1/*
2 * Copyright (c) 1982, 1986 Regents of the University of California.
3 * All rights reserved.
4 *
5 * This code is derived from software contributed to Berkeley by
6 * Robert Elz at The University of Melbourne.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 *    notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 *    notice, this list of conditions and the following disclaimer in the
15 *    documentation and/or other materials provided with the distribution.
16 * 3. Neither the name of the University nor the names of its contributors
17 *    may be used to endorse or promote products derived from this software
18 *    without specific prior written permission.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 * SUCH DAMAGE.
31 */
32#ifndef _LINUX_QUOTA_
33#define _LINUX_QUOTA_
34
35#include <linux/list.h>
36#include <linux/mutex.h>
37#include <linux/rwsem.h>
38#include <linux/spinlock.h>
39#include <linux/wait.h>
40#include <linux/percpu_counter.h>
41
42#include <linux/dqblk_xfs.h>
43#include <linux/dqblk_v1.h>
44#include <linux/dqblk_v2.h>
45
46#include <linux/atomic.h>
47#include <linux/uidgid.h>
48#include <linux/projid.h>
49#include <uapi/linux/quota.h>
50
51#undef USRQUOTA
52#undef GRPQUOTA
53#undef PRJQUOTA
54enum quota_type {
55	USRQUOTA = 0,		/* element used for user quotas */
56	GRPQUOTA = 1,		/* element used for group quotas */
57	PRJQUOTA = 2,		/* element used for project quotas */
58};
59
60/* Masks for quota types when used as a bitmask */
61#define QTYPE_MASK_USR (1 << USRQUOTA)
62#define QTYPE_MASK_GRP (1 << GRPQUOTA)
63#define QTYPE_MASK_PRJ (1 << PRJQUOTA)
64
65typedef __kernel_uid32_t qid_t; /* Type in which we store ids in memory */
66typedef long long qsize_t;	/* Type in which we store sizes */
67
68struct kqid {			/* Type in which we store the quota identifier */
69	union {
70		kuid_t uid;
71		kgid_t gid;
72		kprojid_t projid;
73	};
74	enum quota_type type;  /* USRQUOTA (uid) or GRPQUOTA (gid) or PRJQUOTA (projid) */
75};
76
77extern bool qid_eq(struct kqid left, struct kqid right);
78extern bool qid_lt(struct kqid left, struct kqid right);
79extern qid_t from_kqid(struct user_namespace *to, struct kqid qid);
80extern qid_t from_kqid_munged(struct user_namespace *to, struct kqid qid);
81extern bool qid_valid(struct kqid qid);
82
83/**
84 *	make_kqid - Map a user-namespace, type, qid tuple into a kqid.
85 *	@from: User namespace that the qid is in
86 *	@type: The type of quota
87 *	@qid: Quota identifier
88 *
89 *	Maps a user-namespace, type qid tuple into a kernel internal
90 *	kqid, and returns that kqid.
91 *
92 *	When there is no mapping defined for the user-namespace, type,
93 *	qid tuple an invalid kqid is returned.  Callers are expected to
94 *	test for and handle handle invalid kqids being returned.
95 *	Invalid kqids may be tested for using qid_valid().
96 */
97static inline struct kqid make_kqid(struct user_namespace *from,
98				    enum quota_type type, qid_t qid)
99{
100	struct kqid kqid;
101
102	kqid.type = type;
103	switch (type) {
104	case USRQUOTA:
105		kqid.uid = make_kuid(from, qid);
106		break;
107	case GRPQUOTA:
108		kqid.gid = make_kgid(from, qid);
109		break;
110	case PRJQUOTA:
111		kqid.projid = make_kprojid(from, qid);
112		break;
113	default:
114		BUG();
115	}
116	return kqid;
117}
118
119/**
120 *	make_kqid_invalid - Explicitly make an invalid kqid
121 *	@type: The type of quota identifier
122 *
123 *	Returns an invalid kqid with the specified type.
