1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * linux/fs/ext4/ioctl.c
4 *
5 * Copyright (C) 1993, 1994, 1995
6 * Remy Card (card@masi.ibp.fr)
7 * Laboratoire MASI - Institut Blaise Pascal
8 * Universite Pierre et Marie Curie (Paris VI)
9 */
10
11 #include <linux/fs.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <linux/quotaops.h>
18 #include <linux/random.h>
19 #include <linux/uaccess.h>
20 #include <linux/delay.h>
21 #include <linux/iversion.h>
22 #include <linux/fileattr.h>
23 #include <linux/uuid.h>
24 #include "ext4_jbd2.h"
25 #include "ext4.h"
26 #include <linux/fsmap.h>
27 #include "fsmap.h"
28 #include <trace/events/ext4.h>
29
30 typedef void ext4_update_sb_callback(struct ext4_super_block *es,
31 const void *arg);
32
33 /*
34 * Superblock modification callback function for changing file system
35 * label
36 */
ext4_sb_setlabel(struct ext4_super_block * es,const void * arg)37 static void ext4_sb_setlabel(struct ext4_super_block *es, const void *arg)
38 {
39 /* Sanity check, this should never happen */
40 BUILD_BUG_ON(sizeof(es->s_volume_name) < EXT4_LABEL_MAX);
41
42 memcpy(es->s_volume_name, (char *)arg, EXT4_LABEL_MAX);
43 }
44
45 /*
46 * Superblock modification callback function for changing file system
47 * UUID.
48 */
ext4_sb_setuuid(struct ext4_super_block * es,const void * arg)49 static void ext4_sb_setuuid(struct ext4_super_block *es, const void *arg)
50 {
51 memcpy(es->s_uuid, (__u8 *)arg, UUID_SIZE);
52 }
53
54 static
ext4_update_primary_sb(struct super_block * sb,handle_t * handle,ext4_update_sb_callback func,const void * arg)55 int ext4_update_primary_sb(struct super_block *sb, handle_t *handle,
56 ext4_update_sb_callback func,
57 const void *arg)
58 {
59 int err = 0;
60 struct ext4_sb_info *sbi = EXT4_SB(sb);
61 struct buffer_head *bh = sbi->s_sbh;
62 struct ext4_super_block *es = sbi->s_es;
63
64 trace_ext4_update_sb(sb, bh->b_blocknr, 1);
65
66 BUFFER_TRACE(bh, "get_write_access");
67 err = ext4_journal_get_write_access(handle, sb,
68 bh,
69 EXT4_JTR_NONE);
70 if (err)
71 goto out_err;
72
73 lock_buffer(bh);
74 func(es, arg);
75 ext4_superblock_csum_set(sb);
76 unlock_buffer(bh);
77
78 if (buffer_write_io_error(bh) || !buffer_uptodate(bh)) {
79 ext4_msg(sbi->s_sb, KERN_ERR, "previous I/O error to "
80 "superblock detected");
81 clear_buffer_write_io_error(bh);
82 set_buffer_uptodate(bh);
83 }
84
85 err = ext4_handle_dirty_metadata(handle, NULL, bh);
86 if (err)
87 goto out_err;
88 err = sync_dirty_buffer(bh);
89 out_err:
90 ext4_std_error(sb, err);
91 return err;
92 }
93
94 /*
95 * Update one backup superblock in the group 'grp' using the callback
96 * function 'func' and argument 'arg'. If the handle is NULL the
97 * modification is not journalled.
98 *
99 * Returns: 0 when no modification was done (no superblock in the group)
100 * 1 when the modification was successful
101 * <0 on error
102 */
ext4_update_backup_sb(struct super_block * sb,handle_t * handle,ext4_group_t grp,ext4_update_sb_callback func,const void * arg)103 static int ext4_update_backup_sb(struct super_block *sb,
104 handle_t *handle, ext4_group_t grp,
105 ext4_update_sb_callback func, const void *arg)
106 {
107 int err = 0;
108 ext4_fsblk_t sb_block;
109 struct buffer_head *bh;
110 unsigned long offset = 0;
111 struct ext4_super_block *es;
112
113 if (!ext4_bg_has_super(sb, grp))
114 return 0;
115
116 /*
117 * For the group 0 there is always 1k padding, so we have
118 * either adjust offset, or sb_block depending on blocksize
119 */
120 if (grp == 0) {
121 sb_block = 1 * EXT4_MIN_BLOCK_SIZE;
122 offset = do_div(sb_block, sb->s_blocksize);
123 } else {
124 sb_block = ext4_group_first_block_no(sb, grp);
125 offset = 0;
126 }
127
128 trace_ext4_update_sb(sb, sb_block, handle ? 1 : 0);
129
130 bh = ext4_sb_bread(sb, sb_block, 0);
131 if (IS_ERR(bh))
132 return PTR_ERR(bh);
133
134 if (handle) {
135 BUFFER_TRACE(bh, "get_write_access");
136 err = ext4_journal_get_write_access(handle, sb,
137 bh,
138 EXT4_JTR_NONE);
139 if (err)
140 goto out_bh;
141 }
142
143 es = (struct ext4_super_block *) (bh->b_data + offset);
144 lock_buffer(bh);
145 if (ext4_has_metadata_csum(sb) &&
146 es->s_checksum != ext4_superblock_csum(sb, es)) {
147 ext4_msg(sb, KERN_ERR, "Invalid checksum for backup "
148 "superblock %llu", sb_block);
149 unlock_buffer(bh);
150 goto out_bh;
151 }
152 func(es, arg);
153 if (ext4_has_metadata_csum(sb))
154 es->s_checksum = ext4_superblock_csum(sb, es);
155 set_buffer_uptodate(bh);
156 unlock_buffer(bh);
157
158 if (handle) {
159 err = ext4_handle_dirty_metadata(handle, NULL, bh);
160 if (err)
161 goto out_bh;
162 } else {
163 BUFFER_TRACE(bh, "marking dirty");
164 mark_buffer_dirty(bh);
165 }
166 err = sync_dirty_buffer(bh);
167
168 out_bh:
169 brelse(bh);
170 ext4_std_error(sb, err);
171 return (err) ? err : 1;
172 }
173
174 /*
175 * Update primary and backup superblocks using the provided function
176 * func and argument arg.
177 *
178 * Only the primary superblock and at most two backup superblock
179 * modifications are journalled; the rest is modified without journal.
180 * This is safe because e2fsck will re-write them if there is a problem,
181 * and we're very unlikely to ever need more than two backups.
182 */
183 static
ext4_update_superblocks_fn(struct super_block * sb,ext4_update_sb_callback func,const void * arg)184 int ext4_update_superblocks_fn(struct super_block *sb,
185 ext4_update_sb_callback func,
186 const void *arg)
187 {
188 handle_t *handle;
189 ext4_group_t ngroups;
190 unsigned int three = 1;
191 unsigned int five = 5;
192 unsigned int seven = 7;
193 int err = 0, ret, i;
194 ext4_group_t grp, primary_grp;
195 struct ext4_sb_info *sbi = EXT4_SB(sb);
196
197 /*
198 * We can't update superblocks while the online resize is running
199 */
200 if (test_and_set_bit_lock(EXT4_FLAGS_RESIZING,
201 &sbi->s_ext4_flags)) {
202 ext4_msg(sb, KERN_ERR, "Can't modify superblock while"
203 "performing online resize");
204 return -EBUSY;
205 }
206
207 /*
208 * We're only going to update primary superblock and two
209 * backup superblocks in this transaction.
