]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Quota code necessary even when VFS quota support is not compiled | |
3 | * into the kernel. The interesting stuff is over in dquot.c, here | |
4 | * we have symbols for initial quotactl(2) handling, the sysctl(2) | |
5 | * variables, etc - things needed even when quota support disabled. | |
6 | */ | |
7 | ||
8 | #include <linux/fs.h> | |
9 | #include <linux/namei.h> | |
10 | #include <linux/slab.h> | |
11 | #include <asm/current.h> | |
12 | #include <linux/uaccess.h> | |
13 | #include <linux/kernel.h> | |
14 | #include <linux/security.h> | |
15 | #include <linux/syscalls.h> | |
16 | #include <linux/capability.h> | |
17 | #include <linux/quotaops.h> | |
18 | #include <linux/types.h> | |
19 | #include <linux/writeback.h> | |
20 | ||
21 | static int check_quotactl_permission(struct super_block *sb, int type, int cmd, | |
22 | qid_t id) | |
23 | { | |
24 | switch (cmd) { | |
25 | /* these commands do not require any special privilegues */ | |
26 | case Q_GETFMT: | |
27 | case Q_SYNC: | |
28 | case Q_GETINFO: | |
29 | case Q_XGETQSTAT: | |
30 | case Q_XGETQSTATV: | |
31 | case Q_XQUOTASYNC: | |
32 | break; | |
33 | /* allow to query information for dquots we "own" */ | |
34 | case Q_GETQUOTA: | |
35 | case Q_XGETQUOTA: | |
36 | if ((type == USRQUOTA && uid_eq(current_euid(), make_kuid(current_user_ns(), id))) || | |
37 | (type == GRPQUOTA && in_egroup_p(make_kgid(current_user_ns(), id)))) | |
38 | break; | |
39 | /*FALLTHROUGH*/ | |
40 | default: | |
41 | if (!capable(CAP_SYS_ADMIN)) | |
42 | return -EPERM; | |
43 | } | |
44 | ||
45 | return security_quotactl(cmd, type, id, sb); | |
46 | } | |
47 | ||
48 | static void quota_sync_one(struct super_block *sb, void *arg) | |
49 | { | |
50 | int type = *(int *)arg; | |
51 | ||
52 | if (sb->s_qcop && sb->s_qcop->quota_sync && | |
53 | (sb->s_quota_types & (1 << type))) | |
54 | sb->s_qcop->quota_sync(sb, type); | |
55 | } | |
56 | ||
57 | static int quota_sync_all(int type) | |
58 | { | |
59 | int ret; | |
60 | ||
61 | if (type >= MAXQUOTAS) | |
62 | return -EINVAL; | |
63 | ret = security_quotactl(Q_SYNC, type, 0, NULL); | |
64 | if (!ret) | |
65 | iterate_supers(quota_sync_one, &type); | |
66 | return ret; | |
67 | } | |
68 | ||
69 | static int quota_quotaon(struct super_block *sb, int type, int cmd, qid_t id, | |
70 | struct path *path) | |
71 | { | |
72 | if (!sb->s_qcop->quota_on && !sb->s_qcop->quota_on_meta) | |
73 | return -ENOSYS; | |
74 | if (sb->s_qcop->quota_on_meta) | |
75 | return sb->s_qcop->quota_on_meta(sb, type, id); | |
76 | if (IS_ERR(path)) | |
77 | return PTR_ERR(path); | |
78 | return sb->s_qcop->quota_on(sb, type, id, path); | |
79 | } | |
80 | ||
81 | static int quota_getfmt(struct super_block *sb, int type, void __user *addr) | |
82 | { | |
83 | __u32 fmt; | |
84 | ||
85 | mutex_lock(&sb_dqopt(sb)->dqonoff_mutex); | |
86 | if (!sb_has_quota_active(sb, type)) { | |
87 | mutex_unlock(&sb_dqopt(sb)->dqonoff_mutex); | |
88 | return -ESRCH; | |
89 | } | |
90 | fmt = sb_dqopt(sb)->info[type].dqi_format->qf_fmt_id; | |
91 | mutex_unlock(&sb_dqopt(sb)->dqonoff_mutex); | |
