1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * linux/fs/ext4/ioctl.c
4 *
5 * Copyright (C) 1993, 1994, 1995
6 * Remy Card (card@masi.ibp.fr)
7 * Laboratoire MASI - Institut Blaise Pascal
8 * Universite Pierre et Marie Curie (Paris VI)
9 */
10
11 #include <linux/fs.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <linux/quotaops.h>
18 #include <linux/random.h>
19 #include <linux/uuid.h>
20 #include <linux/uaccess.h>
21 #include <linux/delay.h>
22 #include <linux/iversion.h>
23 #include "ext4_jbd2.h"
24 #include "ext4.h"
25 #include <linux/fsmap.h>
26 #include "fsmap.h"
27 #include <trace/events/ext4.h>
28
29 /**
30 * Swap memory between @a and @b for @len bytes.
31 *
32 * @a: pointer to first memory area
33 * @b: pointer to second memory area
34 * @len: number of bytes to swap
35 *
36 */
memswap(void * a,void * b,size_t len)37 static void memswap(void *a, void *b, size_t len)
38 {
39 unsigned char *ap, *bp;
40
41 ap = (unsigned char *)a;
42 bp = (unsigned char *)b;
43 while (len-- > 0) {
44 swap(*ap, *bp);
45 ap++;
46 bp++;
47 }
48 }
49
50 /**
51 * Swap i_data and associated attributes between @inode1 and @inode2.
52 * This function is used for the primary swap between inode1 and inode2
53 * and also to revert this primary swap in case of errors.
54 *
55 * Therefore you have to make sure, that calling this method twice
56 * will revert all changes.
57 *
58 * @inode1: pointer to first inode
59 * @inode2: pointer to second inode
60 */
swap_inode_data(struct inode * inode1,struct inode * inode2)61 static void swap_inode_data(struct inode *inode1, struct inode *inode2)
62 {
63 loff_t isize;
64 struct ext4_inode_info *ei1;
65 struct ext4_inode_info *ei2;
66 unsigned long tmp;
67
68 ei1 = EXT4_I(inode1);
69 ei2 = EXT4_I(inode2);
70
71 swap(inode1->i_version, inode2->i_version);
72 swap(inode1->i_atime, inode2->i_atime);
73 swap(inode1->i_mtime, inode2->i_mtime);
74
75 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
76 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
77 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
78 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
79 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
80 swap(ei1->i_disksize, ei2->i_disksize);
81 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
82 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
83
84 isize = i_size_read(inode1);
85 i_size_write(inode1, i_size_read(inode2));
86 i_size_write(inode2, isize);
87 }
88
reset_inode_seed(struct inode * inode)89 static void reset_inode_seed(struct inode *inode)
90 {
91 struct ext4_inode_info *ei = EXT4_I(inode);
92 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
93 __le32 inum = cpu_to_le32(inode->i_ino);
94 __le32 gen = cpu_to_le32(inode->i_generation);
95 __u32 csum;
96
97 if (!ext4_has_metadata_csum(inode->i_sb))
98 return;
99
100 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
101 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
102 }
103
104 /**
105 * Swap the information from the given @inode and the inode
106 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
107 * important fields of the inodes.
108 *
109 * @sb: the super block of the filesystem
110 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
111 *
112 */
swap_inode_boot_loader(struct super_block * sb,struct inode * inode)113 static long swap_inode_boot_loader(struct super_block *sb,
114 struct inode *inode)
115 {
116 handle_t *handle;
117 int err;
118 struct inode *inode_bl;
119 struct ext4_inode_info *ei_bl;
120 qsize_t size, size_bl, diff;
121 blkcnt_t blocks;
122 unsigned short bytes;
123
124 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL);
125 if (IS_ERR(inode_bl))
126 return PTR_ERR(inode_bl);
127 ei_bl = EXT4_I(inode_bl);
128
129 /* Protect orig inodes against a truncate and make sure,
130 * that only 1 swap_inode_boot_loader is running. */
131 lock_two_nondirectories(inode, inode_bl);
132
133 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
134 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
135 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
136 ext4_has_inline_data(inode)) {
137 err = -EINVAL;
138 goto journal_err_out;
139 }
140
141 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
142 !inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) {
143 err = -EPERM;
144 goto journal_err_out;
145 }
146
147 down_write(&EXT4_I(inode)->i_mmap_sem);
148 err = filemap_write_and_wait(inode->i_mapping);
149 if (err)
150 goto err_out;
151
152 err = filemap_write_and_wait(inode_bl->i_mapping);
153 if (err)
154 goto err_out;
155
156 /* Wait for all existing dio workers */
157 inode_dio_wait(inode);
158 inode_dio_wait(inode_bl);