210 */
211 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 3);
212 if (IS_ERR(handle)) {
213 err = PTR_ERR(handle);
214 goto out;
215 }
216
217 /* Update primary superblock */
218 err = ext4_update_primary_sb(sb, handle, func, arg);
219 if (err) {
220 ext4_msg(sb, KERN_ERR, "Failed to update primary "
221 "superblock");
222 goto out_journal;
223 }
224
225 primary_grp = ext4_get_group_number(sb, sbi->s_sbh->b_blocknr);
226 ngroups = ext4_get_groups_count(sb);
227
228 /*
229 * Update backup superblocks. We have to start from group 0
230 * because it might not be where the primary superblock is
231 * if the fs is mounted with -o sb=<backup_sb_block>
232 */
233 i = 0;
234 grp = 0;
235 while (grp < ngroups) {
236 /* Skip primary superblock */
237 if (grp == primary_grp)
238 goto next_grp;
239
240 ret = ext4_update_backup_sb(sb, handle, grp, func, arg);
241 if (ret < 0) {
242 /* Ignore bad checksum; try to update next sb */
243 if (ret == -EFSBADCRC)
244 goto next_grp;
245 err = ret;
246 goto out_journal;
247 }
248
249 i += ret;
250 if (handle && i > 1) {
251 /*
252 * We're only journalling primary superblock and
253 * two backup superblocks; the rest is not
254 * journalled.
255 */
256 err = ext4_journal_stop(handle);
257 if (err)
258 goto out;
259 handle = NULL;
260 }
261 next_grp:
262 grp = ext4_list_backups(sb, &three, &five, &seven);
263 }
264
265 out_journal:
266 if (handle) {
267 ret = ext4_journal_stop(handle);
268 if (ret && !err)
269 err = ret;
270 }
271 out:
272 clear_bit_unlock(EXT4_FLAGS_RESIZING, &sbi->s_ext4_flags);
273 smp_mb__after_atomic();
274 return err ? err : 0;
275 }
276
277 /*
278 * Swap memory between @a and @b for @len bytes.
279 *
280 * @a: pointer to first memory area
281 * @b: pointer to second memory area
282 * @len: number of bytes to swap
283 *
284 */
memswap(void * a,void * b,size_t len)285 static void memswap(void *a, void *b, size_t len)
286 {
287 unsigned char *ap, *bp;
288
289 ap = (unsigned char *)a;
290 bp = (unsigned char *)b;
291 while (len-- > 0) {
292 swap(*ap, *bp);
293 ap++;
294 bp++;
295 }
296 }
297
298 /*
299 * Swap i_data and associated attributes between @inode1 and @inode2.
300 * This function is used for the primary swap between inode1 and inode2
301 * and also to revert this primary swap in case of errors.
302 *
303 * Therefore you have to make sure, that calling this method twice
304 * will revert all changes.
305 *
306 * @inode1: pointer to first inode
307 * @inode2: pointer to second inode
308 */
swap_inode_data(struct inode * inode1,struct inode * inode2)309 static void swap_inode_data(struct inode *inode1, struct inode *inode2)
310 {
311 loff_t isize;
312 struct ext4_inode_info *ei1;
313 struct ext4_inode_info *ei2;
314 unsigned long tmp;
315
316 ei1 = EXT4_I(inode1);
317 ei2 = EXT4_I(inode2);
318
319 swap(inode1->i_version, inode2->i_version);
320 swap(inode1->i_atime, inode2->i_atime);
321 swap(inode1->i_mtime, inode2->i_mtime);
322
323 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
324 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
325 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
326 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
327 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
328 swap(ei1->i_disksize, ei2->i_disksize);
329 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
330 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
331
332 isize = i_size_read(inode1);
333 i_size_write(inode1, i_size_read(inode2));
334 i_size_write(inode2, isize);
335 }
336
ext4_reset_inode_seed(struct inode * inode)337 void ext4_reset_inode_seed(struct inode *inode)
338 {
339 struct ext4_inode_info *ei = EXT4_I(inode);
340 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
341 __le32 inum = cpu_to_le32(inode->i_ino);
342 __le32 gen = cpu_to_le32(inode->i_generation);
343 __u32 csum;
344
345 if (!ext4_has_metadata_csum(inode->i_sb))
346 return;
347
348 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
349 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
350 }
351
352 /*
353 * Swap the information from the given @inode and the inode
354 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
355 * important fields of the inodes.
356 *
357 * @sb: the super block of the filesystem
358 * @idmap: idmap of the mount the inode was found from
359 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
360 *
361 */
swap_inode_boot_loader(struct super_block * sb,struct mnt_idmap * idmap,struct inode * inode)362 static long swap_inode_boot_loader(struct super_block *sb,
363 struct mnt_idmap *idmap,
364 struct inode *inode)
365 {
366 handle_t *handle;
367 int err;
368 struct inode *inode_bl;
369 struct ext4_inode_info *ei_bl;
370 qsize_t size, size_bl, diff;
371 blkcnt_t blocks;
372 unsigned short bytes;
373
374 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO,
375 EXT4_IGET_SPECIAL | EXT4_IGET_BAD);
376 if (IS_ERR(inode_bl))
377 return PTR_ERR(inode_bl);
378 ei_bl = EXT4_I(inode_bl);
379
380 /* Protect orig inodes against a truncate and make sure,
381 * that only 1 swap_inode_boot_loader is running. */
382 lock_two_nondirectories(inode, inode_bl);
383
384 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
385 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
386 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
387 ext4_has_inline_data(inode)) {
388 err = -EINVAL;
389 goto journal_err_out;
390 }
391
392 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
393 !inode_owner_or_capable(idmap, inode) ||
394 !capable(CAP_SYS_ADMIN)) {
395 err = -EPERM;
396 goto journal_err_out;
397 }
398
399 filemap_invalidate_lock(inode->i_mapping);
400 err = filemap_write_and_wait(inode->i_mapping);
401 if (err)
402 goto err_out;
403
404 err = filemap_write_and_wait(inode_bl->i_mapping);
405 if (err)
406 goto err_out;
407
408 /* Wait for all existing dio workers */
409 inode_dio_wait(inode);
410 inode_dio_wait(inode_bl);
411
412 truncate_inode_pages(&inode->i_data, 0);
413 truncate_inode_pages(&inode_bl->i_data, 0);
414
415 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
416 if (IS_ERR(handle)) {
417 err = -EINVAL;
418 goto err_out;
419 }
420 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_SWAP_BOOT, handle);
