2 * Copyright (c) 1982, 1986, 1990, 1993, 1995
3 * The Regents of the University of California. All rights reserved.
5 * This code is derived from software contributed to Berkeley by
6 * Robert Elz at The University of Melbourne.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 4. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * @(#)ufs_quota.c 8.5 (Berkeley) 5/20/95
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/endian.h>
43 #include <sys/fcntl.h>
44 #include <sys/kernel.h>
46 #include <sys/malloc.h>
47 #include <sys/mount.h>
48 #include <sys/mutex.h>
49 #include <sys/namei.h>
52 #include <sys/socket.h>
54 #include <sys/sysctl.h>
55 #include <sys/vnode.h>
57 #include <ufs/ufs/extattr.h>
58 #include <ufs/ufs/quota.h>
59 #include <ufs/ufs/inode.h>
60 #include <ufs/ufs/ufsmount.h>
61 #include <ufs/ufs/ufs_extern.h>
63 CTASSERT(sizeof(struct dqblk64) == sizeof(struct dqhdr64));
65 static int unprivileged_get_quota = 0;
66 SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_get_quota, CTLFLAG_RW,
67 &unprivileged_get_quota, 0,
68 "Unprivileged processes may retrieve quotas for other uids and gids");
70 static MALLOC_DEFINE(M_DQUOT, "ufs_quota", "UFS quota entries");
73 * Quota name to error message mapping.
75 static char *quotatypes[] = INITQFNAMES;
77 static int chkdqchg(struct inode *, ufs2_daddr_t, struct ucred *, int, int *);
78 static int chkiqchg(struct inode *, int, struct ucred *, int, int *);
79 static int dqopen(struct vnode *, struct ufsmount *, int);
80 static int dqget(struct vnode *,
81 u_long, struct ufsmount *, int, struct dquot **);
82 static int dqsync(struct vnode *, struct dquot *);
83 static int dqflush(struct vnode *);
84 static int quotaoff1(struct thread *td, struct mount *mp, int type);
85 static int quotaoff_inchange(struct thread *td, struct mount *mp, int type);
87 /* conversion functions - from_to() */
88 static void dqb32_dq(const struct dqblk32 *, struct dquot *);
89 static void dqb64_dq(const struct dqblk64 *, struct dquot *);
90 static void dq_dqb32(const struct dquot *, struct dqblk32 *);
91 static void dq_dqb64(const struct dquot *, struct dqblk64 *);
92 static void dqb32_dqb64(const struct dqblk32 *, struct dqblk64 *);
93 static void dqb64_dqb32(const struct dqblk64 *, struct dqblk32 *);
96 static void dqref(struct dquot *);
97 static void chkdquot(struct inode *);
101 * Set up the quotas for an inode.
103 * This routine completely defines the semantics of quotas.
104 * If other criterion want to be used to establish quotas, the
105 * MAXQUOTAS value in quota.h should be increased, and the
106 * additional dquots set up here.
109 getinoquota(struct inode *ip)
111 struct ufsmount *ump;
118 * Disk quotas must be turned off for system files. Currently
119 * snapshot and quota files.
121 if ((vp->v_vflag & VV_SYSTEM) != 0)
124 * XXX: Turn off quotas for files with a negative UID or GID.
125 * This prevents the creation of 100GB+ quota files.
127 if ((int)ip->i_uid < 0 || (int)ip->i_gid < 0)
129 ump = VFSTOUFS(vp->v_mount);
131 * Set up the user quota based on file uid.
132 * EINVAL means that quotas are not enabled.
135 dqget(vp, ip->i_uid, ump, USRQUOTA, &ip->i_dquot[USRQUOTA])) &&
139 * Set up the group quota based on file gid.
140 * EINVAL means that quotas are not enabled.
143 dqget(vp, ip->i_gid, ump, GRPQUOTA, &ip->i_dquot[GRPQUOTA])) &&
150 * Update disk usage, and take corrective action.
153 chkdq(struct inode *ip, ufs2_daddr_t change, struct ucred *cred, int flags)
156 ufs2_daddr_t ncurblocks;
157 struct vnode *vp = ITOV(ip);
158 int i, error, warn, do_check;
161 * Disk quotas must be turned off for system files. Currently
162 * snapshot and quota files.
164 if ((vp->v_vflag & VV_SYSTEM) != 0)
167 * XXX: Turn off quotas for files with a negative UID or GID.
168 * This prevents the creation of 100GB+ quota files.
170 if ((int)ip->i_uid < 0 || (int)ip->i_gid < 0)
173 if ((flags & CHOWN) == 0)
179 for (i = 0; i < MAXQUOTAS; i++) {
180 if ((dq = ip->i_dquot[i]) == NODQUOT)
183 DQI_WAIT(dq, PINOD+1, "chkdq1");
184 ncurblocks = dq->dq_curblocks + change;
186 dq->dq_curblocks = ncurblocks;
188 dq->dq_curblocks = 0;
189 dq->dq_flags &= ~DQ_BLKS;
190 dq->dq_flags |= DQ_MOD;
195 if ((flags & FORCE) == 0 &&
196 priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
200 for (i = 0; i < MAXQUOTAS; i++) {
201 if ((dq = ip->i_dquot[i]) == NODQUOT)
205 DQI_WAIT(dq, PINOD+1, "chkdq2");
207 error = chkdqchg(ip, change, cred, i, &warn);
210 * Roll back user quota changes when
211 * group quota failed.
