2 * Copyright (c) 1982, 1986 Regents of the University of California.
5 * This code is derived from software contributed to Berkeley by
6 * Robert Elz at The University of Melbourne.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <linux/list.h>
36 #include <linux/mutex.h>
37 #include <linux/rwsem.h>
38 #include <linux/spinlock.h>
39 #include <linux/wait.h>
40 #include <linux/percpu_counter.h>
42 #include <linux/dqblk_xfs.h>
43 #include <linux/dqblk_v1.h>
44 #include <linux/dqblk_v2.h>
46 #include <linux/atomic.h>
47 #include <linux/uidgid.h>
48 #include <linux/projid.h>
49 #include <uapi/linux/quota.h>
55 USRQUOTA = 0, /* element used for user quotas */
56 GRPQUOTA = 1, /* element used for group quotas */
57 PRJQUOTA = 2, /* element used for project quotas */
60 /* Masks for quota types when used as a bitmask */
61 #define QTYPE_MASK_USR (1 << USRQUOTA)
62 #define QTYPE_MASK_GRP (1 << GRPQUOTA)
63 #define QTYPE_MASK_PRJ (1 << PRJQUOTA)
65 typedef __kernel_uid32_t qid_t; /* Type in which we store ids in memory */
66 typedef long long qsize_t; /* Type in which we store sizes */
68 struct kqid { /* Type in which we store the quota identifier */
74 enum quota_type type; /* USRQUOTA (uid) or GRPQUOTA (gid) or PRJQUOTA (projid) */
77 extern bool qid_eq(struct kqid left, struct kqid right);
78 extern bool qid_lt(struct kqid left, struct kqid right);
79 extern qid_t from_kqid(struct user_namespace *to, struct kqid qid);
80 extern qid_t from_kqid_munged(struct user_namespace *to, struct kqid qid);
81 extern bool qid_valid(struct kqid qid);
84 * make_kqid - Map a user-namespace, type, qid tuple into a kqid.
85 * @from: User namespace that the qid is in
86 * @type: The type of quota
87 * @qid: Quota identifier
89 * Maps a user-namespace, type qid tuple into a kernel internal
90 * kqid, and returns that kqid.
92 * When there is no mapping defined for the user-namespace, type,
93 * qid tuple an invalid kqid is returned. Callers are expected to
94 * test for and handle handle invalid kqids being returned.
95 * Invalid kqids may be tested for using qid_valid().
97 static inline struct kqid make_kqid(struct user_namespace *from,
98 enum quota_type type, qid_t qid)
105 kqid.uid = make_kuid(from, qid);
108 kqid.gid = make_kgid(from, qid);
111 kqid.projid = make_kprojid(from, qid);
120 * make_kqid_invalid - Explicitly make an invalid kqid
121 * @type: The type of quota identifier
123 * Returns an invalid kqid with the specified type.
125 static inline struct kqid make_kqid_invalid(enum quota_type type)
132 kqid.uid = INVALID_UID;
135 kqid.gid = INVALID_GID;
138 kqid.projid = INVALID_PROJID;
147 * make_kqid_uid - Make a kqid from a kuid
148 * @uid: The kuid to make the quota identifier from
150 static inline struct kqid make_kqid_uid(kuid_t uid)
153 kqid.type = USRQUOTA;
159 * make_kqid_gid - Make a kqid from a kgid
160 * @gid: The kgid to make the quota identifier from
162 static inline struct kqid make_kqid_gid(kgid_t gid)
165 kqid.type = GRPQUOTA;
171 * make_kqid_projid - Make a kqid from a projid
172 * @projid: The kprojid to make the quota identifier from
174 static inline struct kqid make_kqid_projid(kprojid_t projid)
177 kqid.type = PRJQUOTA;
178 kqid.projid = projid;
183 * qid_has_mapping - Report if a qid maps into a user namespace.
184 * @ns: The user namespace to see if a value maps into.
185 * @qid: The kernel internal quota identifier to test.