159
160 truncate_inode_pages(&inode->i_data, 0);
161 truncate_inode_pages(&inode_bl->i_data, 0);
162
163 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
164 if (IS_ERR(handle)) {
165 err = -EINVAL;
166 goto err_out;
167 }
168
169 /* Protect extent tree against block allocations via delalloc */
170 ext4_double_down_write_data_sem(inode, inode_bl);
171
172 if (is_bad_inode(inode_bl) || !S_ISREG(inode_bl->i_mode)) {
173 /* this inode has never been used as a BOOT_LOADER */
174 set_nlink(inode_bl, 1);
175 i_uid_write(inode_bl, 0);
176 i_gid_write(inode_bl, 0);
177 inode_bl->i_flags = 0;
178 ei_bl->i_flags = 0;
179 inode_set_iversion(inode_bl, 1);
180 i_size_write(inode_bl, 0);
181 EXT4_I(inode_bl)->i_disksize = inode_bl->i_size;
182 inode_bl->i_mode = S_IFREG;
183 if (ext4_has_feature_extents(sb)) {
184 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
185 ext4_ext_tree_init(handle, inode_bl);
186 } else
187 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
188 }
189
190 err = dquot_initialize(inode);
191 if (err)
192 goto err_out1;
193
194 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
195 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
196 diff = size - size_bl;
197 swap_inode_data(inode, inode_bl);
198
199 inode->i_ctime = inode_bl->i_ctime = current_time(inode);
200
201 inode->i_generation = prandom_u32();
202 inode_bl->i_generation = prandom_u32();
203 reset_inode_seed(inode);
204 reset_inode_seed(inode_bl);
205
206 ext4_discard_preallocations(inode);
207
208 err = ext4_mark_inode_dirty(handle, inode);
209 if (err < 0) {
210 /* No need to update quota information. */
211 ext4_warning(inode->i_sb,
212 "couldn't mark inode #%lu dirty (err %d)",
213 inode->i_ino, err);
214 /* Revert all changes: */
215 swap_inode_data(inode, inode_bl);
216 ext4_mark_inode_dirty(handle, inode);
217 goto err_out1;
218 }
219
220 blocks = inode_bl->i_blocks;
221 bytes = inode_bl->i_bytes;
222 inode_bl->i_blocks = inode->i_blocks;
223 inode_bl->i_bytes = inode->i_bytes;
224 err = ext4_mark_inode_dirty(handle, inode_bl);
225 if (err < 0) {
226 /* No need to update quota information. */
227 ext4_warning(inode_bl->i_sb,
228 "couldn't mark inode #%lu dirty (err %d)",
229 inode_bl->i_ino, err);
230 goto revert;
231 }
232
233 /* Bootloader inode should not be counted into quota information. */
234 if (diff > 0)
235 dquot_free_space(inode, diff);
236 else
237 err = dquot_alloc_space(inode, -1 * diff);
238
239 if (err < 0) {
240 revert:
241 /* Revert all changes: */
242 inode_bl->i_blocks = blocks;
243 inode_bl->i_bytes = bytes;
244 swap_inode_data(inode, inode_bl);
245 ext4_mark_inode_dirty(handle, inode);
246 ext4_mark_inode_dirty(handle, inode_bl);
247 }
248
249 err_out1:
250 ext4_journal_stop(handle);
251 ext4_double_up_write_data_sem(inode, inode_bl);
252
253 err_out:
254 up_write(&EXT4_I(inode)->i_mmap_sem);
255 journal_err_out:
256 unlock_two_nondirectories(inode, inode_bl);
257 iput(inode_bl);
258 return err;
259 }
260
261 #ifdef CONFIG_EXT4_FS_ENCRYPTION
uuid_is_zero(__u8 u[16])262 static int uuid_is_zero(__u8 u[16])
263 {
264 int i;
265
266 for (i = 0; i < 16; i++)
267 if (u[i])
268 return 0;
269 return 1;
270 }
271 #endif
272
273 /*
274 * If immutable is set and we are not clearing it, we're not allowed to change
275 * anything else in the inode. Don't error out if we're only trying to set
276 * immutable on an immutable file.
277 */
ext4_ioctl_check_immutable(struct inode * inode,__u32 new_projid,unsigned int flags)278 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
279 unsigned int flags)
280 {
281 struct ext4_inode_info *ei = EXT4_I(inode);
282 unsigned int oldflags = ei->i_flags;
283
284 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
285 return 0;
286
287 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
288 return -EPERM;
289 if (ext4_has_feature_project(inode->i_sb) &&
290 __kprojid_val(ei->i_projid) != new_projid)
291 return -EPERM;
292
293 return 0;
294 }
295
ext4_ioctl_setflags(struct inode * inode,unsigned int flags)296 static int ext4_ioctl_setflags(struct inode *inode,
297 unsigned int flags)
298 {
299 struct ext4_inode_info *ei = EXT4_I(inode);
300 handle_t *handle = NULL;
301 int err = -EPERM, migrate = 0;
302 struct ext4_iloc iloc;
303 unsigned int oldflags, mask, i;
304 unsigned int jflag;
305
306 /* Is it quota file? Do not allow user to mess with it */
307 if (ext4_is_quota_file(inode))
308 goto flags_out;
309
310 oldflags = ei->i_flags;
311
312 /* The JOURNAL_DATA flag is modifiable only by root */
313 jflag = flags & EXT4_JOURNAL_DATA_FL;
314
315 /*
316 * The IMMUTABLE and APPEND_ONLY flags can only be changed by
317 * the relevant capability.
