1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * linux/fs/ext4/ioctl.c
4 *
5 * Copyright (C) 1993, 1994, 1995
6 * Remy Card (card@masi.ibp.fr)
7 * Laboratoire MASI - Institut Blaise Pascal
8 * Universite Pierre et Marie Curie (Paris VI)
9 */
10
11 #include <linux/fs.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <linux/quotaops.h>
18 #include <linux/random.h>
19 #include <linux/uuid.h>
20 #include <linux/uaccess.h>
21 #include <linux/delay.h>
22 #include <linux/iversion.h>
23 #include "ext4_jbd2.h"
24 #include "ext4.h"
25 #include <linux/fsmap.h>
26 #include "fsmap.h"
27 #include <trace/events/ext4.h>
28
29 /**
30 * Swap memory between @a and @b for @len bytes.
31 *
32 * @a: pointer to first memory area
33 * @b: pointer to second memory area
34 * @len: number of bytes to swap
35 *
36 */
memswap(void * a,void * b,size_t len)37 static void memswap(void *a, void *b, size_t len)
38 {
39 unsigned char *ap, *bp;
40
41 ap = (unsigned char *)a;
42 bp = (unsigned char *)b;
43 while (len-- > 0) {
44 swap(*ap, *bp);
45 ap++;
46 bp++;
47 }
48 }
49
50 /**
51 * Swap i_data and associated attributes between @inode1 and @inode2.
52 * This function is used for the primary swap between inode1 and inode2
53 * and also to revert this primary swap in case of errors.
54 *
55 * Therefore you have to make sure, that calling this method twice
56 * will revert all changes.
57 *
58 * @inode1: pointer to first inode
59 * @inode2: pointer to second inode
60 */
swap_inode_data(struct inode * inode1,struct inode * inode2)61 static void swap_inode_data(struct inode *inode1, struct inode *inode2)
62 {
63 loff_t isize;
64 struct ext4_inode_info *ei1;
65 struct ext4_inode_info *ei2;
66 unsigned long tmp;
67
68 ei1 = EXT4_I(inode1);
69 ei2 = EXT4_I(inode2);
70
71 swap(inode1->i_version, inode2->i_version);
72 swap(inode1->i_atime, inode2->i_atime);
73 swap(inode1->i_mtime, inode2->i_mtime);
74
75 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
76 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
77 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
78 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
79 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
80 swap(ei1->i_disksize, ei2->i_disksize);
81 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
82 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
83
84 isize = i_size_read(inode1);
85 i_size_write(inode1, i_size_read(inode2));
86 i_size_write(inode2, isize);
87 }
88
reset_inode_seed(struct inode * inode)89 static void reset_inode_seed(struct inode *inode)
90 {
91 struct ext4_inode_info *ei = EXT4_I(inode);
92 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
93 __le32 inum = cpu_to_le32(inode->i_ino);
94 __le32 gen = cpu_to_le32(inode->i_generation);
95 __u32 csum;
96
97 if (!ext4_has_metadata_csum(inode->i_sb))
98 return;
99
100 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
101 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
102 }
103
104 /**
105 * Swap the information from the given @inode and the inode
106 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
107 * important fields of the inodes.
108 *
109 * @sb: the super block of the filesystem
110 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
111 *
112 */
swap_inode_boot_loader(struct super_block * sb,struct inode * inode)113 static long swap_inode_boot_loader(struct super_block *sb,
114 struct inode *inode)
115 {
116 handle_t *handle;
117 int err;
118 struct inode *inode_bl;
119 struct ext4_inode_info *ei_bl;
120 qsize_t size, size_bl, diff;
121 blkcnt_t blocks;
122 unsigned short bytes;
123
124 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL);
125 if (IS_ERR(inode_bl))
126 return PTR_ERR(inode_bl);
127 ei_bl = EXT4_I(inode_bl);
128
129 /* Protect orig inodes against a truncate and make sure,
130 * that only 1 swap_inode_boot_loader is running. */
131 lock_two_nondirectories(inode, inode_bl);
132
133 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
134 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
135 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
136 ext4_has_inline_data(inode)) {
137 err = -EINVAL;
138 goto journal_err_out;
139 }
140
141 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
142 !inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN)) {
143 err = -EPERM;
144 goto journal_err_out;
145 }
146
147 down_write(&EXT4_I(inode)->i_mmap_sem);
148 err = filemap_write_and_wait(inode->i_mapping);
149 if (err)
150 goto err_out;
151
152 err = filemap_write_and_wait(inode_bl->i_mapping);
153 if (err)
154 goto err_out;
155
156 /* Wait for all existing dio workers */