421
422 /* Protect extent tree against block allocations via delalloc */
423 ext4_double_down_write_data_sem(inode, inode_bl);
424
425 if (is_bad_inode(inode_bl) || !S_ISREG(inode_bl->i_mode)) {
426 /* this inode has never been used as a BOOT_LOADER */
427 set_nlink(inode_bl, 1);
428 i_uid_write(inode_bl, 0);
429 i_gid_write(inode_bl, 0);
430 inode_bl->i_flags = 0;
431 ei_bl->i_flags = 0;
432 inode_set_iversion(inode_bl, 1);
433 i_size_write(inode_bl, 0);
434 EXT4_I(inode_bl)->i_disksize = inode_bl->i_size;
435 inode_bl->i_mode = S_IFREG;
436 if (ext4_has_feature_extents(sb)) {
437 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
438 ext4_ext_tree_init(handle, inode_bl);
439 } else
440 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
441 }
442
443 err = dquot_initialize(inode);
444 if (err)
445 goto err_out1;
446
447 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
448 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
449 diff = size - size_bl;
450 swap_inode_data(inode, inode_bl);
451
452 inode->i_ctime = inode_bl->i_ctime = current_time(inode);
453 inode_inc_iversion(inode);
454
455 inode->i_generation = get_random_u32();
456 inode_bl->i_generation = get_random_u32();
457 ext4_reset_inode_seed(inode);
458 ext4_reset_inode_seed(inode_bl);
459
460 ext4_discard_preallocations(inode, 0);
461
462 err = ext4_mark_inode_dirty(handle, inode);
463 if (err < 0) {
464 /* No need to update quota information. */
465 ext4_warning(inode->i_sb,
466 "couldn't mark inode #%lu dirty (err %d)",
467 inode->i_ino, err);
468 /* Revert all changes: */
469 swap_inode_data(inode, inode_bl);
470 ext4_mark_inode_dirty(handle, inode);
471 goto err_out1;
472 }
473
474 blocks = inode_bl->i_blocks;
475 bytes = inode_bl->i_bytes;
476 inode_bl->i_blocks = inode->i_blocks;
477 inode_bl->i_bytes = inode->i_bytes;
478 err = ext4_mark_inode_dirty(handle, inode_bl);
479 if (err < 0) {
480 /* No need to update quota information. */
481 ext4_warning(inode_bl->i_sb,
482 "couldn't mark inode #%lu dirty (err %d)",
483 inode_bl->i_ino, err);
484 goto revert;
485 }
486
487 /* Bootloader inode should not be counted into quota information. */
488 if (diff > 0)
489 dquot_free_space(inode, diff);
490 else
491 err = dquot_alloc_space(inode, -1 * diff);
492
493 if (err < 0) {
494 revert:
495 /* Revert all changes: */
496 inode_bl->i_blocks = blocks;
497 inode_bl->i_bytes = bytes;
498 swap_inode_data(inode, inode_bl);
499 ext4_mark_inode_dirty(handle, inode);
500 ext4_mark_inode_dirty(handle, inode_bl);
501 }
502
503 err_out1:
504 ext4_journal_stop(handle);
505 ext4_double_up_write_data_sem(inode, inode_bl);
506
507 err_out:
508 filemap_invalidate_unlock(inode->i_mapping);
509 journal_err_out:
510 unlock_two_nondirectories(inode, inode_bl);
511 iput(inode_bl);
512 return err;
513 }
514
515 /*
516 * If immutable is set and we are not clearing it, we're not allowed to change
517 * anything else in the inode. Don't error out if we're only trying to set
518 * immutable on an immutable file.
519 */
ext4_ioctl_check_immutable(struct inode * inode,__u32 new_projid,unsigned int flags)520 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
521 unsigned int flags)
522 {
523 struct ext4_inode_info *ei = EXT4_I(inode);
524 unsigned int oldflags = ei->i_flags;
525
526 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
527 return 0;
528
529 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
530 return -EPERM;
531 if (ext4_has_feature_project(inode->i_sb) &&
532 __kprojid_val(ei->i_projid) != new_projid)
533 return -EPERM;
534
535 return 0;
536 }
537
ext4_dax_dontcache(struct inode * inode,unsigned int flags)538 static void ext4_dax_dontcache(struct inode *inode, unsigned int flags)
539 {
540 struct ext4_inode_info *ei = EXT4_I(inode);
541
542 if (S_ISDIR(inode->i_mode))
543 return;
544
545 if (test_opt2(inode->i_sb, DAX_NEVER) ||
546 test_opt(inode->i_sb, DAX_ALWAYS))
547 return;
548
549 if ((ei->i_flags ^ flags) & EXT4_DAX_FL)
550 d_mark_dontcache(inode);
551 }
552
dax_compatible(struct inode * inode,unsigned int oldflags,unsigned int flags)553 static bool dax_compatible(struct inode *inode, unsigned int oldflags,
554 unsigned int flags)
555 {
556 /* Allow the DAX flag to be changed on inline directories */
557 if (S_ISDIR(inode->i_mode)) {
558 flags &= ~EXT4_INLINE_DATA_FL;
559 oldflags &= ~EXT4_INLINE_DATA_FL;
560 }
561
562 if (flags & EXT4_DAX_FL) {
563 if ((oldflags & EXT4_DAX_MUT_EXCL) ||
564 ext4_test_inode_state(inode,
565 EXT4_STATE_VERITY_IN_PROGRESS)) {
566 return false;
567 }
568 }
569
570 if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL))
571 return false;
572
573 return true;
574 }
575
ext4_ioctl_setflags(struct inode * inode,unsigned int flags)576 static int ext4_ioctl_setflags(struct inode *inode,
577 unsigned int flags)
578 {
579 struct ext4_inode_info *ei = EXT4_I(inode);
580 handle_t *handle = NULL;
581 int err = -EPERM, migrate = 0;
582 struct ext4_iloc iloc;
583 unsigned int oldflags, mask, i;
584 struct super_block *sb = inode->i_sb;
585
586 /* Is it quota file? Do not allow user to mess with it */
587 if (ext4_is_quota_file(inode))
588 goto flags_out;
589
590 oldflags = ei->i_flags;
591 /*
592 * The JOURNAL_DATA flag can only be changed by
593 * the relevant capability.
594 */
595 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
596 if (!capable(CAP_SYS_RESOURCE))
597 goto flags_out;
598 }
599
600 if (!dax_compatible(inode, oldflags, flags)) {
601 err = -EOPNOTSUPP;
602 goto flags_out;
603 }
604
605 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
606 migrate = 1;
607
608 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) {
609 if (!ext4_has_feature_casefold(sb)) {
610 err = -EOPNOTSUPP;
611 goto flags_out;
612 }
613
614 if (!S_ISDIR(inode->i_mode)) {
615 err = -ENOTDIR;
616 goto flags_out;
617 }
618
619 if (!ext4_empty_dir(inode)) {
620 err = -ENOTEMPTY;
621 goto flags_out;
622 }
623 }
624
625 /*
626 * Wait for all pending directio and then flush all the dirty pages
627 * for this file. The flush marks all the pages readonly, so any
628 * subsequent attempt to write to the file (particularly mmap pages)
629 * will come through the filesystem and fail.
