1 /* 2 * Quota code necessary even when VFS quota support is not compiled 3 * into the kernel. The interesting stuff is over in dquot.c, here 4 * we have symbols for initial quotactl(2) handling, the sysctl(2) 5 * variables, etc - things needed even when quota support disabled. 6 */ 7 8 #include <linux/fs.h> 9 #include <linux/namei.h> 10 #include <linux/slab.h> 11 #include <asm/current.h> 12 #include <asm/uaccess.h> 13 #include <linux/compat.h> 14 #include <linux/kernel.h> 15 #include <linux/security.h> 16 #include <linux/syscalls.h> 17 #include <linux/buffer_head.h> 18 #include <linux/capability.h> 19 #include <linux/quotaops.h> 20 #include <linux/types.h> 21 #include <net/netlink.h> 22 #include <net/genetlink.h> 23 24 /* Check validity of generic quotactl commands */ 25 static int generic_quotactl_valid(struct super_block *sb, int type, int cmd, 26 qid_t id) 27 { 28 if (type >= MAXQUOTAS) 29 return -EINVAL; 30 if (!sb && cmd != Q_SYNC) 31 return -ENODEV; 32 /* Is operation supported? */ 33 if (sb && !sb->s_qcop) 34 return -ENOSYS; 35 36 switch (cmd) { 37 case Q_GETFMT: 38 break; 39 case Q_QUOTAON: 40 if (!sb->s_qcop->quota_on) 41 return -ENOSYS; 42 break; 43 case Q_QUOTAOFF: 44 if (!sb->s_qcop->quota_off) 45 return -ENOSYS; 46 break; 47 case Q_SETINFO: 48 if (!sb->s_qcop->set_info) 49 return -ENOSYS; 50 break; 51 case Q_GETINFO: 52 if (!sb->s_qcop->get_info) 53 return -ENOSYS; 54 break; 55 case Q_SETQUOTA: 56 if (!sb->s_qcop->set_dqblk) 57 return -ENOSYS; 58 break; 59 case Q_GETQUOTA: 60 if (!sb->s_qcop->get_dqblk) 61 return -ENOSYS; 62 break; 63 case Q_SYNC: 64 if (sb && !sb->s_qcop->quota_sync) 65 return -ENOSYS; 66 break; 67 default: 68 return -EINVAL; 69 } 70 71 /* Is quota turned on for commands which need it? */ 72 switch (cmd) { 73 case Q_GETFMT: 74 case Q_GETINFO: 75 case Q_SETINFO: 76 case Q_SETQUOTA: 77 case Q_GETQUOTA: 78 /* This is just an informative test so we are satisfied 79 * without the lock */ 80 if (!sb_has_quota_active(sb, type)) 81 return -ESRCH; 82 } 83 84 /* Check privileges */ 85 if (cmd == Q_GETQUOTA) { 86 if (((type == USRQUOTA && current_euid() != id) || 87 (type == GRPQUOTA && !in_egroup_p(id))) && 88 !capable(CAP_SYS_ADMIN)) 89 return -EPERM; 90 } 91 else if (cmd != Q_GETFMT && cmd != Q_SYNC && cmd != Q_GETINFO) 92 if (!capable(CAP_SYS_ADMIN)) 93 return -EPERM; 94 95 return 0; 96 } 97 98 /* Check validity of XFS Quota Manager commands */ 99 static int xqm_quotactl_valid(struct super_block *sb, int type, int cmd, 100 qid_t id) 101 { 102 if (type >= XQM_MAXQUOTAS) 103 return -EINVAL; 104 if (!sb) 105 return -ENODEV; 106 if (!sb->s_qcop) 107 return -ENOSYS; 108 109 switch (cmd) { 110 case Q_XQUOTAON: 111 case Q_XQUOTAOFF: 112 case Q_XQUOTARM: 113 if (!sb->s_qcop->set_xstate) 114 return -ENOSYS; 115 break; 116 case Q_XGETQSTAT: 117 if (!sb->s_qcop->get_xstate) 118 return -ENOSYS; 119 break; 120 case Q_XSETQLIM: 121 if (!sb->s_qcop->set_xquota) 122 return -ENOSYS; 123 break; 124 case Q_XGETQUOTA: 125 if (!sb->s_qcop->get_xquota) 126 return -ENOSYS; 127 break; 128 case Q_XQUOTASYNC: 129 if (!sb->s_qcop->quota_sync) 130 return -ENOSYS; 131 break; 132 default: 133 return -EINVAL; 134 } 135 136 /* Check privileges */ 137 if (cmd == Q_XGETQUOTA) { 138 if (((type == XQM_USRQUOTA && current_euid() != id) || 139 (type == XQM_GRPQUOTA && !in_egroup_p(id))) && 140 !capable(CAP_SYS_ADMIN)) 141 return -EPERM; 142 } else if (cmd != Q_XGETQSTAT && cmd != Q_XQUOTASYNC) { 143 if (!capable(CAP_SYS_ADMIN)) 144 return -EPERM; 145 } 146 147 return 0; 148 } 149 150 static int check_quotactl_valid(struct super_block *sb, int type, int cmd, 151 qid_t id) 152 { 153 int error; 154 155 if (XQM_COMMAND(cmd)) 156 error = xqm_quotactl_valid(sb, type, cmd, id); 157 else 158 error = generic_quotactl_valid(sb, type, cmd, id); 159 if (!error) 160 error = security_quotactl(cmd, type, id, sb); 161 return error; 162 } 163 164 #ifdef CONFIG_QUOTA 165 void sync_quota_sb(struct super_block *sb, int type) 166 { 167 int cnt; 168 169 if (!sb->s_qcop->quota_sync) 170 return; 171 172 sb->s_qcop->quota_sync(sb, type); 173 174 if (sb_dqopt(sb)->flags & DQUOT_QUOTA_SYS_FILE) 175 return; 176 /* This is not very clever (and fast) but currently I don't know about 177 * any other simple way of getting quota data to disk and we must get 178 * them there for userspace to be visible... */ 179 if (sb->s_op->sync_fs) 180 sb->s_op->sync_fs(sb, 1); 181 sync_blockdev(sb->s_bdev); 182 183 /* 184 * Now when everything is written we can discard the pagecache so 185 * that userspace sees the changes. 186 */ 187 mutex_lock(&sb_dqopt(sb)->dqonoff_mutex); 188 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 189 if (type != -1 && cnt != type) 190 continue; 191 if (!sb_has_quota_active(sb, cnt)) 192 continue; 193 mutex_lock_nested(&sb_dqopt(sb)->files[cnt]->i_mutex, 194 I_MUTEX_QUOTA); 195 truncate_inode_pages(&sb_dqopt(sb)->files[cnt]->i_data, 0); 196 mutex_unlock(&sb_dqopt(sb)->files[cnt]->i_mutex); 197 } 198 mutex_unlock(&sb_dqopt(sb)->dqonoff_mutex); 199 } 200 #endif 201 202 static void sync_dquots(int type) 203 { 204 struct super_block *sb; 205 int cnt; 206 207 spin_lock(&sb_lock); 208 restart: 209 list_for_each_entry(sb, &super_blocks, s_list) { 210 /* This test just improves performance so it needn't be 211 * reliable... */ 212 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 213 if (type != -1 && type != cnt) 214 continue; 215 if (!sb_has_quota_active(sb, cnt)) 216 continue; 217 if (!info_dirty(&sb_dqopt(sb)->info[cnt]) && 218 list_empty(&sb_dqopt(sb)->info[cnt].dqi_dirty_list)) 219 continue; 220 break; 221 } 222 if (cnt == MAXQUOTAS) 223 continue; 224 sb->s_count++; 225 spin_unlock(&sb_lock); 226 down_read(&sb->s_umount); 227 if (sb->s_root) 228 sync_quota_sb(sb, type); 229 up_read(&sb->s_umount); 230 spin_lock(&sb_lock); 231 if (__put_super_and_need_restart(sb)) 232 goto restart; 233 } 234 spin_unlock(&sb_lock); 235 } 236 237 /* Copy parameters and call proper function */ 238 static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id, 239 void __user *addr) 240 { 241 int ret; 242 243 switch (cmd) { 244 case Q_QUOTAON: { 245 char *pathname; 246 247 pathname = getname(addr); 248 if (IS_ERR(pathname)) 249 return PTR_ERR(pathname); 250 ret = sb->s_qcop->quota_on(sb, type, id, pathname, 0); 251 putname(pathname); 252 return ret; 253 } 254 case Q_QUOTAOFF: 255 return sb->s_qcop->quota_off(sb, type, 0); 256 257 case Q_GETFMT: { 258 __u32 fmt; 259 260 down_read(&sb_dqopt(sb)->dqptr_sem); 261 if (!sb_has_quota_active(sb, type)) { 262 up_read(&sb_dqopt(sb)->dqptr_sem); 263 return -ESRCH; 