1 /* 2 * Quota code necessary even when VFS quota support is not compiled 3 * into the kernel. The interesting stuff is over in dquot.c, here 4 * we have symbols for initial quotactl(2) handling, the sysctl(2) 5 * variables, etc - things needed even when quota support disabled. 6 */ 7 8 #include <linux/fs.h> 9 #include <linux/namei.h> 10 #include <linux/slab.h> 11 #include <asm/current.h> 12 #include <linux/uaccess.h> 13 #include <linux/kernel.h> 14 #include <linux/security.h> 15 #include <linux/syscalls.h> 16 #include <linux/capability.h> 17 #include <linux/quotaops.h> 18 #include <linux/types.h> 19 #include <linux/writeback.h> 20 21 static int check_quotactl_permission(struct super_block *sb, int type, int cmd, 22 qid_t id) 23 { 24 switch (cmd) { 25 /* these commands do not require any special privilegues */ 26 case Q_GETFMT: 27 case Q_SYNC: 28 case Q_GETINFO: 29 case Q_XGETQSTAT: 30 case Q_XGETQSTATV: 31 case Q_XQUOTASYNC: 32 break; 33 /* allow to query information for dquots we "own" */ 34 case Q_GETQUOTA: 35 case Q_XGETQUOTA: 36 if ((type == USRQUOTA && uid_eq(current_euid(), make_kuid(current_user_ns(), id))) || 37 (type == GRPQUOTA && in_egroup_p(make_kgid(current_user_ns(), id)))) 38 break; 39 /*FALLTHROUGH*/ 40 default: 41 if (!capable(CAP_SYS_ADMIN)) 42 return -EPERM; 43 } 44 45 return security_quotactl(cmd, type, id, sb); 46 } 47 48 static void quota_sync_one(struct super_block *sb, void *arg) 49 { 50 int type = *(int *)arg; 51 52 if (sb->s_qcop && sb->s_qcop->quota_sync && 53 (sb->s_quota_types & (1 << type))) 54 sb->s_qcop->quota_sync(sb, type); 55 } 56 57 static int quota_sync_all(int type) 58 { 59 int ret; 60 61 if (type >= MAXQUOTAS) 62 return -EINVAL; 63 ret = security_quotactl(Q_SYNC, type, 0, NULL); 64 if (!ret) 65 iterate_supers(quota_sync_one, &type); 66 return ret; 67 } 68 69 unsigned int qtype_enforce_flag(int type) 70 { 71 switch (type) { 72 case USRQUOTA: 73 return FS_QUOTA_UDQ_ENFD; 74 case GRPQUOTA: 75 return FS_QUOTA_GDQ_ENFD; 76 case PRJQUOTA: 77 return FS_QUOTA_PDQ_ENFD; 78 } 79 return 0; 80 } 81 82 static int quota_quotaon(struct super_block *sb, int type, int cmd, qid_t id, 83 struct path *path) 84 { 85 if (!sb->s_qcop->quota_on && !sb->s_qcop->quota_enable) 86 return -ENOSYS; 87 if (sb->s_qcop->quota_enable) 88 return sb->s_qcop->quota_enable(sb, qtype_enforce_flag(type)); 89 if (IS_ERR(path)) 90 return PTR_ERR(path); 91 return sb->s_qcop->quota_on(sb, type, id, path); 92 } 93 94 static int quota_quotaoff(struct super_block *sb, int type) 95 { 96 if (!sb->s_qcop->quota_off && !sb->s_qcop->quota_disable) 97 return -ENOSYS; 98 if (sb->s_qcop->quota_disable) 99 return sb->s_qcop->quota_disable(sb, qtype_enforce_flag(type)); 100 return sb->s_qcop->quota_off(sb, type); 101 } 102 103 static int quota_getfmt(struct super_block *sb, int type, void __user *addr) 104 { 105 __u32 fmt; 106 107 mutex_lock(&sb_dqopt(sb)->dqonoff_mutex); 108 if (!sb_has_quota_active(sb, type)) { 