2 * Copyright (c) 1982, 1986, 1990, 1993, 1995
3 * The Regents of the University of California. All rights reserved.
5 * This code is derived from software contributed to Berkeley by
6 * Robert Elz at The University of Melbourne.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 4. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 * @(#)ufs_quota.c 8.5 (Berkeley) 5/20/95
35 #include <sys/cdefs.h>
36 __FBSDID("$FreeBSD$");
40 #include <sys/param.h>
41 #include <sys/systm.h>
42 #include <sys/endian.h>
43 #include <sys/fcntl.h>
44 #include <sys/kernel.h>
46 #include <sys/malloc.h>
47 #include <sys/mount.h>
48 #include <sys/mutex.h>
49 #include <sys/namei.h>
52 #include <sys/socket.h>
54 #include <sys/sysctl.h>
55 #include <sys/vnode.h>
57 #include <ufs/ufs/extattr.h>
58 #include <ufs/ufs/quota.h>
59 #include <ufs/ufs/inode.h>
60 #include <ufs/ufs/ufsmount.h>
61 #include <ufs/ufs/ufs_extern.h>
63 CTASSERT(sizeof(struct dqblk64) == sizeof(struct dqhdr64));
65 static int unprivileged_get_quota = 0;
66 SYSCTL_INT(_security_bsd, OID_AUTO, unprivileged_get_quota, CTLFLAG_RW,
67 &unprivileged_get_quota, 0,
68 "Unprivileged processes may retrieve quotas for other uids and gids");
70 static MALLOC_DEFINE(M_DQUOT, "ufs_quota", "UFS quota entries");
73 * Quota name to error message mapping.
75 static char *quotatypes[] = INITQFNAMES;
77 static int chkdqchg(struct inode *, ufs2_daddr_t, struct ucred *, int, int *);
78 static int chkiqchg(struct inode *, int, struct ucred *, int, int *);
79 static int dqopen(struct vnode *, struct ufsmount *, int);
80 static int dqget(struct vnode *,
81 u_long, struct ufsmount *, int, struct dquot **);
82 static int dqsync(struct vnode *, struct dquot *);
83 static int dqflush(struct vnode *);
84 static int quotaoff1(struct thread *td, struct mount *mp, int type);
85 static int quotaoff_inchange(struct thread *td, struct mount *mp, int type);
87 /* conversion functions - from_to() */
88 static void dqb32_dq(const struct dqblk32 *, struct dquot *);
89 static void dqb64_dq(const struct dqblk64 *, struct dquot *);
90 static void dq_dqb32(const struct dquot *, struct dqblk32 *);
91 static void dq_dqb64(const struct dquot *, struct dqblk64 *);
92 static void dqb32_dqb64(const struct dqblk32 *, struct dqblk64 *);
93 static void dqb64_dqb32(const struct dqblk64 *, struct dqblk32 *);
96 static void dqref(struct dquot *);
97 static void chkdquot(struct inode *);
101 * Set up the quotas for an inode.
103 * This routine completely defines the semantics of quotas.
104 * If other criterion want to be used to establish quotas, the
105 * MAXQUOTAS value in quota.h should be increased, and the
106 * additional dquots set up here.
109 getinoquota(struct inode *ip)
111 struct ufsmount *ump;
118 * Disk quotas must be turned off for system files. Currently
119 * snapshot and quota files.
121 if ((vp->v_vflag & VV_SYSTEM) != 0)
124 * XXX: Turn off quotas for files with a negative UID or GID.
125 * This prevents the creation of 100GB+ quota files.
127 if ((int)ip->i_uid < 0 || (int)ip->i_gid < 0)
129 ump = VFSTOUFS(vp->v_mount);
131 * Set up the user quota based on file uid.
132 * EINVAL means that quotas are not enabled.
135 dqget(vp, ip->i_uid, ump, USRQUOTA, &ip->i_dquot[USRQUOTA])) &&
139 * Set up the group quota based on file gid.
140 * EINVAL means that quotas are not enabled.
143 dqget(vp, ip->i_gid, ump, GRPQUOTA, &ip->i_dquot[GRPQUOTA])) &&
150 * Update disk usage, and take corrective action.
153 chkdq(struct inode *ip, ufs2_daddr_t change, struct ucred *cred, int flags)
156 ufs2_daddr_t ncurblocks;
157 struct vnode *vp = ITOV(ip);
158 int i, error, warn, do_check;
161 * Disk quotas must be turned off for system files. Currently
162 * snapshot and quota files.
164 if ((vp->v_vflag & VV_SYSTEM) != 0)
167 * XXX: Turn off quotas for files with a negative UID or GID.
168 * This prevents the creation of 100GB+ quota files.
170 if ((int)ip->i_uid < 0 || (int)ip->i_gid < 0)
173 if ((flags & CHOWN) == 0)
179 for (i = 0; i < MAXQUOTAS; i++) {
180 if ((dq = ip->i_dquot[i]) == NODQUOT)
183 DQI_WAIT(dq, PINOD+1, "chkdq1");
184 ncurblocks = dq->dq_curblocks + change;
186 dq->dq_curblocks = ncurblocks;
188 dq->dq_curblocks = 0;
189 dq->dq_flags &= ~DQ_BLKS;
190 dq->dq_flags |= DQ_MOD;
195 if ((flags & FORCE) == 0 &&
196 priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
200 for (i = 0; i < MAXQUOTAS; i++) {
201 if ((dq = ip->i_dquot[i]) == NODQUOT)
205 DQI_WAIT(dq, PINOD+1, "chkdq2");
207 error = chkdqchg(ip, change, cred, i, &warn);
210 * Roll back user quota changes when
211 * group quota failed.
