Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* |
2 | * Quota code necessary even when VFS quota support is not compiled | |
3 | * into the kernel. The interesting stuff is over in dquot.c, here | |
4 | * we have symbols for initial quotactl(2) handling, the sysctl(2) | |
5 | * variables, etc - things needed even when quota support disabled. | |
6 | */ | |
7 | ||
8 | #include <linux/fs.h> | |
9 | #include <linux/namei.h> | |
10 | #include <linux/slab.h> | |
11 | #include <asm/current.h> | |
12 | #include <asm/uaccess.h> | |
b716395e | 13 | #include <linux/compat.h> |
1da177e4 | 14 | #include <linux/kernel.h> |
1da177e4 LT |
15 | #include <linux/security.h> |
16 | #include <linux/syscalls.h> | |
17 | #include <linux/buffer_head.h> | |
16f7e0fe | 18 | #include <linux/capability.h> |
be586bab | 19 | #include <linux/quotaops.h> |
b716395e | 20 | #include <linux/types.h> |
1da177e4 LT |
21 | |
22 | /* Check validity of generic quotactl commands */ | |
23 | static int generic_quotactl_valid(struct super_block *sb, int type, int cmd, qid_t id) | |
24 | { | |
25 | if (type >= MAXQUOTAS) | |
26 | return -EINVAL; | |
27 | if (!sb && cmd != Q_SYNC) | |
28 | return -ENODEV; | |
29 | /* Is operation supported? */ | |
30 | if (sb && !sb->s_qcop) | |
31 | return -ENOSYS; | |
32 | ||
33 | switch (cmd) { | |
34 | case Q_GETFMT: | |
35 | break; | |
36 | case Q_QUOTAON: | |
37 | if (!sb->s_qcop->quota_on) | |
38 | return -ENOSYS; | |
39 | break; | |
40 | case Q_QUOTAOFF: | |
41 | if (!sb->s_qcop->quota_off) | |
42 | return -ENOSYS; | |
43 | break; | |
44 | case Q_SETINFO: | |
45 | if (!sb->s_qcop->set_info) | |
46 | return -ENOSYS; | |
47 | break; | |
48 | case Q_GETINFO: | |
49 | if (!sb->s_qcop->get_info) | |
50 | return -ENOSYS; | |
51 | break; | |
52 | case Q_SETQUOTA: | |
53 | if (!sb->s_qcop->set_dqblk) | |
54 | return -ENOSYS; | |
55 | break; | |
56 | case Q_GETQUOTA: | |
57 | if (!sb->s_qcop->get_dqblk) | |
58 | return -ENOSYS; | |
59 | break; | |
60 | case Q_SYNC: | |
61 | if (sb && !sb->s_qcop->quota_sync) | |
62 | return -ENOSYS; | |
63 | break; | |
64 | default: | |
65 | return -EINVAL; | |
66 | } | |
67 | ||
68 | /* Is quota turned on for commands which need it? */ | |
69 | switch (cmd) { | |
70 | case Q_GETFMT: | |
71 | case Q_GETINFO: | |
1da177e4 LT |
72 | case Q_SETINFO: |
73 | case Q_SETQUOTA: | |
74 | case Q_GETQUOTA: | |
75 | /* This is just informative test so we are satisfied without a lock */ | |
f55abc0f | 76 | if (!sb_has_quota_active(sb, type)) |
1da177e4 LT |
77 | return -ESRCH; |
78 | } | |
79 | ||
80 | /* Check privileges */ | |
81 | if (cmd == Q_GETQUOTA) { | |
da9592ed | 82 | if (((type == USRQUOTA && current_euid() != id) || |
1da177e4 LT |
83 | (type == GRPQUOTA && !in_egroup_p(id))) && |
84 | !capable(CAP_SYS_ADMIN)) | |
85 | return -EPERM; | |
86 | } | |
87 | else if (cmd != Q_GETFMT && cmd != Q_SYNC && cmd != Q_GETINFO) | |