157 inode_dio_wait(inode);
158 inode_dio_wait(inode_bl);
159
160 truncate_inode_pages(&inode->i_data, 0);
161 truncate_inode_pages(&inode_bl->i_data, 0);
162
163 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
164 if (IS_ERR(handle)) {
165 err = -EINVAL;
166 goto err_out;
167 }
168
169 /* Protect extent tree against block allocations via delalloc */
170 ext4_double_down_write_data_sem(inode, inode_bl);
171
172 if (inode_bl->i_nlink == 0) {
173 /* this inode has never been used as a BOOT_LOADER */
174 set_nlink(inode_bl, 1);
175 i_uid_write(inode_bl, 0);
176 i_gid_write(inode_bl, 0);
177 inode_bl->i_flags = 0;
178 ei_bl->i_flags = 0;
179 inode_set_iversion(inode_bl, 1);
180 i_size_write(inode_bl, 0);
181 inode_bl->i_mode = S_IFREG;
182 if (ext4_has_feature_extents(sb)) {
183 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
184 ext4_ext_tree_init(handle, inode_bl);
185 } else
186 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
187 }
188
189 err = dquot_initialize(inode);
190 if (err)
191 goto err_out1;
192
193 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
194 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
195 diff = size - size_bl;
196 swap_inode_data(inode, inode_bl);
197
198 inode->i_ctime = inode_bl->i_ctime = current_time(inode);
199
200 inode->i_generation = prandom_u32();
201 inode_bl->i_generation = prandom_u32();
202 reset_inode_seed(inode);
203 reset_inode_seed(inode_bl);
204
205 ext4_discard_preallocations(inode);
206
207 err = ext4_mark_inode_dirty(handle, inode);
208 if (err < 0) {
209 /* No need to update quota information. */
210 ext4_warning(inode->i_sb,
211 "couldn't mark inode #%lu dirty (err %d)",
212 inode->i_ino, err);
213 /* Revert all changes: */
214 swap_inode_data(inode, inode_bl);
215 ext4_mark_inode_dirty(handle, inode);
216 goto err_out1;
217 }
218
219 blocks = inode_bl->i_blocks;
220 bytes = inode_bl->i_bytes;
221 inode_bl->i_blocks = inode->i_blocks;
222 inode_bl->i_bytes = inode->i_bytes;
223 err = ext4_mark_inode_dirty(handle, inode_bl);
224 if (err < 0) {
225 /* No need to update quota information. */
226 ext4_warning(inode_bl->i_sb,
227 "couldn't mark inode #%lu dirty (err %d)",
228 inode_bl->i_ino, err);
229 goto revert;
230 }
231
232 /* Bootloader inode should not be counted into quota information. */
233 if (diff > 0)
234 dquot_free_space(inode, diff);
235 else
236 err = dquot_alloc_space(inode, -1 * diff);
237
238 if (err < 0) {
239 revert:
240 /* Revert all changes: */
241 inode_bl->i_blocks = blocks;
242 inode_bl->i_bytes = bytes;
243 swap_inode_data(inode, inode_bl);
244 ext4_mark_inode_dirty(handle, inode);
245 ext4_mark_inode_dirty(handle, inode_bl);
246 }
247
248 err_out1:
249 ext4_journal_stop(handle);
250 ext4_double_up_write_data_sem(inode, inode_bl);
251
252 err_out:
253 up_write(&EXT4_I(inode)->i_mmap_sem);
254 journal_err_out:
255 unlock_two_nondirectories(inode, inode_bl);
256 iput(inode_bl);
257 return err;
258 }
259
260 #ifdef CONFIG_EXT4_FS_ENCRYPTION
uuid_is_zero(__u8 u[16])261 static int uuid_is_zero(__u8 u[16])
262 {
263 int i;
264
265 for (i = 0; i < 16; i++)
266 if (u[i])
267 return 0;
268 return 1;
269 }
270 #endif
271
272 /*
273 * If immutable is set and we are not clearing it, we're not allowed to change
274 * anything else in the inode. Don't error out if we're only trying to set
275 * immutable on an immutable file.
276 */
ext4_ioctl_check_immutable(struct inode * inode,__u32 new_projid,unsigned int flags)277 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
278 unsigned int flags)
279 {
280 struct ext4_inode_info *ei = EXT4_I(inode);
281 unsigned int oldflags = ei->i_flags;
282
283 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
284 return 0;
285
286 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
287 return -EPERM;
288 if (ext4_has_feature_project(inode->i_sb) &&
289 __kprojid_val(ei->i_projid) != new_projid)
290 return -EPERM;
291
292 return 0;
293 }
294
ext4_ioctl_setflags(struct inode * inode,unsigned int flags)295 static int ext4_ioctl_setflags(struct inode *inode,
296 unsigned int flags)
297 {
298 struct ext4_inode_info *ei = EXT4_I(inode);
299 handle_t *handle = NULL;
300 int err = -EPERM, migrate = 0;
301 struct ext4_iloc iloc;
302 unsigned int oldflags, mask, i;
303 unsigned int jflag;
304
305 /* Is it quota file? Do not allow user to mess with it */
306 if (ext4_is_quota_file(inode))
307 goto flags_out;
308
309 oldflags = ei->i_flags;
310
311 /* The JOURNAL_DATA flag is modifiable only by root */
312 jflag = flags & EXT4_JOURNAL_DATA_FL;
313
314 /*
315 * The IMMUTABLE and APPEND_ONLY flags can only be changed by
316 * the relevant capability.
