]>
Commit | Line | Data |
---|---|---|
9bccf70c | 1 | /* |
b0d623f7 | 2 | * Copyright (c) 2002-2008 Apple Inc. All rights reserved. |
9bccf70c | 3 | * |
2d21ac55 | 4 | * @APPLE_OSREFERENCE_LICENSE_HEADER_START@ |
9bccf70c | 5 | * |
2d21ac55 A |
6 | * This file contains Original Code and/or Modifications of Original Code |
7 | * as defined in and that are subject to the Apple Public Source License | |
8 | * Version 2.0 (the 'License'). You may not use this file except in | |
9 | * compliance with the License. The rights granted to you under the License | |
10 | * may not be used to create, or enable the creation or redistribution of, | |
11 | * unlawful or unlicensed copies of an Apple operating system, or to | |
12 | * circumvent, violate, or enable the circumvention or violation of, any | |
13 | * terms of an Apple operating system software license agreement. | |
8f6c56a5 | 14 | * |
2d21ac55 A |
15 | * Please obtain a copy of the License at |
16 | * http://www.opensource.apple.com/apsl/ and read it before using this file. | |
17 | * | |
18 | * The Original Code and all software distributed under the License are | |
19 | * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER | |
8f6c56a5 A |
20 | * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES, |
21 | * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY, | |
2d21ac55 A |
22 | * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT. |
23 | * Please see the License for the specific language governing rights and | |
24 | * limitations under the License. | |
8f6c56a5 | 25 | * |
2d21ac55 | 26 | * @APPLE_OSREFERENCE_LICENSE_HEADER_END@ |
9bccf70c A |
27 | */ |
28 | /* | |
29 | * Copyright (c) 1982, 1986, 1990, 1993, 1995 | |
30 | * The Regents of the University of California. All rights reserved. | |
31 | * | |
32 | * This code is derived from software contributed to Berkeley by | |
33 | * Robert Elz at The University of Melbourne. | |
34 | * | |
35 | * Redistribution and use in source and binary forms, with or without | |
36 | * modification, are permitted provided that the following conditions | |
37 | * are met: | |
38 | * 1. Redistributions of source code must retain the above copyright | |
39 | * notice, this list of conditions and the following disclaimer. | |
40 | * 2. Redistributions in binary form must reproduce the above copyright | |
41 | * notice, this list of conditions and the following disclaimer in the | |
42 | * documentation and/or other materials provided with the distribution. | |
43 | * 3. All advertising materials mentioning features or use of this software | |
44 | * must display the following acknowledgement: | |
45 | * This product includes software developed by the University of | |
46 | * California, Berkeley and its contributors. | |
47 | * 4. Neither the name of the University nor the names of its contributors | |
48 | * may be used to endorse or promote products derived from this software | |
49 | * without specific prior written permission. | |
50 | * | |
51 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
52 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
53 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
54 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
55 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
56 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
57 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
58 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
59 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
60 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
61 | * SUCH DAMAGE. | |
62 | * | |
63 | * @(#)hfs_quota.c | |
64 | * derived from @(#)ufs_quota.c 8.5 (Berkeley) 5/20/95 | |
65 | */ | |
66 | ||
67 | #include <sys/param.h> | |
68 | #include <sys/kernel.h> | |
69 | #include <sys/systm.h> | |
70 | #include <sys/mount.h> | |
9bccf70c A |
71 | #include <sys/malloc.h> |
72 | #include <sys/file.h> | |
73 | #include <sys/proc.h> | |
91447636 | 74 | #include <sys/kauth.h> |
9bccf70c | 75 | #include <sys/vnode.h> |
2d21ac55 | 76 | #include <sys/vnode_internal.h> |
9bccf70c | 77 | #include <sys/quota.h> |
91447636 A |
78 | #include <sys/proc_internal.h> |
79 | #include <kern/kalloc.h> | |
9bccf70c A |
80 | |
81 | #include <hfs/hfs.h> | |
82 | #include <hfs/hfs_cnode.h> | |