187 static inline bool qid_has_mapping(struct user_namespace *ns, struct kqid qid)
189 return from_kqid(ns, qid) != (qid_t) -1;
193 extern spinlock_t dq_data_lock;
195 /* Maximal numbers of writes for quota operation (insert/delete/update)
196 * (over VFS all formats) */
197 #define DQUOT_INIT_ALLOC max(V1_INIT_ALLOC, V2_INIT_ALLOC)
198 #define DQUOT_INIT_REWRITE max(V1_INIT_REWRITE, V2_INIT_REWRITE)
199 #define DQUOT_DEL_ALLOC max(V1_DEL_ALLOC, V2_DEL_ALLOC)
200 #define DQUOT_DEL_REWRITE max(V1_DEL_REWRITE, V2_DEL_REWRITE)
203 * Data for one user/group kept in memory
206 qsize_t dqb_bhardlimit; /* absolute limit on disk blks alloc */
207 qsize_t dqb_bsoftlimit; /* preferred limit on disk blks */
208 qsize_t dqb_curspace; /* current used space */
209 qsize_t dqb_rsvspace; /* current reserved space for delalloc*/
210 qsize_t dqb_ihardlimit; /* absolute limit on allocated inodes */
211 qsize_t dqb_isoftlimit; /* preferred inode limit */
212 qsize_t dqb_curinodes; /* current # allocated inodes */
213 time64_t dqb_btime; /* time limit for excessive disk use */
214 time64_t dqb_itime; /* time limit for excessive inode use */
218 * Data for one quotafile kept in memory
220 struct quota_format_type;
223 struct quota_format_type *dqi_format;
224 int dqi_fmt_id; /* Id of the dqi_format - used when turning
225 * quotas on after remount RW */
226 struct list_head dqi_dirty_list; /* List of dirty dquots */
227 unsigned long dqi_flags;
228 unsigned int dqi_bgrace;
229 unsigned int dqi_igrace;
230 qsize_t dqi_max_spc_limit;
231 qsize_t dqi_max_ino_limit;
237 /* Mask for flags passed to userspace */
238 #define DQF_GETINFO_MASK (DQF_ROOT_SQUASH | DQF_SYS_FILE)
239 /* Mask for flags modifiable from userspace */
240 #define DQF_SETINFO_MASK DQF_ROOT_SQUASH
243 DQF_INFO_DIRTY_B = DQF_PRIVATE,
245 #define DQF_INFO_DIRTY (1 << DQF_INFO_DIRTY_B) /* Is info dirty? */
247 extern void mark_info_dirty(struct super_block *sb, int type);
248 static inline int info_dirty(struct mem_dqinfo *info)
250 return test_bit(DQF_INFO_DIRTY_B, &info->dqi_flags);
266 int stat[_DQST_DQSTAT_LAST];
267 struct percpu_counter counter[_DQST_DQSTAT_LAST];
270 extern struct dqstats *dqstats_pcpu;
271 extern struct dqstats dqstats;
273 static inline void dqstats_inc(unsigned int type)
275 percpu_counter_inc(&dqstats.counter[type]);
278 static inline void dqstats_dec(unsigned int type)
280 percpu_counter_dec(&dqstats.counter[type]);
283 #define DQ_MOD_B 0 /* dquot modified since read */
284 #define DQ_BLKS_B 1 /* uid/gid has been warned about blk limit */
285 #define DQ_INODES_B 2 /* uid/gid has been warned about inode limit */
286 #define DQ_FAKE_B 3 /* no limits only usage */
287 #define DQ_READ_B 4 /* dquot was read into memory */
288 #define DQ_ACTIVE_B 5 /* dquot is active (dquot_release not called) */
289 #define DQ_LASTSET_B 6 /* Following 6 bits (see QIF_) are reserved\
290 * for the mask of entries set via SETQUOTA\
291 * quotactl. They are set under dq_data_lock\
292 * and the quota format handling dquot can\
293 * clear them when it sees fit. */
296 struct hlist_node dq_hash; /* Hash list in memory */
297 struct list_head dq_inuse; /* List of all quotas */
298 struct list_head dq_free; /* Free list element */
299 struct list_head dq_dirty; /* List of dirty dquots */
300 struct mutex dq_lock; /* dquot IO lock */
301 atomic_t dq_count; /* Use count */
302 wait_queue_head_t dq_wait_unused; /* Wait queue for dquot to become unused */
303 struct super_block *dq_sb; /* superblock this applies to */