219 DQI_WAIT(dq, PINOD+1, "chkdq3");
220 ncurblocks = dq->dq_curblocks - change;
222 dq->dq_curblocks = ncurblocks;
224 dq->dq_curblocks = 0;
225 dq->dq_flags &= ~DQ_BLKS;
226 dq->dq_flags |= DQ_MOD;
232 /* Reset timer when crossing soft limit */
233 if (dq->dq_curblocks + change >= dq->dq_bsoftlimit &&
234 dq->dq_curblocks < dq->dq_bsoftlimit)
235 dq->dq_btime = time_second + ip->i_ump->um_btime[i];
236 dq->dq_curblocks += change;
237 dq->dq_flags |= DQ_MOD;
240 uprintf("\n%s: warning, %s disk quota exceeded\n",
241 ITOV(ip)->v_mount->mnt_stat.f_mntonname,
248 * Check for a valid change to a users allocation.
249 * Issue an error message if appropriate.
252 chkdqchg(struct inode *ip, ufs2_daddr_t change, struct ucred *cred,
255 struct dquot *dq = ip->i_dquot[type];
256 ufs2_daddr_t ncurblocks = dq->dq_curblocks + change;
259 * If user would exceed their hard limit, disallow space allocation.
261 if (ncurblocks >= dq->dq_bhardlimit && dq->dq_bhardlimit) {
262 if ((dq->dq_flags & DQ_BLKS) == 0 &&
263 ip->i_uid == cred->cr_uid) {
264 dq->dq_flags |= DQ_BLKS;
266 uprintf("\n%s: write failed, %s disk limit reached\n",
267 ITOV(ip)->v_mount->mnt_stat.f_mntonname,
275 * If user is over their soft limit for too long, disallow space
276 * allocation. Reset time limit as they cross their soft limit.
278 if (ncurblocks >= dq->dq_bsoftlimit && dq->dq_bsoftlimit) {
279 if (dq->dq_curblocks < dq->dq_bsoftlimit) {
280 dq->dq_btime = time_second + ip->i_ump->um_btime[type];
281 if (ip->i_uid == cred->cr_uid)
285 if (time_second > dq->dq_btime) {
286 if ((dq->dq_flags & DQ_BLKS) == 0 &&
287 ip->i_uid == cred->cr_uid) {
288 dq->dq_flags |= DQ_BLKS;
290 uprintf("\n%s: write failed, %s "
291 "disk quota exceeded for too long\n",
292 ITOV(ip)->v_mount->mnt_stat.f_mntonname,
304 * Check the inode limit, applying corrective action.
307 chkiq(struct inode *ip, int change, struct ucred *cred, int flags)
310 int i, error, warn, do_check;
313 if ((flags & CHOWN) == 0)
319 for (i = 0; i < MAXQUOTAS; i++) {
320 if ((dq = ip->i_dquot[i]) == NODQUOT)
323 DQI_WAIT(dq, PINOD+1, "chkiq1");
324 if (dq->dq_curinodes >= -change)
325 dq->dq_curinodes += change;
327 dq->dq_curinodes = 0;
328 dq->dq_flags &= ~DQ_INODS;
329 dq->dq_flags |= DQ_MOD;
334 if ((flags & FORCE) == 0 &&
335 priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
339 for (i = 0; i < MAXQUOTAS; i++) {
340 if ((dq = ip->i_dquot[i]) == NODQUOT)
344 DQI_WAIT(dq, PINOD+1, "chkiq2");
346 error = chkiqchg(ip, change, cred, i, &warn);
349 * Roll back user quota changes when
350 * group quota failed.
358 DQI_WAIT(dq, PINOD+1, "chkiq3");
359 if (dq->dq_curinodes >= change)
360 dq->dq_curinodes -= change;
362 dq->dq_curinodes = 0;
363 dq->dq_flags &= ~DQ_INODS;
364 dq->dq_flags |= DQ_MOD;
370 /* Reset timer when crossing soft limit */
371 if (dq->dq_curinodes + change >= dq->dq_isoftlimit &&
372 dq->dq_curinodes < dq->dq_isoftlimit)
373 dq->dq_itime = time_second + ip->i_ump->um_itime[i];
374 dq->dq_curinodes += change;
375 dq->dq_flags |= DQ_MOD;
378 uprintf("\n%s: warning, %s inode quota exceeded\n",
379 ITOV(ip)->v_mount->mnt_stat.f_mntonname,
386 * Check for a valid change to a users allocation.
387 * Issue an error message if appropriate.
390 chkiqchg(struct inode *ip, int change, struct ucred *cred, int type, int *warn)
392 struct dquot *dq = ip->i_dquot[type];
393 ino_t ncurinodes = dq->dq_curinodes + change;
396 * If user would exceed their hard limit, disallow inode allocation.
398 if (ncurinodes >= dq->dq_ihardlimit && dq->dq_ihardlimit) {
399 if ((dq->dq_flags & DQ_INODS) == 0 &&
400 ip->i_uid == cred->cr_uid) {
401 dq->dq_flags |= DQ_INODS;
403 uprintf("\n%s: write failed, %s inode limit reached\n",
404 ITOV(ip)->v_mount->mnt_stat.f_mntonname,
412 * If user is over their soft limit for too long, disallow inode
413 * allocation. Reset time limit as they cross their soft limit.
415 if (ncurinodes >= dq->dq_isoftlimit && dq->dq_isoftlimit) {
416 if (dq->dq_curinodes < dq->dq_isoftlimit) {
417 dq->dq_itime = time_second + ip->i_ump->um_itime[type];
418 if (ip->i_uid == cred->cr_uid)
422 if (time_second > dq->dq_itime) {
423 if ((dq->dq_flags & DQ_INODS) == 0 &&
424 ip->i_uid == cred->cr_uid) {
425 dq->dq_flags |= DQ_INODS;
427 uprintf("\n%s: write failed, %s "
428 "inode quota exceeded for too long\n",
429 ITOV(ip)->v_mount->mnt_stat.f_mntonname,
442 * On filesystems with quotas enabled, it is an error for a file to change
443 * size and not to have a dquot structure associated with it.
446 chkdquot(struct inode *ip)
448 struct ufsmount *ump = ip->i_ump;
449 struct vnode *vp = ITOV(ip);
453 * Disk quotas must be turned off for system files. Currently
454 * these are snapshots and quota files.