318 *
319 * This test looks nicer. Thanks to Pauline Middelink
320 */
321 if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
322 if (!capable(CAP_LINUX_IMMUTABLE))
323 goto flags_out;
324 }
325
326 /*
327 * The JOURNAL_DATA flag can only be changed by
328 * the relevant capability.
329 */
330 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
331 if (!capable(CAP_SYS_RESOURCE))
332 goto flags_out;
333 }
334 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
335 migrate = 1;
336
337 if (flags & EXT4_EOFBLOCKS_FL) {
338 /* we don't support adding EOFBLOCKS flag */
339 if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
340 err = -EOPNOTSUPP;
341 goto flags_out;
342 }
343 } else if (oldflags & EXT4_EOFBLOCKS_FL) {
344 err = ext4_truncate(inode);
345 if (err)
346 goto flags_out;
347 }
348
349 /*
350 * Wait for all pending directio and then flush all the dirty pages
351 * for this file. The flush marks all the pages readonly, so any
352 * subsequent attempt to write to the file (particularly mmap pages)
353 * will come through the filesystem and fail.
354 */
355 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
356 (flags & EXT4_IMMUTABLE_FL)) {
357 inode_dio_wait(inode);
358 err = filemap_write_and_wait(inode->i_mapping);
359 if (err)
360 goto flags_out;
361 }
362
363 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
364 if (IS_ERR(handle)) {
365 err = PTR_ERR(handle);
366 goto flags_out;
367 }
368 if (IS_SYNC(inode))
369 ext4_handle_sync(handle);
370 err = ext4_reserve_inode_write(handle, inode, &iloc);
371 if (err)
372 goto flags_err;
373
374 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
375 if (!(mask & EXT4_FL_USER_MODIFIABLE))
376 continue;
377 /* These flags get special treatment later */
378 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
379 continue;
380 if (mask & flags)
381 ext4_set_inode_flag(inode, i);
382 else
383 ext4_clear_inode_flag(inode, i);
384 }
385
386 ext4_set_inode_flags(inode);
387 inode->i_ctime = current_time(inode);
388
389 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
390 flags_err:
391 ext4_journal_stop(handle);
392 if (err)
393 goto flags_out;
394
395 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
396 /*
397 * Changes to the journaling mode can cause unsafe changes to
398 * S_DAX if we are using the DAX mount option.
399 */
400 if (test_opt(inode->i_sb, DAX)) {
401 err = -EBUSY;
402 goto flags_out;
403 }
404
405 err = ext4_change_inode_journal_flag(inode, jflag);
406 if (err)
407 goto flags_out;
408 }
409 if (migrate) {
410 if (flags & EXT4_EXTENTS_FL)
411 err = ext4_ext_migrate(inode);
412 else
413 err = ext4_ind_migrate(inode);
414 }
415
416 flags_out:
417 return err;
418 }
419
420 #ifdef CONFIG_QUOTA
ext4_ioctl_setproject(struct file * filp,__u32 projid)421 static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
422 {
423 struct inode *inode = file_inode(filp);
424 struct super_block *sb = inode->i_sb;
425 struct ext4_inode_info *ei = EXT4_I(inode);
426 int err, rc;
427 handle_t *handle;
428 kprojid_t kprojid;
429 struct ext4_iloc iloc;
430 struct ext4_inode *raw_inode;
431 struct dquot *transfer_to[MAXQUOTAS] = { };
432
433 if (!ext4_has_feature_project(sb)) {
434 if (projid != EXT4_DEF_PROJID)
435 return -EOPNOTSUPP;
436 else
437 return 0;
438 }
439
440 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
441 return -EOPNOTSUPP;
442
443 kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
444
445 if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
446 return 0;
447
448 err = -EPERM;
449 /* Is it quota file? Do not allow user to mess with it */
450 if (ext4_is_quota_file(inode))
451 return err;
452
453 err = dquot_initialize(inode);
454 if (err)
455 return err;
456
457 err = ext4_get_inode_loc(inode, &iloc);
458 if (err)
459 return err;
460
461 raw_inode = ext4_raw_inode(&iloc);
462 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
463 err = ext4_expand_extra_isize(inode,
464 EXT4_SB(sb)->s_want_extra_isize,
465 &iloc);
466 if (err)
467 return err;
468 } else {
469 brelse(iloc.bh);
470 }
471
472 handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
473 EXT4_QUOTA_INIT_BLOCKS(sb) +
474 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
475 if (IS_ERR(handle))
476 return PTR_ERR(handle);
477
478 err = ext4_reserve_inode_write(handle, inode, &iloc);
479 if (err)
480 goto out_stop;
481
482 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
483 if (!IS_ERR(transfer_to[PRJQUOTA])) {
484
485 /* __dquot_transfer() calls back ext4_get_inode_usage() which
486 * counts xattr inode references.
