 * Superblock modification callback function for changing file system
47 * UUID.
48 */
ext4_sb_setuuid(struct ext4_super_block * es,const void * arg)49 static void ext4_sb_setuuid(struct ext4_super_block *es, const void *arg)
50 {
51 memcpy(es->s_uuid, (__u8 *)arg, UUID_SIZE);
52 }
53
54 static
ext4_update_primary_sb(struct super_block * sb,handle_t * handle,ext4_update_sb_callback func,const void * arg)55 int ext4_update_primary_sb(struct super_block *sb, handle_t *handle,
56 ext4_update_sb_callback func,
57 const void *arg)
58 {
59 int err = 0;
60 struct ext4_sb_info *sbi = EXT4_SB(sb);
61 struct buffer_head *bh = sbi->s_sbh;
62 struct ext4_super_block *es = sbi->s_es;
63
64 trace_ext4_update_sb(sb, bh->b_blocknr, 1);
65
66 BUFFER_TRACE(bh, "get_write_access");
67 err = ext4_journal_get_write_access(handle, sb,
68 bh,
69 EXT4_JTR_NONE);
70 if (err)
71 goto out_err;
72
73 lock_buffer(bh);
74 func(es, arg);
75 ext4_superblock_csum_set(sb);
76 unlock_buffer(bh);
77
78 if (buffer_write_io_error(bh) || !buffer_uptodate(bh)) {
79 ext4_msg(sbi->s_sb, KERN_ERR, "previous I/O error to "
80 "superblock detected");
81 clear_buffer_write_io_error(bh);
82 set_buffer_uptodate(bh);
83 }
84
85 err = ext4_handle_dirty_metadata(handle, NULL, bh);
86 if (err)
87 goto out_err;
88 err = sync_dirty_buffer(bh);
89 out_err:
90 ext4_std_error(sb, err);
91 return err;
92 }
93
94 /*
95 * Update one backup superblock in the group 'grp' using the callback
96 * function 'func' and argument 'arg'. If the handle is NULL the
97 * modification is not journalled.
98 *
99 * Returns: 0 when no modification was done (no superblock in the group)
100 * 1 when the modification was successful
101 * <0 on error
102 */
ext4_update_backup_sb(struct super_block * sb,handle_t * handle,ext4_group_t grp,ext4_update_sb_callback func,const void * arg)103 static int ext4_update_backup_sb(struct super_block *sb,
104 handle_t *handle, ext4_group_t grp,
105 ext4_update_sb_callback func, const void *arg)
106 {
107 int err = 0;
108 ext4_fsblk_t sb_block;
109 struct buffer_head *bh;
110 unsigned long offset = 0;
111 struct ext4_super_block *es;
112
113 if (!ext4_bg_has_super(sb, grp))
114 return 0;
115
116 /*
117 * For the group 0 there is always 1k padding, so we have
118 * either adjust offset, or sb_block depending on blocksize
119 */
120 if (grp == 0) {
121 sb_block = 1 * EXT4_MIN_BLOCK_SIZE;
122 offset = do_div(sb_block, sb->s_blocksize);
123 } else {
124 sb_block = ext4_group_first_block_no(sb, grp);
125 offset = 0;
126 }
127
128 trace_ext4_update_sb(sb, sb_block, handle ? 1 : 0);
129
130 bh = ext4_sb_bread(sb, sb_block, 0);
131 if (IS_ERR(bh))
132 return PTR_ERR(bh);
133
134 if (handle) {
135 BUFFER_TRACE(bh, "get_write_access");
136 err = ext4_journal_get_write_access(handle, sb,
137 bh,
138 EXT4_JTR_NONE);
139 if (err)
140 goto out_bh;
141 }
142
143 es = (struct ext4_super_block *) (bh->b_data + offset);
144 lock_buffer(bh);
145 if (ext4_has_metadata_csum(sb) &&
146 es->s_checksum != ext4_superblock_csum(sb, es)) {
147 ext4_msg(sb, KERN_ERR, "Invalid checksum for backup "
148 "superblock %llu", sb_block);
149 unlock_buffer(bh);
150 goto out_bh;
151 }
152 func(es, arg);
153 if (ext4_has_metadata_csum(sb))
154 es->s_checksum = ext4_superblock_csum(sb, es);
155 set_buffer_uptodate(bh);
156 unlock_buffer(bh);
157
158 if (err)
159 goto out_bh;
160
161 if (handle) {
162 err = ext4_handle_dirty_metadata(handle, NULL, bh);
163 if (err)
164 goto out_bh;
165 } else {
166 BUFFER_TRACE(bh, "marking dirty");
167 mark_buffer_dirty(bh);
168 }
169 err = sync_dirty_buffer(bh);
170
171 out_bh:
172 brelse(bh);
173 ext4_std_error(sb, err);
174 return (err) ? err : 1;
175 }
176
177 /*
178 * Update primary and backup superblocks using the provided function
179 * func and argument arg.
180 *
181 * Only the primary superblock and at most two backup superblock
182 * modifications are journalled; the rest is modified without journal.
183 * This is safe because e2fsck will re-write them if there is a problem,
184 * and we're very unlikely to ever need more than two backups.
185 */
186 static
ext4_update_superblocks_fn(struct super_block * sb,ext4_update_sb_callback func,const void * arg)187 int ext4_update_superblocks_fn(struct super_block *sb,
188 ext4_update_sb_callback func,
189 const void *arg)
190 {
191 handle_t *handle;
192 ext4_group_t ngroups;
193 unsigned int three = 1;
194 unsigned int five = 5;
195 unsigned int seven = 7;
196 int err = 0, ret, i;
197 ext4_group_t grp, primary_grp;
198 struct ext4_sb_info *sbi = EXT4_SB(sb);
199
200 /*
201 * We can't update superblocks while the online resize is running
202 */
203 if (test_and_set_bit_lock(EXT4_FLAGS_RESIZING,
204 &sbi->s_ext4_flags)) {
205 ext4_msg(sb, KERN_ERR, "Can't modify superblock while"
206 "performing online resize");
207 return -EBUSY;
208 }
209
210 /*
211 * We're only going to update primary superblock and two
212 * backup superblocks in this transaction.
213 */
214 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 3);
215 if (IS_ERR(handle)) {
216 err = PTR_ERR(handle);
217 goto out;
218 }
219
220 /* Update primary superblock */
221 err = ext4_update_primary_sb(sb, handle, func, arg);
222 if (err) {
223 ext4_msg(sb, KERN_ERR, "Failed to update primary "
224 "superblock");
225 goto out_journal;
226 }
227
228 primary_grp = ext4_get_group_number(sb, sbi->s_sbh->b_blocknr);
229 ngroups = ext4_get_groups_count(sb);
230
231 /*
232 * Update backup superblocks. We have to start from group 0
233 * because it might not be where the primary superblock is
234 * if the fs is mounted with -o sb=<backup_sb_block>
235 */
236 i = 0;
237 grp = 0;
238 while (grp < ngroups) {
239 /* Skip primary superblock */
240 if (grp == primary_grp)
241 goto next_grp;
242
243 ret = ext4_update_backup_sb(sb, handle, grp, func, arg);
244 if (ret < 0) {
245 /* Ignore bad checksum; try to update next sb */
246 if (ret == -EFSBADCRC)
247 goto next_grp;
248 err = ret;
249 goto out_journal;
250 }
251
252 i += ret;
253 if (handle && i > 1) {
254 /*
255 * We're only journalling primary superblock and
256 * two backup superblocks; the rest is not
257 * journalled.