92 | if (copy_to_user(addr, &fmt, sizeof(fmt))) | |
93 | return -EFAULT; | |
94 | return 0; | |
95 | } | |
96 | ||
97 | static int quota_getinfo(struct super_block *sb, int type, void __user *addr) | |
98 | { | |
99 | struct if_dqinfo info; | |
100 | int ret; | |
101 | ||
102 | if (!sb->s_qcop->get_info) | |
103 | return -ENOSYS; | |
104 | ret = sb->s_qcop->get_info(sb, type, &info); | |
105 | if (!ret && copy_to_user(addr, &info, sizeof(info))) | |
106 | return -EFAULT; | |
107 | return ret; | |
108 | } | |
109 | ||
110 | static int quota_setinfo(struct super_block *sb, int type, void __user *addr) | |
111 | { | |
112 | struct if_dqinfo info; | |
113 | ||
114 | if (copy_from_user(&info, addr, sizeof(info))) | |
115 | return -EFAULT; | |
116 | if (!sb->s_qcop->set_info) | |
117 | return -ENOSYS; | |
118 | return sb->s_qcop->set_info(sb, type, &info); | |
119 | } | |
120 | ||
121 | static void copy_to_if_dqblk(struct if_dqblk *dst, struct fs_disk_quota *src) | |
122 | { | |
123 | memset(dst, 0, sizeof(*dst)); | |
124 | dst->dqb_bhardlimit = src->d_blk_hardlimit; | |
125 | dst->dqb_bsoftlimit = src->d_blk_softlimit; | |
126 | dst->dqb_curspace = src->d_bcount; | |
127 | dst->dqb_ihardlimit = src->d_ino_hardlimit; | |
128 | dst->dqb_isoftlimit = src->d_ino_softlimit; | |
129 | dst->dqb_curinodes = src->d_icount; | |
130 | dst->dqb_btime = src->d_btimer; | |
131 | dst->dqb_itime = src->d_itimer; | |
132 | dst->dqb_valid = QIF_ALL; | |
133 | } | |
134 | ||
135 | static int quota_getquota(struct super_block *sb, int type, qid_t id, | |
136 | void __user *addr) | |
137 | { | |
138 | struct kqid qid; | |
139 | struct fs_disk_quota fdq; | |
140 | struct if_dqblk idq; | |
141 | int ret; | |
142 | ||
143 | if (!sb->s_qcop->get_dqblk) | |
144 | return -ENOSYS; | |
145 | qid = make_kqid(current_user_ns(), type, id); | |
146 | if (!qid_valid(qid)) | |
147 | return -EINVAL; | |
148 | ret = sb->s_qcop->get_dqblk(sb, qid, &fdq); | |
149 | if (ret) | |
150 | return ret; | |
151 | copy_to_if_dqblk(&idq, &fdq); | |
152 | if (copy_to_user(addr, &idq, sizeof(idq))) | |
153 | return -EFAULT; | |
154 | return 0; | |
155 | } | |
156 | ||
157 | static void copy_from_if_dqblk(struct fs_disk_quota *dst, struct if_dqblk *src) | |
158 | { | |
159 | dst->d_blk_hardlimit = src->dqb_bhardlimit; | |
160 | dst->d_blk_softlimit = src->dqb_bsoftlimit; | |
161 | dst->d_bcount = src->dqb_curspace; | |
162 | dst->d_ino_hardlimit = src->dqb_ihardlimit; | |
163 | dst->d_ino_softlimit = src->dqb_isoftlimit; | |
164 | dst->d_icount = src->dqb_curinodes; | |
165 | dst->d_btimer = src->dqb_btime; | |
166 | dst->d_itimer = src->dqb_itime; | |
167 | ||
168 | dst->d_fieldmask = 0; | |
169 | if (src->dqb_valid & QIF_BLIMITS) | |
170 | dst->d_fieldmask |= FS_DQ_BSOFT | FS_DQ_BHARD; | |
171 | if (src->dqb_valid & QIF_SPACE) | |
172 | dst->d_fieldmask |= FS_DQ_BCOUNT; | |
173 | if (src->dqb_valid & QIF_ILIMITS) | |
174 | dst->d_fieldmask |= FS_DQ_ISOFT | FS_DQ_IHARD; | |
175 | if (src->dqb_valid & QIF_INODES) | |
176 | dst->d_fieldmask |= FS_DQ_ICOUNT; | |
177 | if (src->dqb_valid & QIF_BTIME) | |