317 *
318 * This test looks nicer. Thanks to Pauline Middelink
319 */
320 if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
321 if (!capable(CAP_LINUX_IMMUTABLE))
322 goto flags_out;
323 }
324
325 /*
326 * The JOURNAL_DATA flag can only be changed by
327 * the relevant capability.
328 */
329 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
330 if (!capable(CAP_SYS_RESOURCE))
331 goto flags_out;
332 }
333 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
334 migrate = 1;
335
336 if (flags & EXT4_EOFBLOCKS_FL) {
337 /* we don't support adding EOFBLOCKS flag */
338 if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
339 err = -EOPNOTSUPP;
340 goto flags_out;
341 }
342 } else if (oldflags & EXT4_EOFBLOCKS_FL) {
343 err = ext4_truncate(inode);
344 if (err)
345 goto flags_out;
346 }
347
348 /*
349 * Wait for all pending directio and then flush all the dirty pages
350 * for this file. The flush marks all the pages readonly, so any
351 * subsequent attempt to write to the file (particularly mmap pages)
352 * will come through the filesystem and fail.
353 */
354 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
355 (flags & EXT4_IMMUTABLE_FL)) {
356 inode_dio_wait(inode);
357 err = filemap_write_and_wait(inode->i_mapping);
358 if (err)
359 goto flags_out;
360 }
361
362 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
363 if (IS_ERR(handle)) {
364 err = PTR_ERR(handle);
365 goto flags_out;
366 }
367 if (IS_SYNC(inode))
368 ext4_handle_sync(handle);
369 err = ext4_reserve_inode_write(handle, inode, &iloc);
370 if (err)
371 goto flags_err;
372
373 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
374 if (!(mask & EXT4_FL_USER_MODIFIABLE))
375 continue;
376 /* These flags get special treatment later */
377 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
378 continue;
379 if (mask & flags)
380 ext4_set_inode_flag(inode, i);
381 else
382 ext4_clear_inode_flag(inode, i);
383 }
384
385 ext4_set_inode_flags(inode);
386 inode->i_ctime = current_time(inode);
387
388 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
389 flags_err:
390 ext4_journal_stop(handle);
391 if (err)
392 goto flags_out;
393
394 if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
395 /*
396 * Changes to the journaling mode can cause unsafe changes to
397 * S_DAX if we are using the DAX mount option.
398 */
399 if (test_opt(inode->i_sb, DAX)) {
400 err = -EBUSY;
401 goto flags_out;
402 }
403
404 err = ext4_change_inode_journal_flag(inode, jflag);
405 if (err)
406 goto flags_out;
407 }
408 if (migrate) {
409 if (flags & EXT4_EXTENTS_FL)
410 err = ext4_ext_migrate(inode);
411 else
412 err = ext4_ind_migrate(inode);
413 }
414
415 flags_out:
416 return err;
417 }
418
419 #ifdef CONFIG_QUOTA
ext4_ioctl_setproject(struct file * filp,__u32 projid)420 static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
421 {
422 struct inode *inode = file_inode(filp);
423 struct super_block *sb = inode->i_sb;
424 struct ext4_inode_info *ei = EXT4_I(inode);
425 int err, rc;
426 handle_t *handle;
427 kprojid_t kprojid;
428 struct ext4_iloc iloc;
429 struct ext4_inode *raw_inode;
430 struct dquot *transfer_to[MAXQUOTAS] = { };
431
432 if (!ext4_has_feature_project(sb)) {
433 if (projid != EXT4_DEF_PROJID)
434 return -EOPNOTSUPP;
435 else
436 return 0;
437 }
438
439 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
440 return -EOPNOTSUPP;
441
442 kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
443
444 if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
445 return 0;
446
447 err = -EPERM;
448 /* Is it quota file? Do not allow user to mess with it */
449 if (ext4_is_quota_file(inode))
450 return err;
451
452 err = ext4_get_inode_loc(inode, &iloc);
453 if (err)
454 return err;
455
456 raw_inode = ext4_raw_inode(&iloc);
457 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
458 err = ext4_expand_extra_isize(inode,
459 EXT4_SB(sb)->s_want_extra_isize,
460 &iloc);
461 if (err)
462 return err;
463 } else {
464 brelse(iloc.bh);
465 }
466
467 err = dquot_initialize(inode);
468 if (err)
469 return err;
470
471 handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
472 EXT4_QUOTA_INIT_BLOCKS(sb) +
473 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
474 if (IS_ERR(handle))
475 return PTR_ERR(handle);
476
477 err = ext4_reserve_inode_write(handle, inode, &iloc);
478 if (err)
479 goto out_stop;
480
481 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
482 if (!IS_ERR(transfer_to[PRJQUOTA])) {
483
484 /* __dquot_transfer() calls back ext4_get_inode_usage() which
485 * counts xattr inode references.