258 */
259 err = ext4_journal_stop(handle);
260 if (err)
261 goto out;
262 handle = NULL;
263 }
264 next_grp:
265 grp = ext4_list_backups(sb, &three, &five, &seven);
266 }
267
268 out_journal:
269 if (handle) {
270 ret = ext4_journal_stop(handle);
271 if (ret && !err)
272 err = ret;
273 }
274 out:
275 clear_bit_unlock(EXT4_FLAGS_RESIZING, &sbi->s_ext4_flags);
276 smp_mb__after_atomic();
277 return err ? err : 0;
278 }
279
280 /*
281 * Swap memory between @a and @b for @len bytes.
282 *
283 * @a: pointer to first memory area
284 * @b: pointer to second memory area
285 * @len: number of bytes to swap
286 *
287 */
memswap(void * a,void * b,size_t len)288 static void memswap(void *a, void *b, size_t len)
289 {
290 unsigned char *ap, *bp;
291
292 ap = (unsigned char *)a;
293 bp = (unsigned char *)b;
294 while (len-- > 0) {
295 swap(*ap, *bp);
296 ap++;
297 bp++;
298 }
299 }
300
301 /*
302 * Swap i_data and associated attributes between @inode1 and @inode2.
303 * This function is used for the primary swap between inode1 and inode2
304 * and also to revert this primary swap in case of errors.
305 *
306 * Therefore you have to make sure, that calling this method twice
307 * will revert all changes.
308 *
309 * @inode1: pointer to first inode
310 * @inode2: pointer to second inode
311 */
swap_inode_data(struct inode * inode1,struct inode * inode2)312 static void swap_inode_data(struct inode *inode1, struct inode *inode2)
313 {
314 loff_t isize;
315 struct ext4_inode_info *ei1;
316 struct ext4_inode_info *ei2;
317 unsigned long tmp;
318
319 ei1 = EXT4_I(inode1);
320 ei2 = EXT4_I(inode2);
321
322 swap(inode1->i_version, inode2->i_version);
323 swap(inode1->i_atime, inode2->i_atime);
324 swap(inode1->i_mtime, inode2->i_mtime);
325
326 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
327 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
328 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
329 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
330 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
331 swap(ei1->i_disksize, ei2->i_disksize);
332 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
333 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
334
335 isize = i_size_read(inode1);
336 i_size_write(inode1, i_size_read(inode2));
337 i_size_write(inode2, isize);
338 }
339
ext4_reset_inode_seed(struct inode * inode)340 void ext4_reset_inode_seed(struct inode *inode)
341 {
342 struct ext4_inode_info *ei = EXT4_I(inode);
343 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
344 __le32 inum = cpu_to_le32(inode->i_ino);
345 __le32 gen = cpu_to_le32(inode->i_generation);
346 __u32 csum;
347
348 if (!ext4_has_metadata_csum(inode->i_sb))
349 return;
350
351 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
352 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
353 }
354
355 /*
356 * Swap the information from the given @inode and the inode
357 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
358 * important fields of the inodes.
359 *
360 * @sb: the super block of the filesystem
361 * @mnt_userns: user namespace of the mount the inode was found from
362 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
363 *
364 */
swap_inode_boot_loader(struct super_block * sb,struct user_namespace * mnt_userns,struct inode * inode)365 static long swap_inode_boot_loader(struct super_block *sb,
366 struct user_namespace *mnt_userns,
367 struct inode *inode)
368 {
369 handle_t *handle;
370 int err;
371 struct inode *inode_bl;
372 struct ext4_inode_info *ei_bl;
373 qsize_t size, size_bl, diff;
374 blkcnt_t blocks;
375 unsigned short bytes;
376
377 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL);
378 if (IS_ERR(inode_bl))
379 return PTR_ERR(inode_bl);
380 ei_bl = EXT4_I(inode_bl);
381
382 /* Protect orig inodes against a truncate and make sure,
383 * that only 1 swap_inode_boot_loader is running. */
384 lock_two_nondirectories(inode, inode_bl);
385
386 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
387 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
388 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
389 ext4_has_inline_data(inode)) {
390 err = -EINVAL;
391 goto journal_err_out;
392 }
393
394 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
395 !inode_owner_or_capable(mnt_userns, inode) ||
396 !capable(CAP_SYS_ADMIN)) {
397 err = -EPERM;
398 goto journal_err_out;
399 }
400
401 filemap_invalidate_lock(inode->i_mapping);
402 err = filemap_write_and_wait(inode->i_mapping);
403 if (err)
404 goto err_out;
405
406 err = filemap_write_and_wait(inode_bl->i_mapping);
407 if (err)
408 goto err_out;
409
410 /* Wait for all existing dio workers */
411 inode_dio_wait(inode);
412 inode_dio_wait(inode_bl);
413
414 truncate_inode_pages(&inode->i_data, 0);
415 truncate_inode_pages(&inode_bl->i_data, 0);
416
417 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
418 if (IS_ERR(handle)) {
419 err = -EINVAL;
420 goto err_out;
421 }
422 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_SWAP_BOOT, handle);
423
424 /* Protect extent tree against block allocations via delalloc */
425 ext4_double_down_write_data_sem(inode, inode_bl);
426
427 if (inode_bl->i_nlink == 0) {
428 /* this inode has never been used as a BOOT_LOADER */
429 set_nlink(inode_bl, 1);
430 i_uid_write(inode_bl, 0);
431 i_gid_write(inode_bl, 0);
432 inode_bl->i_flags = 0;
433 ei_bl->i_flags = 0;
434 inode_set_iversion(inode_bl, 1);
435 i_size_write(inode_bl, 0);
436 inode_bl->i_mode = S_IFREG;
437 if (ext4_has_feature_extents(sb)) {
438 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
439 ext4_ext_tree_init(handle, inode_bl);
440 } else
441 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
442 }
443
444 err = dquot_initialize(inode);
445 if (err)
446 goto err_out1;
447
448 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
449 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
450 diff = size - size_bl;
451 swap_inode_data(inode, inode_bl);
452
453 inode->i_ctime = inode_bl->i_ctime = current_time(inode);
454 inode_inc_iversion(inode);
455
456 inode->i_generation = get_random_u32();
457 inode_bl->i_generation = get_random_u32();
458 ext4_reset_inode_seed(inode);
459 ext4_reset_inode_seed(inode_bl);
460
461 ext4_discard_preallocations(inode, 0);
462
463 err = ext4_mark_inode_dirty(handle, inode);
464 if (err < 0) {
465 /* No need to update quota information. */
466 ext4_warning(inode->i_sb,
467 "couldn't mark inode #%lu dirty (err %d)",
468 inode->i_ino, err);
469 /* Revert all changes: */
470 swap_inode_data(inode, inode_bl);
471 ext4_mark_inode_dirty(handle, inode);
472 goto err_out1;
473 }
474
475 blocks = inode_bl->i_blocks;
476 bytes = inode_bl->i_bytes;
477 inode_bl->i_blocks = inode->i_blocks;
478 inode_bl->i_bytes = inode->i_bytes;
479 err = ext4_mark_inode_dirty(handle, inode_bl);
480 if (err < 0) {
481 /* No need to update quota information. */
482 ext4_warning(inode_bl->i_sb,
483 "couldn't mark inode #%lu dirty (err %d)",
484 inode_bl->i_ino, err);
485 goto revert;
486 }
487
488 /* Bootloader inode should not be counted into quota information. */
489 if (diff > 0)
490 dquot_free_space(inode, diff);
491 else
492 err = dquot_alloc_space(inode, -1 * diff);
493
494 if (err < 0) {
495 revert:
496 /* Revert all changes: */
497 inode_bl->i_blocks = blocks;
498 inode_bl->i_bytes = bytes;
499 swap_inode_data(inode, inode_bl);
500 ext4_mark_inode_dirty(handle, inode);
501 ext4_mark_inode_dirty(handle, inode_bl);
502 }
503
504 err_out1:
505 ext4_journal_stop(handle);
506 ext4_double_up_write_data_sem(inode, inode_bl);
507
508 err_out:
509 filemap_invalidate_unlock(inode->i_mapping);
510 journal_err_out:
511 unlock_two_nondirectories(inode, inode_bl);
512 iput(inode_bl);
513 return err;
514 }
515
516 /*
517 * If immutable is set and we are not clearing it, we're not allowed to change
518 * anything else in the inode. Don't error out if we're only trying to set
519 * immutable on an immutable file.
