Merge tag 'leaks-5.1-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/tobin...
[sfrench/cifs-2.6.git] / fs / ext4 / ioctl.c
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * linux/fs/ext4/ioctl.c
4  *
5  * Copyright (C) 1993, 1994, 1995
6  * Remy Card (card@masi.ibp.fr)
7  * Laboratoire MASI - Institut Blaise Pascal
8  * Universite Pierre et Marie Curie (Paris VI)
9  */
10
11 #include <linux/fs.h>
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <linux/quotaops.h>
18 #include <linux/random.h>
19 #include <linux/uuid.h>
20 #include <linux/uaccess.h>
21 #include <linux/delay.h>
22 #include <linux/iversion.h>
23 #include "ext4_jbd2.h"
24 #include "ext4.h"
25 #include <linux/fsmap.h>
26 #include "fsmap.h"
27 #include <trace/events/ext4.h>
28
29 /**
30  * Swap memory between @a and @b for @len bytes.
31  *
32  * @a:          pointer to first memory area
33  * @b:          pointer to second memory area
34  * @len:        number of bytes to swap
35  *
36  */
37 static void memswap(void *a, void *b, size_t len)
38 {
39         unsigned char *ap, *bp;
40
41         ap = (unsigned char *)a;
42         bp = (unsigned char *)b;
43         while (len-- > 0) {
44                 swap(*ap, *bp);
45                 ap++;
46                 bp++;
47         }
48 }
49
50 /**
51  * Swap i_data and associated attributes between @inode1 and @inode2.
52  * This function is used for the primary swap between inode1 and inode2
53  * and also to revert this primary swap in case of errors.
54  *
55  * Therefore you have to make sure, that calling this method twice
56  * will revert all changes.
57  *
58  * @inode1:     pointer to first inode
59  * @inode2:     pointer to second inode
60  */
61 static void swap_inode_data(struct inode *inode1, struct inode *inode2)
62 {
63         loff_t isize;
64         struct ext4_inode_info *ei1;
65         struct ext4_inode_info *ei2;
66
67         ei1 = EXT4_I(inode1);
68         ei2 = EXT4_I(inode2);
69
70         swap(inode1->i_version, inode2->i_version);
71         swap(inode1->i_blocks, inode2->i_blocks);
72         swap(inode1->i_bytes, inode2->i_bytes);
73         swap(inode1->i_atime, inode2->i_atime);
74         swap(inode1->i_mtime, inode2->i_mtime);
75
76         memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
77         swap(ei1->i_flags, ei2->i_flags);
78         swap(ei1->i_disksize, ei2->i_disksize);
79         ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
80         ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
81
82         isize = i_size_read(inode1);
83         i_size_write(inode1, i_size_read(inode2));
84         i_size_write(inode2, isize);
85 }
86
87 static void reset_inode_seed(struct inode *inode)
88 {
89         struct ext4_inode_info *ei = EXT4_I(inode);
90         struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
91         __le32 inum = cpu_to_le32(inode->i_ino);
92         __le32 gen = cpu_to_le32(inode->i_generation);
93         __u32 csum;
94
95         if (!ext4_has_metadata_csum(inode->i_sb))
96                 return;
97
98         csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
99         ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
100 }
101
102 /**
103  * Swap the information from the given @inode and the inode
104  * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
105  * important fields of the inodes.
106  *
107  * @sb:         the super block of the filesystem
108  * @inode:      the inode to swap with EXT4_BOOT_LOADER_INO
109  *
110  */
111 static long swap_inode_boot_loader(struct super_block *sb,
112                                 struct inode *inode)
113 {
114         handle_t *handle;
115         int err;
116         struct inode *inode_bl;
117         struct ext4_inode_info *ei_bl;
118
119         if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
120             IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
121             ext4_has_inline_data(inode))
122                 return -EINVAL;
123
124         if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
125             !inode_owner_or_capable(inode) || !capable(CAP_SYS_ADMIN))
126                 return -EPERM;
127
128         inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL);
129         if (IS_ERR(inode_bl))
130                 return PTR_ERR(inode_bl);
131         ei_bl = EXT4_I(inode_bl);
132
133         filemap_flush(inode->i_mapping);
134         filemap_flush(inode_bl->i_mapping);
135
136         /* Protect orig inodes against a truncate and make sure,
137          * that only 1 swap_inode_boot_loader is running. */
138         lock_two_nondirectories(inode, inode_bl);
139
140         /* Wait for all existing dio workers */
141         inode_dio_wait(inode);
142         inode_dio_wait(inode_bl);
143
144         truncate_inode_pages(&inode->i_data, 0);
145         truncate_inode_pages(&inode_bl->i_data, 0);
146
147         handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
148         if (IS_ERR(handle)) {
149                 err = -EINVAL;
150                 goto journal_err_out;
151         }
152
153         /* Protect extent tree against block allocations via delalloc */
154         ext4_double_down_write_data_sem(inode, inode_bl);
155
156         if (inode_bl->i_nlink == 0) {
157                 /* this inode has never been used as a BOOT_LOADER */
158                 set_nlink(inode_bl, 1);
159                 i_uid_write(inode_bl, 0);
160                 i_gid_write(inode_bl, 0);
161                 inode_bl->i_flags = 0;
162                 ei_bl->i_flags = 0;
163                 inode_set_iversion(inode_bl, 1);
164                 i_size_write(inode_bl, 0);
