1 /* 2 * Quota code necessary even when VFS quota support is not compiled 3 * into the kernel. The interesting stuff is over in dquot.c, here 4 * we have symbols for initial quotactl(2) handling, the sysctl(2) 5 * variables, etc - things needed even when quota support disabled. 6 */ 7 8 #include <linux/fs.h> 9 #include <linux/namei.h> 10 #include <linux/slab.h> 11 #include <asm/current.h> 12 #include <linux/uaccess.h> 13 #include <linux/kernel.h> 14 #include <linux/security.h> 15 #include <linux/syscalls.h> 16 #include <linux/capability.h> 17 #include <linux/quotaops.h> 18 #include <linux/types.h> 19 #include <linux/writeback.h> 20 21 static int check_quotactl_permission(struct super_block *sb, int type, int cmd, 22 qid_t id) 23 { 24 switch (cmd) { 25 /* these commands do not require any special privilegues */ 26 case Q_GETFMT: 27 case Q_SYNC: 28 case Q_GETINFO: 29 case Q_XGETQSTAT: 30 case Q_XGETQSTATV: 31 case Q_XQUOTASYNC: 32 break; 33 /* allow to query information for dquots we "own" */ 34 case Q_GETQUOTA: 35 case Q_XGETQUOTA: 36 if ((type == USRQUOTA && uid_eq(current_euid(), make_kuid(current_user_ns(), id))) || 37 (type == GRPQUOTA && in_egroup_p(make_kgid(current_user_ns(), id)))) 38 break; 39 /*FALLTHROUGH*/ 40 default: 41 if (!capable(CAP_SYS_ADMIN)) 42 return -EPERM; 43 } 44 45 return security_quotactl(cmd, type, id, sb); 46 } 47 48 static void quota_sync_one(struct super_block *sb, void *arg) 49 { 50 int type = *(int *)arg; 51 52 if (sb->s_qcop && sb->s_qcop->quota_sync && 53 (sb->s_quota_types & (1 << type))) 54 sb->s_qcop->quota_sync(sb, type); 55 } 56 57 static int quota_sync_all(int type) 58 { 59 int ret; 60 61 if (type >= MAXQUOTAS) 62 return -EINVAL; 63 ret = security_quotactl(Q_SYNC, type, 0, NULL); 64 if (!ret) 65 iterate_supers(quota_sync_one, &type); 66 return ret; 67 } 68 69 static int quota_quotaon(struct super_block *sb, int type, int cmd, qid_t id, 70 struct path *path) 71 { 72 if (!sb->s_qcop->quota_on && !sb->s_qcop->quota_on_meta) 73 return -ENOSYS; 74 if (sb->s_qcop->quota_on_meta) 75 return sb->s_qcop->quota_on_meta(sb, type, id); 76 if (IS_ERR(path)) 77 return PTR_ERR(path); 78 return sb->s_qcop->quota_on(sb, type, id, path); 79 } 80 81 static int quota_getfmt(struct super_block *sb, int type, void __user *addr) 82 { 83 __u32 fmt; 84 85 mutex_lock(&sb_dqopt(sb)->dqonoff_mutex); 86 if (!sb_has_quota_active(sb, type)) { 87 mutex_unlock(&sb_dqopt(sb)->dqonoff_mutex); 88 return -ESRCH; 89 } 90 fmt = sb_dqopt(sb)->info[type].dqi_format->qf_fmt_id; 91 mutex_unlock(&sb_dqopt(sb)->dqonoff_mutex); 92 if (copy_to_user(addr, &fmt, sizeof(fmt))) 93 return -EFAULT; 94 return 0; 95 } 96 97 static int quota_getinfo(struct super_block *sb, int type, void __user *addr) 98 { 99 struct if_dqinfo info; 100 int ret; 101 102 if (!sb->s_qcop->get_info) 103 return -ENOSYS; 104 ret = sb->s_qcop->get_info(sb, type, &info); 105 if (!ret && copy_to_user(addr, &info, sizeof(info))) 106 return -EFAULT; 107 return ret; 108 } 109 110 static int quota_setinfo(struct super_block *sb, int type, void __user *addr) 111 { 112 struct if_dqinfo info; 113 114 if (copy_from_user(&info, addr, sizeof(info))) 115 return -EFAULT; 116 if (!sb->s_qcop->set_info) 117 return -ENOSYS; 118 return sb->s_qcop->set_info(sb, type, &info); 119 } 120 121 static inline qsize_t qbtos(qsize_t blocks) 122 { 123 return blocks << QIF_DQBLKSIZE_BITS; 124 } 125 126 static inline qsize_t stoqb(qsize_t space) 127 { 128 return (space + QIF_DQBLKSIZE - 1) >> QIF_DQBLKSIZE_BITS; 129 } 130 131 static void copy_to_if_dqblk(struct if_dqblk *dst, struct qc_dqblk *src) 132 { 133 memset(dst, 0, sizeof(*dst)); 134 dst->dqb_bhardlimit = stoqb(src->d_spc_hardlimit); 135 dst->dqb_bsoftlimit = stoqb(src->d_spc_softlimit); 136 dst->dqb_curspace = src->d_space; 137 dst->dqb_ihardlimit = src->d_ino_hardlimit; 138 dst->dqb_isoftlimit = src->d_ino_softlimit; 139 dst->dqb_curinodes = src->d_ino_count; 140 dst->dqb_btime = src->d_spc_timer; 141 dst->dqb_itime = src->d_ino_timer; 142 dst->dqb_valid = QIF_ALL; 143 } 144 145 static int quota_getquota(struct super_block *sb, int type, qid_t id, 146 void __user *addr) 147 { 148 struct kqid qid; 149 struct qc_dqblk fdq; 150 struct if_dqblk idq; 151 int ret; 152 153 if (!sb->s_qcop->get_dqblk) 154 return -ENOSYS; 155 qid = make_kqid(current_user_ns(), type, id); 156 if (!qid_valid(qid)) 157 return -EINVAL; 158 ret = sb->s_qcop->get_dqblk(sb, qid, &fdq); 159 if (ret) 160 return ret; 161 copy_to_if_dqblk(&idq, &fdq); 162 if (copy_to_user(addr, &idq, sizeof(idq))) 163 return -EFAULT; 164 return 0; 165 } 166 167 static void copy_from_if_dqblk(struct qc_dqblk *dst, struct if_dqblk *src) 168 { 169 dst->d_spc_hardlimit = qbtos(src->dqb_bhardlimit); 170 dst->d_spc_softlimit = qbtos(src->dqb_bsoftlimit); 171 dst->d_space = src->dqb_curspace; 172 dst->d_ino_hardlimit = src->dqb_ihardlimit; 173 dst->d_ino_softlimit = src->dqb_isoftlimit; 174 dst->d_ino_count = src->dqb_curinodes; 175 dst->d_spc_timer = src->dqb_btime; 176 dst->d_ino_timer = src->dqb_itime; 177 178 dst->d_fieldmask = 0; 179 if (src->dqb_valid & QIF_BLIMITS) 180 dst->d_fieldmask |= QC_SPC_SOFT | QC_SPC_HARD; 181 if (src->dqb_valid & QIF_SPACE) 182 dst->d_fieldmask |= QC_SPACE; 183 if (src->dqb_valid & QIF_ILIMITS) 184 dst->d_fieldmask |= QC_INO_SOFT | QC_INO_HARD; 185 if (src->dqb_valid & QIF_INODES) 186 dst->d_fieldmask |= QC_INO_COUNT; 187 if (src->dqb_valid & QIF_BTIME) 188 dst->d_fieldmask |= QC_SPC_TIMER; 189 if (src->dqb_valid & QIF_ITIME) 190 dst->d_fieldmask |= QC_INO_TIMER; 191 } 192 193 static int quota_setquota(struct super_block *sb, int type, qid_t id, 194 void __user *addr) 195 { 196 struct qc_dqblk fdq; 197 struct if_dqblk idq; 198 struct kqid qid; 199 