1 // SPDX-License-Identifier: GPL-2.0
3 * linux/fs/ext4/ioctl.c
5 * Copyright (C) 1993, 1994, 1995
6 * Remy Card (card@masi.ibp.fr)
7 * Laboratoire MASI - Institut Blaise Pascal
8 * Universite Pierre et Marie Curie (Paris VI)
12 #include <linux/capability.h>
13 #include <linux/time.h>
14 #include <linux/compat.h>
15 #include <linux/mount.h>
16 #include <linux/file.h>
17 #include <linux/quotaops.h>
18 #include <linux/random.h>
19 #include <linux/uuid.h>
20 #include <linux/uaccess.h>
21 #include <linux/delay.h>
22 #include <linux/iversion.h>
23 #include <linux/fileattr.h>
24 #include "ext4_jbd2.h"
26 #include <linux/fsmap.h>
28 #include <trace/events/ext4.h>
30 typedef void ext4_update_sb_callback(struct ext4_super_block *es,
34 * Superblock modification callback function for changing file system
37 static void ext4_sb_setlabel(struct ext4_super_block *es, const void *arg)
39 /* Sanity check, this should never happen */
40 BUILD_BUG_ON(sizeof(es->s_volume_name) < EXT4_LABEL_MAX);
42 memcpy(es->s_volume_name, (char *)arg, EXT4_LABEL_MAX);
46 int ext4_update_primary_sb(struct super_block *sb, handle_t *handle,
47 ext4_update_sb_callback func,
51 struct ext4_sb_info *sbi = EXT4_SB(sb);
52 struct buffer_head *bh = sbi->s_sbh;
53 struct ext4_super_block *es = sbi->s_es;
55 trace_ext4_update_sb(sb, bh->b_blocknr, 1);
57 BUFFER_TRACE(bh, "get_write_access");
58 err = ext4_journal_get_write_access(handle, sb,
66 ext4_superblock_csum_set(sb);
69 if (buffer_write_io_error(bh) || !buffer_uptodate(bh)) {
70 ext4_msg(sbi->s_sb, KERN_ERR, "previous I/O error to "
71 "superblock detected");
72 clear_buffer_write_io_error(bh);
73 set_buffer_uptodate(bh);
76 err = ext4_handle_dirty_metadata(handle, NULL, bh);
79 err = sync_dirty_buffer(bh);
81 ext4_std_error(sb, err);
86 * Update one backup superblock in the group 'grp' using the callback
87 * function 'func' and argument 'arg'. If the handle is NULL the
88 * modification is not journalled.
90 * Returns: 0 when no modification was done (no superblock in the group)
91 * 1 when the modification was successful
94 static int ext4_update_backup_sb(struct super_block *sb,
95 handle_t *handle, ext4_group_t grp,
96 ext4_update_sb_callback func, const void *arg)
99 ext4_fsblk_t sb_block;
100 struct buffer_head *bh;
101 unsigned long offset = 0;
102 struct ext4_super_block *es;
104 if (!ext4_bg_has_super(sb, grp))
108 * For the group 0 there is always 1k padding, so we have
109 * either adjust offset, or sb_block depending on blocksize
112 sb_block = 1 * EXT4_MIN_BLOCK_SIZE;
113 offset = do_div(sb_block, sb->s_blocksize);
115 sb_block = ext4_group_first_block_no(sb, grp);
119 trace_ext4_update_sb(sb, sb_block, handle ? 1 : 0);
121 bh = ext4_sb_bread(sb, sb_block, 0);
126 BUFFER_TRACE(bh, "get_write_access");
127 err = ext4_journal_get_write_access(handle, sb,
134 es = (struct ext4_super_block *) (bh->b_data + offset);
136 if (ext4_has_metadata_csum(sb) &&
137 es->s_checksum != ext4_superblock_csum(sb, es)) {
138 ext4_msg(sb, KERN_ERR, "Invalid checksum for backup "
139 "superblock %llu\n", sb_block);
145 if (ext4_has_metadata_csum(sb))
146 es->s_checksum = ext4_superblock_csum(sb, es);
147 set_buffer_uptodate(bh);
154 err = ext4_handle_dirty_metadata(handle, NULL, bh);
158 BUFFER_TRACE(bh, "marking dirty");
159 mark_buffer_dirty(bh);
161 err = sync_dirty_buffer(bh);
165 ext4_std_error(sb, err);
166 return (err) ? err : 1;
170 * Update primary and backup superblocks using the provided function
171 * func and argument arg.
173 * Only the primary superblock and at most two backup superblock
174 * modifications are journalled; the rest is modified without journal.
175 * This is safe because e2fsck will re-write them if there is a problem,
176 * and we're very unlikely to ever need more than two backups.
179 int ext4_update_superblocks_fn(struct super_block *sb,
180 ext4_update_sb_callback func,
184 ext4_group_t ngroups;
185 unsigned int three = 1;
186 unsigned int five = 5;
187 unsigned int seven = 7;
189 ext4_group_t grp, primary_grp;
190 struct ext4_sb_info *sbi = EXT4_SB(sb);
193 * We can't update superblocks while the online resize is running
195 if (test_and_set_bit_lock(EXT4_FLAGS_RESIZING,
196 &sbi->s_ext4_flags)) {
197 ext4_msg(sb, KERN_ERR, "Can't modify superblock while"
198 "performing online resize");
203 * We're only going to update primary superblock and two
204 * backup superblocks in this transaction.