83 | #include <hfs/hfs_quota.h> | |
84 | #include <hfs/hfs_mount.h> | |
85 | ||
2d21ac55 | 86 | |
9bccf70c A |
87 | /* |
88 | * Quota name to error message mapping. | |
89 | */ | |
91447636 | 90 | #if 0 |
9bccf70c | 91 | static char *quotatypes[] = INITQFNAMES; |
91447636 | 92 | #endif |
9bccf70c A |
93 | |
94 | /* | |
95 | * Set up the quotas for a cnode. | |
96 | * | |
97 | * This routine completely defines the semantics of quotas. | |
98 | * If other criterion want to be used to establish quotas, the | |
99 | * MAXQUOTAS value in quotas.h should be increased, and the | |
100 | * additional dquots set up here. | |
101 | */ | |
102 | int | |
103 | hfs_getinoquota(cp) | |
104 | register struct cnode *cp; | |
105 | { | |
106 | struct hfsmount *hfsmp; | |
107 | struct vnode *vp; | |
108 | int error; | |
109 | ||
110 | vp = cp->c_vp ? cp->c_vp : cp->c_rsrc_vp; | |
91447636 | 111 | hfsmp = VTOHFS(vp); |
9bccf70c A |
112 | /* |
113 | * Set up the user quota based on file uid. | |
114 | * EINVAL means that quotas are not enabled. | |
115 | */ | |
116 | if (cp->c_dquot[USRQUOTA] == NODQUOT && | |
117 | (error = | |
91447636 | 118 | dqget(cp->c_uid, &hfsmp->hfs_qfiles[USRQUOTA], USRQUOTA, &cp->c_dquot[USRQUOTA])) && |
9bccf70c A |
119 | error != EINVAL) |
120 | return (error); | |
121 | /* | |
122 | * Set up the group quota based on file gid. | |
123 | * EINVAL means that quotas are not enabled. | |
124 | */ | |
125 | if (cp->c_dquot[GRPQUOTA] == NODQUOT && | |
126 | (error = | |
91447636 | 127 | dqget(cp->c_gid, &hfsmp->hfs_qfiles[GRPQUOTA], GRPQUOTA, &cp->c_dquot[GRPQUOTA])) && |
9bccf70c A |
128 | error != EINVAL) |
129 | return (error); | |
130 | return (0); | |
131 | } | |
132 | ||
133 | /* | |
134 | * Update disk usage, and take corrective action. | |
135 | */ | |
136 | int | |
137 | hfs_chkdq(cp, change, cred, flags) | |
138 | register struct cnode *cp; | |
139 | int64_t change; | |
91447636 | 140 | kauth_cred_t cred; |
9bccf70c A |
141 | int flags; |
142 | { | |
143 | register struct dquot *dq; | |
144 | register int i; | |
145 | int64_t ncurbytes; | |
d7e50217 | 146 | int error=0; |
9bccf70c A |
147 | struct proc *p; |
148 | ||
149 | #if DIAGNOSTIC | |
150 | if ((flags & CHOWN) == 0) | |
151 | hfs_chkdquot(cp); | |
152 | #endif | |
153 | if (change == 0) | |
154 | return (0); | |
155 | if (change < 0) { | |
156 | for (i = 0; i < MAXQUOTAS; i++) { | |
157 | if ((dq = cp->c_dquot[i]) == NODQUOT) | |
158 | continue; | |
91447636 A |
159 | dqlock(dq); |
160 | ||
9bccf70c A |
161 | ncurbytes = dq->dq_curbytes + change; |
162 | if (ncurbytes >= 0) | |
163 | dq->dq_curbytes = ncurbytes; | |
164 | else | |
165 | dq->dq_curbytes = 0; | |
166 | dq->dq_flags &= ~DQ_BLKS; | |
167 | dq->dq_flags |= DQ_MOD; | |
91447636 A |
168 | |
169 | dqunlock(dq); | |
9bccf70c A |
170 | } |
171 | return (0); | |
172 | } | |
173 | p = current_proc(); | |
0c530ab8 A |
174 | /* |
175 | * This use of proc_ucred() is safe because kernproc credential never | |
176 | * changes. | |
177 | */ | |
178 | if (!IS_VALID_CRED(cred)) | |
91447636 A |
179 | cred = proc_ucred(kernproc); |
180 | if (suser(cred, NULL) || proc_forcequota(p)) { | |
9bccf70c A |
181 | for (i = 0; i < MAXQUOTAS; i++) { |
182 | if ((dq = cp->c_dquot[i]) == NODQUOT) | |
183 | continue; | |
d7e50217 A |
184 | error = hfs_chkdqchg(cp, change, cred, i); |
185 | if (error) { | |
186 | break; | |
187 | } | |
9bccf70c A |
188 | } |
189 | } | |
d7e50217 A |
190 | if ((flags & FORCE) || error == 0) { |
191 | for (i = 0; i < MAXQUOTAS; i++) { | |
192 | if ((dq = cp->c_dquot[i]) == NODQUOT) | |
193 | continue; | |
91447636 A |
194 | dqlock(dq); |
195 | ||
d7e50217 A |
196 | dq->dq_curbytes += change; |
197 | dq->dq_flags |= DQ_MOD; | |
91447636 A |
198 | |
199 | dqunlock(dq); | |
9bccf70c | 200 | } |
9bccf70c | 201 | } |
d7e50217 | 202 | return (error); |
9bccf70c A |
203 | } |
204 | ||
205 | /* | |
206 | * Check for a valid change to a users allocation. | |
207 | * Issue an error message if appropriate. | |
208 | */ | |
209 | int | |
210 | hfs_chkdqchg(cp, change, cred, type) | |
211 | struct cnode *cp; | |
212 | int64_t change; | |
91447636 | 213 | kauth_cred_t cred; |
9bccf70c A |
214 | int type; |
215 | { | |
216 | register struct dquot *dq = cp->c_dquot[type]; | |
