ee91e2756950eedc62e3f44934a23601cc8de6ea
[linux-2.6.git] / fs / quota / quota.c
1 /*
2  * Quota code necessary even when VFS quota support is not compiled
3  * into the kernel.  The interesting stuff is over in dquot.c, here
4  * we have symbols for initial quotactl(2) handling, the sysctl(2)
5  * variables, etc - things needed even when quota support disabled.
6  */
7
8 #include <linux/fs.h>
9 #include <linux/namei.h>
10 #include <linux/slab.h>
11 #include <asm/current.h>
12 #include <asm/uaccess.h>
13 #include <linux/compat.h>
14 #include <linux/kernel.h>
15 #include <linux/security.h>
16 #include <linux/syscalls.h>
17 #include <linux/buffer_head.h>
18 #include <linux/capability.h>
19 #include <linux/quotaops.h>
20 #include <linux/types.h>
21 #include <net/netlink.h>
22 #include <net/genetlink.h>
23
24 /* Check validity of generic quotactl commands */
25 static int generic_quotactl_valid(struct super_block *sb, int type, int cmd,
26                                   qid_t id)
27 {
28         if (type >= MAXQUOTAS)
29                 return -EINVAL;
30         if (!sb && cmd != Q_SYNC)
31                 return -ENODEV;
32         /* Is operation supported? */
33         if (sb && !sb->s_qcop)
34                 return -ENOSYS;
35
36         switch (cmd) {
37                 case Q_GETFMT:
38                         break;
39                 case Q_QUOTAON:
40                         if (!sb->s_qcop->quota_on)
41                                 return -ENOSYS;
42                         break;
43                 case Q_QUOTAOFF:
44                         if (!sb->s_qcop->quota_off)
45                                 return -ENOSYS;
46                         break;
47                 case Q_SETINFO:
48                         if (!sb->s_qcop->set_info)
49                                 return -ENOSYS;
50                         break;
51                 case Q_GETINFO:
52                         if (!sb->s_qcop->get_info)
53                                 return -ENOSYS;
54                         break;
55                 case Q_SETQUOTA:
56                         if (!sb->s_qcop->set_dqblk)
57                                 return -ENOSYS;
58                         break;
59                 case Q_GETQUOTA:
60                         if (!sb->s_qcop->get_dqblk)
61                                 return -ENOSYS;
62                         break;
63                 case Q_SYNC:
64                         if (sb && !sb->s_qcop->quota_sync)
65                                 return -ENOSYS;
66                         break;
67                 default:
68                         return -EINVAL;
69         }
70
71         /* Is quota turned on for commands which need it? */
72         switch (cmd) {
73                 case Q_GETFMT:
74                 case Q_GETINFO:
75                 case Q_SETINFO:
76                 case Q_SETQUOTA:
77                 case Q_GETQUOTA:
78                         /* This is just an informative test so we are satisfied
79                          * without the lock */
80                         if (!sb_has_quota_active(sb, type))
81                                 return -ESRCH;
82         }
83
84         /* Check privileges */
85         if (cmd == Q_GETQUOTA) {
86                 if (((type == USRQUOTA && current_euid() != id) ||
87                      (type == GRPQUOTA && !in_egroup_p(id))) &&
88                     !capable(CAP_SYS_ADMIN))
89                         return -EPERM;
90         }
