GNU Linux-libre 4.9.308-gnu1
[releases.git] / fs / quota / quota.c
1 /*
2  * Quota code necessary even when VFS quota support is not compiled
3  * into the kernel.  The interesting stuff is over in dquot.c, here
4  * we have symbols for initial quotactl(2) handling, the sysctl(2)
5  * variables, etc - things needed even when quota support disabled.
6  */
7
8 #include <linux/fs.h>
9 #include <linux/namei.h>
10 #include <linux/slab.h>
11 #include <asm/current.h>
12 #include <linux/uaccess.h>
13 #include <linux/kernel.h>
14 #include <linux/security.h>
15 #include <linux/syscalls.h>
16 #include <linux/capability.h>
17 #include <linux/quotaops.h>
18 #include <linux/types.h>
19 #include <linux/writeback.h>
20 #include <linux/nospec.h>
21
22 static int check_quotactl_permission(struct super_block *sb, int type, int cmd,
23                                      qid_t id)
24 {
25         switch (cmd) {
26         /* these commands do not require any special privilegues */
27         case Q_GETFMT:
28         case Q_SYNC:
29         case Q_GETINFO:
30         case Q_XGETQSTAT:
31         case Q_XGETQSTATV:
32         case Q_XQUOTASYNC:
33                 break;
34         /* allow to query information for dquots we "own" */
35         case Q_GETQUOTA:
36         case Q_XGETQUOTA:
37                 if ((type == USRQUOTA && uid_eq(current_euid(), make_kuid(current_user_ns(), id))) ||
38                     (type == GRPQUOTA && in_egroup_p(make_kgid(current_user_ns(), id))))
39                         break;
40                 /*FALLTHROUGH*/
41         default:
42                 if (!capable(CAP_SYS_ADMIN))
43                         return -EPERM;
44         }
45
46         return security_quotactl(cmd, type, id, sb);
47 }
48
49 static void quota_sync_one(struct super_block *sb, void *arg)
50 {
51         int type = *(int *)arg;
52
53         if (sb->s_qcop && sb->s_qcop->quota_sync &&
54             (sb->s_quota_types & (1 << type)))
55                 sb->s_qcop->quota_sync(sb, type);
56 }
57
58 static int quota_sync_all(int type)
59 {
60         int ret;
61
62         if (type >= MAXQUOTAS)
63                 return -EINVAL;
64         ret = security_quotactl(Q_SYNC, type, 0, NULL);
65         if (!ret)
66                 iterate_supers(quota_sync_one, &type);
67         return ret;
68 }
69
70 unsigned int qtype_enforce_flag(int type)
71 {
72         switch (type) {
73         case USRQUOTA:
74                 return FS_QUOTA_UDQ_ENFD;
75         case GRPQUOTA:
76                 return FS_QUOTA_GDQ_ENFD;
77         case PRJQUOTA:
78                 return FS_QUOTA_PDQ_ENFD;
79         }
80         return 0;
81 }
82
83 static int quota_quotaon(struct super_block *sb, int type, qid_t id,
84                          struct path *path)
85 {
86         if (!sb->s_qcop->quota_on && !sb->s_qcop->quota_enable)
87                 return -ENOSYS;
88         if (sb->s_qcop->quota_enable)
89                 return sb->s_qcop->quota_enable(sb, qtype_enforce_flag(type));
90         if (IS_ERR(path))
91                 return PTR_ERR(path);
92         return sb->s_qcop->quota_on(sb, type, id, path);
93 }
94
95 static int quota_quotaoff(struct super_block *sb, int type)
96 {
97         if (!sb->s_qcop->quota_off && !sb->s_qcop->quota_disable)