165                 inode_bl->i_mode = S_IFREG;
166                 if (ext4_has_feature_extents(sb)) {
167                         ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
168                         ext4_ext_tree_init(handle, inode_bl);
169                 } else
170                         memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
171         }
172
173         swap_inode_data(inode, inode_bl);
174
175         inode->i_ctime = inode_bl->i_ctime = current_time(inode);
176
177         inode->i_generation = prandom_u32();
178         inode_bl->i_generation = prandom_u32();
179         reset_inode_seed(inode);
180         reset_inode_seed(inode_bl);
181
182         ext4_discard_preallocations(inode);
183
184         err = ext4_mark_inode_dirty(handle, inode);
185         if (err < 0) {
186                 ext4_warning(inode->i_sb,
187                         "couldn't mark inode #%lu dirty (err %d)",
188                         inode->i_ino, err);
189                 /* Revert all changes: */
190                 swap_inode_data(inode, inode_bl);
191                 ext4_mark_inode_dirty(handle, inode);
192         } else {
193                 err = ext4_mark_inode_dirty(handle, inode_bl);
194                 if (err < 0) {
195                         ext4_warning(inode_bl->i_sb,
196                                 "couldn't mark inode #%lu dirty (err %d)",
197                                 inode_bl->i_ino, err);
198                         /* Revert all changes: */
199                         swap_inode_data(inode, inode_bl);
200                         ext4_mark_inode_dirty(handle, inode);
201                         ext4_mark_inode_dirty(handle, inode_bl);
202                 }
203         }
204         ext4_journal_stop(handle);
205         ext4_double_up_write_data_sem(inode, inode_bl);
206
207 journal_err_out:
208         unlock_two_nondirectories(inode, inode_bl);
209         iput(inode_bl);
210         return err;
211 }
212
213 #ifdef CONFIG_EXT4_FS_ENCRYPTION
214 static int uuid_is_zero(__u8 u[16])
215 {
216         int     i;
217
218         for (i = 0; i < 16; i++)
219                 if (u[i])
220                         return 0;
221         return 1;
222 }
223 #endif
224
225 static int ext4_ioctl_setflags(struct inode *inode,
226                                unsigned int flags)
227 {
228         struct ext4_inode_info *ei = EXT4_I(inode);
229         handle_t *handle = NULL;
230         int err = -EPERM, migrate = 0;
231         struct ext4_iloc iloc;
232         unsigned int oldflags, mask, i;
233         unsigned int jflag;
234
235         /* Is it quota file? Do not allow user to mess with it */
236         if (ext4_is_quota_file(inode))
237                 goto flags_out;
238
239         oldflags = ei->i_flags;
240
241         /* The JOURNAL_DATA flag is modifiable only by root */
242         jflag = flags & EXT4_JOURNAL_DATA_FL;
243
244         /*
245          * The IMMUTABLE and APPEND_ONLY flags can only be changed by
246          * the relevant capability.
247          *
248          * This test looks nicer. Thanks to Pauline Middelink
249          */
250         if ((flags ^ oldflags) & (EXT4_APPEND_FL | EXT4_IMMUTABLE_FL)) {
251                 if (!capable(CAP_LINUX_IMMUTABLE))
252                         goto flags_out;
253         }
254
255         /*
256          * The JOURNAL_DATA flag can only be changed by
257          * the relevant capability.
258          */
259         if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
260                 if (!capable(CAP_SYS_RESOURCE))
261                         goto flags_out;
262         }
263         if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
264                 migrate = 1;
265
266         if (flags & EXT4_EOFBLOCKS_FL) {
267                 /* we don't support adding EOFBLOCKS flag */
268                 if (!(oldflags & EXT4_EOFBLOCKS_FL)) {
269                         err = -EOPNOTSUPP;
270                         goto flags_out;
271                 }
272         } else if (oldflags & EXT4_EOFBLOCKS_FL) {
273                 err = ext4_truncate(inode);
274                 if (err)
275                         goto flags_out;
276         }
277
278         handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
279         if (IS_ERR(handle)) {
280                 err = PTR_ERR(handle);
281                 goto flags_out;
282         }
283         if (IS_SYNC(inode))
284                 ext4_handle_sync(handle);
285         err = ext4_reserve_inode_write(handle, inode, &iloc);
286         if (err)
287                 goto flags_err;
288
289         for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
290                 if (!(mask & EXT4_FL_USER_MODIFIABLE))
291                         continue;
292                 /* These flags get special treatment later */
293                 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
294                         continue;
295                 if (mask & flags)
296                         ext4_set_inode_flag(inode, i);
297                 else
298                         ext4_clear_inode_flag(inode, i);
299         }
300
301         ext4_set_inode_flags(inode);
302         inode->i_ctime = current_time(inode);
303
304         err = ext4_mark_iloc_dirty(handle, inode, &iloc);
305 flags_err:
306         ext4_journal_stop(handle);
307         if (err)
308                 goto flags_out;
309
310         if ((jflag ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
311                 /*
312                  * Changes to the journaling mode can cause unsafe changes to
313                  * S_DAX if we are using the DAX mount option.