456 if ((vp->v_vflag & VV_SYSTEM) != 0)
459 * XXX: Turn off quotas for files with a negative UID or GID.
460 * This prevents the creation of 100GB+ quota files.
462 if ((int)ip->i_uid < 0 || (int)ip->i_gid < 0)
466 for (i = 0; i < MAXQUOTAS; i++) {
467 if (ump->um_quotas[i] == NULLVP ||
468 (ump->um_qflags[i] & (QTF_OPENING|QTF_CLOSING)))
470 if (ip->i_dquot[i] == NODQUOT) {
472 vprint("chkdquot: missing dquot", ITOV(ip));
473 panic("chkdquot: missing dquot");
481 * Code to process quotactl commands.
485 * Q_QUOTAON - set up a quota file for a particular filesystem.
488 quotaon(struct thread *td, struct mount *mp, int type, void *fname)
490 struct ufsmount *ump;
491 struct vnode *vp, **vpp;
497 error = priv_check(td, PRIV_UFS_QUOTAON);
501 if (mp->mnt_flag & MNT_RDONLY)
507 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, fname, td);
508 flags = FREAD | FWRITE;
511 error = vn_open(&nd, &flags, 0, NULL);
516 NDFREE(&nd, NDF_ONLY_PNBUF);
518 error = vfs_busy(mp, MBF_NOWAIT);
521 if (vp->v_type != VREG) {
528 (void) vn_close(vp, FREAD|FWRITE, td->td_ucred, td);
533 if ((ump->um_qflags[type] & (QTF_OPENING|QTF_CLOSING)) != 0) {
536 (void) vn_close(vp, FREAD|FWRITE, td->td_ucred, td);
540 ump->um_qflags[type] |= QTF_OPENING|QTF_CLOSING;
542 if ((error = dqopen(vp, ump, type)) != 0) {
545 ump->um_qflags[type] &= ~(QTF_OPENING|QTF_CLOSING);
547 (void) vn_close(vp, FREAD|FWRITE, td->td_ucred, td);
553 mp->mnt_flag |= MNT_QUOTA;
556 vpp = &ump->um_quotas[type];
558 quotaoff1(td, mp, type);
561 * When the directory vnode containing the quota file is
562 * inactivated, due to the shared lookup of the quota file
563 * vput()ing the dvp, the qsyncvp() call for the containing
564 * directory would try to acquire the quota lock exclusive.
565 * At the same time, lookup already locked the quota vnode
566 * shared. Mark the quota vnode lock as allowing recursion
567 * and automatically converting shared locks to exclusive.
569 * Also mark quota vnode as system.
571 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
572 vp->v_vflag |= VV_SYSTEM;
578 * Save the credential of the process that turned on quotas.
579 * Set up the time limits for this quota.
581 ump->um_cred[type] = crhold(td->td_ucred);
582 ump->um_btime[type] = MAX_DQ_TIME;
583 ump->um_itime[type] = MAX_IQ_TIME;
584 if (dqget(NULLVP, 0, ump, type, &dq) == 0) {
585 if (dq->dq_btime > 0)
586 ump->um_btime[type] = dq->dq_btime;
587 if (dq->dq_itime > 0)
588 ump->um_itime[type] = dq->dq_itime;
592 * Allow the getdq from getinoquota below to read the quota
596 ump->um_qflags[type] &= ~QTF_CLOSING;
599 * Search vnodes associated with this mount point,
600 * adding references to quota file being opened.
601 * NB: only need to add dquot's for inodes being modified.
604 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) {
605 if (vget(vp, LK_EXCLUSIVE | LK_INTERLOCK, td)) {
606 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp);
609 if (vp->v_type == VNON || vp->v_writecount == 0) {
614 error = getinoquota(VTOI(vp));
618 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp);
624 quotaoff_inchange(td, mp, type);
626 ump->um_qflags[type] &= ~QTF_OPENING;
627 KASSERT((ump->um_qflags[type] & QTF_CLOSING) == 0,
628 ("quotaon: leaking flags"));
636 * Main code to turn off disk quotas for a filesystem. Does not change
640 quotaoff1(struct thread *td, struct mount *mp, int type)
643 struct vnode *qvp, *mvp;
644 struct ufsmount *ump;
653 KASSERT((ump->um_qflags[type] & QTF_CLOSING) != 0,
654 ("quotaoff1: flags are invalid"));
655 if ((qvp = ump->um_quotas[type]) == NULLVP) {
659 cr = ump->um_cred[type];
663 * Search vnodes associated with this mount point,
664 * deleting any references to quota file being closed.
667 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) {
668 if (vp->v_type == VNON) {
672 if (vget(vp, LK_EXCLUSIVE | LK_INTERLOCK, td)) {
673 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp);
677 dq = ip->i_dquot[type];
678 ip->i_dquot[type] = NODQUOT;
684 error = dqflush(qvp);
689 * Clear um_quotas before closing the quota vnode to prevent
690 * access to the closed vnode from dqget/dqsync
693 ump->um_quotas[type] = NULLVP;
694 ump->um_cred[type] = NOCRED;
697 vn_lock(qvp, LK_EXCLUSIVE | LK_RETRY);
698 qvp->v_vflag &= ~VV_SYSTEM;
700 error = vn_close(qvp, FREAD|FWRITE, td->td_ucred, td);
707 * Turns off quotas, assumes that ump->um_qflags are already checked
708 * and QTF_CLOSING is set to indicate operation in progress. Fixes
709 * ump->um_qflags and mp->mnt_flag after.
