1 | // SPDX-License-Identifier: GPL-2.0 |
2 | #ifndef NO_BCACHEFS_FS |
3 | |
4 | #include "bcachefs.h" |
5 | #include "chardev.h" |
6 | #include "dirent.h" |
7 | #include "fs.h" |
8 | #include "fs-common.h" |
9 | #include "fs-ioctl.h" |
10 | #include "quota.h" |
11 | |
12 | #include <linux/compat.h> |
13 | #include <linux/fsnotify.h> |
14 | #include <linux/mount.h> |
15 | #include <linux/namei.h> |
16 | #include <linux/security.h> |
17 | #include <linux/writeback.h> |
18 | |
19 | #define FS_IOC_GOINGDOWN _IOR('X', 125, __u32) |
20 | #define FSOP_GOING_FLAGS_DEFAULT 0x0 /* going down */ |
21 | #define FSOP_GOING_FLAGS_LOGFLUSH 0x1 /* flush log but not data */ |
22 | #define FSOP_GOING_FLAGS_NOLOGFLUSH 0x2 /* don't flush log nor data */ |
23 | |
24 | struct flags_set { |
25 | unsigned mask; |
26 | unsigned flags; |
27 | |
28 | unsigned projid; |
29 | |
30 | bool set_projinherit; |
31 | bool projinherit; |
32 | }; |
33 | |
34 | static int bch2_inode_flags_set(struct btree_trans *trans, |
35 | struct bch_inode_info *inode, |
36 | struct bch_inode_unpacked *bi, |
37 | void *p) |
38 | { |
39 | struct bch_fs *c = inode->v.i_sb->s_fs_info; |
40 | /* |
41 | * We're relying on btree locking here for exclusion with other ioctl |
42 | * calls - use the flags in the btree (@bi), not inode->i_flags: |
43 | */ |
44 | struct flags_set *s = p; |
45 | unsigned newflags = s->flags; |
46 | unsigned oldflags = bi->bi_flags & s->mask; |
47 | |
48 | if (((newflags ^ oldflags) & (BCH_INODE_append|BCH_INODE_immutable)) && |
49 | !capable(CAP_LINUX_IMMUTABLE)) |
50 | return -EPERM; |
51 | |
52 | if (!S_ISREG(bi->bi_mode) && |
53 | !S_ISDIR(bi->bi_mode) && |
54 | (newflags & (BCH_INODE_nodump|BCH_INODE_noatime)) != newflags) |
55 | return -EINVAL; |
56 | |
57 | if (s->set_projinherit) { |
58 | bi->bi_fields_set &= ~(1 << Inode_opt_project); |
59 | bi->bi_fields_set |= ((int) s->projinherit << Inode_opt_project); |
60 | } |
61 | |
62 | bi->bi_flags &= ~s->mask; |
63 | bi->bi_flags |= newflags; |
64 | |
65 | bi->bi_ctime = timespec_to_bch2_time(c, ts: current_time(inode: &inode->v)); |
66 | return 0; |
67 | } |
68 | |
69 | static int bch2_ioc_getflags(struct bch_inode_info *inode, int __user *arg) |
70 | { |
71 | unsigned flags = map_flags(bch_flags_to_uflags, inode->ei_inode.bi_flags); |
72 | |
73 | return put_user(flags, arg); |
74 | } |
75 | |
76 | static int bch2_ioc_setflags(struct bch_fs *c, |
77 | struct file *file, |
78 | struct bch_inode_info *inode, |
79 | void __user *arg) |
80 | { |
81 | struct flags_set s = { .mask = map_defined(bch_flags_to_uflags) }; |
82 | unsigned uflags; |
83 | int ret; |
84 | |
85 | if (get_user(uflags, (int __user *) arg)) |
86 | return -EFAULT; |
87 | |
88 | s.flags = map_flags_rev(bch_flags_to_uflags, uflags); |
89 | if (uflags) |