314                  */
315                 if (test_opt(inode->i_sb, DAX)) {
316                         err = -EBUSY;
317                         goto flags_out;
318                 }
319
320                 err = ext4_change_inode_journal_flag(inode, jflag);
321                 if (err)
322                         goto flags_out;
323         }
324         if (migrate) {
325                 if (flags & EXT4_EXTENTS_FL)
326                         err = ext4_ext_migrate(inode);
327                 else
328                         err = ext4_ind_migrate(inode);
329         }
330
331 flags_out:
332         return err;
333 }
334
335 #ifdef CONFIG_QUOTA
336 static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
337 {
338         struct inode *inode = file_inode(filp);
339         struct super_block *sb = inode->i_sb;
340         struct ext4_inode_info *ei = EXT4_I(inode);
341         int err, rc;
342         handle_t *handle;
343         kprojid_t kprojid;
344         struct ext4_iloc iloc;
345         struct ext4_inode *raw_inode;
346         struct dquot *transfer_to[MAXQUOTAS] = { };
347
348         if (!ext4_has_feature_project(sb)) {
349                 if (projid != EXT4_DEF_PROJID)
350                         return -EOPNOTSUPP;
351                 else
352                         return 0;
353         }
354
355         if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
356                 return -EOPNOTSUPP;
357
358         kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
359
360         if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
361                 return 0;
362
363         err = -EPERM;
364         /* Is it quota file? Do not allow user to mess with it */
365         if (ext4_is_quota_file(inode))
366                 return err;
367
368         err = ext4_get_inode_loc(inode, &iloc);
369         if (err)
370                 return err;
371
372         raw_inode = ext4_raw_inode(&iloc);
373         if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
374                 err = ext4_expand_extra_isize(inode,
375                                               EXT4_SB(sb)->s_want_extra_isize,
376                                               &iloc);
377                 if (err)
378                         return err;
379         } else {
380                 brelse(iloc.bh);
381         }
382
383         err = dquot_initialize(inode);
384         if (err)
385                 return err;
386
387         handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
388                 EXT4_QUOTA_INIT_BLOCKS(sb) +
389                 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
390         if (IS_ERR(handle))
391                 return PTR_ERR(handle);
392
393         err = ext4_reserve_inode_write(handle, inode, &iloc);
394         if (err)
395                 goto out_stop;
396
397         transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
398         if (!IS_ERR(transfer_to[PRJQUOTA])) {
399
400                 /* __dquot_transfer() calls back ext4_get_inode_usage() which
401                  * counts xattr inode references.
402                  */
403                 down_read(&EXT4_I(inode)->xattr_sem);
404                 err = __dquot_transfer(inode, transfer_to);
405                 up_read(&EXT4_I(inode)->xattr_sem);
406                 dqput(transfer_to[PRJQUOTA]);
407                 if (err)
408                         goto out_dirty;
409         }
410
411         EXT4_I(inode)->i_projid = kprojid;
412         inode->i_ctime = current_time(inode);
413 out_dirty:
414         rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
415         if (!err)
416                 err = rc;
417 out_stop:
418         ext4_journal_stop(handle);
419         return err;
420 }
421 #else
422 static int ext4_ioctl_setproject(struct file *filp, __u32 projid)
423 {
424         if (projid != EXT4_DEF_PROJID)
425                 return -EOPNOTSUPP;
426         return 0;
427 }
428 #endif
429
430 /* Transfer internal flags to xflags */
431 static inline __u32 ext4_iflags_to_xflags(unsigned long iflags)
432 {
433         __u32 xflags = 0;
434
435         if (iflags & EXT4_SYNC_FL)
436                 xflags |= FS_XFLAG_SYNC;
437         if (iflags & EXT4_IMMUTABLE_FL)
438                 xflags |= FS_XFLAG_IMMUTABLE;
439         if (iflags & EXT4_APPEND_FL)
440                 xflags |= FS_XFLAG_APPEND;
441         if (iflags & EXT4_NODUMP_FL)
442                 xflags |= FS_XFLAG_NODUMP;
443         if (iflags & EXT4_NOATIME_FL)
444                 xflags |= FS_XFLAG_NOATIME;