178 | dst->d_fieldmask |= FS_DQ_BTIMER; | |
179 | if (src->dqb_valid & QIF_ITIME) | |
180 | dst->d_fieldmask |= FS_DQ_ITIMER; | |
181 | } | |
182 | ||
183 | static int quota_setquota(struct super_block *sb, int type, qid_t id, | |
184 | void __user *addr) | |
185 | { | |
186 | struct fs_disk_quota fdq; | |
187 | struct if_dqblk idq; | |
188 | struct kqid qid; | |
189 | ||
190 | if (copy_from_user(&idq, addr, sizeof(idq))) | |
191 | return -EFAULT; | |
192 | if (!sb->s_qcop->set_dqblk) | |
193 | return -ENOSYS; | |
194 | qid = make_kqid(current_user_ns(), type, id); | |
195 | if (!qid_valid(qid)) | |
196 | return -EINVAL; | |
197 | copy_from_if_dqblk(&fdq, &idq); | |
198 | return sb->s_qcop->set_dqblk(sb, qid, &fdq); | |
199 | } | |
200 | ||
201 | static int quota_setxstate(struct super_block *sb, int cmd, void __user *addr) | |
202 | { | |
203 | __u32 flags; | |
204 | ||
205 | if (copy_from_user(&flags, addr, sizeof(flags))) | |
206 | return -EFAULT; | |
207 | if (!sb->s_qcop->set_xstate) | |
208 | return -ENOSYS; | |
209 | return sb->s_qcop->set_xstate(sb, flags, cmd); | |
210 | } | |
211 | ||
212 | static int quota_getxstate(struct super_block *sb, void __user *addr) | |
213 | { | |
214 | struct fs_quota_stat fqs; | |
215 | int ret; | |
216 | ||
217 | if (!sb->s_qcop->get_xstate) | |
218 | return -ENOSYS; | |
219 | ret = sb->s_qcop->get_xstate(sb, &fqs); | |
220 | if (!ret && copy_to_user(addr, &fqs, sizeof(fqs))) | |
221 | return -EFAULT; | |
222 | return ret; | |
223 | } | |
224 | ||
225 | static int quota_getxstatev(struct super_block *sb, void __user *addr) | |
226 | { | |
227 | struct fs_quota_statv fqs; | |
228 | int ret; | |
229 | ||
230 | if (!sb->s_qcop->get_xstatev) | |
231 | return -ENOSYS; | |
232 | ||
233 | memset(&fqs, 0, sizeof(fqs)); | |
234 | if (copy_from_user(&fqs, addr, 1)) /* Just read qs_version */ | |
235 | return -EFAULT; | |
236 | ||
237 | /* If this kernel doesn't support user specified version, fail */ | |
238 | switch (fqs.qs_version) { | |
239 | case FS_QSTATV_VERSION1: | |
240 | break; | |
241 | default: | |
242 | return -EINVAL; | |
243 | } | |
244 | ret = sb->s_qcop->get_xstatev(sb, &fqs); | |
245 | if (!ret && copy_to_user(addr, &fqs, sizeof(fqs))) | |
246 | return -EFAULT; | |
247 | return ret; | |
248 | } | |
249 | ||
250 | static int quota_setxquota(struct super_block *sb, int type, qid_t id, | |
251 | void __user *addr) | |
252 | { | |
253 | struct fs_disk_quota fdq; | |
254 | struct kqid qid; | |
255 | ||
256 | if (copy_from_user(&fdq, addr, sizeof(fdq))) | |
257 | return -EFAULT; | |
258 | if (!sb->s_qcop->set_dqblk) | |
259 | return -ENOSYS; | |
260 | qid = make_kqid(current_user_ns(), type, id); | |
261 | if (!qid_valid(qid)) | |
262 | return -EINVAL; | |
263 | return sb->s_qcop->set_dqblk(sb, qid, &fdq); | |
264 | } | |
265 | ||
266 | static int quota_getxquota(struct super_block *sb, int type, qid_t id, | |
267 | void __user *addr) | |
268 | { | |
269 | struct fs_disk_quota fdq; | |
270 | struct kqid qid; | |
271 | int ret; | |
272 | ||
273 | if (!sb->s_qcop->get_dqblk) | |
274 | return -ENOSYS; | |