88 | if (!capable(CAP_SYS_ADMIN)) | |
89 | return -EPERM; | |
90 | ||
91 | return 0; | |
92 | } | |
93 | ||
94 | /* Check validity of XFS Quota Manager commands */ | |
95 | static int xqm_quotactl_valid(struct super_block *sb, int type, int cmd, qid_t id) | |
96 | { | |
97 | if (type >= XQM_MAXQUOTAS) | |
98 | return -EINVAL; | |
99 | if (!sb) | |
100 | return -ENODEV; | |
101 | if (!sb->s_qcop) | |
102 | return -ENOSYS; | |
103 | ||
104 | switch (cmd) { | |
105 | case Q_XQUOTAON: | |
106 | case Q_XQUOTAOFF: | |
107 | case Q_XQUOTARM: | |
108 | if (!sb->s_qcop->set_xstate) | |
109 | return -ENOSYS; | |
110 | break; | |
111 | case Q_XGETQSTAT: | |
112 | if (!sb->s_qcop->get_xstate) | |
113 | return -ENOSYS; | |
114 | break; | |
115 | case Q_XSETQLIM: | |
116 | if (!sb->s_qcop->set_xquota) | |
117 | return -ENOSYS; | |
118 | break; | |
119 | case Q_XGETQUOTA: | |
120 | if (!sb->s_qcop->get_xquota) | |
121 | return -ENOSYS; | |
122 | break; | |
de69e5f4 NS |
123 | case Q_XQUOTASYNC: |
124 | if (!sb->s_qcop->quota_sync) | |
125 | return -ENOSYS; | |
126 | break; | |
1da177e4 LT |
127 | default: |
128 | return -EINVAL; | |
129 | } | |
130 | ||
131 | /* Check privileges */ | |
132 | if (cmd == Q_XGETQUOTA) { | |
da9592ed | 133 | if (((type == XQM_USRQUOTA && current_euid() != id) || |
1da177e4 LT |
134 | (type == XQM_GRPQUOTA && !in_egroup_p(id))) && |
135 | !capable(CAP_SYS_ADMIN)) | |
136 | return -EPERM; | |
de69e5f4 | 137 | } else if (cmd != Q_XGETQSTAT && cmd != Q_XQUOTASYNC) { |
1da177e4 LT |
138 | if (!capable(CAP_SYS_ADMIN)) |
139 | return -EPERM; | |
140 | } | |
141 | ||
142 | return 0; | |
143 | } | |
144 | ||
145 | static int check_quotactl_valid(struct super_block *sb, int type, int cmd, qid_t id) | |
146 | { | |
147 | int error; | |
148 | ||
149 | if (XQM_COMMAND(cmd)) | |
150 | error = xqm_quotactl_valid(sb, type, cmd, id); | |
151 | else | |
152 | error = generic_quotactl_valid(sb, type, cmd, id); | |
153 | if (!error) | |
154 | error = security_quotactl(cmd, type, id, sb); | |
155 | return error; | |
156 | } | |
157 | ||
1da177e4 LT |
158 | static void quota_sync_sb(struct super_block *sb, int type) |
159 | { | |
160 | int cnt; | |
1da177e4 LT |
161 | |
162 | sb->s_qcop->quota_sync(sb, type); | |
ca785ec6 JK |
163 | |
164 | if (sb_dqopt(sb)->flags & DQUOT_QUOTA_SYS_FILE) | |
165 | return; | |
1da177e4 LT |
166 | /* This is not very clever (and fast) but currently I don't know about |
167 | * any other simple way of getting quota data to disk and we must get | |
168 | * them there for userspace to be visible... */ | |
169 | if (sb->s_op->sync_fs) | |
170 | sb->s_op->sync_fs(sb, 1); | |
171 | sync_blockdev(sb->s_bdev); | |
172 | ||
7925409e JK |
173 | /* |
174 | * Now when everything is written we can discard the pagecache so | |
175 | * that userspace sees the changes. | |
176 | */ | |
d3be915f | 177 | mutex_lock(&sb_dqopt(sb)->dqonoff_mutex); |