520 */
ext4_ioctl_check_immutable(struct inode * inode,__u32 new_projid,unsigned int flags)521 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
522 unsigned int flags)
523 {
524 struct ext4_inode_info *ei = EXT4_I(inode);
525 unsigned int oldflags = ei->i_flags;
526
527 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
528 return 0;
529
530 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
531 return -EPERM;
532 if (ext4_has_feature_project(inode->i_sb) &&
533 __kprojid_val(ei->i_projid) != new_projid)
534 return -EPERM;
535
536 return 0;
537 }
538
ext4_dax_dontcache(struct inode * inode,unsigned int flags)539 static void ext4_dax_dontcache(struct inode *inode, unsigned int flags)
540 {
541 struct ext4_inode_info *ei = EXT4_I(inode);
542
543 if (S_ISDIR(inode->i_mode))
544 return;
545
546 if (test_opt2(inode->i_sb, DAX_NEVER) ||
547 test_opt(inode->i_sb, DAX_ALWAYS))
548 return;
549
550 if ((ei->i_flags ^ flags) & EXT4_DAX_FL)
551 d_mark_dontcache(inode);
552 }
553
dax_compatible(struct inode * inode,unsigned int oldflags,unsigned int flags)554 static bool dax_compatible(struct inode *inode, unsigned int oldflags,
555 unsigned int flags)
556 {
557 /* Allow the DAX flag to be changed on inline directories */
558 if (S_ISDIR(inode->i_mode)) {
559 flags &= ~EXT4_INLINE_DATA_FL;
560 oldflags &= ~EXT4_INLINE_DATA_FL;
561 }
562
563 if (flags & EXT4_DAX_FL) {
564 if ((oldflags & EXT4_DAX_MUT_EXCL) ||
565 ext4_test_inode_state(inode,
566 EXT4_STATE_VERITY_IN_PROGRESS)) {
567 return false;
568 }
569 }
570
571 if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL))
572 return false;
573
574 return true;
575 }
576
ext4_ioctl_setflags(struct inode * inode,unsigned int flags)577 static int ext4_ioctl_setflags(struct inode *inode,
578 unsigned int flags)
579 {
580 struct ext4_inode_info *ei = EXT4_I(inode);
581 handle_t *handle = NULL;
582 int err = -EPERM, migrate = 0;
583 struct ext4_iloc iloc;
584 unsigned int oldflags, mask, i;
585 struct super_block *sb = inode->i_sb;
586
587 /* Is it quota file? Do not allow user to mess with it */
588 if (ext4_is_quota_file(inode))
589 goto flags_out;
590
591 oldflags = ei->i_flags;
592 /*
593 * The JOURNAL_DATA flag can only be changed by
594 * the relevant capability.
595 */
596 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
597 if (!capable(CAP_SYS_RESOURCE))
598 goto flags_out;
599 }
600
601 if (!dax_compatible(inode, oldflags, flags)) {
602 err = -EOPNOTSUPP;
603 goto flags_out;
604 }
605
606 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
607 migrate = 1;
608
609 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) {
610 if (!ext4_has_feature_casefold(sb)) {
611 err = -EOPNOTSUPP;
612 goto flags_out;
613 }
614
615 if (!S_ISDIR(inode->i_mode)) {
616 err = -ENOTDIR;
617 goto flags_out;
618 }
619
620 if (!ext4_empty_dir(inode)) {
621 err = -ENOTEMPTY;
622 goto flags_out;
623 }
624 }
625
626 /*
627 * Wait for all pending directio and then flush all the dirty pages
628 * for this file. The flush marks all the pages readonly, so any
629 * subsequent attempt to write to the file (particularly mmap pages)
630 * will come through the filesystem and fail.
