[apple/xnu.git] / bsd / sys / quota.h

/*
 * Copyright (c) 2000-2005 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * The contents of this file constitute Original Code as defined in and
 * are subject to the Apple Public Source License Version 1.1 (the
 * "License").  You may not use this file except in compliance with the
 * License.  Please obtain a copy of the License at
 * http://www.apple.com/publicsource and read it before using this file.
 * 
 * This Original Code and all software distributed under the License are
 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
 * License for the specific language governing rights and limitations
 * under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */
/*
 * Copyright (c) 1982, 1986, 1993
 *      The Regents of the University of California.  All rights reserved.
 *
 * This code is derived from software contributed to Berkeley by
 * Robert Elz at The University of Melbourne.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *      This product includes software developed by the University of
 *      California, Berkeley and its contributors.
 * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 *      @(#)quota.h
 *      derived from @(#)ufs/ufs/quota.h        8.3 (Berkeley) 8/19/94
 */

#ifndef _SYS_QUOTA_H
#define _SYS_QUOTA_H

#include <sys/appleapiopts.h>
#include <sys/cdefs.h>
#ifdef KERNEL_PRIVATE
#include <kern/locks.h>
#endif

#include <mach/boolean.h>

#ifdef __APPLE_API_UNSTABLE
/*
 * Definitions for disk quotas imposed on the average user
 * (big brother finally hits UNIX).
 *
 * The following constants define the amount of time given a user before the
 * soft limits are treated as hard limits (usually resulting in an allocation
 * failure). The timer is started when the user crosses their soft limit, it
 * is reset when they go below their soft limit.
 */
#define MAX_IQ_TIME     (7*24*60*60)    /* seconds in 1 week */
#define MAX_DQ_TIME     (7*24*60*60)    /* seconds in 1 week */

/*
 * The following constants define the usage of the quota file array in the
 * file system mount structure and dquot array in the inode structure.  The semantics
 * of the elements of these arrays are defined in the routine getinoquota;
 * the remainder of the quota code treats them generically and need not be
 * inspected when changing the size of the array.
 */
#define MAXQUOTAS       2
#define USRQUOTA        0       /* element used for user quotas */
#define GRPQUOTA        1       /* element used for group quotas */

/*
 * Definitions for the default names of the quotas files.
 */
#define INITQFNAMES { \
        "user",         /* USRQUOTA */ \
        "group",        /* GRPQUOTA */ \
        "undefined", \
};
#define QUOTAFILENAME   ".quota"
#define QUOTAOPSNAME    ".quota.ops"
#define QUOTAGROUP      "operator"

/*
 * Command definitions for the 'quotactl' system call.  The commands are
 * broken into a main command defined below and a subcommand that is used
 * to convey the type of quota that is being manipulated (see above).
 */
#define SUBCMDMASK      0x00ff
#define SUBCMDSHIFT     8
#define QCMD(cmd, type) (((cmd) << SUBCMDSHIFT) | ((type) & SUBCMDMASK))

#define Q_QUOTAON       0x0100  /* enable quotas */
#define Q_QUOTAOFF      0x0200  /* disable quotas */
#define Q_GETQUOTA      0x0300  /* get limits and usage */
#define Q_SETQUOTA      0x0400  /* set limits and usage */
#define Q_SETUSE        0x0500  /* set usage */
#define Q_SYNC          0x0600  /* sync disk copy of a filesystems quotas */
#define Q_QUOTASTAT     0x0700  /* get quota on/off status */

/*
 * The following two structures define the format of the disk
 * quota file (as it appears on disk) - the file contains a
 * header followed by a hash table of dqblk entries.  To find
 * a particular entry, the user or group number (id) is first
 * converted to an index into this table by means of the hash
 * function dqhash1.  If there is a collision at that index
 * location then a second hash value is computed which using
 * dqhash2.  This second hash value is then used as an offset
 * to the next location to probe.  ID = 0 is used to indicate
 * an empty (unused) entry.  So there can never be an entry in
 * the quota file for user 0 or group 0 (which is OK since disk
 * quotas are never enforced for user 0).
 *
 * The setquota system call establishes the vnode for each quota
 * file (a pointer is retained in the filesystem  mount structure).
 */
struct dqfilehdr {
        u_int32_t dqh_magic;            
        u_int32_t dqh_version;          /* == QF_VERSION */
        u_int32_t dqh_maxentries;       /* must be a power of 2 */
        u_int32_t dqh_entrycnt;         /* count of active entries */
        u_int32_t dqh_flags;            /* reserved for now (0) */
        time_t    dqh_chktime;          /* time of last quota check */
        time_t    dqh_btime;            /* time limit for excessive disk use */
        time_t    dqh_itime;            /* time limit for excessive files */
        char      dqh_string[16];       /* tag string */
        u_int32_t dqh_spare[4];         /* pad struct to power of 2 */
};