219 DQI_WAIT(dq, PINOD+1, "chkdq3");
220 ncurblocks = dq->dq_curblocks - change;
222 dq->dq_curblocks = ncurblocks;
224 dq->dq_curblocks = 0;
225 dq->dq_flags &= ~DQ_BLKS;
226 dq->dq_flags |= DQ_MOD;
232 /* Reset timer when crossing soft limit */
233 if (dq->dq_curblocks + change >= dq->dq_bsoftlimit &&
234 dq->dq_curblocks < dq->dq_bsoftlimit)
235 dq->dq_btime = time_second + ip->i_ump->um_btime[i];
236 dq->dq_curblocks += change;
237 dq->dq_flags |= DQ_MOD;
240 uprintf("\n%s: warning, %s disk quota exceeded\n",
241 ITOV(ip)->v_mount->mnt_stat.f_mntonname,
248 * Check for a valid change to a users allocation.
249 * Issue an error message if appropriate.
252 chkdqchg(struct inode *ip, ufs2_daddr_t change, struct ucred *cred,
255 struct dquot *dq = ip->i_dquot[type];
256 ufs2_daddr_t ncurblocks = dq->dq_curblocks + change;
259 * If user would exceed their hard limit, disallow space allocation.
261 if (ncurblocks >= dq->dq_bhardlimit && dq->dq_bhardlimit) {
262 if ((dq->dq_flags & DQ_BLKS) == 0 &&
263 ip->i_uid == cred->cr_uid) {
264 dq->dq_flags |= DQ_BLKS;
266 uprintf("\n%s: write failed, %s disk limit reached\n",
267 ITOV(ip)->v_mount->mnt_stat.f_mntonname,
275 * If user is over their soft limit for too long, disallow space
276 * allocation. Reset time limit as they cross their soft limit.
278 if (ncurblocks >= dq->dq_bsoftlimit && dq->dq_bsoftlimit) {
279 if (dq->dq_curblocks < dq->dq_bsoftlimit) {
280 dq->dq_btime = time_second + ip->i_ump->um_btime[type];
281 if (ip->i_uid == cred->cr_uid)
285 if (time_second > dq->dq_btime) {
286 if ((dq->dq_flags & DQ_BLKS) == 0 &&
287 ip->i_uid == cred->cr_uid) {
288 dq->dq_flags |= DQ_BLKS;
290 uprintf("\n%s: write failed, %s "
291 "disk quota exceeded for too long\n",
292 ITOV(ip)->v_mount->mnt_stat.f_mntonname,
304 * Check the inode limit, applying corrective action.
307 chkiq(struct inode *ip, int change, struct ucred *cred, int flags)
310 int i, error, warn, do_check;
313 if ((flags & CHOWN) == 0)
319 for (i = 0; i < MAXQUOTAS; i++) {
320 if ((dq = ip->i_dquot[i]) == NODQUOT)
323 DQI_WAIT(dq, PINOD+1, "chkiq1");
324 if (dq->dq_curinodes >= -change)
325 dq->dq_curinodes += change;
327 dq->dq_curinodes = 0;
328 dq->dq_flags &= ~DQ_INODS;
329 dq->dq_flags |= DQ_MOD;
334 if ((flags & FORCE) == 0 &&
335 priv_check_cred(cred, PRIV_VFS_EXCEEDQUOTA, 0))
339 for (i = 0; i < MAXQUOTAS; i++) {
340 if ((dq = ip->i_dquot[i]) == NODQUOT)
344 DQI_WAIT(dq, PINOD+1, "chkiq2");
346 error = chkiqchg(ip, change, cred, i, &warn);
349 * Roll back user quota changes when
350 * group quota failed.
358 DQI_WAIT(dq, PINOD+1, "chkiq3");
359 if (dq->dq_curinodes >= change)
360 dq->dq_curinodes -= change;
362 dq->dq_curinodes = 0;
363 dq->dq_flags &= ~DQ_INODS;
364 dq->dq_flags |= DQ_MOD;
370 /* Reset timer when crossing soft limit */
371 if (dq->dq_curinodes + change >= dq->dq_isoftlimit &&
372 dq->dq_curinodes < dq->dq_isoftlimit)
373 dq->dq_itime = time_second + ip->i_ump->um_itime[i];
374 dq->dq_curinodes += change;
375 dq->dq_flags |= DQ_MOD;
378 uprintf("\n%s: warning, %s inode quota exceeded\n",
379 ITOV(ip)->v_mount->mnt_stat.f_mntonname,
386 * Check for a valid change to a users allocation.
387 * Issue an error message if appropriate.
390 chkiqchg(struct inode *ip, int change, struct ucred *cred, int type, int *warn)
392 struct dquot *dq = ip->i_dquot[type];
393 ino_t ncurinodes = dq->dq_curinodes + change;
396 * If user would exceed their hard limit, disallow inode allocation.
398 if (ncurinodes >= dq->dq_ihardlimit && dq->dq_ihardlimit) {
399 if ((dq->dq_flags & DQ_INODS) == 0 &&
400 ip->i_uid == cred->cr_uid) {
401 dq->dq_flags |= DQ_INODS;
403 uprintf("\n%s: write failed, %s inode limit reached\n",
404 ITOV(ip)->v_mount->mnt_stat.f_mntonname,
412 * If user is over their soft limit for too long, disallow inode
413 * allocation. Reset time limit as they cross their soft limit.
415 if (ncurinodes >= dq->dq_isoftlimit && dq->dq_isoftlimit) {
416 if (dq->dq_curinodes < dq->dq_isoftlimit) {
417 dq->dq_itime = time_second + ip->i_ump->um_itime[type];
418 if (ip->i_uid == cred->cr_uid)
422 if (time_second > dq->dq_itime) {
423 if ((dq->dq_flags & DQ_INODS) == 0 &&
424 ip->i_uid == cred->cr_uid) {
425 dq->dq_flags |= DQ_INODS;
427 uprintf("\n%s: write failed, %s "
428 "inode quota exceeded for too long\n",
429 ITOV(ip)->v_mount->mnt_stat.f_mntonname,
442 * On filesystems with quotas enabled, it is an error for a file to change
443 * size and not to have a dquot structure associated with it.