445         if (iflags & EXT4_PROJINHERIT_FL)
446                 xflags |= FS_XFLAG_PROJINHERIT;
447         return xflags;
448 }
449
450 #define EXT4_SUPPORTED_FS_XFLAGS (FS_XFLAG_SYNC | FS_XFLAG_IMMUTABLE | \
451                                   FS_XFLAG_APPEND | FS_XFLAG_NODUMP | \
452                                   FS_XFLAG_NOATIME | FS_XFLAG_PROJINHERIT)
453
454 /* Transfer xflags flags to internal */
455 static inline unsigned long ext4_xflags_to_iflags(__u32 xflags)
456 {
457         unsigned long iflags = 0;
458
459         if (xflags & FS_XFLAG_SYNC)
460                 iflags |= EXT4_SYNC_FL;
461         if (xflags & FS_XFLAG_IMMUTABLE)
462                 iflags |= EXT4_IMMUTABLE_FL;
463         if (xflags & FS_XFLAG_APPEND)
464                 iflags |= EXT4_APPEND_FL;
465         if (xflags & FS_XFLAG_NODUMP)
466                 iflags |= EXT4_NODUMP_FL;
467         if (xflags & FS_XFLAG_NOATIME)
468                 iflags |= EXT4_NOATIME_FL;
469         if (xflags & FS_XFLAG_PROJINHERIT)
470                 iflags |= EXT4_PROJINHERIT_FL;
471
472         return iflags;
473 }
474
475 static int ext4_shutdown(struct super_block *sb, unsigned long arg)
476 {
477         struct ext4_sb_info *sbi = EXT4_SB(sb);
478         __u32 flags;
479
480         if (!capable(CAP_SYS_ADMIN))
481                 return -EPERM;
482
483         if (get_user(flags, (__u32 __user *)arg))
484                 return -EFAULT;
485
486         if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
487                 return -EINVAL;
488
489         if (ext4_forced_shutdown(sbi))
490                 return 0;
491
492         ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
493         trace_ext4_shutdown(sb, flags);
494
495         switch (flags) {
496         case EXT4_GOING_FLAGS_DEFAULT:
497                 freeze_bdev(sb->s_bdev);
498                 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
499                 thaw_bdev(sb->s_bdev, sb);
500                 break;
501         case EXT4_GOING_FLAGS_LOGFLUSH:
502                 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
503                 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
504                         (void) ext4_force_commit(sb);
505                         jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
506                 }
507                 break;
508         case EXT4_GOING_FLAGS_NOLOGFLUSH:
509                 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
510                 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
511                         jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
512                 break;
513         default:
514                 return -EINVAL;
515         }
516         clear_opt(sb, DISCARD);
517         return 0;
518 }
519
520 struct getfsmap_info {
521         struct super_block      *gi_sb;
522         struct fsmap_head __user *gi_data;
523         unsigned int            gi_idx;
524         __u32                   gi_last_flags;
525 };
526
527 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
528 {
529         struct getfsmap_info *info = priv;
530         struct fsmap fm;
531
532         trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
533
534         info->gi_last_flags = xfm->fmr_flags;
535         ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
536         if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
537                         sizeof(struct fsmap)))
538                 return -EFAULT;
539
540         return 0;
541 }
542
543 static int ext4_ioc_getfsmap(struct super_block *sb,
544                              struct fsmap_head __user *arg)
545 {
546         struct getfsmap_info info = {0};
547         struct ext4_fsmap_head xhead = {0};
548         struct fsmap_head head;
549         bool aborted = false;
550         int error;
551
552         if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
553                 return -EFAULT;
554         if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
555             memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
556                        sizeof(head.fmh_keys[0].fmr_reserved)) ||
557             memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
558                        sizeof(head.fmh_keys[1].fmr_reserved)))
559                 return -EINVAL;
560         /*
561          * ext4 doesn't report file extents at all, so the only valid
562          * file offsets are the magic ones (all zeroes or all ones).