91         else if (cmd != Q_GETFMT && cmd != Q_SYNC && cmd != Q_GETINFO)
92                 if (!capable(CAP_SYS_ADMIN))
93                         return -EPERM;
94
95         return 0;
96 }
97
98 /* Check validity of XFS Quota Manager commands */
99 static int xqm_quotactl_valid(struct super_block *sb, int type, int cmd,
100                               qid_t id)
101 {
102         if (type >= XQM_MAXQUOTAS)
103                 return -EINVAL;
104         if (!sb)
105                 return -ENODEV;
106         if (!sb->s_qcop)
107                 return -ENOSYS;
108
109         switch (cmd) {
110                 case Q_XQUOTAON:
111                 case Q_XQUOTAOFF:
112                 case Q_XQUOTARM:
113                         if (!sb->s_qcop->set_xstate)
114                                 return -ENOSYS;
115                         break;
116                 case Q_XGETQSTAT:
117                         if (!sb->s_qcop->get_xstate)
118                                 return -ENOSYS;
119                         break;
120                 case Q_XSETQLIM:
121                         if (!sb->s_qcop->set_xquota)
122                                 return -ENOSYS;
123                         break;
124                 case Q_XGETQUOTA:
125                         if (!sb->s_qcop->get_xquota)
126                                 return -ENOSYS;
127                         break;
128                 case Q_XQUOTASYNC:
129                         if (!sb->s_qcop->quota_sync)
130                                 return -ENOSYS;
131                         break;
132                 default:
133                         return -EINVAL;
134         }
135
136         /* Check privileges */
137         if (cmd == Q_XGETQUOTA) {
138                 if (((type == XQM_USRQUOTA && current_euid() != id) ||
139                      (type == XQM_GRPQUOTA && !in_egroup_p(id))) &&
140                      !capable(CAP_SYS_ADMIN))
141                         return -EPERM;
142         } else if (cmd != Q_XGETQSTAT && cmd != Q_XQUOTASYNC) {
143                 if (!capable(CAP_SYS_ADMIN))
144                         return -EPERM;
145         }
146
147         return 0;
148 }
149
150 static int check_quotactl_valid(struct super_block *sb, int type, int cmd,
151                                 qid_t id)
152 {
153         int error;
154
155         if (XQM_COMMAND(cmd))
156                 error = xqm_quotactl_valid(sb, type, cmd, id);
157         else
158                 error = generic_quotactl_valid(sb, type, cmd, id);
159         if (!error)
160                 error = security_quotactl(cmd, type, id, sb);
161         return error;
162 }
163
164 #ifdef CONFIG_QUOTA
165 void sync_quota_sb(struct super_block *sb, int type)
166 {
167         int cnt;
168
169         if (!sb->s_qcop->quota_sync)
170                 return;
171
172         sb->s_qcop->quota_sync(sb, type);
173
174         if (sb_dqopt(sb)->flags & DQUOT_QUOTA_SYS_FILE)
175                 return;
176         /* This is not very clever (and fast) but currently I don't know about
177          * any other simple way of getting quota data to disk and we must get
178          * them there for userspace to be visible... */
179         if (sb->s_op->sync_fs)
180                 sb->s_op->sync_fs(sb, 1);
181         sync_blockdev(sb->s_bdev);
182
183         /*
184          * Now when everything is written we can discard the pagecache so
185          * that userspace sees the changes.