206 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 3);
207 if (IS_ERR(handle)) {
208 err = PTR_ERR(handle);
212 /* Update primary superblock */
213 err = ext4_update_primary_sb(sb, handle, func, arg);
215 ext4_msg(sb, KERN_ERR, "Failed to update primary "
220 primary_grp = ext4_get_group_number(sb, sbi->s_sbh->b_blocknr);
221 ngroups = ext4_get_groups_count(sb);
224 * Update backup superblocks. We have to start from group 0
225 * because it might not be where the primary superblock is
226 * if the fs is mounted with -o sb=<backup_sb_block>
230 while (grp < ngroups) {
231 /* Skip primary superblock */
232 if (grp == primary_grp)
235 ret = ext4_update_backup_sb(sb, handle, grp, func, arg);
237 /* Ignore bad checksum; try to update next sb */
238 if (ret == -EFSBADCRC)
245 if (handle && i > 1) {
247 * We're only journalling primary superblock and
248 * two backup superblocks; the rest is not
251 err = ext4_journal_stop(handle);
257 grp = ext4_list_backups(sb, &three, &five, &seven);
262 ret = ext4_journal_stop(handle);
267 clear_bit_unlock(EXT4_FLAGS_RESIZING, &sbi->s_ext4_flags);
268 smp_mb__after_atomic();
269 return err ? err : 0;
273 * Swap memory between @a and @b for @len bytes.
275 * @a: pointer to first memory area
276 * @b: pointer to second memory area
277 * @len: number of bytes to swap
280 static void memswap(void *a, void *b, size_t len)
282 unsigned char *ap, *bp;
284 ap = (unsigned char *)a;
285 bp = (unsigned char *)b;
294 * Swap i_data and associated attributes between @inode1 and @inode2.
295 * This function is used for the primary swap between inode1 and inode2
296 * and also to revert this primary swap in case of errors.
298 * Therefore you have to make sure, that calling this method twice
299 * will revert all changes.
301 * @inode1: pointer to first inode
302 * @inode2: pointer to second inode
304 static void swap_inode_data(struct inode *inode1, struct inode *inode2)
307 struct ext4_inode_info *ei1;
308 struct ext4_inode_info *ei2;
311 ei1 = EXT4_I(inode1);
312 ei2 = EXT4_I(inode2);
314 swap(inode1->i_version, inode2->i_version);
315 swap(inode1->i_atime, inode2->i_atime);
316 swap(inode1->i_mtime, inode2->i_mtime);
318 memswap(ei1->i_data, ei2->i_data, sizeof(ei1->i_data));
319 tmp = ei1->i_flags & EXT4_FL_SHOULD_SWAP;
320 ei1->i_flags = (ei2->i_flags & EXT4_FL_SHOULD_SWAP) |
321 (ei1->i_flags & ~EXT4_FL_SHOULD_SWAP);
322 ei2->i_flags = tmp | (ei2->i_flags & ~EXT4_FL_SHOULD_SWAP);
323 swap(ei1->i_disksize, ei2->i_disksize);
324 ext4_es_remove_extent(inode1, 0, EXT_MAX_BLOCKS);
325 ext4_es_remove_extent(inode2, 0, EXT_MAX_BLOCKS);
327 isize = i_size_read(inode1);
328 i_size_write(inode1, i_size_read(inode2));
329 i_size_write(inode2, isize);
332 void ext4_reset_inode_seed(struct inode *inode)
334 struct ext4_inode_info *ei = EXT4_I(inode);
335 struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
336 __le32 inum = cpu_to_le32(inode->i_ino);
337 __le32 gen = cpu_to_le32(inode->i_generation);
340 if (!ext4_has_metadata_csum(inode->i_sb))
343 csum = ext4_chksum(sbi, sbi->s_csum_seed, (__u8 *)&inum, sizeof(inum));
344 ei->i_csum_seed = ext4_chksum(sbi, csum, (__u8 *)&gen, sizeof(gen));
348 * Swap the information from the given @inode and the inode
349 * EXT4_BOOT_LOADER_INO. It will basically swap i_data and all other
350 * important fields of the inodes.
352 * @sb: the super block of the filesystem
353 * @mnt_userns: user namespace of the mount the inode was found from
354 * @inode: the inode to swap with EXT4_BOOT_LOADER_INO
357 static long swap_inode_boot_loader(struct super_block *sb,
358 struct user_namespace *mnt_userns,
363 struct inode *inode_bl;
364 struct ext4_inode_info *ei_bl;
365 qsize_t size, size_bl, diff;
367 unsigned short bytes;
369 inode_bl = ext4_iget(sb, EXT4_BOOT_LOADER_INO, EXT4_IGET_SPECIAL);
370 if (IS_ERR(inode_bl))
371 return PTR_ERR(inode_bl);
372 ei_bl = EXT4_I(inode_bl);
374 /* Protect orig inodes against a truncate and make sure,
375 * that only 1 swap_inode_boot_loader is running. */
376 lock_two_nondirectories(inode, inode_bl);
378 if (inode->i_nlink != 1 || !S_ISREG(inode->i_mode) ||
379 IS_SWAPFILE(inode) || IS_ENCRYPTED(inode) ||
380 (EXT4_I(inode)->i_flags & EXT4_JOURNAL_DATA_FL) ||
381 ext4_has_inline_data(inode)) {
383 goto journal_err_out;
386 if (IS_RDONLY(inode) || IS_APPEND(inode) || IS_IMMUTABLE(inode) ||
387 !inode_owner_or_capable(mnt_userns, inode) ||
388 !capable(CAP_SYS_ADMIN)) {
390 goto journal_err_out;
393 filemap_invalidate_lock(inode->i_mapping);
394 err = filemap_write_and_wait(inode->i_mapping);
398 err = filemap_write_and_wait(inode_bl->i_mapping);
402 /* Wait for all existing dio workers */
403 inode_dio_wait(inode);
404 inode_dio_wait(inode_bl);
406 truncate_inode_pages(&inode->i_data, 0);
407 truncate_inode_pages(&inode_bl->i_data, 0);
409 handle = ext4_journal_start(inode_bl, EXT4_HT_MOVE_EXTENTS, 2);
410 if (IS_ERR(handle)) {