90 | return -EOPNOTSUPP; |
91 | |
92 | ret = mnt_want_write_file(file); |
93 | if (ret) |
94 | return ret; |
95 | |
96 | inode_lock(inode: &inode->v); |
97 | if (!inode_owner_or_capable(idmap: file_mnt_idmap(file), inode: &inode->v)) { |
98 | ret = -EACCES; |
99 | goto setflags_out; |
100 | } |
101 | |
102 | mutex_lock(&inode->ei_update_lock); |
103 | ret = bch2_subvol_is_ro(c, inode->ei_subvol) ?: |
104 | bch2_write_inode(c, inode, bch2_inode_flags_set, &s, |
105 | ATTR_CTIME); |
106 | mutex_unlock(lock: &inode->ei_update_lock); |
107 | |
108 | setflags_out: |
109 | inode_unlock(inode: &inode->v); |
110 | mnt_drop_write_file(file); |
111 | return ret; |
112 | } |
113 | |
114 | static int bch2_ioc_fsgetxattr(struct bch_inode_info *inode, |
115 | struct fsxattr __user *arg) |
116 | { |
117 | struct fsxattr fa = { 0 }; |
118 | |
119 | fa.fsx_xflags = map_flags(bch_flags_to_xflags, inode->ei_inode.bi_flags); |
120 | |
121 | if (inode->ei_inode.bi_fields_set & (1 << Inode_opt_project)) |
122 | fa.fsx_xflags |= FS_XFLAG_PROJINHERIT; |
123 | |
124 | fa.fsx_projid = inode->ei_qid.q[QTYP_PRJ]; |
125 | |
126 | if (copy_to_user(to: arg, from: &fa, n: sizeof(fa))) |
127 | return -EFAULT; |
128 | |
129 | return 0; |
130 | } |
131 | |
132 | static int fssetxattr_inode_update_fn(struct btree_trans *trans, |
133 | struct bch_inode_info *inode, |
134 | struct bch_inode_unpacked *bi, |
135 | void *p) |
136 | { |
137 | struct flags_set *s = p; |
138 | |
139 | if (s->projid != bi->bi_project) { |
140 | bi->bi_fields_set |= 1U << Inode_opt_project; |
141 | bi->bi_project = s->projid; |
142 | } |
143 | |
144 | return bch2_inode_flags_set(trans, inode, bi, p); |
145 | } |
146 | |
147 | static int bch2_ioc_fssetxattr(struct bch_fs *c, |
148 | struct file *file, |
149 | struct bch_inode_info *inode, |
150 | struct fsxattr __user *arg) |
151 | { |
152 | struct flags_set s = { .mask = map_defined(bch_flags_to_xflags) }; |
153 | struct fsxattr fa; |
154 | int ret; |
155 | |
156 | if (copy_from_user(to: &fa, from: arg, n: sizeof(fa))) |
157 | return -EFAULT; |
158 | |
159 | s.set_projinherit = true; |
160 | s.projinherit = (fa.fsx_xflags & FS_XFLAG_PROJINHERIT) != 0; |
161 | fa.fsx_xflags &= ~FS_XFLAG_PROJINHERIT; |
162 | |
163 | s.flags = map_flags_rev(bch_flags_to_xflags, fa.fsx_xflags); |
164 | if (fa.fsx_xflags) |
165 | return -EOPNOTSUPP; |
166 | |
167 | if (fa.fsx_projid >= U32_MAX) |
168 | return -EINVAL; |
169 | |
170 | /* |
171 | * inode fields accessible via the xattr interface are stored with a +1 |
172 | * bias, so that 0 means unset: |
173 | */ |
174 | s.projid = fa.fsx_projid + 1; |
175 | |
176 | ret = mnt_want_write_file(file); |
177 | if (ret) |
178 | return ret; |
179 | |
180 | inode_lock(inode: &inode->v); |
181 | if (!inode_owner_or_capable(idmap: file_mnt_idmap(file), inode: &inode->v)) { |
