2 * Copyright (c) 1982, 1986 Regents of the University of California.
5 * This code is derived from software contributed to Berkeley by
6 * Robert Elz at The University of Melbourne.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the University nor the names of its contributors
17 * may be used to endorse or promote products derived from this software
18 * without specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <linux/list.h>
36 #include <linux/mutex.h>
37 #include <linux/rwsem.h>
38 #include <linux/spinlock.h>
39 #include <linux/wait.h>
40 #include <linux/percpu_counter.h>
42 #include <linux/dqblk_xfs.h>
43 #include <linux/dqblk_v1.h>
44 #include <linux/dqblk_v2.h>
46 #include <linux/atomic.h>
47 #include <linux/uidgid.h>
48 #include <linux/projid.h>
49 #include <uapi/linux/quota.h>
55 USRQUOTA
= 0, /* element used for user quotas */
56 GRPQUOTA
= 1, /* element used for group quotas */
57 PRJQUOTA
= 2, /* element used for project quotas */
60 /* Masks for quota types when used as a bitmask */
61 #define QTYPE_MASK_USR (1 << USRQUOTA)
62 #define QTYPE_MASK_GRP (1 << GRPQUOTA)
63 #define QTYPE_MASK_PRJ (1 << PRJQUOTA)
65 typedef __kernel_uid32_t qid_t
; /* Type in which we store ids in memory */
66 typedef long long qsize_t
; /* Type in which we store sizes */
68 struct kqid
{ /* Type in which we store the quota identifier */
74 enum quota_type type
; /* USRQUOTA (uid) or GRPQUOTA (gid) or PRJQUOTA (projid) */
77 extern bool qid_eq(struct kqid left
, struct kqid right
);
78 extern bool qid_lt(struct kqid left
, struct kqid right
);
79 extern qid_t
from_kqid(struct user_namespace
*to
, struct kqid qid
);
80 extern qid_t
from_kqid_munged(struct user_namespace
*to
, struct kqid qid
);
81 extern bool qid_valid(struct kqid qid
);
84 * make_kqid - Map a user-namespace, type, qid tuple into a kqid.
85 * @from: User namespace that the qid is in
86 * @type: The type of quota
87 * @qid: Quota identifier
89 * Maps a user-namespace, type qid tuple into a kernel internal
90 * kqid, and returns that kqid.
92 * When there is no mapping defined for the user-namespace, type,
93 * qid tuple an invalid kqid is returned. Callers are expected to
94 * test for and handle invalid kqids being returned.
95 * Invalid kqids may be tested for using qid_valid().
97 static inline struct kqid
make_kqid(struct user_namespace
*from
,
98 enum quota_type type
, qid_t qid
)
105 kqid
.uid
= make_kuid(from
, qid
);
108 kqid
.gid
= make_kgid(from
, qid
);
111 kqid
.projid
= make_kprojid(from
, qid
);
120 * make_kqid_invalid - Explicitly make an invalid kqid
121 * @type: The type of quota identifier
123 * Returns an invalid kqid with the specified type.
125 static inline struct kqid
make_kqid_invalid(enum quota_type type
)
132 kqid
.uid
= INVALID_UID
;
135 kqid
.gid
= INVALID_GID
;
138 kqid
.projid
= INVALID_PROJID
;
147 * make_kqid_uid - Make a kqid from a kuid
148 * @uid: The kuid to make the quota identifier from
150 static inline struct kqid
make_kqid_uid(kuid_t uid
)
153 kqid
.type
= USRQUOTA
;
159 * make_kqid_gid - Make a kqid from a kgid
160 * @gid: The kgid to make the quota identifier from
162 static inline struct kqid
make_kqid_gid(kgid_t gid
)
165 kqid
.type
= GRPQUOTA
;
171 * make_kqid_projid - Make a kqid from a projid
172 * @projid: The kprojid to make the quota identifier from
174 static inline struct kqid
make_kqid_projid(kprojid_t projid
)
177 kqid
.type
= PRJQUOTA
;
178 kqid
.projid
= projid
;
183 * qid_has_mapping - Report if a qid maps into a user namespace.
184 * @ns: The user namespace to see if a value maps into.
185 * @qid: The kernel internal quota identifier to test.