275 | qid = make_kqid(current_user_ns(), type, id); | |
276 | if (!qid_valid(qid)) | |
277 | return -EINVAL; | |
278 | ret = sb->s_qcop->get_dqblk(sb, qid, &fdq); | |
279 | if (!ret && copy_to_user(addr, &fdq, sizeof(fdq))) | |
280 | return -EFAULT; | |
281 | return ret; | |
282 | } | |
283 | ||
284 | static int quota_rmxquota(struct super_block *sb, void __user *addr) | |
285 | { | |
286 | __u32 flags; | |
287 | ||
288 | if (copy_from_user(&flags, addr, sizeof(flags))) | |
289 | return -EFAULT; | |
290 | if (!sb->s_qcop->rm_xquota) | |
291 | return -ENOSYS; | |
292 | return sb->s_qcop->rm_xquota(sb, flags); | |
293 | } | |
294 | ||
295 | /* Copy parameters and call proper function */ | |
296 | static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id, | |
297 | void __user *addr, struct path *path) | |
298 | { | |
299 | int ret; | |
300 | ||
301 | if (type >= (XQM_COMMAND(cmd) ? XQM_MAXQUOTAS : MAXQUOTAS)) | |
302 | return -EINVAL; | |
303 | /* | |
304 | * Quota not supported on this fs? Check this before s_quota_types | |
305 | * since they needn't be set if quota is not supported at all. | |
306 | */ | |
307 | if (!sb->s_qcop) | |
308 | return -ENOSYS; | |
309 | if (!(sb->s_quota_types & (1 << type))) | |
310 | return -EINVAL; | |
311 | ||
312 | ret = check_quotactl_permission(sb, type, cmd, id); | |
313 | if (ret < 0) | |
314 | return ret; | |
315 | ||
316 | switch (cmd) { | |
317 | case Q_QUOTAON: | |
318 | return quota_quotaon(sb, type, cmd, id, path); | |
319 | case Q_QUOTAOFF: | |
320 | if (!sb->s_qcop->quota_off) | |
321 | return -ENOSYS; | |
322 | return sb->s_qcop->quota_off(sb, type); | |
323 | case Q_GETFMT: | |
324 | return quota_getfmt(sb, type, addr); | |
325 | case Q_GETINFO: | |
326 | return quota_getinfo(sb, type, addr); | |
327 | case Q_SETINFO: | |
328 | return quota_setinfo(sb, type, addr); | |
329 | case Q_GETQUOTA: | |
330 | return quota_getquota(sb, type, id, addr); | |
331 | case Q_SETQUOTA: | |
332 | return quota_setquota(sb, type, id, addr); | |
333 | case Q_SYNC: | |
334 | if (!sb->s_qcop->quota_sync) | |
335 | return -ENOSYS; | |
336 | return sb->s_qcop->quota_sync(sb, type); | |
337 | case Q_XQUOTAON: | |
338 | case Q_XQUOTAOFF: | |
339 | return quota_setxstate(sb, cmd, addr); | |
340 | case Q_XQUOTARM: | |
341 | return quota_rmxquota(sb, addr); | |
342 | case Q_XGETQSTAT: | |
343 | return quota_getxstate(sb, addr); | |
344 | case Q_XGETQSTATV: | |
345 | return quota_getxstatev(sb, addr); | |
346 | case Q_XSETQLIM: | |
347 | return quota_setxquota(sb, type, id, addr); | |
348 | case Q_XGETQUOTA: | |
349 | return quota_getxquota(sb, type, id, addr); | |
350 | case Q_XQUOTASYNC: | |
351 | if (sb->s_flags & MS_RDONLY) | |
352 | return -EROFS; | |
353 | /* XFS quotas are fully coherent now, making this call a noop */ | |
354 | return 0; | |
355 | default: | |
356 | return -EINVAL; | |
357 | } | |
358 | } | |
359 | ||
360 | #ifdef CONFIG_BLOCK | |
361 | ||
362 | /* Return 1 if 'cmd' will block on frozen filesystem */ | |
363 | static int quotactl_cmd_write(int cmd) | |
364 | { | |
365 | switch (cmd) { | |
366 | case Q_GETFMT: | |