98                 return -ENOSYS;
99         if (sb->s_qcop->quota_disable)
100                 return sb->s_qcop->quota_disable(sb, qtype_enforce_flag(type));
101         return sb->s_qcop->quota_off(sb, type);
102 }
103
104 static int quota_getfmt(struct super_block *sb, int type, void __user *addr)
105 {
106         __u32 fmt;
107
108         mutex_lock(&sb_dqopt(sb)->dqonoff_mutex);
109         if (!sb_has_quota_active(sb, type)) {
110                 mutex_unlock(&sb_dqopt(sb)->dqonoff_mutex);
111                 return -ESRCH;
112         }
113         fmt = sb_dqopt(sb)->info[type].dqi_format->qf_fmt_id;
114         mutex_unlock(&sb_dqopt(sb)->dqonoff_mutex);
115         if (copy_to_user(addr, &fmt, sizeof(fmt)))
116                 return -EFAULT;
117         return 0;
118 }
119
120 static int quota_getinfo(struct super_block *sb, int type, void __user *addr)
121 {
122         struct qc_state state;
123         struct qc_type_state *tstate;
124         struct if_dqinfo uinfo;
125         int ret;
126
127         /* This checks whether qc_state has enough entries... */
128         BUILD_BUG_ON(MAXQUOTAS > XQM_MAXQUOTAS);
129         if (!sb->s_qcop->get_state)
130                 return -ENOSYS;
131         ret = sb->s_qcop->get_state(sb, &state);
132         if (ret)
133                 return ret;
134         tstate = state.s_state + type;
135         if (!(tstate->flags & QCI_ACCT_ENABLED))
136                 return -ESRCH;
137         memset(&uinfo, 0, sizeof(uinfo));
138         uinfo.dqi_bgrace = tstate->spc_timelimit;
139         uinfo.dqi_igrace = tstate->ino_timelimit;
140         if (tstate->flags & QCI_SYSFILE)
141                 uinfo.dqi_flags |= DQF_SYS_FILE;
142         if (tstate->flags & QCI_ROOT_SQUASH)
143                 uinfo.dqi_flags |= DQF_ROOT_SQUASH;
144         uinfo.dqi_valid = IIF_ALL;
145         if (copy_to_user(addr, &uinfo, sizeof(uinfo)))
146                 return -EFAULT;
147         return 0;
148 }
149
150 static int quota_setinfo(struct super_block *sb, int type, void __user *addr)
151 {
152         struct if_dqinfo info;
153         struct qc_info qinfo;
154
155         if (copy_from_user(&info, addr, sizeof(info)))
156                 return -EFAULT;
157         if (!sb->s_qcop->set_info)
158                 return -ENOSYS;
159         if (info.dqi_valid & ~(IIF_FLAGS | IIF_BGRACE | IIF_IGRACE))
160                 return -EINVAL;
161         memset(&qinfo, 0, sizeof(qinfo));
162         if (info.dqi_valid & IIF_FLAGS) {
163                 if (info.dqi_flags & ~DQF_SETINFO_MASK)
164                         return -EINVAL;
165                 if (info.dqi_flags & DQF_ROOT_SQUASH)
166                         qinfo.i_flags |= QCI_ROOT_SQUASH;
167                 qinfo.i_fieldmask |= QC_FLAGS;
168         }
169         if (info.dqi_valid & IIF_BGRACE) {
170                 qinfo.i_spc_timelimit = info.dqi_bgrace;
171                 qinfo.i_fieldmask |= QC_SPC_TIMER;
172         }
173         if (info.dqi_valid & IIF_IGRACE) {
174                 qinfo.i_ino_timelimit = info.dqi_igrace;
175                 qinfo.i_fieldmask |= QC_INO_TIMER;
176         }
177         return sb->s_qcop->set_info(sb, type, &qinfo);
178 }
179
180 static inline qsize_t qbtos(qsize_t blocks)
181 {