124 */
125static inline struct kqid make_kqid_invalid(enum quota_type type)
126{
127	struct kqid kqid;
128
129	kqid.type = type;
130	switch (type) {
131	case USRQUOTA:
132		kqid.uid = INVALID_UID;
133		break;
134	case GRPQUOTA:
135		kqid.gid = INVALID_GID;
136		break;
137	case PRJQUOTA:
138		kqid.projid = INVALID_PROJID;
139		break;
140	default:
141		BUG();
142	}
143	return kqid;
144}
145
146/**
147 *	make_kqid_uid - Make a kqid from a kuid
148 *	@uid: The kuid to make the quota identifier from
149 */
150static inline struct kqid make_kqid_uid(kuid_t uid)
151{
152	struct kqid kqid;
153	kqid.type = USRQUOTA;
154	kqid.uid = uid;
155	return kqid;
156}
157
158/**
159 *	make_kqid_gid - Make a kqid from a kgid
160 *	@gid: The kgid to make the quota identifier from
161 */
162static inline struct kqid make_kqid_gid(kgid_t gid)
163{
164	struct kqid kqid;
165	kqid.type = GRPQUOTA;
166	kqid.gid = gid;
167	return kqid;
168}
169
170/**
171 *	make_kqid_projid - Make a kqid from a projid
172 *	@projid: The kprojid to make the quota identifier from
173 */
174static inline struct kqid make_kqid_projid(kprojid_t projid)
175{
176	struct kqid kqid;
177	kqid.type = PRJQUOTA;
178	kqid.projid = projid;
179	return kqid;
180}
181
182
183extern spinlock_t dq_data_lock;
184
185/* Maximal numbers of writes for quota operation (insert/delete/update)
186 * (over VFS all formats) */
187#define DQUOT_INIT_ALLOC max(V1_INIT_ALLOC, V2_INIT_ALLOC)
188#define DQUOT_INIT_REWRITE max(V1_INIT_REWRITE, V2_INIT_REWRITE)
189#define DQUOT_DEL_ALLOC max(V1_DEL_ALLOC, V2_DEL_ALLOC)
190#define DQUOT_DEL_REWRITE max(V1_DEL_REWRITE, V2_DEL_REWRITE)
191
192/*
193 * Data for one user/group kept in memory
194 */
195struct mem_dqblk {
196	qsize_t dqb_bhardlimit;	/* absolute limit on disk blks alloc */
197	qsize_t dqb_bsoftlimit;	/* preferred limit on disk blks */
198	qsize_t dqb_curspace;	/* current used space */
199	qsize_t dqb_rsvspace;   /* current reserved space for delalloc*/
200	qsize_t dqb_ihardlimit;	/* absolute limit on allocated inodes */
201	qsize_t dqb_isoftlimit;	/* preferred inode limit */
202	qsize_t dqb_curinodes;	/* current # allocated inodes */
203	time_t dqb_btime;	/* time limit for excessive disk use */
204	time_t dqb_itime;	/* time limit for excessive inode use */
205};
206
207/*
208 * Data for one quotafile kept in memory
209 */
210struct quota_format_type;
211
212struct mem_dqinfo {
213	struct quota_format_type *dqi_format;
214	int dqi_fmt_id;		/* Id of the dqi_format - used when turning
215				 * quotas on after remount RW */
216	struct list_head dqi_dirty_list;	/* List of dirty dquots */
217	unsigned long dqi_flags;
218	unsigned int dqi_bgrace;
219	unsigned int dqi_igrace;
220	qsize_t dqi_max_spc_limit;
221	qsize_t dqi_max_ino_limit;
222	void *dqi_priv;
223};
224
225struct super_block;
226
227/* Mask for flags passed to userspace */
228#define DQF_GETINFO_MASK (DQF_ROOT_SQUASH | DQF_SYS_FILE)
229/* Mask for flags modifiable from userspace */
230#define DQF_SETINFO_MASK DQF_ROOT_SQUASH
231
232enum {