182 | ret = -EACCES; |
183 | goto err; |
184 | } |
185 | |
186 | mutex_lock(&inode->ei_update_lock); |
187 | ret = bch2_subvol_is_ro(c, inode->ei_subvol) ?: |
188 | bch2_set_projid(c, inode, projid: fa.fsx_projid) ?: |
189 | bch2_write_inode(c, inode, fssetxattr_inode_update_fn, &s, |
190 | ATTR_CTIME); |
191 | mutex_unlock(lock: &inode->ei_update_lock); |
192 | err: |
193 | inode_unlock(inode: &inode->v); |
194 | mnt_drop_write_file(file); |
195 | return ret; |
196 | } |
197 | |
198 | static int bch2_reinherit_attrs_fn(struct btree_trans *trans, |
199 | struct bch_inode_info *inode, |
200 | struct bch_inode_unpacked *bi, |
201 | void *p) |
202 | { |
203 | struct bch_inode_info *dir = p; |
204 | |
205 | return !bch2_reinherit_attrs(bi, &dir->ei_inode); |
206 | } |
207 | |
208 | static int bch2_ioc_reinherit_attrs(struct bch_fs *c, |
209 | struct file *file, |
210 | struct bch_inode_info *src, |
211 | const char __user *name) |
212 | { |
213 | struct bch_hash_info hash = bch2_hash_info_init(c, bi: &src->ei_inode); |
214 | struct bch_inode_info *dst; |
215 | struct inode *vinode = NULL; |
216 | char *kname = NULL; |
217 | struct qstr qstr; |
218 | int ret = 0; |
219 | subvol_inum inum; |
220 | |
221 | kname = kmalloc(BCH_NAME_MAX + 1, GFP_KERNEL); |
222 | if (!kname) |
223 | return -ENOMEM; |
224 | |
225 | ret = strncpy_from_user(dst: kname, src: name, BCH_NAME_MAX); |
226 | if (unlikely(ret < 0)) |
227 | goto err1; |
228 | |
229 | qstr.len = ret; |
230 | qstr.name = kname; |
231 | |
232 | ret = bch2_dirent_lookup(c, inode_inum(inode: src), &hash, &qstr, &inum); |
233 | if (ret) |
234 | goto err1; |
235 | |
236 | vinode = bch2_vfs_inode_get(c, inum); |
237 | ret = PTR_ERR_OR_ZERO(ptr: vinode); |
238 | if (ret) |
239 | goto err1; |
240 | |
241 | dst = to_bch_ei(vinode); |
242 | |
243 | ret = mnt_want_write_file(file); |
244 | if (ret) |
245 | goto err2; |
246 | |
247 | bch2_lock_inodes(INODE_UPDATE_LOCK, src, dst); |
248 | |
249 | if (inode_attr_changing(dir: src, inode: dst, id: Inode_opt_project)) { |
250 | ret = bch2_fs_quota_transfer(c, dst, |
251 | src->ei_qid, |
252 | 1 << QTYP_PRJ, |
253 | KEY_TYPE_QUOTA_PREALLOC); |
254 | if (ret) |
255 | goto err3; |
256 | } |
257 | |
258 | ret = bch2_write_inode(c, dst, bch2_reinherit_attrs_fn, src, 0); |
259 | err3: |
260 | bch2_unlock_inodes(INODE_UPDATE_LOCK, src, dst); |
261 | |
262 | /* return true if we did work */ |
263 | if (ret >= 0) |
264 | ret = !ret; |
265 | |
266 | mnt_drop_write_file(file); |
267 | err2: |
268 | iput(vinode); |
269 | err1: |
270 | kfree(objp: kname); |
271 | |
272 | return ret; |
273 | } |
274 | |
275 | static int bch2_ioc_goingdown(struct bch_fs *c, u32 __user *arg) |
276 | { |
277 | u32 flags; |
278 | int ret = 0; |
279 | |
280 | if (!capable(CAP_SYS_ADMIN)) |