486 */
487 down_read(&EXT4_I(inode)->xattr_sem);
488 err = __dquot_transfer(inode, transfer_to);
489 up_read(&EXT4_I(inode)->xattr_sem);
490 dqput(transfer_to[PRJQUOTA]);
491 if (err)
492 goto out_dirty;
493 }
494
495 EXT4_I(inode)->i_projid = kprojid;
496 inode->i_ctime = current_time(inode);
497 out_dirty:
498 rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
499 if (!err)
500 err = rc;
501 out_stop:
502 ext4_journal_stop(handle);
503 return err;
504 }
505 #else
ext4_ioctl_setproject(struct file * filp,__u32 projid)506 static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
507 {
508 if (projid != EXT4_DEF_PROJID)
509 return -EOPNOTSUPP;
510 return 0;
511 }
512 #endif
513
514 /* Transfer internal flags to xflags */
ext4_iflags_to_xflags(unsigned long iflags)515 static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
516 {
517 __u32 xflags = 0;
518
519 if (iflags & EXT4_SYNC_FL)
520 xflags |= FS_XFLAG_SYNC;
521 if (iflags & EXT4_IMMUTABLE_FL)
522 xflags |= FS_XFLAG_IMMUTABLE;
523 if (iflags & EXT4_APPEND_FL)
524 xflags |= FS_XFLAG_APPEND;
525 if (iflags & EXT4_NODUMP_FL)
526 xflags |= FS_XFLAG_NODUMP;
527 if (iflags & EXT4_NOATIME_FL)
528 xflags |= FS_XFLAG_NOATIME;
529 if (iflags & EXT4_PROJINHERIT_FL)
530 xflags |= FS_XFLAG_PROJINHERIT;
531 return xflags;
532 }
533
534 #define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
535 FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
536 FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT)
537
538 /* Transfer xflags flags to internal */
ext4_xflags_to_iflags(__u32 xflags)539 static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
540 {
541 unsigned long iflags = 0;
542
543 if (xflags & FS_XFLAG_SYNC)
544 iflags |= EXT4_SYNC_FL;
545 if (xflags & FS_XFLAG_IMMUTABLE)
546 iflags |= EXT4_IMMUTABLE_FL;
547 if (xflags & FS_XFLAG_APPEND)
548 iflags |= EXT4_APPEND_FL;
549 if (xflags & FS_XFLAG_NODUMP)
550 iflags |= EXT4_NODUMP_FL;
551 if (xflags & FS_XFLAG_NOATIME)
552 iflags |= EXT4_NOATIME_FL;
553 if (xflags & FS_XFLAG_PROJINHERIT)
554 iflags |= EXT4_PROJINHERIT_FL;
555
556 return iflags;
557 }
558
ext4_shutdown(struct super_block * sb,unsigned long arg)559 static int ext4_shutdown(struct super_block *sb, unsigned long arg)
560 {
561 struct ext4_sb_info *sbi = EXT4_SB(sb);
562 __u32 flags;
563
564 if (!capable(CAP_SYS_ADMIN))
565 return -EPERM;
566
567 if (get_user(flags, (__u32 __user *)arg))
568 return -EFAULT;
569
570 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
571 return -EINVAL;
572
573 if (ext4_forced_shutdown(sbi))
574 return 0;
575
576 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
577 trace_ext4_shutdown(sb, flags);
578
579 switch (flags) {
580 case EXT4_GOING_FLAGS_DEFAULT:
581 freeze_bdev(sb->s_bdev);
582 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
583 thaw_bdev(sb->s_bdev, sb);
584 break;
585 case EXT4_GOING_FLAGS_LOGFLUSH:
586 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
587 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
588 (void) ext4_force_commit(sb);
589 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
590 }
591 break;
592 case EXT4_GOING_FLAGS_NOLOGFLUSH:
593 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
594 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
595 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
596 break;
597 default:
598 return -EINVAL;
599 }
600 clear_opt(sb, DISCARD);
601 return 0;
602 }
603
604 struct getfsmap_info {
605 struct super_block *gi_sb;
606 struct fsmap_head __user *gi_data;
607 unsigned int gi_idx;
608 __u32 gi_last_flags;
609 };
610
ext4_getfsmap_format(struct ext4_fsmap * xfm,void * priv)611 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
612 {
613 struct getfsmap_info *info = priv;
614 struct fsmap fm;
615
616 trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
617
618 info->gi_last_flags = xfm->fmr_flags;
619 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
620 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
621 sizeof(struct fsmap)))
622 return -EFAULT;
623
624 return 0;
625 }
626
ext4_ioc_getfsmap(struct super_block * sb,struct fsmap_head __user * arg)627 static int ext4_ioc_getfsmap(struct super_block *sb,
628 struct fsmap_head __user *arg)
629 {
630 struct getfsmap_info info = {0};
631 struct ext4_fsmap_head xhead = {0};
632 struct fsmap_head head;
633 bool aborted = false;
634 int error;
635
636 if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
637 return -EFAULT;
638 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
639 memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
640 sizeof(head.fmh_keys[0].fmr_reserved)) ||
641 memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
642 sizeof(head.fmh_keys[1].fmr_reserved)))
643 return -EINVAL;
644 /*
645 * ext4 doesn't report file extents at all, so the only valid
646 * file offsets are the magic ones (all zeroes or all ones).