1da177e4 | 178 | for (cnt = 0; cnt < MAXQUOTAS; cnt++) { |
1da177e4 LT |
179 | if (type != -1 && cnt != type) |
180 | continue; | |
f55abc0f | 181 | if (!sb_has_quota_active(sb, cnt)) |
1da177e4 | 182 | continue; |
7925409e JK |
183 | mutex_lock_nested(&sb_dqopt(sb)->files[cnt]->i_mutex, I_MUTEX_QUOTA); |
184 | truncate_inode_pages(&sb_dqopt(sb)->files[cnt]->i_data, 0); | |
185 | mutex_unlock(&sb_dqopt(sb)->files[cnt]->i_mutex); | |
1da177e4 | 186 | } |
d3be915f | 187 | mutex_unlock(&sb_dqopt(sb)->dqonoff_mutex); |
1da177e4 LT |
188 | } |
189 | ||
190 | void sync_dquots(struct super_block *sb, int type) | |
191 | { | |
02a55ca8 | 192 | int cnt; |
618f0636 | 193 | |
1da177e4 LT |
194 | if (sb) { |
195 | if (sb->s_qcop->quota_sync) | |
196 | quota_sync_sb(sb, type); | |
618f0636 | 197 | return; |
1da177e4 | 198 | } |
618f0636 KK |
199 | |
200 | spin_lock(&sb_lock); | |
201 | restart: | |
202 | list_for_each_entry(sb, &super_blocks, s_list) { | |
203 | /* This test just improves performance so it needn't be reliable... */ | |
02a55ca8 JK |
204 | for (cnt = 0; cnt < MAXQUOTAS; cnt++) { |
205 | if (type != -1 && type != cnt) | |
206 | continue; | |
f55abc0f | 207 | if (!sb_has_quota_active(sb, cnt)) |
02a55ca8 JK |
208 | continue; |
209 | if (!info_dirty(&sb_dqopt(sb)->info[cnt]) && | |
210 | list_empty(&sb_dqopt(sb)->info[cnt].dqi_dirty_list)) | |
211 | continue; | |
212 | break; | |
213 | } | |
214 | if (cnt == MAXQUOTAS) | |
618f0636 KK |
215 | continue; |
216 | sb->s_count++; | |
217 | spin_unlock(&sb_lock); | |
218 | down_read(&sb->s_umount); | |
219 | if (sb->s_root && sb->s_qcop->quota_sync) | |
220 | quota_sync_sb(sb, type); | |
221 | up_read(&sb->s_umount); | |
222 | spin_lock(&sb_lock); | |
223 | if (__put_super_and_need_restart(sb)) | |
224 | goto restart; | |
1da177e4 | 225 | } |
618f0636 | 226 | spin_unlock(&sb_lock); |
1da177e4 LT |
227 | } |
228 | ||
229 | /* Copy parameters and call proper function */ | |
230 | static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id, void __user *addr) | |
231 | { | |
232 | int ret; | |
233 | ||
234 | switch (cmd) { | |
235 | case Q_QUOTAON: { | |
236 | char *pathname; | |
237 | ||
238 | if (IS_ERR(pathname = getname(addr))) | |
239 | return PTR_ERR(pathname); | |
0ff5af83 | 240 | ret = sb->s_qcop->quota_on(sb, type, id, pathname, 0); |
1da177e4 LT |
241 | putname(pathname); |
242 | return ret; | |
243 | } | |
244 | case Q_QUOTAOFF: | |
0ff5af83 | 245 | return sb->s_qcop->quota_off(sb, type, 0); |
1da177e4 LT |
246 | |
247 | case Q_GETFMT: { | |
248 | __u32 fmt; | |
249 | ||
250 | down_read(&sb_dqopt(sb)->dqptr_sem); | |
f55abc0f | 251 | if (!sb_has_quota_active(sb, type)) { |
1da177e4 LT |
252 | up_read(&sb_dqopt(sb)->dqptr_sem); |
253 | return -ESRCH; | |
254 | } | |
255 | fmt = sb_dqopt(sb)->info[type].dqi_format->qf_fmt_id; | |
256 | up_read(&sb_dqopt(sb)->dqptr_sem); | |