304 struct kqid dq_id; /* ID this applies to (uid, gid, projid) */
305 loff_t dq_off; /* Offset of dquot on disk */
306 unsigned long dq_flags; /* See DQ_* */
307 struct mem_dqblk dq_dqb; /* Diskquota usage */
310 /* Operations which must be implemented by each quota format */
311 struct quota_format_ops {
312 int (*check_quota_file)(struct super_block *sb, int type); /* Detect whether file is in our format */
313 int (*read_file_info)(struct super_block *sb, int type); /* Read main info about file - called on quotaon() */
314 int (*write_file_info)(struct super_block *sb, int type); /* Write main info about file */
315 int (*free_file_info)(struct super_block *sb, int type); /* Called on quotaoff() */
316 int (*read_dqblk)(struct dquot *dquot); /* Read structure for one user */
317 int (*commit_dqblk)(struct dquot *dquot); /* Write structure for one user */
318 int (*release_dqblk)(struct dquot *dquot); /* Called when last reference to dquot is being dropped */
319 int (*get_next_id)(struct super_block *sb, struct kqid *qid); /* Get next ID with existing structure in the quota file */
322 /* Operations working with dquots */
323 struct dquot_operations {
324 int (*write_dquot) (struct dquot *); /* Ordinary dquot write */
325 struct dquot *(*alloc_dquot)(struct super_block *, int); /* Allocate memory for new dquot */
326 void (*destroy_dquot)(struct dquot *); /* Free memory for dquot */
327 int (*acquire_dquot) (struct dquot *); /* Quota is going to be created on disk */
328 int (*release_dquot) (struct dquot *); /* Quota is going to be deleted from disk */
329 int (*mark_dirty) (struct dquot *); /* Dquot is marked dirty */
330 int (*write_info) (struct super_block *, int); /* Write of quota "superblock" */
331 /* get reserved quota for delayed alloc, value returned is managed by
333 qsize_t *(*get_reserved_space) (struct inode *);
334 int (*get_projid) (struct inode *, kprojid_t *);/* Get project ID */
335 /* Get next ID with active quota structure */
336 int (*get_next_id) (struct super_block *sb, struct kqid *qid);
341 /* Structure for communicating via ->get_dqblk() & ->set_dqblk() */
343 int d_fieldmask; /* mask of fields to change in ->set_dqblk() */
344 u64 d_spc_hardlimit; /* absolute limit on used space */
345 u64 d_spc_softlimit; /* preferred limit on used space */
346 u64 d_ino_hardlimit; /* maximum # allocated inodes */
347 u64 d_ino_softlimit; /* preferred inode limit */
348 u64 d_space; /* Space owned by the user */
349 u64 d_ino_count; /* # inodes owned by the user */
350 s64 d_ino_timer; /* zero if within inode limits */
351 /* if not, we refuse service */
352 s64 d_spc_timer; /* similar to above; for space */
353 int d_ino_warns; /* # warnings issued wrt num inodes */
354 int d_spc_warns; /* # warnings issued wrt used space */
355 u64 d_rt_spc_hardlimit; /* absolute limit on realtime space */
356 u64 d_rt_spc_softlimit; /* preferred limit on RT space */
357 u64 d_rt_space; /* realtime space owned */
358 s64 d_rt_spc_timer; /* similar to above; for RT space */
359 int d_rt_spc_warns; /* # warnings issued wrt RT space */
363 * Field specifiers for ->set_dqblk() in struct qc_dqblk and also for
364 * ->set_info() in struct qc_info
366 #define QC_INO_SOFT (1<<0)
367 #define QC_INO_HARD (1<<1)
368 #define QC_SPC_SOFT (1<<2)
369 #define QC_SPC_HARD (1<<3)
370 #define QC_RT_SPC_SOFT (1<<4)
371 #define QC_RT_SPC_HARD (1<<5)
372 #define QC_LIMIT_MASK (QC_INO_SOFT | QC_INO_HARD | QC_SPC_SOFT | QC_SPC_HARD | \
373 QC_RT_SPC_SOFT | QC_RT_SPC_HARD)
374 #define QC_SPC_TIMER (1<<6)
375 #define QC_INO_TIMER (1<<7)