563          */
564         if (head.fmh_keys[0].fmr_offset ||
565             (head.fmh_keys[1].fmr_offset != 0 &&
566              head.fmh_keys[1].fmr_offset != -1ULL))
567                 return -EINVAL;
568
569         xhead.fmh_iflags = head.fmh_iflags;
570         xhead.fmh_count = head.fmh_count;
571         ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
572         ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
573
574         trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
575         trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
576
577         info.gi_sb = sb;
578         info.gi_data = arg;
579         error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
580         if (error == EXT4_QUERY_RANGE_ABORT) {
581                 error = 0;
582                 aborted = true;
583         } else if (error)
584                 return error;
585
586         /* If we didn't abort, set the "last" flag in the last fmx */
587         if (!aborted && info.gi_idx) {
588                 info.gi_last_flags |= FMR_OF_LAST;
589                 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
590                                  &info.gi_last_flags,
591                                  sizeof(info.gi_last_flags)))
592                         return -EFAULT;
593         }
594
595         /* copy back header */
596         head.fmh_entries = xhead.fmh_entries;
597         head.fmh_oflags = xhead.fmh_oflags;
598         if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
599                 return -EFAULT;
600
601         return 0;
602 }
603
604 static long ext4_ioctl_group_add(struct file *file,
605                                  struct ext4_new_group_data *input)
606 {
607         struct super_block *sb = file_inode(file)->i_sb;
608         int err, err2=0;
609
610         err = ext4_resize_begin(sb);
611         if (err)
612                 return err;
613
614         if (ext4_has_feature_bigalloc(sb)) {
615                 ext4_msg(sb, KERN_ERR,
616                          "Online resizing not supported with bigalloc");
617                 err = -EOPNOTSUPP;
618                 goto group_add_out;
619         }
620
621         err = mnt_want_write_file(file);
622         if (err)
623                 goto group_add_out;
624
625         err = ext4_group_add(sb, input);
626         if (EXT4_SB(sb)->s_journal) {
627                 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
628                 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
629                 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
630         }
631         if (err == 0)
632                 err = err2;
633         mnt_drop_write_file(file);
634         if (!err && ext4_has_group_desc_csum(sb) &&
635             test_opt(sb, INIT_INODE_TABLE))
636                 err = ext4_register_li_request(sb, input->group);
637 group_add_out:
638         ext4_resize_end(sb);
639         return err;
640 }
641
642 static int ext4_ioctl_check_project(struct inode *inode, struct fsxattr *fa)
643 {
644         /*
645          * Project Quota ID state is only allowed to change from within the init
646          * namespace. Enforce that restriction only if we are trying to change
647          * the quota ID state. Everything else is allowed in user namespaces.
648          */
649         if (current_user_ns() == &init_user_ns)
650                 return 0;
651
652         if (__kprojid_val(EXT4_I(inode)->i_projid) != fa->fsx_projid)
653                 return -EINVAL;
654
655         if (ext4_test_inode_flag(inode, EXT4_INODE_PROJINHERIT)) {
656                 if (!(fa->fsx_xflags & FS_XFLAG_PROJINHERIT))
657                         return -EINVAL;
658         } else {
659                 if (fa->fsx_xflags & FS_XFLAG_PROJINHERIT)
660                         return -EINVAL;
661         }
662
663         return 0;
664 }
665
666 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
667 {
668         struct inode *inode = file_inode(filp);
669         struct super_block *sb = inode->i_sb;
670         struct ext4_inode_info *ei = EXT4_I(inode);
671         unsigned int flags;
672
673         ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
674
675         switch (cmd) {
676         case FS_IOC_GETFSMAP:
677                 return ext4_ioc_getfsmap(sb, (void __user *)arg);
678         case EXT4_IOC_GETFLAGS:
679                 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
680                 return put_user(flags, (int __user *) arg);
681         case EXT4_IOC_SETFLAGS: {
682                 int err;
683
684                 if (!inode_owner_or_capable(inode))
685                         return -EACCES;
686
687                 if (get_user(flags, (int __user *) arg))
688                         return -EFAULT;
689
690                 if (flags & ~EXT4_FL_USER_VISIBLE)
691                         return -EOPNOTSUPP;
692                 /*
693                  * chattr(1) grabs flags via GETFLAGS, modifies the result and
694                  * passes that to SETFLAGS. So we cannot easily make SETFLAGS
695                  * more restrictive than just silently masking off visible but
696                  * not settable flags as we always did.