281 | return -EPERM; |
282 | |
283 | if (get_user(flags, arg)) |
284 | return -EFAULT; |
285 | |
286 | bch_notice(c, "shutdown by ioctl type %u" , flags); |
287 | |
288 | switch (flags) { |
289 | case FSOP_GOING_FLAGS_DEFAULT: |
290 | ret = bdev_freeze(bdev: c->vfs_sb->s_bdev); |
291 | if (ret) |
292 | break; |
293 | bch2_journal_flush(&c->journal); |
294 | bch2_fs_emergency_read_only(c); |
295 | bdev_thaw(bdev: c->vfs_sb->s_bdev); |
296 | break; |
297 | case FSOP_GOING_FLAGS_LOGFLUSH: |
298 | bch2_journal_flush(&c->journal); |
299 | fallthrough; |
300 | case FSOP_GOING_FLAGS_NOLOGFLUSH: |
301 | bch2_fs_emergency_read_only(c); |
302 | break; |
303 | default: |
304 | ret = -EINVAL; |
305 | break; |
306 | } |
307 | |
308 | return ret; |
309 | } |
310 | |
311 | static long __bch2_ioctl_subvolume_create(struct bch_fs *c, struct file *filp, |
312 | struct bch_ioctl_subvolume arg) |
313 | { |
314 | struct inode *dir; |
315 | struct bch_inode_info *inode; |
316 | struct user_namespace *s_user_ns; |
317 | struct dentry *dst_dentry; |
318 | struct path src_path, dst_path; |
319 | int how = LOOKUP_FOLLOW; |
320 | int error; |
321 | subvol_inum snapshot_src = { 0 }; |
322 | unsigned lookup_flags = 0; |
323 | unsigned create_flags = BCH_CREATE_SUBVOL; |
324 | |
325 | if (arg.flags & ~(BCH_SUBVOL_SNAPSHOT_CREATE| |
326 | BCH_SUBVOL_SNAPSHOT_RO)) |
327 | return -EINVAL; |
328 | |
329 | if (!(arg.flags & BCH_SUBVOL_SNAPSHOT_CREATE) && |
330 | (arg.src_ptr || |
331 | (arg.flags & BCH_SUBVOL_SNAPSHOT_RO))) |
332 | return -EINVAL; |
333 | |
334 | if (arg.flags & BCH_SUBVOL_SNAPSHOT_CREATE) |
335 | create_flags |= BCH_CREATE_SNAPSHOT; |
336 | |
337 | if (arg.flags & BCH_SUBVOL_SNAPSHOT_RO) |
338 | create_flags |= BCH_CREATE_SNAPSHOT_RO; |
339 | |
340 | if (arg.flags & BCH_SUBVOL_SNAPSHOT_CREATE) { |
341 | /* sync_inodes_sb enforce s_umount is locked */ |
342 | down_read(sem: &c->vfs_sb->s_umount); |
343 | sync_inodes_sb(c->vfs_sb); |
344 | up_read(sem: &c->vfs_sb->s_umount); |
345 | } |
346 | retry: |
347 | if (arg.src_ptr) { |
348 | error = user_path_at(dfd: arg.dirfd, |
349 | name: (const char __user *)(unsigned long)arg.src_ptr, |
350 | flags: how, path: &src_path); |
351 | if (error) |
352 | goto err1; |
353 | |
354 | if (src_path.dentry->d_sb->s_fs_info != c) { |
355 | path_put(&src_path); |
356 | error = -EXDEV; |
357 | goto err1; |
358 | } |
359 | |
360 | snapshot_src = inode_inum(to_bch_ei(src_path.dentry->d_inode)); |
361 | } |
362 | |
363 | dst_dentry = user_path_create(arg.dirfd, |
364 | (const char __user *)(unsigned long)arg.dst_ptr, |
365 | &dst_path, lookup_flags); |
366 | error = PTR_ERR_OR_ZERO(ptr: dst_dentry); |
367 | if (error) |
368 | goto err2; |
369 | |
370 | if (dst_dentry->d_sb->s_fs_info != c) { |
371 | error = -EXDEV; |