109 mutex_unlock(&sb_dqopt(sb)->dqonoff_mutex); 110 return -ESRCH; 111 } 112 fmt = sb_dqopt(sb)->info[type].dqi_format->qf_fmt_id; 113 mutex_unlock(&sb_dqopt(sb)->dqonoff_mutex); 114 if (copy_to_user(addr, &fmt, sizeof(fmt))) 115 return -EFAULT; 116 return 0; 117 } 118 119 static int quota_getinfo(struct super_block *sb, int type, void __user *addr) 120 { 121 struct if_dqinfo info; 122 int ret; 123 124 if (!sb->s_qcop->get_info) 125 return -ENOSYS; 126 ret = sb->s_qcop->get_info(sb, type, &info); 127 if (!ret && copy_to_user(addr, &info, sizeof(info))) 128 return -EFAULT; 129 return ret; 130 } 131 132 static int quota_setinfo(struct super_block *sb, int type, void __user *addr) 133 { 134 struct if_dqinfo info; 135 136 if (copy_from_user(&info, addr, sizeof(info))) 137 return -EFAULT; 138 if (!sb->s_qcop->set_info) 139 return -ENOSYS; 140 return sb->s_qcop->set_info(sb, type, &info); 141 } 142 143 static inline qsize_t qbtos(qsize_t blocks) 144 { 145 return blocks << QIF_DQBLKSIZE_BITS; 146 } 147 148 static inline qsize_t stoqb(qsize_t space) 149 { 150 return (space + QIF_DQBLKSIZE - 1) >> QIF_DQBLKSIZE_BITS; 151 } 152 153 static void copy_to_if_dqblk(struct if_dqblk *dst, struct qc_dqblk *src) 154 { 155 memset(dst, 0, sizeof(*dst)); 156 dst->dqb_bhardlimit = stoqb(src->d_spc_hardlimit); 157 dst->dqb_bsoftlimit = stoqb(src->d_spc_softlimit); 158 dst->dqb_curspace = src->d_space; 159 dst->dqb_ihardlimit = src->d_ino_hardlimit; 160 dst->dqb_isoftlimit = src->d_ino_softlimit; 161 dst->dqb_curinodes = src->d_ino_count; 162 dst->dqb_btime = src->d_spc_timer; 163 dst->dqb_itime = src->d_ino_timer; 164 dst->dqb_valid = QIF_ALL; 165 } 166 167 static int quota_getquota(struct super_block *sb, int type, qid_t id, 168 void __user *addr) 169 { 170 struct kqid qid; 171 struct qc_dqblk fdq; 172 struct if_dqblk idq; 173 int ret; 174 175 if (!sb->s_qcop->get_dqblk) 176 return -ENOSYS; 177 qid = make_kqid(current_user_ns(), type, id); 178 if (!qid_valid(qid)) 179 return -EINVAL; 180 ret = sb->s_qcop->get_dqblk(sb, qid, &fdq); 181 if (ret) 182 return ret; 183 copy_to_if_dqblk(&idq, &fdq); 184 if (copy_to_user(addr, &idq, sizeof(idq))) 185 return -EFAULT; 186 return 0; 187 } 188 189 static void copy_from_if_dqblk(struct qc_dqblk *dst, struct if_dqblk *src) 190 { 191 dst->d_spc_hardlimit = qbtos(src->dqb_bhardlimit); 192 dst->d_spc_softlimit = qbtos(src->dqb_bsoftlimit); 193 dst->d_space = src->dqb_curspace; 194 dst->d_ino_hardlimit = src->dqb_ihardlimit; 195 dst->d_ino_softlimit = src->dqb_isoftlimit; 196 dst->d_ino_count = src->dqb_curinodes; 197 dst->d_spc_timer = src->dqb_btime; 198 dst->d_ino_timer = src->dqb_itime; 199 200 dst->d_fieldmask = 0; 201 if (src->dqb_valid & QIF_BLIMITS) 202 dst->d_fieldmask |= QC_SPC_SOFT | QC_SPC_HARD; 203 if (src->dqb_valid & QIF_SPACE) 204 dst->d_fieldmask |= QC_SPACE; 205 if (src->dqb_valid & QIF_ILIMITS) 206 dst->d_fieldmask |= QC_INO_SOFT | QC_INO_HARD; 207 if (src->dqb_valid & QIF_INODES) 208 dst->d_fieldmask |= QC_INO_COUNT; 209 if (src->dqb_valid & QIF_BTIME) 210 dst->d_fieldmask |= QC_SPC_TIMER; 211 if (src->dqb_valid & QIF_ITIME) 212 dst->d_fieldmask |= QC_INO_TIMER; 213 } 214 215 static int quota_setquota(struct super_block *sb, int type, qid_t id, 216 void __user *addr) 217 { 218 struct qc_dqblk fdq; 219 struct if_dqblk idq; 220 struct kqid qid; 221 222 if (copy_from_user(&idq, addr, sizeof(idq))) 223 return -EFAULT; 224 if (!sb->s_qcop->set_dqblk) 225 return -ENOSYS; 226 qid = make_kqid(current_user_ns(), type, id); 227 if (!qid_valid(qid)) 228 return -EINVAL; 229 copy_from_if_dqblk(&fdq, &idq); 230 return sb->s_qcop->set_dqblk(sb, qid, &fdq); 231 } 232 233 static int quota_enable(struct super_block *sb, void __user *addr) 234 { 235 __u32 flags; 236 237 if (copy_from_user(&flags, addr, sizeof(flags))) 238 return -EFAULT; 239 if (!sb->s_qcop->quota_enable) 240 return -ENOSYS; 241 return sb->s_qcop->quota_enable(sb, flags); 242 } 243 244 static int quota_disable(struct super_block *sb, void __user *addr) 245 { 246 __u32 flags; 247 248 if (copy_from_user(&flags, addr, sizeof(flags))) 249 return -EFAULT; 250 if (!sb->s_qcop->quota_disable) 251 return -ENOSYS; 252 return sb->s_qcop->quota_disable(sb, flags); 253 } 254 255 static int quota_getxstate(struct super_block *sb, void __user *addr) 256 { 257 struct fs_quota_stat fqs; 258 int ret; 259 260 if (!sb->s_qcop->get_xstate) 261 return -ENOSYS; 262 ret = sb->s_qcop->get_xstate(sb, &fqs); 263 if (!ret && copy_to_user(addr, &fqs, sizeof(fqs))) 264 return -EFAULT; 265 return ret; 266 } 267 268 static int quota_getxstatev(struct super_block *sb, void __user *addr) 269 { 270 struct fs_quota_statv fqs; 271 int ret; 272 273 if (!sb->s_qcop->get_xstatev) 274 return -ENOSYS; 275 276 memset(&fqs, 0, sizeof(fqs)); 277 if (copy_from_user(&fqs, addr, 1)) /* Just read qs_version */ 278 return -EFAULT; 279 280 /* If this kernel doesn't support user specified version, fail */ 281 switch (fqs.qs_version) { 282 case FS_QSTATV_VERSION1: 283 break; 284 default: 285 return -EINVAL; 286 } 287 ret = sb->s_qcop->get_xstatev(sb, &fqs); 288 if (!ret && copy_to_user(addr, &fqs, sizeof(fqs))) 289 return -EFAULT; 290 return ret; 291 } 292 293 /* 294 * XFS defines BBTOB and BTOBB macros inside fs/xfs/ and we cannot move them 295 * out of there as xfsprogs rely on definitions being in that header file. So 296 * just define same functions here for quota purposes. 297 */ 298 #define XFS_BB_SHIFT 9 299 300 static inline u64 quota_bbtob(u64 blocks) 301 { 302 return blocks << XFS_BB_SHIFT; 303 } 304 305 static inline u64 quota_btobb(u64 bytes) 306 { 307 return (bytes + (1 << XFS_BB_SHIFT) - 1) >> XFS_BB_SHIFT; 308 } 309 310 static void copy_from_xfs_dqblk(struct qc_dqblk *dst, struct fs_disk_quota *src) 311 { 312 dst->d_spc_hardlimit = quota_bbtob(src->d_blk_hardlimit); 313 dst->d_spc_softlimit = quota_bbtob(src->d_blk_softlimit); 314 