257 | if (copy_to_user(addr, &fmt, sizeof(fmt))) | |
258 | return -EFAULT; | |
259 | return 0; | |
260 | } | |
261 | case Q_GETINFO: { | |
262 | struct if_dqinfo info; | |
263 | ||
264 | if ((ret = sb->s_qcop->get_info(sb, type, &info))) | |
265 | return ret; | |
266 | if (copy_to_user(addr, &info, sizeof(info))) | |
267 | return -EFAULT; | |
268 | return 0; | |
269 | } | |
270 | case Q_SETINFO: { | |
271 | struct if_dqinfo info; | |
272 | ||
273 | if (copy_from_user(&info, addr, sizeof(info))) | |
274 | return -EFAULT; | |
275 | return sb->s_qcop->set_info(sb, type, &info); | |
276 | } | |
277 | case Q_GETQUOTA: { | |
278 | struct if_dqblk idq; | |
279 | ||
280 | if ((ret = sb->s_qcop->get_dqblk(sb, type, id, &idq))) | |
281 | return ret; | |
282 | if (copy_to_user(addr, &idq, sizeof(idq))) | |
283 | return -EFAULT; | |
284 | return 0; | |
285 | } | |
286 | case Q_SETQUOTA: { | |
287 | struct if_dqblk idq; | |
288 | ||
289 | if (copy_from_user(&idq, addr, sizeof(idq))) | |
290 | return -EFAULT; | |
291 | return sb->s_qcop->set_dqblk(sb, type, id, &idq); | |
292 | } | |
293 | case Q_SYNC: | |
294 | sync_dquots(sb, type); | |
295 | return 0; | |
296 | ||
297 | case Q_XQUOTAON: | |
298 | case Q_XQUOTAOFF: | |
299 | case Q_XQUOTARM: { | |
300 | __u32 flags; | |
301 | ||
302 | if (copy_from_user(&flags, addr, sizeof(flags))) | |
303 | return -EFAULT; | |
304 | return sb->s_qcop->set_xstate(sb, flags, cmd); | |
305 | } | |
306 | case Q_XGETQSTAT: { | |
307 | struct fs_quota_stat fqs; | |
308 | ||
309 | if ((ret = sb->s_qcop->get_xstate(sb, &fqs))) | |
310 | return ret; | |
311 | if (copy_to_user(addr, &fqs, sizeof(fqs))) | |
312 | return -EFAULT; | |
313 | return 0; | |
314 | } | |
315 | case Q_XSETQLIM: { | |
316 | struct fs_disk_quota fdq; | |
317 | ||
318 | if (copy_from_user(&fdq, addr, sizeof(fdq))) | |
319 | return -EFAULT; | |
320 | return sb->s_qcop->set_xquota(sb, type, id, &fdq); | |
321 | } | |
322 | case Q_XGETQUOTA: { | |
323 | struct fs_disk_quota fdq; | |
324 | ||
325 | if ((ret = sb->s_qcop->get_xquota(sb, type, id, &fdq))) | |
326 | return ret; | |
327 | if (copy_to_user(addr, &fdq, sizeof(fdq))) | |
328 | return -EFAULT; | |
329 | return 0; | |
330 | } | |
de69e5f4 NS |
331 | case Q_XQUOTASYNC: |
332 | return sb->s_qcop->quota_sync(sb, type); | |
1da177e4 LT |
333 | /* We never reach here unless validity check is broken */ |
334 | default: | |
335 | BUG(); | |
336 | } | |
337 | return 0; | |
338 | } | |
339 | ||
9361401e DH |
340 | /* |
341 | * look up a superblock on which quota ops will be performed | |
342 | * - use the name of a block device to find the superblock thereon | |
343 | */ | |
344 | static inline struct super_block *quotactl_block(const char __user *special) | |
345 | { | |
346 | #ifdef CONFIG_BLOCK | |
347 | struct block_device *bdev; | |
348 | struct super_block *sb; | |
349 | char *tmp = getname(special); | |