187 static inline bool qid_has_mapping(struct user_namespace
*ns
, struct kqid qid
)
189 return from_kqid(ns
, qid
) != (qid_t
) -1;
193 extern spinlock_t dq_data_lock
;
195 /* Maximal numbers of writes for quota operation (insert/delete/update)
196 * (over VFS all formats) */
197 #define DQUOT_INIT_ALLOC max(V1_INIT_ALLOC, V2_INIT_ALLOC)
198 #define DQUOT_INIT_REWRITE max(V1_INIT_REWRITE, V2_INIT_REWRITE)
199 #define DQUOT_DEL_ALLOC max(V1_DEL_ALLOC, V2_DEL_ALLOC)
200 #define DQUOT_DEL_REWRITE max(V1_DEL_REWRITE, V2_DEL_REWRITE)
203 * Data for one user/group kept in memory
206 qsize_t dqb_bhardlimit
; /* absolute limit on disk blks alloc */
207 qsize_t dqb_bsoftlimit
; /* preferred limit on disk blks */
208 qsize_t dqb_curspace
; /* current used space */
209 qsize_t dqb_rsvspace
; /* current reserved space for delalloc*/
210 qsize_t dqb_ihardlimit
; /* absolute limit on allocated inodes */
211 qsize_t dqb_isoftlimit
; /* preferred inode limit */
212 qsize_t dqb_curinodes
; /* current # allocated inodes */
213 time64_t dqb_btime
; /* time limit for excessive disk use */
214 time64_t dqb_itime
; /* time limit for excessive inode use */
218 * Data for one quotafile kept in memory
220 struct quota_format_type
;
223 struct quota_format_type
*dqi_format
;
224 int dqi_fmt_id
; /* Id of the dqi_format - used when turning
225 * quotas on after remount RW */
226 struct list_head dqi_dirty_list
; /* List of dirty dquots [dq_list_lock] */
227 unsigned long dqi_flags
; /* DFQ_ flags [dq_data_lock] */
228 unsigned int dqi_bgrace
; /* Space grace time [dq_data_lock] */
229 unsigned int dqi_igrace
; /* Inode grace time [dq_data_lock] */
230 qsize_t dqi_max_spc_limit
; /* Maximum space limit [static] */
231 qsize_t dqi_max_ino_limit
; /* Maximum inode limit [static] */
237 /* Mask for flags passed to userspace */
238 #define DQF_GETINFO_MASK (DQF_ROOT_SQUASH | DQF_SYS_FILE)
239 /* Mask for flags modifiable from userspace */
240 #define DQF_SETINFO_MASK DQF_ROOT_SQUASH
243 DQF_INFO_DIRTY_B
= DQF_PRIVATE
,
245 #define DQF_INFO_DIRTY (1 << DQF_INFO_DIRTY_B) /* Is info dirty? */
247 extern void mark_info_dirty(struct super_block
*sb
, int type
);
248 static inline int info_dirty(struct mem_dqinfo
*info
)
250 return test_bit(DQF_INFO_DIRTY_B
, &info
->dqi_flags
);
266 unsigned long stat
[_DQST_DQSTAT_LAST
];
267 struct percpu_counter counter
[_DQST_DQSTAT_LAST
];
270 extern struct dqstats dqstats
;
272 static inline void dqstats_inc(unsigned int type
)
274 percpu_counter_inc(&dqstats
.counter
[type
]);
277 static inline void dqstats_dec(unsigned int type
)
279 percpu_counter_dec(&dqstats
.counter
[type
]);
282 #define DQ_MOD_B 0 /* dquot modified since read */
283 #define DQ_BLKS_B 1 /* uid/gid has been warned about blk limit */
284 #define DQ_INODES_B 2 /* uid/gid has been warned about inode limit */
285 #define DQ_FAKE_B 3 /* no limits only usage */
286 #define DQ_READ_B 4 /* dquot was read into memory */
287 #define DQ_ACTIVE_B 5 /* dquot is active (dquot_release not called) */
288 #define DQ_RELEASING_B 6 /* dquot is in releasing_dquots list waiting
289 * to be cleaned up */
290 #define DQ_LASTSET_B 7 /* Following 6 bits (see QIF_) are reserved\
291 * for the mask of entries set via SETQUOTA\
292 * quotactl. They are set under dq_data_lock\
293 * and the quota format handling dquot can\
294 * clear them when it sees fit. */
297 struct hlist_node dq_hash
; /* Hash list in memory [dq_list_lock] */
298 struct list_head dq_inuse
; /* List of all quotas [dq_list_lock] */
299 struct list_head dq_free
; /* Free list element [dq_list_lock] */
300 struct list_head dq_dirty
; /* List of dirty dquots [dq_list_lock] */