446 chkdquot(struct inode *ip)
448 struct ufsmount *ump = ip->i_ump;
449 struct vnode *vp = ITOV(ip);
453 * Disk quotas must be turned off for system files. Currently
454 * these are snapshots and quota files.
456 if ((vp->v_vflag & VV_SYSTEM) != 0)
459 * XXX: Turn off quotas for files with a negative UID or GID.
460 * This prevents the creation of 100GB+ quota files.
462 if ((int)ip->i_uid < 0 || (int)ip->i_gid < 0)
466 for (i = 0; i < MAXQUOTAS; i++) {
467 if (ump->um_quotas[i] == NULLVP ||
468 (ump->um_qflags[i] & (QTF_OPENING|QTF_CLOSING)))
470 if (ip->i_dquot[i] == NODQUOT) {
472 vprint("chkdquot: missing dquot", ITOV(ip));
473 panic("chkdquot: missing dquot");
481 * Code to process quotactl commands.
485 * Q_QUOTAON - set up a quota file for a particular filesystem.
488 quotaon(struct thread *td, struct mount *mp, int type, void *fname)
490 struct ufsmount *ump;
491 struct vnode *vp, **vpp;
497 error = priv_check(td, PRIV_UFS_QUOTAON);
501 if (mp->mnt_flag & MNT_RDONLY)
507 NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, fname, td);
508 flags = FREAD | FWRITE;
511 error = vn_open(&nd, &flags, 0, NULL);
516 NDFREE(&nd, NDF_ONLY_PNBUF);
518 error = vfs_busy(mp, MBF_NOWAIT);
521 if (vp->v_type != VREG) {
528 (void) vn_close(vp, FREAD|FWRITE, td->td_ucred, td);
533 if ((ump->um_qflags[type] & (QTF_OPENING|QTF_CLOSING)) != 0) {
536 (void) vn_close(vp, FREAD|FWRITE, td->td_ucred, td);
540 ump->um_qflags[type] |= QTF_OPENING|QTF_CLOSING;
542 if ((error = dqopen(vp, ump, type)) != 0) {
545 ump->um_qflags[type] &= ~(QTF_OPENING|QTF_CLOSING);
547 (void) vn_close(vp, FREAD|FWRITE, td->td_ucred, td);
553 mp->mnt_flag |= MNT_QUOTA;
556 vpp = &ump->um_quotas[type];
558 quotaoff1(td, mp, type);
561 * When the directory vnode containing the quota file is
562 * inactivated, due to the shared lookup of the quota file
563 * vput()ing the dvp, the qsyncvp() call for the containing
564 * directory would try to acquire the quota lock exclusive.
565 * At the same time, lookup already locked the quota vnode
566 * shared. Mark the quota vnode lock as allowing recursion
567 * and automatically converting shared locks to exclusive.
569 * Also mark quota vnode as system.
571 vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
572 vp->v_vflag |= VV_SYSTEM;
578 * Save the credential of the process that turned on quotas.
579 * Set up the time limits for this quota.
581 ump->um_cred[type] = crhold(td->td_ucred);
582 ump->um_btime[type] = MAX_DQ_TIME;
583 ump->um_itime[type] = MAX_IQ_TIME;
584 if (dqget(NULLVP, 0, ump, type, &dq) == 0) {
585 if (dq->dq_btime > 0)
586 ump->um_btime[type] = dq->dq_btime;
587 if (dq->dq_itime > 0)
588 ump->um_itime[type] = dq->dq_itime;
592 * Allow the getdq from getinoquota below to read the quota
596 ump->um_qflags[type] &= ~QTF_CLOSING;
599 * Search vnodes associated with this mount point,
600 * adding references to quota file being opened.
601 * NB: only need to add dquot's for inodes being modified.
604 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) {
605 if (vget(vp, LK_EXCLUSIVE | LK_INTERLOCK, td)) {
606 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp);
609 if (vp->v_type == VNON || vp->v_writecount == 0) {
614 error = getinoquota(VTOI(vp));
618 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp);
624 quotaoff_inchange(td, mp, type);
626 ump->um_qflags[type] &= ~QTF_OPENING;
627 KASSERT((ump->um_qflags[type] & QTF_CLOSING) == 0,
628 ("quotaon: leaking flags"));
636 * Main code to turn off disk quotas for a filesystem. Does not change
640 quotaoff1(struct thread *td, struct mount *mp, int type)
643 struct vnode *qvp, *mvp;
644 struct ufsmount *ump;
653 KASSERT((ump->um_qflags[type] & QTF_CLOSING) != 0,
654 ("quotaoff1: flags are invalid"));
655 if ((qvp = ump->um_quotas[type]) == NULLVP) {
659 cr = ump->um_cred[type];
663 * Search vnodes associated with this mount point,
664 * deleting any references to quota file being closed.
667 MNT_VNODE_FOREACH_ALL(vp, mp, mvp) {
668 if (vp->v_type == VNON) {
672 if (vget(vp, LK_EXCLUSIVE | LK_INTERLOCK, td)) {
673 MNT_VNODE_FOREACH_ALL_ABORT(mp, mvp);
677 dq = ip->i_dquot[type];
678 ip->i_dquot[type] = NODQUOT;
684 error = dqflush(qvp);
689 * Clear um_quotas before closing the quota vnode to prevent
690 * access to the closed vnode from dqget/dqsync
693 ump->um_quotas[type] = NULLVP;
694 ump->um_cred[type] = NOCRED;
697 vn_lock(qvp, LK_EXCLUSIVE | LK_RETRY);
698 qvp->v_vflag &= ~VV_SYSTEM;
700 error = vn_close(qvp, FREAD|FWRITE, td->td_ucred, td);
707 * Turns off quotas, assumes that ump->um_qflags are already checked
708 * and QTF_CLOSING is set to indicate operation in progress. Fixes
709 * ump->um_qflags and mp->mnt_flag after.