91447636 | 217 | u_int64_t ncurbytes; |
9bccf70c | 218 | struct vnode *vp = cp->c_vp ? cp->c_vp : cp->c_rsrc_vp; |
91447636 A |
219 | |
220 | dqlock(dq); | |
221 | ||
222 | ncurbytes = dq->dq_curbytes + change; | |
9bccf70c A |
223 | /* |
224 | * If user would exceed their hard limit, disallow space allocation. | |
225 | */ | |
226 | if (ncurbytes >= dq->dq_bhardlimit && dq->dq_bhardlimit) { | |
227 | if ((dq->dq_flags & DQ_BLKS) == 0 && | |
91447636 | 228 | cp->c_uid == kauth_cred_getuid(cred)) { |
d7e50217 | 229 | #if 0 |
b0d623f7 | 230 | printf("\nhfs: write failed, %s disk limit reached\n", |
9bccf70c A |
231 | quotatypes[type]); |
232 | #endif | |
233 | dq->dq_flags |= DQ_BLKS; | |
234 | } | |
91447636 A |
235 | dqunlock(dq); |
236 | ||
9bccf70c A |
237 | return (EDQUOT); |
238 | } | |
239 | /* | |
240 | * If user is over their soft limit for too long, disallow space | |
241 | * allocation. Reset time limit as they cross their soft limit. | |
242 | */ | |
243 | if (ncurbytes >= dq->dq_bsoftlimit && dq->dq_bsoftlimit) { | |
91447636 A |
244 | struct timeval tv; |
245 | ||
246 | microuptime(&tv); | |
9bccf70c | 247 | if (dq->dq_curbytes < dq->dq_bsoftlimit) { |
91447636 A |
248 | dq->dq_btime = tv.tv_sec + |
249 | VTOHFS(vp)->hfs_qfiles[type].qf_btime; | |
d7e50217 | 250 | #if 0 |
91447636 | 251 | if (cp->c_uid == kauth_cred_getuid(cred)) |
b0d623f7 | 252 | printf("\nhfs: warning, %s %s\n", |
9bccf70c A |
253 | quotatypes[type], "disk quota exceeded"); |
254 | #endif | |
91447636 A |
255 | dqunlock(dq); |
256 | ||
9bccf70c A |
257 | return (0); |
258 | } | |
b0d623f7 | 259 | if (tv.tv_sec > (time_t)dq->dq_btime) { |
9bccf70c | 260 | if ((dq->dq_flags & DQ_BLKS) == 0 && |
91447636 | 261 | cp->c_uid == kauth_cred_getuid(cred)) { |
d7e50217 | 262 | #if 0 |
b0d623f7 | 263 | printf("\nhfs: write failed, %s %s\n", |
9bccf70c A |
264 | quotatypes[type], |
265 | "disk quota exceeded for too long"); | |
266 | #endif | |
267 | dq->dq_flags |= DQ_BLKS; | |
268 | } | |
91447636 A |
269 | dqunlock(dq); |
270 | ||
9bccf70c A |
271 | return (EDQUOT); |
272 | } | |
273 | } | |
91447636 A |
274 | dqunlock(dq); |
275 | ||
9bccf70c A |
276 | return (0); |
277 | } | |
278 | ||
279 | /* | |
280 | * Check the inode limit, applying corrective action. | |
281 | */ | |
282 | int | |
283 | hfs_chkiq(cp, change, cred, flags) | |
284 | register struct cnode *cp; | |
b0d623f7 | 285 | int32_t change; |
91447636 | 286 | kauth_cred_t cred; |
9bccf70c A |
287 | int flags; |
288 | { | |
289 | register struct dquot *dq; | |
290 | register int i; | |
d7e50217 | 291 | int ncurinodes, error=0; |
9bccf70c A |
292 | struct proc *p; |
293 | ||
294 | #if DIAGNOSTIC | |
295 | if ((flags & CHOWN) == 0) | |
296 | hfs_chkdquot(cp); | |
297 | #endif | |
298 | if (change == 0) | |
299 | return (0); | |
300 | if (change < 0) { | |
301 | for (i = 0; i < MAXQUOTAS; i++) { | |
302 | if ((dq = cp->c_dquot[i]) == NODQUOT) | |
303 | continue; | |
91447636 A |
304 | dqlock(dq); |
305 | ||
9bccf70c A |
306 | ncurinodes = dq->dq_curinodes + change; |
307 | if (ncurinodes >= 0) | |
308 | dq->dq_curinodes = ncurinodes; | |
309 | else | |
310 | dq->dq_curinodes = 0; | |
311 | dq->dq_flags &= ~DQ_INODS; | |
312 | dq->dq_flags |= DQ_MOD; | |
91447636 A |
313 | |
314 | dqunlock(dq); | |
9bccf70c A |
315 | } |
316 | return (0); | |
317 | } | |
318 | p = current_proc(); | |
0c530ab8 A |
319 | /* |
320 | * This use of proc_ucred() is safe because kernproc credential never | |
321 | * changes. | |
322 | */ | |
323 | if (!IS_VALID_CRED(cred)) | |
91447636 A |
324 | cred = proc_ucred(kernproc); |
325 | if (suser(cred, NULL) || proc_forcequota(p)) { | |
9bccf70c A |
326 | for (i = 0; i < MAXQUOTAS; i++) { |
327 | if ((dq = cp->c_dquot[i]) == NODQUOT) | |
328 | continue; | |
d7e50217 A |
329 | error = hfs_chkiqchg(cp, change, cred, i); |
330 | if (error) { | |
331 | break; | |
332 | } | |
9bccf70c A |
333 | } |
334 | } | |
d7e50217 A |
335 | if ((flags & FORCE) || error == 0) { |
336 | for (i = 0; i < MAXQUOTAS; i++) { | |
337 | if ((dq = cp->c_dquot[i]) == NODQUOT) | |
338 | continue; | |
91447636 A |
339 | dqlock(dq); |
340 | ||
d7e50217 A |
341 | dq->dq_curinodes += change; |
342 | dq->dq_flags |= DQ_MOD; | |
91447636 A |
343 | |
344 | dqunlock(dq); | |
9bccf70c | 345 | } |
