]> git.saurik.com Git - apple/xnu.git/blame - bsd/sys/quota.h
xnu-6153.141.1.tar.gz
[apple/xnu.git] / bsd / sys / quota.h
CommitLineData
9bccf70c 1/*
cb323159 2 * Copyright (c) 2000-2019 Apple Inc. All rights reserved.
5d5c5d0d 3 *
2d21ac55 4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
0a7de745 5 *
2d21ac55
A
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
0a7de745 14 *
2d21ac55
A
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
0a7de745 17 *
2d21ac55
A
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
8f6c56a5
A
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
2d21ac55
A
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
0a7de745 25 *
2d21ac55 26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
9bccf70c
A
27 */
28/*
29 * Copyright (c) 1982, 1986, 1993
30 * The Regents of the University of California. All rights reserved.
31 *
32 * This code is derived from software contributed to Berkeley by
33 * Robert Elz at The University of Melbourne.
34 *
35 * Redistribution and use in source and binary forms, with or without
36 * modification, are permitted provided that the following conditions
37 * are met:
38 * 1. Redistributions of source code must retain the above copyright
39 * notice, this list of conditions and the following disclaimer.
40 * 2. Redistributions in binary form must reproduce the above copyright
41 * notice, this list of conditions and the following disclaimer in the
42 * documentation and/or other materials provided with the distribution.
43 * 3. All advertising materials mentioning features or use of this software
44 * must display the following acknowledgement:
45 * This product includes software developed by the University of
46 * California, Berkeley and its contributors.
47 * 4. Neither the name of the University nor the names of its contributors
48 * may be used to endorse or promote products derived from this software
49 * without specific prior written permission.
50 *
51 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
52 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
53 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
54 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
55 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
56 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
57 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
58 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
59 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
60 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
61 * SUCH DAMAGE.
62 *
63 * @(#)quota.h
64 * derived from @(#)ufs/ufs/quota.h 8.3 (Berkeley) 8/19/94
65 */
66
67#ifndef _SYS_QUOTA_H
68#define _SYS_QUOTA_H
69
70#include <sys/appleapiopts.h>
91447636 71#include <sys/cdefs.h>
5ba3f43e 72#include <sys/types.h> /* u_int32_t */
91447636
A
73#ifdef KERNEL_PRIVATE
74#include <kern/locks.h>
75#endif
76
77#include <mach/boolean.h>
9bccf70c
A
78
79#ifdef __APPLE_API_UNSTABLE
80/*
81 * Definitions for disk quotas imposed on the average user
82 * (big brother finally hits UNIX).
83 *
84 * The following constants define the amount of time given a user before the
85 * soft limits are treated as hard limits (usually resulting in an allocation
86 * failure). The timer is started when the user crosses their soft limit, it
87 * is reset when they go below their soft limit.
88 */
0a7de745
A
89#define MAX_IQ_TIME (7*24*60*60) /* seconds in 1 week */
90#define MAX_DQ_TIME (7*24*60*60) /* seconds in 1 week */
9bccf70c
A
91
92/*
93 * The following constants define the usage of the quota file array in the
94 * file system mount structure and dquot array in the inode structure. The semantics
95 * of the elements of these arrays are defined in the routine getinoquota;
96 * the remainder of the quota code treats them generically and need not be
97 * inspected when changing the size of the array.
98 */
0a7de745
A
99#define MAXQUOTAS 2
100#define USRQUOTA 0 /* element used for user quotas */
101#define GRPQUOTA 1 /* element used for group quotas */
9bccf70c
A
102
103/*
104 * Definitions for the default names of the quotas files.
105 */
106#define INITQFNAMES { \
0a7de745
A
107 "user", /* USRQUOTA */ \
108 "group", /* GRPQUOTA */ \
9bccf70c
A
109 "undefined", \
110};
0a7de745 111#define QUOTAFILENAME ".quota"
9bccf70c 112#define QUOTAOPSNAME ".quota.ops"
0a7de745 113#define QUOTAGROUP "operator"
9bccf70c
A
114
115/*
116 * Command definitions for the 'quotactl' system call. The commands are
117 * broken into a main command defined below and a subcommand that is used
118 * to convey the type of quota that is being manipulated (see above).