712 quotaoff_inchange(struct thread *td, struct mount *mp, int type)
714 struct ufsmount *ump;
718 error = quotaoff1(td, mp, type);
722 ump->um_qflags[type] &= ~QTF_CLOSING;
723 for (i = 0; i < MAXQUOTAS; i++)
724 if (ump->um_quotas[i] != NULLVP)
726 if (i == MAXQUOTAS) {
728 mp->mnt_flag &= ~MNT_QUOTA;
736 * Q_QUOTAOFF - turn off disk quotas for a filesystem.
739 quotaoff(struct thread *td, struct mount *mp, int type)
741 struct ufsmount *ump;
744 error = priv_check(td, PRIV_UFS_QUOTAOFF);
750 if ((ump->um_qflags[type] & (QTF_OPENING|QTF_CLOSING)) != 0) {
754 ump->um_qflags[type] |= QTF_CLOSING;
757 return (quotaoff_inchange(td, mp, type));
761 * Q_GETQUOTA - return current values in a dqblk structure.
764 _getquota(struct thread *td, struct mount *mp, u_long id, int type,
772 if ((td->td_ucred->cr_uid != id) && !unprivileged_get_quota) {
773 error = priv_check(td, PRIV_VFS_GETQUOTA);
780 if (!groupmember(id, td->td_ucred) &&
781 !unprivileged_get_quota) {
782 error = priv_check(td, PRIV_VFS_GETQUOTA);
793 error = dqget(NULLVP, id, VFSTOUFS(mp), type, &dq);
802 * Q_SETQUOTA - assign an entire dqblk structure.
805 _setquota(struct thread *td, struct mount *mp, u_long id, int type,
810 struct ufsmount *ump;
811 struct dqblk64 newlim;
814 error = priv_check(td, PRIV_VFS_SETQUOTA);
823 error = dqget(NULLVP, id, ump, type, &ndq);
828 DQI_WAIT(dq, PINOD+1, "setqta");
830 * Copy all but the current values.
831 * Reset time limit if previously had no soft limit or were
832 * under it, but now have a soft limit and are over it.
834 newlim.dqb_curblocks = dq->dq_curblocks;
835 newlim.dqb_curinodes = dq->dq_curinodes;
836 if (dq->dq_id != 0) {
837 newlim.dqb_btime = dq->dq_btime;
838 newlim.dqb_itime = dq->dq_itime;
840 if (newlim.dqb_bsoftlimit &&
841 dq->dq_curblocks >= newlim.dqb_bsoftlimit &&
842 (dq->dq_bsoftlimit == 0 || dq->dq_curblocks < dq->dq_bsoftlimit))
843 newlim.dqb_btime = time_second + ump->um_btime[type];
844 if (newlim.dqb_isoftlimit &&
845 dq->dq_curinodes >= newlim.dqb_isoftlimit &&
846 (dq->dq_isoftlimit == 0 || dq->dq_curinodes < dq->dq_isoftlimit))
847 newlim.dqb_itime = time_second + ump->um_itime[type];
849 if (dq->dq_curblocks < dq->dq_bsoftlimit)
850 dq->dq_flags &= ~DQ_BLKS;
851 if (dq->dq_curinodes < dq->dq_isoftlimit)
852 dq->dq_flags &= ~DQ_INODS;
853 if (dq->dq_isoftlimit == 0 && dq->dq_bsoftlimit == 0 &&
854 dq->dq_ihardlimit == 0 && dq->dq_bhardlimit == 0)
855 dq->dq_flags |= DQ_FAKE;
857 dq->dq_flags &= ~DQ_FAKE;
858 dq->dq_flags |= DQ_MOD;
865 * Q_SETUSE - set current inode and block usage.
868 _setuse(struct thread *td, struct mount *mp, u_long id, int type,
872 struct ufsmount *ump;
874 struct dqblk64 usage;
877 error = priv_check(td, PRIV_UFS_SETUSE);
886 error = dqget(NULLVP, id, ump, type, &ndq);
891 DQI_WAIT(dq, PINOD+1, "setuse");
893 * Reset time limit if have a soft limit and were
894 * previously under it, but are now over it.
896 if (dq->dq_bsoftlimit && dq->dq_curblocks < dq->dq_bsoftlimit &&
897 usage.dqb_curblocks >= dq->dq_bsoftlimit)
898 dq->dq_btime = time_second + ump->um_btime[type];
899 if (dq->dq_isoftlimit && dq->dq_curinodes < dq->dq_isoftlimit &&
900 usage.dqb_curinodes >= dq->dq_isoftlimit)
901 dq->dq_itime = time_second + ump->um_itime[type];
902 dq->dq_curblocks = usage.dqb_curblocks;
903 dq->dq_curinodes = usage.dqb_curinodes;
904 if (dq->dq_curblocks < dq->dq_bsoftlimit)
905 dq->dq_flags &= ~DQ_BLKS;
906 if (dq->dq_curinodes < dq->dq_isoftlimit)
907 dq->dq_flags &= ~DQ_INODS;
908 dq->dq_flags |= DQ_MOD;
915 getquota32(struct thread *td, struct mount *mp, u_long id, int type, void *addr)
917 struct dqblk32 dqb32;
918 struct dqblk64 dqb64;
921 error = _getquota(td, mp, id, type, &dqb64);
924 dqb64_dqb32(&dqb64, &dqb32);
925 error = copyout(&dqb32, addr, sizeof(dqb32));
930 setquota32(struct thread *td, struct mount *mp, u_long id, int type, void *addr)
932 struct dqblk32 dqb32;
933 struct dqblk64 dqb64;
936 error = copyin(addr, &dqb32, sizeof(dqb32));
939 dqb32_dqb64(&dqb32, &dqb64);
940 error = _setquota(td, mp, id, type, &dqb64);
945 setuse32(struct thread *td, struct mount *mp, u_long id, int type, void *addr)
947 struct dqblk32 dqb32;
948 struct dqblk64 dqb64;
951 error = copyin(addr, &dqb32, sizeof(dqb32));
954 dqb32_dqb64(&dqb32, &dqb64);
955 error = _setuse(td, mp, id, type, &dqb64);
960 getquota(struct thread *td, struct mount *mp, u_long id, int type, void *addr)
962 struct dqblk64 dqb64;
965 error = _getquota(td, mp, id, type, &dqb64);
968 error = copyout(&dqb64, addr, sizeof(dqb64));
973 setquota(struct thread *td, struct mount *mp, u_long id, int type, void *addr)
975 struct dqblk64 dqb64;
978 error = copyin(addr, &dqb64, sizeof(dqb64));
981 error = _setquota(td, mp, id, type, &dqb64);
986 setuse(struct thread *td, struct mount *mp, u_long id, int type, void *addr)
988 struct dqblk64 dqb64;
991 error = copyin(addr, &dqb64, sizeof(dqb64));
994 error = _setuse(td, mp, id, type, &dqb64);
999 * Q_GETQUOTASIZE - get bit-size of quota file fields
1002 getquotasize(struct thread *td, struct mount *mp, u_long id, int type,
1005 struct ufsmount *ump = VFSTOUFS(mp);
1009 if (ump->um_quotas[type] == NULLVP ||
1010 (ump->um_qflags[type] & QTF_CLOSING)) {
1014 if ((ump->um_qflags[type] & QTF_64BIT) != 0)
1019 return (copyout(&bitsize, sizep, sizeof(int)));
1023 * Q_SYNC - sync quota files to disk.