186          */
187         mutex_lock(&sb_dqopt(sb)->dqonoff_mutex);
188         for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
189                 if (type != -1 && cnt != type)
190                         continue;
191                 if (!sb_has_quota_active(sb, cnt))
192                         continue;
193                 mutex_lock_nested(&sb_dqopt(sb)->files[cnt]->i_mutex,
194                                   I_MUTEX_QUOTA);
195                 truncate_inode_pages(&sb_dqopt(sb)->files[cnt]->i_data, 0);
196                 mutex_unlock(&sb_dqopt(sb)->files[cnt]->i_mutex);
197         }
198         mutex_unlock(&sb_dqopt(sb)->dqonoff_mutex);
199 }
200 #endif
201
202 static void sync_dquots(int type)
203 {
204         struct super_block *sb;
205         int cnt;
206
207         spin_lock(&sb_lock);
208 restart:
209         list_for_each_entry(sb, &super_blocks, s_list) {
210                 /* This test just improves performance so it needn't be
211                  * reliable... */
212                 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
213                         if (type != -1 && type != cnt)
214                                 continue;
215                         if (!sb_has_quota_active(sb, cnt))
216                                 continue;
217                         if (!info_dirty(&sb_dqopt(sb)->info[cnt]) &&
218                            list_empty(&sb_dqopt(sb)->info[cnt].dqi_dirty_list))
219                                 continue;
220                         break;
221                 }
222                 if (cnt == MAXQUOTAS)
223                         continue;
224                 sb->s_count++;
225                 spin_unlock(&sb_lock);
226                 down_read(&sb->s_umount);
227                 if (sb->s_root)
228                         sync_quota_sb(sb, type);
229                 up_read(&sb->s_umount);
230                 spin_lock(&sb_lock);
231                 if (__put_super_and_need_restart(sb))
232                         goto restart;
233         }
234         spin_unlock(&sb_lock);
235 }
236
237 /* Copy parameters and call proper function */
238 static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id,
239                        void __user *addr)
240 {
241         int ret;
242
243         switch (cmd) {
244                 case Q_QUOTAON: {
245                         char *pathname;
246
247                         pathname = getname(addr);
248                         if (IS_ERR(pathname))
249                                 return PTR_ERR(pathname);
250                         ret = sb->s_qcop->quota_on(sb, type, id, pathname, 0);
251                         putname(pathname);
252                         return ret;
253                 }
254                 case Q_QUOTAOFF:
255                         return sb->s_qcop->quota_off(sb, type, 0);
256
257                 case Q_GETFMT: {
258                         __u32 fmt;
259
260                         down_read(&sb_dqopt(sb)->dqptr_sem);
261                         if (!sb_has_quota_active(sb, type)) {
262                                 up_read(&sb_dqopt(sb)->dqptr_sem);
263                                 return -ESRCH;
264                         }
265                         fmt = sb_dqopt(sb)->info[type].dqi_format->qf_fmt_id;
266                         up_read(&sb_dqopt(sb)->dqptr_sem);
267                         if (copy_to_user(addr, &fmt, sizeof(fmt)))
268                                 return -EFAULT;
269                         return 0;
270                 }
271                 case Q_GETINFO: {
272                         struct if_dqinfo info;
273
274                         ret = sb->s_qcop->get_info(sb, type, &info);
275                         if (ret)
276                                 return ret;
277                         if (copy_to_user(addr, &info, sizeof(info)))
278                                 return -EFAULT;
279                         return 0;
280                 }
281                 case Q_SETINFO: {
282                         struct if_dqinfo info;
283
284                         if (copy_from_user(&info, addr, sizeof(info)))
285                                 return -EFAULT;
286                         return sb->s_qcop->set_info(sb, type, &info);
287                 }
288                 case Q_GETQUOTA: {
289                         struct if_dqblk idq;
290
291                         ret = sb->s_qcop->get_dqblk(sb, type, id, &idq);
292                         if (ret)
293                                 return ret;
294                         if (copy_to_user(addr, &idq, sizeof(idq)))