233	DQF_INFO_DIRTY_B = DQF_PRIVATE,
234};
235#define DQF_INFO_DIRTY (1 << DQF_INFO_DIRTY_B)	/* Is info dirty? */
236
237extern void mark_info_dirty(struct super_block *sb, int type);
238static inline int info_dirty(struct mem_dqinfo *info)
239{
240	return test_bit(DQF_INFO_DIRTY_B, &info->dqi_flags);
241}
242
243enum {
244	DQST_LOOKUPS,
245	DQST_DROPS,
246	DQST_READS,
247	DQST_WRITES,
248	DQST_CACHE_HITS,
249	DQST_ALLOC_DQUOTS,
250	DQST_FREE_DQUOTS,
251	DQST_SYNCS,
252	_DQST_DQSTAT_LAST
253};
254
255struct dqstats {
256	int stat[_DQST_DQSTAT_LAST];
257	struct percpu_counter counter[_DQST_DQSTAT_LAST];
258};
259
260extern struct dqstats *dqstats_pcpu;
261extern struct dqstats dqstats;
262
263static inline void dqstats_inc(unsigned int type)
264{
265	percpu_counter_inc(&dqstats.counter[type]);
266}
267
268static inline void dqstats_dec(unsigned int type)
269{
270	percpu_counter_dec(&dqstats.counter[type]);
271}
272
273#define DQ_MOD_B	0	/* dquot modified since read */
274#define DQ_BLKS_B	1	/* uid/gid has been warned about blk limit */
275#define DQ_INODES_B	2	/* uid/gid has been warned about inode limit */
276#define DQ_FAKE_B	3	/* no limits only usage */
277#define DQ_READ_B	4	/* dquot was read into memory */
278#define DQ_ACTIVE_B	5	/* dquot is active (dquot_release not called) */
279#define DQ_LASTSET_B	6	/* Following 6 bits (see QIF_) are reserved\
280				 * for the mask of entries set via SETQUOTA\
281				 * quotactl. They are set under dq_data_lock\
282				 * and the quota format handling dquot can\
283				 * clear them when it sees fit. */
284
285struct dquot {
286	struct hlist_node dq_hash;	/* Hash list in memory */
287	struct list_head dq_inuse;	/* List of all quotas */
288	struct list_head dq_free;	/* Free list element */
289	struct list_head dq_dirty;	/* List of dirty dquots */
290	struct mutex dq_lock;		/* dquot IO lock */
291	atomic_t dq_count;		/* Use count */
292	wait_queue_head_t dq_wait_unused;	/* Wait queue for dquot to become unused */
293	struct super_block *dq_sb;	/* superblock this applies to */
294	struct kqid dq_id;		/* ID this applies to (uid, gid, projid) */
295	loff_t dq_off;			/* Offset of dquot on disk */
296	unsigned long dq_flags;		/* See DQ_* */
297	struct mem_dqblk dq_dqb;	/* Diskquota usage */
298};
299
300/* Operations which must be implemented by each quota format */
301struct quota_format_ops {
302	int (*check_quota_file)(struct super_block *sb, int type);	/* Detect whether file is in our format */
303	int (*read_file_info)(struct super_block *sb, int type);	/* Read main info about file - called on quotaon() */
304	int (*write_file_info)(struct super_block *sb, int type);	/* Write main info about file */
305	int (*free_file_info)(struct super_block *sb, int type);	/* Called on quotaoff() */
306	int (*read_dqblk)(struct dquot *dquot);		/* Read structure for one user */
307	int (*commit_dqblk)(struct dquot *dquot);	/* Write structure for one user */
308	int (*release_dqblk)(struct dquot *dquot);	/* Called when last reference to dquot is being dropped */
309};
310
