]>
git.saurik.com Git - apple/xnu.git/blob - bsd/hfs/hfs_quota.c
2 * Copyright (c) 2002-2003 Apple Computer, Inc. All rights reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * The contents of this file constitute Original Code as defined in and
7 * are subject to the Apple Public Source License Version 1.1 (the
8 * "License"). You may not use this file except in compliance with the
9 * License. Please obtain a copy of the License at
10 * http://www.apple.com/publicsource and read it before using this file.
12 * This Original Code and all software distributed under the License are
13 * distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
14 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
15 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
16 * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
17 * License for the specific language governing rights and limitations
20 * @APPLE_LICENSE_HEADER_END@
23 * Copyright (c) 1982, 1986, 1990, 1993, 1995
24 * The Regents of the University of California. All rights reserved.
26 * This code is derived from software contributed to Berkeley by
27 * Robert Elz at The University of Melbourne.
29 * Redistribution and use in source and binary forms, with or without
30 * modification, are permitted provided that the following conditions
32 * 1. Redistributions of source code must retain the above copyright
33 * notice, this list of conditions and the following disclaimer.
34 * 2. Redistributions in binary form must reproduce the above copyright
35 * notice, this list of conditions and the following disclaimer in the
36 * documentation and/or other materials provided with the distribution.
37 * 3. All advertising materials mentioning features or use of this software
38 * must display the following acknowledgement:
39 * This product includes software developed by the University of
40 * California, Berkeley and its contributors.
41 * 4. Neither the name of the University nor the names of its contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
45 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
58 * derived from @(#)ufs_quota.c 8.5 (Berkeley) 5/20/95
61 #include <sys/param.h>
62 #include <sys/kernel.h>
63 #include <sys/systm.h>
64 #include <sys/mount.h>
65 #include <sys/malloc.h>
68 #include <sys/kauth.h>
69 #include <sys/vnode.h>
70 #include <sys/quota.h>
71 #include <sys/proc_internal.h>
72 #include <kern/kalloc.h>
75 #include <hfs/hfs_cnode.h>
76 #include <hfs/hfs_quota.h>
77 #include <hfs/hfs_mount.h>
80 * Quota name to error message mapping.
83 static char *quotatypes
[] = INITQFNAMES
;
87 * Set up the quotas for a cnode.
89 * This routine completely defines the semantics of quotas.
90 * If other criterion want to be used to establish quotas, the
91 * MAXQUOTAS value in quotas.h should be increased, and the
92 * additional dquots set up here.
96 register struct cnode
*cp
;
98 struct hfsmount
*hfsmp
;
102 vp
= cp
->c_vp
? cp
->c_vp
: cp
->c_rsrc_vp
;
105 * Set up the user quota based on file uid.
106 * EINVAL means that quotas are not enabled.
108 if (cp
->c_dquot
[USRQUOTA
] == NODQUOT
&&
110 dqget(cp
->c_uid
, &hfsmp
->hfs_qfiles
[USRQUOTA
], USRQUOTA
, &cp
->c_dquot
[USRQUOTA
])) &&
114 * Set up the group quota based on file gid.
115 * EINVAL means that quotas are not enabled.
117 if (cp
->c_dquot
[GRPQUOTA
] == NODQUOT
&&
119 dqget(cp
->c_gid
, &hfsmp
->hfs_qfiles
[GRPQUOTA
], GRPQUOTA
, &cp
->c_dquot
[GRPQUOTA
])) &&
126 * Update disk usage, and take corrective action.
129 hfs_chkdq(cp
, change
, cred
, flags
)
130 register struct cnode
*cp
;
135 register struct dquot
*dq
;
142 if ((flags
& CHOWN
) == 0)
148 for (i
= 0; i
< MAXQUOTAS
; i
++) {
149 if ((dq
= cp
->c_dquot
[i
]) == NODQUOT
)
153 ncurbytes
= dq
->dq_curbytes
+ change
;
155 dq
->dq_curbytes
= ncurbytes
;
158 dq
->dq_flags
&= ~DQ_BLKS
;
159 dq
->dq_flags
|= DQ_MOD
;
167 cred
= proc_ucred(kernproc
);
168 if (suser(cred
, NULL
) || proc_forcequota(p
)) {
169 for (i
= 0; i
< MAXQUOTAS
; i
++) {
170 if ((dq
= cp
->c_dquot
[i
]) == NODQUOT
)
172 error
= hfs_chkdqchg(cp
, change
, cred
, i
);
178 if ((flags
& FORCE
) || error
== 0) {
179 for (i
= 0; i
< MAXQUOTAS
; i
++) {
180 if ((dq
= cp
->c_dquot
[i
]) == NODQUOT
)
184 dq
->dq_curbytes
+= change
;
185 dq
->dq_flags
|= DQ_MOD
;
194 * Check for a valid change to a users allocation.