1026 qsync(struct mount *mp)
1028 struct ufsmount *ump = VFSTOUFS(mp);
1029 struct thread *td = curthread; /* XXX */
1030 struct vnode *vp, *mvp;
1035 * Check if the mount point has any quotas.
1036 * If not, simply return.
1038 for (i = 0; i < MAXQUOTAS; i++)
1039 if (ump->um_quotas[i] != NULLVP)
1044 * Search vnodes associated with this mount point,
1045 * synchronizing any modified dquot structures.
1048 MNT_VNODE_FOREACH_ACTIVE(vp, mp, mvp) {
1049 if (vp->v_type == VNON) {
1053 error = vget(vp, LK_EXCLUSIVE | LK_INTERLOCK, td);
1055 if (error == ENOENT) {
1056 MNT_VNODE_FOREACH_ACTIVE_ABORT(mp, mvp);
1061 for (i = 0; i < MAXQUOTAS; i++) {
1062 dq = VTOI(vp)->i_dquot[i];
1072 * Sync quota file for given vnode to disk.
1075 qsyncvp(struct vnode *vp)
1077 struct ufsmount *ump = VFSTOUFS(vp->v_mount);
1082 * Check if the mount point has any quotas.
1083 * If not, simply return.
1085 for (i = 0; i < MAXQUOTAS; i++)
1086 if (ump->um_quotas[i] != NULLVP)
1091 * Search quotas associated with this vnode
1092 * synchronizing any modified dquot structures.
1094 for (i = 0; i < MAXQUOTAS; i++) {
1095 dq = VTOI(vp)->i_dquot[i];
1103 * Code pertaining to management of the in-core dquot data structures.
1105 #define DQHASH(dqvp, id) \
1106 (&dqhashtbl[((((intptr_t)(dqvp)) >> 8) + id) & dqhash])
1107 static LIST_HEAD(dqhash, dquot) *dqhashtbl;
1108 static u_long dqhash;
1113 #define DQUOTINC 5 /* minimum free dquots desired */
1114 static TAILQ_HEAD(dqfreelist, dquot) dqfreelist;
1115 static long numdquot, desireddquot = DQUOTINC;
1118 * Lock to protect quota hash, dq free list and dq_cnt ref counters of
1123 #define DQH_LOCK() mtx_lock(&dqhlock)
1124 #define DQH_UNLOCK() mtx_unlock(&dqhlock)
1126 static struct dquot *dqhashfind(struct dqhash *dqh, u_long id,
1127 struct vnode *dqvp);
1130 * Initialize the quota system.
1136 mtx_init(&dqhlock, "dqhlock", NULL, MTX_DEF);
1137 dqhashtbl = hashinit(desiredvnodes, M_DQUOT, &dqhash);
1138 TAILQ_INIT(&dqfreelist);
1142 * Shut down the quota system.
1149 hashdestroy(dqhashtbl, M_DQUOT, dqhash);
1150 while ((dq = TAILQ_FIRST(&dqfreelist)) != NULL) {
1151 TAILQ_REMOVE(&dqfreelist, dq, dq_freelist);
1152 mtx_destroy(&dq->dq_lock);
1155 mtx_destroy(&dqhlock);
1158 static struct dquot *
1159 dqhashfind(struct dqhash *dqh, u_long id, struct vnode *dqvp)
1163 mtx_assert(&dqhlock, MA_OWNED);
1164 LIST_FOREACH(dq, dqh, dq_hash) {
1165 if (dq->dq_id != id ||
1166 dq->dq_ump->um_quotas[dq->dq_type] != dqvp)
1169 * Cache hit with no references. Take
1170 * the structure off the free list.
1172 if (dq->dq_cnt == 0)
1173 TAILQ_REMOVE(&dqfreelist, dq, dq_freelist);
1181 * Determine the quota file type.
1183 * A 32-bit quota file is simply an array of struct dqblk32.
1185 * A 64-bit quota file is a struct dqhdr64 followed by an array of struct
1186 * dqblk64. The header contains various magic bits which allow us to be
1187 * reasonably confident that it is indeeda 64-bit quota file and not just
1188 * a 32-bit quota file that just happens to "look right".