697                  */
698                 flags &= EXT4_FL_USER_MODIFIABLE;
699                 if (ext4_mask_flags(inode->i_mode, flags) != flags)
700                         return -EOPNOTSUPP;
701
702                 err = mnt_want_write_file(filp);
703                 if (err)
704                         return err;
705
706                 inode_lock(inode);
707                 err = ext4_ioctl_setflags(inode, flags);
708                 inode_unlock(inode);
709                 mnt_drop_write_file(filp);
710                 return err;
711         }
712         case EXT4_IOC_GETVERSION:
713         case EXT4_IOC_GETVERSION_OLD:
714                 return put_user(inode->i_generation, (int __user *) arg);
715         case EXT4_IOC_SETVERSION:
716         case EXT4_IOC_SETVERSION_OLD: {
717                 handle_t *handle;
718                 struct ext4_iloc iloc;
719                 __u32 generation;
720                 int err;
721
722                 if (!inode_owner_or_capable(inode))
723                         return -EPERM;
724
725                 if (ext4_has_metadata_csum(inode->i_sb)) {
726                         ext4_warning(sb, "Setting inode version is not "
727                                      "supported with metadata_csum enabled.");
728                         return -ENOTTY;
729                 }
730
731                 err = mnt_want_write_file(filp);
732                 if (err)
733                         return err;
734                 if (get_user(generation, (int __user *) arg)) {
735                         err = -EFAULT;
736                         goto setversion_out;
737                 }
738
739                 inode_lock(inode);
740                 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
741                 if (IS_ERR(handle)) {
742                         err = PTR_ERR(handle);
743                         goto unlock_out;
744                 }
745                 err = ext4_reserve_inode_write(handle, inode, &iloc);
746                 if (err == 0) {
747                         inode->i_ctime = current_time(inode);
748                         inode->i_generation = generation;
749                         err = ext4_mark_iloc_dirty(handle, inode, &iloc);
750                 }
751                 ext4_journal_stop(handle);
752
753 unlock_out:
754                 inode_unlock(inode);
755 setversion_out:
756                 mnt_drop_write_file(filp);
757                 return err;
758         }
759         case EXT4_IOC_GROUP_EXTEND: {
760                 ext4_fsblk_t n_blocks_count;
761                 int err, err2=0;
762
763                 err = ext4_resize_begin(sb);
764                 if (err)
765                         return err;
766
767                 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
768                         err = -EFAULT;
769                         goto group_extend_out;
770                 }
771
772                 if (ext4_has_feature_bigalloc(sb)) {
773                         ext4_msg(sb, KERN_ERR,
774                                  "Online resizing not supported with bigalloc");
775                         err = -EOPNOTSUPP;
776                         goto group_extend_out;
777                 }
778
779                 err = mnt_want_write_file(filp);
780                 if (err)
781                         goto group_extend_out;
782
783                 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
784                 if (EXT4_SB(sb)->s_journal) {
785                         jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
786                         err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
787                         jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
788                 }
789                 if (err == 0)
790                         err = err2;
791                 mnt_drop_write_file(filp);
792 group_extend_out:
793                 ext4_resize_end(sb);
794                 return err;
795         }
796
797         case EXT4_IOC_MOVE_EXT: {
798                 struct move_extent me;
799                 struct fd donor;
800                 int err;
801
802                 if (!(filp->f_mode & FMODE_READ) ||
803                     !(filp->f_mode & FMODE_WRITE))
804                         return -EBADF;
805
806                 if (copy_from_user(&me,
807                         (struct move_extent __user *)arg, sizeof(me)))
808                         return -EFAULT;
809                 me.moved_len = 0;
810
811                 donor = fdget(me.donor_fd);
812                 if (!donor.file)
813                         return -EBADF;
814
815                 if (!(donor.file->f_mode & FMODE_WRITE)) {
816                         err = -EBADF;
817                         goto mext_out;
818                 }
819
820                 if (ext4_has_feature_bigalloc(sb)) {
821                         ext4_msg(sb, KERN_ERR,
822                                  "Online defrag not supported with bigalloc");
823                         err = -EOPNOTSUPP;
824                         goto mext_out;
825                 } else if (IS_DAX(inode)) {
826                         ext4_msg(sb, KERN_ERR,
827                                  "Online defrag not supported with DAX");
828                         err = -EOPNOTSUPP;
829                         goto mext_out;
830                 }
831
832                 err = mnt_want_write_file(filp);
833                 if (err)
834                         goto mext_out;
835
836                 err = ext4_move_extents(filp, donor.file, me.orig_start,
837                                         me.donor_start, me.len, &me.moved_len);
838                 mnt_drop_write_file(filp);
839
840                 if (copy_to_user((struct move_extent __user *)arg,
841                                  &me, sizeof(me)))
842                         err = -EFAULT;
843 mext_out:
844                 fdput(donor);
845                 return err;
846         }
847
848         case EXT4_IOC_GROUP_ADD: {
849                 struct ext4_new_group_data input;
850
851                 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
852                                 sizeof(input)))
853                         return -EFAULT;
854
855                 return ext4_ioctl_group_add(filp, &input);
856         }
857
858         case EXT4_IOC_MIGRATE:
859         {
860                 int err;
861                 if (!inode_owner_or_capable(inode))
862                         return -EACCES;
863
864                 err = mnt_want_write_file(filp);
865                 if (err)
866                         return err;
867                 /*
868                  * inode_mutex prevent write and truncate on the file.
869                  * Read still goes through. We take i_data_sem in
870                  * ext4_ext_swap_inode_data before we switch the
871                  * inode format to prevent read.