647 */
648 if (head.fmh_keys[0].fmr_offset ||
649 (head.fmh_keys[1].fmr_offset != 0 &&
650 head.fmh_keys[1].fmr_offset != -1ULL))
651 return -EINVAL;
652
653 xhead.fmh_iflags = head.fmh_iflags;
654 xhead.fmh_count = head.fmh_count;
655 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
656 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
657
658 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
659 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
660
661 info.gi_sb = sb;
662 info.gi_data = arg;
663 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
664 if (error == EXT4_QUERY_RANGE_ABORT) {
665 error = 0;
666 aborted = true;
667 } else if (error)
668 return error;
669
670 /* If we didn't abort, set the "last" flag in the last fmx */
671 if (!aborted && info.gi_idx) {
672 info.gi_last_flags |= FMR_OF_LAST;
673 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
674 &info.gi_last_flags,
675 sizeof(info.gi_last_flags)))
676 return -EFAULT;
677 }
678
679 /* copy back header */
680 head.fmh_entries = xhead.fmh_entries;
681 head.fmh_oflags = xhead.fmh_oflags;
682 if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
683 return -EFAULT;
684
685 return 0;
686 }
687
ext4_ioctl_group_add(struct file * file,struct ext4_new_group_data * input)688 static long ext4_ioctl_group_add(struct file *file,
689 struct ext4_new_group_data *input)
690 {
691 struct super_block *sb = file_inode(file)->i_sb;
692 int err, err2=0;
693
694 err = ext4_resize_begin(sb);
695 if (err)
696 return err;
697
698 if (ext4_has_feature_bigalloc(sb)) {
699 ext4_msg(sb, KERN_ERR,
700 "Online resizing not supported with bigalloc");
701 err = -EOPNOTSUPP;
702 goto group_add_out;
703 }
704
705 err = mnt_want_write_file(file);
706 if (err)
707 goto group_add_out;
708
709 err = ext4_group_add(sb, input);
710 if (EXT4_SB(sb)->s_journal) {
711 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
712 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
713 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
714 }
715 if (err == 0)
716 err = err2;
717 mnt_drop_write_file(file);
718 if (!err && ext4_has_group_desc_csum(sb) &&
719 test_opt(sb, INIT_INODE_TABLE))
720 err = ext4_register_li_request(sb, input->group);
721 group_add_out:
722 ext4_resize_end(sb);
723 return err;
724 }
725
ext4_ioctl_check_project(struct inode * inode,struct fsxattr * fa)726 static int ext4_ioctl_check_project(struct inode *inode, struct fsxattr *fa)
727 {
728 /*
729 * Project Quota ID state is only allowed to change from within the init
730 * namespace. Enforce that restriction only if we are trying to change
731 * the quota ID state. Everything else is allowed in user namespaces.
732 */
733 if (current_user_ns() == &init_user_ns)
734 return 0;
735
736 if (__kprojid_val(EXT4_I(inode)->i_projid) != fa->fsx_projid)
737 return -EINVAL;
738
739 if (ext4_test_inode_flag(inode, EXT4_INODE_PROJINHERIT)) {
740 if (!(fa->fsx_xflags & FS_XFLAG_PROJINHERIT))
741 return -EINVAL;
742 } else {
743 if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT)
744 return -EINVAL;
745 }
746
747 return 0;
748 }
749
ext4_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)750 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
751 {
752 struct inode *inode = file_inode(filp);
753 struct super_block *sb = inode->i_sb;
754 struct ext4_inode_info *ei = EXT4_I(inode);
755 unsigned int flags;
756
757 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
758
759 switch (cmd) {
760 case FS_IOC_GETFSMAP:
761 return ext4_ioc_getfsmap(sb, (void __user *)arg);
762 case EXT4_IOC_GETFLAGS:
763 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
764 return put_user(flags, (int __user *) arg);
765 case EXT4_IOC_SETFLAGS: {
766 int err;
767
768 if (!inode_owner_or_capable(inode))
769 return -EACCES;
770
771 if (get_user(flags, (int __user *) arg))
772 return -EFAULT;
773
774 if (flags & ~EXT4_FL_USER_VISIBLE)
775 return -EOPNOTSUPP;
776 /*
777 * chattr(1) grabs flags via GETFLAGS, modifies the result and
778 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
779 * more restrictive than just silently masking off visible but
780 * not settable flags as we always did.