311/* Operations working with dquots */
312struct dquot_operations {
313	int (*write_dquot) (struct dquot *);		/* Ordinary dquot write */
314	struct dquot *(*alloc_dquot)(struct super_block *, int);	/* Allocate memory for new dquot */
315	void (*destroy_dquot)(struct dquot *);		/* Free memory for dquot */
316	int (*acquire_dquot) (struct dquot *);		/* Quota is going to be created on disk */
317	int (*release_dquot) (struct dquot *);		/* Quota is going to be deleted from disk */
318	int (*mark_dirty) (struct dquot *);		/* Dquot is marked dirty */
319	int (*write_info) (struct super_block *, int);	/* Write of quota "superblock" */
320	/* get reserved quota for delayed alloc, value returned is managed by
321	 * quota code only */
322	qsize_t *(*get_reserved_space) (struct inode *);
323	int (*get_projid) (struct inode *, kprojid_t *);/* Get project ID */
324};
325
326struct path;
327
328/* Structure for communicating via ->get_dqblk() & ->set_dqblk() */
329struct qc_dqblk {
330	int d_fieldmask;	/* mask of fields to change in ->set_dqblk() */
331	u64 d_spc_hardlimit;	/* absolute limit on used space */
332	u64 d_spc_softlimit;	/* preferred limit on used space */
333	u64 d_ino_hardlimit;	/* maximum # allocated inodes */
334	u64 d_ino_softlimit;	/* preferred inode limit */
335	u64 d_space;		/* Space owned by the user */
336	u64 d_ino_count;	/* # inodes owned by the user */
337	s64 d_ino_timer;	/* zero if within inode limits */
338				/* if not, we refuse service */
339	s64 d_spc_timer;	/* similar to above; for space */
340	int d_ino_warns;	/* # warnings issued wrt num inodes */
341	int d_spc_warns;	/* # warnings issued wrt used space */
342	u64 d_rt_spc_hardlimit;	/* absolute limit on realtime space */
343	u64 d_rt_spc_softlimit;	/* preferred limit on RT space */
344	u64 d_rt_space;		/* realtime space owned */
345	s64 d_rt_spc_timer;	/* similar to above; for RT space */
346	int d_rt_spc_warns;	/* # warnings issued wrt RT space */
347};
348
349/*
350 * Field specifiers for ->set_dqblk() in struct qc_dqblk and also for
351 * ->set_info() in struct qc_info
352 */
353#define	QC_INO_SOFT	(1<<0)
354#define	QC_INO_HARD	(1<<1)
355#define	QC_SPC_SOFT	(1<<2)
356#define	QC_SPC_HARD	(1<<3)
357#define	QC_RT_SPC_SOFT	(1<<4)
358#define	QC_RT_SPC_HARD	(1<<5)
359#define QC_LIMIT_MASK (QC_INO_SOFT | QC_INO_HARD | QC_SPC_SOFT | QC_SPC_HARD | \
360		       QC_RT_SPC_SOFT | QC_RT_SPC_HARD)
361#define	QC_SPC_TIMER	(1<<6)
362#define	QC_INO_TIMER	(1<<7)
363#define	QC_RT_SPC_TIMER	(1<<8)
364#define QC_TIMER_MASK (QC_SPC_TIMER | QC_INO_TIMER | QC_RT_SPC_TIMER)
365#define	QC_SPC_WARNS	(1<<9)
366#define	QC_INO_WARNS	(1<<10)
367#define	QC_RT_SPC_WARNS	(1<<11)
368#define QC_WARNS_MASK (QC_SPC_WARNS | QC_INO_WARNS | QC_RT_SPC_WARNS)
369#define	QC_SPACE	(1<<12)
370#define	QC_INO_COUNT	(1<<13)
371#define	QC_RT_SPACE	(1<<14)
372#define QC_ACCT_MASK (QC_SPACE | QC_INO_COUNT | QC_RT_SPACE)
373#define QC_FLAGS	(1<<15)
374
375#define QCI_SYSFILE		(1 << 0)	/* Quota file is hidden from userspace */
376#define QCI_ROOT_SQUASH		(1 << 1)	/* Root squash turned on */