376 #define QC_RT_SPC_TIMER (1<<8)
377 #define QC_TIMER_MASK (QC_SPC_TIMER | QC_INO_TIMER | QC_RT_SPC_TIMER)
378 #define QC_SPC_WARNS (1<<9)
379 #define QC_INO_WARNS (1<<10)
380 #define QC_RT_SPC_WARNS (1<<11)
381 #define QC_WARNS_MASK (QC_SPC_WARNS | QC_INO_WARNS | QC_RT_SPC_WARNS)
382 #define QC_SPACE (1<<12)
383 #define QC_INO_COUNT (1<<13)
384 #define QC_RT_SPACE (1<<14)
385 #define QC_ACCT_MASK (QC_SPACE | QC_INO_COUNT | QC_RT_SPACE)
386 #define QC_FLAGS (1<<15)
388 #define QCI_SYSFILE (1 << 0) /* Quota file is hidden from userspace */
389 #define QCI_ROOT_SQUASH (1 << 1) /* Root squash turned on */
390 #define QCI_ACCT_ENABLED (1 << 2) /* Quota accounting enabled */
391 #define QCI_LIMITS_ENFORCED (1 << 3) /* Quota limits enforced */
393 /* Structures for communicating via ->get_state */
394 struct qc_type_state {
395 unsigned int flags; /* Flags QCI_* */
396 unsigned int spc_timelimit; /* Time after which space softlimit is
398 unsigned int ino_timelimit; /* Ditto for inode softlimit */
399 unsigned int rt_spc_timelimit; /* Ditto for real-time space */
400 unsigned int spc_warnlimit; /* Limit for number of space warnings */
401 unsigned int ino_warnlimit; /* Ditto for inodes */
402 unsigned int rt_spc_warnlimit; /* Ditto for real-time space */
403 unsigned long long ino; /* Inode number of quota file */
404 blkcnt_t blocks; /* Number of 512-byte blocks in the file */
405 blkcnt_t nextents; /* Number of extents in the file */
409 unsigned int s_incoredqs; /* Number of dquots in core */
411 * Per quota type information. The array should really have
412 * max(MAXQUOTAS, XQM_MAXQUOTAS) entries. BUILD_BUG_ON in
413 * quota_getinfo() makes sure XQM_MAXQUOTAS is large enough. Once VFS
414 * supports project quotas, this can be changed to MAXQUOTAS
416 struct qc_type_state s_state[XQM_MAXQUOTAS];
419 /* Structure for communicating via ->set_info */
421 int i_fieldmask; /* mask of fields to change in ->set_info() */
422 unsigned int i_flags; /* Flags QCI_* */
423 unsigned int i_spc_timelimit; /* Time after which space softlimit is
425 unsigned int i_ino_timelimit; /* Ditto for inode softlimit */
426 unsigned int i_rt_spc_timelimit;/* Ditto for real-time space */
427 unsigned int i_spc_warnlimit; /* Limit for number of space warnings */
428 unsigned int i_ino_warnlimit; /* Limit for number of inode warnings */
429 unsigned int i_rt_spc_warnlimit; /* Ditto for real-time space */
432 /* Operations handling requests from userspace */
433 struct quotactl_ops {
434 int (*quota_on)(struct super_block *, int, int, const struct path *);
435 int (*quota_off)(struct super_block *, int);
436 int (*quota_enable)(struct super_block *, unsigned int);
437 int (*quota_disable)(struct super_block *, unsigned int);
438 int (*quota_sync)(struct super_block *, int);
439 int (*set_info)(struct super_block *, int, struct qc_info *);
440 int (*get_dqblk)(struct super_block *, struct kqid, struct qc_dqblk *);
441 int (*get_nextdqblk)(struct super_block *, struct kqid *,
443 int (*set_dqblk)(struct super_block *, struct kqid, struct qc_dqblk *);
444 int (*get_state)(struct super_block *, struct qc_state *);
445 int (*rm_xquota)(struct super_block *, unsigned int);
448 struct quota_format_type {
449 int qf_fmt_id; /* Quota format id */
450 const struct quota_format_ops *qf_ops; /* Operations of format */
451 struct module *qf_owner; /* Module implementing quota format */
452 struct quota_format_type *qf_next;
456 * Quota state flags - they actually come in two flavors - for users and groups.