781 */
782 flags &= EXT4_FL_USER_MODIFIABLE;
783 if (ext4_mask_flags(inode->i_mode, flags) != flags)
784 return -EOPNOTSUPP;
785
786 err = mnt_want_write_file(filp);
787 if (err)
788 return err;
789
790 inode_lock(inode);
791 err = ext4_ioctl_check_immutable(inode,
792 from_kprojid(&init_user_ns, ei->i_projid),
793 flags);
794 if (!err)
795 err = ext4_ioctl_setflags(inode, flags);
796 inode_unlock(inode);
797 mnt_drop_write_file(filp);
798 return err;
799 }
800 case EXT4_IOC_GETVERSION:
801 case EXT4_IOC_GETVERSION_OLD:
802 return put_user(inode->i_generation, (int __user *) arg);
803 case EXT4_IOC_SETVERSION:
804 case EXT4_IOC_SETVERSION_OLD: {
805 handle_t *handle;
806 struct ext4_iloc iloc;
807 __u32 generation;
808 int err;
809
810 if (!inode_owner_or_capable(inode))
811 return -EPERM;
812
813 if (ext4_has_metadata_csum(inode->i_sb)) {
814 ext4_warning(sb, "Setting inode version is not "
815 "supported with metadata_csum enabled.");
816 return -ENOTTY;
817 }
818
819 err = mnt_want_write_file(filp);
820 if (err)
821 return err;
822 if (get_user(generation, (int __user *) arg)) {
823 err = -EFAULT;
824 goto setversion_out;
825 }
826
827 inode_lock(inode);
828 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
829 if (IS_ERR(handle)) {
830 err = PTR_ERR(handle);
831 goto unlock_out;
832 }
833 err = ext4_reserve_inode_write(handle, inode, &iloc);
834 if (err == 0) {
835 inode->i_ctime = current_time(inode);
836 inode->i_generation = generation;
837 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
838 }
839 ext4_journal_stop(handle);
840
841 unlock_out:
842 inode_unlock(inode);
843 setversion_out:
844 mnt_drop_write_file(filp);
845 return err;
846 }
847 case EXT4_IOC_GROUP_EXTEND: {
848 ext4_fsblk_t n_blocks_count;
849 int err, err2=0;
850
851 err = ext4_resize_begin(sb);
852 if (err)
853 return err;
854
855 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
856 err = -EFAULT;
857 goto group_extend_out;
858 }
859
860 if (ext4_has_feature_bigalloc(sb)) {
861 ext4_msg(sb, KERN_ERR,
862 "Online resizing not supported with bigalloc");
863 err = -EOPNOTSUPP;
864 goto group_extend_out;
865 }
866
867 err = mnt_want_write_file(filp);
868 if (err)
869 goto group_extend_out;
870
871 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
872 if (EXT4_SB(sb)->s_journal) {
873 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
874 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
875 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
876 }
877 if (err == 0)
878 err = err2;
879 mnt_drop_write_file(filp);
880 group_extend_out:
881 ext4_resize_end(sb);
882 return err;
883 }
884
885 case EXT4_IOC_MOVE_EXT: {
886 struct move_extent me;
887 struct fd donor;
888 int err;
889
890 if (!(filp->f_mode & FMODE_READ) ||
891 !(filp->f_mode & FMODE_WRITE))
892 return -EBADF;
893
894 if (copy_from_user(&me,
895 (struct move_extent __user *)arg, sizeof(me)))
896 return -EFAULT;
897 me.moved_len = 0;
898
899 donor = fdget(me.donor_fd);
900 if (!donor.file)
901 return -EBADF;
902
903 if (!(donor.file->f_mode & FMODE_WRITE)) {
904 err = -EBADF;
905 goto mext_out;
906 }
907
908 if (ext4_has_feature_bigalloc(sb)) {
909 ext4_msg(sb, KERN_ERR,
910 "Online defrag not supported with bigalloc");
911 err = -EOPNOTSUPP;
912 goto mext_out;
913 } else if (IS_DAX(inode)) {
914 ext4_msg(sb, KERN_ERR,
915 "Online defrag not supported with DAX");
916 err = -EOPNOTSUPP;
917 goto mext_out;
918 }
919
920 err = mnt_want_write_file(filp);
921 if (err)
922 goto mext_out;
923
924 err = ext4_move_extents(filp, donor.file, me.orig_start,
925 me.donor_start, me.len, &me.moved_len);
926 mnt_drop_write_file(filp);
927
928 if (copy_to_user((struct move_extent __user *)arg,
929 &me, sizeof(me)))
930 err = -EFAULT;
931 mext_out:
932 fdput(donor);
933 return err;
934 }
935
936 case EXT4_IOC_GROUP_ADD: {
937 struct ext4_new_group_data input;
938
939 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
940 sizeof(input)))
941 return -EFAULT;
942
943 return ext4_ioctl_group_add(filp, &input);
944 }
945
946 case EXT4_IOC_MIGRATE:
947 {
948 int err;
949 if (!inode_owner_or_capable(inode))
950 return -EACCES;
951
952 err = mnt_want_write_file(filp);
953 if (err)
954 return err;
955 /*
956 * inode_mutex prevent write and truncate on the file.