350 | ||
351 | if (IS_ERR(tmp)) | |
e231c2ee | 352 | return ERR_CAST(tmp); |
9361401e DH |
353 | bdev = lookup_bdev(tmp); |
354 | putname(tmp); | |
355 | if (IS_ERR(bdev)) | |
e231c2ee | 356 | return ERR_CAST(bdev); |
9361401e DH |
357 | sb = get_super(bdev); |
358 | bdput(bdev); | |
359 | if (!sb) | |
360 | return ERR_PTR(-ENODEV); | |
361 | ||
362 | return sb; | |
363 | #else | |
364 | return ERR_PTR(-ENODEV); | |
365 | #endif | |
366 | } | |
367 | ||
1da177e4 LT |
368 | /* |
369 | * This is the system call interface. This communicates with | |
370 | * the user-level programs. Currently this only supports diskquota | |
371 | * calls. Maybe we need to add the process quotas etc. in the future, | |
372 | * but we probably should use rlimits for that. | |
373 | */ | |
374 | asmlinkage long sys_quotactl(unsigned int cmd, const char __user *special, qid_t id, void __user *addr) | |
375 | { | |
376 | uint cmds, type; | |
377 | struct super_block *sb = NULL; | |
1da177e4 LT |
378 | int ret; |
379 | ||
380 | cmds = cmd >> SUBCMDSHIFT; | |
381 | type = cmd & SUBCMDMASK; | |
382 | ||
383 | if (cmds != Q_SYNC || special) { | |
9361401e DH |
384 | sb = quotactl_block(special); |
385 | if (IS_ERR(sb)) | |
386 | return PTR_ERR(sb); | |
1da177e4 LT |
387 | } |
388 | ||
389 | ret = check_quotactl_valid(sb, type, cmds, id); | |
390 | if (ret >= 0) | |
391 | ret = do_quotactl(sb, type, cmds, id, addr); | |
392 | if (sb) | |
393 | drop_super(sb); | |
394 | ||
395 | return ret; | |
396 | } | |
b716395e | 397 | |
7a6c8135 | 398 | #if defined(CONFIG_COMPAT_FOR_U64_ALIGNMENT) |
b716395e VT |
399 | /* |
400 | * This code works only for 32 bit quota tools over 64 bit OS (x86_64, ia64) | |
401 | * and is necessary due to alignment problems. | |
402 | */ | |
403 | struct compat_if_dqblk { | |
404 | compat_u64 dqb_bhardlimit; | |
405 | compat_u64 dqb_bsoftlimit; | |
406 | compat_u64 dqb_curspace; | |
407 | compat_u64 dqb_ihardlimit; | |
408 | compat_u64 dqb_isoftlimit; | |
409 | compat_u64 dqb_curinodes; | |
410 | compat_u64 dqb_btime; | |
411 | compat_u64 dqb_itime; | |
412 | compat_uint_t dqb_valid; | |
413 | }; | |
414 | ||
415 | /* XFS structures */ | |
416 | struct compat_fs_qfilestat { | |
417 | compat_u64 dqb_bhardlimit; | |
418 | compat_u64 qfs_nblks; | |
419 | compat_uint_t qfs_nextents; | |
420 | }; | |
421 | ||
422 | struct compat_fs_quota_stat { | |
423 | __s8 qs_version; | |
424 | __u16 qs_flags; | |
425 | __s8 qs_pad; | |
426 | struct compat_fs_qfilestat qs_uquota; | |
427 | struct compat_fs_qfilestat qs_gquota; | |
428 | compat_uint_t qs_incoredqs; | |
429 | compat_int_t qs_btimelimit; | |
430 | compat_int_t qs_itimelimit; | |
431 | compat_int_t qs_rtbtimelimit; | |
432 | __u16 qs_bwarnlimit; | |
433 | __u16 qs_iwarnlimit; | |
434 | }; | |
435 | ||
436 | asmlinkage long sys32_quotactl(unsigned int cmd, const char __user *special, | |