9bccf70c | 346 | } |
d7e50217 | 347 | return (error); |
9bccf70c A |
348 | } |
349 | ||
b0d623f7 A |
350 | |
351 | /* | |
352 | * Check to see if a change to a user's allocation should be permitted or not. | |
353 | * Issue an error message if it should not be permitted. Return 0 if | |
354 | * it should be allowed. | |
355 | */ | |
356 | int hfs_isiqchg_allowed(dq, hfsmp, change, cred, type, uid) | |
357 | struct dquot* dq; | |
358 | struct hfsmount* hfsmp; | |
359 | int32_t change; | |
360 | kauth_cred_t cred; | |
361 | int type; | |
362 | uid_t uid; | |
363 | { | |
364 | u_int32_t ncurinodes; | |
365 | ||
366 | dqlock(dq); | |
367 | ||
368 | ncurinodes = dq->dq_curinodes + change; | |
369 | /* | |
370 | * If user would exceed their hard limit, disallow cnode allocation. | |
371 | */ | |
372 | if (ncurinodes >= dq->dq_ihardlimit && dq->dq_ihardlimit) { | |
373 | if ((dq->dq_flags & DQ_INODS) == 0 && | |
374 | uid == kauth_cred_getuid(cred)) { | |
375 | dq->dq_flags |= DQ_INODS; | |
376 | } | |
377 | dqunlock(dq); | |
378 | ||
379 | return (EDQUOT); | |
380 | } | |
381 | /* | |
382 | * If user is over their soft limit for too long, disallow cnode | |
383 | * allocation. Reset time limit as they cross their soft limit. | |
384 | */ | |
385 | if (ncurinodes >= dq->dq_isoftlimit && dq->dq_isoftlimit) { | |
386 | struct timeval tv; | |
387 | ||
388 | microuptime(&tv); | |
389 | if (dq->dq_curinodes < dq->dq_isoftlimit) { | |
390 | dq->dq_itime = tv.tv_sec + hfsmp->hfs_qfiles[type].qf_itime; | |
391 | dqunlock(dq); | |
392 | return (0); | |
393 | } | |
394 | if (tv.tv_sec > (time_t)dq->dq_itime) { | |
395 | if (((dq->dq_flags & DQ_INODS) == 0) && | |
396 | (uid == kauth_cred_getuid(cred))) { | |
397 | dq->dq_flags |= DQ_INODS; | |
398 | } | |
399 | dqunlock(dq); | |
400 | ||
401 | return (EDQUOT); | |
402 | } | |
403 | } | |
404 | dqunlock(dq); | |
405 | ||
406 | return (0); | |
407 | } | |
408 | ||
409 | ||
9bccf70c A |
410 | /* |
411 | * Check for a valid change to a users allocation. | |
412 | * Issue an error message if appropriate. | |
413 | */ | |
414 | int | |
415 | hfs_chkiqchg(cp, change, cred, type) | |
416 | struct cnode *cp; | |
b0d623f7 | 417 | int32_t change; |
91447636 | 418 | kauth_cred_t cred; |
9bccf70c A |
419 | int type; |
420 | { | |
421 | register struct dquot *dq = cp->c_dquot[type]; | |
b0d623f7 | 422 | u_int32_t ncurinodes; |
9bccf70c A |
423 | struct vnode *vp = cp->c_vp ? cp->c_vp : cp->c_rsrc_vp; |
424 | ||
91447636 A |
425 | dqlock(dq); |
426 | ||
427 | ncurinodes = dq->dq_curinodes + change; | |
9bccf70c A |
428 | /* |
429 | * If user would exceed their hard limit, disallow cnode allocation. | |
430 | */ | |
431 | if (ncurinodes >= dq->dq_ihardlimit && dq->dq_ihardlimit) { | |
432 | if ((dq->dq_flags & DQ_INODS) == 0 && | |
91447636 | 433 | cp->c_uid == kauth_cred_getuid(cred)) { |
d7e50217 | 434 | #if 0 |
b0d623f7 | 435 | printf("\nhfs: write failed, %s cnode limit reached\n", |
9bccf70c A |
436 | quotatypes[type]); |
437 | #endif | |
438 | dq->dq_flags |= DQ_INODS; | |
439 | } | |
91447636 A |
440 | dqunlock(dq); |
441 | ||
9bccf70c A |
442 | return (EDQUOT); |
443 | } | |
444 | /* | |
445 | * If user is over their soft limit for too long, disallow cnode | |
446 | * allocation. Reset time limit as they cross their soft limit. | |
447 | */ | |
448 | if (ncurinodes >= dq->dq_isoftlimit && dq->dq_isoftlimit) { | |
91447636 A |
449 | struct timeval tv; |
450 | ||
451 | microuptime(&tv); | |
9bccf70c | 452 | if (dq->dq_curinodes < dq->dq_isoftlimit) { |
91447636 A |
453 | dq->dq_itime = tv.tv_sec + |
454 | VTOHFS(vp)->hfs_qfiles[type].qf_itime; | |
d7e50217 | 455 | #if 0 |
91447636 | 456 | if (cp->c_uid == kauth_cred_getuid(cred)) |
b0d623f7 | 457 | printf("\nhfs: warning, %s %s\n", |
9bccf70c A |
458 | quotatypes[type], "cnode quota exceeded"); |
459 | #endif | |
91447636 A |
460 | dqunlock(dq); |
461 | ||
9bccf70c A |
462 | return (0); |
463 | } | |
b0d623f7 | 464 | if (tv.tv_sec > (time_t)dq->dq_itime) { |
9bccf70c | 465 | if ((dq->dq_flags & DQ_INODS) == 0 && |
91447636 | 466 | cp->c_uid == kauth_cred_getuid(cred)) { |
d7e50217 | 467 | #if 0 |
b0d623f7 | 468 | printf("\nhfs: write failed, %s %s\n", |
9bccf70c A |
469 | quotatypes[type], |
470 | "cnode quota exceeded for too long"); | |