487 */
488 down_read(&EXT4_I(inode)->xattr_sem);
489 err = __dquot_transfer(inode, transfer_to);
490 up_read(&EXT4_I(inode)->xattr_sem);
491 dqput(transfer_to[PRJQUOTA]);
492 if (err)
493 goto out_dirty;
494 }
495
496 EXT4_I(inode)->i_projid = kprojid;
497 inode->i_ctime = current_time(inode);
498 out_dirty:
499 rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
500 if (!err)
501 err = rc;
502 out_stop:
503 ext4_journal_stop(handle);
504 return err;
505 }
506 #else
ext4_ioctl_setproject(struct file * filp,__u32 projid)507 static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
508 {
509 if (projid != EXT4_DEF_PROJID)
510 return -EOPNOTSUPP;
511 return 0;
512 }
513 #endif
514
515 /* Transfer internal flags to xflags */
ext4_iflags_to_xflags(unsigned long iflags)516 static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
517 {
518 __u32 xflags = 0;
519
520 if (iflags & EXT4_SYNC_FL)
521 xflags |= FS_XFLAG_SYNC;
522 if (iflags & EXT4_IMMUTABLE_FL)
523 xflags |= FS_XFLAG_IMMUTABLE;
524 if (iflags & EXT4_APPEND_FL)
525 xflags |= FS_XFLAG_APPEND;
526 if (iflags & EXT4_NODUMP_FL)
527 xflags |= FS_XFLAG_NODUMP;
528 if (iflags & EXT4_NOATIME_FL)
529 xflags |= FS_XFLAG_NOATIME;
530 if (iflags & EXT4_PROJINHERIT_FL)
531 xflags |= FS_XFLAG_PROJINHERIT;
532 return xflags;
533 }
534
535 #define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
536 FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
537 FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT)
538
539 /* Transfer xflags flags to internal */
ext4_xflags_to_iflags(__u32 xflags)540 static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
541 {
542 unsigned long iflags = 0;
543
544 if (xflags & FS_XFLAG_SYNC)
545 iflags |= EXT4_SYNC_FL;
546 if (xflags & FS_XFLAG_IMMUTABLE)
547 iflags |= EXT4_IMMUTABLE_FL;
548 if (xflags & FS_XFLAG_APPEND)
549 iflags |= EXT4_APPEND_FL;
550 if (xflags & FS_XFLAG_NODUMP)
551 iflags |= EXT4_NODUMP_FL;
552 if (xflags & FS_XFLAG_NOATIME)
553 iflags |= EXT4_NOATIME_FL;
554 if (xflags & FS_XFLAG_PROJINHERIT)
555 iflags |= EXT4_PROJINHERIT_FL;
556
557 return iflags;
558 }
559
ext4_shutdown(struct super_block * sb,unsigned long arg)560 static int ext4_shutdown(struct super_block *sb, unsigned long arg)
561 {
562 struct ext4_sb_info *sbi = EXT4_SB(sb);
563 __u32 flags;
564 struct super_block *ret;
565
566 if (!capable(CAP_SYS_ADMIN))
567 return -EPERM;
568
569 if (get_user(flags, (__u32 __user *)arg))
570 return -EFAULT;
571
572 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
573 return -EINVAL;
574
575 if (ext4_forced_shutdown(sbi))
576 return 0;
577
578 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
579 trace_ext4_shutdown(sb, flags);
580
581 switch (flags) {
582 case EXT4_GOING_FLAGS_DEFAULT:
583 ret = freeze_bdev(sb->s_bdev);
584 if (IS_ERR(ret))
585 return PTR_ERR(ret);
586 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
587 thaw_bdev(sb->s_bdev, sb);
588 break;
589 case EXT4_GOING_FLAGS_LOGFLUSH:
590 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
591 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
592 (void) ext4_force_commit(sb);
593 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
594 }
595 break;
596 case EXT4_GOING_FLAGS_NOLOGFLUSH:
597 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
598 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
599 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
600 break;
601 default:
602 return -EINVAL;
603 }
604 clear_opt(sb, DISCARD);
605 return 0;
606 }
607
608 struct getfsmap_info {
609 struct super_block *gi_sb;
610 struct fsmap_head __user *gi_data;
611 unsigned int gi_idx;
612 __u32 gi_last_flags;
613 };
614
ext4_getfsmap_format(struct ext4_fsmap * xfm,void * priv)615 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
616 {
617 struct getfsmap_info *info = priv;
618 struct fsmap fm;
619
620 trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
621
622 info->gi_last_flags = xfm->fmr_flags;
623 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
624 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
625 sizeof(struct fsmap)))
626 return -EFAULT;
627
628 return 0;
629 }
630
ext4_ioc_getfsmap(struct super_block * sb,struct fsmap_head __user * arg)631 static int ext4_ioc_getfsmap(struct super_block *sb,
632 struct fsmap_head __user *arg)
633 {
634 struct getfsmap_info info = {0};
635 struct ext4_fsmap_head xhead = {0};
636 struct fsmap_head head;
637 bool aborted = false;
638 int error;
639
640 if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
641 return -EFAULT;
642 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
643 memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
644 sizeof(head.fmh_keys[0].fmr_reserved)) ||
645 memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
646 sizeof(head.fmh_keys[1].fmr_reserved)))
647 return -EINVAL;
648 /*
649 * ext4 doesn't report file extents at all, so the only valid
650 * file offsets are the magic ones (all zeroes or all ones).