872                  */
873                 inode_lock((inode));
874                 err = ext4_ext_migrate(inode);
875                 inode_unlock((inode));
876                 mnt_drop_write_file(filp);
877                 return err;
878         }
879
880         case EXT4_IOC_ALLOC_DA_BLKS:
881         {
882                 int err;
883                 if (!inode_owner_or_capable(inode))
884                         return -EACCES;
885
886                 err = mnt_want_write_file(filp);
887                 if (err)
888                         return err;
889                 err = ext4_alloc_da_blocks(inode);
890                 mnt_drop_write_file(filp);
891                 return err;
892         }
893
894         case EXT4_IOC_SWAP_BOOT:
895         {
896                 int err;
897                 if (!(filp->f_mode & FMODE_WRITE))
898                         return -EBADF;
899                 err = mnt_want_write_file(filp);
900                 if (err)
901                         return err;
902                 err = swap_inode_boot_loader(sb, inode);
903                 mnt_drop_write_file(filp);
904                 return err;
905         }
906
907         case EXT4_IOC_RESIZE_FS: {
908                 ext4_fsblk_t n_blocks_count;
909                 int err = 0, err2 = 0;
910                 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
911
912                 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
913                                    sizeof(__u64))) {
914                         return -EFAULT;
915                 }
916
917                 err = ext4_resize_begin(sb);
918                 if (err)
919                         return err;
920
921                 err = mnt_want_write_file(filp);
922                 if (err)
923                         goto resizefs_out;
924
925                 err = ext4_resize_fs(sb, n_blocks_count);
926                 if (EXT4_SB(sb)->s_journal) {
927                         jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
928                         err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal);
929                         jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
930                 }
931                 if (err == 0)
932                         err = err2;
933                 mnt_drop_write_file(filp);
934                 if (!err && (o_group > EXT4_SB(sb)->s_groups_count) &&
935                     ext4_has_group_desc_csum(sb) &&
936                     test_opt(sb, INIT_INODE_TABLE))
937                         err = ext4_register_li_request(sb, o_group);
938
939 resizefs_out:
940                 ext4_resize_end(sb);
941                 return err;
942         }
943
944         case FITRIM:
945         {
946                 struct request_queue *q = bdev_get_queue(sb->s_bdev);
947                 struct fstrim_range range;
948                 int ret = 0;
949
950                 if (!capable(CAP_SYS_ADMIN))
951                         return -EPERM;
952
953                 if (!blk_queue_discard(q))
954                         return -EOPNOTSUPP;
955
956                 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
957                     sizeof(range)))
958                         return -EFAULT;
959
960                 range.minlen = max((unsigned int)range.minlen,
961                                    q->limits.discard_granularity);
962                 ret = ext4_trim_fs(sb, &range);
963                 if (ret < 0)
964                         return ret;
965
966                 if (copy_to_user((struct fstrim_range __user *)arg, &range,
967                     sizeof(range)))
968                         return -EFAULT;
969
970                 return 0;
971         }
972         case EXT4_IOC_PRECACHE_EXTENTS:
973                 return ext4_ext_precache(inode);
974
975         case EXT4_IOC_SET_ENCRYPTION_POLICY:
976                 if (!ext4_has_feature_encrypt(sb))
977                         return -EOPNOTSUPP;
978                 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
979
980         case EXT4_IOC_GET_ENCRYPTION_PWSALT: {
981 #ifdef CONFIG_EXT4_FS_ENCRYPTION
982                 int err, err2;
983                 struct ext4_sb_info *sbi = EXT4_SB(sb);
984                 handle_t *handle;
985
986                 if (!ext4_has_feature_encrypt(sb))
987                         return -EOPNOTSUPP;
988                 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
989                         err = mnt_want_write_file(filp);
990                         if (err)
991                                 return err;
992                         handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
993                         if (IS_ERR(handle)) {
994                                 err = PTR_ERR(handle);
995                                 goto pwsalt_err_exit;
996                         }
997                         err = ext4_journal_get_write_access(handle, sbi->s_sbh);
998                         if (err)
999                                 goto pwsalt_err_journal;
1000                         generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
1001                         err = ext4_handle_dirty_metadata(handle, NULL,
1002                                                          sbi->s_sbh);
1003                 pwsalt_err_journal:
1004                         err2 = ext4_journal_stop(handle);
1005                         if (err2 && !err)
1006                                 err = err2;
1007                 pwsalt_err_exit:
1008                         mnt_drop_write_file(filp);
1009                         if (err)