630 */
631 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
632 (flags & EXT4_IMMUTABLE_FL)) {
633 inode_dio_wait(inode);
634 err = filemap_write_and_wait(inode->i_mapping);
635 if (err)
636 goto flags_out;
637 }
638
639 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
640 if (IS_ERR(handle)) {
641 err = PTR_ERR(handle);
642 goto flags_out;
643 }
644 if (IS_SYNC(inode))
645 ext4_handle_sync(handle);
646 err = ext4_reserve_inode_write(handle, inode, &iloc);
647 if (err)
648 goto flags_err;
649
650 ext4_dax_dontcache(inode, flags);
651
652 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
653 if (!(mask & EXT4_FL_USER_MODIFIABLE))
654 continue;
655 /* These flags get special treatment later */
656 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
657 continue;
658 if (mask & flags)
659 ext4_set_inode_flag(inode, i);
660 else
661 ext4_clear_inode_flag(inode, i);
662 }
663
664 ext4_set_inode_flags(inode, false);
665
666 inode->i_ctime = current_time(inode);
667 inode_inc_iversion(inode);
668
669 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
670 flags_err:
671 ext4_journal_stop(handle);
672 if (err)
673 goto flags_out;
674
675 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
676 /*
677 * Changes to the journaling mode can cause unsafe changes to
678 * S_DAX if the inode is DAX
679 */
680 if (IS_DAX(inode)) {
681 err = -EBUSY;
682 goto flags_out;
683 }
684
685 err = ext4_change_inode_journal_flag(inode,
686 flags & EXT4_JOURNAL_DATA_FL);
687 if (err)
688 goto flags_out;
689 }
690 if (migrate) {
691 if (flags & EXT4_EXTENTS_FL)
692 err = ext4_ext_migrate(inode);
693 else
694 err = ext4_ind_migrate(inode);
695 }
696
697 flags_out:
698 return err;
699 }
700
701 #ifdef CONFIG_QUOTA
ext4_ioctl_setproject(struct inode * inode,__u32 projid)702 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
703 {
704 struct super_block *sb = inode->i_sb;
705 struct ext4_inode_info *ei = EXT4_I(inode);
706 int err, rc;
707 handle_t *handle;
708 kprojid_t kprojid;
709 struct ext4_iloc iloc;
710 struct ext4_inode *raw_inode;
711 struct dquot *transfer_to[MAXQUOTAS] = { };
712
713 if (!ext4_has_feature_project(sb)) {
714 if (projid != EXT4_DEF_PROJID)
715 return -EOPNOTSUPP;
716 else
717 return 0;
718 }
719
720 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
721 return -EOPNOTSUPP;
722
723 kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
724
725 if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
726 return 0;
727
728 err = -EPERM;
729 /* Is it quota file? Do not allow user to mess with it */
730 if (ext4_is_quota_file(inode))
731 return err;
732
733 err = dquot_initialize(inode);
734 if (err)
735 return err;
736
737 err = ext4_get_inode_loc(inode, &iloc);
738 if (err)
739 return err;
740
741 raw_inode = ext4_raw_inode(&iloc);
742 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
743 err = ext4_expand_extra_isize(inode,
744 EXT4_SB(sb)->s_want_extra_isize,
745 &iloc);
746 if (err)
747 return err;
748 } else {
749 brelse(iloc.bh);
750 }
751
752 handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
753 EXT4_QUOTA_INIT_BLOCKS(sb) +
754 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
755 if (IS_ERR(handle))
756 return PTR_ERR(handle);
757
758 err = ext4_reserve_inode_write(handle, inode, &iloc);
759 if (err)
760 goto out_stop;
761
762 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
763 if (!IS_ERR(transfer_to[PRJQUOTA])) {
764
765 /* __dquot_transfer() calls back ext4_get_inode_usage() which
766 * counts xattr inode references.
767 */
768 down_read(&EXT4_I(inode)->xattr_sem);
769 err = __dquot_transfer(inode, transfer_to);
770 up_read(&EXT4_I(inode)->xattr_sem);
771 dqput(transfer_to[PRJQUOTA]);
772 if (err)
773 goto out_dirty;
774 }
775
776 EXT4_I(inode)->i_projid = kprojid;
777 inode->i_ctime = current_time(inode);
778 inode_inc_iversion(inode);
779 out_dirty:
780 rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
781 if (!err)
782 err = rc;
783 out_stop:
784 ext4_journal_stop(handle);
785 return err;
786 }
787 #else
ext4_ioctl_setproject(struct inode * inode,__u32 projid)788 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
789 {
790 if (projid != EXT4_DEF_PROJID)
791 return -EOPNOTSUPP;
792 return 0;
793 }
794 #endif
795
ext4_shutdown(struct super_block * sb,unsigned long arg)796 static int ext4_shutdown(struct super_block *sb, unsigned long arg)
797 {
798 struct ext4_sb_info *sbi = EXT4_SB(sb);
799 __u32 flags;
800
801 if (!capable(CAP_SYS_ADMIN))
802 return -EPERM;
803
804 if (get_user(flags, (__u32 __user *)arg))
805 return -EFAULT;
806
807 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
808 return -EINVAL;
809
810 if (ext4_forced_shutdown(sbi))
811 return 0;
812
813 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
814 trace_ext4_shutdown(sb, flags);
815
816 switch (flags) {
817 case EXT4_GOING_FLAGS_DEFAULT:
818 freeze_bdev(sb->s_bdev);
819 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
820 thaw_bdev(sb->s_bdev);
821 break;
822 case EXT4_GOING_FLAGS_LOGFLUSH:
823 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
824 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
825 (void) ext4_force_commit(sb);
826 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
827 }
828 break;
829 case EXT4_GOING_FLAGS_NOLOGFLUSH:
830 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
831 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
832 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
833 break;
834 default:
835 return -EINVAL;
836 }
837 clear_opt(sb, DISCARD);
838 return 0;
839 }
840
841 struct getfsmap_info {
842 struct super_block *gi_sb;
843 struct fsmap_head __user *gi_data;
844 unsigned int gi_idx;
845 __u32 gi_last_flags;
846 };
847
ext4_getfsmap_format(struct ext4_fsmap * xfm,void * priv)848 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
849 {
850 struct getfsmap_info *info = priv;
851 struct fsmap fm;
852
853 trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
854
855 info->gi_last_flags = xfm->fmr_flags;
856 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
857 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
858 sizeof(struct fsmap)))
859 return -EFAULT;
860
861 return 0;
862 }
863
ext4_ioc_getfsmap(struct super_block * sb,struct fsmap_head __user * arg)864 static int ext4_ioc_getfsmap(struct super_block *sb,
865 struct fsmap_head __user *arg)
866 {
867 struct getfsmap_info info = { NULL };
868 struct ext4_fsmap_head xhead = {0};
869 struct fsmap_head head;
870 bool aborted = false;
871 int error;
872
873 if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
874 return -EFAULT;
875 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
876 memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
877 sizeof(head.fmh_keys[0].fmr_reserved)) ||
878 memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
879 sizeof(head.fmh_keys[1].fmr_reserved)))
880 return -EINVAL;
881 /*
882 * ext4 doesn't report file extents at all, so the only valid
883 * file offsets are the magic ones (all zeroes or all ones).