182         return blocks << QIF_DQBLKSIZE_BITS;
183 }
184
185 static inline qsize_t stoqb(qsize_t space)
186 {
187         return (space + QIF_DQBLKSIZE - 1) >> QIF_DQBLKSIZE_BITS;
188 }
189
190 static void copy_to_if_dqblk(struct if_dqblk *dst, struct qc_dqblk *src)
191 {
192         memset(dst, 0, sizeof(*dst));
193         dst->dqb_bhardlimit = stoqb(src->d_spc_hardlimit);
194         dst->dqb_bsoftlimit = stoqb(src->d_spc_softlimit);
195         dst->dqb_curspace = src->d_space;
196         dst->dqb_ihardlimit = src->d_ino_hardlimit;
197         dst->dqb_isoftlimit = src->d_ino_softlimit;
198         dst->dqb_curinodes = src->d_ino_count;
199         dst->dqb_btime = src->d_spc_timer;
200         dst->dqb_itime = src->d_ino_timer;
201         dst->dqb_valid = QIF_ALL;
202 }
203
204 static int quota_getquota(struct super_block *sb, int type, qid_t id,
205                           void __user *addr)
206 {
207         struct kqid qid;
208         struct qc_dqblk fdq;
209         struct if_dqblk idq;
210         int ret;
211
212         if (!sb->s_qcop->get_dqblk)
213                 return -ENOSYS;
214         qid = make_kqid(current_user_ns(), type, id);
215         if (!qid_has_mapping(sb->s_user_ns, qid))
216                 return -EINVAL;
217         ret = sb->s_qcop->get_dqblk(sb, qid, &fdq);
218         if (ret)
219                 return ret;
220         copy_to_if_dqblk(&idq, &fdq);
221         if (copy_to_user(addr, &idq, sizeof(idq)))
222                 return -EFAULT;
223         return 0;
224 }
225
226 /*
227  * Return quota for next active quota >= this id, if any exists,
228  * otherwise return -ENOENT via ->get_nextdqblk
229  */
230 static int quota_getnextquota(struct super_block *sb, int type, qid_t id,
231                           void __user *addr)
232 {
233         struct kqid qid;
234         struct qc_dqblk fdq;
235         struct if_nextdqblk idq;
236         int ret;
237
238         if (!sb->s_qcop->get_nextdqblk)
239                 return -ENOSYS;
240         qid = make_kqid(current_user_ns(), type, id);
241         if (!qid_has_mapping(sb->s_user_ns, qid))
242                 return -EINVAL;
243         ret = sb->s_qcop->get_nextdqblk(sb, &qid, &fdq);
244         if (ret)
245                 return ret;
246         /* struct if_nextdqblk is a superset of struct if_dqblk */
247         copy_to_if_dqblk((struct if_dqblk *)&idq, &fdq);
248         idq.dqb_id = from_kqid(current_user_ns(), qid);
249         if (copy_to_user(addr, &idq, sizeof(idq)))
250                 return -EFAULT;
251         return 0;
252 }
253
254 static void copy_from_if_dqblk(struct qc_dqblk *dst, struct if_dqblk *src)
255 {
256         dst->d_spc_hardlimit = qbtos(src->dqb_bhardlimit);
257         dst->d_spc_softlimit = qbtos(src->dqb_bsoftlimit);
258         dst->d_space = src->dqb_curspace;
259         dst->d_ino_hardlimit = src->dqb_ihardlimit;
260         dst->d_ino_softlimit = src->dqb_isoftlimit;
261         dst->d_ino_count = src->dqb_curinodes;
262         dst->d_spc_timer = src->dqb_btime;
263         dst->d_ino_timer = src->dqb_itime;
264
265         dst->d_fieldmask = 0;
266         if (src->dqb_valid & QIF_BLIMITS)
267                 dst->d_fieldmask |= QC_SPC_SOFT | QC_SPC_HARD;
268         if (src->dqb_valid & QIF_SPACE)