struct dqblk {
        u_int64_t dqb_bhardlimit;       /* absolute limit on disk bytes alloc */
        u_int64_t dqb_bsoftlimit;       /* preferred limit on disk bytes */
        u_int64_t dqb_curbytes;         /* current byte count */
        u_int32_t dqb_ihardlimit;       /* maximum # allocated inodes + 1 */
        u_int32_t dqb_isoftlimit;       /* preferred inode limit */
        u_int32_t dqb_curinodes;        /* current # allocated inodes */
        time_t    dqb_btime;            /* time limit for excessive disk use */
        time_t    dqb_itime;            /* time limit for excessive files */
        u_int32_t dqb_id;               /* identifier (0 for empty entries) */
        u_int32_t dqb_spare[4];         /* pad struct to power of 2 */
};

#ifdef KERNEL_PRIVATE
#include <machine/types.h>      /* user_time_t */
/* LP64 version of struct dqblk.  time_t is a long and must grow when 
 * we're dealing with a 64-bit process.
 * WARNING - keep in sync with struct dqblk
 */

struct user_dqblk {
        u_int64_t dqb_bhardlimit;       /* absolute limit on disk bytes alloc */
        u_int64_t dqb_bsoftlimit;       /* preferred limit on disk bytes */
        u_int64_t dqb_curbytes;         /* current byte count */
        u_int32_t dqb_ihardlimit;       /* maximum # allocated inodes + 1 */
        u_int32_t dqb_isoftlimit;       /* preferred inode limit */
        u_int32_t dqb_curinodes;        /* current # allocated inodes */
        user_time_t       dqb_btime __attribute((aligned(8)));          /* time limit for excessive disk use */
        user_time_t       dqb_itime;            /* time limit for excessive files */
        u_int32_t dqb_id;               /* identifier (0 for empty entries) */
        u_int32_t dqb_spare[4];         /* pad struct to power of 2 */
};
#endif  /* KERNEL_PRIVATE */

#define INITQMAGICS { \
        0xff31ff35,     /* USRQUOTA */ \
        0xff31ff27,     /* GRPQUOTA */ \
};

#define QF_VERSION          1
#define QF_STRING_TAG       "QUOTA HASH FILE"

#define QF_USERS_PER_GB     256
#define QF_MIN_USERS        2048
#define QF_MAX_USERS       (2048*1024)

#define QF_GROUPS_PER_GB    32
#define QF_MIN_GROUPS       2048
#define QF_MAX_GROUPS       (256*1024)


/*
 * The primary and secondary multiplicative hash functions are
 * derived from Knuth (vol. 3). They use a prime that is in
 * golden ratio to the machine's word size.
 */
#define dqhash1(id, shift, mask)  \
        ((((id) * 2654435761UL) >> (shift)) & (mask))

#define dqhash2(id, mask)  \
        (dqhash1((id), 11, (mask)>>1) | 1)

/*
 * Compute a disk offset into a quota file.
 */
#define dqoffset(index)  \
        (sizeof (struct dqfilehdr) + ((index) * sizeof (struct dqblk)))
/*
 * Compute the hash shift value.
 * It is the word size, in bits, minus the hash table size, in bits.
 */
static __inline int dqhashshift(u_long);

static __inline int
dqhashshift(u_long size)
{
        int shift;

        for (shift = 32; size > 1; size >>= 1, --shift)
                continue;
        return (shift);
}


#ifndef KERNEL
__BEGIN_DECLS
int quotactl(char *, int, int, caddr_t);
__END_DECLS
#endif /* !KERNEL */