712 quotaoff_inchange(struct thread *td, struct mount *mp, int type)
714 struct ufsmount *ump;
718 error = quotaoff1(td, mp, type);
722 ump->um_qflags[type] &= ~QTF_CLOSING;
723 for (i = 0; i < MAXQUOTAS; i++)
724 if (ump->um_quotas[i] != NULLVP)
726 if (i == MAXQUOTAS) {
728 mp->mnt_flag &= ~MNT_QUOTA;
736 * Q_QUOTAOFF - turn off disk quotas for a filesystem.
739 quotaoff(struct thread *td, struct mount *mp, int type)
741 struct ufsmount *ump;
744 error = priv_check(td, PRIV_UFS_QUOTAOFF);
750 if ((ump->um_qflags[type] & (QTF_OPENING|QTF_CLOSING)) != 0) {
754 ump->um_qflags[type] |= QTF_CLOSING;
757 return (quotaoff_inchange(td, mp, type));
761 * Q_GETQUOTA - return current values in a dqblk structure.
764 _getquota(struct thread *td, struct mount *mp, u_long id, int type,
772 if ((td->td_ucred->cr_uid != id) && !unprivileged_get_quota) {
773 error = priv_check(td, PRIV_VFS_GETQUOTA);
780 if (!groupmember(id, td->td_ucred) &&
781 !unprivileged_get_quota) {
782 error = priv_check(td, PRIV_VFS_GETQUOTA);
793 error = dqget(NULLVP, id, VFSTOUFS(mp), type, &dq);
802 * Q_SETQUOTA - assign an entire dqblk structure.
805 _setquota(struct thread *td, struct mount *mp, u_long id, int type,
810 struct ufsmount *ump;
811 struct dqblk64 newlim;
814 error = priv_check(td, PRIV_VFS_SETQUOTA);
823 error = dqget(NULLVP, id, ump, type, &ndq);
828 DQI_WAIT(dq, PINOD+1, "setqta");
830 * Copy all but the current values.
831 * Reset time limit if previously had no soft limit or were
832 * under it, but now have a soft limit and are over it.
834 newlim.dqb_curblocks = dq->dq_curblocks;
835 newlim.dqb_curinodes = dq->dq_curinodes;
836 if (dq->dq_id != 0) {
837 newlim.dqb_btime = dq->dq_btime;
838 newlim.dqb_itime = dq->dq_itime;
840 if (newlim.dqb_bsoftlimit &&
841 dq->dq_curblocks >= newlim.dqb_bsoftlimit &&
842 (dq->dq_bsoftlimit == 0 || dq->dq_curblocks < dq->dq_bsoftlimit))
843 newlim.dqb_btime = time_second + ump->um_btime[type];
844 if (newlim.dqb_isoftlimit &&
845 dq->dq_curinodes >= newlim.dqb_isoftlimit &&
846 (dq->dq_isoftlimit == 0 || dq->dq_curinodes < dq->dq_isoftlimit))
847 newlim.dqb_itime = time_second + ump->um_itime[type];
849 if (dq->dq_curblocks < dq->dq_bsoftlimit)
850 dq->dq_flags &= ~DQ_BLKS;
851 if (dq->dq_curinodes < dq->dq_isoftlimit)
852 dq->dq_flags &= ~DQ_INODS;
853 if (dq->dq_isoftlimit == 0 && dq->dq_bsoftlimit == 0 &&
854 dq->dq_ihardlimit == 0 && dq->dq_bhardlimit == 0)
855 dq->dq_flags |= DQ_FAKE;
857 dq->dq_flags &= ~DQ_FAKE;
858 dq->dq_flags |= DQ_MOD;
865 * Q_SETUSE - set current inode and block usage.
868 _setuse(struct thread *td, struct mount *mp, u_long id, int type,
872 struct ufsmount *ump;
874 struct dqblk64 usage;
877 error = priv_check(td, PRIV_UFS_SETUSE);
886 error = dqget(NULLVP, id, ump, type, &ndq);
891 DQI_WAIT(dq, PINOD+1, "setuse");
893 * Reset time limit if have a soft limit and were
894 * previously under it, but are now over it.
896 if (dq->dq_bsoftlimit && dq->dq_curblocks < dq->dq_bsoftlimit &&
897 usage.dqb_curblocks >= dq->dq_bsoftlimit)
898 dq->dq_btime = time_second + ump->um_btime[type];
899 if (dq->dq_isoftlimit && dq->dq_curinodes < dq->dq_isoftlimit &&
900 usage.dqb_curinodes >= dq->dq_isoftlimit)
901 dq->dq_itime = time_second + ump->um_itime[type];
902 dq->dq_curblocks = usage.dqb_curblocks;
903 dq->dq_curinodes = usage.dqb_curinodes;
904 if (dq->dq_curblocks < dq->dq_bsoftlimit)
905 dq->dq_flags &= ~DQ_BLKS;
906 if (dq->dq_curinodes < dq->dq_isoftlimit)
907 dq->dq_flags &= ~DQ_INODS;
908 dq->dq_flags |= DQ_MOD;
915 getquota32(struct thread *td, struct mount *mp, u_long id, int type, void *addr)
917 struct dqblk32 dqb32;
918 struct dqblk64 dqb64;
921 error = _getquota(td, mp, id, type, &dqb64);
924 dqb64_dqb32(&dqb64, &dqb32);
925 error = copyout(&dqb32, addr, sizeof(dqb32));
930 setquota32(struct thread *td, struct mount *mp, u_long id, int type, void *addr)
932 struct dqblk32 dqb32;
933 struct dqblk64 dqb64;
936 error = copyin(addr, &dqb32, sizeof(dqb32));
939 dqb32_dqb64(&dqb32, &dqb64);
940 error = _setquota(td, mp, id, type, &dqb64);
945 setuse32(struct thread *td, struct mount *mp, u_long id, int type, void *addr)
947 struct dqblk32 dqb32;
948 struct dqblk64 dqb64;
951 error = copyin(addr, &dqb32, sizeof(dqb32));
954 dqb32_dqb64(&dqb32, &dqb64);
955 error = _setuse(td, mp, id, type, &dqb64);
960 getquota(struct thread *td, struct mount *mp, u_long id, int type, void *addr)
962 struct dqblk64 dqb64;
965 error = _getquota(td, mp, id, type, &dqb64);
968 error = copyout(&dqb64, addr, sizeof(dqb64));
973 setquota(struct thread *td, struct mount *mp, u_long id, int type, void *addr)
975 struct dqblk64 dqb64;
978 error = copyin(addr, &dqb64, sizeof(dqb64));
981 error = _setquota(td, mp, id, type, &dqb64);
986 setuse(struct thread *td, struct mount *mp, u_long id, int type, void *addr)
988 struct dqblk64 dqb64;
991 error = copyin(addr, &dqb64, sizeof(dqb64));
994 error = _setuse(td, mp, id, type, &dqb64);
999 * Q_GETQUOTASIZE - get bit-size of quota file fields
1002 getquotasize(struct thread *td, struct mount *mp, u_long id, int type,
1005 struct ufsmount *ump = VFSTOUFS(mp);
1009 if (ump->um_quotas[type] == NULLVP ||
1010 (ump->um_qflags[type] & QTF_CLOSING)) {
1014 if ((ump->um_qflags[type] & QTF_64BIT) != 0)
1019 return (copyout(&bitsize, sizep, sizeof(int)));
1023 * Q_SYNC - sync quota files to disk.