269                 dst->d_fieldmask |= QC_SPACE;
270         if (src->dqb_valid & QIF_ILIMITS)
271                 dst->d_fieldmask |= QC_INO_SOFT | QC_INO_HARD;
272         if (src->dqb_valid & QIF_INODES)
273                 dst->d_fieldmask |= QC_INO_COUNT;
274         if (src->dqb_valid & QIF_BTIME)
275                 dst->d_fieldmask |= QC_SPC_TIMER;
276         if (src->dqb_valid & QIF_ITIME)
277                 dst->d_fieldmask |= QC_INO_TIMER;
278 }
279
280 static int quota_setquota(struct super_block *sb, int type, qid_t id,
281                           void __user *addr)
282 {
283         struct qc_dqblk fdq;
284         struct if_dqblk idq;
285         struct kqid qid;
286
287         if (copy_from_user(&idq, addr, sizeof(idq)))
288                 return -EFAULT;
289         if (!sb->s_qcop->set_dqblk)
290                 return -ENOSYS;
291         qid = make_kqid(current_user_ns(), type, id);
292         if (!qid_has_mapping(sb->s_user_ns, qid))
293                 return -EINVAL;
294         copy_from_if_dqblk(&fdq, &idq);
295         return sb->s_qcop->set_dqblk(sb, qid, &fdq);
296 }
297
298 static int quota_enable(struct super_block *sb, void __user *addr)
299 {
300         __u32 flags;
301
302         if (copy_from_user(&flags, addr, sizeof(flags)))
303                 return -EFAULT;
304         if (!sb->s_qcop->quota_enable)
305                 return -ENOSYS;
306         return sb->s_qcop->quota_enable(sb, flags);
307 }
308
309 static int quota_disable(struct super_block *sb, void __user *addr)
310 {
311         __u32 flags;
312
313         if (copy_from_user(&flags, addr, sizeof(flags)))
314                 return -EFAULT;
315         if (!sb->s_qcop->quota_disable)
316                 return -ENOSYS;
317         return sb->s_qcop->quota_disable(sb, flags);
318 }
319
320 static int quota_state_to_flags(struct qc_state *state)
321 {
322         int flags = 0;
323
324         if (state->s_state[USRQUOTA].flags & QCI_ACCT_ENABLED)
325                 flags |= FS_QUOTA_UDQ_ACCT;
326         if (state->s_state[USRQUOTA].flags & QCI_LIMITS_ENFORCED)
327                 flags |= FS_QUOTA_UDQ_ENFD;
328         if (state->s_state[GRPQUOTA].flags & QCI_ACCT_ENABLED)
329                 flags |= FS_QUOTA_GDQ_ACCT;
330         if (state->s_state[GRPQUOTA].flags & QCI_LIMITS_ENFORCED)
331                 flags |= FS_QUOTA_GDQ_ENFD;
332         if (state->s_state[PRJQUOTA].flags & QCI_ACCT_ENABLED)
333                 flags |= FS_QUOTA_PDQ_ACCT;
334         if (state->s_state[PRJQUOTA].flags & QCI_LIMITS_ENFORCED)
335                 flags |= FS_QUOTA_PDQ_ENFD;
336         return flags;
337 }
338
339 static int quota_getstate(struct super_block *sb, struct fs_quota_stat *fqs)
340 {
341         int type;
342         struct qc_state state;
343         int ret;
344
345         memset(&state, 0, sizeof (struct qc_state));
346         ret = sb->s_qcop->get_state(sb, &state);
347         if (ret < 0)
348                 return ret;
349
350         memset(fqs, 0, sizeof(*fqs));
351         fqs->qs_version = FS_QSTAT_VERSION;
352         fqs->qs_flags = quota_state_to_flags(&state);
353         /* No quota enabled? */
354         if (!fqs->qs_flags)
355                 return -ENOSYS;
356         fqs->qs_incoredqs = state.s_incoredqs;