119 */
0a7de745
A
120#define SUBCMDMASK 0x00ff
121#define SUBCMDSHIFT 8
122#define QCMD(cmd, type) (((cmd) << SUBCMDSHIFT) | ((type) & SUBCMDMASK))
123
124#define Q_QUOTAON 0x0100 /* enable quotas */
125#define Q_QUOTAOFF 0x0200 /* disable quotas */
126#define Q_GETQUOTA 0x0300 /* get limits and usage */
127#define Q_SETQUOTA 0x0400 /* set limits and usage */
128#define Q_SETUSE 0x0500 /* set usage */
129#define Q_SYNC 0x0600 /* sync disk copy of a filesystems quotas */
130#define Q_QUOTASTAT 0x0700 /* get quota on/off status */
9bccf70c
A
131
132/*
133 * The following two structures define the format of the disk
134 * quota file (as it appears on disk) - the file contains a
135 * header followed by a hash table of dqblk entries. To find
136 * a particular entry, the user or group number (id) is first
137 * converted to an index into this table by means of the hash
138 * function dqhash1. If there is a collision at that index
139 * location then a second hash value is computed which using
140 * dqhash2. This second hash value is then used as an offset
141 * to the next location to probe. ID = 0 is used to indicate
142 * an empty (unused) entry. So there can never be an entry in
143 * the quota file for user 0 or group 0 (which is OK since disk
144 * quotas are never enforced for user 0).
145 *
146 * The setquota system call establishes the vnode for each quota
147 * file (a pointer is retained in the filesystem mount structure).
148 */
149struct dqfilehdr {
0a7de745
A
150 u_int32_t dqh_magic;
151 u_int32_t dqh_version; /* == QF_VERSION */
152 u_int32_t dqh_maxentries; /* must be a power of 2 */
153 u_int32_t dqh_entrycnt; /* count of active entries */
154 u_int32_t dqh_flags; /* reserved for now (0) */
155 u_int32_t dqh_chktime; /* time of last quota check */
156 u_int32_t dqh_btime; /* time limit for excessive disk use */
157 u_int32_t dqh_itime; /* time limit for excessive files */
158 char dqh_string[16]; /* tag string */
159 u_int32_t dqh_spare[4]; /* pad struct to power of 2 */
9bccf70c
A
160};
161
162struct dqblk {
0a7de745
A
163 u_int64_t dqb_bhardlimit; /* absolute limit on disk bytes alloc */
164 u_int64_t dqb_bsoftlimit; /* preferred limit on disk bytes */
165 u_int64_t dqb_curbytes; /* current byte count */
166 u_int32_t dqb_ihardlimit; /* maximum # allocated inodes + 1 */
167 u_int32_t dqb_isoftlimit; /* preferred inode limit */
168 u_int32_t dqb_curinodes; /* current # allocated inodes */
169 u_int32_t dqb_btime; /* time limit for excessive disk use */
170 u_int32_t dqb_itime; /* time limit for excessive files */
171 u_int32_t dqb_id; /* identifier (0 for empty entries) */
172 u_int32_t dqb_spare[4]; /* pad struct to power of 2 */
9bccf70c
A
173};
174
91447636 175#ifdef KERNEL_PRIVATE
0a7de745
A
176#include <machine/types.h> /* user_time_t */
177/* LP64 version of struct dqblk. time_t is a long and must grow when
91447636
A
178 * we're dealing with a 64-bit process.