631 */
632 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
633 (flags & EXT4_IMMUTABLE_FL)) {
634 inode_dio_wait(inode);
635 err = filemap_write_and_wait(inode->i_mapping);
636 if (err)
637 goto flags_out;
638 }
639
640 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
641 if (IS_ERR(handle)) {
642 err = PTR_ERR(handle);
643 goto flags_out;
644 }
645 if (IS_SYNC(inode))
646 ext4_handle_sync(handle);
647 err = ext4_reserve_inode_write(handle, inode, &iloc);
648 if (err)
649 goto flags_err;
650
651 ext4_dax_dontcache(inode, flags);
652
653 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
654 if (!(mask & EXT4_FL_USER_MODIFIABLE))
655 continue;
656 /* These flags get special treatment later */
657 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
658 continue;
659 if (mask & flags)
660 ext4_set_inode_flag(inode, i);
661 else
662 ext4_clear_inode_flag(inode, i);
663 }
664
665 ext4_set_inode_flags(inode, false);
666
667 inode->i_ctime = current_time(inode);
668 inode_inc_iversion(inode);
669
670 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
671 flags_err:
672 ext4_journal_stop(handle);
673 if (err)
674 goto flags_out;
675
676 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
677 /*
678 * Changes to the journaling mode can cause unsafe changes to
679 * S_DAX if the inode is DAX
680 */
681 if (IS_DAX(inode)) {
682 err = -EBUSY;
683 goto flags_out;
684 }
685
686 err = ext4_change_inode_journal_flag(inode,
687 flags & EXT4_JOURNAL_DATA_FL);
688 if (err)
689 goto flags_out;
690 }
691 if (migrate) {
692 if (flags & EXT4_EXTENTS_FL)
693 err = ext4_ext_migrate(inode);
694 else
695 err = ext4_ind_migrate(inode);
696 }
697
698 flags_out:
699 return err;
700 }
701
702 #ifdef CONFIG_QUOTA
ext4_ioctl_setproject(struct inode * inode,__u32 projid)703 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
704 {
705 struct super_block *sb = inode->i_sb;
706 struct ext4_inode_info *ei = EXT4_I(inode);
707 int err, rc;
708 handle_t *handle;
709 kprojid_t kprojid;
710 struct ext4_iloc iloc;
711 struct ext4_inode *raw_inode;
712 struct dquot *transfer_to[MAXQUOTAS] = { };
713
714 if (!ext4_has_feature_project(sb)) {
715 if (projid != EXT4_DEF_PROJID)
716 return -EOPNOTSUPP;
717 else
718 return 0;
719 }
720
721 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
722 return -EOPNOTSUPP;
723
724 kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
725
726 if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
727 return 0;
728
729 err = -EPERM;
730 /* Is it quota file? Do not allow user to mess with it */
731 if (ext4_is_quota_file(inode))
732 return err;
733
734 err = ext4_get_inode_loc(inode, &iloc);
735 if (err)
736 return err;
737
738 raw_inode = ext4_raw_inode(&iloc);
739 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
740 err = ext4_expand_extra_isize(inode,
741 EXT4_SB(sb)->s_want_extra_isize,
742 &iloc);
743 if (err)
744 return err;
745 } else {
746 brelse(iloc.bh);
747 }
748
749 err = dquot_initialize(inode);
750 if (err)
751 return err;
752
753 handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
754 EXT4_QUOTA_INIT_BLOCKS(sb) +
755 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
756 if (IS_ERR(handle))
757 return PTR_ERR(handle);
758
759 err = ext4_reserve_inode_write(handle, inode, &iloc);
760 if (err)
761 goto out_stop;
762
763 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
764 if (!IS_ERR(transfer_to[PRJQUOTA])) {
765
766 /* __dquot_transfer() calls back ext4_get_inode_usage() which
767 * counts xattr inode references.
768 */
769 down_read(&EXT4_I(inode)->xattr_sem);
770 err = __dquot_transfer(inode, transfer_to);
771 up_read(&EXT4_I(inode)->xattr_sem);
772 dqput(transfer_to[PRJQUOTA]);
773 if (err)
774 goto out_dirty;
775 }
776
777 EXT4_I(inode)->i_projid = kprojid;
778 inode->i_ctime = current_time(inode);
779 inode_inc_iversion(inode);
780 out_dirty:
781 rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
782 if (!err)
783 err = rc;
784 out_stop:
785 ext4_journal_stop(handle);
786 return err;
787 }
788 #else
ext4_ioctl_setproject(struct inode * inode,__u32 projid)789 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
790 {
791 if (projid != EXT4_DEF_PROJID)
792 return -EOPNOTSUPP;
793 return 0;
794 }
795 #endif
796
ext4_shutdown(struct super_block * sb,unsigned long arg)797 static int ext4_shutdown(struct super_block *sb, unsigned long arg)
798 {
799 struct ext4_sb_info *sbi = EXT4_SB(sb);
800 __u32 flags;
801
802 if (!capable(CAP_SYS_ADMIN))
803 return -EPERM;
804
805 if (get_user(flags, (__u32 __user *)arg))
806 return -EFAULT;
807
808 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
809 return -EINVAL;
810
811 if (ext4_forced_shutdown(sbi))
812 return 0;
813
814 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
815 trace_ext4_shutdown(sb, flags);
816
817 switch (flags) {
818 case EXT4_GOING_FLAGS_DEFAULT:
819 freeze_bdev(sb->s_bdev);
820 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
821 thaw_bdev(sb->s_bdev);
822 break;
823 case EXT4_GOING_FLAGS_LOGFLUSH:
824 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
825 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
826 (void) ext4_force_commit(sb);
827 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
828 }
829 break;
830 case EXT4_GOING_FLAGS_NOLOGFLUSH:
831 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
832 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
833 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
834 break;
835 default:
836 return -EINVAL;
837 }
838 clear_opt(sb, DISCARD);
839 return 0;
840 }
841
842 struct getfsmap_info {
843 struct super_block *gi_sb;
844 struct fsmap_head __user *gi_data;
845 unsigned int gi_idx;
846 __u32 gi_last_flags;
847 };
848
ext4_getfsmap_format(struct ext4_fsmap * xfm,void * priv)849 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
850 {
851 struct getfsmap_info *info = priv;
852 struct fsmap fm;
853
854 trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
855
856 info->gi_last_flags = xfm->fmr_flags;
857 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
858 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
859 sizeof(struct fsmap)))
860 return -EFAULT;
861
862 return 0;
863 }
864
ext4_ioc_getfsmap(struct super_block * sb,struct fsmap_head __user * arg)865 static int ext4_ioc_getfsmap(struct super_block *sb,
866 struct fsmap_head __user *arg)
867 {
868 struct getfsmap_info info = { NULL };
869 struct ext4_fsmap_head xhead = {0};
870 struct fsmap_head head;
871 bool aborted = false;
872 int error;
873
874 if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
875 return -EFAULT;
876 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
877 memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
878 sizeof(head.fmh_keys[0].fmr_reserved)) ||
879 memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
880 sizeof(head.fmh_keys[1].fmr_reserved)))
881 return -EINVAL;
882 /*
883 * ext4 doesn't report file extents at all, so the only valid
884 * file offsets are the magic ones (all zeroes or all ones).