357         /*
358          * GETXSTATE quotactl has space for just one set of time limits so
359          * report them for the first enabled quota type
360          */
361         for (type = 0; type < XQM_MAXQUOTAS; type++)
362                 if (state.s_state[type].flags & QCI_ACCT_ENABLED)
363                         break;
364         BUG_ON(type == XQM_MAXQUOTAS);
365         fqs->qs_btimelimit = state.s_state[type].spc_timelimit;
366         fqs->qs_itimelimit = state.s_state[type].ino_timelimit;
367         fqs->qs_rtbtimelimit = state.s_state[type].rt_spc_timelimit;
368         fqs->qs_bwarnlimit = state.s_state[type].spc_warnlimit;
369         fqs->qs_iwarnlimit = state.s_state[type].ino_warnlimit;
370
371         /* Inodes may be allocated even if inactive; copy out if present */
372         if (state.s_state[USRQUOTA].ino) {
373                 fqs->qs_uquota.qfs_ino = state.s_state[USRQUOTA].ino;
374                 fqs->qs_uquota.qfs_nblks = state.s_state[USRQUOTA].blocks;
375                 fqs->qs_uquota.qfs_nextents = state.s_state[USRQUOTA].nextents;
376         }
377         if (state.s_state[GRPQUOTA].ino) {
378                 fqs->qs_gquota.qfs_ino = state.s_state[GRPQUOTA].ino;
379                 fqs->qs_gquota.qfs_nblks = state.s_state[GRPQUOTA].blocks;
380                 fqs->qs_gquota.qfs_nextents = state.s_state[GRPQUOTA].nextents;
381         }
382         if (state.s_state[PRJQUOTA].ino) {
383                 /*
384                  * Q_XGETQSTAT doesn't have room for both group and project
385                  * quotas.  So, allow the project quota values to be copied out
386                  * only if there is no group quota information available.
387                  */
388                 if (!(state.s_state[GRPQUOTA].flags & QCI_ACCT_ENABLED)) {
389                         fqs->qs_gquota.qfs_ino = state.s_state[PRJQUOTA].ino;
390                         fqs->qs_gquota.qfs_nblks =
391                                         state.s_state[PRJQUOTA].blocks;
392                         fqs->qs_gquota.qfs_nextents =
393                                         state.s_state[PRJQUOTA].nextents;
394                 }
395         }
396         return 0;
397 }
398
399 static int quota_getxstate(struct super_block *sb, void __user *addr)
400 {
401         struct fs_quota_stat fqs;
402         int ret;
403
404         if (!sb->s_qcop->get_state)
405                 return -ENOSYS;
406         ret = quota_getstate(sb, &fqs);
407         if (!ret && copy_to_user(addr, &fqs, sizeof(fqs)))
408                 return -EFAULT;
409         return ret;
410 }
411
412 static int quota_getstatev(struct super_block *sb, struct fs_quota_statv *fqs)
413 {
414         int type;
415         struct qc_state state;
416         int ret;
417
418         memset(&state, 0, sizeof (struct qc_state));
419         ret = sb->s_qcop->get_state(sb, &state);
420         if (ret < 0)
421                 return ret;
422
423         memset(fqs, 0, sizeof(*fqs));
424         fqs->qs_version = FS_QSTAT_VERSION;
425         fqs->qs_flags = quota_state_to_flags(&state);
426         /* No quota enabled? */
427         if (!fqs->qs_flags)
428                 return -ENOSYS;
429         fqs->qs_incoredqs = state.s_incoredqs;