414 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_SWAP_BOOT);
416 /* Protect extent tree against block allocations via delalloc */
417 ext4_double_down_write_data_sem(inode, inode_bl);
419 if (inode_bl->i_nlink == 0) {
420 /* this inode has never been used as a BOOT_LOADER */
421 set_nlink(inode_bl, 1);
422 i_uid_write(inode_bl, 0);
423 i_gid_write(inode_bl, 0);
424 inode_bl->i_flags = 0;
426 inode_set_iversion(inode_bl, 1);
427 i_size_write(inode_bl, 0);
428 inode_bl->i_mode = S_IFREG;
429 if (ext4_has_feature_extents(sb)) {
430 ext4_set_inode_flag(inode_bl, EXT4_INODE_EXTENTS);
431 ext4_ext_tree_init(handle, inode_bl);
433 memset(ei_bl->i_data, 0, sizeof(ei_bl->i_data));
436 err = dquot_initialize(inode);
440 size = (qsize_t)(inode->i_blocks) * (1 << 9) + inode->i_bytes;
441 size_bl = (qsize_t)(inode_bl->i_blocks) * (1 << 9) + inode_bl->i_bytes;
442 diff = size - size_bl;
443 swap_inode_data(inode, inode_bl);
445 inode->i_ctime = inode_bl->i_ctime = current_time(inode);
447 inode->i_generation = prandom_u32();
448 inode_bl->i_generation = prandom_u32();
449 ext4_reset_inode_seed(inode);
450 ext4_reset_inode_seed(inode_bl);
452 ext4_discard_preallocations(inode, 0);
454 err = ext4_mark_inode_dirty(handle, inode);
456 /* No need to update quota information. */
457 ext4_warning(inode->i_sb,
458 "couldn't mark inode #%lu dirty (err %d)",
460 /* Revert all changes: */
461 swap_inode_data(inode, inode_bl);
462 ext4_mark_inode_dirty(handle, inode);
466 blocks = inode_bl->i_blocks;
467 bytes = inode_bl->i_bytes;
468 inode_bl->i_blocks = inode->i_blocks;
469 inode_bl->i_bytes = inode->i_bytes;
470 err = ext4_mark_inode_dirty(handle, inode_bl);
472 /* No need to update quota information. */
473 ext4_warning(inode_bl->i_sb,
474 "couldn't mark inode #%lu dirty (err %d)",
475 inode_bl->i_ino, err);
479 /* Bootloader inode should not be counted into quota information. */
481 dquot_free_space(inode, diff);
483 err = dquot_alloc_space(inode, -1 * diff);
487 /* Revert all changes: */
488 inode_bl->i_blocks = blocks;
489 inode_bl->i_bytes = bytes;
490 swap_inode_data(inode, inode_bl);
491 ext4_mark_inode_dirty(handle, inode);
492 ext4_mark_inode_dirty(handle, inode_bl);
496 ext4_journal_stop(handle);
497 ext4_double_up_write_data_sem(inode, inode_bl);
500 filemap_invalidate_unlock(inode->i_mapping);
502 unlock_two_nondirectories(inode, inode_bl);
507 #ifdef CONFIG_FS_ENCRYPTION
508 static int uuid_is_zero(__u8 u[16])
512 for (i = 0; i < 16; i++)
520 * If immutable is set and we are not clearing it, we're not allowed to change
521 * anything else in the inode. Don't error out if we're only trying to set
522 * immutable on an immutable file.
524 static int ext4_ioctl_check_immutable(struct inode *inode, __u32 new_projid,
527 struct ext4_inode_info *ei = EXT4_I(inode);
528 unsigned int oldflags = ei->i_flags;
530 if (!(oldflags & EXT4_IMMUTABLE_FL) || !(flags & EXT4_IMMUTABLE_FL))
533 if ((oldflags & ~EXT4_IMMUTABLE_FL) != (flags & ~EXT4_IMMUTABLE_FL))
535 if (ext4_has_feature_project(inode->i_sb) &&
536 __kprojid_val(ei->i_projid) != new_projid)
542 static void ext4_dax_dontcache(struct inode *inode, unsigned int flags)
544 struct ext4_inode_info *ei = EXT4_I(inode);
546 if (S_ISDIR(inode->i_mode))
549 if (test_opt2(inode->i_sb, DAX_NEVER) ||
550 test_opt(inode->i_sb, DAX_ALWAYS))
553 if ((ei->i_flags ^ flags) & EXT4_DAX_FL)
554 d_mark_dontcache(inode);
557 static bool dax_compatible(struct inode *inode, unsigned int oldflags,
560 /* Allow the DAX flag to be changed on inline directories */
561 if (S_ISDIR(inode->i_mode)) {
562 flags &= ~EXT4_INLINE_DATA_FL;
563 oldflags &= ~EXT4_INLINE_DATA_FL;
566 if (flags & EXT4_DAX_FL) {
567 if ((oldflags & EXT4_DAX_MUT_EXCL) ||
568 ext4_test_inode_state(inode,
569 EXT4_STATE_VERITY_IN_PROGRESS)) {
574 if ((flags & EXT4_DAX_MUT_EXCL) && (oldflags & EXT4_DAX_FL))
580 static int ext4_ioctl_setflags(struct inode *inode,
583 struct ext4_inode_info *ei = EXT4_I(inode);
584 handle_t *handle = NULL;
585 int err = -EPERM, migrate = 0;
586 struct ext4_iloc iloc;
587 unsigned int oldflags, mask, i;
588 struct super_block *sb = inode->i_sb;
590 /* Is it quota file? Do not allow user to mess with it */
591 if (ext4_is_quota_file(inode))
594 oldflags = ei->i_flags;
596 * The JOURNAL_DATA flag can only be changed by
597 * the relevant capability.
599 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
600 if (!capable(CAP_SYS_RESOURCE))
604 if (!dax_compatible(inode, oldflags, flags)) {
609 if ((flags ^ oldflags) & EXT4_EXTENTS_FL)
612 if ((flags ^ oldflags) & EXT4_CASEFOLD_FL) {
613 if (!ext4_has_feature_casefold(sb)) {
618 if (!S_ISDIR(inode->i_mode)) {
623 if (!ext4_empty_dir(inode)) {
630 * Wait for all pending directio and then flush all the dirty pages
631 * for this file. The flush marks all the pages readonly, so any
632 * subsequent attempt to write to the file (particularly mmap pages)
633 * will come through the filesystem and fail.