195 * Issue an error message if appropriate.
198 hfs_chkdqchg(cp
, change
, cred
, type
)
204 register struct dquot
*dq
= cp
->c_dquot
[type
];
206 struct vnode
*vp
= cp
->c_vp
? cp
->c_vp
: cp
->c_rsrc_vp
;
210 ncurbytes
= dq
->dq_curbytes
+ change
;
212 * If user would exceed their hard limit, disallow space allocation.
214 if (ncurbytes
>= dq
->dq_bhardlimit
&& dq
->dq_bhardlimit
) {
215 if ((dq
->dq_flags
& DQ_BLKS
) == 0 &&
216 cp
->c_uid
== kauth_cred_getuid(cred
)) {
218 printf("\nwrite failed, %s disk limit reached\n",
221 dq
->dq_flags
|= DQ_BLKS
;
228 * If user is over their soft limit for too long, disallow space
229 * allocation. Reset time limit as they cross their soft limit.
231 if (ncurbytes
>= dq
->dq_bsoftlimit
&& dq
->dq_bsoftlimit
) {
235 if (dq
->dq_curbytes
< dq
->dq_bsoftlimit
) {
236 dq
->dq_btime
= tv
.tv_sec
+
237 VTOHFS(vp
)->hfs_qfiles
[type
].qf_btime
;
239 if (cp
->c_uid
== kauth_cred_getuid(cred
))
240 printf("\nwarning, %s %s\n",
241 quotatypes
[type
], "disk quota exceeded");
247 if (tv
.tv_sec
> dq
->dq_btime
) {
248 if ((dq
->dq_flags
& DQ_BLKS
) == 0 &&
249 cp
->c_uid
== kauth_cred_getuid(cred
)) {
251 printf("\nwrite failed, %s %s\n",
253 "disk quota exceeded for too long");
255 dq
->dq_flags
|= DQ_BLKS
;
268 * Check the inode limit, applying corrective action.
271 hfs_chkiq(cp
, change
, cred
, flags
)
272 register struct cnode
*cp
;
277 register struct dquot
*dq
;
279 int ncurinodes
, error
=0;
283 if ((flags
& CHOWN
) == 0)
289 for (i
= 0; i
< MAXQUOTAS
; i
++) {
290 if ((dq
= cp
->c_dquot
[i
]) == NODQUOT
)
294 ncurinodes
= dq
->dq_curinodes
+ change
;
296 dq
->dq_curinodes
= ncurinodes
;
298 dq
->dq_curinodes
= 0;
299 dq
->dq_flags
&= ~DQ_INODS
;
300 dq
->dq_flags
|= DQ_MOD
;
308 cred
= proc_ucred(kernproc
);
309 if (suser(cred
, NULL
) || proc_forcequota(p
)) {
310 for (i
= 0; i
< MAXQUOTAS
; i
++) {
311 if ((dq
= cp
->c_dquot
[i
]) == NODQUOT
)
313 error
= hfs_chkiqchg(cp
, change
, cred
, i
);
319 if ((flags
& FORCE
) || error
== 0) {
320 for (i
= 0; i
< MAXQUOTAS
; i
++) {
321 if ((dq
= cp
->c_dquot
[i
]) == NODQUOT
)
325 dq
->dq_curinodes
+= change
;
326 dq
->dq_flags
|= DQ_MOD
;
335 * Check for a valid change to a users allocation.
336 * Issue an error message if appropriate.
339 hfs_chkiqchg(cp
, change
, cred
, type
)
345 register struct dquot
*dq
= cp
->c_dquot
[type
];
347 struct vnode
*vp
= cp
->c_vp
? cp
->c_vp
: cp
->c_rsrc_vp
;
351 ncurinodes
= dq
->dq_curinodes
+ change
;
353 * If user would exceed their hard limit, disallow cnode allocation.