471 | #endif | |
472 | dq->dq_flags |= DQ_INODS; | |
473 | } | |
91447636 A |
474 | dqunlock(dq); |
475 | ||
9bccf70c A |
476 | return (EDQUOT); |
477 | } | |
478 | } | |
91447636 A |
479 | dqunlock(dq); |
480 | ||
9bccf70c A |
481 | return (0); |
482 | } | |
483 | ||
484 | #if DIAGNOSTIC | |
485 | /* | |
486 | * On filesystems with quotas enabled, it is an error for a file to change | |
487 | * size and not to have a dquot structure associated with it. | |
488 | */ | |
489 | void | |
490 | hfs_chkdquot(cp) | |
491 | register struct cnode *cp; | |
492 | { | |
493 | struct vnode *vp = cp->c_vp ? cp->c_vp : cp->c_rsrc_vp; | |
91447636 | 494 | struct hfsmount *hfsmp = VTOHFS(vp); |
9bccf70c A |
495 | register int i; |
496 | ||
497 | for (i = 0; i < MAXQUOTAS; i++) { | |
91447636 | 498 | if (hfsmp->hfs_qfiles[i].qf_vp == NULLVP) |
9bccf70c A |
499 | continue; |
500 | if (cp->c_dquot[i] == NODQUOT) { | |
501 | vprint("chkdquot: missing dquot", vp); | |
502 | panic("missing dquot"); | |
503 | } | |
504 | } | |
505 | } | |
506 | #endif | |
507 | ||
508 | /* | |
509 | * Code to process quotactl commands. | |
510 | */ | |
511 | ||
512 | /* | |
513 | * Q_QUOTAON - set up a quota file for a particular file system. | |
514 | */ | |
91447636 A |
515 | struct hfs_quotaon_cargs { |
516 | int error; | |
517 | }; | |
518 | ||
519 | static int | |
520 | hfs_quotaon_callback(struct vnode *vp, void *cargs) | |
521 | { | |
522 | struct hfs_quotaon_cargs *args; | |
523 | ||
524 | args = (struct hfs_quotaon_cargs *)cargs; | |
525 | ||
526 | args->error = hfs_getinoquota(VTOC(vp)); | |
527 | if (args->error) | |
528 | return (VNODE_RETURNED_DONE); | |
529 | ||
530 | return (VNODE_RETURNED); | |
531 | } | |
532 | ||
9bccf70c | 533 | int |
91447636 | 534 | hfs_quotaon(p, mp, type, fnamep) |
9bccf70c A |
535 | struct proc *p; |
536 | struct mount *mp; | |
537 | register int type; | |
91447636 | 538 | caddr_t fnamep; |
9bccf70c A |
539 | { |
540 | struct hfsmount *hfsmp = VFSTOHFS(mp); | |
91447636 A |
541 | struct quotafile *qfp; |
542 | struct vnode *vp; | |
543 | int error = 0; | |
544 | struct hfs_quotaon_cargs args; | |
9bccf70c | 545 | |
2d21ac55 A |
546 | /* Finish setting up quota structures. */ |
547 | dqhashinit(); | |
548 | ||
91447636 A |
549 | qfp = &hfsmp->hfs_qfiles[type]; |
550 | ||
551 | if ( (qf_get(qfp, QTF_OPENING)) ) | |
552 | return (0); | |
553 | ||
554 | error = vnode_open(fnamep, FREAD|FWRITE, 0, 0, &vp, NULL); | |
555 | if (error) { | |
556 | goto out; | |
9bccf70c | 557 | } |
91447636 A |
558 | if (!vnode_isreg(vp)) { |
559 | (void) vnode_close(vp, FREAD|FWRITE, NULL); | |
560 | error = EACCES; | |
561 | goto out; | |
562 | } | |
2d21ac55 A |
563 | vfs_setflags(mp, (u_int64_t)((unsigned int)MNT_QUOTA)); |
564 | HFS_MOUNT_LOCK(hfsmp, TRUE) | |
565 | hfsmp->hfs_flags |= HFS_QUOTAS; | |
566 | HFS_MOUNT_UNLOCK(hfsmp, TRUE); | |
91447636 | 567 | vnode_setnoflush(vp); |
9bccf70c A |
568 | /* |
569 | * Save the credential of the process that turned on quotas. | |
570 | */ | |
91447636 A |
571 | qfp->qf_cred = kauth_cred_proc_ref(p); |
572 | qfp->qf_vp = vp; | |
573 | /* | |
574 | * Finish initializing the quota file | |
575 | */ | |
576 | error = dqfileopen(qfp, type); | |
577 | if (error) { | |
578 | (void) vnode_close(vp, FREAD|FWRITE, NULL); | |
579 | ||
0c530ab8 A |
580 | if (IS_VALID_CRED(qfp->qf_cred)) |
581 | kauth_cred_unref(&qfp->qf_cred); | |
91447636 A |
582 | qfp->qf_vp = NULLVP; |
583 | goto out; | |
584 | } | |
585 | qf_put(qfp, QTF_OPENING); | |
586 | ||
9bccf70c A |
587 | /* |
588 | * Search vnodes associated with this mount point, | |
589 | * adding references to quota file being opened. | |
590 | * NB: only need to add dquot's for cnodes being modified. | |
91447636 A |
591 | * |
592 | * hfs_quota_callback will be called for each vnode open for | |
593 | * 'write' (VNODE_WRITEABLE) hung off of this mount point | |
594 | * the vnode will be in an 'unbusy' state (VNODE_WAIT) and | |
595 | * properly referenced and unreferenced around the callback | |
9bccf70c | 596 | */ |
91447636 A |
597 | args.error = 0; |
598 | ||
599 | vnode_iterate(mp, VNODE_WRITEABLE | VNODE_WAIT, hfs_quotaon_callback, (void *)&args); | |
600 | ||
601 | error = args.error; | |
602 | ||
603 | if (error) { | |