635 if (S_ISREG(inode->i_mode) && !IS_IMMUTABLE(inode) &&
636 (flags & EXT4_IMMUTABLE_FL)) {
637 inode_dio_wait(inode);
638 err = filemap_write_and_wait(inode->i_mapping);
643 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
644 if (IS_ERR(handle)) {
645 err = PTR_ERR(handle);
649 ext4_handle_sync(handle);
650 err = ext4_reserve_inode_write(handle, inode, &iloc);
654 ext4_dax_dontcache(inode, flags);
656 for (i = 0, mask = 1; i < 32; i++, mask <<= 1) {
657 if (!(mask & EXT4_FL_USER_MODIFIABLE))
659 /* These flags get special treatment later */
660 if (mask == EXT4_JOURNAL_DATA_FL || mask == EXT4_EXTENTS_FL)
663 ext4_set_inode_flag(inode, i);
665 ext4_clear_inode_flag(inode, i);
668 ext4_set_inode_flags(inode, false);
670 inode->i_ctime = current_time(inode);
672 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
674 ext4_journal_stop(handle);
678 if ((flags ^ oldflags) & (EXT4_JOURNAL_DATA_FL)) {
680 * Changes to the journaling mode can cause unsafe changes to
681 * S_DAX if the inode is DAX
688 err = ext4_change_inode_journal_flag(inode,
689 flags & EXT4_JOURNAL_DATA_FL);
694 if (flags & EXT4_EXTENTS_FL)
695 err = ext4_ext_migrate(inode);
697 err = ext4_ind_migrate(inode);
705 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
707 struct super_block *sb = inode->i_sb;
708 struct ext4_inode_info *ei = EXT4_I(inode);
712 struct ext4_iloc iloc;
713 struct ext4_inode *raw_inode;
714 struct dquot *transfer_to[MAXQUOTAS] = { };
716 if (!ext4_has_feature_project(sb)) {
717 if (projid != EXT4_DEF_PROJID)
723 if (EXT4_INODE_SIZE(sb) <= EXT4_GOOD_OLD_INODE_SIZE)
726 kprojid = make_kprojid(&init_user_ns, (projid_t)projid);
728 if (projid_eq(kprojid, EXT4_I(inode)->i_projid))
732 /* Is it quota file? Do not allow user to mess with it */
733 if (ext4_is_quota_file(inode))
736 err = ext4_get_inode_loc(inode, &iloc);
740 raw_inode = ext4_raw_inode(&iloc);
741 if (!EXT4_FITS_IN_INODE(raw_inode, ei, i_projid)) {
742 err = ext4_expand_extra_isize(inode,
743 EXT4_SB(sb)->s_want_extra_isize,
751 err = dquot_initialize(inode);
755 handle = ext4_journal_start(inode, EXT4_HT_QUOTA,
756 EXT4_QUOTA_INIT_BLOCKS(sb) +
757 EXT4_QUOTA_DEL_BLOCKS(sb) + 3);
759 return PTR_ERR(handle);
761 err = ext4_reserve_inode_write(handle, inode, &iloc);
765 transfer_to[PRJQUOTA] = dqget(sb, make_kqid_projid(kprojid));
766 if (!IS_ERR(transfer_to[PRJQUOTA])) {
768 /* __dquot_transfer() calls back ext4_get_inode_usage() which
769 * counts xattr inode references.
771 down_read(&EXT4_I(inode)->xattr_sem);
772 err = __dquot_transfer(inode, transfer_to);
773 up_read(&EXT4_I(inode)->xattr_sem);
774 dqput(transfer_to[PRJQUOTA]);
779 EXT4_I(inode)->i_projid = kprojid;
780 inode->i_ctime = current_time(inode);
782 rc = ext4_mark_iloc_dirty(handle, inode, &iloc);
786 ext4_journal_stop(handle);
790 static int ext4_ioctl_setproject(struct inode *inode, __u32 projid)
792 if (projid != EXT4_DEF_PROJID)
798 static int ext4_shutdown(struct super_block *sb, unsigned long arg)
800 struct ext4_sb_info *sbi = EXT4_SB(sb);
803 if (!capable(CAP_SYS_ADMIN))
806 if (get_user(flags, (__u32 __user *)arg))
809 if (flags > EXT4_GOING_FLAGS_NOLOGFLUSH)
812 if (ext4_forced_shutdown(sbi))
815 ext4_msg(sb, KERN_ALERT, "shut down requested (%d)", flags);
816 trace_ext4_shutdown(sb, flags);
819 case EXT4_GOING_FLAGS_DEFAULT:
820 freeze_bdev(sb->s_bdev);
821 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
822 thaw_bdev(sb->s_bdev);
824 case EXT4_GOING_FLAGS_LOGFLUSH:
825 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
826 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal)) {
827 (void) ext4_force_commit(sb);
828 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
831 case EXT4_GOING_FLAGS_NOLOGFLUSH:
832 set_bit(EXT4_FLAGS_SHUTDOWN, &sbi->s_ext4_flags);
833 if (sbi->s_journal && !is_journal_aborted(sbi->s_journal))
834 jbd2_journal_abort(sbi->s_journal, -ESHUTDOWN);
839 clear_opt(sb, DISCARD);
843 struct getfsmap_info {
844 struct super_block *gi_sb;
845 struct fsmap_head __user *gi_data;
850 static int ext4_getfsmap_format(struct ext4_fsmap *xfm, void *priv)
852 struct getfsmap_info *info = priv;
855 trace_ext4_getfsmap_mapping(info->gi_sb, xfm);
857 info->gi_last_flags = xfm->fmr_flags;
858 ext4_fsmap_from_internal(info->gi_sb, &fm, xfm);
859 if (copy_to_user(&info->gi_data->fmh_recs[info->gi_idx++], &fm,
860 sizeof(struct fsmap)))
866 static int ext4_ioc_getfsmap(struct super_block *sb,
867 struct fsmap_head __user *arg)
869 struct getfsmap_info info = { NULL };
870 struct ext4_fsmap_head xhead = {0};
871 struct fsmap_head head;
872 bool aborted = false;
875 if (copy_from_user(&head, arg, sizeof(struct fsmap_head)))
877 if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) ||
878 memchr_inv(head.fmh_keys[0].fmr_reserved, 0,
879 sizeof(head.fmh_keys[0].fmr_reserved)) ||
880 memchr_inv(head.fmh_keys[1].fmr_reserved, 0,
881 sizeof(head.fmh_keys[1].fmr_reserved)))
884 * ext4 doesn't report file extents at all, so the only valid
885 * file offsets are the magic ones (all zeroes or all ones).