885 */
886 if (head.fmh_keys[0].fmr_offset ||
887 (head.fmh_keys[1].fmr_offset != 0 &&
888 head.fmh_keys[1].fmr_offset != -1ULL))
889 return -EINVAL;
890
891 xhead.fmh_iflags = head.fmh_iflags;
892 xhead.fmh_count = head.fmh_count;
893 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
894 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
895
896 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
897 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
898
899 info.gi_sb = sb;
900 info.gi_data = arg;
901 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
902 if (error == EXT4_QUERY_RANGE_ABORT)
903 aborted = true;
904 else if (error)
905 return error;
906
907 /* If we didn't abort, set the "last" flag in the last fmx */
908 if (!aborted && info.gi_idx) {
909 info.gi_last_flags |= FMR_OF_LAST;
910 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
911 &info.gi_last_flags,
912 sizeof(info.gi_last_flags)))
913 return -EFAULT;
914 }
915
916 /* copy back header */
917 head.fmh_entries = xhead.fmh_entries;
918 head.fmh_oflags = xhead.fmh_oflags;
919 if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
920 return -EFAULT;
921
922 return 0;
923 }
924
ext4_ioctl_group_add(struct file * file,struct ext4_new_group_data * input)925 static long ext4_ioctl_group_add(struct file *file,
926 struct ext4_new_group_data *input)
927 {
928 struct super_block *sb = file_inode(file)->i_sb;
929 int err, err2=0;
930
931 err = ext4_resize_begin(sb);
932 if (err)
933 return err;
934
935 if (ext4_has_feature_bigalloc(sb)) {
936 ext4_msg(sb, KERN_ERR,
937 "Online resizing not supported with bigalloc");
938 err = -EOPNOTSUPP;
939 goto group_add_out;
940 }
941
942 err = mnt_want_write_file(file);
943 if (err)
944 goto group_add_out;
945
946 err = ext4_group_add(sb, input);
947 if (EXT4_SB(sb)->s_journal) {
948 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
949 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
950 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
951 }
952 if (err == 0)
953 err = err2;
954 mnt_drop_write_file(file);
955 if (!err && ext4_has_group_desc_csum(sb) &&
956 test_opt(sb, INIT_INODE_TABLE))
957 err = ext4_register_li_request(sb, input->group);
958 group_add_out:
959 err2 = ext4_resize_end(sb, false);
960 if (err == 0)
961 err = err2;
962 return err;
963 }
964
ext4_fileattr_get(struct dentry * dentry,struct fileattr * fa)965 int ext4_fileattr_get(struct dentry *dentry, struct fileattr *fa)
966 {
967 struct inode *inode = d_inode(dentry);
968 struct ext4_inode_info *ei = EXT4_I(inode);
969 u32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
970
971 if (S_ISREG(inode->i_mode))
972 flags &= ~FS_PROJINHERIT_FL;
973
974 fileattr_fill_flags(fa, flags);
975 if (ext4_has_feature_project(inode->i_sb))
976 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid);
977
978 return 0;
979 }
980
ext4_fileattr_set(struct user_namespace * mnt_userns,struct dentry * dentry,struct fileattr * fa)981 int ext4_fileattr_set(struct user_namespace *mnt_userns,
982 struct dentry *dentry, struct fileattr *fa)
983 {
984 struct inode *inode = d_inode(dentry);
985 u32 flags = fa->flags;
986 int err = -EOPNOTSUPP;
987
988 if (flags & ~EXT4_FL_USER_VISIBLE)
989 goto out;
990
991 /*
992 * chattr(1) grabs flags via GETFLAGS, modifies the result and
993 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
994 * more restrictive than just silently masking off visible but
995 * not settable flags as we always did.
996 */
997 flags &= EXT4_FL_USER_MODIFIABLE;
998 if (ext4_mask_flags(inode->i_mode, flags) != flags)
999 goto out;
1000 err = ext4_ioctl_check_immutable(inode, fa->fsx_projid, flags);
1001 if (err)
1002 goto out;
1003 err = ext4_ioctl_setflags(inode, flags);
1004 if (err)
1005 goto out;
1006 err = ext4_ioctl_setproject(inode, fa->fsx_projid);
1007 out:
1008 return err;
1009 }
1010
1011 /* So that the fiemap access checks can't overflow on 32 bit machines. */
1012 #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent))
1013
ext4_ioctl_get_es_cache(struct file * filp,unsigned long arg)1014 static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg)
1015 {
1016 struct fiemap fiemap;
1017 struct fiemap __user *ufiemap = (struct fiemap __user *) arg;
1018 struct fiemap_extent_info fieinfo = { 0, };
1019 struct inode *inode = file_inode(filp);
1020 int error;
1021
1022 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap)))
1023 return -EFAULT;
1024
1025 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS)
1026 return -EINVAL;
1027
1028 fieinfo.fi_flags = fiemap.fm_flags;
1029 fieinfo.fi_extents_max = fiemap.fm_extent_count;
1030 fieinfo.fi_extents_start = ufiemap->fm_extents;
1031
1032 error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start,
1033 fiemap.fm_length);
1034 fiemap.fm_flags = fieinfo.fi_flags;
1035 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
1036 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap)))
1037 error = -EFAULT;
1038
1039 return error;
1040 }
1041
ext4_ioctl_checkpoint(struct file * filp,unsigned long arg)1042 static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg)
1043 {
1044 int err = 0;
1045 __u32 flags = 0;
1046 unsigned int flush_flags = 0;
1047 struct super_block *sb = file_inode(filp)->i_sb;
1048
1049 if (copy_from_user(&flags, (__u32 __user *)arg,
1050 sizeof(__u32)))
1051 return -EFAULT;
1052
1053 if (!capable(CAP_SYS_ADMIN))
1054 return -EPERM;
1055
1056 /* check for invalid bits set */
1057 if ((flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) ||
1058 ((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
1059 (flags & JBD2_JOURNAL_FLUSH_ZEROOUT)))
1060 return -EINVAL;
1061
1062 if (!EXT4_SB(sb)->s_journal)
1063 return -ENODEV;
1064
1065 if ((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
1066 !bdev_max_discard_sectors(EXT4_SB(sb)->s_journal->j_dev))
1067 return -EOPNOTSUPP;
1068
1069 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DRY_RUN)
1070 return 0;
1071
1072 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DISCARD)
1073 flush_flags |= JBD2_JOURNAL_FLUSH_DISCARD;
1074
1075 if (flags & EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT) {
1076 flush_flags |= JBD2_JOURNAL_FLUSH_ZEROOUT;
1077 pr_info_ratelimited("warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow");
1078 }
1079
1080 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1081 err = jbd2_journal_flush(EXT4_SB(sb)->s_journal, flush_flags);
1082 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1083
1084 return err;
1085 }
1086
ext4_ioctl_setlabel(struct file * filp,const char __user * user_label)1087 static int ext4_ioctl_setlabel(struct file *filp, const char __user *user_label)
1088 {
1089 size_t len;
1090 int ret = 0;
1091 char new_label[EXT4_LABEL_MAX + 1];
1092 struct super_block *sb = file_inode(filp)->i_sb;
1093
1094 if (!capable(CAP_SYS_ADMIN))
1095 return -EPERM;
1096
1097 /*
1098 * Copy the maximum length allowed for ext4 label with one more to
1099 * find the required terminating null byte in order to test the
1100 * label length. The on disk label doesn't need to be null terminated.
1101 */
1102 if (copy_from_user(new_label, user_label, EXT4_LABEL_MAX + 1))
1103 return -EFAULT;
1104
1105 len = strnlen(new_label, EXT4_LABEL_MAX + 1);
1106 if (len > EXT4_LABEL_MAX)
1107 return -EINVAL;
1108
1109 /*
1110 * Clear the buffer after the new label
1111 */
1112 memset(new_label + len, 0, EXT4_LABEL_MAX - len);
1113
1114 ret = mnt_want_write_file(filp);
1115 if (ret)
1116 return ret;
1117
1118 ret = ext4_update_superblocks_fn(sb, ext4_sb_setlabel, new_label);
1119
1120 mnt_drop_write_file(filp);
1121 return ret;
1122 }
1123
ext4_ioctl_getlabel(struct ext4_sb_info * sbi,char __user * user_label)1124 static int ext4_ioctl_getlabel(struct ext4_sb_info *sbi, char __user *user_label)
1125 {
1126 char label[EXT4_LABEL_MAX + 1];
1127
1128 /*
1129 * EXT4_LABEL_MAX must always be smaller than FSLABEL_MAX because
1130 * FSLABEL_MAX must include terminating null byte, while s_volume_name
1131 * does not have to.