264 } 265 fmt = sb_dqopt(sb)->info[type].dqi_format->qf_fmt_id; 266 up_read(&sb_dqopt(sb)->dqptr_sem); 267 if (copy_to_user(addr, &fmt, sizeof(fmt))) 268 return -EFAULT; 269 return 0; 270 } 271 case Q_GETINFO: { 272 struct if_dqinfo info; 273 274 ret = sb->s_qcop->get_info(sb, type, &info); 275 if (ret) 276 return ret; 277 if (copy_to_user(addr, &info, sizeof(info))) 278 return -EFAULT; 279 return 0; 280 } 281 case Q_SETINFO: { 282 struct if_dqinfo info; 283 284 if (copy_from_user(&info, addr, sizeof(info))) 285 return -EFAULT; 286 return sb->s_qcop->set_info(sb, type, &info); 287 } 288 case Q_GETQUOTA: { 289 struct if_dqblk idq; 290 291 ret = sb->s_qcop->get_dqblk(sb, type, id, &idq); 292 if (ret) 293 return ret; 294 if (copy_to_user(addr, &idq, sizeof(idq))) 295 return -EFAULT; 296 return 0; 297 } 298 case Q_SETQUOTA: { 299 struct if_dqblk idq; 300 301 if (copy_from_user(&idq, addr, sizeof(idq))) 302 return -EFAULT; 303 return sb->s_qcop->set_dqblk(sb, type, id, &idq); 304 } 305 case Q_SYNC: 306 if (sb) 307 sync_quota_sb(sb, type); 308 else 309 sync_dquots(type); 310 return 0; 311 312 case Q_XQUOTAON: 313 case Q_XQUOTAOFF: 314 case Q_XQUOTARM: { 315 __u32 flags; 316 317 if (copy_from_user(&flags, addr, sizeof(flags))) 318 return -EFAULT; 319 return sb->s_qcop->set_xstate(sb, flags, cmd); 320 } 321 case Q_XGETQSTAT: { 322 struct fs_quota_stat fqs; 323 324 if ((ret = sb->s_qcop->get_xstate(sb, &fqs))) 325 return ret; 326 if (copy_to_user(addr, &fqs, sizeof(fqs))) 327 return -EFAULT; 328 return 0; 329 } 330 case Q_XSETQLIM: { 331 struct fs_disk_quota fdq; 332 333 if (copy_from_user(&fdq, addr, sizeof(fdq))) 334 return -EFAULT; 335 return sb->s_qcop->set_xquota(sb, type, id, &fdq); 336 } 337 case Q_XGETQUOTA: { 338 struct fs_disk_quota fdq; 339 340 ret = sb->s_qcop->get_xquota(sb, type, id, &fdq); 341 if (ret) 342 return ret; 343 if (copy_to_user(addr, &fdq, sizeof(fdq))) 344 return -EFAULT; 345 return 0; 346 } 347 case Q_XQUOTASYNC: 348 return sb->s_qcop->quota_sync(sb, type); 349 /* We never reach here unless validity check is broken */ 350 default: 351 BUG(); 352 } 353 return 0; 354 } 355 356 /* 357 * look up a superblock on which quota ops will be performed 358 * - use the name of a block device to find the superblock thereon 359 */ 360 static struct super_block *quotactl_block(const char __user *special) 361 { 362 #ifdef CONFIG_BLOCK 363 struct block_device *bdev; 364 struct super_block *sb; 365 char *tmp = getname(special); 366 367 if (IS_ERR(tmp)) 368 return ERR_CAST(tmp); 369 bdev = lookup_bdev(tmp); 370 putname(tmp); 371 if (IS_ERR(bdev)) 372 return ERR_CAST(bdev); 373 sb = get_super(bdev); 374 bdput(bdev); 375 if (!sb) 376 return ERR_PTR(-ENODEV); 377 378 return sb; 379 #else 380 return ERR_PTR(-ENODEV); 381 #endif 382 } 383 384 /* 385 * This is the system call interface. This communicates with 386 * the user-level programs. Currently this only supports diskquota 387 * calls. Maybe we need to add the process quotas etc. in the future, 388 * but we probably should use rlimits for that. 389 */ 390 SYSCALL_DEFINE4(quotactl, unsigned int, cmd, const char __user *, special, 391 qid_t, id, void __user *, addr) 392 { 393 uint cmds, type; 394 struct super_block *sb = NULL; 395 int ret; 396 397 cmds = cmd >> SUBCMDSHIFT; 398 type = cmd & SUBCMDMASK; 399 400 if (cmds != Q_SYNC || special) { 401 sb = quotactl_block(special); 402 if (IS_ERR(sb)) 403 return PTR_ERR(sb); 404 } 405 406 ret = check_quotactl_valid(sb, type, cmds, id); 407 if (ret >= 0) 408 ret = do_quotactl(sb, type, cmds, id, addr); 409 if (sb) 410 drop_super(sb); 411 412 return ret; 413 } 414 415 #if defined(CONFIG_COMPAT_FOR_U64_ALIGNMENT) 416 /* 417 * This code works only for 32 bit quota tools over 64 bit OS (x86_64, ia64) 418 * and is necessary due to alignment problems. 419 */ 420 struct compat_if_dqblk { 421 compat_u64 dqb_bhardlimit; 422 compat_u64 dqb_bsoftlimit; 423 compat_u64 dqb_curspace; 424 compat_u64 dqb_ihardlimit; 425 compat_u64 dqb_isoftlimit; 426 compat_u64 dqb_curinodes; 427 compat_u64 dqb_btime; 428 compat_u64 dqb_itime; 429 compat_uint_t dqb_valid; 430 }; 431 432 /* XFS structures */ 433 struct compat_fs_qfilestat { 434 compat_u64 dqb_bhardlimit; 435 compat_u64 qfs_nblks; 436 compat_uint_t qfs_nextents; 437 }; 438 439 struct compat_fs_quota_stat { 440 __s8 qs_version; 441 __u16 qs_flags; 442 __s8 qs_pad; 443 struct compat_fs_qfilestat qs_uquota; 444 struct compat_fs_qfilestat qs_gquota; 445 compat_uint_t qs_incoredqs; 446 compat_int_t qs_btimelimit; 447 compat_int_t qs_itimelimit; 448 compat_int_t qs_rtbtimelimit; 449 __u16 qs_bwarnlimit; 450 __u16 qs_iwarnlimit; 451 }; 452 453 asmlinkage long sys32_quotactl(unsigned int cmd, const char __user *special, 454 qid_t id, void __user *addr) 455 { 456 unsigned int cmds; 457 struct if_dqblk __user *dqblk; 458 struct compat_if_dqblk __user *compat_dqblk; 459 struct fs_quota_stat __user *fsqstat; 460 struct compat_fs_quota_stat __user *compat_fsqstat; 461 compat_uint_t data; 462 u16 xdata; 463 long ret; 464 465 cmds = cmd >> SUBCMDSHIFT; 466 467 switch (cmds) { 468 case Q_GETQUOTA: 469 dqblk = compat_alloc_user_space(sizeof(struct if_dqblk)); 470 compat_dqblk = addr; 471 ret = sys_quotactl(cmd, special, id, dqblk); 472 if (ret) 473 break; 474 if (copy_in_user(compat_dqblk, dqblk, sizeof(*compat_dqblk)) || 475 get_user(data, &dqblk->dqb_valid) || 476 put_user(data, &compat_dqblk->dqb_valid)) 477 ret = -EFAULT; 478 break; 479 case Q_SETQUOTA: 480 dqblk = compat_alloc_user_space(sizeof(struct if_dqblk)); 481 compat_dqblk = addr; 482 ret = -EFAULT; 483 if (copy_in_user(dqblk, compat_dqblk, sizeof(*compat_dqblk)) || 484 get_user(data, &compat_dqblk->dqb_valid) || 485 put_user(data, &dqblk->dqb_valid)) 486 break; 487 ret = sys_quotactl(cmd, special, id, dqblk); 488 break; 489 case Q_XGETQSTAT: 490 fsqstat = compat_alloc_user_space(sizeof(struct fs_quota_stat)); 491 compat_fsqstat = addr; 492 ret = sys_quotactl(cmd, special, id, fsqstat); 493 if (ret) 494 break; 495 ret = -EFAULT; 496 /* Copying qs_version, qs_flags, qs_pad */ 497 if (copy_in_user(compat_fsqstat, fsqstat, 498 offsetof(struct compat_fs_quota_stat, qs_uquota))) 499 break; 500 /* Copying qs_uquota */ 501 if (copy_in_user(&compat_fsqstat->qs_uquota, 502 &fsqstat->qs_uquota, 503 sizeof(compat_fsqstat->qs_uquota)) || 504 get_user(data, &fsqstat->qs_uquota.qfs_nextents) || 505 put_user(data, &compat_fsqstat->qs_uquota.qfs_nextents)) 506 break; 507 /* Copying qs_gquota */ 508 if (copy_in_user(&compat_fsqstat->qs_gquota, 509 &fsqstat->qs_gquota, 510 sizeof(compat_fsqstat->qs_gquota)) || 