884 */
885 if (head.fmh_keys[0].fmr_offset ||
886 (head.fmh_keys[1].fmr_offset != 0 &&
887 head.fmh_keys[1].fmr_offset != -1ULL))
888 return -EINVAL;
889
890 xhead.fmh_iflags = head.fmh_iflags;
891 xhead.fmh_count = head.fmh_count;
892 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
893 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
894
895 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
896 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
897
898 info.gi_sb = sb;
899 info.gi_data = arg;
900 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
901 if (error == EXT4_QUERY_RANGE_ABORT)
902 aborted = true;
903 else if (error)
904 return error;
905
906 /* If we didn't abort, set the "last" flag in the last fmx */
907 if (!aborted && info.gi_idx) {
908 info.gi_last_flags |= FMR_OF_LAST;
909 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
910 &info.gi_last_flags,
911 sizeof(info.gi_last_flags)))
912 return -EFAULT;
913 }
914
915 /* copy back header */
916 head.fmh_entries = xhead.fmh_entries;
917 head.fmh_oflags = xhead.fmh_oflags;
918 if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
919 return -EFAULT;
920
921 return 0;
922 }
923
ext4_ioctl_group_add(struct file * file,struct ext4_new_group_data * input)924 static long ext4_ioctl_group_add(struct file *file,
925 struct ext4_new_group_data *input)
926 {
927 struct super_block *sb = file_inode(file)->i_sb;
928 int err, err2=0;
929
930 err = ext4_resize_begin(sb);
931 if (err)
932 return err;
933
934 if (ext4_has_feature_bigalloc(sb)) {
935 ext4_msg(sb, KERN_ERR,
936 "Online resizing not supported with bigalloc");
937 err = -EOPNOTSUPP;
938 goto group_add_out;
939 }
940
941 err = mnt_want_write_file(file);
942 if (err)
943 goto group_add_out;
944
945 err = ext4_group_add(sb, input);
946 if (EXT4_SB(sb)->s_journal) {
947 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
948 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
949 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
950 }
951 if (err == 0)
952 err = err2;
953 mnt_drop_write_file(file);
954 if (!err && ext4_has_group_desc_csum(sb) &&
955 test_opt(sb, INIT_INODE_TABLE))
956 err = ext4_register_li_request(sb, input->group);
957 group_add_out:
958 err2 = ext4_resize_end(sb, false);
959 if (err == 0)
960 err = err2;
961 return err;
962 }
963
ext4_fileattr_get(struct dentry * dentry,struct fileattr * fa)964 int ext4_fileattr_get(struct dentry *dentry, struct fileattr *fa)
965 {
966 struct inode *inode = d_inode(dentry);
967 struct ext4_inode_info *ei = EXT4_I(inode);
968 u32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
969
970 if (S_ISREG(inode->i_mode))
971 flags &= ~FS_PROJINHERIT_FL;
972
973 fileattr_fill_flags(fa, flags);
974 if (ext4_has_feature_project(inode->i_sb))
975 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid);
976
977 return 0;
978 }
979
ext4_fileattr_set(struct mnt_idmap * idmap,struct dentry * dentry,struct fileattr * fa)980 int ext4_fileattr_set(struct mnt_idmap *idmap,
981 struct dentry *dentry, struct fileattr *fa)
982 {
983 struct inode *inode = d_inode(dentry);
984 u32 flags = fa->flags;
985 int err = -EOPNOTSUPP;
986
987 if (flags & ~EXT4_FL_USER_VISIBLE)
988 goto out;
989
990 /*
991 * chattr(1) grabs flags via GETFLAGS, modifies the result and
992 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
993 * more restrictive than just silently masking off visible but
994 * not settable flags as we always did.
995 */
996 flags &= EXT4_FL_USER_MODIFIABLE;
997 if (ext4_mask_flags(inode->i_mode, flags) != flags)
998 goto out;
999 err = ext4_ioctl_check_immutable(inode, fa->fsx_projid, flags);
1000 if (err)
1001 goto out;
1002 err = ext4_ioctl_setflags(inode, flags);
1003 if (err)
1004 goto out;
1005 err = ext4_ioctl_setproject(inode, fa->fsx_projid);
1006 out:
1007 return err;
1008 }
1009
1010 /* So that the fiemap access checks can't overflow on 32 bit machines. */
1011 #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent))
1012
ext4_ioctl_get_es_cache(struct file * filp,unsigned long arg)1013 static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg)
1014 {
1015 struct fiemap fiemap;
1016 struct fiemap __user *ufiemap = (struct fiemap __user *) arg;
1017 struct fiemap_extent_info fieinfo = { 0, };
1018 struct inode *inode = file_inode(filp);
1019 int error;
1020
1021 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap)))
1022 return -EFAULT;
1023
1024 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS)
1025 return -EINVAL;
1026
1027 fieinfo.fi_flags = fiemap.fm_flags;
1028 fieinfo.fi_extents_max = fiemap.fm_extent_count;
1029 fieinfo.fi_extents_start = ufiemap->fm_extents;
1030
1031 error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start,
1032 fiemap.fm_length);
1033 fiemap.fm_flags = fieinfo.fi_flags;
1034 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
1035 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap)))
1036 error = -EFAULT;
1037
1038 return error;
1039 }
1040
ext4_ioctl_checkpoint(struct file * filp,unsigned long arg)1041 static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg)
1042 {
1043 int err = 0;
1044 __u32 flags = 0;
1045 unsigned int flush_flags = 0;
1046 struct super_block *sb = file_inode(filp)->i_sb;
1047
1048 if (copy_from_user(&flags, (__u32 __user *)arg,
1049 sizeof(__u32)))
1050 return -EFAULT;
1051
1052 if (!capable(CAP_SYS_ADMIN))
1053 return -EPERM;
1054
1055 /* check for invalid bits set */
1056 if ((flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) ||
1057 ((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
1058 (flags & JBD2_JOURNAL_FLUSH_ZEROOUT)))
1059 return -EINVAL;
1060
1061 if (!EXT4_SB(sb)->s_journal)
1062 return -ENODEV;
1063
1064 if ((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
1065 !bdev_max_discard_sectors(EXT4_SB(sb)->s_journal->j_dev))
1066 return -EOPNOTSUPP;
1067
1068 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DRY_RUN)
1069 return 0;
1070
1071 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DISCARD)
1072 flush_flags |= JBD2_JOURNAL_FLUSH_DISCARD;
1073
1074 if (flags & EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT) {
1075 flush_flags |= JBD2_JOURNAL_FLUSH_ZEROOUT;
1076 pr_info_ratelimited("warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow");
1077 }
1078
1079 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1080 err = jbd2_journal_flush(EXT4_SB(sb)->s_journal, flush_flags);
1081 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1082
1083 return err;
1084 }
1085
ext4_ioctl_setlabel(struct file * filp,const char __user * user_label)1086 static int ext4_ioctl_setlabel(struct file *filp, const char __user *user_label)
1087 {
1088 size_t len;
1089 int ret = 0;
1090 char new_label[EXT4_LABEL_MAX + 1];
1091 struct super_block *sb = file_inode(filp)->i_sb;
1092
1093 if (!capable(CAP_SYS_ADMIN))
1094 return -EPERM;
1095
1096 /*
1097 * Copy the maximum length allowed for ext4 label with one more to
1098 * find the required terminating null byte in order to test the
1099 * label length. The on disk label doesn't need to be null terminated.