1192 dqopen(struct vnode *vp, struct ufsmount *ump, int type)
1199 ASSERT_VOP_LOCKED(vp, "dqopen");
1200 auio.uio_iov = &aiov;
1201 auio.uio_iovcnt = 1;
1202 aiov.iov_base = &dqh;
1203 aiov.iov_len = sizeof(dqh);
1204 auio.uio_resid = sizeof(dqh);
1205 auio.uio_offset = 0;
1206 auio.uio_segflg = UIO_SYSSPACE;
1207 auio.uio_rw = UIO_READ;
1208 auio.uio_td = (struct thread *)0;
1209 error = VOP_READ(vp, &auio, 0, ump->um_cred[type]);
1213 if (auio.uio_resid > 0) {
1214 /* assume 32 bits */
1219 if (strcmp(dqh.dqh_magic, Q_DQHDR64_MAGIC) == 0 &&
1220 be32toh(dqh.dqh_version) == Q_DQHDR64_VERSION &&
1221 be32toh(dqh.dqh_hdrlen) == (uint32_t)sizeof(struct dqhdr64) &&
1222 be32toh(dqh.dqh_reclen) == (uint32_t)sizeof(struct dqblk64)) {
1223 /* XXX: what if the magic matches, but the sizes are wrong? */
1224 ump->um_qflags[type] |= QTF_64BIT;
1226 ump->um_qflags[type] &= ~QTF_64BIT;
1234 * Obtain a dquot structure for the specified identifier and quota file
1235 * reading the information from the file if necessary.
1238 dqget(struct vnode *vp, u_long id, struct ufsmount *ump, int type,
1241 uint8_t buf[sizeof(struct dqblk64)];
1242 off_t base, recsize;
1243 struct dquot *dq, *dq1;
1248 int dqvplocked, error;
1250 #ifdef DEBUG_VFS_LOCKS
1252 ASSERT_VOP_ELOCKED(vp, "dqget");
1255 if (vp != NULLVP && *dqp != NODQUOT) {
1259 /* XXX: Disallow negative id values to prevent the
1260 * creation of 100GB+ quota data files.
1266 dqvp = ump->um_quotas[type];
1267 if (dqvp == NULLVP || (ump->um_qflags[type] & QTF_CLOSING)) {
1278 * Check the cache first.
1280 dqh = DQHASH(dqvp, id);
1282 dq = dqhashfind(dqh, id, dqvp);
1285 hfound: DQI_LOCK(dq);
1286 DQI_WAIT(dq, PINOD+1, "dqget");
1288 if (dq->dq_ump == NULL) {
1302 * Quota vnode lock is before DQ_LOCK. Acquire dqvp lock there
1303 * since new dq will appear on the hash chain DQ_LOCKed.
1307 vn_lock(dqvp, LK_SHARED | LK_RETRY);
1311 * Recheck the cache after sleep for quota vnode lock.
1313 dq = dqhashfind(dqh, id, dqvp);
1321 * Not in cache, allocate a new one or take it from the
1324 if (TAILQ_FIRST(&dqfreelist) == NODQUOT &&
1325 numdquot < MAXQUOTAS * desiredvnodes)
1326 desireddquot += DQUOTINC;
1327 if (numdquot < desireddquot) {
1330 dq1 = malloc(sizeof *dq1, M_DQUOT, M_WAITOK | M_ZERO);
1331 mtx_init(&dq1->dq_lock, "dqlock", NULL, MTX_DEF);
1334 * Recheck the cache after sleep for memory.
1336 dq = dqhashfind(dqh, id, dqvp);
1340 mtx_destroy(&dq1->dq_lock);
1346 if ((dq = TAILQ_FIRST(&dqfreelist)) == NULL) {
1356 if (dq->dq_cnt || (dq->dq_flags & DQ_MOD))
1357 panic("dqget: free dquot isn't %p", dq);
1358 TAILQ_REMOVE(&dqfreelist, dq, dq_freelist);
1359 if (dq->dq_ump != NULL)
1360 LIST_REMOVE(dq, dq_hash);
1364 * Dq is put into hash already locked to prevent parallel
1365 * usage while it is being read from file.
1367 dq->dq_flags = DQ_LOCK;
1371 LIST_INSERT_HEAD(dqh, dq, dq_hash);
1376 * Read the requested quota record from the quota file, performing
1377 * any necessary conversions.
1379 if (ump->um_qflags[type] & QTF_64BIT) {
1380 recsize = sizeof(struct dqblk64);
1381 base = sizeof(struct dqhdr64);
1383 recsize = sizeof(struct dqblk32);
1386 auio.uio_iov = &aiov;
1387 auio.uio_iovcnt = 1;
1388 aiov.iov_base = buf;
1389 aiov.iov_len = recsize;
1390 auio.uio_resid = recsize;
1391 auio.uio_offset = base + id * recsize;
1392 auio.uio_segflg = UIO_SYSSPACE;
1393 auio.uio_rw = UIO_READ;
1394 auio.uio_td = (struct thread *)0;
1396 error = VOP_READ(dqvp, &auio, 0, ump->um_cred[type]);
1397 if (auio.uio_resid == recsize && error == 0) {
1398 bzero(&dq->dq_dqb, sizeof(dq->dq_dqb));
1400 if (ump->um_qflags[type] & QTF_64BIT)
1401 dqb64_dq((struct dqblk64 *)buf, dq);
1403 dqb32_dq((struct dqblk32 *)buf, dq);
1410 * I/O error in reading quota file, release
1411 * quota structure and reflect problem to caller.
1416 LIST_REMOVE(dq, dq_hash);
1419 if (dq->dq_flags & DQ_WANT)
1429 * Check for no limit to enforce.
1430 * Initialize time values if necessary.