887 if (head.fmh_keys[0].fmr_offset ||
888 (head.fmh_keys[1].fmr_offset != 0 &&
889 head.fmh_keys[1].fmr_offset != -1ULL))
892 xhead.fmh_iflags = head.fmh_iflags;
893 xhead.fmh_count = head.fmh_count;
894 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[0], &head.fmh_keys[0]);
895 ext4_fsmap_to_internal(sb, &xhead.fmh_keys[1], &head.fmh_keys[1]);
897 trace_ext4_getfsmap_low_key(sb, &xhead.fmh_keys[0]);
898 trace_ext4_getfsmap_high_key(sb, &xhead.fmh_keys[1]);
902 error = ext4_getfsmap(sb, &xhead, ext4_getfsmap_format, &info);
903 if (error == EXT4_QUERY_RANGE_ABORT)
908 /* If we didn't abort, set the "last" flag in the last fmx */
909 if (!aborted && info.gi_idx) {
910 info.gi_last_flags |= FMR_OF_LAST;
911 if (copy_to_user(&info.gi_data->fmh_recs[info.gi_idx - 1].fmr_flags,
913 sizeof(info.gi_last_flags)))
917 /* copy back header */
918 head.fmh_entries = xhead.fmh_entries;
919 head.fmh_oflags = xhead.fmh_oflags;
920 if (copy_to_user(arg, &head, sizeof(struct fsmap_head)))
926 static long ext4_ioctl_group_add(struct file *file,
927 struct ext4_new_group_data *input)
929 struct super_block *sb = file_inode(file)->i_sb;
932 err = ext4_resize_begin(sb);
936 if (ext4_has_feature_bigalloc(sb)) {
937 ext4_msg(sb, KERN_ERR,
938 "Online resizing not supported with bigalloc");
943 err = mnt_want_write_file(file);
947 err = ext4_group_add(sb, input);
948 if (EXT4_SB(sb)->s_journal) {
949 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
950 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
951 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
955 mnt_drop_write_file(file);
956 if (!err && ext4_has_group_desc_csum(sb) &&
957 test_opt(sb, INIT_INODE_TABLE))
958 err = ext4_register_li_request(sb, input->group);
964 int ext4_fileattr_get(struct dentry *dentry, struct fileattr *fa)
966 struct inode *inode = d_inode(dentry);
967 struct ext4_inode_info *ei = EXT4_I(inode);
968 u32 flags = ei->i_flags & EXT4_FL_USER_VISIBLE;
970 if (S_ISREG(inode->i_mode))
971 flags &= ~FS_PROJINHERIT_FL;
973 fileattr_fill_flags(fa, flags);
974 if (ext4_has_feature_project(inode->i_sb))
975 fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid);
980 int ext4_fileattr_set(struct user_namespace *mnt_userns,
981 struct dentry *dentry, struct fileattr *fa)
983 struct inode *inode = d_inode(dentry);
984 u32 flags = fa->flags;
985 int err = -EOPNOTSUPP;
987 if (flags & ~EXT4_FL_USER_VISIBLE)
991 * chattr(1) grabs flags via GETFLAGS, modifies the result and
992 * passes that to SETFLAGS. So we cannot easily make SETFLAGS
993 * more restrictive than just silently masking off visible but
994 * not settable flags as we always did.
996 flags &= EXT4_FL_USER_MODIFIABLE;
997 if (ext4_mask_flags(inode->i_mode, flags) != flags)
999 err = ext4_ioctl_check_immutable(inode, fa->fsx_projid, flags);
1002 err = ext4_ioctl_setflags(inode, flags);
1005 err = ext4_ioctl_setproject(inode, fa->fsx_projid);
1010 /* So that the fiemap access checks can't overflow on 32 bit machines. */
1011 #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent))
1013 static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg)
1015 struct fiemap fiemap;
1016 struct fiemap __user *ufiemap = (struct fiemap __user *) arg;
1017 struct fiemap_extent_info fieinfo = { 0, };
1018 struct inode *inode = file_inode(filp);
1021 if (copy_from_user(&fiemap, ufiemap, sizeof(fiemap)))
1024 if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS)
1027 fieinfo.fi_flags = fiemap.fm_flags;
1028 fieinfo.fi_extents_max = fiemap.fm_extent_count;
1029 fieinfo.fi_extents_start = ufiemap->fm_extents;
1031 error = ext4_get_es_cache(inode, &fieinfo, fiemap.fm_start,
1033 fiemap.fm_flags = fieinfo.fi_flags;
1034 fiemap.fm_mapped_extents = fieinfo.fi_extents_mapped;
1035 if (copy_to_user(ufiemap, &fiemap, sizeof(fiemap)))
1041 static int ext4_ioctl_checkpoint(struct file *filp, unsigned long arg)
1045 unsigned int flush_flags = 0;
1046 struct super_block *sb = file_inode(filp)->i_sb;
1047 struct request_queue *q;
1049 if (copy_from_user(&flags, (__u32 __user *)arg,
1053 if (!capable(CAP_SYS_ADMIN))
1056 /* check for invalid bits set */
1057 if ((flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID) ||
1058 ((flags & JBD2_JOURNAL_FLUSH_DISCARD) &&
1059 (flags & JBD2_JOURNAL_FLUSH_ZEROOUT)))
1062 if (!EXT4_SB(sb)->s_journal)
1065 if (flags & ~EXT4_IOC_CHECKPOINT_FLAG_VALID)
1068 q = bdev_get_queue(EXT4_SB(sb)->s_journal->j_dev);
1071 if ((flags & JBD2_JOURNAL_FLUSH_DISCARD) && !blk_queue_discard(q))
1074 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DRY_RUN)
1077 if (flags & EXT4_IOC_CHECKPOINT_FLAG_DISCARD)
1078 flush_flags |= JBD2_JOURNAL_FLUSH_DISCARD;
1080 if (flags & EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT) {
1081 flush_flags |= JBD2_JOURNAL_FLUSH_ZEROOUT;
1082 pr_info_ratelimited("warning: checkpointing journal with EXT4_IOC_CHECKPOINT_FLAG_ZEROOUT can be slow");
1085 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1086 err = jbd2_journal_flush(EXT4_SB(sb)->s_journal, flush_flags);
1087 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1092 static int ext4_ioctl_setlabel(struct file *filp, const char __user *user_label)
1096 char new_label[EXT4_LABEL_MAX + 1];
1097 struct super_block *sb = file_inode(filp)->i_sb;
1099 if (!capable(CAP_SYS_ADMIN))
1103 * Copy the maximum length allowed for ext4 label with one more to
1104 * find the required terminating null byte in order to test the
1105 * label length. The on disk label doesn't need to be null terminated.