dst->d_ino_hardlimit = src->d_ino_hardlimit; 315 dst->d_ino_softlimit = src->d_ino_softlimit; 316 dst->d_space = quota_bbtob(src->d_bcount); 317 dst->d_ino_count = src->d_icount; 318 dst->d_ino_timer = src->d_itimer; 319 dst->d_spc_timer = src->d_btimer; 320 dst->d_ino_warns = src->d_iwarns; 321 dst->d_spc_warns = src->d_bwarns; 322 dst->d_rt_spc_hardlimit = quota_bbtob(src->d_rtb_hardlimit); 323 dst->d_rt_spc_softlimit = quota_bbtob(src->d_rtb_softlimit); 324 dst->d_rt_space = quota_bbtob(src->d_rtbcount); 325 dst->d_rt_spc_timer = src->d_rtbtimer; 326 dst->d_rt_spc_warns = src->d_rtbwarns; 327 dst->d_fieldmask = 0; 328 if (src->d_fieldmask & FS_DQ_ISOFT) 329 dst->d_fieldmask |= QC_INO_SOFT; 330 if (src->d_fieldmask & FS_DQ_IHARD) 331 dst->d_fieldmask |= QC_INO_HARD; 332 if (src->d_fieldmask & FS_DQ_BSOFT) 333 dst->d_fieldmask |= QC_SPC_SOFT; 334 if (src->d_fieldmask & FS_DQ_BHARD) 335 dst->d_fieldmask |= QC_SPC_HARD; 336 if (src->d_fieldmask & FS_DQ_RTBSOFT) 337 dst->d_fieldmask |= QC_RT_SPC_SOFT; 338 if (src->d_fieldmask & FS_DQ_RTBHARD) 339 dst->d_fieldmask |= QC_RT_SPC_HARD; 340 if (src->d_fieldmask & FS_DQ_BTIMER) 341 dst->d_fieldmask |= QC_SPC_TIMER; 342 if (src->d_fieldmask & FS_DQ_ITIMER) 343 dst->d_fieldmask |= QC_INO_TIMER; 344 if (src->d_fieldmask & FS_DQ_RTBTIMER) 345 dst->d_fieldmask |= QC_RT_SPC_TIMER; 346 if (src->d_fieldmask & FS_DQ_BWARNS) 347 dst->d_fieldmask |= QC_SPC_WARNS; 348 if (src->d_fieldmask & FS_DQ_IWARNS) 349 dst->d_fieldmask |= QC_INO_WARNS; 350 if (src->d_fieldmask & FS_DQ_RTBWARNS) 351 dst->d_fieldmask |= QC_RT_SPC_WARNS; 352 if (src->d_fieldmask & FS_DQ_BCOUNT) 353 dst->d_fieldmask |= QC_SPACE; 354 if (src->d_fieldmask & FS_DQ_ICOUNT) 355 dst->d_fieldmask |= QC_INO_COUNT; 356 if (src->d_fieldmask & FS_DQ_RTBCOUNT) 357 dst->d_fieldmask |= QC_RT_SPACE; 358 } 359 360 static int quota_setxquota(struct super_block *sb, int type, qid_t id, 361 void __user *addr) 362 { 363 struct fs_disk_quota fdq; 364 struct qc_dqblk qdq; 365 struct kqid qid; 366 367 if (copy_from_user(&fdq, addr, sizeof(fdq))) 368 return -EFAULT; 369 if (!sb->s_qcop->set_dqblk) 370 return -ENOSYS; 371 qid = make_kqid(current_user_ns(), type, id); 372 if (!qid_valid(qid)) 373 return -EINVAL; 374 copy_from_xfs_dqblk(&qdq, &fdq); 375 return sb->s_qcop->set_dqblk(sb, qid, &qdq); 376 } 377 378 static void copy_to_xfs_dqblk(struct fs_disk_quota *dst, struct qc_dqblk *src, 379 int type, qid_t id) 380 { 381 memset(dst, 0, sizeof(*dst)); 382 dst->d_version = FS_DQUOT_VERSION; 383 dst->d_id = id; 384 if (type == USRQUOTA) 385 dst->d_flags = FS_USER_QUOTA; 386 else if (type == PRJQUOTA) 387 dst->d_flags = FS_PROJ_QUOTA; 388 else 389 dst->d_flags = FS_GROUP_QUOTA; 390 dst->d_blk_hardlimit = quota_btobb(src->d_spc_hardlimit); 391 dst->d_blk_softlimit = quota_btobb(src->d_spc_softlimit); 392 dst->d_ino_hardlimit = src->d_ino_hardlimit; 393 dst->d_ino_softlimit = src->d_ino_softlimit; 394 dst->d_bcount = quota_btobb(src->d_space); 395 dst->d_icount = src->d_ino_count; 396 dst->d_itimer = src->d_ino_timer; 397 dst->d_btimer = src->d_spc_timer; 398 dst->d_iwarns = src->d_ino_warns; 399 dst->d_bwarns = src->d_spc_warns; 400 dst->d_rtb_hardlimit = quota_btobb(src->d_rt_spc_hardlimit); 401 dst->d_rtb_softlimit = quota_btobb(src->d_rt_spc_softlimit); 402 dst->d_rtbcount = quota_btobb(src->d_rt_space); 403 dst->d_rtbtimer = src->d_rt_spc_timer; 404 dst->d_rtbwarns = src->d_rt_spc_warns; 405 } 406 407 static int quota_getxquota(struct super_block *sb, int type, qid_t id, 408 void __user *addr) 409 { 410 struct fs_disk_quota fdq; 411 struct qc_dqblk qdq; 412 struct kqid qid; 413 int ret; 414 415 if (!sb->s_qcop->get_dqblk) 416 return -ENOSYS; 417 qid = make_kqid(current_user_ns(), type, id); 418 if (!qid_valid(qid)) 419 return -EINVAL; 420 ret = sb->s_qcop->get_dqblk(sb, qid, &qdq); 421 if (ret) 422 return ret; 423 copy_to_xfs_dqblk(&fdq, &qdq, type, id); 424 if (copy_to_user(addr, &fdq, sizeof(fdq))) 425 return -EFAULT; 426 return ret; 427 } 428 429 static int quota_rmxquota(struct super_block *sb, void __user *addr) 430 { 431 __u32 flags; 432 433 if (copy_from_user(&flags, addr, sizeof(flags))) 434 return -EFAULT; 435 if (!sb->s_qcop->rm_xquota) 436 return -ENOSYS; 437 return sb->s_qcop->rm_xquota(sb, flags); 438 } 439 440 /* Copy parameters and call proper function */ 441 static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id, 442 void __user *addr, struct path *path) 443 { 444 int ret; 445 446 if (type >= (XQM_COMMAND(cmd) ? XQM_MAXQUOTAS : MAXQUOTAS)) 447 return -EINVAL; 448 /* 449 * Quota not supported on this fs? Check this before s_quota_types 450 * since they needn't be set if quota is not supported at all. 451 */ 452 if (!sb->s_qcop) 453 return -ENOSYS; 454 if (!(sb->s_quota_types & (1 << type))) 455 return -EINVAL; 456 457 ret = check_quotactl_permission(sb, type, cmd, id); 458 if (ret < 0) 459 return ret; 460 461 switch (cmd) { 462 case Q_QUOTAON: 463 return quota_quotaon(sb, type, cmd, id, path); 464 case Q_QUOTAOFF: 465 return quota_quotaoff(sb, type); 466 case Q_GETFMT: 467 return quota_getfmt(sb, type, addr); 468 case Q_GETINFO: 469 return quota_getinfo(sb, type, addr); 470 case Q_SETINFO: 471 return quota_setinfo(sb, type, addr); 472 case Q_GETQUOTA: 473 return quota_getquota(sb, type, id, addr); 474 case Q_SETQUOTA: 475 return quota_setquota(sb, type, id, addr); 476 case Q_SYNC: 477 if (!sb->s_qcop->quota_sync) 478 return -ENOSYS; 479 return sb->s_qcop->quota_sync(sb, type); 480 case Q_XQUOTAON: 481 return quota_enable(sb, addr); 482 case Q_XQUOTAOFF: 483 return quota_disable(sb, addr); 484 case Q_XQUOTARM: 485 return quota_rmxquota(sb, addr); 486 case Q_XGETQSTAT: 487 return quota_getxstate(sb, addr); 488 case Q_XGETQSTATV: 489 return quota_getxstatev(sb, addr); 490 case Q_XSETQLIM: 491 return quota_setxquota(sb, type, id, addr); 492 case Q_XGETQUOTA: 493 return