1026 qsync(struct mount *mp)
1028 struct ufsmount *ump = VFSTOUFS(mp);
1029 struct thread *td = curthread; /* XXX */
1030 struct vnode *vp, *mvp;
1035 * Check if the mount point has any quotas.
1036 * If not, simply return.
1039 for (i = 0; i < MAXQUOTAS; i++)
1040 if (ump->um_quotas[i] != NULLVP)
1046 * Search vnodes associated with this mount point,
1047 * synchronizing any modified dquot structures.
1050 MNT_VNODE_FOREACH_ACTIVE(vp, mp, mvp) {
1051 if (vp->v_type == VNON) {
1055 error = vget(vp, LK_EXCLUSIVE | LK_INTERLOCK, td);
1057 if (error == ENOENT) {
1058 MNT_VNODE_FOREACH_ACTIVE_ABORT(mp, mvp);
1063 for (i = 0; i < MAXQUOTAS; i++) {
1064 dq = VTOI(vp)->i_dquot[i];
1074 * Sync quota file for given vnode to disk.
1077 qsyncvp(struct vnode *vp)
1079 struct ufsmount *ump = VFSTOUFS(vp->v_mount);
1084 * Check if the mount point has any quotas.
1085 * If not, simply return.
1088 for (i = 0; i < MAXQUOTAS; i++)
1089 if (ump->um_quotas[i] != NULLVP)
1095 * Search quotas associated with this vnode
1096 * synchronizing any modified dquot structures.
1098 for (i = 0; i < MAXQUOTAS; i++) {
1099 dq = VTOI(vp)->i_dquot[i];
1107 * Code pertaining to management of the in-core dquot data structures.
1109 #define DQHASH(dqvp, id) \
1110 (&dqhashtbl[((((intptr_t)(dqvp)) >> 8) + id) & dqhash])
1111 static LIST_HEAD(dqhash, dquot) *dqhashtbl;
1112 static u_long dqhash;
1117 #define DQUOTINC 5 /* minimum free dquots desired */
1118 static TAILQ_HEAD(dqfreelist, dquot) dqfreelist;
1119 static long numdquot, desireddquot = DQUOTINC;
1122 * Lock to protect quota hash, dq free list and dq_cnt ref counters of
1127 #define DQH_LOCK() mtx_lock(&dqhlock)
1128 #define DQH_UNLOCK() mtx_unlock(&dqhlock)
1130 static struct dquot *dqhashfind(struct dqhash *dqh, u_long id,
1131 struct vnode *dqvp);
1134 * Initialize the quota system.
1140 mtx_init(&dqhlock, "dqhlock", NULL, MTX_DEF);
1141 dqhashtbl = hashinit(desiredvnodes, M_DQUOT, &dqhash);
1142 TAILQ_INIT(&dqfreelist);
1146 * Shut down the quota system.
1153 hashdestroy(dqhashtbl, M_DQUOT, dqhash);
1154 while ((dq = TAILQ_FIRST(&dqfreelist)) != NULL) {
1155 TAILQ_REMOVE(&dqfreelist, dq, dq_freelist);
1156 mtx_destroy(&dq->dq_lock);
1159 mtx_destroy(&dqhlock);
1162 static struct dquot *
1163 dqhashfind(struct dqhash *dqh, u_long id, struct vnode *dqvp)
1167 mtx_assert(&dqhlock, MA_OWNED);
1168 LIST_FOREACH(dq, dqh, dq_hash) {
1169 if (dq->dq_id != id ||
1170 dq->dq_ump->um_quotas[dq->dq_type] != dqvp)
1173 * Cache hit with no references. Take
1174 * the structure off the free list.
1176 if (dq->dq_cnt == 0)
1177 TAILQ_REMOVE(&dqfreelist, dq, dq_freelist);
1185 * Determine the quota file type.
1187 * A 32-bit quota file is simply an array of struct dqblk32.
1189 * A 64-bit quota file is a struct dqhdr64 followed by an array of struct
1190 * dqblk64. The header contains various magic bits which allow us to be
1191 * reasonably confident that it is indeeda 64-bit quota file and not just
1192 * a 32-bit quota file that just happens to "look right".