1107 if (copy_from_user(new_label, user_label, EXT4_LABEL_MAX + 1))
1110 len = strnlen(new_label, EXT4_LABEL_MAX + 1);
1111 if (len > EXT4_LABEL_MAX)
1115 * Clear the buffer after the new label
1117 memset(new_label + len, 0, EXT4_LABEL_MAX - len);
1119 ret = mnt_want_write_file(filp);
1123 ret = ext4_update_superblocks_fn(sb, ext4_sb_setlabel, new_label);
1125 mnt_drop_write_file(filp);
1129 static int ext4_ioctl_getlabel(struct ext4_sb_info *sbi, char __user *user_label)
1131 char label[EXT4_LABEL_MAX + 1];
1134 * EXT4_LABEL_MAX must always be smaller than FSLABEL_MAX because
1135 * FSLABEL_MAX must include terminating null byte, while s_volume_name
1138 BUILD_BUG_ON(EXT4_LABEL_MAX >= FSLABEL_MAX);
1140 memset(label, 0, sizeof(label));
1141 lock_buffer(sbi->s_sbh);
1142 strncpy(label, sbi->s_es->s_volume_name, EXT4_LABEL_MAX);
1143 unlock_buffer(sbi->s_sbh);
1145 if (copy_to_user(user_label, label, sizeof(label)))
1150 static long __ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1152 struct inode *inode = file_inode(filp);
1153 struct super_block *sb = inode->i_sb;
1154 struct user_namespace *mnt_userns = file_mnt_user_ns(filp);
1156 ext4_debug("cmd = %u, arg = %lu\n", cmd, arg);
1159 case FS_IOC_GETFSMAP:
1160 return ext4_ioc_getfsmap(sb, (void __user *)arg);
1161 case EXT4_IOC_GETVERSION:
1162 case EXT4_IOC_GETVERSION_OLD:
1163 return put_user(inode->i_generation, (int __user *) arg);
1164 case EXT4_IOC_SETVERSION:
1165 case EXT4_IOC_SETVERSION_OLD: {
1167 struct ext4_iloc iloc;
1171 if (!inode_owner_or_capable(mnt_userns, inode))
1174 if (ext4_has_metadata_csum(inode->i_sb)) {
1175 ext4_warning(sb, "Setting inode version is not "
1176 "supported with metadata_csum enabled.");
1180 err = mnt_want_write_file(filp);
1183 if (get_user(generation, (int __user *) arg)) {
1185 goto setversion_out;
1189 handle = ext4_journal_start(inode, EXT4_HT_INODE, 1);
1190 if (IS_ERR(handle)) {
1191 err = PTR_ERR(handle);
1194 err = ext4_reserve_inode_write(handle, inode, &iloc);
1196 inode->i_ctime = current_time(inode);
1197 inode->i_generation = generation;
1198 err = ext4_mark_iloc_dirty(handle, inode, &iloc);
1200 ext4_journal_stop(handle);
1203 inode_unlock(inode);
1205 mnt_drop_write_file(filp);
1208 case EXT4_IOC_GROUP_EXTEND: {
1209 ext4_fsblk_t n_blocks_count;
1212 err = ext4_resize_begin(sb);
1216 if (get_user(n_blocks_count, (__u32 __user *)arg)) {
1218 goto group_extend_out;
1221 if (ext4_has_feature_bigalloc(sb)) {
1222 ext4_msg(sb, KERN_ERR,
1223 "Online resizing not supported with bigalloc");
1225 goto group_extend_out;
1228 err = mnt_want_write_file(filp);
1230 goto group_extend_out;
1232 err = ext4_group_extend(sb, EXT4_SB(sb)->s_es, n_blocks_count);
1233 if (EXT4_SB(sb)->s_journal) {
1234 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1235 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1236 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1240 mnt_drop_write_file(filp);
1242 ext4_resize_end(sb);
1246 case EXT4_IOC_MOVE_EXT: {
1247 struct move_extent me;
1251 if (!(filp->f_mode & FMODE_READ) ||
1252 !(filp->f_mode & FMODE_WRITE))
1255 if (copy_from_user(&me,
1256 (struct move_extent __user *)arg, sizeof(me)))
1260 donor = fdget(me.donor_fd);
1264 if (!(donor.file->f_mode & FMODE_WRITE)) {
1269 if (ext4_has_feature_bigalloc(sb)) {
1270 ext4_msg(sb, KERN_ERR,
1271 "Online defrag not supported with bigalloc");
1274 } else if (IS_DAX(inode)) {
1275 ext4_msg(sb, KERN_ERR,
1276 "Online defrag not supported with DAX");
1281 err = mnt_want_write_file(filp);
1285 err = ext4_move_extents(filp, donor.file, me.orig_start,
1286 me.donor_start, me.len, &me.moved_len);
1287 mnt_drop_write_file(filp);
1289 if (copy_to_user((struct move_extent __user *)arg,
1297 case EXT4_IOC_GROUP_ADD: {
1298 struct ext4_new_group_data input;
1300 if (copy_from_user(&input, (struct ext4_new_group_input __user *)arg,
1304 return ext4_ioctl_group_add(filp, &input);
1307 case EXT4_IOC_MIGRATE:
1310 if (!inode_owner_or_capable(mnt_userns, inode))
1313 err = mnt_want_write_file(filp);
1317 * inode_mutex prevent write and truncate on the file.