301 struct mutex dq_lock
; /* dquot IO lock */
302 spinlock_t dq_dqb_lock
; /* Lock protecting dq_dqb changes */
303 atomic_t dq_count
; /* Use count */
304 struct super_block
*dq_sb
; /* superblock this applies to */
305 struct kqid dq_id
; /* ID this applies to (uid, gid, projid) */
306 loff_t dq_off
; /* Offset of dquot on disk [dq_lock, stable once set] */
307 unsigned long dq_flags
; /* See DQ_* */
308 struct mem_dqblk dq_dqb
; /* Diskquota usage [dq_dqb_lock] */
311 /* Operations which must be implemented by each quota format */
312 struct quota_format_ops
{
313 int (*check_quota_file
)(struct super_block
*sb
, int type
); /* Detect whether file is in our format */
314 int (*read_file_info
)(struct super_block
*sb
, int type
); /* Read main info about file - called on quotaon() */
315 int (*write_file_info
)(struct super_block
*sb
, int type
); /* Write main info about file */
316 int (*free_file_info
)(struct super_block
*sb
, int type
); /* Called on quotaoff() */
317 int (*read_dqblk
)(struct dquot
*dquot
); /* Read structure for one user */
318 int (*commit_dqblk
)(struct dquot
*dquot
); /* Write structure for one user */
319 int (*release_dqblk
)(struct dquot
*dquot
); /* Called when last reference to dquot is being dropped */
320 int (*get_next_id
)(struct super_block
*sb
, struct kqid
*qid
); /* Get next ID with existing structure in the quota file */
323 /* Operations working with dquots */
324 struct dquot_operations
{
325 int (*write_dquot
) (struct dquot
*); /* Ordinary dquot write */
326 struct dquot
*(*alloc_dquot
)(struct super_block
*, int); /* Allocate memory for new dquot */
327 void (*destroy_dquot
)(struct dquot
*); /* Free memory for dquot */
328 int (*acquire_dquot
) (struct dquot
*); /* Quota is going to be created on disk */
329 int (*release_dquot
) (struct dquot
*); /* Quota is going to be deleted from disk */
330 int (*mark_dirty
) (struct dquot
*); /* Dquot is marked dirty */
331 int (*write_info
) (struct super_block
*, int); /* Write of quota "superblock" */
332 /* get reserved quota for delayed alloc, value returned is managed by
334 qsize_t
*(*get_reserved_space
) (struct inode
*);
335 int (*get_projid
) (struct inode
*, kprojid_t
*);/* Get project ID */
336 /* Get number of inodes that were charged for a given inode */
337 int (*get_inode_usage
) (struct inode
*, qsize_t
*);
338 /* Get next ID with active quota structure */
339 int (*get_next_id
) (struct super_block
*sb
, struct kqid
*qid
);
344 /* Structure for communicating via ->get_dqblk() & ->set_dqblk() */
346 int d_fieldmask
; /* mask of fields to change in ->set_dqblk() */
347 u64 d_spc_hardlimit
; /* absolute limit on used space */
348 u64 d_spc_softlimit
; /* preferred limit on used space */
349 u64 d_ino_hardlimit
; /* maximum # allocated inodes */
350 u64 d_ino_softlimit
; /* preferred inode limit */
351 u64 d_space
; /* Space owned by the user */
352 u64 d_ino_count
; /* # inodes owned by the user */
353 s64 d_ino_timer
; /* zero if within inode limits */
354 /* if not, we refuse service */
355 s64 d_spc_timer
; /* similar to above; for space */
356 int d_ino_warns
; /* # warnings issued wrt num inodes */
357 int d_spc_warns
; /* # warnings issued wrt used space */
358 u64 d_rt_spc_hardlimit
; /* absolute limit on realtime space */
359 u64 d_rt_spc_softlimit
; /* preferred limit on RT space */
360 u64 d_rt_space
; /* realtime space owned */
361 s64 d_rt_spc_timer
; /* similar to above; for RT space */
362 int d_rt_spc_warns
; /* # warnings issued wrt RT space */
366 * Field specifiers for ->set_dqblk() in struct qc_dqblk and also for
367 * ->set_info() in struct qc_info
369 #define QC_INO_SOFT (1<<0)