295                                 return -EFAULT;
296                         return 0;
297                 }
298                 case Q_SETQUOTA: {
299                         struct if_dqblk idq;
300
301                         if (copy_from_user(&idq, addr, sizeof(idq)))
302                                 return -EFAULT;
303                         return sb->s_qcop->set_dqblk(sb, type, id, &idq);
304                 }
305                 case Q_SYNC:
306                         if (sb)
307                                 sync_quota_sb(sb, type);
308                         else
309                                 sync_dquots(type);
310                         return 0;
311
312                 case Q_XQUOTAON:
313                 case Q_XQUOTAOFF:
314                 case Q_XQUOTARM: {
315                         __u32 flags;
316
317                         if (copy_from_user(&flags, addr, sizeof(flags)))
318                                 return -EFAULT;
319                         return sb->s_qcop->set_xstate(sb, flags, cmd);
320                 }
321                 case Q_XGETQSTAT: {
322                         struct fs_quota_stat fqs;
323                 
324                         if ((ret = sb->s_qcop->get_xstate(sb, &fqs)))
325                                 return ret;
326                         if (copy_to_user(addr, &fqs, sizeof(fqs)))
327                                 return -EFAULT;
328                         return 0;
329                 }
330                 case Q_XSETQLIM: {
331                         struct fs_disk_quota fdq;
332
333                         if (copy_from_user(&fdq, addr, sizeof(fdq)))
334                                 return -EFAULT;
335                        return sb->s_qcop->set_xquota(sb, type, id, &fdq);
336                 }
337                 case Q_XGETQUOTA: {
338                         struct fs_disk_quota fdq;
339
340                         ret = sb->s_qcop->get_xquota(sb, type, id, &fdq);
341                         if (ret)
342                                 return ret;
343                         if (copy_to_user(addr, &fdq, sizeof(fdq)))
344                                 return -EFAULT;
345                         return 0;
346                 }
347                 case Q_XQUOTASYNC:
348                         return sb->s_qcop->quota_sync(sb, type);
349                 /* We never reach here unless validity check is broken */
350                 default:
351                         BUG();
352         }
353         return 0;
354 }
355
356 /*
357  * look up a superblock on which quota ops will be performed
358  * - use the name of a block device to find the superblock thereon
359  */
360 static struct super_block *quotactl_block(const char __user *special)
361 {
362 #ifdef CONFIG_BLOCK
363         struct block_device *bdev;
364         struct super_block *sb;
365         char *tmp = getname(special);
366
367         if (IS_ERR(tmp))
368                 return ERR_CAST(tmp);
369         bdev = lookup_bdev(tmp);
370         putname(tmp);
371         if (IS_ERR(bdev))
372                 return ERR_CAST(bdev);
373         sb = get_super(bdev);
374         bdput(bdev);
375         if (!sb)
376                 return ERR_PTR(-ENODEV);
377
378         return sb;
379 #else
380         return ERR_PTR(-ENODEV);
381 #endif
382 }
383
384 /*
385  * This is the system call interface. This communicates with
386  * the user-level programs. Currently this only supports diskquota
387  * calls. Maybe we need to add the process quotas etc. in the future,
388  * but we probably should use rlimits for that.
389  */
390 SYSCALL_DEFINE4(quotactl, unsigned int, cmd, const char __user *, special,
391                 qid_t, id, void __user *, addr)
392 {
393         uint cmds, type;
394         struct super_block *sb = NULL;
395         int ret;
396
397         cmds = cmd >> SUBCMDSHIFT;
398         type = cmd & SUBCMDMASK;
399
400         if (cmds != Q_SYNC || special) {
401                 sb = quotactl_block(special);
402                 if (IS_ERR(sb))
403                         return PTR_ERR(sb);
404         }
405
406         ret = check_quotactl_valid(sb, type, cmds, id);
407         if (ret >= 0)
408                 ret = do_quotactl(sb, type, cmds, id, addr);
409         if (sb)
410                 drop_super(sb);
411
412         return ret;
413 }
414
415 #if defined(CONFIG_COMPAT_FOR_U64_ALIGNMENT)
416 /*
417  * This code works only for 32 bit quota tools over 64 bit OS (x86_64, ia64)
418  * and is necessary due to alignment problems.