355 if (ncurinodes
>= dq
->dq_ihardlimit
&& dq
->dq_ihardlimit
) {
356 if ((dq
->dq_flags
& DQ_INODS
) == 0 &&
357 cp
->c_uid
== kauth_cred_getuid(cred
)) {
359 printf("\nwrite failed, %s cnode limit reached\n",
362 dq
->dq_flags
|= DQ_INODS
;
369 * If user is over their soft limit for too long, disallow cnode
370 * allocation. Reset time limit as they cross their soft limit.
372 if (ncurinodes
>= dq
->dq_isoftlimit
&& dq
->dq_isoftlimit
) {
376 if (dq
->dq_curinodes
< dq
->dq_isoftlimit
) {
377 dq
->dq_itime
= tv
.tv_sec
+
378 VTOHFS(vp
)->hfs_qfiles
[type
].qf_itime
;
380 if (cp
->c_uid
== kauth_cred_getuid(cred
))
381 printf("\nwarning, %s %s\n",
382 quotatypes
[type
], "cnode quota exceeded");
388 if (tv
.tv_sec
> dq
->dq_itime
) {
389 if ((dq
->dq_flags
& DQ_INODS
) == 0 &&
390 cp
->c_uid
== kauth_cred_getuid(cred
)) {
392 printf("\nwrite failed, %s %s\n",
394 "cnode quota exceeded for too long");
396 dq
->dq_flags
|= DQ_INODS
;
410 * On filesystems with quotas enabled, it is an error for a file to change
411 * size and not to have a dquot structure associated with it.
415 register struct cnode
*cp
;
417 struct vnode
*vp
= cp
->c_vp
? cp
->c_vp
: cp
->c_rsrc_vp
;
418 struct hfsmount
*hfsmp
= VTOHFS(vp
);
421 for (i
= 0; i
< MAXQUOTAS
; i
++) {
422 if (hfsmp
->hfs_qfiles
[i
].qf_vp
== NULLVP
)
424 if (cp
->c_dquot
[i
] == NODQUOT
) {
425 vprint("chkdquot: missing dquot", vp
);
426 panic("missing dquot");
433 * Code to process quotactl commands.
437 * Q_QUOTAON - set up a quota file for a particular file system.
439 struct hfs_quotaon_cargs
{
444 hfs_quotaon_callback(struct vnode
*vp
, void *cargs
)
446 struct hfs_quotaon_cargs
*args
;
448 args
= (struct hfs_quotaon_cargs
*)cargs
;
450 args
->error
= hfs_getinoquota(VTOC(vp
));
452 return (VNODE_RETURNED_DONE
);
454 return (VNODE_RETURNED
);
458 hfs_quotaon(p
, mp
, type
, fnamep
)
464 struct hfsmount
*hfsmp
= VFSTOHFS(mp
);
465 struct quotafile
*qfp
;
468 struct hfs_quotaon_cargs args
;
470 qfp
= &hfsmp
->hfs_qfiles
[type
];
472 if ( (qf_get(qfp
, QTF_OPENING
)) )
475 error
= vnode_open(fnamep
, FREAD
|FWRITE
, 0, 0, &vp
, NULL
);
479 if (!vnode_isreg(vp
)) {
480 (void) vnode_close(vp
, FREAD
|FWRITE
, NULL
);
484 vfs_setflags(mp
, (uint64_t)((unsigned int)MNT_QUOTA
));
485 vnode_setnoflush(vp
);
487 * Save the credential of the process that turned on quotas.
489 qfp
->qf_cred
= kauth_cred_proc_ref(p
);
492 * Finish initializing the quota file
494 error
= dqfileopen(qfp
, type
);
496 (void) vnode_close(vp
, FREAD
|FWRITE
, NULL
);
498 kauth_cred_rele(qfp
->qf_cred
);
499 qfp
->qf_cred
= NOCRED
;
503 qf_put(qfp
, QTF_OPENING
);
506 * Search vnodes associated with this mount point,
507 * adding references to quota file being opened.
508 * NB: only need to add dquot's for cnodes being modified.
510 * hfs_quota_callback will be called for each vnode open for
511 * 'write' (VNODE_WRITEABLE) hung off of this mount point
512 * the vnode will be in an 'unbusy' state (VNODE_WAIT) and
513 * properly referenced and unreferenced around the callback
517 vnode_iterate(mp
, VNODE_WRITEABLE
| VNODE_WAIT
, hfs_quotaon_callback
, (void *)&args
);
522 hfs_quotaoff(p
, mp
, type
);
527 qf_put(qfp
, QTF_OPENING
);
534 * Q_QUOTAOFF - turn off disk quotas for a filesystem.