370 #define QC_INO_HARD (1<<1)
371 #define QC_SPC_SOFT (1<<2)
372 #define QC_SPC_HARD (1<<3)
373 #define QC_RT_SPC_SOFT (1<<4)
374 #define QC_RT_SPC_HARD (1<<5)
375 #define QC_LIMIT_MASK (QC_INO_SOFT | QC_INO_HARD | QC_SPC_SOFT | QC_SPC_HARD | \
376 QC_RT_SPC_SOFT | QC_RT_SPC_HARD)
377 #define QC_SPC_TIMER (1<<6)
378 #define QC_INO_TIMER (1<<7)
379 #define QC_RT_SPC_TIMER (1<<8)
380 #define QC_TIMER_MASK (QC_SPC_TIMER | QC_INO_TIMER | QC_RT_SPC_TIMER)
381 #define QC_SPC_WARNS (1<<9)
382 #define QC_INO_WARNS (1<<10)
383 #define QC_RT_SPC_WARNS (1<<11)
384 #define QC_WARNS_MASK (QC_SPC_WARNS | QC_INO_WARNS | QC_RT_SPC_WARNS)
385 #define QC_SPACE (1<<12)
386 #define QC_INO_COUNT (1<<13)
387 #define QC_RT_SPACE (1<<14)
388 #define QC_ACCT_MASK (QC_SPACE | QC_INO_COUNT | QC_RT_SPACE)
389 #define QC_FLAGS (1<<15)
391 #define QCI_SYSFILE (1 << 0) /* Quota file is hidden from userspace */
392 #define QCI_ROOT_SQUASH (1 << 1) /* Root squash turned on */
393 #define QCI_ACCT_ENABLED (1 << 2) /* Quota accounting enabled */
394 #define QCI_LIMITS_ENFORCED (1 << 3) /* Quota limits enforced */
396 /* Structures for communicating via ->get_state */
397 struct qc_type_state
{
398 unsigned int flags
; /* Flags QCI_* */
399 unsigned int spc_timelimit
; /* Time after which space softlimit is
401 unsigned int ino_timelimit
; /* Ditto for inode softlimit */
402 unsigned int rt_spc_timelimit
; /* Ditto for real-time space */
403 unsigned int spc_warnlimit
; /* Limit for number of space warnings */
404 unsigned int ino_warnlimit
; /* Ditto for inodes */
405 unsigned int rt_spc_warnlimit
; /* Ditto for real-time space */
406 unsigned long long ino
; /* Inode number of quota file */
407 blkcnt_t blocks
; /* Number of 512-byte blocks in the file */
408 blkcnt_t nextents
; /* Number of extents in the file */
412 unsigned int s_incoredqs
; /* Number of dquots in core */
413 struct qc_type_state s_state
[MAXQUOTAS
]; /* Per quota type information */
416 /* Structure for communicating via ->set_info */
418 int i_fieldmask
; /* mask of fields to change in ->set_info() */
419 unsigned int i_flags
; /* Flags QCI_* */
420 unsigned int i_spc_timelimit
; /* Time after which space softlimit is
422 unsigned int i_ino_timelimit
; /* Ditto for inode softlimit */
423 unsigned int i_rt_spc_timelimit
;/* Ditto for real-time space */
424 unsigned int i_spc_warnlimit
; /* Limit for number of space warnings */
425 unsigned int i_ino_warnlimit
; /* Limit for number of inode warnings */
426 unsigned int i_rt_spc_warnlimit
; /* Ditto for real-time space */
429 /* Operations handling requests from userspace */
430 struct quotactl_ops
{
431 int (*quota_on
)(struct super_block
*, int, int, const struct path
*);
432 int (*quota_off
)(struct super_block
*, int);
433 int (*quota_enable
)(struct super_block
*, unsigned int);
434 int (*quota_disable
)(struct super_block
*, unsigned int);
435 int (*quota_sync
)(struct super_block
*, int);
436 int (*set_info
)(struct super_block
*, int, struct qc_info
*);
437 int (*get_dqblk
)(struct super_block
*, struct kqid
, struct qc_dqblk
*);
438 int (*get_nextdqblk
)(struct super_block
*, struct kqid
*,
440 int (*set_dqblk
)(struct super_block
*, struct kqid
, struct qc_dqblk
*);
441 int (*get_state
)(struct super_block
*, struct qc_state
*);
442 int (*rm_xquota
)(struct super_block
*, unsigned int);
445 struct quota_format_type
{
446 int qf_fmt_id
; /* Quota format id */
447 const struct quota_format_ops
*qf_ops
; /* Operations of format */
448 struct module
*qf_owner
; /* Module implementing quota format */
449 struct quota_format_type
*qf_next
;
453 * Quota state flags - they come in three flavors - for users, groups and projects.