9bccf70c | 604 | hfs_quotaoff(p, mp, type); |
91447636 A |
605 | } |
606 | return (error); | |
607 | ||
608 | out: | |
609 | qf_put(qfp, QTF_OPENING); | |
610 | ||
9bccf70c A |
611 | return (error); |
612 | } | |
613 | ||
91447636 | 614 | |
9bccf70c A |
615 | /* |
616 | * Q_QUOTAOFF - turn off disk quotas for a filesystem. | |
617 | */ | |
91447636 A |
618 | struct hfs_quotaoff_cargs { |
619 | int type; | |
620 | }; | |
621 | ||
622 | static int | |
623 | hfs_quotaoff_callback(struct vnode *vp, void *cargs) | |
624 | { | |
625 | struct hfs_quotaoff_cargs *args; | |
626 | struct cnode *cp; | |
627 | struct dquot *dq; | |
628 | ||
629 | args = (struct hfs_quotaoff_cargs *)cargs; | |
630 | ||
631 | cp = VTOC(vp); | |
632 | ||
633 | dq = cp->c_dquot[args->type]; | |
634 | cp->c_dquot[args->type] = NODQUOT; | |
635 | ||
636 | dqrele(dq); | |
637 | ||
638 | return (VNODE_RETURNED); | |
639 | } | |
640 | ||
9bccf70c | 641 | int |
91447636 | 642 | hfs_quotaoff(__unused struct proc *p, struct mount *mp, register int type) |
9bccf70c | 643 | { |
91447636 | 644 | struct vnode *qvp; |
9bccf70c | 645 | struct hfsmount *hfsmp = VFSTOHFS(mp); |
91447636 | 646 | struct quotafile *qfp; |
9bccf70c | 647 | int error; |
91447636 A |
648 | struct hfs_quotaoff_cargs args; |
649 | ||
2d21ac55 A |
650 | /* |
651 | * If quotas haven't been initialized, there's no work to be done. | |
652 | */ | |
653 | if (!dqisinitialized()) | |
654 | return (0); | |
655 | ||
91447636 | 656 | qfp = &hfsmp->hfs_qfiles[type]; |
9bccf70c | 657 | |
91447636 A |
658 | if ( (qf_get(qfp, QTF_CLOSING)) ) |
659 | return (0); | |
660 | qvp = qfp->qf_vp; | |
d7e50217 A |
661 | |
662 | /* | |
663 | * Sync out any orpaned dirty dquot entries. | |
664 | */ | |
91447636 | 665 | dqsync_orphans(qfp); |
d7e50217 | 666 | |
9bccf70c A |
667 | /* |
668 | * Search vnodes associated with this mount point, | |
669 | * deleting any references to quota file being closed. | |
b0d623f7 | 670 | * |
91447636 A |
671 | * hfs_quotaoff_callback will be called for each vnode |
672 | * hung off of this mount point | |
673 | * the vnode will be in an 'unbusy' state (VNODE_WAIT) and | |
674 | * properly referenced and unreferenced around the callback | |
9bccf70c | 675 | */ |
91447636 A |
676 | args.type = type; |
677 | ||
678 | vnode_iterate(mp, VNODE_WAIT, hfs_quotaoff_callback, (void *)&args); | |
679 | ||
9bccf70c A |
680 | dqflush(qvp); |
681 | /* Finish tearing down the quota file */ | |
91447636 A |
682 | dqfileclose(qfp, type); |
683 | ||
684 | vnode_clearnoflush(qvp); | |
685 | error = vnode_close(qvp, FREAD|FWRITE, NULL); | |
686 | ||
687 | qfp->qf_vp = NULLVP; | |
0c530ab8 A |
688 | |
689 | if (IS_VALID_CRED(qfp->qf_cred)) | |
690 | kauth_cred_unref(&qfp->qf_cred); | |
9bccf70c A |
691 | for (type = 0; type < MAXQUOTAS; type++) |
692 | if (hfsmp->hfs_qfiles[type].qf_vp != NULLVP) | |
693 | break; | |
2d21ac55 A |
694 | if (type == MAXQUOTAS) { |
695 | vfs_clearflags(mp, (u_int64_t)((unsigned int)MNT_QUOTA)); | |
696 | HFS_MOUNT_LOCK(hfsmp, TRUE) | |
697 | hfsmp->hfs_flags &= ~HFS_QUOTAS; | |
698 | HFS_MOUNT_UNLOCK(hfsmp, TRUE); | |
699 | } | |
91447636 A |
700 | |
701 | qf_put(qfp, QTF_CLOSING); | |
702 | ||
9bccf70c A |
703 | return (error); |
704 | } | |
705 | ||
b0d623f7 A |
706 | /* |
707 | * hfs_quotacheck - checks quotas mountwide for a hypothetical situation. It probes | |
708 | * the quota data structures to see if adding an inode would be allowed or not. If it | |
709 | * will be allowed, the change is made. Otherwise, it reports an error back out so the | |
710 | * caller will know not to proceed with inode allocation in the HFS Catalog. | |
711 | * | |
712 | * Note that this function ONLY tests for addition of inodes, not subtraction. | |
713 | */ | |
714 | int hfs_quotacheck(hfsmp, change, uid, gid, cred) | |
715 | struct hfsmount *hfsmp; | |
716 | int change; | |
717 | uid_t uid; | |
718 | gid_t gid; | |
719 | kauth_cred_t cred; | |
720 | { | |
721 | struct dquot *dq = NULL; | |
722 | struct proc *p; | |
723 | int error = 0; | |
724 | int i; | |
725 | id_t id = uid; | |
726 | ||
727 | p = current_proc(); | |
728 | if (!IS_VALID_CRED(cred)) { | |
729 | /* This use of proc_ucred() is safe because kernproc credential never changes */ | |