1196 dqopen(struct vnode *vp, struct ufsmount *ump, int type)
1203 ASSERT_VOP_LOCKED(vp, "dqopen");
1204 auio.uio_iov = &aiov;
1205 auio.uio_iovcnt = 1;
1206 aiov.iov_base = &dqh;
1207 aiov.iov_len = sizeof(dqh);
1208 auio.uio_resid = sizeof(dqh);
1209 auio.uio_offset = 0;
1210 auio.uio_segflg = UIO_SYSSPACE;
1211 auio.uio_rw = UIO_READ;
1212 auio.uio_td = (struct thread *)0;
1213 error = VOP_READ(vp, &auio, 0, ump->um_cred[type]);
1217 if (auio.uio_resid > 0) {
1218 /* assume 32 bits */
1223 if (strcmp(dqh.dqh_magic, Q_DQHDR64_MAGIC) == 0 &&
1224 be32toh(dqh.dqh_version) == Q_DQHDR64_VERSION &&
1225 be32toh(dqh.dqh_hdrlen) == (uint32_t)sizeof(struct dqhdr64) &&
1226 be32toh(dqh.dqh_reclen) == (uint32_t)sizeof(struct dqblk64)) {
1227 /* XXX: what if the magic matches, but the sizes are wrong? */
1228 ump->um_qflags[type] |= QTF_64BIT;
1230 ump->um_qflags[type] &= ~QTF_64BIT;
1238 * Obtain a dquot structure for the specified identifier and quota file
1239 * reading the information from the file if necessary.
1242 dqget(struct vnode *vp, u_long id, struct ufsmount *ump, int type,
1245 uint8_t buf[sizeof(struct dqblk64)];
1246 off_t base, recsize;
1247 struct dquot *dq, *dq1;
1252 int dqvplocked, error;
1254 #ifdef DEBUG_VFS_LOCKS
1256 ASSERT_VOP_ELOCKED(vp, "dqget");
1259 if (vp != NULLVP && *dqp != NODQUOT) {
1263 /* XXX: Disallow negative id values to prevent the
1264 * creation of 100GB+ quota data files.
1270 dqvp = ump->um_quotas[type];
1271 if (dqvp == NULLVP || (ump->um_qflags[type] & QTF_CLOSING)) {
1282 * Check the cache first.
1284 dqh = DQHASH(dqvp, id);
1286 dq = dqhashfind(dqh, id, dqvp);
1289 hfound: DQI_LOCK(dq);
1290 DQI_WAIT(dq, PINOD+1, "dqget");
1292 if (dq->dq_ump == NULL) {
1306 * Quota vnode lock is before DQ_LOCK. Acquire dqvp lock there
1307 * since new dq will appear on the hash chain DQ_LOCKed.
1311 vn_lock(dqvp, LK_SHARED | LK_RETRY);
1315 * Recheck the cache after sleep for quota vnode lock.
1317 dq = dqhashfind(dqh, id, dqvp);
1325 * Not in cache, allocate a new one or take it from the
1328 if (TAILQ_FIRST(&dqfreelist) == NODQUOT &&
1329 numdquot < MAXQUOTAS * desiredvnodes)
1330 desireddquot += DQUOTINC;
1331 if (numdquot < desireddquot) {
1334 dq1 = malloc(sizeof *dq1, M_DQUOT, M_WAITOK | M_ZERO);
1335 mtx_init(&dq1->dq_lock, "dqlock", NULL, MTX_DEF);
1338 * Recheck the cache after sleep for memory.
1340 dq = dqhashfind(dqh, id, dqvp);
1344 mtx_destroy(&dq1->dq_lock);
1350 if ((dq = TAILQ_FIRST(&dqfreelist)) == NULL) {
1360 if (dq->dq_cnt || (dq->dq_flags & DQ_MOD))
1361 panic("dqget: free dquot isn't %p", dq);
1362 TAILQ_REMOVE(&dqfreelist, dq, dq_freelist);
1363 if (dq->dq_ump != NULL)
1364 LIST_REMOVE(dq, dq_hash);
1368 * Dq is put into hash already locked to prevent parallel
1369 * usage while it is being read from file.
1371 dq->dq_flags = DQ_LOCK;
1375 LIST_INSERT_HEAD(dqh, dq, dq_hash);
1380 * Read the requested quota record from the quota file, performing
1381 * any necessary conversions.
1383 if (ump->um_qflags[type] & QTF_64BIT) {
1384 recsize = sizeof(struct dqblk64);
1385 base = sizeof(struct dqhdr64);
1387 recsize = sizeof(struct dqblk32);
1390 auio.uio_iov = &aiov;
1391 auio.uio_iovcnt = 1;
1392 aiov.iov_base = buf;
1393 aiov.iov_len = recsize;
1394 auio.uio_resid = recsize;
1395 auio.uio_offset = base + id * recsize;
1396 auio.uio_segflg = UIO_SYSSPACE;
1397 auio.uio_rw = UIO_READ;
1398 auio.uio_td = (struct thread *)0;
1400 error = VOP_READ(dqvp, &auio, 0, ump->um_cred[type]);
1401 if (auio.uio_resid == recsize && error == 0) {
1402 bzero(&dq->dq_dqb, sizeof(dq->dq_dqb));
1404 if (ump->um_qflags[type] & QTF_64BIT)
1405 dqb64_dq((struct dqblk64 *)buf, dq);
1407 dqb32_dq((struct dqblk32 *)buf, dq);
1414 * I/O error in reading quota file, release
1415 * quota structure and reflect problem to caller.
1420 LIST_REMOVE(dq, dq_hash);
1423 if (dq->dq_flags & DQ_WANT)
1433 * Check for no limit to enforce.
1434 * Initialize time values if necessary.