1432 if (dq->dq_isoftlimit == 0 && dq->dq_bsoftlimit == 0 &&
1433 dq->dq_ihardlimit == 0 && dq->dq_bhardlimit == 0)
1434 dq->dq_flags |= DQ_FAKE;
1435 if (dq->dq_id != 0) {
1436 if (dq->dq_btime == 0) {
1437 dq->dq_btime = time_second + ump->um_btime[type];
1438 if (dq->dq_bsoftlimit &&
1439 dq->dq_curblocks >= dq->dq_bsoftlimit)
1440 dq->dq_flags |= DQ_MOD;
1442 if (dq->dq_itime == 0) {
1443 dq->dq_itime = time_second + ump->um_itime[type];
1444 if (dq->dq_isoftlimit &&
1445 dq->dq_curinodes >= dq->dq_isoftlimit)
1446 dq->dq_flags |= DQ_MOD;
1457 * Obtain a reference to a dquot.
1460 dqref(struct dquot *dq)
1468 * Release a reference to a dquot.
1471 dqrele(struct vnode *vp, struct dquot *dq)
1477 KASSERT(dq->dq_cnt > 0, ("Lost dq %p reference 1", dq));
1478 if (dq->dq_cnt > 1) {
1485 (void) dqsync(vp, dq);
1488 KASSERT(dq->dq_cnt > 0, ("Lost dq %p reference 2", dq));
1489 if (--dq->dq_cnt > 0)
1496 * The dq may become dirty after it is synced but before it is
1497 * put to the free list. Checking the DQ_MOD there without
1498 * locking dq should be safe since no other references to the
1501 if ((dq->dq_flags & DQ_MOD) != 0) {
1506 TAILQ_INSERT_TAIL(&dqfreelist, dq, dq_freelist);
1511 * Update the disk quota in the quota file.
1514 dqsync(struct vnode *vp, struct dquot *dq)
1516 uint8_t buf[sizeof(struct dqblk64)];
1517 off_t base, recsize;
1523 struct ufsmount *ump;
1525 #ifdef DEBUG_VFS_LOCKS
1527 ASSERT_VOP_ELOCKED(vp, "dqsync");
1533 panic("dqsync: dquot");
1534 if ((ump = dq->dq_ump) == NULL)
1537 if ((dqvp = ump->um_quotas[dq->dq_type]) == NULLVP)
1538 panic("dqsync: file");
1543 if ((dq->dq_flags & DQ_MOD) == 0) {
1550 (void) vn_start_secondary_write(dqvp, &mp, V_WAIT);
1552 vn_lock(dqvp, LK_EXCLUSIVE | LK_RETRY);
1555 DQI_WAIT(dq, PINOD+2, "dqsync");
1556 if ((dq->dq_flags & DQ_MOD) == 0)
1558 dq->dq_flags |= DQ_LOCK;
1562 * Write the quota record to the quota file, performing any
1563 * necessary conversions. See dqget() for additional details.
1565 if (ump->um_qflags[dq->dq_type] & QTF_64BIT) {
1566 dq_dqb64(dq, (struct dqblk64 *)buf);
1567 recsize = sizeof(struct dqblk64);
1568 base = sizeof(struct dqhdr64);
1570 dq_dqb32(dq, (struct dqblk32 *)buf);
1571 recsize = sizeof(struct dqblk32);
1575 auio.uio_iov = &aiov;
1576 auio.uio_iovcnt = 1;
1577 aiov.iov_base = buf;
1578 aiov.iov_len = recsize;
1579 auio.uio_resid = recsize;
1580 auio.uio_offset = base + dq->dq_id * recsize;
1581 auio.uio_segflg = UIO_SYSSPACE;
1582 auio.uio_rw = UIO_WRITE;
1583 auio.uio_td = (struct thread *)0;
1584 error = VOP_WRITE(dqvp, &auio, 0, dq->dq_ump->um_cred[dq->dq_type]);
1585 if (auio.uio_resid && error == 0)
1590 dq->dq_flags &= ~DQ_MOD;
1597 vn_finished_secondary_write(mp);
1602 * Flush all entries from the cache for a particular vnode.
1605 dqflush(struct vnode *vp)
1607 struct dquot *dq, *nextdq;
1612 * Move all dquot's that used to refer to this quota
1613 * file off their hash chains (they will eventually
1614 * fall off the head of the free list and be re-used).
1618 for (dqh = &dqhashtbl[dqhash]; dqh >= dqhashtbl; dqh--) {
1619 for (dq = LIST_FIRST(dqh); dq; dq = nextdq) {
1620 nextdq = LIST_NEXT(dq, dq_hash);
1621 if (dq->dq_ump->um_quotas[dq->dq_type] != vp)
1626 LIST_REMOVE(dq, dq_hash);
1636 * The following three functions are provided for the adjustment of
1637 * quotas by the soft updates code.
1641 * Acquire a reference to the quota structures associated with a vnode.
1642 * Return count of number of quota structures found.
1653 for (i = 0; i < MAXQUOTAS; i++)
1656 * Disk quotas must be turned off for system files. Currently
1657 * snapshot and quota files.
1659 if ((vp->v_vflag & VV_SYSTEM) != 0)
1662 * Iterate through and copy active quotas.
1667 for (i = 0; i < MAXQUOTAS; i++) {
1668 if ((dq = ip->i_dquot[i]) == NODQUOT)
1674 mtx_unlock(&dqhlock);
1679 * Release a set of quota structures obtained from a vnode.
1688 for (i = 0; i < MAXQUOTAS; i++) {
1689 if ((dq = qrp[i]) == NODQUOT)
1696 * Adjust the number of blocks associated with a quota.
1697 * Positive numbers when adding blocks; negative numbers when freeing blocks.
1700 quotaadj(qrp, ump, blkcount)
1702 struct ufsmount *ump;
1706 ufs2_daddr_t ncurblocks;
1711 for (i = 0; i < MAXQUOTAS; i++) {
1712 if ((dq = qrp[i]) == NODQUOT)
1715 DQI_WAIT(dq, PINOD+1, "adjqta");
1716 ncurblocks = dq->dq_curblocks + blkcount;
1717 if (ncurblocks >= 0)
1718 dq->dq_curblocks = ncurblocks;
1720 dq->dq_curblocks = 0;
1722 dq->dq_flags &= ~DQ_BLKS;
1723 else if (dq->dq_curblocks + blkcount >= dq->dq_bsoftlimit &&
1724 dq->dq_curblocks < dq->dq_bsoftlimit)
1725 dq->dq_btime = time_second + ump->um_btime[i];
1726 dq->dq_flags |= DQ_MOD;
1730 #endif /* SOFTUPDATES */
1733 * 32-bit / 64-bit conversion functions.