730 | cred = proc_ucred(kernproc); | |
731 | } | |
732 | ||
733 | if (suser(cred, NULL) || proc_forcequota(p)) { | |
734 | for (i = 0; i < MAXQUOTAS; i++) { | |
735 | /* Select if user or group id should be used */ | |
736 | if (i == USRQUOTA) | |
737 | id = uid; | |
738 | else if (i == GRPQUOTA) | |
739 | id = gid; | |
740 | ||
741 | error = dqget(id, &hfsmp->hfs_qfiles[i], i, &dq); | |
742 | if (error && (error != EINVAL)) | |
743 | break; | |
744 | ||
745 | error = 0; | |
746 | if (dq == NODQUOT) | |
747 | continue; | |
748 | ||
749 | /* Check quota information */ | |
750 | error = hfs_isiqchg_allowed(dq, hfsmp, change, cred, i, id); | |
751 | if (error) { | |
752 | dqrele(dq); | |
753 | break; | |
754 | } | |
755 | ||
756 | dqlock(dq); | |
757 | /* Update quota information */ | |
758 | dq->dq_curinodes += change; | |
759 | dqunlock(dq); | |
760 | dqrele(dq); | |
761 | } | |
762 | } | |
763 | ||
764 | return error; | |
765 | } | |
766 | ||
767 | ||
9bccf70c A |
768 | /* |
769 | * Q_GETQUOTA - return current values in a dqblk structure. | |
770 | */ | |
771 | int | |
91447636 | 772 | hfs_getquota(mp, id, type, datap) |
9bccf70c | 773 | struct mount *mp; |
b0d623f7 | 774 | u_int32_t id; |
9bccf70c | 775 | int type; |
91447636 | 776 | caddr_t datap; |
9bccf70c A |
777 | { |
778 | struct dquot *dq; | |
779 | int error; | |
780 | ||
91447636 A |
781 | error = dqget(id, &VFSTOHFS(mp)->hfs_qfiles[type], type, &dq); |
782 | if (error) | |
9bccf70c | 783 | return (error); |
91447636 A |
784 | dqlock(dq); |
785 | ||
786 | bcopy(&dq->dq_dqb, datap, sizeof(dq->dq_dqb)); | |
787 | ||
788 | dqunlock(dq); | |
789 | dqrele(dq); | |
790 | ||
9bccf70c A |
791 | return (error); |
792 | } | |
793 | ||
794 | /* | |
795 | * Q_SETQUOTA - assign an entire dqblk structure. | |
796 | */ | |
797 | int | |
91447636 | 798 | hfs_setquota(mp, id, type, datap) |
9bccf70c | 799 | struct mount *mp; |
b0d623f7 | 800 | u_int32_t id; |
9bccf70c | 801 | int type; |
91447636 | 802 | caddr_t datap; |
9bccf70c | 803 | { |
91447636 | 804 | struct dquot *dq; |
9bccf70c | 805 | struct hfsmount *hfsmp = VFSTOHFS(mp); |
91447636 A |
806 | struct dqblk * newlimp = (struct dqblk *) datap; |
807 | struct timeval tv; | |
9bccf70c A |
808 | int error; |
809 | ||
91447636 A |
810 | error = dqget(id, &hfsmp->hfs_qfiles[type], type, &dq); |
811 | if (error) | |
9bccf70c | 812 | return (error); |
91447636 A |
813 | dqlock(dq); |
814 | ||
9bccf70c A |
815 | /* |
816 | * Copy all but the current values. | |
817 | * Reset time limit if previously had no soft limit or were | |
818 | * under it, but now have a soft limit and are over it. | |
819 | */ | |
91447636 A |
820 | newlimp->dqb_curbytes = dq->dq_curbytes; |
821 | newlimp->dqb_curinodes = dq->dq_curinodes; | |
9bccf70c | 822 | if (dq->dq_id != 0) { |
91447636 A |
823 | newlimp->dqb_btime = dq->dq_btime; |
824 | newlimp->dqb_itime = dq->dq_itime; | |
9bccf70c | 825 | } |
91447636 A |
826 | if (newlimp->dqb_bsoftlimit && |
827 | dq->dq_curbytes >= newlimp->dqb_bsoftlimit && | |
828 | (dq->dq_bsoftlimit == 0 || dq->dq_curbytes < dq->dq_bsoftlimit)) { | |
829 | microuptime(&tv); | |
830 | newlimp->dqb_btime = tv.tv_sec + hfsmp->hfs_qfiles[type].qf_btime; | |
831 | } | |
832 | if (newlimp->dqb_isoftlimit && | |
833 | dq->dq_curinodes >= newlimp->dqb_isoftlimit && | |
834 | (dq->dq_isoftlimit == 0 || dq->dq_curinodes < dq->dq_isoftlimit)) { | |
835 | microuptime(&tv); | |
836 | newlimp->dqb_itime = tv.tv_sec + hfsmp->hfs_qfiles[type].qf_itime; | |
837 | } | |
838 | bcopy(newlimp, &dq->dq_dqb, sizeof(dq->dq_dqb)); | |
9bccf70c A |
839 | if (dq->dq_curbytes < dq->dq_bsoftlimit) |
840 | dq->dq_flags &= ~DQ_BLKS; | |
841 | if (dq->dq_curinodes < dq->dq_isoftlimit) | |
842 | dq->dq_flags &= ~DQ_INODS; | |
843 | if (dq->dq_isoftlimit == 0 && dq->dq_bsoftlimit == 0 && | |
844 | dq->dq_ihardlimit == 0 && dq->dq_bhardlimit == 0) | |
845 | dq->dq_flags |= DQ_FAKE; | |
846 | else | |
847 | dq->dq_flags &= ~DQ_FAKE; | |
848 | dq->dq_flags |= DQ_MOD; | |
91447636 A |
849 | |
850 | dqunlock(dq); | |
851 | dqrele(dq); | |
852 | ||
9bccf70c A |
853 | return (0); |
854 | } | |
855 | ||
856 | /* | |
857 | * Q_SETUSE - set current cnode and byte usage. | |
858 | */ | |
859 | int | |
91447636 | 860 | hfs_setuse(mp, id, type, datap) |