367 | case Q_GETINFO: | |
368 | case Q_SYNC: | |
369 | case Q_XGETQSTAT: | |
370 | case Q_XGETQSTATV: | |
371 | case Q_XGETQUOTA: | |
372 | case Q_XQUOTASYNC: | |
373 | return 0; | |
374 | } | |
375 | return 1; | |
376 | } | |
377 | ||
378 | #endif /* CONFIG_BLOCK */ | |
379 | ||
380 | /* | |
381 | * look up a superblock on which quota ops will be performed | |
382 | * - use the name of a block device to find the superblock thereon | |
383 | */ | |
384 | static struct super_block *quotactl_block(const char __user *special, int cmd) | |
385 | { | |
386 | #ifdef CONFIG_BLOCK | |
387 | struct block_device *bdev; | |
388 | struct super_block *sb; | |
389 | struct filename *tmp = getname(special); | |
390 | ||
391 | if (IS_ERR(tmp)) | |
392 | return ERR_CAST(tmp); | |
393 | bdev = lookup_bdev(tmp->name); | |
394 | putname(tmp); | |
395 | if (IS_ERR(bdev)) | |
396 | return ERR_CAST(bdev); | |
397 | if (quotactl_cmd_write(cmd)) | |
398 | sb = get_super_thawed(bdev); | |
399 | else | |
400 | sb = get_super(bdev); | |
401 | bdput(bdev); | |
402 | if (!sb) | |
403 | return ERR_PTR(-ENODEV); | |
404 | ||
405 | return sb; | |
406 | #else | |
407 | return ERR_PTR(-ENODEV); | |
408 | #endif | |
409 | } | |
410 | ||
411 | /* | |
412 | * This is the system call interface. This communicates with | |
413 | * the user-level programs. Currently this only supports diskquota | |
414 | * calls. Maybe we need to add the process quotas etc. in the future, | |
415 | * but we probably should use rlimits for that. | |
416 | */ | |
417 | SYSCALL_DEFINE4(quotactl, unsigned int, cmd, const char __user *, special, | |
418 | qid_t, id, void __user *, addr) | |
419 | { | |
420 | uint cmds, type; | |
421 | struct super_block *sb = NULL; | |
422 | struct path path, *pathp = NULL; | |
423 | int ret; | |
424 | ||
425 | cmds = cmd >> SUBCMDSHIFT; | |
426 | type = cmd & SUBCMDMASK; | |
427 | ||
428 | /* | |
429 | * As a special case Q_SYNC can be called without a specific device. | |
430 | * It will iterate all superblocks that have quota enabled and call | |
431 | * the sync action on each of them. | |
432 | */ | |
433 | if (!special) { | |
434 | if (cmds == Q_SYNC) | |
435 | return quota_sync_all(type); | |
436 | return -ENODEV; | |
437 | } | |
438 | ||
439 | /* | |
440 | * Path for quotaon has to be resolved before grabbing superblock | |
441 | * because that gets s_umount sem which is also possibly needed by path | |
442 | * resolution (think about autofs) and thus deadlocks could arise. | |
443 | */ | |
444 | if (cmds == Q_QUOTAON) { | |
445 | ret = user_path_at(AT_FDCWD, addr, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &path); | |
446 | if (ret) | |
447 | pathp = ERR_PTR(ret); | |
448 | else | |
449 | pathp = &path; | |
450 | } | |
451 | ||
452 | sb = quotactl_block(special, cmds); | |
453 | if (IS_ERR(sb)) { | |
454 | ret = PTR_ERR(sb); | |
455 | goto out; | |
456 | } | |
457 | ||
458 | ret = do_quotactl(sb, type, cmds, id, addr, pathp); | |
459 | ||
460 | drop_super(sb); | |
461 | out: | |
462 | if (pathp && !IS_ERR(pathp)) | |
463 | path_put(pathp); | |
464 | return ret; | |
465 | } |