1735 * 32-bit quota records are stored in native byte order. Attention must
1736 * be paid to overflow issues.
1738 * 64-bit quota records are stored in network byte order.
1741 #define CLIP32(u64) (u64 > UINT32_MAX ? UINT32_MAX : (uint32_t)u64)
1744 * Convert 32-bit host-order structure to dquot.
1747 dqb32_dq(const struct dqblk32 *dqb32, struct dquot *dq)
1750 dq->dq_bhardlimit = dqb32->dqb_bhardlimit;
1751 dq->dq_bsoftlimit = dqb32->dqb_bsoftlimit;
1752 dq->dq_curblocks = dqb32->dqb_curblocks;
1753 dq->dq_ihardlimit = dqb32->dqb_ihardlimit;
1754 dq->dq_isoftlimit = dqb32->dqb_isoftlimit;
1755 dq->dq_curinodes = dqb32->dqb_curinodes;
1756 dq->dq_btime = dqb32->dqb_btime;
1757 dq->dq_itime = dqb32->dqb_itime;
1761 * Convert 64-bit network-order structure to dquot.
1764 dqb64_dq(const struct dqblk64 *dqb64, struct dquot *dq)
1767 dq->dq_bhardlimit = be64toh(dqb64->dqb_bhardlimit);
1768 dq->dq_bsoftlimit = be64toh(dqb64->dqb_bsoftlimit);
1769 dq->dq_curblocks = be64toh(dqb64->dqb_curblocks);
1770 dq->dq_ihardlimit = be64toh(dqb64->dqb_ihardlimit);
1771 dq->dq_isoftlimit = be64toh(dqb64->dqb_isoftlimit);
1772 dq->dq_curinodes = be64toh(dqb64->dqb_curinodes);
1773 dq->dq_btime = be64toh(dqb64->dqb_btime);
1774 dq->dq_itime = be64toh(dqb64->dqb_itime);
1778 * Convert dquot to 32-bit host-order structure.
1781 dq_dqb32(const struct dquot *dq, struct dqblk32 *dqb32)
1784 dqb32->dqb_bhardlimit = CLIP32(dq->dq_bhardlimit);
1785 dqb32->dqb_bsoftlimit = CLIP32(dq->dq_bsoftlimit);
1786 dqb32->dqb_curblocks = CLIP32(dq->dq_curblocks);
1787 dqb32->dqb_ihardlimit = CLIP32(dq->dq_ihardlimit);
1788 dqb32->dqb_isoftlimit = CLIP32(dq->dq_isoftlimit);
1789 dqb32->dqb_curinodes = CLIP32(dq->dq_curinodes);
1790 dqb32->dqb_btime = CLIP32(dq->dq_btime);
1791 dqb32->dqb_itime = CLIP32(dq->dq_itime);
1795 * Convert dquot to 64-bit network-order structure.
1798 dq_dqb64(const struct dquot *dq, struct dqblk64 *dqb64)
1801 dqb64->dqb_bhardlimit = htobe64(dq->dq_bhardlimit);
1802 dqb64->dqb_bsoftlimit = htobe64(dq->dq_bsoftlimit);
1803 dqb64->dqb_curblocks = htobe64(dq->dq_curblocks);
1804 dqb64->dqb_ihardlimit = htobe64(dq->dq_ihardlimit);
1805 dqb64->dqb_isoftlimit = htobe64(dq->dq_isoftlimit);
1806 dqb64->dqb_curinodes = htobe64(dq->dq_curinodes);
1807 dqb64->dqb_btime = htobe64(dq->dq_btime);
1808 dqb64->dqb_itime = htobe64(dq->dq_itime);
1812 * Convert 64-bit host-order structure to 32-bit host-order structure.
1815 dqb64_dqb32(const struct dqblk64 *dqb64, struct dqblk32 *dqb32)
1818 dqb32->dqb_bhardlimit = CLIP32(dqb64->dqb_bhardlimit);
1819 dqb32->dqb_bsoftlimit = CLIP32(dqb64->dqb_bsoftlimit);
1820 dqb32->dqb_curblocks = CLIP32(dqb64->dqb_curblocks);
1821 dqb32->dqb_ihardlimit = CLIP32(dqb64->dqb_ihardlimit);
1822 dqb32->dqb_isoftlimit = CLIP32(dqb64->dqb_isoftlimit);
1823 dqb32->dqb_curinodes = CLIP32(dqb64->dqb_curinodes);
1824 dqb32->dqb_btime = CLIP32(dqb64->dqb_btime);
1825 dqb32->dqb_itime = CLIP32(dqb64->dqb_itime);
1829 * Convert 32-bit host-order structure to 64-bit host-order structure.
1832 dqb32_dqb64(const struct dqblk32 *dqb32, struct dqblk64 *dqb64)
1835 dqb64->dqb_bhardlimit = dqb32->dqb_bhardlimit;
1836 dqb64->dqb_bsoftlimit = dqb32->dqb_bsoftlimit;
1837 dqb64->dqb_curblocks = dqb32->dqb_curblocks;
1838 dqb64->dqb_ihardlimit = dqb32->dqb_ihardlimit;
1839 dqb64->dqb_isoftlimit = dqb32->dqb_isoftlimit;
1840 dqb64->dqb_curinodes = dqb32->dqb_curinodes;
1841 dqb64->dqb_btime = dqb32->dqb_btime;
1842 dqb64->dqb_itime = dqb32->dqb_itime;
projects / FreeBSD / FreeBSD.git / blob