430         /*
431          * GETXSTATV quotactl has space for just one set of time limits so
432          * report them for the first enabled quota type
433          */
434         for (type = 0; type < XQM_MAXQUOTAS; type++)
435                 if (state.s_state[type].flags & QCI_ACCT_ENABLED)
436                         break;
437         BUG_ON(type == XQM_MAXQUOTAS);
438         fqs->qs_btimelimit = state.s_state[type].spc_timelimit;
439         fqs->qs_itimelimit = state.s_state[type].ino_timelimit;
440         fqs->qs_rtbtimelimit = state.s_state[type].rt_spc_timelimit;
441         fqs->qs_bwarnlimit = state.s_state[type].spc_warnlimit;
442         fqs->qs_iwarnlimit = state.s_state[type].ino_warnlimit;
443
444         /* Inodes may be allocated even if inactive; copy out if present */
445         if (state.s_state[USRQUOTA].ino) {
446                 fqs->qs_uquota.qfs_ino = state.s_state[USRQUOTA].ino;
447                 fqs->qs_uquota.qfs_nblks = state.s_state[USRQUOTA].blocks;
448                 fqs->qs_uquota.qfs_nextents = state.s_state[USRQUOTA].nextents;
449         }
450         if (state.s_state[GRPQUOTA].ino) {
451                 fqs->qs_gquota.qfs_ino = state.s_state[GRPQUOTA].ino;
452                 fqs->qs_gquota.qfs_nblks = state.s_state[GRPQUOTA].blocks;
453                 fqs->qs_gquota.qfs_nextents = state.s_state[GRPQUOTA].nextents;
454         }
455         if (state.s_state[PRJQUOTA].ino) {
456                 fqs->qs_pquota.qfs_ino = state.s_state[PRJQUOTA].ino;
457                 fqs->qs_pquota.qfs_nblks = state.s_state[PRJQUOTA].blocks;
458                 fqs->qs_pquota.qfs_nextents = state.s_state[PRJQUOTA].nextents;
459         }
460         return 0;
461 }
462
463 static int quota_getxstatev(struct super_block *sb, void __user *addr)
464 {
465         struct fs_quota_statv fqs;
466         int ret;
467
468         if (!sb->s_qcop->get_state)
469                 return -ENOSYS;
470
471         memset(&fqs, 0, sizeof(fqs));
472         if (copy_from_user(&fqs, addr, 1)) /* Just read qs_version */
473                 return -EFAULT;
474
475         /* If this kernel doesn't support user specified version, fail */
476         switch (fqs.qs_version) {
477         case FS_QSTATV_VERSION1:
478                 break;
479         default:
480                 return -EINVAL;
481         }
482         ret = quota_getstatev(sb, &fqs);
483         if (!ret && copy_to_user(addr, &fqs, sizeof(fqs)))
484                 return -EFAULT;
485         return ret;
486 }
487
488 /*
489  * XFS defines BBTOB and BTOBB macros inside fs/xfs/ and we cannot move them
490  * out of there as xfsprogs rely on definitions being in that header file. So
491  * just define same functions here for quota purposes.
492  */
493 #define XFS_BB_SHIFT 9
494
495 static inline u64 quota_bbtob(u64 blocks)
496 {
497         return blocks << XFS_BB_SHIFT;
498 }
499
500 static inline u64 quota_btobb(u64 bytes)
501 {
502         return (bytes + (1 << XFS_BB_SHIFT) - 1) >> XFS_BB_SHIFT;
503 }
504
505 static void copy_from_xfs_dqblk(struct qc_dqblk *dst, struct fs_disk_quota *src)
506 {
507         dst->d_spc_hardlimit = quota_bbtob(src->d_blk_hardlimit);
508         dst->d_spc_softlimit = quota_bbtob(src->d_blk_softlimit);