651 */
652 if (head.fmh_keys[0].fmr_offset ||
653 (head.fmh_keys[1].fmr_offset != 0 &&
654 head.fmh_keys[1].fmr_offset != -1ULL))
655 return -EINVAL;
656
657 xhead.fmh_iflags = head.fmh_iflags;
658 xhead.fmh_count = head.fmh_count;
659 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
660 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
661
662 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
663 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
664
665 info.gi_sb = sb;
666 info.gi_data = arg;
667 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
668 if (error == EXT4_QUERY_RANGE_ABORT) {
669 error = 0;
670 aborted = true;
671 } else if (error)
672 return error;
673
674 /* If we didn't abort, set the "last" flag in the last fmx */
675 if (!aborted && info.gi_idx) {
676 info.gi_last_flags |= FMR_OF_LAST;
677 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
678 &info.gi_last_flags,
679 sizeof(info.gi_last_flags)))
680 return -EFAULT;
681 }
682
683 /* copy back header */
684 head.fmh_entries = xhead.fmh_entries;
685 head.fmh_oflags = xhead.fmh_oflags;
686 if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
687 return -EFAULT;
688
689 return 0;
690 }
691
ext4_ioctl_group_add(struct file * file,struct ext4_new_group_data * input)692 static long ext4_ioctl_group_add(struct file *file,
693 struct ext4_new_group_data *input)
694 {
695 struct super_block *sb = file_inode(file)->i_sb;
696 int err, err2=0;
697
698 err = ext4_resize_begin(sb);
699 if (err)
700 return err;
701
702 if (ext4_has_feature_bigalloc(sb)) {
703 ext4_msg(sb, KERN_ERR,
704 "Online resizing not supported with bigalloc");
705 err = -EOPNOTSUPP;
706 goto group_add_out;
707 }
708
709 err = mnt_want_write_file(file);
710 if (err)
711 goto group_add_out;
712
713 err = ext4_group_add(sb, input);
714 if (EXT4_SB(sb)->s_journal) {
715 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
716 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
717 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
718 }
719 if (err == 0)
720 err = err2;
721 mnt_drop_write_file(file);
722 if (!err && ext4_has_group_desc_csum(sb) &&
723 test_opt(sb, INIT_INODE_TABLE))
724 err = ext4_register_li_request(sb, input->group);
725 group_add_out:
726 ext4_resize_end(sb);
727 return err;
728 }
729
ext4_ioctl_check_project(struct inode * inode,struct fsxattr * fa)730 static int ext4_ioctl_check_project(struct inode *inode, struct fsxattr *fa)
731 {
732 /*
733 * Project Quota ID state is only allowed to change from within the init
734 * namespace. Enforce that restriction only if we are trying to change
735 * the quota ID state. Everything else is allowed in user namespaces.
736 */
737 if (current_user_ns() == &init_user_ns)
738 return 0;
739
740 if (__kprojid_val(EXT4_I(inode)->i_projid) != fa->fsx_projid)
741 return -EINVAL;
742
743 if (ext4_test_inode_flag(inode, EXT4_INODE_PROJINHERIT)) {
744 if (!(fa->fsx_xflags & FS_XFLAG_PROJINHERIT))
745 return -EINVAL;
746 } else {
747 if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT)
748 return -EINVAL;
749 }
750
751 return 0;
752 }
753
ext4_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)754 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
755 {
756 struct inode *inode = file_inode(filp);
757 struct super_block *sb = inode->i_sb;
758 struct ext4_inode_info *ei = EXT4_I(inode);
759 unsigned int flags;
760
761 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
762
763 switch (cmd) {
764 case FS_IOC_GETFSMAP:
765 return ext4_ioc_getfsmap(sb, (void __user *)arg);
766 case EXT4_IOC_GETFLAGS:
767 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
768 return put_user(flags, (int __user *) arg);
769 case EXT4_IOC_SETFLAGS: {
770 int err;
771
772 if (!inode_owner_or_capable(inode))
773 return -EACCES;
774
775 if (get_user(flags, (int __user *) arg))
776 return -EFAULT;
777
778 if (flags & ~EXT4_FL_USER_VISIBLE)
779 return -EOPNOTSUPP;
780 /*
781 * chattr(1) grabs flags via GETFLAGS, modifies the result and
782 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
783 * more restrictive than just silently masking off visible but
784 * not settable flags as we always did.