437 | qid_t id, void __user *addr) | |
438 | { | |
439 | unsigned int cmds; | |
440 | struct if_dqblk __user *dqblk; | |
441 | struct compat_if_dqblk __user *compat_dqblk; | |
442 | struct fs_quota_stat __user *fsqstat; | |
443 | struct compat_fs_quota_stat __user *compat_fsqstat; | |
444 | compat_uint_t data; | |
445 | u16 xdata; | |
446 | long ret; | |
447 | ||
448 | cmds = cmd >> SUBCMDSHIFT; | |
449 | ||
450 | switch (cmds) { | |
451 | case Q_GETQUOTA: | |
452 | dqblk = compat_alloc_user_space(sizeof(struct if_dqblk)); | |
453 | compat_dqblk = addr; | |
454 | ret = sys_quotactl(cmd, special, id, dqblk); | |
455 | if (ret) | |
456 | break; | |
457 | if (copy_in_user(compat_dqblk, dqblk, sizeof(*compat_dqblk)) || | |
458 | get_user(data, &dqblk->dqb_valid) || | |
459 | put_user(data, &compat_dqblk->dqb_valid)) | |
460 | ret = -EFAULT; | |
461 | break; | |
462 | case Q_SETQUOTA: | |
463 | dqblk = compat_alloc_user_space(sizeof(struct if_dqblk)); | |
464 | compat_dqblk = addr; | |
465 | ret = -EFAULT; | |
466 | if (copy_in_user(dqblk, compat_dqblk, sizeof(*compat_dqblk)) || | |
467 | get_user(data, &compat_dqblk->dqb_valid) || | |
468 | put_user(data, &dqblk->dqb_valid)) | |
469 | break; | |
470 | ret = sys_quotactl(cmd, special, id, dqblk); | |
471 | break; | |
472 | case Q_XGETQSTAT: | |
473 | fsqstat = compat_alloc_user_space(sizeof(struct fs_quota_stat)); | |
474 | compat_fsqstat = addr; | |
475 | ret = sys_quotactl(cmd, special, id, fsqstat); | |
476 | if (ret) | |
477 | break; | |
478 | ret = -EFAULT; | |
479 | /* Copying qs_version, qs_flags, qs_pad */ | |
480 | if (copy_in_user(compat_fsqstat, fsqstat, | |
481 | offsetof(struct compat_fs_quota_stat, qs_uquota))) | |
482 | break; | |
483 | /* Copying qs_uquota */ | |
484 | if (copy_in_user(&compat_fsqstat->qs_uquota, | |
485 | &fsqstat->qs_uquota, | |
486 | sizeof(compat_fsqstat->qs_uquota)) || | |
487 | get_user(data, &fsqstat->qs_uquota.qfs_nextents) || | |
488 | put_user(data, &compat_fsqstat->qs_uquota.qfs_nextents)) | |
489 | break; | |
490 | /* Copying qs_gquota */ | |
491 | if (copy_in_user(&compat_fsqstat->qs_gquota, | |
492 | &fsqstat->qs_gquota, | |
493 | sizeof(compat_fsqstat->qs_gquota)) || | |
494 | get_user(data, &fsqstat->qs_gquota.qfs_nextents) || | |
495 | put_user(data, &compat_fsqstat->qs_gquota.qfs_nextents)) | |
496 | break; | |
497 | /* Copying the rest */ | |
498 | if (copy_in_user(&compat_fsqstat->qs_incoredqs, | |
499 | &fsqstat->qs_incoredqs, | |
500 | sizeof(struct compat_fs_quota_stat) - | |
501 | offsetof(struct compat_fs_quota_stat, qs_incoredqs)) || | |
502 | get_user(xdata, &fsqstat->qs_iwarnlimit) || | |
503 | put_user(xdata, &compat_fsqstat->qs_iwarnlimit)) | |
504 | break; | |
505 | ret = 0; | |
506 | break; | |
507 | default: | |
508 | ret = sys_quotactl(cmd, special, id, addr); | |
509 | } | |
510 | return ret; | |
511 | } | |
512 | #endif |