1132 */
1133 BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX);
1134
1135 memset(label, 0, sizeof(label));
1136 lock_buffer(sbi->s_sbh);
1137 strncpy(label, sbi->s_es->s_volume_name, EXT4_LABEL_MAX);
1138 unlock_buffer(sbi->s_sbh);
1139
1140 if (copy_to_user(user_label, label, sizeof(label)))
1141 return -EFAULT;
1142 return 0;
1143 }
1144
ext4_ioctl_getuuid(struct ext4_sb_info * sbi,struct fsuuid __user * ufsuuid)1145 static int ext4_ioctl_getuuid(struct ext4_sb_info *sbi,
1146 struct fsuuid __user *ufsuuid)
1147 {
1148 struct fsuuid fsuuid;
1149 __u8 uuid[UUID_SIZE];
1150
1151 if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid)))
1152 return -EFAULT;
1153
1154 if (fsuuid.fsu_len == 0) {
1155 fsuuid.fsu_len = UUID_SIZE;
1156 if (copy_to_user(ufsuuid, &fsuuid, sizeof(fsuuid.fsu_len)))
1157 return -EFAULT;
1158 return -EINVAL;
1159 }
1160
1161 if (fsuuid.fsu_len != UUID_SIZE || fsuuid.fsu_flags != 0)
1162 return -EINVAL;
1163
1164 lock_buffer(sbi->s_sbh);
1165 memcpy(uuid, sbi->s_es->s_uuid, UUID_SIZE);
1166 unlock_buffer(sbi->s_sbh);
1167
1168 if (copy_to_user(&ufsuuid->fsu_uuid[0], uuid, UUID_SIZE))
1169 return -EFAULT;
1170 return 0;
1171 }
1172
ext4_ioctl_setuuid(struct file * filp,const struct fsuuid __user * ufsuuid)1173 static int ext4_ioctl_setuuid(struct file *filp,
1174 const struct fsuuid __user *ufsuuid)
1175 {
1176 int ret = 0;
1177 struct super_block *sb = file_inode(filp)->i_sb;
1178 struct fsuuid fsuuid;
1179 __u8 uuid[UUID_SIZE];
1180
1181 if (!capable(CAP_SYS_ADMIN))
1182 return -EPERM;
1183
1184 /*
1185 * If any checksums (group descriptors or metadata) are being used
1186 * then the checksum seed feature is required to change the UUID.
1187 */
1188 if (((ext4_has_feature_gdt_csum(sb) || ext4_has_metadata_csum(sb))
1189 && !ext4_has_feature_csum_seed(sb))
1190 || ext4_has_feature_stable_inodes(sb))
1191 return -EOPNOTSUPP;
1192
1193 if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid)))
1194 return -EFAULT;
1195
1196 if (fsuuid.fsu_len != UUID_SIZE || fsuuid.fsu_flags != 0)
1197 return -EINVAL;
1198
1199 if (copy_from_user(uuid, &ufsuuid->fsu_uuid[0], UUID_SIZE))
1200 return -EFAULT;
1201
1202 ret = mnt_want_write_file(filp);
1203 if (ret)
1204 return ret;
1205
1206 ret = ext4_update_superblocks_fn(sb, ext4_sb_setuuid, &uuid);
1207 mnt_drop_write_file(filp);
1208
1209 return ret;
1210 }
1211
__ext4_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)1212 static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1213 {
1214 struct inode *inode = file_inode(filp);
1215 struct super_block *sb = inode->i_sb;
1216 struct user_namespace *mnt_userns = file_mnt_user_ns(filp);
1217
1218 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
1219
1220 switch (cmd) {
1221 case FS_IOC_GETFSMAP:
1222 return ext4_ioc_getfsmap(sb, (void __user *)arg);
1223 case EXT4_IOC_GETVERSION:
1224 case EXT4_IOC_GETVERSION_OLD:
1225 return put_user(inode->i_generation, (int __user *) arg);
1226 case EXT4_IOC_SETVERSION:
1227 case EXT4_IOC_SETVERSION_OLD: {
1228 handle_t *handle;
1229 struct ext4_iloc iloc;
1230 __u32 generation;
1231 int err;
1232
1233 if (!inode_owner_or_capable(mnt_userns, inode))
1234 return -EPERM;
1235
1236 if (ext4_has_metadata_csum(inode->i_sb)) {
1237 ext4_warning(sb, "Setting inode version is not "
1238 "supported with metadata_csum enabled.");
1239 return -ENOTTY;
1240 }
1241
1242 err = mnt_want_write_file(filp);
1243 if (err)
1244 return err;
1245 if (get_user(generation, (int __user *) arg)) {
1246 err = -EFAULT;
1247 goto setversion_out;
1248 }
1249
1250 inode_lock(inode);
1251 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
1252 if (IS_ERR(handle)) {
1253 err = PTR_ERR(handle);
1254 goto unlock_out;
1255 }
1256 err = ext4_reserve_inode_write(handle, inode, &iloc);
1257 if (err == 0) {
1258 inode->i_ctime = current_time(inode);
1259 inode_inc_iversion(inode);
1260 inode->i_generation = generation;
1261 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
1262 }
1263 ext4_journal_stop(handle);
1264
1265 unlock_out:
1266 inode_unlock(inode);
1267 setversion_out:
1268 mnt_drop_write_file(filp);
1269 return err;
1270 }
1271 case EXT4_IOC_GROUP_EXTEND: {
1272 ext4_fsblk_t n_blocks_count;
1273 int err, err2=0;
1274
1275 err = ext4_resize_begin(sb);
1276 if (err)
1277 return err;
1278
1279 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
1280 err = -EFAULT;
1281 goto group_extend_out;
1282 }
1283
1284 if (ext4_has_feature_bigalloc(sb)) {
1285 ext4_msg(sb, KERN_ERR,
1286 "Online resizing not supported with bigalloc");
1287 err = -EOPNOTSUPP;
1288 goto group_extend_out;
1289 }
1290
1291 err = mnt_want_write_file(filp);
1292 if (err)
1293 goto group_extend_out;
1294
1295 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
1296 if (EXT4_SB(sb)->s_journal) {
1297 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1298 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1299 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1300 }
1301 if (err == 0)
1302 err = err2;
1303 mnt_drop_write_file(filp);
1304 group_extend_out:
1305 err2 = ext4_resize_end(sb, false);
1306 if (err == 0)
1307 err = err2;
1308 return err;
1309 }
1310
1311 case EXT4_IOC_MOVE_EXT: {
1312 struct move_extent me;
1313 struct fd donor;
1314 int err;
1315
1316 if (!(filp->f_mode & FMODE_READ) ||
1317 !(filp->f_mode & FMODE_WRITE))
1318 return -EBADF;
1319
1320 if (copy_from_user(&me,
1321 (struct move_extent __user *)arg, sizeof(me)))
1322 return -EFAULT;
1323 me.moved_len = 0;
1324
1325 donor = fdget(me.donor_fd);
1326 if (!donor.file)
1327 return -EBADF;
1328
1329 if (!(donor.file->f_mode & FMODE_WRITE)) {
1330 err = -EBADF;
1331 goto mext_out;
1332 }
1333
1334 if (ext4_has_feature_bigalloc(sb)) {
1335 ext4_msg(sb, KERN_ERR,
1336 "Online defrag not supported with bigalloc");
1337 err = -EOPNOTSUPP;
1338 goto mext_out;
1339 } else if (IS_DAX(inode)) {
1340 ext4_msg(sb, KERN_ERR,
1341 "Online defrag not supported with DAX");
1342 err = -EOPNOTSUPP;
1343 goto mext_out;
1344 }
1345
1346 err = mnt_want_write_file(filp);
1347 if (err)
1348 goto mext_out;
1349
1350 err = ext4_move_extents(filp, donor.file, me.orig_start,
1351 me.donor_start, me.len, &me.moved_len);
1352 mnt_drop_write_file(filp);
1353
1354 if (copy_to_user((struct move_extent __user *)arg,
1355 &me, sizeof(me)))
1356 err = -EFAULT;
1357 mext_out:
1358 fdput(donor);
1359 return err;
1360 }
1361
1362 case EXT4_IOC_GROUP_ADD: {
1363 struct ext4_new_group_data input;
1364
1365 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
1366 sizeof(input)))
1367 return -EFAULT;
1368
1369 return ext4_ioctl_group_add(filp, &input);
1370 }
1371
1372 case EXT4_IOC_MIGRATE:
1373 {
1374 int err;
1375 if (!inode_owner_or_capable(mnt_userns, inode))
1376 return -EACCES;
1377
1378 err = mnt_want_write_file(filp);
1379 if (err)
1380 return err;
1381 /*
1382 * inode_mutex prevent write and truncate on the file.