458 * Actual typed flags layout:
460 * DQUOT_USAGE_ENABLED 0x0001 0x0002
461 * DQUOT_LIMITS_ENABLED 0x0004 0x0008
462 * DQUOT_SUSPENDED 0x0010 0x0020
464 * Following bits are used for non-typed flags:
465 * DQUOT_QUOTA_SYS_FILE 0x0040
466 * DQUOT_NEGATIVE_USAGE 0x0080
469 _DQUOT_USAGE_ENABLED = 0, /* Track disk usage for users */
470 _DQUOT_LIMITS_ENABLED, /* Enforce quota limits for users */
471 _DQUOT_SUSPENDED, /* User diskquotas are off, but
472 * we have necessary info in
473 * memory to turn them on */
476 #define DQUOT_USAGE_ENABLED (1 << _DQUOT_USAGE_ENABLED * MAXQUOTAS)
477 #define DQUOT_LIMITS_ENABLED (1 << _DQUOT_LIMITS_ENABLED * MAXQUOTAS)
478 #define DQUOT_SUSPENDED (1 << _DQUOT_SUSPENDED * MAXQUOTAS)
479 #define DQUOT_STATE_FLAGS (DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED | \
481 /* Other quota flags */
482 #define DQUOT_STATE_LAST (_DQUOT_STATE_FLAGS * MAXQUOTAS)
483 #define DQUOT_QUOTA_SYS_FILE (1 << DQUOT_STATE_LAST)
484 /* Quota file is a special
485 * system file and user cannot
486 * touch it. Filesystem is
487 * responsible for setting
488 * S_NOQUOTA, S_NOATIME flags
490 #define DQUOT_NEGATIVE_USAGE (1 << (DQUOT_STATE_LAST + 1))
491 /* Allow negative quota usage */
492 static inline unsigned int dquot_state_flag(unsigned int flags, int type)
494 return flags << type;
497 static inline unsigned int dquot_generic_flag(unsigned int flags, int type)
499 return (flags >> type) & DQUOT_STATE_FLAGS;
502 /* Bitmap of quota types where flag is set in flags */
503 static __always_inline unsigned dquot_state_types(unsigned flags, unsigned flag)
505 BUILD_BUG_ON_NOT_POWER_OF_2(flag);
506 return (flags / flag) & ((1 << MAXQUOTAS) - 1);
509 #ifdef CONFIG_QUOTA_NETLINK_INTERFACE
510 extern void quota_send_warning(struct kqid qid, dev_t dev,
511 const char warntype);
513 static inline void quota_send_warning(struct kqid qid, dev_t dev,
518 #endif /* CONFIG_QUOTA_NETLINK_INTERFACE */
521 unsigned int flags; /* Flags for diskquotas on this device */
522 struct mutex dqio_mutex; /* lock device while I/O in progress */
523 struct inode *files[MAXQUOTAS]; /* inodes of quotafiles */
524 struct mem_dqinfo info[MAXQUOTAS]; /* Information for each quota type */
525 const struct quota_format_ops *ops[MAXQUOTAS]; /* Operations for each type */
528 int register_quota_format(struct quota_format_type *fmt);
529 void unregister_quota_format(struct quota_format_type *fmt);
531 struct quota_module_name {
536 #define INIT_QUOTA_MODULE_NAMES {\
537 {QFMT_VFS_OLD, "quota_v1"},\
538 {QFMT_VFS_V0, "quota_v2"},\
539 {QFMT_VFS_V1, "quota_v2"},\