536 struct hfs_quotaoff_cargs
{
541 hfs_quotaoff_callback(struct vnode
*vp
, void *cargs
)
543 struct hfs_quotaoff_cargs
*args
;
547 args
= (struct hfs_quotaoff_cargs
*)cargs
;
551 dq
= cp
->c_dquot
[args
->type
];
552 cp
->c_dquot
[args
->type
] = NODQUOT
;
556 return (VNODE_RETURNED
);
560 hfs_quotaoff(__unused
struct proc
*p
, struct mount
*mp
, register int type
)
563 struct hfsmount
*hfsmp
= VFSTOHFS(mp
);
564 struct quotafile
*qfp
;
567 struct hfs_quotaoff_cargs args
;
569 qfp
= &hfsmp
->hfs_qfiles
[type
];
571 if ( (qf_get(qfp
, QTF_CLOSING
)) )
576 * Sync out any orpaned dirty dquot entries.
581 * Search vnodes associated with this mount point,
582 * deleting any references to quota file being closed.
584 * hfs_quotaoff_callback will be called for each vnode
585 * hung off of this mount point
586 * the vnode will be in an 'unbusy' state (VNODE_WAIT) and
587 * properly referenced and unreferenced around the callback
591 vnode_iterate(mp
, VNODE_WAIT
, hfs_quotaoff_callback
, (void *)&args
);
594 /* Finish tearing down the quota file */
595 dqfileclose(qfp
, type
);
597 vnode_clearnoflush(qvp
);
598 error
= vnode_close(qvp
, FREAD
|FWRITE
, NULL
);
602 if (cred
!= NOCRED
) {
603 qfp
->qf_cred
= NOCRED
;
604 kauth_cred_rele(cred
);
606 for (type
= 0; type
< MAXQUOTAS
; type
++)
607 if (hfsmp
->hfs_qfiles
[type
].qf_vp
!= NULLVP
)
609 if (type
== MAXQUOTAS
)
610 vfs_clearflags(mp
, (uint64_t)((unsigned int)MNT_QUOTA
));
612 qf_put(qfp
, QTF_CLOSING
);
618 * Q_GETQUOTA - return current values in a dqblk structure.
621 hfs_getquota(mp
, id
, type
, datap
)
630 error
= dqget(id
, &VFSTOHFS(mp
)->hfs_qfiles
[type
], type
, &dq
);
635 bcopy(&dq
->dq_dqb
, datap
, sizeof(dq
->dq_dqb
));
644 * Q_SETQUOTA - assign an entire dqblk structure.
647 hfs_setquota(mp
, id
, type
, datap
)
654 struct hfsmount
*hfsmp
= VFSTOHFS(mp
);
655 struct dqblk
* newlimp
= (struct dqblk
*) datap
;
659 error
= dqget(id
, &hfsmp
->hfs_qfiles
[type
], type
, &dq
);
665 * Copy all but the current values.
666 * Reset time limit if previously had no soft limit or were
667 * under it, but now have a soft limit and are over it.
669 newlimp
->dqb_curbytes
= dq
->dq_curbytes
;
670 newlimp
->dqb_curinodes
= dq
->dq_curinodes
;
671 if (dq
->dq_id
!= 0) {
672 newlimp
->dqb_btime
= dq
->dq_btime
;
673 newlimp
->dqb_itime
= dq
->dq_itime
;
675 if (newlimp
->dqb_bsoftlimit
&&
676 dq
->dq_curbytes
>= newlimp
->dqb_bsoftlimit
&&
677 (dq
->dq_bsoftlimit
== 0 || dq
->dq_curbytes
< dq
->dq_bsoftlimit
)) {
679 newlimp
->dqb_btime
= tv
.tv_sec
+ hfsmp
->hfs_qfiles
[type
].qf_btime
;
681 if (newlimp
->dqb_isoftlimit
&&
682 dq
->dq_curinodes
>= newlimp
->dqb_isoftlimit
&&
683 (dq
->dq_isoftlimit
== 0 || dq
->dq_curinodes
< dq
->dq_isoftlimit
)) {
685 newlimp
->dqb_itime
= tv
.tv_sec
+ hfsmp
->hfs_qfiles
[type
].qf_itime
;
687 bcopy(newlimp
, &dq
->dq_dqb
, sizeof(dq
->dq_dqb
));
688 if (dq
->dq_curbytes
< dq
->dq_bsoftlimit
)
689 dq
->dq_flags
&= ~DQ_BLKS
;
690 if (dq
->dq_curinodes
< dq
->dq_isoftlimit
)
691 dq
->dq_flags
&= ~DQ_INODS
;
692 if (dq
->dq_isoftlimit
== 0 && dq
->dq_bsoftlimit
== 0 &&
693 dq
->dq_ihardlimit
== 0 && dq
->dq_bhardlimit
== 0)
694 dq
->dq_flags
|= DQ_FAKE
;
696 dq
->dq_flags
&= ~DQ_FAKE
;
697 dq
->dq_flags
|= DQ_MOD
;
706 * Q_SETUSE - set current cnode and byte usage.