377#define QCI_ACCT_ENABLED	(1 << 2)	/* Quota accounting enabled */
378#define QCI_LIMITS_ENFORCED	(1 << 3)	/* Quota limits enforced */
379
380/* Structures for communicating via ->get_state */
381struct qc_type_state {
382	unsigned int flags;		/* Flags QCI_* */
383	unsigned int spc_timelimit;	/* Time after which space softlimit is
384					 * enforced */
385	unsigned int ino_timelimit;	/* Ditto for inode softlimit */
386	unsigned int rt_spc_timelimit;	/* Ditto for real-time space */
387	unsigned int spc_warnlimit;	/* Limit for number of space warnings */
388	unsigned int ino_warnlimit;	/* Ditto for inodes */
389	unsigned int rt_spc_warnlimit;	/* Ditto for real-time space */
390	unsigned long long ino;		/* Inode number of quota file */
391	blkcnt_t blocks;		/* Number of 512-byte blocks in the file */
392	blkcnt_t nextents;		/* Number of extents in the file */
393};
394
395struct qc_state {
396	unsigned int s_incoredqs;	/* Number of dquots in core */
397	/*
398	 * Per quota type information. The array should really have
399	 * max(MAXQUOTAS, XQM_MAXQUOTAS) entries. BUILD_BUG_ON in
400	 * quota_getinfo() makes sure XQM_MAXQUOTAS is large enough.  Once VFS
401	 * supports project quotas, this can be changed to MAXQUOTAS
402	 */
403	struct qc_type_state s_state[XQM_MAXQUOTAS];
404};
405
406/* Structure for communicating via ->set_info */
407struct qc_info {
408	int i_fieldmask;	/* mask of fields to change in ->set_info() */
409	unsigned int i_flags;		/* Flags QCI_* */
410	unsigned int i_spc_timelimit;	/* Time after which space softlimit is
411					 * enforced */
412	unsigned int i_ino_timelimit;	/* Ditto for inode softlimit */
413	unsigned int i_rt_spc_timelimit;/* Ditto for real-time space */
414	unsigned int i_spc_warnlimit;	/* Limit for number of space warnings */
415	unsigned int i_ino_warnlimit;	/* Limit for number of inode warnings */
416	unsigned int i_rt_spc_warnlimit;	/* Ditto for real-time space */
417};
418
419/* Operations handling requests from userspace */
420struct quotactl_ops {
421	int (*quota_on)(struct super_block *, int, int, struct path *);
422	int (*quota_off)(struct super_block *, int);
423	int (*quota_enable)(struct super_block *, unsigned int);
424	int (*quota_disable)(struct super_block *, unsigned int);
425	int (*quota_sync)(struct super_block *, int);
426	int (*set_info)(struct super_block *, int, struct qc_info *);
427	int (*get_dqblk)(struct super_block *, struct kqid, struct qc_dqblk *);
428	int (*set_dqblk)(struct super_block *, struct kqid, struct qc_dqblk *);
429	int (*get_state)(struct super_block *, struct qc_state *);
430	int (*rm_xquota)(struct super_block *, unsigned int);
431};
432
433struct quota_format_type {
434	int qf_fmt_id;	/* Quota format id */
435	const struct quota_format_ops *qf_ops;	/* Operations of format */
436	struct module *qf_owner;		/* Module implementing quota format */
437	struct quota_format_type *qf_next;
438};
439
440/**
441 * Quota state flags - they actually come in two flavors - for users and groups.