200 if (copy_from_user(&idq, addr, sizeof(idq))) 201 return -EFAULT; 202 if (!sb->s_qcop->set_dqblk) 203 return -ENOSYS; 204 qid = make_kqid(current_user_ns(), type, id); 205 if (!qid_valid(qid)) 206 return -EINVAL; 207 copy_from_if_dqblk(&fdq, &idq); 208 return sb->s_qcop->set_dqblk(sb, qid, &fdq); 209 } 210 211 static int quota_enable(struct super_block *sb, void __user *addr) 212 { 213 __u32 flags; 214 215 if (copy_from_user(&flags, addr, sizeof(flags))) 216 return -EFAULT; 217 if (!sb->s_qcop->quota_enable) 218 return -ENOSYS; 219 return sb->s_qcop->quota_enable(sb, flags); 220 } 221 222 static int quota_disable(struct super_block *sb, void __user *addr) 223 { 224 __u32 flags; 225 226 if (copy_from_user(&flags, addr, sizeof(flags))) 227 return -EFAULT; 228 if (!sb->s_qcop->quota_disable) 229 return -ENOSYS; 230 return sb->s_qcop->quota_disable(sb, flags); 231 } 232 233 static int quota_getxstate(struct super_block *sb, void __user *addr) 234 { 235 struct fs_quota_stat fqs; 236 int ret; 237 238 if (!sb->s_qcop->get_xstate) 239 return -ENOSYS; 240 ret = sb->s_qcop->get_xstate(sb, &fqs); 241 if (!ret && copy_to_user(addr, &fqs, sizeof(fqs))) 242 return -EFAULT; 243 return ret; 244 } 245 246 static int quota_getxstatev(struct super_block *sb, void __user *addr) 247 { 248 struct fs_quota_statv fqs; 249 int ret; 250 251 if (!sb->s_qcop->get_xstatev) 252 return -ENOSYS; 253 254 memset(&fqs, 0, sizeof(fqs)); 255 if (copy_from_user(&fqs, addr, 1)) /* Just read qs_version */ 256 return -EFAULT; 257 258 /* If this kernel doesn't support user specified version, fail */ 259 switch (fqs.qs_version) { 260 case FS_QSTATV_VERSION1: 261 break; 262 default: 263 return -EINVAL; 264 } 265 ret = sb->s_qcop->get_xstatev(sb, &fqs); 266 if (!ret && copy_to_user(addr, &fqs, sizeof(fqs))) 267 return -EFAULT; 268 return ret; 269 } 270 271 /* 272 * XFS defines BBTOB and BTOBB macros inside fs/xfs/ and we cannot move them 273 * out of there as xfsprogs rely on definitions being in that header file. So 274 * just define same functions here for quota purposes. 275 */ 276 #define XFS_BB_SHIFT 9 277 278 static inline u64 quota_bbtob(u64 blocks) 279 { 280 return blocks << XFS_BB_SHIFT; 281 } 282 283 static inline u64 quota_btobb(u64 bytes) 284 { 285 return (bytes + (1 << XFS_BB_SHIFT) - 1) >> XFS_BB_SHIFT; 286 } 287 288 static void copy_from_xfs_dqblk(struct qc_dqblk *dst, struct fs_disk_quota *src) 289 { 290 dst->d_spc_hardlimit = quota_bbtob(src->d_blk_hardlimit); 291 dst->d_spc_softlimit = quota_bbtob(src->d_blk_softlimit); 292 dst->d_ino_hardlimit = src->d_ino_hardlimit; 293 dst->d_ino_softlimit = src->d_ino_softlimit; 294 dst->d_space = quota_bbtob(src->d_bcount); 295 dst->d_ino_count = src->d_icount; 296 dst->d_ino_timer = src->d_itimer; 297 dst->d_spc_timer = src->d_btimer; 298 dst->d_ino_warns = src->d_iwarns; 299 dst->d_spc_warns = src->d_bwarns; 300 dst->d_rt_spc_hardlimit = quota_bbtob(src->d_rtb_hardlimit); 301 dst->d_rt_spc_softlimit = quota_bbtob(src->d_rtb_softlimit); 302 dst->d_rt_space = quota_bbtob(src->d_rtbcount); 303 dst->d_rt_spc_timer = src->d_rtbtimer; 304 dst->d_rt_spc_warns = src->d_rtbwarns; 305 dst->d_fieldmask = 0; 306 if (src->d_fieldmask & FS_DQ_ISOFT) 307 dst->d_fieldmask |= QC_INO_SOFT; 308 if (src->d_fieldmask & FS_DQ_IHARD) 309 dst->d_fieldmask |= QC_INO_HARD; 310 if (src->d_fieldmask & FS_DQ_BSOFT) 311 dst->d_fieldmask |= QC_SPC_SOFT; 312 if (src->d_fieldmask & FS_DQ_BHARD) 313 dst->d_fieldmask |= QC_SPC_HARD; 314 if (src->d_fieldmask & FS_DQ_RTBSOFT) 315 dst->d_fieldmask |= QC_RT_SPC_SOFT; 316 if (src->d_fieldmask & FS_DQ_RTBHARD) 317 dst->d_fieldmask |= QC_RT_SPC_HARD; 318 if (src->d_fieldmask & FS_DQ_BTIMER) 319 dst->d_fieldmask |= QC_SPC_TIMER; 320 if (src->d_fieldmask & FS_DQ_ITIMER) 321 dst->d_fieldmask |= QC_INO_TIMER; 322 if (src->d_fieldmask & FS_DQ_RTBTIMER) 323 dst->d_fieldmask |= QC_RT_SPC_TIMER; 324 if (src->d_fieldmask & FS_DQ_BWARNS) 325 dst->d_fieldmask |= QC_SPC_WARNS; 326 if (src->d_fieldmask & FS_DQ_IWARNS) 327 dst->d_fieldmask |= QC_INO_WARNS; 328 if (src->d_fieldmask & FS_DQ_RTBWARNS) 329 dst->d_fieldmask |= QC_RT_SPC_WARNS; 330 if (src->d_fieldmask & FS_DQ_BCOUNT) 331 dst->d_fieldmask |= QC_SPACE; 332 if (src->d_fieldmask & FS_DQ_ICOUNT) 333 dst->d_fieldmask |= QC_INO_COUNT; 334 if (src->d_fieldmask & FS_DQ_RTBCOUNT) 335 dst->d_fieldmask |= QC_RT_SPACE; 336 } 337 338 static int quota_setxquota(struct super_block *sb, int type, qid_t id, 339 void __user *addr) 340 { 341 struct fs_disk_quota fdq; 342 struct qc_dqblk qdq; 343 struct kqid qid; 344 345 if (copy_from_user(&fdq, addr, sizeof(fdq))) 346 return -EFAULT; 347 if (!sb->s_qcop->set_dqblk) 348 return -ENOSYS; 349 qid = make_kqid(current_user_ns(), type, id); 350 if (!qid_valid(qid)) 351 return -EINVAL; 352 copy_from_xfs_dqblk(&qdq, &fdq); 353 return sb->s_qcop->set_dqblk(sb, qid, &qdq); 354 } 355 356 static void copy_to_xfs_dqblk(struct fs_disk_quota *dst, struct qc_dqblk *src, 357 int type, qid_t id) 358 { 359 memset(dst, 0, sizeof(*dst)); 360 dst->d_version = FS_DQUOT_VERSION; 361 dst->d_id = id; 362 if (type == USRQUOTA) 363 dst->d_flags = FS_USER_QUOTA; 364 else if (type == PRJQUOTA) 365 dst->d_flags = FS_PROJ_QUOTA; 366 else 367 dst->d_flags = FS_GROUP_QUOTA; 368 dst->d_blk_hardlimit = quota_btobb(src->d_spc_hardlimit); 369 dst->d_blk_softlimit = quota_btobb(src->d_spc_softlimit); 370 dst->d_ino_hardlimit = src->d_ino_hardlimit; 371 dst->d_ino_softlimit = src->d_ino_softlimit; 372 dst->d_bcount = quota_btobb(src->d_space); 373 dst->d_icount = src->d_ino_count; 374 dst->d_itimer = src->d_ino_timer; 375 dst->d_btimer = src->d_spc_timer; 376 dst->d_iwarns = src->d_ino_warns; 377 dst->d_bwarns = src->d_spc_warns; 378 dst->d_rtb_hardlimit = quota_btobb(src->d_rt_spc_hardlimit); 379 dst->d_rtb_softlimit = quota_btobb(src->d_rt_spc_softlimit); 380 dst->d_rtbcount = quota_btobb(src->d_rt_space); 381 dst->d_rtbtimer = src->d_rt_spc_timer; 382 dst->d_rtbwarns = src->d_rt_spc_warns; 383 } 384 385 static int quota_getxquota(struct super_block *sb, int type, qid_t id, 386 void __user *addr) 387 { 388 struct fs_disk_quota fdq; 389 struct qc_dqblk qdq; 390 struct kqid qid; 391 int ret; 392 393 if (!sb->s_qcop->get_dqblk) 394 return -ENOSYS; 395 qid = make_kqid(current_user_ns(), type, id); 396 if (!qid_valid(qid)) 397 return -EINVAL; 398 ret = sb->s_qcop->get_dqblk(sb, qid, &qdq); 399 if (ret) 400 return ret; 401 copy_to_xfs_dqblk(&fdq, &qdq, type, id); 402 if (copy_to_user(addr, &fdq, sizeof(fdq))) 403 return -EFAULT; 404 return ret; 405 } 406 407 static int quota_rmxquota(struct super_block *sb, void __user *addr) 408 { 409 __u32 flags; 410 411 if (copy_from_user(&flags, addr, sizeof(flags))) 412 return -EFAULT; 413 if (!sb->s_qcop->rm_xquota) 414 return -ENOSYS; 415 return sb->s_qcop->rm_xquota(sb, flags); 416 } 417 418 /* Copy parameters and call proper function */ 419 static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id, 420 void __user *addr, struct path *path) 421 { 422 int ret; 423 424 if (type >= (XQM_COMMAND(cmd) ? XQM_MAXQUOTAS : MAXQUOTAS)) 425 return -EINVAL; 426 /* 427 * Quota not supported on this fs? Check this before s_quota_types 428 * since they needn't be set if quota is not supported at all. 429 */ 430 if (!sb->s_qcop) 431 return -ENOSYS; 432 if (!(sb->s_quota_types & (1 << type))) 433 return -EINVAL; 434 435 ret = check_quotactl_permission(sb, type, cmd, id); 436 if (ret < 0) 437 return ret; 438 439 switch (cmd) { 440 case Q_QUOTAON: 441 return quota_quotaon(sb, type, cmd, id, path); 442 case Q_QUOTAOFF: 443 if (!sb->s_qcop->quota_off) 444 return -ENOSYS; 445 return sb->s_qcop->quota_off(sb, type); 446 case Q_GETFMT: 447 return quota_getfmt(sb, type, addr); 448 case Q_GETINFO: 449 return quota_getinfo(sb, type, addr); 450 case Q_SETINFO: 451 return quota_setinfo(sb, type, addr); 452 case Q_GETQUOTA: 453 return quota_getquota(sb, type, id, addr); 454 case Q_SETQUOTA: 455 return quota_setquota(sb, type, id, addr); 456 case Q_SYNC: 457 if (!sb->s_qcop->quota_sync) 458 return -ENOSYS; 459 return sb->s_qcop->quota_sync(sb, type); 460 case Q_XQUOTAON: 461 return quota_enable(sb, addr); 462 case Q_XQUOTAOFF: 463 return quota_disable(sb, addr); 464 case Q_XQUOTARM: 465 return quota_rmxquota(sb, addr); 466 case Q_XGETQSTAT: 467 return quota_getxstate(sb, addr); 468 case Q_XGETQSTATV: 469 return quota_getxstatev(sb, addr); 470 case Q_XSETQLIM: 471 return quota_setxquota(sb, type, id, addr); 472 case Q_XGETQUOTA: 473 return quota_getxquota(sb, type, id, addr); 474 case Q_XQUOTASYNC: 475 if (sb->s_flags & MS_RDONLY) 476 return -EROFS; 477 /* XFS quotas are fully coherent now, making this call a noop */ 478 return 0; 479 default: 480 return -EINVAL; 481 } 482 } 483 484 #ifdef CONFIG_BLOCK 485 486 /* Return 1 if 'cmd' will block on frozen filesystem */ 487 static int quotactl_cmd_write(int cmd) 488 { 489 switch (cmd) { 490 case Q_GETFMT: 491 case Q_GETINFO: 492 case Q_SYNC: 493 case Q_XGETQSTAT: 494 case Q_XGETQSTATV: 495 case Q_XGETQUOTA: 496 case Q_XQUOTASYNC: 497 return 0; 498 } 499 return 1; 500 } 501 502 #endif /* CONFIG_BLOCK */ 503 504 /* 505 * look up a superblock on which quota ops will be performed 506 * - use the name of a block device to find the superblock thereon 507 */ 508 static struct super_block *quotactl_block(const char __user *special, int cmd) 509 { 510 #ifdef CONFIG_BLOCK 511 struct block_device *bdev; 512 struct super_block *sb; 513 struct filename *tmp = getname(special); 514 515 if (IS_ERR(tmp)) 516 return ERR_CAST(tmp); 517 bdev = lookup_bdev(tmp->name); 518 putname(tmp); 519 if (IS_ERR(bdev)) 520 return ERR_CAST(bdev); 521 if (quotactl_cmd_write(cmd)) 522 sb = get_super_thawed(bdev); 523 else 524 sb = get_super(bdev); 525 bdput(bdev); 526 if (!sb) 527 return ERR_PTR(-ENODEV); 528 529 return sb; 530 #else 531 return ERR_PTR(-ENODEV); 532 #endif 533 } 534 535 /* 536 * This is the system call interface. This communicates with 537 * the user-level programs. Currently this only supports diskquota 538 * calls. Maybe we need to add the process quotas etc. in the future, 539 * but we probably should use rlimits for that. 540 */ 541 SYSCALL_DEFINE4(quotactl, unsigned int, cmd, const char __user *, special, 542 qid_t, id, void __user *, addr) 543 { 544 uint cmds, type; 545 struct super_block *sb = NULL; 546 struct path path, *pathp = NULL; 547 int ret; 548 549 cmds = cmd >> SUBCMDSHIFT; 550 type = cmd & SUBCMDMASK; 551 552 /* 553 * As a special case Q_SYNC can be called without a specific device. 554 * It will iterate all superblocks that have quota enabled and call 555 * the sync action on each of them. 556 */ 557 if (!special) { 558 if (cmds == Q_SYNC) 559 return quota_sync_all(type); 560 return -ENODEV; 561 } 562 563 /* 564 * Path for quotaon has to be resolved before grabbing superblock 565 * because that gets s_umount sem which is also possibly needed by path 566 * resolution (think about autofs) and thus deadlocks could arise. 567 */ 568 if (cmds == Q_QUOTAON) { 569 ret = user_path_at(AT_FDCWD, addr, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &path); 570 if (ret) 571 pathp = ERR_PTR(ret); 572 else 573 pathp = &path; 574 } 575 576 sb = quotactl_block(special, cmds); 577 if (IS_ERR(sb)) { 578 ret = PTR_ERR(sb); 579 goto out; 580 } 581 582 ret = do_quotactl(sb, type, cmds, id, addr, pathp); 583 584 drop_super(sb); 585 out: 586 if (pathp && !IS_ERR(pathp)) 587 path_put(pathp); 588 return ret; 589 } 590