1318 * Read still goes through. We take i_data_sem in
1319 * ext4_ext_swap_inode_data before we switch the
1320 * inode format to prevent read.
1322 inode_lock((inode));
1323 err = ext4_ext_migrate(inode);
1324 inode_unlock((inode));
1325 mnt_drop_write_file(filp);
1329 case EXT4_IOC_ALLOC_DA_BLKS:
1332 if (!inode_owner_or_capable(mnt_userns, inode))
1335 err = mnt_want_write_file(filp);
1338 err = ext4_alloc_da_blocks(inode);
1339 mnt_drop_write_file(filp);
1343 case EXT4_IOC_SWAP_BOOT:
1346 if (!(filp->f_mode & FMODE_WRITE))
1348 err = mnt_want_write_file(filp);
1351 err = swap_inode_boot_loader(sb, mnt_userns, inode);
1352 mnt_drop_write_file(filp);
1356 case EXT4_IOC_RESIZE_FS: {
1357 ext4_fsblk_t n_blocks_count;
1358 int err = 0, err2 = 0;
1359 ext4_group_t o_group = EXT4_SB(sb)->s_groups_count;
1361 if (copy_from_user(&n_blocks_count, (__u64 __user *)arg,
1366 err = ext4_resize_begin(sb);
1370 err = mnt_want_write_file(filp);
1374 err = ext4_resize_fs(sb, n_blocks_count);
1375 if (EXT4_SB(sb)->s_journal) {
1376 ext4_fc_mark_ineligible(sb, EXT4_FC_REASON_RESIZE);
1377 jbd2_journal_lock_updates(EXT4_SB(sb)->s_journal);
1378 err2 = jbd2_journal_flush(EXT4_SB(sb)->s_journal, 0);
1379 jbd2_journal_unlock_updates(EXT4_SB(sb)->s_journal);
1383 mnt_drop_write_file(filp);
1384 if (!err && (o_group < EXT4_SB(sb)->s_groups_count) &&
1385 ext4_has_group_desc_csum(sb) &&
1386 test_opt(sb, INIT_INODE_TABLE))
1387 err = ext4_register_li_request(sb, o_group);
1390 ext4_resize_end(sb);
1396 struct request_queue *q = bdev_get_queue(sb->s_bdev);
1397 struct fstrim_range range;
1400 if (!capable(CAP_SYS_ADMIN))
1403 if (!blk_queue_discard(q))
1407 * We haven't replayed the journal, so we cannot use our
1408 * block-bitmap-guided storage zapping commands.
1410 if (test_opt(sb, NOLOAD) && ext4_has_feature_journal(sb))
1413 if (copy_from_user(&range, (struct fstrim_range __user *)arg,
1417 ret = ext4_trim_fs(sb, &range);
1421 if (copy_to_user((struct fstrim_range __user *)arg, &range,
1427 case EXT4_IOC_PRECACHE_EXTENTS:
1428 return ext4_ext_precache(inode);
1430 case FS_IOC_SET_ENCRYPTION_POLICY:
1431 if (!ext4_has_feature_encrypt(sb))
1433 return fscrypt_ioctl_set_policy(filp, (const void __user *)arg);
1435 case FS_IOC_GET_ENCRYPTION_PWSALT: {
1436 #ifdef CONFIG_FS_ENCRYPTION
1438 struct ext4_sb_info *sbi = EXT4_SB(sb);
1441 if (!ext4_has_feature_encrypt(sb))
1443 if (uuid_is_zero(sbi->s_es->s_encrypt_pw_salt)) {
1444 err = mnt_want_write_file(filp);
1447 handle = ext4_journal_start_sb(sb, EXT4_HT_MISC, 1);
1448 if (IS_ERR(handle)) {
1449 err = PTR_ERR(handle);
1450 goto pwsalt_err_exit;
1452 err = ext4_journal_get_write_access(handle, sb,
1456 goto pwsalt_err_journal;
1457 lock_buffer(sbi->s_sbh);
1458 generate_random_uuid(sbi->s_es->s_encrypt_pw_salt);
1459 ext4_superblock_csum_set(sb);
1460 unlock_buffer(sbi->s_sbh);
1461 err = ext4_handle_dirty_metadata(handle, NULL,
1464 err2 = ext4_journal_stop(handle);
1468 mnt_drop_write_file(filp);
1472 if (copy_to_user((void __user *) arg,
1473 sbi->s_es->s_encrypt_pw_salt, 16))
1480 case FS_IOC_GET_ENCRYPTION_POLICY:
1481 if (!ext4_has_feature_encrypt(sb))
1483 return fscrypt_ioctl_get_policy(filp, (void __user *)arg);
1485 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1486 if (!ext4_has_feature_encrypt(sb))
1488 return fscrypt_ioctl_get_policy_ex(filp, (void __user *)arg);
1490 case FS_IOC_ADD_ENCRYPTION_KEY:
1491 if (!ext4_has_feature_encrypt(sb))
1493 return fscrypt_ioctl_add_key(filp, (void __user *)arg);
1495 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1496 if (!ext4_has_feature_encrypt(sb))
1498 return fscrypt_ioctl_remove_key(filp, (void __user *)arg);
1500 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1501 if (!ext4_has_feature_encrypt(sb))
1503 return fscrypt_ioctl_remove_key_all_users(filp,
1504 (void __user *)arg);
1505 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1506 if (!ext4_has_feature_encrypt(sb))