455 * Actual typed flags layout:
456 * USRQUOTA GRPQUOTA PRJQUOTA
457 * DQUOT_USAGE_ENABLED 0x0001 0x0002 0x0004
458 * DQUOT_LIMITS_ENABLED 0x0008 0x0010 0x0020
459 * DQUOT_SUSPENDED 0x0040 0x0080 0x0100
461 * Following bits are used for non-typed flags:
462 * DQUOT_QUOTA_SYS_FILE 0x0200
463 * DQUOT_NEGATIVE_USAGE 0x0400
464 * DQUOT_NOLIST_DIRTY 0x0800
467 _DQUOT_USAGE_ENABLED
= 0, /* Track disk usage for users */
468 _DQUOT_LIMITS_ENABLED
, /* Enforce quota limits for users */
469 _DQUOT_SUSPENDED
, /* User diskquotas are off, but
470 * we have necessary info in
471 * memory to turn them on */
474 #define DQUOT_USAGE_ENABLED (1 << _DQUOT_USAGE_ENABLED * MAXQUOTAS)
475 #define DQUOT_LIMITS_ENABLED (1 << _DQUOT_LIMITS_ENABLED * MAXQUOTAS)
476 #define DQUOT_SUSPENDED (1 << _DQUOT_SUSPENDED * MAXQUOTAS)
477 #define DQUOT_STATE_FLAGS (DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED | \
479 /* Other quota flags */
480 #define DQUOT_STATE_LAST (_DQUOT_STATE_FLAGS * MAXQUOTAS)
481 #define DQUOT_QUOTA_SYS_FILE (1 << DQUOT_STATE_LAST)
482 /* Quota file is a special
483 * system file and user cannot
484 * touch it. Filesystem is
485 * responsible for setting
486 * S_NOQUOTA, S_NOATIME flags
488 #define DQUOT_NEGATIVE_USAGE (1 << (DQUOT_STATE_LAST + 1))
489 /* Allow negative quota usage */
490 /* Do not track dirty dquots in a list */
491 #define DQUOT_NOLIST_DIRTY (1 << (DQUOT_STATE_LAST + 2))
493 static inline unsigned int dquot_state_flag(unsigned int flags
, int type
)
495 return flags
<< type
;
498 static inline unsigned int dquot_generic_flag(unsigned int flags
, int type
)
500 return (flags
>> type
) & DQUOT_STATE_FLAGS
;
503 /* Bitmap of quota types where flag is set in flags */
504 static __always_inline
unsigned dquot_state_types(unsigned flags
, unsigned flag
)
506 BUILD_BUG_ON_NOT_POWER_OF_2(flag
);
507 return (flags
/ flag
) & ((1 << MAXQUOTAS
) - 1);
510 #ifdef CONFIG_QUOTA_NETLINK_INTERFACE
511 extern void quota_send_warning(struct kqid qid
, dev_t dev
,
512 const char warntype
);
514 static inline void quota_send_warning(struct kqid qid
, dev_t dev
,
519 #endif /* CONFIG_QUOTA_NETLINK_INTERFACE */
522 unsigned int flags
; /* Flags for diskquotas on this device */
523 struct rw_semaphore dqio_sem
; /* Lock quota file while I/O in progress */
524 struct inode
*files
[MAXQUOTAS
]; /* inodes of quotafiles */
525 struct mem_dqinfo info
[MAXQUOTAS
]; /* Information for each quota type */
526 const struct quota_format_ops
*ops
[MAXQUOTAS
]; /* Operations for each type */
529 void register_quota_format(struct quota_format_type
*fmt
);
530 void unregister_quota_format(struct quota_format_type
*fmt
);
532 struct quota_module_name
{
537 #define INIT_QUOTA_MODULE_NAMES {\
538 {QFMT_VFS_OLD, "quota_v1"},\
539 {QFMT_VFS_V0, "quota_v2"},\
540 {QFMT_VFS_V1, "quota_v2"},\