1436 if (dq->dq_isoftlimit == 0 && dq->dq_bsoftlimit == 0 &&
1437 dq->dq_ihardlimit == 0 && dq->dq_bhardlimit == 0)
1438 dq->dq_flags |= DQ_FAKE;
1439 if (dq->dq_id != 0) {
1440 if (dq->dq_btime == 0) {
1441 dq->dq_btime = time_second + ump->um_btime[type];
1442 if (dq->dq_bsoftlimit &&
1443 dq->dq_curblocks >= dq->dq_bsoftlimit)
1444 dq->dq_flags |= DQ_MOD;
1446 if (dq->dq_itime == 0) {
1447 dq->dq_itime = time_second + ump->um_itime[type];
1448 if (dq->dq_isoftlimit &&
1449 dq->dq_curinodes >= dq->dq_isoftlimit)
1450 dq->dq_flags |= DQ_MOD;
1461 * Obtain a reference to a dquot.
1464 dqref(struct dquot *dq)
1472 * Release a reference to a dquot.
1475 dqrele(struct vnode *vp, struct dquot *dq)
1481 KASSERT(dq->dq_cnt > 0, ("Lost dq %p reference 1", dq));
1482 if (dq->dq_cnt > 1) {
1489 (void) dqsync(vp, dq);
1492 KASSERT(dq->dq_cnt > 0, ("Lost dq %p reference 2", dq));
1493 if (--dq->dq_cnt > 0)
1500 * The dq may become dirty after it is synced but before it is
1501 * put to the free list. Checking the DQ_MOD there without
1502 * locking dq should be safe since no other references to the
1505 if ((dq->dq_flags & DQ_MOD) != 0) {
1510 TAILQ_INSERT_TAIL(&dqfreelist, dq, dq_freelist);
1515 * Update the disk quota in the quota file.
1518 dqsync(struct vnode *vp, struct dquot *dq)
1520 uint8_t buf[sizeof(struct dqblk64)];
1521 off_t base, recsize;
1527 struct ufsmount *ump;
1529 #ifdef DEBUG_VFS_LOCKS
1531 ASSERT_VOP_ELOCKED(vp, "dqsync");
1537 panic("dqsync: dquot");
1538 if ((ump = dq->dq_ump) == NULL)
1541 if ((dqvp = ump->um_quotas[dq->dq_type]) == NULLVP)
1542 panic("dqsync: file");
1547 if ((dq->dq_flags & DQ_MOD) == 0) {
1554 (void) vn_start_secondary_write(dqvp, &mp, V_WAIT);
1556 vn_lock(dqvp, LK_EXCLUSIVE | LK_RETRY);
1559 DQI_WAIT(dq, PINOD+2, "dqsync");
1560 if ((dq->dq_flags & DQ_MOD) == 0)
1562 dq->dq_flags |= DQ_LOCK;
1566 * Write the quota record to the quota file, performing any
1567 * necessary conversions. See dqget() for additional details.
1569 if (ump->um_qflags[dq->dq_type] & QTF_64BIT) {
1570 dq_dqb64(dq, (struct dqblk64 *)buf);
1571 recsize = sizeof(struct dqblk64);
1572 base = sizeof(struct dqhdr64);
1574 dq_dqb32(dq, (struct dqblk32 *)buf);
1575 recsize = sizeof(struct dqblk32);
1579 auio.uio_iov = &aiov;
1580 auio.uio_iovcnt = 1;
1581 aiov.iov_base = buf;
1582 aiov.iov_len = recsize;
1583 auio.uio_resid = recsize;
1584 auio.uio_offset = base + dq->dq_id * recsize;
1585 auio.uio_segflg = UIO_SYSSPACE;
1586 auio.uio_rw = UIO_WRITE;
1587 auio.uio_td = (struct thread *)0;
1588 error = VOP_WRITE(dqvp, &auio, 0, dq->dq_ump->um_cred[dq->dq_type]);
1589 if (auio.uio_resid && error == 0)
1594 dq->dq_flags &= ~DQ_MOD;
1601 vn_finished_secondary_write(mp);
1606 * Flush all entries from the cache for a particular vnode.
1609 dqflush(struct vnode *vp)
1611 struct dquot *dq, *nextdq;
1616 * Move all dquot's that used to refer to this quota
1617 * file off their hash chains (they will eventually
1618 * fall off the head of the free list and be re-used).
1622 for (dqh = &dqhashtbl[dqhash]; dqh >= dqhashtbl; dqh--) {
1623 for (dq = LIST_FIRST(dqh); dq; dq = nextdq) {
1624 nextdq = LIST_NEXT(dq, dq_hash);
1625 if (dq->dq_ump->um_quotas[dq->dq_type] != vp)
1630 LIST_REMOVE(dq, dq_hash);
1640 * The following three functions are provided for the adjustment of
1641 * quotas by the soft updates code.
1645 * Acquire a reference to the quota structures associated with a vnode.
1646 * Return count of number of quota structures found.
1657 for (i = 0; i < MAXQUOTAS; i++)
1660 * Disk quotas must be turned off for system files. Currently
1661 * snapshot and quota files.
1663 if ((vp->v_vflag & VV_SYSTEM) != 0)
1666 * Iterate through and copy active quotas.
1671 for (i = 0; i < MAXQUOTAS; i++) {
1672 if ((dq = ip->i_dquot[i]) == NODQUOT)
1678 mtx_unlock(&dqhlock);
1683 * Release a set of quota structures obtained from a vnode.
1692 for (i = 0; i < MAXQUOTAS; i++) {
1693 if ((dq = qrp[i]) == NODQUOT)
1700 * Adjust the number of blocks associated with a quota.
1701 * Positive numbers when adding blocks; negative numbers when freeing blocks.
1704 quotaadj(qrp, ump, blkcount)
1706 struct ufsmount *ump;
1710 ufs2_daddr_t ncurblocks;
1715 for (i = 0; i < MAXQUOTAS; i++) {
1716 if ((dq = qrp[i]) == NODQUOT)
1719 DQI_WAIT(dq, PINOD+1, "adjqta");
1720 ncurblocks = dq->dq_curblocks + blkcount;
1721 if (ncurblocks >= 0)
1722 dq->dq_curblocks = ncurblocks;
1724 dq->dq_curblocks = 0;
1726 dq->dq_flags &= ~DQ_BLKS;
1727 else if (dq->dq_curblocks + blkcount >= dq->dq_bsoftlimit &&
1728 dq->dq_curblocks < dq->dq_bsoftlimit)
1729 dq->dq_btime = time_second + ump->um_btime[i];
1730 dq->dq_flags |= DQ_MOD;
1734 #endif /* SOFTUPDATES */
1737 * 32-bit / 64-bit conversion functions.