179 * WARNING - keep in sync with struct dqblk
180 */
181
91447636 182struct user_dqblk {
0a7de745
A
183 u_int64_t dqb_bhardlimit; /* absolute limit on disk bytes alloc */
184 u_int64_t dqb_bsoftlimit; /* preferred limit on disk bytes */
185 u_int64_t dqb_curbytes; /* current byte count */
186 u_int32_t dqb_ihardlimit; /* maximum # allocated inodes + 1 */
187 u_int32_t dqb_isoftlimit; /* preferred inode limit */
188 u_int32_t dqb_curinodes; /* current # allocated inodes */
189 u_int32_t dqb_btime; /* time limit for excessive disk use */
190 u_int32_t dqb_itime; /* time limit for excessive files */
191 u_int32_t dqb_id; /* identifier (0 for empty entries) */
192 u_int32_t dqb_spare[4]; /* pad struct to power of 2 */
91447636 193};
91447636 194#endif /* KERNEL_PRIVATE */
9bccf70c
A
195
196#define INITQMAGICS { \
0a7de745
A
197 0xff31ff35, /* USRQUOTA */ \
198 0xff31ff27, /* GRPQUOTA */ \
cb323159 199}
9bccf70c
A
200
201#define QF_VERSION 1
202#define QF_STRING_TAG "QUOTA HASH FILE"
203
204#define QF_USERS_PER_GB 256
205#define QF_MIN_USERS 2048
206#define QF_MAX_USERS (2048*1024)
207
208#define QF_GROUPS_PER_GB 32
209#define QF_MIN_GROUPS 2048
210#define QF_MAX_GROUPS (256*1024)
211
212
213/*
214 * The primary and secondary multiplicative hash functions are
215 * derived from Knuth (vol. 3). They use a prime that is in
216 * golden ratio to the machine's word size.
217 */
218#define dqhash1(id, shift, mask) \
b0d623f7 219 ((((id) * 2654435761U) >> (shift)) & (mask))
9bccf70c
A
220
221#define dqhash2(id, mask) \
222 (dqhash1((id), 11, (mask)>>1) | 1)
223
224/*
225 * Compute a disk offset into a quota file.
226 */
227#define dqoffset(index) \
228 (sizeof (struct dqfilehdr) + ((index) * sizeof (struct dqblk)))
229/*
230 * Compute the hash shift value.
231 * It is the word size, in bits, minus the hash table size, in bits.
232 */
b0d623f7 233static __inline int dqhashshift(u_int32_t);
9bccf70c
A
234
235static __inline int
b0d623f7 236dqhashshift(u_int32_t size)
9bccf70c
A
237{
238 int shift;
239
0a7de745 240 for (shift = 32; size > 1; size >>= 1, --shift) {
9bccf70c 241 continue;
0a7de745
A
242 }
243 return shift;
9bccf70c
A
244}
245
246
247#ifndef KERNEL
9bccf70c 248__BEGIN_DECLS
2d21ac55 249int quotactl(const char *, int, int, caddr_t);
9bccf70c
A
250__END_DECLS
251#endif /* !KERNEL */
252
91447636 253#ifdef KERNEL_PRIVATE
9bccf70c
A
254#include <sys/queue.h>
255
9bccf70c
A
256
257
258/* Quota file info
259 */
260struct quotafile {
0a7de745 261 lck_mtx_t qf_lock; /* quota file mutex */
9bccf70c 262 struct vnode *qf_vp; /* quota file vnode */
2d21ac55 263 kauth_cred_t qf_cred; /* quota file access cred */
9bccf70c
A
264 int qf_shift; /* primary hash shift */
265 int qf_maxentries; /* size of hash table (power of 2) */
91447636 266 int qf_entrycnt; /* count of active entries */
b0d623f7
A
267 u_int32_t qf_btime; /* block quota time limit */
268 u_int32_t qf_itime; /* inode quota time limit */
91447636 269
0a7de745
A
270 /* the following 2 fields are protected */
271 /* by the quota list lock */
9bccf70c 272 char qf_qflags; /* quota specific flags */
0a7de745 273 int qf_refcnt; /* count of dquot refs on this file */
9bccf70c
A
274};
275
276/*
277 * Flags describing the runtime state of quotas.
278 * (in qf_qflags)
279 */
0a7de745
A
280#define QTF_OPENING 0x01 /* Q_QUOTAON in progress */
281#define QTF_CLOSING 0x02 /* Q_QUOTAOFF in progress */
282#define QTF_WANTED 0x04 /* waiting for change of state */
9bccf70c
A
283
284
285/*
286 * The following structure records disk usage for a user or group on a
287 * filesystem. There is one allocated for each quota that exists on any
288 * filesystem for the current user or group. A cache is kept of recently
289 * used entries.