509         dst->d_ino_hardlimit = src->d_ino_hardlimit;
510         dst->d_ino_softlimit = src->d_ino_softlimit;
511         dst->d_space = quota_bbtob(src->d_bcount);
512         dst->d_ino_count = src->d_icount;
513         dst->d_ino_timer = src->d_itimer;
514         dst->d_spc_timer = src->d_btimer;
515         dst->d_ino_warns = src->d_iwarns;
516         dst->d_spc_warns = src->d_bwarns;
517         dst->d_rt_spc_hardlimit = quota_bbtob(src->d_rtb_hardlimit);
518         dst->d_rt_spc_softlimit = quota_bbtob(src->d_rtb_softlimit);
519         dst->d_rt_space = quota_bbtob(src->d_rtbcount);
520         dst->d_rt_spc_timer = src->d_rtbtimer;
521         dst->d_rt_spc_warns = src->d_rtbwarns;
522         dst->d_fieldmask = 0;
523         if (src->d_fieldmask & FS_DQ_ISOFT)
524                 dst->d_fieldmask |= QC_INO_SOFT;
525         if (src->d_fieldmask & FS_DQ_IHARD)
526                 dst->d_fieldmask |= QC_INO_HARD;
527         if (src->d_fieldmask & FS_DQ_BSOFT)
528                 dst->d_fieldmask |= QC_SPC_SOFT;
529         if (src->d_fieldmask & FS_DQ_BHARD)
530                 dst->d_fieldmask |= QC_SPC_HARD;
531         if (src->d_fieldmask & FS_DQ_RTBSOFT)
532                 dst->d_fieldmask |= QC_RT_SPC_SOFT;
533         if (src->d_fieldmask & FS_DQ_RTBHARD)
534                 dst->d_fieldmask |= QC_RT_SPC_HARD;
535         if (src->d_fieldmask & FS_DQ_BTIMER)
536                 dst->d_fieldmask |= QC_SPC_TIMER;
537         if (src->d_fieldmask & FS_DQ_ITIMER)
538                 dst->d_fieldmask |= QC_INO_TIMER;
539         if (src->d_fieldmask & FS_DQ_RTBTIMER)
540                 dst->d_fieldmask |= QC_RT_SPC_TIMER;
541         if (src->d_fieldmask & FS_DQ_BWARNS)
542                 dst->d_fieldmask |= QC_SPC_WARNS;
543         if (src->d_fieldmask & FS_DQ_IWARNS)
544                 dst->d_fieldmask |= QC_INO_WARNS;
545         if (src->d_fieldmask & FS_DQ_RTBWARNS)
546                 dst->d_fieldmask |= QC_RT_SPC_WARNS;
547         if (src->d_fieldmask & FS_DQ_BCOUNT)
548                 dst->d_fieldmask |= QC_SPACE;
549         if (src->d_fieldmask & FS_DQ_ICOUNT)
550                 dst->d_fieldmask |= QC_INO_COUNT;
551         if (src->d_fieldmask & FS_DQ_RTBCOUNT)
552                 dst->d_fieldmask |= QC_RT_SPACE;
553 }
554
555 static void copy_qcinfo_from_xfs_dqblk(struct qc_info *dst,
556                                        struct fs_disk_quota *src)
557 {
558         memset(dst, 0, sizeof(*dst));
559         dst->i_spc_timelimit = src->d_btimer;
560         dst->i_ino_timelimit = src->d_itimer;
561         dst->i_rt_spc_timelimit = src->d_rtbtimer;
562         dst->i_ino_warnlimit = src->d_iwarns;
563         dst->i_spc_warnlimit = src->d_bwarns;
564         dst->i_rt_spc_warnlimit = src->d_rtbwarns;
565         if (src->d_fieldmask & FS_DQ_BWARNS)
566                 dst->i_fieldmask |= QC_SPC_WARNS;
567         if (src->d_fieldmask & FS_DQ_IWARNS)
568                 dst->i_fieldmask |= QC_INO_WARNS;
569         if (src->d_fieldmask & FS_DQ_RTBWARNS)
570                 dst->i_fieldmask |= QC_RT_SPC_WARNS;
571         if (src->d_fieldmask & FS_DQ_BTIMER)
572                 dst->i_fieldmask |= QC_SPC_TIMER;
573         if (src->d_fieldmask & FS_DQ_ITIMER)
574                 dst->i_fieldmask |= QC_INO_TIMER;