957 * Read still goes through. We take i_data_sem in
958 * ext4_ext_swap_inode_data before we switch the
959 * inode format to prevent read.
960 */
961 inode_lock((inode));
962 err = ext4_ext_migrate(inode);
963 inode_unlock((inode));
964 mnt_drop_write_file(filp);
965 return err;
966 }
967
968 case EXT4_IOC_ALLOC_DA_BLKS:
969 {
970 int err;
971 if (!inode_owner_or_capable(inode))
972 return -EACCES;
973
974 err = mnt_want_write_file(filp);
975 if (err)
976 return err;
977 err = ext4_alloc_da_blocks(inode);
978 mnt_drop_write_file(filp);
979 return err;
980 }
981
982 case EXT4_IOC_SWAP_BOOT:
983 {
984 int err;
985 if (!(filp->f_mode & FMODE_WRITE))
986 return -EBADF;
987 err = mnt_want_write_file(filp);
988 if (err)
989 return err;
990 err = swap_inode_boot_loader(sb, inode);
991 mnt_drop_write_file(filp);
992 return err;
993 }
994
995 case EXT4_IOC_RESIZE_FS: {
996 ext4_fsblk_t n_blocks_count;
997 int err = 0, err2 = 0;
998 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
999
1000 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1001 sizeof(__u64))) {
1002 return -EFAULT;
1003 }
1004
1005 err = ext4_resize_begin(sb);
1006 if (err)
1007 return err;
1008
1009 err = mnt_want_write_file(filp);
1010 if (err)
1011 goto resizefs_out;
1012
1013 err = ext4_resize_fs(sb, n_blocks_count);
1014 if (EXT4_SB(sb)->s_journal) {
1015 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1016 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
1017 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1018 }
1019 if (err == 0)
1020 err = err2;
1021 mnt_drop_write_file(filp);
1022 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1023 ext4_has_group_desc_csum(sb) &&
1024 test_opt(sb, INIT_INODE_TABLE))
1025 err = ext4_register_li_request(sb, o_group);
1026
1027 resizefs_out:
1028 ext4_resize_end(sb);
1029 return err;
1030 }
1031
1032 case FITRIM:
1033 {
1034 struct request_queue *q = bdev_get_queue(sb->s_bdev);
1035 struct fstrim_range range;
1036 int ret = 0;
1037
1038 if (!capable(CAP_SYS_ADMIN))
1039 return -EPERM;
1040
1041 if (!blk_queue_discard(q))
1042 return -EOPNOTSUPP;
1043
1044 /*
1045 * We haven't replayed the journal, so we cannot use our
1046 * block-bitmap-guided storage zapping commands.
1047 */
1048 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1049 return -EROFS;
1050
1051 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1052 sizeof(range)))
1053 return -EFAULT;
1054
1055 range.minlen = max((unsigned int)range.minlen,
1056 q->limits.discard_granularity);
1057 ret = ext4_trim_fs(sb, &range);
1058 if (ret < 0)
1059 return ret;
1060
1061 if (copy_to_user((struct fstrim_range __user *)arg, &range,
1062 sizeof(range)))
1063 return -EFAULT;
1064
1065 return 0;
1066 }
1067 case EXT4_IOC_PRECACHE_EXTENTS:
1068 return ext4_ext_precache(inode);
1069
1070 case EXT4_IOC_SET_ENCRYPTION_POLICY:
1071 if (!ext4_has_feature_encrypt(sb))
1072 return -EOPNOTSUPP;
1073 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1074
1075 case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
1076 #ifdef CONFIG_EXT4_FS_ENCRYPTION
1077 int err, err2;
1078 struct ext4_sb_info *sbi = EXT4_SB(sb);
1079 handle_t *handle;
1080
1081 if (!ext4_has_feature_encrypt(sb))
1082 return -EOPNOTSUPP;
1083 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
1084 err = mnt_want_write_file(filp);
1085 if (err)
1086 return err;
1087 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
1088 if (IS_ERR(handle)) {
1089 err = PTR_ERR(handle);
1090 goto pwsalt_err_exit;
1091 }
1092 err = ext4_journal_get_write_access(handle, sbi->s_sbh);
1093 if (err)
1094 goto pwsalt_err_journal;
1095 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
1096 err = ext4_handle_dirty_metadata(handle, NULL,
1097 sbi->s_sbh);
1098 pwsalt_err_journal:
1099 err2 = ext4_journal_stop(handle);
1100 if (err2 && !err)
1101 err = err2;
1102 pwsalt_err_exit:
1103 mnt_drop_write_file(filp);
1104 if (err)
1105 return err;
1106 }
1107 if (copy_to_user((void __user *) arg,