290 */
291struct dquot {
0a7de745
A
292 LIST_ENTRY(dquot) dq_hash; /* hash list */
293 TAILQ_ENTRY(dquot) dq_freelist; /* free list */
294 u_int16_t dq_flags; /* flags, see below */
295 u_int16_t dq_cnt_unused; /* Replaced by dq_cnt below */
296 u_int16_t dq_lflags; /* protected by the quota list lock */
297 u_int16_t dq_type; /* quota type of this dquot */
298 u_int32_t dq_id; /* identifier this applies to */
299 u_int32_t dq_index; /* index into quota file */
300 struct quotafile *dq_qfile; /* quota file that this is taken from */
301 struct dqblk dq_dqb; /* actual usage & quotas */
302 uint32_t dq_cnt; /* count of active references */
9bccf70c 303};
91447636
A
304
305/*
306 * dq_lflags values
307 */
0a7de745
A
308#define DQ_LLOCK 0x01 /* this quota locked (no MODS) */
309#define DQ_LWANT 0x02 /* wakeup on unlock */
91447636 310
9bccf70c 311/*
91447636 312 * dq_flags values
9bccf70c 313 */
0a7de745
A
314#define DQ_MOD 0x01 /* this quota modified since read */
315#define DQ_FAKE 0x02 /* no limits here, just usage */
316#define DQ_BLKS 0x04 /* has been warned about blk limit */
317#define DQ_INODS 0x08 /* has been warned about inode limit */
91447636 318
9bccf70c
A
319/*
320 * Shorthand notation.
321 */
0a7de745
A
322#define dq_bhardlimit dq_dqb.dqb_bhardlimit
323#define dq_bsoftlimit dq_dqb.dqb_bsoftlimit
324#define dq_curbytes dq_dqb.dqb_curbytes
325#define dq_ihardlimit dq_dqb.dqb_ihardlimit
326#define dq_isoftlimit dq_dqb.dqb_isoftlimit
327#define dq_curinodes dq_dqb.dqb_curinodes
328#define dq_btime dq_dqb.dqb_btime
329#define dq_itime dq_dqb.dqb_itime
9bccf70c
A
330
331/*
332 * If the system has never checked for a quota for this file, then it is
333 * set to NODQUOT. Once a write attempt is made the inode pointer is set
334 * to reference a dquot structure.
335 */
0a7de745 336#define NODQUOT NULL
9bccf70c
A
337
338/*
339 * Flags to chkdq() and chkiq()
340 */
0a7de745
A
341#define FORCE 0x01 /* force usage changes independent of limits */
342#define CHOWN 0x02 /* (advisory) change initiated by chown */
9bccf70c
A
343
344
345/*
346 * Functions that manage the in-core dquot and the
347 * on-disk dqblk data structures.
348 */
349__BEGIN_DECLS
0a7de745
A
350void dqfileinit(struct quotafile *);
351int dqfileopen(struct quotafile *, int);
352void dqfileclose(struct quotafile *, int);
353void dqflush(struct vnode *);
354int dqget(u_int32_t, struct quotafile *, int, struct dquot **);
355void dqhashinit(void);
356void dqinit(void);
357int dqisinitialized(void);
358void dqref(struct dquot *);
359void dqrele(struct dquot *);
360void dqreclaim(struct dquot *);
361int dqsync(struct dquot *);
362void dqsync_orphans(struct quotafile *);
363void dqlock(struct dquot *);
364void dqunlock(struct dquot *);
365
366int qf_get(struct quotafile *, int type);
367void qf_put(struct quotafile *, int type);
91447636
A
368
369__private_extern__ void munge_dqblk(struct dqblk *dqblkp, struct user_dqblk *user_dqblkp, boolean_t to64);
9bccf70c
A
370__END_DECLS
371
91447636 372#endif /* KERNEL_PRIVATE */
9bccf70c
A
373
374#endif /* __APPLE_API_UNSTABLE */
375
376#endif /* !_SYS_QUOTA_H_ */