1739 * 32-bit quota records are stored in native byte order. Attention must
1740 * be paid to overflow issues.
1742 * 64-bit quota records are stored in network byte order.
1745 #define CLIP32(u64) (u64 > UINT32_MAX ? UINT32_MAX : (uint32_t)u64)
1748 * Convert 32-bit host-order structure to dquot.
1751 dqb32_dq(const struct dqblk32 *dqb32, struct dquot *dq)
1754 dq->dq_bhardlimit = dqb32->dqb_bhardlimit;
1755 dq->dq_bsoftlimit = dqb32->dqb_bsoftlimit;
1756 dq->dq_curblocks = dqb32->dqb_curblocks;
1757 dq->dq_ihardlimit = dqb32->dqb_ihardlimit;
1758 dq->dq_isoftlimit = dqb32->dqb_isoftlimit;
1759 dq->dq_curinodes = dqb32->dqb_curinodes;
1760 dq->dq_btime = dqb32->dqb_btime;
1761 dq->dq_itime = dqb32->dqb_itime;
1765 * Convert 64-bit network-order structure to dquot.
1768 dqb64_dq(const struct dqblk64 *dqb64, struct dquot *dq)
1771 dq->dq_bhardlimit = be64toh(dqb64->dqb_bhardlimit);
1772 dq->dq_bsoftlimit = be64toh(dqb64->dqb_bsoftlimit);
1773 dq->dq_curblocks = be64toh(dqb64->dqb_curblocks);
1774 dq->dq_ihardlimit = be64toh(dqb64->dqb_ihardlimit);
1775 dq->dq_isoftlimit = be64toh(dqb64->dqb_isoftlimit);
1776 dq->dq_curinodes = be64toh(dqb64->dqb_curinodes);
1777 dq->dq_btime = be64toh(dqb64->dqb_btime);
1778 dq->dq_itime = be64toh(dqb64->dqb_itime);
1782 * Convert dquot to 32-bit host-order structure.
1785 dq_dqb32(const struct dquot *dq, struct dqblk32 *dqb32)
1788 dqb32->dqb_bhardlimit = CLIP32(dq->dq_bhardlimit);
1789 dqb32->dqb_bsoftlimit = CLIP32(dq->dq_bsoftlimit);
1790 dqb32->dqb_curblocks = CLIP32(dq->dq_curblocks);
1791 dqb32->dqb_ihardlimit = CLIP32(dq->dq_ihardlimit);
1792 dqb32->dqb_isoftlimit = CLIP32(dq->dq_isoftlimit);
1793 dqb32->dqb_curinodes = CLIP32(dq->dq_curinodes);
1794 dqb32->dqb_btime = CLIP32(dq->dq_btime);
1795 dqb32->dqb_itime = CLIP32(dq->dq_itime);
1799 * Convert dquot to 64-bit network-order structure.
1802 dq_dqb64(const struct dquot *dq, struct dqblk64 *dqb64)
1805 dqb64->dqb_bhardlimit = htobe64(dq->dq_bhardlimit);
1806 dqb64->dqb_bsoftlimit = htobe64(dq->dq_bsoftlimit);
1807 dqb64->dqb_curblocks = htobe64(dq->dq_curblocks);
1808 dqb64->dqb_ihardlimit = htobe64(dq->dq_ihardlimit);
1809 dqb64->dqb_isoftlimit = htobe64(dq->dq_isoftlimit);
1810 dqb64->dqb_curinodes = htobe64(dq->dq_curinodes);
1811 dqb64->dqb_btime = htobe64(dq->dq_btime);
1812 dqb64->dqb_itime = htobe64(dq->dq_itime);
1816 * Convert 64-bit host-order structure to 32-bit host-order structure.
1819 dqb64_dqb32(const struct dqblk64 *dqb64, struct dqblk32 *dqb32)
1822 dqb32->dqb_bhardlimit = CLIP32(dqb64->dqb_bhardlimit);
1823 dqb32->dqb_bsoftlimit = CLIP32(dqb64->dqb_bsoftlimit);
1824 dqb32->dqb_curblocks = CLIP32(dqb64->dqb_curblocks);
1825 dqb32->dqb_ihardlimit = CLIP32(dqb64->dqb_ihardlimit);
1826 dqb32->dqb_isoftlimit = CLIP32(dqb64->dqb_isoftlimit);
1827 dqb32->dqb_curinodes = CLIP32(dqb64->dqb_curinodes);
1828 dqb32->dqb_btime = CLIP32(dqb64->dqb_btime);
1829 dqb32->dqb_itime = CLIP32(dqb64->dqb_itime);
1833 * Convert 32-bit host-order structure to 64-bit host-order structure.
1836 dqb32_dqb64(const struct dqblk32 *dqb32, struct dqblk64 *dqb64)
1839 dqb64->dqb_bhardlimit = dqb32->dqb_bhardlimit;
1840 dqb64->dqb_bsoftlimit = dqb32->dqb_bsoftlimit;
1841 dqb64->dqb_curblocks = dqb32->dqb_curblocks;
1842 dqb64->dqb_ihardlimit = dqb32->dqb_ihardlimit;
1843 dqb64->dqb_isoftlimit = dqb32->dqb_isoftlimit;
1844 dqb64->dqb_curinodes = dqb32->dqb_curinodes;
1845 dqb64->dqb_btime = dqb32->dqb_btime;
1846 dqb64->dqb_itime = dqb32->dqb_itime;