709 hfs_setuse(mp
, id
, type
, datap
)
715 struct hfsmount
*hfsmp
= VFSTOHFS(mp
);
719 struct dqblk
*quotablkp
= (struct dqblk
*) datap
;
721 error
= dqget(id
, &hfsmp
->hfs_qfiles
[type
], type
, &dq
);
727 * Reset time limit if have a soft limit and were
728 * previously under it, but are now over it.
730 if (dq
->dq_bsoftlimit
&& dq
->dq_curbytes
< dq
->dq_bsoftlimit
&&
731 quotablkp
->dqb_curbytes
>= dq
->dq_bsoftlimit
) {
733 dq
->dq_btime
= tv
.tv_sec
+ hfsmp
->hfs_qfiles
[type
].qf_btime
;
735 if (dq
->dq_isoftlimit
&& dq
->dq_curinodes
< dq
->dq_isoftlimit
&&
736 quotablkp
->dqb_curinodes
>= dq
->dq_isoftlimit
) {
738 dq
->dq_itime
= tv
.tv_sec
+ hfsmp
->hfs_qfiles
[type
].qf_itime
;
740 dq
->dq_curbytes
= quotablkp
->dqb_curbytes
;
741 dq
->dq_curinodes
= quotablkp
->dqb_curinodes
;
742 if (dq
->dq_curbytes
< dq
->dq_bsoftlimit
)
743 dq
->dq_flags
&= ~DQ_BLKS
;
744 if (dq
->dq_curinodes
< dq
->dq_isoftlimit
)
745 dq
->dq_flags
&= ~DQ_INODS
;
746 dq
->dq_flags
|= DQ_MOD
;
756 * Q_SYNC - sync quota files to disk.
759 hfs_qsync_callback(struct vnode
*vp
, __unused
void *cargs
)
767 for (i
= 0; i
< MAXQUOTAS
; i
++) {
769 if (dq
!= NODQUOT
&& (dq
->dq_flags
& DQ_MOD
))
772 return (VNODE_RETURNED
);
779 struct hfsmount
*hfsmp
= VFSTOHFS(mp
);
783 * Check if the mount point has any quotas.
784 * If not, simply return.
786 for (i
= 0; i
< MAXQUOTAS
; i
++)
787 if (hfsmp
->hfs_qfiles
[i
].qf_vp
!= NULLVP
)
793 * Sync out any orpaned dirty dquot entries.
795 for (i
= 0; i
< MAXQUOTAS
; i
++)
796 if (hfsmp
->hfs_qfiles
[i
].qf_vp
!= NULLVP
)
797 dqsync_orphans(&hfsmp
->hfs_qfiles
[i
]);
800 * Search vnodes associated with this mount point,
801 * synchronizing any modified dquot structures.
803 * hfs_qsync_callback will be called for each vnode
804 * hung off of this mount point
806 * properly referenced and unreferenced around the callback
808 vnode_iterate(mp
, 0, hfs_qsync_callback
, (void *)NULL
);
814 * Q_QUOTASTAT - get quota on/off status
817 hfs_quotastat(mp
, type
, datap
)
822 struct hfsmount
*hfsmp
= VFSTOHFS(mp
);
826 if ((((unsigned int)vfs_flags(mp
)) & MNT_QUOTA
) && (hfsmp
->hfs_qfiles
[type
].qf_vp
!= NULLVP
))
827 qstat
= 1; /* quotas are on for this type */
829 qstat
= 0; /* quotas are off for this type */
831 *((int *)datap
) = qstat
;