quota_getxquota(sb, type, id, addr); 494 case Q_XQUOTASYNC: 495 if (sb->s_flags & MS_RDONLY) 496 return -EROFS; 497 /* XFS quotas are fully coherent now, making this call a noop */ 498 return 0; 499 default: 500 return -EINVAL; 501 } 502 } 503 504 #ifdef CONFIG_BLOCK 505 506 /* Return 1 if 'cmd' will block on frozen filesystem */ 507 static int quotactl_cmd_write(int cmd) 508 { 509 switch (cmd) { 510 case Q_GETFMT: 511 case Q_GETINFO: 512 case Q_SYNC: 513 case Q_XGETQSTAT: 514 case Q_XGETQSTATV: 515 case Q_XGETQUOTA: 516 case Q_XQUOTASYNC: 517 return 0; 518 } 519 return 1; 520 } 521 522 #endif /* CONFIG_BLOCK */ 523 524 /* 525 * look up a superblock on which quota ops will be performed 526 * - use the name of a block device to find the superblock thereon 527 */ 528 static struct super_block *quotactl_block(const char __user *special, int cmd) 529 { 530 #ifdef CONFIG_BLOCK 531 struct block_device *bdev; 532 struct super_block *sb; 533 struct filename *tmp = getname(special); 534 535 if (IS_ERR(tmp)) 536 return ERR_CAST(tmp); 537 bdev = lookup_bdev(tmp->name); 538 putname(tmp); 539 if (IS_ERR(bdev)) 540 return ERR_CAST(bdev); 541 if (quotactl_cmd_write(cmd)) 542 sb = get_super_thawed(bdev); 543 else 544 sb = get_super(bdev); 545 bdput(bdev); 546 if (!sb) 547 return ERR_PTR(-ENODEV); 548 549 return sb; 550 #else 551 return ERR_PTR(-ENODEV); 552 #endif 553 } 554 555 /* 556 * This is the system call interface. This communicates with 557 * the user-level programs. Currently this only supports diskquota 558 * calls. Maybe we need to add the process quotas etc. in the future, 559 * but we probably should use rlimits for that. 560 */ 561 SYSCALL_DEFINE4(quotactl, unsigned int, cmd, const char __user *, special, 562 qid_t, id, void __user *, addr) 563 { 564 uint cmds, type; 565 struct super_block *sb = NULL; 566 struct path path, *pathp = NULL; 567 int ret; 568 569 cmds = cmd >> SUBCMDSHIFT; 570 type = cmd & SUBCMDMASK; 571 572 /* 573 * As a special case Q_SYNC can be called without a specific device. 574 * It will iterate all superblocks that have quota enabled and call 575 * the sync action on each of them. 576 */ 577 if (!special) { 578 if (cmds == Q_SYNC) 579 return quota_sync_all(type); 580 return -ENODEV; 581 } 582 583 /* 584 * Path for quotaon has to be resolved before grabbing superblock 585 * because that gets s_umount sem which is also possibly needed by path 586 * resolution (think about autofs) and thus deadlocks could arise. 587 */ 588 if (cmds == Q_QUOTAON) { 589 ret = user_path_at(AT_FDCWD, addr, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &path); 590 if (ret) 591 pathp = ERR_PTR(ret); 592 else 593 pathp = &path; 594 } 595 596 sb = quotactl_block(special, cmds); 597 if (IS_ERR(sb)) { 598 ret = PTR_ERR(sb); 599 goto out; 600 } 601 602 ret = do_quotactl(sb, type, cmds, id, addr, pathp); 603 604 drop_super(sb); 605 out: 606 if (pathp && !IS_ERR(pathp)) 607 path_put(pathp); 608 return ret; 609 } 610