785 */
786 flags &= EXT4_FL_USER_MODIFIABLE;
787 if (ext4_mask_flags(inode->i_mode, flags) != flags)
788 return -EOPNOTSUPP;
789
790 err = mnt_want_write_file(filp);
791 if (err)
792 return err;
793
794 inode_lock(inode);
795 err = ext4_ioctl_check_immutable(inode,
796 from_kprojid(&init_user_ns, ei->i_projid),
797 flags);
798 if (!err)
799 err = ext4_ioctl_setflags(inode, flags);
800 inode_unlock(inode);
801 mnt_drop_write_file(filp);
802 return err;
803 }
804 case EXT4_IOC_GETVERSION:
805 case EXT4_IOC_GETVERSION_OLD:
806 return put_user(inode->i_generation, (int __user *) arg);
807 case EXT4_IOC_SETVERSION:
808 case EXT4_IOC_SETVERSION_OLD: {
809 handle_t *handle;
810 struct ext4_iloc iloc;
811 __u32 generation;
812 int err;
813
814 if (!inode_owner_or_capable(inode))
815 return -EPERM;
816
817 if (ext4_has_metadata_csum(inode->i_sb)) {
818 ext4_warning(sb, "Setting inode version is not "
819 "supported with metadata_csum enabled.");
820 return -ENOTTY;
821 }
822
823 err = mnt_want_write_file(filp);
824 if (err)
825 return err;
826 if (get_user(generation, (int __user *) arg)) {
827 err = -EFAULT;
828 goto setversion_out;
829 }
830
831 inode_lock(inode);
832 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
833 if (IS_ERR(handle)) {
834 err = PTR_ERR(handle);
835 goto unlock_out;
836 }
837 err = ext4_reserve_inode_write(handle, inode, &iloc);
838 if (err == 0) {
839 inode->i_ctime = current_time(inode);
840 inode->i_generation = generation;
841 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
842 }
843 ext4_journal_stop(handle);
844
845 unlock_out:
846 inode_unlock(inode);
847 setversion_out:
848 mnt_drop_write_file(filp);
849 return err;
850 }
851 case EXT4_IOC_GROUP_EXTEND: {
852 ext4_fsblk_t n_blocks_count;
853 int err, err2=0;
854
855 err = ext4_resize_begin(sb);
856 if (err)
857 return err;
858
859 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
860 err = -EFAULT;
861 goto group_extend_out;
862 }
863
864 if (ext4_has_feature_bigalloc(sb)) {
865 ext4_msg(sb, KERN_ERR,
866 "Online resizing not supported with bigalloc");
867 err = -EOPNOTSUPP;
868 goto group_extend_out;
869 }
870
871 err = mnt_want_write_file(filp);
872 if (err)
873 goto group_extend_out;
874
875 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
876 if (EXT4_SB(sb)->s_journal) {
877 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
878 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
879 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
880 }
881 if (err == 0)
882 err = err2;
883 mnt_drop_write_file(filp);
884 group_extend_out:
885 ext4_resize_end(sb);
886 return err;
887 }
888
889 case EXT4_IOC_MOVE_EXT: {
890 struct move_extent me;
891 struct fd donor;
892 int err;
893
894 if (!(filp->f_mode & FMODE_READ) ||
895 !(filp->f_mode & FMODE_WRITE))
896 return -EBADF;
897
898 if (copy_from_user(&me,
899 (struct move_extent __user *)arg, sizeof(me)))
900 return -EFAULT;
901 me.moved_len = 0;
902
903 donor = fdget(me.donor_fd);
904 if (!donor.file)
905 return -EBADF;
906
907 if (!(donor.file->f_mode & FMODE_WRITE)) {
908 err = -EBADF;
909 goto mext_out;
910 }
911
912 if (ext4_has_feature_bigalloc(sb)) {
913 ext4_msg(sb, KERN_ERR,
914 "Online defrag not supported with bigalloc");
915 err = -EOPNOTSUPP;
916 goto mext_out;
917 } else if (IS_DAX(inode)) {
918 ext4_msg(sb, KERN_ERR,
919 "Online defrag not supported with DAX");
920 err = -EOPNOTSUPP;
921 goto mext_out;
922 }
923
924 err = mnt_want_write_file(filp);
925 if (err)
926 goto mext_out;
927
928 err = ext4_move_extents(filp, donor.file, me.orig_start,
929 me.donor_start, me.len, &me.moved_len);
930 mnt_drop_write_file(filp);
931
932 if (copy_to_user((struct move_extent __user *)arg,
933 &me, sizeof(me)))
934 err = -EFAULT;
935 mext_out:
936 fdput(donor);
937 return err;
938 }
939
940 case EXT4_IOC_GROUP_ADD: {
941 struct ext4_new_group_data input;
942
943 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
944 sizeof(input)))
945 return -EFAULT;
946
947 return ext4_ioctl_group_add(filp, &input);
948 }
949
950 case EXT4_IOC_MIGRATE:
951 {
952 int err;
953 if (!inode_owner_or_capable(inode))
954 return -EACCES;
955
956 err = mnt_want_write_file(filp);
957 if (err)
958 return err;
959 /*
960 * inode_mutex prevent write and truncate on the file.