419  */
420 struct compat_if_dqblk {
421         compat_u64 dqb_bhardlimit;
422         compat_u64 dqb_bsoftlimit;
423         compat_u64 dqb_curspace;
424         compat_u64 dqb_ihardlimit;
425         compat_u64 dqb_isoftlimit;
426         compat_u64 dqb_curinodes;
427         compat_u64 dqb_btime;
428         compat_u64 dqb_itime;
429         compat_uint_t dqb_valid;
430 };
431
432 /* XFS structures */
433 struct compat_fs_qfilestat {
434         compat_u64 dqb_bhardlimit;
435         compat_u64 qfs_nblks;
436         compat_uint_t qfs_nextents;
437 };
438
439 struct compat_fs_quota_stat {
440         __s8            qs_version;
441         __u16           qs_flags;
442         __s8            qs_pad;
443         struct compat_fs_qfilestat      qs_uquota;
444         struct compat_fs_qfilestat      qs_gquota;
445         compat_uint_t   qs_incoredqs;
446         compat_int_t    qs_btimelimit;
447         compat_int_t    qs_itimelimit;
448         compat_int_t    qs_rtbtimelimit;
449         __u16           qs_bwarnlimit;
450         __u16           qs_iwarnlimit;
451 };
452
453 asmlinkage long sys32_quotactl(unsigned int cmd, const char __user *special,
454                                                 qid_t id, void __user *addr)
455 {
456         unsigned int cmds;
457         struct if_dqblk __user *dqblk;
458         struct compat_if_dqblk __user *compat_dqblk;
459         struct fs_quota_stat __user *fsqstat;
460         struct compat_fs_quota_stat __user *compat_fsqstat;
461         compat_uint_t data;
462         u16 xdata;
463         long ret;
464
465         cmds = cmd >> SUBCMDSHIFT;
466
467         switch (cmds) {
468         case Q_GETQUOTA:
469                 dqblk = compat_alloc_user_space(sizeof(struct if_dqblk));
470                 compat_dqblk = addr;
471                 ret = sys_quotactl(cmd, special, id, dqblk);
472                 if (ret)
473                         break;
474                 if (copy_in_user(compat_dqblk, dqblk, sizeof(*compat_dqblk)) ||
475                         get_user(data, &dqblk->dqb_valid) ||
476                         put_user(data, &compat_dqblk->dqb_valid))
477                         ret = -EFAULT;
478                 break;
479         case Q_SETQUOTA:
480                 dqblk = compat_alloc_user_space(sizeof(struct if_dqblk));
481                 compat_dqblk = addr;
482                 ret = -EFAULT;
483                 if (copy_in_user(dqblk, compat_dqblk, sizeof(*compat_dqblk)) ||
484                         get_user(data, &compat_dqblk->dqb_valid) ||
485                         put_user(data, &dqblk->dqb_valid))
486                         break;
487                 ret = sys_quotactl(cmd, special, id, dqblk);
488                 break;
489         case Q_XGETQSTAT:
490                 fsqstat = compat_alloc_user_space(sizeof(struct fs_quota_stat));
491                 compat_fsqstat = addr;
492                 ret = sys_quotactl(cmd, special, id, fsqstat);
493                 if (ret)
494                         break;
495                 ret = -EFAULT;
496                 /* Copying qs_version, qs_flags, qs_pad */
497                 if (copy_in_user(compat_fsqstat, fsqstat,
498                         offsetof(struct compat_fs_quota_stat, qs_uquota)))
499                         break;
500                 /* Copying qs_uquota */
501                 if (copy_in_user(&compat_fsqstat->qs_uquota,
502                         &fsqstat->qs_uquota,
503                         sizeof(compat_fsqstat->qs_uquota)) ||
504                         get_user(data, &fsqstat->qs_uquota.qfs_nextents) ||
505                         put_user(data, &compat_fsqstat->qs_uquota.qfs_nextents))
506                         break;
507                 /* Copying qs_gquota */
508                 if (copy_in_user(&compat_fsqstat->qs_gquota,
509                         &fsqstat->qs_gquota,
510                         sizeof(compat_fsqstat->qs_gquota)) ||
511                         get_user(data, &fsqstat->qs_gquota.qfs_nextents) ||
512                         put_user(data, &compat_fsqstat->qs_gquota.qfs_nextents))
513                         break;
514                 /* Copying the rest */
515                 if (copy_in_user(&compat_fsqstat->qs_incoredqs,
516                         &fsqstat->qs_incoredqs,
517                         sizeof(struct compat_fs_quota_stat) -
518                         offsetof(struct compat_fs_quota_stat, qs_incoredqs)) ||
519                         get_user(xdata, &fsqstat->qs_iwarnlimit) ||
520                         put_user(xdata, &compat_fsqstat->qs_iwarnlimit))
521                         break;
522                 ret = 0;
523                 break;
524         default:
525                 ret = sys_quotactl(cmd, special, id, addr);
526         }
527         return ret;
528 }
529 #endif
530
531
532 #ifdef CONFIG_QUOTA_NETLINK_INTERFACE
533
534 /* Netlink family structure for quota */
535 static struct genl_family quota_genl_family = {
536         .id = GENL_ID_GENERATE,
537         .hdrsize = 0,
538         .name = "VFS_DQUOT",
539         .version = 1,
540         .maxattr = QUOTA_NL_A_MAX,
541 };
542
543 /**
544  * quota_send_warning - Send warning to userspace about exceeded quota
545  * @type: The quota type: USRQQUOTA, GRPQUOTA,...