1383 * Read still goes through. We take i_data_sem in
1384 * ext4_ext_swap_inode_data before we switch the
1385 * inode format to prevent read.
1386 */
1387 inode_lock((inode));
1388 err = ext4_ext_migrate(inode);
1389 inode_unlock((inode));
1390 mnt_drop_write_file(filp);
1391 return err;
1392 }
1393
1394 case EXT4_IOC_ALLOC_DA_BLKS:
1395 {
1396 int err;
1397 if (!inode_owner_or_capable(mnt_userns, inode))
1398 return -EACCES;
1399
1400 err = mnt_want_write_file(filp);
1401 if (err)
1402 return err;
1403 err = ext4_alloc_da_blocks(inode);
1404 mnt_drop_write_file(filp);
1405 return err;
1406 }
1407
1408 case EXT4_IOC_SWAP_BOOT:
1409 {
1410 int err;
1411 if (!(filp->f_mode & FMODE_WRITE))
1412 return -EBADF;
1413 err = mnt_want_write_file(filp);
1414 if (err)
1415 return err;
1416 err = swap_inode_boot_loader(sb, mnt_userns, inode);
1417 mnt_drop_write_file(filp);
1418 return err;
1419 }
1420
1421 case EXT4_IOC_RESIZE_FS: {
1422 ext4_fsblk_t n_blocks_count;
1423 int err = 0, err2 = 0;
1424 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
1425
1426 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1427 sizeof(__u64))) {
1428 return -EFAULT;
1429 }
1430
1431 err = ext4_resize_begin(sb);
1432 if (err)
1433 return err;
1434
1435 err = mnt_want_write_file(filp);
1436 if (err)
1437 goto resizefs_out;
1438
1439 err = ext4_resize_fs(sb, n_blocks_count);
1440 if (EXT4_SB(sb)->s_journal) {
1441 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE, NULL);
1442 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1443 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1444 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1445 }
1446 if (err == 0)
1447 err = err2;
1448 mnt_drop_write_file(filp);
1449 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1450 ext4_has_group_desc_csum(sb) &&
1451 test_opt(sb, INIT_INODE_TABLE))
1452 err = ext4_register_li_request(sb, o_group);
1453
1454 resizefs_out:
1455 err2 = ext4_resize_end(sb, true);
1456 if (err == 0)
1457 err = err2;
1458 return err;
1459 }
1460
1461 case FITRIM:
1462 {
1463 struct fstrim_range range;
1464 int ret = 0;
1465
1466 if (!capable(CAP_SYS_ADMIN))
1467 return -EPERM;
1468
1469 if (!bdev_max_discard_sectors(sb->s_bdev))
1470 return -EOPNOTSUPP;
1471
1472 /*
1473 * We haven't replayed the journal, so we cannot use our
1474 * block-bitmap-guided storage zapping commands.
1475 */
1476 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1477 return -EROFS;
1478
1479 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1480 sizeof(range)))
1481 return -EFAULT;
1482
1483 ret = ext4_trim_fs(sb, &range);
1484 if (ret < 0)
1485 return ret;
1486
1487 if (copy_to_user((struct fstrim_range __user *)arg, &range,
1488 sizeof(range)))
1489 return -EFAULT;
1490
1491 return 0;
1492 }
1493 case EXT4_IOC_PRECACHE_EXTENTS:
1494 return ext4_ext_precache(inode);
1495
1496 case FS_IOC_SET_ENCRYPTION_POLICY:
1497 if (!ext4_has_feature_encrypt(sb))
1498 return -EOPNOTSUPP;
1499 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1500
1501 case FS_IOC_GET_ENCRYPTION_PWSALT:
1502 return ext4_ioctl_get_encryption_pwsalt(filp, (void __user *)arg);
1503
1504 case FS_IOC_GET_ENCRYPTION_POLICY:
1505 if (!ext4_has_feature_encrypt(sb))
1506 return -EOPNOTSUPP;
1507 return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1508
1509 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1510 if (!ext4_has_feature_encrypt(sb))
1511 return -EOPNOTSUPP;
1512 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg);
1513
1514 case FS_IOC_ADD_ENCRYPTION_KEY:
1515 if (!ext4_has_feature_encrypt(sb))
1516 return -EOPNOTSUPP;
1517 return fscrypt_ioctl_add_key(filp, (void __user *)arg);
1518
1519 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1520 if (!ext4_has_feature_encrypt(sb))
1521 return -EOPNOTSUPP;
1522 return fscrypt_ioctl_remove_key(filp, (void __user *)arg);
1523
1524 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1525 if (!ext4_has_feature_encrypt(sb))
1526 return -EOPNOTSUPP;
1527 return fscrypt_ioctl_remove_key_all_users(filp,
1528 (void __user *)arg);
1529 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1530 if (!ext4_has_feature_encrypt(sb))
1531 return -EOPNOTSUPP;
1532 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg);
1533
1534 case FS_IOC_GET_ENCRYPTION_NONCE:
1535 if (!ext4_has_feature_encrypt(sb))
1536 return -EOPNOTSUPP;
1537 return fscrypt_ioctl_get_nonce(filp, (void __user *)arg);
1538
1539 case EXT4_IOC_CLEAR_ES_CACHE:
1540 {
1541 if (!inode_owner_or_capable(mnt_userns, inode))
1542 return -EACCES;
1543 ext4_clear_inode_es(inode);
1544 return 0;
1545 }
1546
1547 case EXT4_IOC_GETSTATE:
1548 {
1549 __u32 state = 0;
1550
1551 if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED))
1552 state |= EXT4_STATE_FLAG_EXT_PRECACHED;
1553 if (ext4_test_inode_state(inode, EXT4_STATE_NEW))
1554 state |= EXT4_STATE_FLAG_NEW;