961 * Read still goes through. We take i_data_sem in
962 * ext4_ext_swap_inode_data before we switch the
963 * inode format to prevent read.
964 */
965 inode_lock((inode));
966 err = ext4_ext_migrate(inode);
967 inode_unlock((inode));
968 mnt_drop_write_file(filp);
969 return err;
970 }
971
972 case EXT4_IOC_ALLOC_DA_BLKS:
973 {
974 int err;
975 if (!inode_owner_or_capable(inode))
976 return -EACCES;
977
978 err = mnt_want_write_file(filp);
979 if (err)
980 return err;
981 err = ext4_alloc_da_blocks(inode);
982 mnt_drop_write_file(filp);
983 return err;
984 }
985
986 case EXT4_IOC_SWAP_BOOT:
987 {
988 int err;
989 if (!(filp->f_mode & FMODE_WRITE))
990 return -EBADF;
991 err = mnt_want_write_file(filp);
992 if (err)
993 return err;
994 err = swap_inode_boot_loader(sb, inode);
995 mnt_drop_write_file(filp);
996 return err;
997 }
998
999 case EXT4_IOC_RESIZE_FS: {
1000 ext4_fsblk_t n_blocks_count;
1001 int err = 0, err2 = 0;
1002 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
1003
1004 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1005 sizeof(__u64))) {
1006 return -EFAULT;
1007 }
1008
1009 err = ext4_resize_begin(sb);
1010 if (err)
1011 return err;
1012
1013 err = mnt_want_write_file(filp);
1014 if (err)
1015 goto resizefs_out;
1016
1017 err = ext4_resize_fs(sb, n_blocks_count);
1018 if (EXT4_SB(sb)->s_journal) {
1019 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1020 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
1021 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1022 }
1023 if (err == 0)
1024 err = err2;
1025 mnt_drop_write_file(filp);
1026 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1027 ext4_has_group_desc_csum(sb) &&
1028 test_opt(sb, INIT_INODE_TABLE))
1029 err = ext4_register_li_request(sb, o_group);
1030
1031 resizefs_out:
1032 ext4_resize_end(sb);
1033 return err;
1034 }
1035
1036 case FITRIM:
1037 {
1038 struct request_queue *q = bdev_get_queue(sb->s_bdev);
1039 struct fstrim_range range;
1040 int ret = 0;
1041
1042 if (!capable(CAP_SYS_ADMIN))
1043 return -EPERM;
1044
1045 if (!blk_queue_discard(q))
1046 return -EOPNOTSUPP;
1047
1048 /*
1049 * We haven't replayed the journal, so we cannot use our
1050 * block-bitmap-guided storage zapping commands.
1051 */
1052 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1053 return -EROFS;
1054
1055 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1056 sizeof(range)))
1057 return -EFAULT;
1058
1059 ret = ext4_trim_fs(sb, &range);
1060 if (ret < 0)
1061 return ret;
1062
1063 if (copy_to_user((struct fstrim_range __user *)arg, &range,
1064 sizeof(range)))
1065 return -EFAULT;
1066
1067 return 0;
1068 }
1069 case EXT4_IOC_PRECACHE_EXTENTS:
1070 return ext4_ext_precache(inode);
1071
1072 case EXT4_IOC_SET_ENCRYPTION_POLICY:
1073 if (!ext4_has_feature_encrypt(sb))
1074 return -EOPNOTSUPP;
1075 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1076
1077 case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
1078 #ifdef CONFIG_EXT4_FS_ENCRYPTION
1079 int err, err2;
1080 struct ext4_sb_info *sbi = EXT4_SB(sb);
1081 handle_t *handle;
1082
1083 if (!ext4_has_feature_encrypt(sb))
1084 return -EOPNOTSUPP;
1085 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
1086 err = mnt_want_write_file(filp);
1087 if (err)
1088 return err;
1089 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
1090 if (IS_ERR(handle)) {
1091 err = PTR_ERR(handle);
1092 goto pwsalt_err_exit;
1093 }
1094 err = ext4_journal_get_write_access(handle, sbi->s_sbh);
1095 if (err)
1096 goto pwsalt_err_journal;
1097 lock_buffer(sbi->s_sbh);
1098 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
1099 ext4_superblock_csum_set(sb);
1100 unlock_buffer(sbi->s_sbh);
1101 err = ext4_handle_dirty_metadata(handle, NULL,
1102 sbi->s_sbh);
1103 pwsalt_err_journal:
1104 err2 = ext4_journal_stop(handle);
1105 if (err2 && !err)
1106 err = err2;
1107 pwsalt_err_exit:
1108 mnt_drop_write_file(filp);
1109 if (err)
1110 return err;
1111 }
1112 if (copy_to_user((void __user *) arg,