1508 return fscrypt_ioctl_get_key_status(filp, (void __user *)arg);
1510 case FS_IOC_GET_ENCRYPTION_NONCE:
1511 if (!ext4_has_feature_encrypt(sb))
1513 return fscrypt_ioctl_get_nonce(filp, (void __user *)arg);
1515 case EXT4_IOC_CLEAR_ES_CACHE:
1517 if (!inode_owner_or_capable(mnt_userns, inode))
1519 ext4_clear_inode_es(inode);
1523 case EXT4_IOC_GETSTATE:
1527 if (ext4_test_inode_state(inode, EXT4_STATE_EXT_PRECACHED))
1528 state |= EXT4_STATE_FLAG_EXT_PRECACHED;
1529 if (ext4_test_inode_state(inode, EXT4_STATE_NEW))
1530 state |= EXT4_STATE_FLAG_NEW;
1531 if (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
1532 state |= EXT4_STATE_FLAG_NEWENTRY;
1533 if (ext4_test_inode_state(inode, EXT4_STATE_DA_ALLOC_CLOSE))
1534 state |= EXT4_STATE_FLAG_DA_ALLOC_CLOSE;
1536 return put_user(state, (__u32 __user *) arg);
1539 case EXT4_IOC_GET_ES_CACHE:
1540 return ext4_ioctl_get_es_cache(filp, arg);
1542 case EXT4_IOC_SHUTDOWN:
1543 return ext4_shutdown(sb, arg);
1545 case FS_IOC_ENABLE_VERITY:
1546 if (!ext4_has_feature_verity(sb))
1548 return fsverity_ioctl_enable(filp, (const void __user *)arg);
1550 case FS_IOC_MEASURE_VERITY:
1551 if (!ext4_has_feature_verity(sb))
1553 return fsverity_ioctl_measure(filp, (void __user *)arg);
1555 case FS_IOC_READ_VERITY_METADATA:
1556 if (!ext4_has_feature_verity(sb))
1558 return fsverity_ioctl_read_metadata(filp,
1559 (const void __user *)arg);
1561 case EXT4_IOC_CHECKPOINT:
1562 return ext4_ioctl_checkpoint(filp, arg);
1564 case FS_IOC_GETFSLABEL:
1565 return ext4_ioctl_getlabel(EXT4_SB(sb), (void __user *)arg);
1567 case FS_IOC_SETFSLABEL:
1568 return ext4_ioctl_setlabel(filp,
1569 (const void __user *)arg);
1576 long ext4_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
1578 return __ext4_ioctl(filp, cmd, arg);
1581 #ifdef CONFIG_COMPAT
1582 long ext4_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1584 /* These are just misnamed, they actually get/put from/to user an int */
1586 case EXT4_IOC32_GETVERSION:
1587 cmd = EXT4_IOC_GETVERSION;
1589 case EXT4_IOC32_SETVERSION:
1590 cmd = EXT4_IOC_SETVERSION;
1592 case EXT4_IOC32_GROUP_EXTEND:
1593 cmd = EXT4_IOC_GROUP_EXTEND;
1595 case EXT4_IOC32_GETVERSION_OLD:
1596 cmd = EXT4_IOC_GETVERSION_OLD;
1598 case EXT4_IOC32_SETVERSION_OLD:
1599 cmd = EXT4_IOC_SETVERSION_OLD;
1601 case EXT4_IOC32_GETRSVSZ:
1602 cmd = EXT4_IOC_GETRSVSZ;
1604 case EXT4_IOC32_SETRSVSZ:
1605 cmd = EXT4_IOC_SETRSVSZ;
1607 case EXT4_IOC32_GROUP_ADD: {
1608 struct compat_ext4_new_group_input __user *uinput;
1609 struct ext4_new_group_data input;
1612 uinput = compat_ptr(arg);
1613 err = get_user(input.group, &uinput->group);
1614 err |= get_user(input.block_bitmap, &uinput->block_bitmap);
1615 err |= get_user(input.inode_bitmap, &uinput->inode_bitmap);
1616 err |= get_user(input.inode_table, &uinput->inode_table);
1617 err |= get_user(input.blocks_count, &uinput->blocks_count);
1618 err |= get_user(input.reserved_blocks,
1619 &uinput->reserved_blocks);
1622 return ext4_ioctl_group_add(file, &input);
1624 case EXT4_IOC_MOVE_EXT:
1625 case EXT4_IOC_RESIZE_FS:
1627 case EXT4_IOC_PRECACHE_EXTENTS:
1628 case FS_IOC_SET_ENCRYPTION_POLICY:
1629 case FS_IOC_GET_ENCRYPTION_PWSALT:
1630 case FS_IOC_GET_ENCRYPTION_POLICY:
1631 case FS_IOC_GET_ENCRYPTION_POLICY_EX:
1632 case FS_IOC_ADD_ENCRYPTION_KEY:
1633 case FS_IOC_REMOVE_ENCRYPTION_KEY:
1634 case FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS:
1635 case FS_IOC_GET_ENCRYPTION_KEY_STATUS:
1636 case FS_IOC_GET_ENCRYPTION_NONCE:
1637 case EXT4_IOC_SHUTDOWN:
1638 case FS_IOC_GETFSMAP:
1639 case FS_IOC_ENABLE_VERITY:
1640 case FS_IOC_MEASURE_VERITY:
1641 case FS_IOC_READ_VERITY_METADATA:
1642 case EXT4_IOC_CLEAR_ES_CACHE:
1643 case EXT4_IOC_GETSTATE:
1644 case EXT4_IOC_GET_ES_CACHE:
1645 case EXT4_IOC_CHECKPOINT:
1646 case FS_IOC_GETFSLABEL:
1647 case FS_IOC_SETFSLABEL:
1650 return -ENOIOCTLCMD;
1652 return ext4_ioctl(file, cmd, (unsigned long) compat_ptr(arg));
projects / linux-2.6-microblaze.git / blob