1010                                 return err;
1011                 }
1012                 if (copy_to_user((void __user *) arg,
1013                                  sbi->s_es->s_encrypt_pw_salt, 16))
1014                         return -EFAULT;
1015                 return 0;
1016 #else
1017                 return -EOPNOTSUPP;
1018 #endif
1019         }
1020         case EXT4_IOC_GET_ENCRYPTION_POLICY:
1021                 return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1022
1023         case EXT4_IOC_FSGETXATTR:
1024         {
1025                 struct fsxattr fa;
1026
1027                 memset(&fa, 0, sizeof(struct fsxattr));
1028                 fa.fsx_xflags = ext4_iflags_to_xflags(ei->i_flags & EXT4_FL_USER_VISIBLE);
1029
1030                 if (ext4_has_feature_project(inode->i_sb)) {
1031                         fa.fsx_projid = (__u32)from_kprojid(&init_user_ns,
1032                                 EXT4_I(inode)->i_projid);
1033                 }
1034
1035                 if (copy_to_user((struct fsxattr __user *)arg,
1036                                  &fa, sizeof(fa)))
1037                         return -EFAULT;
1038                 return 0;
1039         }
1040         case EXT4_IOC_FSSETXATTR:
1041         {
1042                 struct fsxattr fa;
1043                 int err;
1044
1045                 if (copy_from_user(&fa, (struct fsxattr __user *)arg,
1046                                    sizeof(fa)))
1047                         return -EFAULT;
1048
1049                 /* Make sure caller has proper permission */
1050                 if (!inode_owner_or_capable(inode))
1051                         return -EACCES;
1052
1053                 if (fa.fsx_xflags & ~EXT4_SUPPORTED_FS_XFLAGS)
1054                         return -EOPNOTSUPP;
1055
1056                 flags = ext4_xflags_to_iflags(fa.fsx_xflags);
1057                 if (ext4_mask_flags(inode->i_mode, flags) != flags)
1058                         return -EOPNOTSUPP;
1059
1060                 err = mnt_want_write_file(filp);
1061                 if (err)
1062                         return err;
1063
1064                 inode_lock(inode);
1065                 err = ext4_ioctl_check_project(inode, &fa);
1066                 if (err)
1067                         goto out;
1068                 flags = (ei->i_flags & ~EXT4_FL_XFLAG_VISIBLE) |
1069                          (flags & EXT4_FL_XFLAG_VISIBLE);
1070                 err = ext4_ioctl_setflags(inode, flags);
1071                 if (err)
1072                         goto out;
1073                 err = ext4_ioctl_setproject(filp, fa.fsx_projid);
1074 out:
1075                 inode_unlock(inode);
1076                 mnt_drop_write_file(filp);
1077                 return err;
1078         }
1079         case EXT4_IOC_SHUTDOWN:
1080                 return ext4_shutdown(sb, arg);
1081         default:
1082                 return -ENOTTY;
1083         }
1084 }
1085
1086 #ifdef CONFIG_COMPAT
1087 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1088 {
1089         /* These are just misnamed, they actually get/put from/to user an int */
1090         switch (cmd) {
1091         case EXT4_IOC32_GETFLAGS:
1092                 cmd = EXT4_IOC_GETFLAGS;
1093                 break;
1094         case EXT4_IOC32_SETFLAGS:
1095                 cmd = EXT4_IOC_SETFLAGS;
1096                 break;
1097         case EXT4_IOC32_GETVERSION:
1098                 cmd = EXT4_IOC_GETVERSION;
1099                 break;
1100         case EXT4_IOC32_SETVERSION:
1101                 cmd = EXT4_IOC_SETVERSION;
1102                 break;
1103         case EXT4_IOC32_GROUP_EXTEND:
1104                 cmd = EXT4_IOC_GROUP_EXTEND;
1105                 break;
1106         case EXT4_IOC32_GETVERSION_OLD:
1107                 cmd = EXT4_IOC_GETVERSION_OLD;
1108                 break;
1109         case EXT4_IOC32_SETVERSION_OLD:
1110                 cmd = EXT4_IOC_SETVERSION_OLD;
1111                 break;
1112         case EXT4_IOC32_GETRSVSZ:
1113                 cmd = EXT4_IOC_GETRSVSZ;
1114                 break;
1115         case EXT4_IOC32_SETRSVSZ:
1116                 cmd = EXT4_IOC_SETRSVSZ;
1117                 break;
1118         case EXT4_IOC32_GROUP_ADD: {
1119                 struct compat_ext4_new_group_input __user *uinput;
1120                 struct ext4_new_group_data input;
1121                 int err;
1122
1123                 uinput = compat_ptr(arg);
1124                 err = get_user(input.group, &uinput->group);
1125                 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1126                 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1127                 err |= get_user(input.inode_table, &uinput->inode_table);
1128                 err |= get_user(input.blocks_count, &uinput->blocks_count);
1129                 err |= get_user(input.reserved_blocks,
1130                                 &uinput->reserved_blocks);
1131                 if (err)
1132                         return -EFAULT;
1133                 return ext4_ioctl_group_add(file, &input);
1134         }
1135         case EXT4_IOC_MOVE_EXT:
1136         case EXT4_IOC_RESIZE_FS:
1137         case EXT4_IOC_PRECACHE_EXTENTS:
1138         case EXT4_IOC_SET_ENCRYPTION_POLICY:
1139         case EXT4_IOC_GET_ENCRYPTION_PWSALT:
1140         case EXT4_IOC_GET_ENCRYPTION_POLICY:
1141         case EXT4_IOC_SHUTDOWN:
1142         case FS_IOC_GETFSMAP:
1143                 break;
1144         default:
1145                 return -ENOIOCTLCMD;
1146         }
1147         return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
1148 }
1149 #endif