1555 if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
1556 state |= EXT4_STATE_FLAG_NEWENTRY;
1557 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE))
1558 state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE;
1559
1560 return put_user(state, (__u32 __user *) arg);
1561 }
1562
1563 case EXT4_IOC_GET_ES_CACHE:
1564 return ext4_ioctl_get_es_cache(filp, arg);
1565
1566 case EXT4_IOC_SHUTDOWN:
1567 return ext4_shutdown(sb, arg);
1568
1569 case FS_IOC_ENABLE_VERITY:
1570 if (!ext4_has_feature_verity(sb))
1571 return -EOPNOTSUPP;
1572 return fsverity_ioctl_enable(filp, (const void __user *)arg);
1573
1574 case FS_IOC_MEASURE_VERITY:
1575 if (!ext4_has_feature_verity(sb))
1576 return -EOPNOTSUPP;
1577 return fsverity_ioctl_measure(filp, (void __user *)arg);
1578
1579 case FS_IOC_READ_VERITY_METADATA:
1580 if (!ext4_has_feature_verity(sb))
1581 return -EOPNOTSUPP;
1582 return fsverity_ioctl_read_metadata(filp,
1583 (const void __user *)arg);
1584
1585 case EXT4_IOC_CHECKPOINT:
1586 return ext4_ioctl_checkpoint(filp, arg);
1587
1588 case FS_IOC_GETFSLABEL:
1589 return ext4_ioctl_getlabel(EXT4_SB(sb), (void __user *)arg);
1590
1591 case FS_IOC_SETFSLABEL:
1592 return ext4_ioctl_setlabel(filp,
1593 (const void __user *)arg);
1594
1595 case EXT4_IOC_GETFSUUID:
1596 return ext4_ioctl_getuuid(EXT4_SB(sb), (void __user *)arg);
1597 case EXT4_IOC_SETFSUUID:
1598 return ext4_ioctl_setuuid(filp, (const void __user *)arg);
1599 default:
1600 return -ENOTTY;
1601 }
1602 }
1603
ext4_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)1604 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1605 {
1606 return __ext4_ioctl(filp, cmd, arg);
1607 }
1608
1609 #ifdef CONFIG_COMPAT
ext4_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1610 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1611 {
1612 /* These are just misnamed, they actually get/put from/to user an int */
1613 switch (cmd) {
1614 case EXT4_IOC32_GETVERSION:
1615 cmd = EXT4_IOC_GETVERSION;
1616 break;
1617 case EXT4_IOC32_SETVERSION:
1618 cmd = EXT4_IOC_SETVERSION;
1619 break;
1620 case EXT4_IOC32_GROUP_EXTEND:
1621 cmd = EXT4_IOC_GROUP_EXTEND;
1622 break;
1623 case EXT4_IOC32_GETVERSION_OLD:
1624 cmd = EXT4_IOC_GETVERSION_OLD;
1625 break;
1626 case EXT4_IOC32_SETVERSION_OLD:
1627 cmd = EXT4_IOC_SETVERSION_OLD;
1628 break;
1629 case EXT4_IOC32_GETRSVSZ:
1630 cmd = EXT4_IOC_GETRSVSZ;
1631 break;
1632 case EXT4_IOC32_SETRSVSZ:
1633 cmd = EXT4_IOC_SETRSVSZ;
1634 break;
1635 case EXT4_IOC32_GROUP_ADD: {
1636 struct compat_ext4_new_group_input __user *uinput;
1637 struct ext4_new_group_data input;
1638 int err;
1639
1640 uinput = compat_ptr(arg);
1641 err = get_user(input.group, &uinput->group);
1642 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1643 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1644 err |= get_user(input.inode_table, &uinput->inode_table);
1645 err |= get_user(input.blocks_count, &uinput->blocks_count);
1646 err |= get_user(input.reserved_blocks,
1647 &uinput->reserved_blocks);
1648 if (err)
1649 return -EFAULT;
1650 return ext4_ioctl_group_add(file, &input);
1651 }
1652 case EXT4_IOC_MOVE_EXT:
1653 case EXT4_IOC_RESIZE_FS:
1654 case FITRIM:
1655 case EXT4_IOC_PRECACHE_EXTENTS:
1656 case FS_IOC_SET_ENCRYPTION_POLICY:
1657 case FS_IOC_GET_ENCRYPTION_PWSALT:
1658 case FS_IOC_GET_ENCRYPTION_POLICY:
1659 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1660 case FS_IOC_ADD_ENCRYPTION_KEY:
1661 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1662 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1663 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1664 case FS_IOC_GET_ENCRYPTION_NONCE:
1665 case EXT4_IOC_SHUTDOWN:
1666 case FS_IOC_GETFSMAP:
1667 case FS_IOC_ENABLE_VERITY:
1668 case FS_IOC_MEASURE_VERITY:
1669 case FS_IOC_READ_VERITY_METADATA:
1670 case EXT4_IOC_CLEAR_ES_CACHE:
1671 case EXT4_IOC_GETSTATE:
1672 case EXT4_IOC_GET_ES_CACHE:
1673 case EXT4_IOC_CHECKPOINT:
1674 case FS_IOC_GETFSLABEL:
1675 case FS_IOC_SETFSLABEL:
1676 case EXT4_IOC_GETFSUUID:
1677 case EXT4_IOC_SETFSUUID:
1678 break;
1679 default:
1680 return -ENOIOCTLCMD;
1681 }
1682 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1683 }
1684 #endif
1685
set_overhead(struct ext4_super_block * es,const void * arg)1686 static void set_overhead(struct ext4_super_block *es, const void *arg)
1687 {
1688 es->s_overhead_clusters = cpu_to_le32(*((unsigned long *) arg));
1689 }
1690
ext4_update_overhead(struct super_block * sb,bool force)1691 int ext4_update_overhead(struct super_block *sb, bool force)
1692 {
1693 struct ext4_sb_info *sbi = EXT4_SB(sb);
1694
1695 if (sb_rdonly(sb))
1696 return 0;
1697 if (!force &&
1698 (sbi->s_overhead == 0 ||
1699 sbi->s_overhead == le32_to_cpu(sbi->s_es->s_overhead_clusters)))
1700 return 0;
1701 return ext4_update_superblocks_fn(sb, set_overhead, &sbi->s_overhead);
1702 }
1703