9bccf70c | 861 | struct mount *mp; |
b0d623f7 | 862 | u_int32_t id; |
9bccf70c | 863 | int type; |
91447636 | 864 | caddr_t datap; |
9bccf70c | 865 | { |
9bccf70c | 866 | struct hfsmount *hfsmp = VFSTOHFS(mp); |
91447636 A |
867 | struct dquot *dq; |
868 | struct timeval tv; | |
9bccf70c | 869 | int error; |
91447636 A |
870 | struct dqblk *quotablkp = (struct dqblk *) datap; |
871 | ||
872 | error = dqget(id, &hfsmp->hfs_qfiles[type], type, &dq); | |
873 | if (error) | |
874 | return (error); | |
875 | dqlock(dq); | |
9bccf70c | 876 | |
9bccf70c A |
877 | /* |
878 | * Reset time limit if have a soft limit and were | |
879 | * previously under it, but are now over it. | |
880 | */ | |
881 | if (dq->dq_bsoftlimit && dq->dq_curbytes < dq->dq_bsoftlimit && | |
91447636 A |
882 | quotablkp->dqb_curbytes >= dq->dq_bsoftlimit) { |
883 | microuptime(&tv); | |
884 | dq->dq_btime = tv.tv_sec + hfsmp->hfs_qfiles[type].qf_btime; | |
885 | } | |
9bccf70c | 886 | if (dq->dq_isoftlimit && dq->dq_curinodes < dq->dq_isoftlimit && |
91447636 A |
887 | quotablkp->dqb_curinodes >= dq->dq_isoftlimit) { |
888 | microuptime(&tv); | |
889 | dq->dq_itime = tv.tv_sec + hfsmp->hfs_qfiles[type].qf_itime; | |
890 | } | |
891 | dq->dq_curbytes = quotablkp->dqb_curbytes; | |
892 | dq->dq_curinodes = quotablkp->dqb_curinodes; | |
9bccf70c A |
893 | if (dq->dq_curbytes < dq->dq_bsoftlimit) |
894 | dq->dq_flags &= ~DQ_BLKS; | |
895 | if (dq->dq_curinodes < dq->dq_isoftlimit) | |
896 | dq->dq_flags &= ~DQ_INODS; | |
897 | dq->dq_flags |= DQ_MOD; | |
91447636 A |
898 | |
899 | dqunlock(dq); | |
900 | dqrele(dq); | |
901 | ||
9bccf70c A |
902 | return (0); |
903 | } | |
904 | ||
91447636 | 905 | |
9bccf70c A |
906 | /* |
907 | * Q_SYNC - sync quota files to disk. | |
908 | */ | |
91447636 A |
909 | static int |
910 | hfs_qsync_callback(struct vnode *vp, __unused void *cargs) | |
911 | { | |
912 | struct cnode *cp; | |
913 | struct dquot *dq; | |
914 | int i; | |
915 | ||
916 | cp = VTOC(vp); | |
917 | ||
918 | for (i = 0; i < MAXQUOTAS; i++) { | |
919 | dq = cp->c_dquot[i]; | |
920 | if (dq != NODQUOT && (dq->dq_flags & DQ_MOD)) | |
921 | dqsync(dq); | |
922 | } | |
923 | return (VNODE_RETURNED); | |
924 | } | |
925 | ||
9bccf70c A |
926 | int |
927 | hfs_qsync(mp) | |
928 | struct mount *mp; | |
929 | { | |
930 | struct hfsmount *hfsmp = VFSTOHFS(mp); | |
91447636 | 931 | int i; |
9bccf70c | 932 | |
2d21ac55 A |
933 | if (!dqisinitialized()) |
934 | return (0); | |
935 | ||
9bccf70c A |
936 | /* |
937 | * Check if the mount point has any quotas. | |
938 | * If not, simply return. | |
939 | */ | |
940 | for (i = 0; i < MAXQUOTAS; i++) | |
941 | if (hfsmp->hfs_qfiles[i].qf_vp != NULLVP) | |
942 | break; | |
943 | if (i == MAXQUOTAS) | |
944 | return (0); | |
d7e50217 A |
945 | |
946 | /* | |
947 | * Sync out any orpaned dirty dquot entries. | |
948 | */ | |
949 | for (i = 0; i < MAXQUOTAS; i++) | |
950 | if (hfsmp->hfs_qfiles[i].qf_vp != NULLVP) | |
951 | dqsync_orphans(&hfsmp->hfs_qfiles[i]); | |
952 | ||
9bccf70c A |
953 | /* |
954 | * Search vnodes associated with this mount point, | |
955 | * synchronizing any modified dquot structures. | |
91447636 A |
956 | * |
957 | * hfs_qsync_callback will be called for each vnode | |
958 | * hung off of this mount point | |
959 | * the vnode will be | |
960 | * properly referenced and unreferenced around the callback | |
9bccf70c | 961 | */ |
91447636 | 962 | vnode_iterate(mp, 0, hfs_qsync_callback, (void *)NULL); |
d7e50217 | 963 | |
9bccf70c A |
964 | return (0); |
965 | } | |
966 | ||
967 | /* | |
968 | * Q_QUOTASTAT - get quota on/off status | |
969 | */ | |
970 | int | |
91447636 | 971 | hfs_quotastat(mp, type, datap) |
9bccf70c A |
972 | struct mount *mp; |
973 | register int type; | |
91447636 | 974 | caddr_t datap; |
9bccf70c A |
975 | { |
976 | struct hfsmount *hfsmp = VFSTOHFS(mp); | |
977 | int error = 0; | |
978 | int qstat; | |
979 | ||
91447636 | 980 | if ((((unsigned int)vfs_flags(mp)) & MNT_QUOTA) && (hfsmp->hfs_qfiles[type].qf_vp != NULLVP)) |
9bccf70c A |
981 | qstat = 1; /* quotas are on for this type */ |
982 | else | |
983 | qstat = 0; /* quotas are off for this type */ | |
984 | ||
91447636 | 985 | *((int *)datap) = qstat; |
9bccf70c A |
986 | return (error); |
987 | } | |
988 |