1113 sbi->s_es->s_encrypt_pw_salt, 16))
1114 return -EFAULT;
1115 return 0;
1116 #else
1117 return -EOPNOTSUPP;
1118 #endif
1119 }
1120 case EXT4_IOC_GET_ENCRYPTION_POLICY:
1121 return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1122
1123 case EXT4_IOC_FSGETXATTR:
1124 {
1125 struct fsxattr fa;
1126
1127 memset(&fa, 0, sizeof(struct fsxattr));
1128 fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE);
1129
1130 if (ext4_has_feature_project(inode->i_sb)) {
1131 fa.fsx_projid = (__u32)from_kprojid(&init_user_ns,
1132 EXT4_I(inode)->i_projid);
1133 }
1134
1135 if (copy_to_user((struct fsxattr __user *)arg,
1136 &fa, sizeof(fa)))
1137 return -EFAULT;
1138 return 0;
1139 }
1140 case EXT4_IOC_FSSETXATTR:
1141 {
1142 struct fsxattr fa;
1143 int err;
1144
1145 if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1146 sizeof(fa)))
1147 return -EFAULT;
1148
1149 /* Make sure caller has proper permission */
1150 if (!inode_owner_or_capable(inode))
1151 return -EACCES;
1152
1153 if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1154 return -EOPNOTSUPP;
1155
1156 flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1157 if (ext4_mask_flags(inode->i_mode, flags) != flags)
1158 return -EOPNOTSUPP;
1159
1160 err = mnt_want_write_file(filp);
1161 if (err)
1162 return err;
1163
1164 inode_lock(inode);
1165 err = ext4_ioctl_check_project(inode, &fa);
1166 if (err)
1167 goto out;
1168 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1169 (flags & EXT4_FL_XFLAG_VISIBLE);
1170 err = ext4_ioctl_check_immutable(inode, fa.fsx_projid, flags);
1171 if (err)
1172 goto out;
1173 err = ext4_ioctl_setflags(inode, flags);
1174 if (err)
1175 goto out;
1176 err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1177 out:
1178 inode_unlock(inode);
1179 mnt_drop_write_file(filp);
1180 return err;
1181 }
1182 case EXT4_IOC_SHUTDOWN:
1183 return ext4_shutdown(sb, arg);
1184 default:
1185 return -ENOTTY;
1186 }
1187 }
1188
1189 #ifdef CONFIG_COMPAT
ext4_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1190 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1191 {
1192 /* These are just misnamed, they actually get/put from/to user an int */
1193 switch (cmd) {
1194 case EXT4_IOC32_GETFLAGS:
1195 cmd = EXT4_IOC_GETFLAGS;
1196 break;
1197 case EXT4_IOC32_SETFLAGS:
1198 cmd = EXT4_IOC_SETFLAGS;
1199 break;
1200 case EXT4_IOC32_GETVERSION:
1201 cmd = EXT4_IOC_GETVERSION;
1202 break;
1203 case EXT4_IOC32_SETVERSION:
1204 cmd = EXT4_IOC_SETVERSION;
1205 break;
1206 case EXT4_IOC32_GROUP_EXTEND:
1207 cmd = EXT4_IOC_GROUP_EXTEND;
1208 break;
1209 case EXT4_IOC32_GETVERSION_OLD:
1210 cmd = EXT4_IOC_GETVERSION_OLD;
1211 break;
1212 case EXT4_IOC32_SETVERSION_OLD:
1213 cmd = EXT4_IOC_SETVERSION_OLD;
1214 break;
1215 case EXT4_IOC32_GETRSVSZ:
1216 cmd = EXT4_IOC_GETRSVSZ;
1217 break;
1218 case EXT4_IOC32_SETRSVSZ:
1219 cmd = EXT4_IOC_SETRSVSZ;
1220 break;
1221 case EXT4_IOC32_GROUP_ADD: {
1222 struct compat_ext4_new_group_input __user *uinput;
1223 struct ext4_new_group_data input;
1224 int err;
1225
1226 uinput = compat_ptr(arg);
1227 err = get_user(input.group, &uinput->group);
1228 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1229 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1230 err |= get_user(input.inode_table, &uinput->inode_table);
1231 err |= get_user(input.blocks_count, &uinput->blocks_count);
1232 err |= get_user(input.reserved_blocks,
1233 &uinput->reserved_blocks);
1234 if (err)
1235 return -EFAULT;
1236 return ext4_ioctl_group_add(file, &input);
1237 }
1238 case EXT4_IOC_MOVE_EXT:
1239 case EXT4_IOC_RESIZE_FS:
1240 case EXT4_IOC_PRECACHE_EXTENTS:
1241 case EXT4_IOC_SET_ENCRYPTION_POLICY:
1242 case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1243 case EXT4_IOC_GET_ENCRYPTION_POLICY:
1244 case EXT4_IOC_SHUTDOWN:
1245 case FS_IOC_GETFSMAP:
1246 break;
1247 default:
1248 return -ENOIOCTLCMD;
1249 }
1250 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1251 }
1252 #endif
1253