372 | goto err3; |
373 | } |
374 | |
375 | if (dst_dentry->d_inode) { |
376 | error = -EEXIST; |
377 | goto err3; |
378 | } |
379 | |
380 | dir = dst_path.dentry->d_inode; |
381 | if (IS_DEADDIR(dir)) { |
382 | error = -BCH_ERR_ENOENT_directory_dead; |
383 | goto err3; |
384 | } |
385 | |
386 | s_user_ns = dir->i_sb->s_user_ns; |
387 | if (!kuid_has_mapping(ns: s_user_ns, current_fsuid()) || |
388 | !kgid_has_mapping(ns: s_user_ns, current_fsgid())) { |
389 | error = -EOVERFLOW; |
390 | goto err3; |
391 | } |
392 | |
393 | error = inode_permission(file_mnt_idmap(file: filp), |
394 | dir, MAY_WRITE | MAY_EXEC); |
395 | if (error) |
396 | goto err3; |
397 | |
398 | if (!IS_POSIXACL(dir)) |
399 | arg.mode &= ~current_umask(); |
400 | |
401 | error = security_path_mkdir(dir: &dst_path, dentry: dst_dentry, mode: arg.mode); |
402 | if (error) |
403 | goto err3; |
404 | |
405 | if ((arg.flags & BCH_SUBVOL_SNAPSHOT_CREATE) && |
406 | !arg.src_ptr) |
407 | snapshot_src.subvol = inode_inum(to_bch_ei(dir)).subvol; |
408 | |
409 | inode = __bch2_create(file_mnt_idmap(file: filp), to_bch_ei(dir), |
410 | dst_dentry, arg.mode|S_IFDIR, |
411 | 0, snapshot_src, create_flags); |
412 | error = PTR_ERR_OR_ZERO(ptr: inode); |
413 | if (error) |
414 | goto err3; |
415 | |
416 | d_instantiate(dst_dentry, &inode->v); |
417 | fsnotify_mkdir(dir, dentry: dst_dentry); |
418 | err3: |
419 | done_path_create(&dst_path, dst_dentry); |
420 | err2: |
421 | if (arg.src_ptr) |
422 | path_put(&src_path); |
423 | |
424 | if (retry_estale(error, flags: lookup_flags)) { |
425 | lookup_flags |= LOOKUP_REVAL; |
426 | goto retry; |
427 | } |
428 | err1: |
429 | return error; |
430 | } |
431 | |
432 | static long bch2_ioctl_subvolume_create(struct bch_fs *c, struct file *filp, |
433 | struct bch_ioctl_subvolume arg) |
434 | { |
435 | down_write(sem: &c->snapshot_create_lock); |
436 | long ret = __bch2_ioctl_subvolume_create(c, filp, arg); |
437 | up_write(sem: &c->snapshot_create_lock); |
438 | |
439 | return ret; |
440 | } |
441 | |
442 | static long bch2_ioctl_subvolume_destroy(struct bch_fs *c, struct file *filp, |
443 | struct bch_ioctl_subvolume arg) |
444 | { |
445 | const char __user *name = (void __user *)(unsigned long)arg.dst_ptr; |
446 | struct path path; |
447 | struct inode *dir; |
448 | struct dentry *victim; |
449 | int ret = 0; |
450 | |
451 | if (arg.flags) |
452 | return -EINVAL; |
453 | |
454 | victim = user_path_locked_at(arg.dirfd, name, &path); |
455 | if (IS_ERR(ptr: victim)) |
456 | return PTR_ERR(ptr: victim); |
457 | |
458 | dir = d_inode(dentry: path.dentry); |
459 | if (victim->d_sb->s_fs_info != c) { |
460 | ret = -EXDEV; |
461 | goto err; |
462 | } |
463 | if (!d_is_positive(dentry: victim)) { |
464 | ret = -ENOENT; |
465 | goto err; |
466 | } |