442 *
443 * Actual typed flags layout:
444 *				USRQUOTA	GRPQUOTA
445 *  DQUOT_USAGE_ENABLED		0x0001		0x0002
446 *  DQUOT_LIMITS_ENABLED	0x0004		0x0008
447 *  DQUOT_SUSPENDED		0x0010		0x0020
448 *
449 * Following bits are used for non-typed flags:
450 *  DQUOT_QUOTA_SYS_FILE	0x0040
451 *  DQUOT_NEGATIVE_USAGE	0x0080
452 */
453enum {
454	_DQUOT_USAGE_ENABLED = 0,		/* Track disk usage for users */
455	_DQUOT_LIMITS_ENABLED,			/* Enforce quota limits for users */
456	_DQUOT_SUSPENDED,			/* User diskquotas are off, but
457						 * we have necessary info in
458						 * memory to turn them on */
459	_DQUOT_STATE_FLAGS
460};
461#define DQUOT_USAGE_ENABLED	(1 << _DQUOT_USAGE_ENABLED * MAXQUOTAS)
462#define DQUOT_LIMITS_ENABLED	(1 << _DQUOT_LIMITS_ENABLED * MAXQUOTAS)
463#define DQUOT_SUSPENDED		(1 << _DQUOT_SUSPENDED * MAXQUOTAS)
464#define DQUOT_STATE_FLAGS	(DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED | \
465				 DQUOT_SUSPENDED)
466/* Other quota flags */
467#define DQUOT_STATE_LAST	(_DQUOT_STATE_FLAGS * MAXQUOTAS)
468#define DQUOT_QUOTA_SYS_FILE	(1 << DQUOT_STATE_LAST)
469						/* Quota file is a special
470						 * system file and user cannot
471						 * touch it. Filesystem is
472						 * responsible for setting
473						 * S_NOQUOTA, S_NOATIME flags
474						 */
475#define DQUOT_NEGATIVE_USAGE	(1 << (DQUOT_STATE_LAST + 1))
476					       /* Allow negative quota usage */
477static inline unsigned int dquot_state_flag(unsigned int flags, int type)
478{
479	return flags << type;
480}
481
482static inline unsigned int dquot_generic_flag(unsigned int flags, int type)
483{
484	return (flags >> type) & DQUOT_STATE_FLAGS;
485}
486
487/* Bitmap of quota types where flag is set in flags */
488static __always_inline unsigned dquot_state_types(unsigned flags, unsigned flag)
489{
490	BUILD_BUG_ON_NOT_POWER_OF_2(flag);
491	return (flags / flag) & ((1 << MAXQUOTAS) - 1);
492}
493
494#ifdef CONFIG_QUOTA_NETLINK_INTERFACE
495extern void quota_send_warning(struct kqid qid, dev_t dev,
496			       const char warntype);
497#else
498static inline void quota_send_warning(struct kqid qid, dev_t dev,
499				      const char warntype)
500{
501	return;
502}
503#endif /* CONFIG_QUOTA_NETLINK_INTERFACE */
504
505struct quota_info {
506	unsigned int flags;			/* Flags for diskquotas on this device */
507	struct mutex dqio_mutex;		/* lock device while I/O in progress */
508	struct mutex dqonoff_mutex;		/* Serialize quotaon & quotaoff */
509	struct inode *files[MAXQUOTAS];		/* inodes of quotafiles */
510	struct mem_dqinfo info[MAXQUOTAS];	/* Information for each quota type */
511	const struct quota_format_ops *ops[MAXQUOTAS];	/* Operations for each type */
512};
513
514int register_quota_format(struct quota_format_type *fmt);
515void unregister_quota_format(struct quota_format_type *fmt);
516
517struct quota_module_name {
518	int qm_fmt_id;
519	char *qm_mod_name;
520};
521
522#define INIT_QUOTA_MODULE_NAMES {\
523	{QFMT_VFS_OLD, "quota_v1"},\
524	{QFMT_VFS_V0, "quota_v2"},\
525	{QFMT_VFS_V1, "quota_v2"},\
526	{0, NULL}}
527
528#endif /* _QUOTA_ */
529