1100 */
1101 if (copy_from_user(new_label, user_label, EXT4_LABEL_MAX + 1))
1102 return -EFAULT;
1103
1104 len = strnlen(new_label, EXT4_LABEL_MAX + 1);
1105 if (len > EXT4_LABEL_MAX)
1106 return -EINVAL;
1107
1108 /*
1109 * Clear the buffer after the new label
1110 */
1111 memset(new_label + len, 0, EXT4_LABEL_MAX - len);
1112
1113 ret = mnt_want_write_file(filp);
1114 if (ret)
1115 return ret;
1116
1117 ret = ext4_update_superblocks_fn(sb, ext4_sb_setlabel, new_label);
1118
1119 mnt_drop_write_file(filp);
1120 return ret;
1121 }
1122
ext4_ioctl_getlabel(struct ext4_sb_info * sbi,char __user * user_label)1123 static int ext4_ioctl_getlabel(struct ext4_sb_info *sbi, char __user *user_label)
1124 {
1125 char label[EXT4_LABEL_MAX + 1];
1126
1127 /*
1128 * EXT4_LABEL_MAX must always be smaller than FSLABEL_MAX because
1129 * FSLABEL_MAX must include terminating null byte, while s_volume_name
1130 * does not have to.
1131 */
1132 BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX);
1133
1134 memset(label, 0, sizeof(label));
1135 lock_buffer(sbi->s_sbh);
1136 strncpy(label, sbi->s_es->s_volume_name, EXT4_LABEL_MAX);
1137 unlock_buffer(sbi->s_sbh);
1138
1139 if (copy_to_user(user_label, label, sizeof(label)))
1140 return -EFAULT;
1141 return 0;
1142 }
1143
ext4_ioctl_getuuid(struct ext4_sb_info * sbi,struct fsuuid __user * ufsuuid)1144 static int ext4_ioctl_getuuid(struct ext4_sb_info *sbi,
1145 struct fsuuid __user *ufsuuid)
1146 {
1147 struct fsuuid fsuuid;
1148 __u8 uuid[UUID_SIZE];
1149
1150 if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid)))
1151 return -EFAULT;
1152
1153 if (fsuuid.fsu_len == 0) {
1154 fsuuid.fsu_len = UUID_SIZE;
1155 if (copy_to_user(&ufsuuid->fsu_len, &fsuuid.fsu_len,
1156 sizeof(fsuuid.fsu_len)))
1157 return -EFAULT;
1158 return 0;
1159 }
1160
1161 if (fsuuid.fsu_len < UUID_SIZE || fsuuid.fsu_flags != 0)
1162 return -EINVAL;
1163
1164 lock_buffer(sbi->s_sbh);
1165 memcpy(uuid, sbi->s_es->s_uuid, UUID_SIZE);
1166 unlock_buffer(sbi->s_sbh);
1167
1168 fsuuid.fsu_len = UUID_SIZE;
1169 if (copy_to_user(ufsuuid, &fsuuid, sizeof(fsuuid)) ||
1170 copy_to_user(&ufsuuid->fsu_uuid[0], uuid, UUID_SIZE))
1171 return -EFAULT;
1172 return 0;
1173 }
1174
ext4_ioctl_setuuid(struct file * filp,const struct fsuuid __user * ufsuuid)1175 static int ext4_ioctl_setuuid(struct file *filp,
1176 const struct fsuuid __user *ufsuuid)
1177 {
1178 int ret = 0;
1179 struct super_block *sb = file_inode(filp)->i_sb;
1180 struct fsuuid fsuuid;
1181 __u8 uuid[UUID_SIZE];
1182
1183 if (!capable(CAP_SYS_ADMIN))
1184 return -EPERM;
1185
1186 /*
1187 * If any checksums (group descriptors or metadata) are being used
1188 * then the checksum seed feature is required to change the UUID.
1189 */
1190 if (((ext4_has_feature_gdt_csum(sb) || ext4_has_metadata_csum(sb))
1191 && !ext4_has_feature_csum_seed(sb))
1192 || ext4_has_feature_stable_inodes(sb))
1193 return -EOPNOTSUPP;
1194
1195 if (copy_from_user(&fsuuid, ufsuuid, sizeof(fsuuid)))
1196 return -EFAULT;
1197
1198 if (fsuuid.fsu_len != UUID_SIZE || fsuuid.fsu_flags != 0)
1199 return -EINVAL;
1200
1201 if (copy_from_user(uuid, &ufsuuid->fsu_uuid[0], UUID_SIZE))
1202 return -EFAULT;
1203
1204 ret = mnt_want_write_file(filp);
1205 if (ret)
1206 return ret;
1207
1208 ret = ext4_update_superblocks_fn(sb, ext4_sb_setuuid, &uuid);
1209 mnt_drop_write_file(filp);
1210
1211 return ret;
1212 }
1213
__ext4_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)1214 static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1215 {
1216 struct inode *inode = file_inode(filp);
1217 struct super_block *sb = inode->i_sb;
1218 struct mnt_idmap *idmap = file_mnt_idmap(filp);
1219
1220 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
1221
1222 switch (cmd) {
1223 case FS_IOC_GETFSMAP:
1224 return ext4_ioc_getfsmap(sb, (void __user *)arg);
1225 case EXT4_IOC_GETVERSION:
1226 case EXT4_IOC_GETVERSION_OLD:
1227 return put_user(inode->i_generation, (int __user *) arg);
1228 case EXT4_IOC_SETVERSION:
1229 case EXT4_IOC_SETVERSION_OLD: {
1230 handle_t *handle;
1231 struct ext4_iloc iloc;
1232 __u32 generation;
1233 int err;
1234
1235 if (!inode_owner_or_capable(idmap, inode))
1236 return -EPERM;
1237
1238 if (ext4_has_metadata_csum(inode->i_sb)) {
1239 ext4_warning(sb, "Setting inode version is not "
1240 "supported with metadata_csum enabled.");
1241 return -ENOTTY;
1242 }
1243
1244 err = mnt_want_write_file(filp);
1245 if (err)
1246 return err;
1247 if (get_user(generation, (int __user *) arg)) {
1248 err = -EFAULT;
1249 goto setversion_out;
1250 }
1251
1252 inode_lock(inode);
1253 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
1254 if (IS_ERR(handle)) {
1255 err = PTR_ERR(handle);
1256 goto unlock_out;
1257 }
1258 err = ext4_reserve_inode_write(handle, inode, &iloc);
1259 if (err == 0) {
1260 inode->i_ctime = current_time(inode);
1261 inode_inc_iversion(inode);
1262 inode->i_generation = generation;
1263 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
1264 }
1265 ext4_journal_stop(handle);
1266
1267 unlock_out:
1268 inode_unlock(inode);
1269 setversion_out:
1270 mnt_drop_write_file(filp);
1271 return err;