#ifdef KERNEL_PRIVATE
#include <sys/queue.h>



/* Quota file info
 */
struct quotafile {
        lck_mtx_t     qf_lock;       /* quota file mutex */
        struct vnode *qf_vp;         /* quota file vnode */
        struct ucred *qf_cred;       /* quota file access cred */
        int           qf_shift;      /* primary hash shift */
        int           qf_maxentries; /* size of hash table (power of 2) */
        int           qf_entrycnt;   /* count of active entries */
        time_t        qf_btime;      /* block quota time limit */
        time_t        qf_itime;      /* inode quota time limit */

                                     /* the following 2 fields are protected */
                                     /* by the quota list lock  */
        char          qf_qflags;     /* quota specific flags */
        int           qf_refcnt;     /* count of dquot refs on this file */
};

/*
 * Flags describing the runtime state of quotas.
 * (in qf_qflags)
 */
#define QTF_OPENING     0x01    /* Q_QUOTAON  in progress */
#define QTF_CLOSING     0x02    /* Q_QUOTAOFF in progress */
#define QTF_WANTED      0x04    /* waiting for change of state */


/*
 * The following structure records disk usage for a user or group on a
 * filesystem. There is one allocated for each quota that exists on any
 * filesystem for the current user or group. A cache is kept of recently
 * used entries.
 */
struct dquot {
        LIST_ENTRY(dquot) dq_hash;      /* hash list */
        TAILQ_ENTRY(dquot) dq_freelist; /* free list */
        uint32_t  dq_cnt;               /* count of active references */
        u_int16_t dq_flags;             /* flags, see below */
        u_int16_t dq_lflags;            /* protected by the quota list lock */
        u_int16_t dq_type;              /* quota type of this dquot */
        u_int32_t dq_id;                /* identifier this applies to */
        u_int32_t dq_index;             /* index into quota file */
        struct  quotafile *dq_qfile;    /* quota file that this is taken from */
        struct  dqblk dq_dqb;           /* actual usage & quotas */
};

/*
 * dq_lflags values
 */
#define DQ_LLOCK        0x01            /* this quota locked (no MODS) */
#define DQ_LWANT        0x02            /* wakeup on unlock */

/*
 * dq_flags values
 */
#define DQ_MOD          0x01            /* this quota modified since read */
#define DQ_FAKE         0x02            /* no limits here, just usage */
#define DQ_BLKS         0x04            /* has been warned about blk limit */
#define DQ_INODS        0x08            /* has been warned about inode limit */

/*
 * Shorthand notation.
 */
#define dq_bhardlimit   dq_dqb.dqb_bhardlimit
#define dq_bsoftlimit   dq_dqb.dqb_bsoftlimit
#define dq_curbytes     dq_dqb.dqb_curbytes
#define dq_ihardlimit   dq_dqb.dqb_ihardlimit
#define dq_isoftlimit   dq_dqb.dqb_isoftlimit
#define dq_curinodes    dq_dqb.dqb_curinodes
#define dq_btime        dq_dqb.dqb_btime
#define dq_itime        dq_dqb.dqb_itime

/*
 * If the system has never checked for a quota for this file, then it is
 * set to NODQUOT.  Once a write attempt is made the inode pointer is set
 * to reference a dquot structure.
 */
#define NODQUOT         NULL

/*
 * Flags to chkdq() and chkiq()
 */
#define FORCE   0x01    /* force usage changes independent of limits */
#define CHOWN   0x02    /* (advisory) change initiated by chown */


/*
 * Functions that manage the in-core dquot and the
 * on-disk dqblk data structures.
 */
__BEGIN_DECLS
void    dqfileinit(struct quotafile *);
int     dqfileopen(struct quotafile *, int);
void    dqfileclose(struct quotafile *, int);
void    dqflush(struct vnode *);
int     dqget(u_long, struct quotafile *, int, struct dquot **);
void    dqinit(void);
void    dqref(struct dquot *);
void    dqrele(struct dquot *);
void    dqreclaim(struct dquot *);
int     dqsync(struct dquot *);
void    dqsync_orphans(struct quotafile *);
void    dqlock(struct dquot *);
void    dqunlock(struct dquot *);

int     qf_get(struct quotafile *, int type);
void    qf_put(struct quotafile *, int type);

__private_extern__ void  munge_dqblk(struct dqblk *dqblkp, struct user_dqblk *user_dqblkp, boolean_t to64);
__END_DECLS

#endif /* KERNEL_PRIVATE */

#endif /* __APPLE_API_UNSTABLE */

#endif /* !_SYS_QUOTA_H_ */