511 get_user(data, &fsqstat->qs_gquota.qfs_nextents) || 512 put_user(data, &compat_fsqstat->qs_gquota.qfs_nextents)) 513 break; 514 /* Copying the rest */ 515 if (copy_in_user(&compat_fsqstat->qs_incoredqs, 516 &fsqstat->qs_incoredqs, 517 sizeof(struct compat_fs_quota_stat) - 518 offsetof(struct compat_fs_quota_stat, qs_incoredqs)) || 519 get_user(xdata, &fsqstat->qs_iwarnlimit) || 520 put_user(xdata, &compat_fsqstat->qs_iwarnlimit)) 521 break; 522 ret = 0; 523 break; 524 default: 525 ret = sys_quotactl(cmd, special, id, addr); 526 } 527 return ret; 528 } 529 #endif 530 531 532 #ifdef CONFIG_QUOTA_NETLINK_INTERFACE 533 534 /* Netlink family structure for quota */ 535 static struct genl_family quota_genl_family = { 536 .id = GENL_ID_GENERATE, 537 .hdrsize = 0, 538 .name = "VFS_DQUOT", 539 .version = 1, 540 .maxattr = QUOTA_NL_A_MAX, 541 }; 542 543 /** 544 * quota_send_warning - Send warning to userspace about exceeded quota 545 * @type: The quota type: USRQQUOTA, GRPQUOTA,... 546 * @id: The user or group id of the quota that was exceeded 547 * @dev: The device on which the fs is mounted (sb->s_dev) 548 * @warntype: The type of the warning: QUOTA_NL_... 549 * 550 * This can be used by filesystems (including those which don't use 551 * dquot) to send a message to userspace relating to quota limits. 552 * 553 */ 554 555 void quota_send_warning(short type, unsigned int id, dev_t dev, 556 const char warntype) 557 { 558 static atomic_t seq; 559 struct sk_buff *skb; 560 void *msg_head; 561 int ret; 562 int msg_size = 4 * nla_total_size(sizeof(u32)) + 563 2 * nla_total_size(sizeof(u64)); 564 565 /* We have to allocate using GFP_NOFS as we are called from a 566 * filesystem performing write and thus further recursion into 567 * the fs to free some data could cause deadlocks. */ 568 skb = genlmsg_new(msg_size, GFP_NOFS); 569 if (!skb) { 570 printk(KERN_ERR 571 "VFS: Not enough memory to send quota warning.\n"); 572 return; 573 } 574 msg_head = genlmsg_put(skb, 0, atomic_add_return(1, &seq), 575 "a_genl_family, 0, QUOTA_NL_C_WARNING); 576 if (!msg_head) { 577 printk(KERN_ERR 578 "VFS: Cannot store netlink header in quota warning.\n"); 579 goto err_out; 580 } 581 ret = nla_put_u32(skb, QUOTA_NL_A_QTYPE, type); 582 if (ret) 583 goto attr_err_out; 584 ret = nla_put_u64(skb, QUOTA_NL_A_EXCESS_ID, id); 585 if (ret) 586 goto attr_err_out; 587 ret = nla_put_u32(skb, QUOTA_NL_A_WARNING, warntype); 588 if (ret) 589 goto attr_err_out; 590 ret = nla_put_u32(skb, QUOTA_NL_A_DEV_MAJOR, MAJOR(dev)); 591 if (ret) 592 goto attr_err_out; 593 ret = nla_put_u32(skb, QUOTA_NL_A_DEV_MINOR, MINOR(dev)); 594 if (ret) 595 goto attr_err_out; 596 ret = nla_put_u64(skb, QUOTA_NL_A_CAUSED_ID, current_uid()); 597 if (ret) 598 goto attr_err_out; 599 genlmsg_end(skb, msg_head); 600 601 genlmsg_multicast(skb, 0, quota_genl_family.id, GFP_NOFS); 602 return; 603 attr_err_out: 604 printk(KERN_ERR "VFS: Not enough space to compose quota message!\n"); 605 err_out: 606 kfree_skb(skb); 607 } 608 EXPORT_SYMBOL(quota_send_warning); 609 610 static int __init quota_init(void) 611 { 612 if (genl_register_family("a_genl_family) != 0) 613 printk(KERN_ERR 614 "VFS: Failed to create quota netlink interface.\n"); 615 return 0; 616 }; 617 618 module_init(quota_init); 619 #endif 620 621