1272 }
1273 case EXT4_IOC_GROUP_EXTEND: {
1274 ext4_fsblk_t n_blocks_count;
1275 int err, err2=0;
1276
1277 err = ext4_resize_begin(sb);
1278 if (err)
1279 return err;
1280
1281 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
1282 err = -EFAULT;
1283 goto group_extend_out;
1284 }
1285
1286 if (ext4_has_feature_bigalloc(sb)) {
1287 ext4_msg(sb, KERN_ERR,
1288 "Online resizing not supported with bigalloc");
1289 err = -EOPNOTSUPP;
1290 goto group_extend_out;
1291 }
1292
1293 err = mnt_want_write_file(filp);
1294 if (err)
1295 goto group_extend_out;
1296
1297 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
1298 if (EXT4_SB(sb)->s_journal) {
1299 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1300 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1301 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1302 }
1303 if (err == 0)
1304 err = err2;
1305 mnt_drop_write_file(filp);
1306 group_extend_out:
1307 err2 = ext4_resize_end(sb, false);
1308 if (err == 0)
1309 err = err2;
1310 return err;
1311 }
1312
1313 case EXT4_IOC_MOVE_EXT: {
1314 struct move_extent me;
1315 struct fd donor;
1316 int err;
1317
1318 if (!(filp->f_mode & FMODE_READ) ||
1319 !(filp->f_mode & FMODE_WRITE))
1320 return -EBADF;
1321
1322 if (copy_from_user(&me,
1323 (struct move_extent __user *)arg, sizeof(me)))
1324 return -EFAULT;
1325 me.moved_len = 0;
1326
1327 donor = fdget(me.donor_fd);
1328 if (!donor.file)
1329 return -EBADF;
1330
1331 if (!(donor.file->f_mode & FMODE_WRITE)) {
1332 err = -EBADF;
1333 goto mext_out;
1334 }
1335
1336 if (ext4_has_feature_bigalloc(sb)) {
1337 ext4_msg(sb, KERN_ERR,
1338 "Online defrag not supported with bigalloc");
1339 err = -EOPNOTSUPP;
1340 goto mext_out;
1341 } else if (IS_DAX(inode)) {
1342 ext4_msg(sb, KERN_ERR,
1343 "Online defrag not supported with DAX");
1344 err = -EOPNOTSUPP;
1345 goto mext_out;
1346 }
1347
1348 err = mnt_want_write_file(filp);
1349 if (err)
1350 goto mext_out;
1351
1352 err = ext4_move_extents(filp, donor.file, me.orig_start,
1353 me.donor_start, me.len, &me.moved_len);
1354 mnt_drop_write_file(filp);
1355
1356 if (copy_to_user((struct move_extent __user *)arg,
1357 &me, sizeof(me)))
1358 err = -EFAULT;
1359 mext_out:
1360 fdput(donor);
1361 return err;
1362 }
1363
1364 case EXT4_IOC_GROUP_ADD: {
1365 struct ext4_new_group_data input;
1366
1367 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
1368 sizeof(input)))
1369 return -EFAULT;
1370
1371 return ext4_ioctl_group_add(filp, &input);
1372 }
1373
1374 case EXT4_IOC_MIGRATE:
1375 {
1376 int err;
1377 if (!inode_owner_or_capable(idmap, inode))
1378 return -EACCES;
1379
1380 err = mnt_want_write_file(filp);
1381 if (err)
1382 return err;
1383 /*
1384 * inode_mutex prevent write and truncate on the file.
1385 * Read still goes through. We take i_data_sem in
1386 * ext4_ext_swap_inode_data before we switch the
1387 * inode format to prevent read.
1388 */
1389 inode_lock((inode));
1390 err = ext4_ext_migrate(inode);
1391 inode_unlock((inode));
1392 mnt_drop_write_file(filp);
1393 return err;
1394 }
1395
1396 case EXT4_IOC_ALLOC_DA_BLKS:
1397 {
1398 int err;
1399 if (!inode_owner_or_capable(idmap, inode))
1400 return -EACCES;
1401
1402 err = mnt_want_write_file(filp);
1403 if (err)
1404 return err;
1405 err = ext4_alloc_da_blocks(inode);
1406 mnt_drop_write_file(filp);
1407 return err;
1408 }
1409
1410 case EXT4_IOC_SWAP_BOOT:
1411 {
1412 int err;
1413 if (!(filp->f_mode & FMODE_WRITE))
1414 return -EBADF;
1415 err = mnt_want_write_file(filp);
1416 if (err)
1417 return err;
1418 err = swap_inode_boot_loader(sb, idmap, inode);
1419 mnt_drop_write_file(filp);
1420 return err;
1421 }
1422
1423 case EXT4_IOC_RESIZE_FS: {
1424 ext4_fsblk_t n_blocks_count;
1425 int err = 0, err2 = 0;
1426 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
1427
1428 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1429 sizeof(__u64))) {
1430 return -EFAULT;
1431 }
1432
1433 err = ext4_resize_begin(sb);
1434 if (err)
1435 return err;
1436
1437 err = mnt_want_write_file(filp);
1438 if (err)
1439 goto resizefs_out;
1440
1441 err = ext4_resize_fs(sb, n_blocks_count);
1442 if (EXT4_SB(sb)->s_journal) {
1443 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE, NULL);
1444 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1445 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1446 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1447 }
1448 if (err == 0)
1449 err = err2;
1450 mnt_drop_write_file(filp);
1451 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1452 ext4_has_group_desc_csum(sb) &&
1453 test_opt(sb, INIT_INODE_TABLE))
1454 err = ext4_register_li_request(sb, o_group);
1455
1456 resizefs_out:
1457 err2 = ext4_resize_end(sb, true);
1458 if (err == 0)
1459 err = err2;
1460 return err;
1461 }
1462
1463 case FITRIM:
1464 {
1465 struct fstrim_range range;
1466 int ret = 0;
1467
1468 if (!capable(CAP_SYS_ADMIN))
1469 return -EPERM;
1470
1471 if (!bdev_max_discard_sectors(sb->s_bdev))
1472 return -EOPNOTSUPP;
1473
1474 /*
1475 * We haven't replayed the journal, so we cannot use our
1476 * block-bitmap-guided storage zapping commands.