467 | ret = __bch2_unlink(dir, victim, true); |
468 | if (!ret) { |
469 | fsnotify_rmdir(dir, dentry: victim); |
470 | d_delete(victim); |
471 | } |
472 | err: |
473 | inode_unlock(inode: dir); |
474 | dput(victim); |
475 | path_put(&path); |
476 | return ret; |
477 | } |
478 | |
479 | long bch2_fs_file_ioctl(struct file *file, unsigned cmd, unsigned long arg) |
480 | { |
481 | struct bch_inode_info *inode = file_bch_inode(file); |
482 | struct bch_fs *c = inode->v.i_sb->s_fs_info; |
483 | long ret; |
484 | |
485 | switch (cmd) { |
486 | case FS_IOC_GETFLAGS: |
487 | ret = bch2_ioc_getflags(inode, arg: (int __user *) arg); |
488 | break; |
489 | |
490 | case FS_IOC_SETFLAGS: |
491 | ret = bch2_ioc_setflags(c, file, inode, arg: (int __user *) arg); |
492 | break; |
493 | |
494 | case FS_IOC_FSGETXATTR: |
495 | ret = bch2_ioc_fsgetxattr(inode, arg: (void __user *) arg); |
496 | break; |
497 | |
498 | case FS_IOC_FSSETXATTR: |
499 | ret = bch2_ioc_fssetxattr(c, file, inode, |
500 | arg: (void __user *) arg); |
501 | break; |
502 | |
503 | case BCHFS_IOC_REINHERIT_ATTRS: |
504 | ret = bch2_ioc_reinherit_attrs(c, file, src: inode, |
505 | name: (void __user *) arg); |
506 | break; |
507 | |
508 | case FS_IOC_GETVERSION: |
509 | ret = -ENOTTY; |
510 | break; |
511 | |
512 | case FS_IOC_SETVERSION: |
513 | ret = -ENOTTY; |
514 | break; |
515 | |
516 | case FS_IOC_GOINGDOWN: |
517 | ret = bch2_ioc_goingdown(c, arg: (u32 __user *) arg); |
518 | break; |
519 | |
520 | case BCH_IOCTL_SUBVOLUME_CREATE: { |
521 | struct bch_ioctl_subvolume i; |
522 | |
523 | ret = copy_from_user(to: &i, from: (void __user *) arg, n: sizeof(i)) |
524 | ? -EFAULT |
525 | : bch2_ioctl_subvolume_create(c, filp: file, arg: i); |
526 | break; |
527 | } |
528 | |
529 | case BCH_IOCTL_SUBVOLUME_DESTROY: { |
530 | struct bch_ioctl_subvolume i; |
531 | |
532 | ret = copy_from_user(to: &i, from: (void __user *) arg, n: sizeof(i)) |
533 | ? -EFAULT |
534 | : bch2_ioctl_subvolume_destroy(c, filp: file, arg: i); |
535 | break; |
536 | } |
537 | |
538 | default: |
539 | ret = bch2_fs_ioctl(c, cmd, (void __user *) arg); |
540 | break; |
541 | } |
542 | |
543 | return bch2_err_class(err: ret); |
544 | } |
545 | |
546 | #ifdef CONFIG_COMPAT |
547 | long bch2_compat_fs_ioctl(struct file *file, unsigned cmd, unsigned long arg) |
548 | { |
549 | /* These are just misnamed, they actually get/put from/to user an int */ |
550 | switch (cmd) { |
551 | case FS_IOC_GETFLAGS: |
552 | cmd = FS_IOC_GETFLAGS; |
553 | break; |
554 | case FS_IOC32_SETFLAGS: |
555 | cmd = FS_IOC_SETFLAGS; |
556 | break; |
557 | default: |
558 | return -ENOIOCTLCMD; |
559 | } |
560 | return bch2_fs_file_ioctl(file, cmd, arg: (unsigned long) compat_ptr(uptr: arg)); |
561 | } |
562 | #endif |
563 | |
564 | #endif /* NO_BCACHEFS_FS */ |
565 | |