1108 sbi->s_es->s_encrypt_pw_salt, 16))
1109 return -EFAULT;
1110 return 0;
1111 #else
1112 return -EOPNOTSUPP;
1113 #endif
1114 }
1115 case EXT4_IOC_GET_ENCRYPTION_POLICY:
1116 return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1117
1118 case EXT4_IOC_FSGETXATTR:
1119 {
1120 struct fsxattr fa;
1121
1122 memset(&fa, 0, sizeof(struct fsxattr));
1123 fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE);
1124
1125 if (ext4_has_feature_project(inode->i_sb)) {
1126 fa.fsx_projid = (__u32)from_kprojid(&init_user_ns,
1127 EXT4_I(inode)->i_projid);
1128 }
1129
1130 if (copy_to_user((struct fsxattr __user *)arg,
1131 &fa, sizeof(fa)))
1132 return -EFAULT;
1133 return 0;
1134 }
1135 case EXT4_IOC_FSSETXATTR:
1136 {
1137 struct fsxattr fa;
1138 int err;
1139
1140 if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1141 sizeof(fa)))
1142 return -EFAULT;
1143
1144 /* Make sure caller has proper permission */
1145 if (!inode_owner_or_capable(inode))
1146 return -EACCES;
1147
1148 if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1149 return -EOPNOTSUPP;
1150
1151 flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1152 if (ext4_mask_flags(inode->i_mode, flags) != flags)
1153 return -EOPNOTSUPP;
1154
1155 err = mnt_want_write_file(filp);
1156 if (err)
1157 return err;
1158
1159 inode_lock(inode);
1160 err = ext4_ioctl_check_project(inode, &fa);
1161 if (err)
1162 goto out;
1163 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1164 (flags & EXT4_FL_XFLAG_VISIBLE);
1165 err = ext4_ioctl_check_immutable(inode, fa.fsx_projid, flags);
1166 if (err)
1167 goto out;
1168 err = ext4_ioctl_setflags(inode, flags);
1169 if (err)
1170 goto out;
1171 err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1172 out:
1173 inode_unlock(inode);
1174 mnt_drop_write_file(filp);
1175 return err;
1176 }
1177 case EXT4_IOC_SHUTDOWN:
1178 return ext4_shutdown(sb, arg);
1179 default:
1180 return -ENOTTY;
1181 }
1182 }
1183
1184 #ifdef CONFIG_COMPAT
ext4_compat_ioctl(struct file * file,unsigned int cmd,unsigned long arg)1185 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1186 {
1187 /* These are just misnamed, they actually get/put from/to user an int */
1188 switch (cmd) {
1189 case EXT4_IOC32_GETFLAGS:
1190 cmd = EXT4_IOC_GETFLAGS;
1191 break;
1192 case EXT4_IOC32_SETFLAGS:
1193 cmd = EXT4_IOC_SETFLAGS;
1194 break;
1195 case EXT4_IOC32_GETVERSION:
1196 cmd = EXT4_IOC_GETVERSION;
1197 break;
1198 case EXT4_IOC32_SETVERSION:
1199 cmd = EXT4_IOC_SETVERSION;
1200 break;
1201 case EXT4_IOC32_GROUP_EXTEND:
1202 cmd = EXT4_IOC_GROUP_EXTEND;
1203 break;
1204 case EXT4_IOC32_GETVERSION_OLD:
1205 cmd = EXT4_IOC_GETVERSION_OLD;
1206 break;
1207 case EXT4_IOC32_SETVERSION_OLD:
1208 cmd = EXT4_IOC_SETVERSION_OLD;
1209 break;
1210 case EXT4_IOC32_GETRSVSZ:
1211 cmd = EXT4_IOC_GETRSVSZ;
1212 break;
1213 case EXT4_IOC32_SETRSVSZ:
1214 cmd = EXT4_IOC_SETRSVSZ;
1215 break;
1216 case EXT4_IOC32_GROUP_ADD: {
1217 struct compat_ext4_new_group_input __user *uinput;
1218 struct ext4_new_group_data input;
1219 int err;
1220
1221 uinput = compat_ptr(arg);
1222 err = get_user(input.group, &uinput->group);
1223 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1224 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1225 err |= get_user(input.inode_table, &uinput->inode_table);
1226 err |= get_user(input.blocks_count, &uinput->blocks_count);
1227 err |= get_user(input.reserved_blocks,
1228 &uinput->reserved_blocks);
1229 if (err)
1230 return -EFAULT;
1231 return ext4_ioctl_group_add(file, &input);
1232 }
1233 case EXT4_IOC_MOVE_EXT:
1234 case EXT4_IOC_RESIZE_FS:
1235 case EXT4_IOC_PRECACHE_EXTENTS:
1236 case EXT4_IOC_SET_ENCRYPTION_POLICY:
1237 case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1238 case EXT4_IOC_GET_ENCRYPTION_POLICY:
1239 case EXT4_IOC_SHUTDOWN:
1240 case FS_IOC_GETFSMAP:
1241 break;
1242 default:
1243 return -ENOIOCTLCMD;
1244 }
1245 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1246 }
1247 #endif
1248