1477 */
1478 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1479 return -EROFS;
1480
1481 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1482 sizeof(range)))
1483 return -EFAULT;
1484
1485 ret = ext4_trim_fs(sb, &range);
1486 if (ret < 0)
1487 return ret;
1488
1489 if (copy_to_user((struct fstrim_range __user *)arg, &range,
1490 sizeof(range)))
1491 return -EFAULT;
1492
1493 return 0;
1494 }
1495 case EXT4_IOC_PRECACHE_EXTENTS:
1496 return ext4_ext_precache(inode);
1497
1498 case FS_IOC_SET_ENCRYPTION_POLICY:
1499 if (!ext4_has_feature_encrypt(sb))
1500 return -EOPNOTSUPP;
1501 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1502
1503 case FS_IOC_GET_ENCRYPTION_PWSALT:
1504 return ext4_ioctl_get_encryption_pwsalt(filp, (void __user *)arg);
1505
1506 case FS_IOC_GET_ENCRYPTION_POLICY:
1507 if (!ext4_has_feature_encrypt(sb))
1508 return -EOPNOTSUPP;
1509 return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1510
1511 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1512 if (!ext4_has_feature_encrypt(sb))
1513 return -EOPNOTSUPP;
1514 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg);
1515
1516 case FS_IOC_ADD_ENCRYPTION_KEY:
1517 if (!ext4_has_feature_encrypt(sb))
1518 return -EOPNOTSUPP;
1519 return fscrypt_ioctl_add_key(filp, (void __user *)arg);
1520
1521 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1522 if (!ext4_has_feature_encrypt(sb))
1523 return -EOPNOTSUPP;
1524 return fscrypt_ioctl_remove_key(filp, (void __user *)arg);
1525
1526 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1527 if (!ext4_has_feature_encrypt(sb))
1528 return -EOPNOTSUPP;
1529 return fscrypt_ioctl_remove_key_all_users(filp,
1530 (void __user *)arg);
1531 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1532 if (!ext4_has_feature_encrypt(sb))
1533 return -EOPNOTSUPP;
1534 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg);
1535
1536 case FS_IOC_GET_ENCRYPTION_NONCE:
1537 if (!ext4_has_feature_encrypt(sb))
1538 return -EOPNOTSUPP;
1539 return fscrypt_ioctl_get_nonce(filp, (void __user *)arg);
1540
1541 case EXT4_IOC_CLEAR_ES_CACHE:
1542 {
1543 if (!inode_owner_or_capable(idmap, inode))
1544 return -EACCES;
1545 ext4_clear_inode_es(inode);
1546 return 0;
1547 }
1548
1549 case EXT4_IOC_GETSTATE:
1550 {
1551 __u32 state = 0;
1552
1553 if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED))
1554 state |= EXT4_STATE_FLAG_EXT_PRECACHED;
1555 if (ext4_test_inode_state(inode, EXT4_STATE_NEW))
1556 state |= EXT4_STATE_FLAG_NEW;
1557 if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
1558 state |= EXT4_STATE_FLAG_NEWENTRY;
1559 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE))
1560 state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE;
1561
1562 return put_user(state, (__u32 __user *) arg);
1563 }
1564
1565 case EXT4_IOC_GET_ES_CACHE:
1566 return ext4_ioctl_get_es_cache(filp, arg);
1567
1568 case EXT4_IOC_SHUTDOWN:
1569 return ext4_shutdown(sb, arg);
1570
1571 case FS_IOC_ENABLE_VERITY:
1572 if (!ext4_has_feature_verity(sb))
1573 return -EOPNOTSUPP;
1574 return fsverity_ioctl_enable(filp, (const void __user *)arg);
1575
1576 case FS_IOC_MEASURE_VERITY:
1577 if (!ext4_has_feature_verity(sb))
1578 return -EOPNOTSUPP;
1579 return fsverity_ioctl_measure(filp, (void __user *)arg);
1580
1581 case FS_IOC_READ_VERITY_METADATA:
1582 if (!ext4_has_feature_verity(sb))
1583 return -EOPNOTSUPP;
1584 return fsverity_ioctl_read_metadata(filp,
1585 (const void __user *)arg);
1586
1587 case EXT4_IOC_CHECKPOINT:
1588 return ext4_ioctl_checkpoint(filp, arg);
1589
1590 case FS_IOC_GETFSLABEL:
1591 return ext4_ioctl_getlabel(EXT4_SB(sb), (void __user *)arg);
1592
1593 case FS_IOC_SETFSLABEL:
1594 return ext4_ioctl_setlabel(filp,
1595 (const void __user *)arg);
1596
1597 case EXT4_IOC_GETFSUUID:
1598 return ext4_ioctl_getuuid(EXT4_SB(sb), (void __user *)arg);
1599 case EXT4_IOC_SETFSUUID:
1600 return ext4_ioctl_setuuid(filp, (const void __user *)arg);
1601 default:
1602 return -ENOTTY;
1603 }
1604 }
1605
ext4_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)1606 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1607 {
1608 return __ext4_ioctl(filp, cmd, arg);
1609 }
1610
1611 #ifdef CONFIG_COMPAT
ext4_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1612 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1613 {
1614 /* These are just misnamed, they actually get/put from/to user an int */
1615 switch (cmd) {
1616 case EXT4_IOC32_GETVERSION:
1617 cmd = EXT4_IOC_GETVERSION;
1618 break;
1619 case EXT4_IOC32_SETVERSION:
1620 cmd = EXT4_IOC_SETVERSION;
1621 break;
1622 case EXT4_IOC32_GROUP_EXTEND:
1623 cmd = EXT4_IOC_GROUP_EXTEND;
1624 break;
1625 case EXT4_IOC32_GETVERSION_OLD:
1626 cmd = EXT4_IOC_GETVERSION_OLD;
1627 break;
1628 case EXT4_IOC32_SETVERSION_OLD:
1629 cmd = EXT4_IOC_SETVERSION_OLD;
1630 break;
1631 case EXT4_IOC32_GETRSVSZ:
1632 cmd = EXT4_IOC_GETRSVSZ;
1633 break;
1634 case EXT4_IOC32_SETRSVSZ:
1635 cmd = EXT4_IOC_SETRSVSZ;
1636 break;
1637 case EXT4_IOC32_GROUP_ADD: {
1638 struct compat_ext4_new_group_input __user *uinput;
1639 struct ext4_new_group_data input;
1640 int err;
1641
1642 uinput = compat_ptr(arg);
1643 err = get_user(input.group, &uinput->group);
1644 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1645 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1646 err |= get_user(input.inode_table, &uinput->inode_table);
1647 err |= get_user(input.blocks_count, &uinput->blocks_count);
1648 err |= get_user(input.reserved_blocks,
1649 &uinput->reserved_blocks);
1650 if (err)
1651 return -EFAULT;
1652 return ext4_ioctl_group_add(file, &input);
1653 }
1654 case EXT4_IOC_MOVE_EXT:
1655 case EXT4_IOC_RESIZE_FS:
1656 case FITRIM:
1657 case EXT4_IOC_PRECACHE_EXTENTS:
1658 case FS_IOC_SET_ENCRYPTION_POLICY:
1659 case FS_IOC_GET_ENCRYPTION_PWSALT:
1660 case FS_IOC_GET_ENCRYPTION_POLICY:
1661 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1662 case FS_IOC_ADD_ENCRYPTION_KEY:
1663 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1664 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1665 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1666 case FS_IOC_GET_ENCRYPTION_NONCE:
1667 case EXT4_IOC_SHUTDOWN:
1668 case FS_IOC_GETFSMAP:
1669 case FS_IOC_ENABLE_VERITY:
1670 case FS_IOC_MEASURE_VERITY:
1671 case FS_IOC_READ_VERITY_METADATA:
1672 case EXT4_IOC_CLEAR_ES_CACHE:
1673 case EXT4_IOC_GETSTATE:
1674 case EXT4_IOC_GET_ES_CACHE:
1675 case EXT4_IOC_CHECKPOINT:
1676 case FS_IOC_GETFSLABEL:
1677 case FS_IOC_SETFSLABEL:
1678 case EXT4_IOC_GETFSUUID:
1679 case EXT4_IOC_SETFSUUID:
1680 break;
1681 default:
1682 return -ENOIOCTLCMD;
1683 }
1684 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1685 }
1686 #endif
1687
set_overhead(struct ext4_super_block * es,const void * arg)1688 static void set_overhead(struct ext4_super_block *es, const void *arg)
1689 {
1690 es->s_overhead_clusters = cpu_to_le32(*((unsigned long *) arg));
1691 }
1692
ext4_update_overhead(struct super_block * sb,bool force)1693 int ext4_update_overhead(struct super_block *sb, bool force)
1694 {
1695 struct ext4_sb_info *sbi = EXT4_SB(sb);
1696
1697 if (sb_rdonly(sb))
1698 return 0;
1699 if (!force &&
1700 (sbi->s_overhead == 0 ||
1701 sbi->s_overhead == le32_to_cpu(sbi->s_es->s_overhead_clusters)))
1702 return 0;
1703 return ext4_update_superblocks_fn(sb, set_overhead, &sbi->s_overhead);
1704 }
1705