546  * @id: The user or group id of the quota that was exceeded
547  * @dev: The device on which the fs is mounted (sb->s_dev)
548  * @warntype: The type of the warning: QUOTA_NL_...
549  *
550  * This can be used by filesystems (including those which don't use
551  * dquot) to send a message to userspace relating to quota limits.
552  *
553  */
554
555 void quota_send_warning(short type, unsigned int id, dev_t dev,
556                         const char warntype)
557 {
558         static atomic_t seq;
559         struct sk_buff *skb;
560         void *msg_head;
561         int ret;
562         int msg_size = 4 * nla_total_size(sizeof(u32)) +
563                        2 * nla_total_size(sizeof(u64));
564
565         /* We have to allocate using GFP_NOFS as we are called from a
566          * filesystem performing write and thus further recursion into
567          * the fs to free some data could cause deadlocks. */
568         skb = genlmsg_new(msg_size, GFP_NOFS);
569         if (!skb) {
570                 printk(KERN_ERR
571                   "VFS: Not enough memory to send quota warning.\n");
572                 return;
573         }
574         msg_head = genlmsg_put(skb, 0, atomic_add_return(1, &seq),
575                         &quota_genl_family, 0, QUOTA_NL_C_WARNING);
576         if (!msg_head) {
577                 printk(KERN_ERR
578                   "VFS: Cannot store netlink header in quota warning.\n");
579                 goto err_out;
580         }
581         ret = nla_put_u32(skb, QUOTA_NL_A_QTYPE, type);
582         if (ret)
583                 goto attr_err_out;
584         ret = nla_put_u64(skb, QUOTA_NL_A_EXCESS_ID, id);
585         if (ret)
586                 goto attr_err_out;
587         ret = nla_put_u32(skb, QUOTA_NL_A_WARNING, warntype);
588         if (ret)
589                 goto attr_err_out;
590         ret = nla_put_u32(skb, QUOTA_NL_A_DEV_MAJOR, MAJOR(dev));
591         if (ret)
592                 goto attr_err_out;
593         ret = nla_put_u32(skb, QUOTA_NL_A_DEV_MINOR, MINOR(dev));
594         if (ret)
595                 goto attr_err_out;
596         ret = nla_put_u64(skb, QUOTA_NL_A_CAUSED_ID, current_uid());
597         if (ret)
598                 goto attr_err_out;
599         genlmsg_end(skb, msg_head);
600
601         genlmsg_multicast(skb, 0, quota_genl_family.id, GFP_NOFS);
602         return;
603 attr_err_out:
604         printk(KERN_ERR "VFS: Not enough space to compose quota message!\n");
605 err_out:
606         kfree_skb(skb);
607 }
608 EXPORT_SYMBOL(quota_send_warning);
609
610 static int __init quota_init(void)
611 {
612         if (genl_register_family(&quota_genl_family) != 0)
613                 printk(KERN_ERR
614                        "VFS: Failed to create quota netlink interface.\n");
615         return 0;
616 };
617
618 module_init(quota_init);
619 #endif
620