575         if (src->d_fieldmask & FS_DQ_RTBTIMER)
576                 dst->i_fieldmask |= QC_RT_SPC_TIMER;
577 }
578
579 static int quota_setxquota(struct super_block *sb, int type, qid_t id,
580                            void __user *addr)
581 {
582         struct fs_disk_quota fdq;
583         struct qc_dqblk qdq;
584         struct kqid qid;
585
586         if (copy_from_user(&fdq, addr, sizeof(fdq)))
587                 return -EFAULT;
588         if (!sb->s_qcop->set_dqblk)
589                 return -ENOSYS;
590         qid = make_kqid(current_user_ns(), type, id);
591         if (!qid_has_mapping(sb->s_user_ns, qid))
592                 return -EINVAL;
593         /* Are we actually setting timer / warning limits for all users? */
594         if (from_kqid(sb->s_user_ns, qid) == 0 &&
595             fdq.d_fieldmask & (FS_DQ_WARNS_MASK | FS_DQ_TIMER_MASK)) {
596                 struct qc_info qinfo;
597                 int ret;
598
599                 if (!sb->s_qcop->set_info)
600                         return -EINVAL;
601                 copy_qcinfo_from_xfs_dqblk(&qinfo, &fdq);
602                 ret = sb->s_qcop->set_info(sb, type, &qinfo);
603                 if (ret)
604                         return ret;
605                 /* These are already done */
606                 fdq.d_fieldmask &= ~(FS_DQ_WARNS_MASK | FS_DQ_TIMER_MASK);
607         }
608         copy_from_xfs_dqblk(&qdq, &fdq);
609         return sb->s_qcop->set_dqblk(sb, qid, &qdq);
610 }
611
612 static void copy_to_xfs_dqblk(struct fs_disk_quota *dst, struct qc_dqblk *src,
613                               int type, qid_t id)
614 {
615         memset(dst, 0, sizeof(*dst));
616         dst->d_version = FS_DQUOT_VERSION;
617         dst->d_id = id;
618         if (type == USRQUOTA)
619                 dst->d_flags = FS_USER_QUOTA;
620         else if (type == PRJQUOTA)
621                 dst->d_flags = FS_PROJ_QUOTA;
622         else
623                 dst->d_flags = FS_GROUP_QUOTA;
624         dst->d_blk_hardlimit = quota_btobb(src->d_spc_hardlimit);
625         dst->d_blk_softlimit = quota_btobb(src->d_spc_softlimit);
626         dst->d_ino_hardlimit = src->d_ino_hardlimit;
627         dst->d_ino_softlimit = src->d_ino_softlimit;
628         dst->d_bcount = quota_btobb(src->d_space);
629         dst->d_icount = src->d_ino_count;
630         dst->d_itimer = src->d_ino_timer;
631         dst->d_btimer = src->d_spc_timer;
632         dst->d_iwarns = src->d_ino_warns;
633         dst->d_bwarns = src->d_spc_warns;
634         dst->d_rtb_hardlimit = quota_btobb(src->d_rt_spc_hardlimit);
635         dst->d_rtb_softlimit = quota_btobb(src->d_rt_spc_softlimit);
636         dst->d_rtbcount = quota_btobb(src->d_rt_space);
637         dst->d_rtbtimer = src->d_rt_spc_timer;
638         dst->d_rtbwarns = src->d_rt_spc_warns;
639 }
640
641 static int quota_getxquota(struct super_block *sb, int type, qid_t id,
642                            void __user *addr)
643 {
644         struct fs_disk_quota fdq;
645         struct qc_dqblk qdq;
646         struct kqid qid;
647         int ret;
648
649         if (!sb->s_qcop->get_dqblk)
650                 return -ENOSYS;
651         qid = make_kqid(current_user_ns(), type, id);
652         if (!qid_has_mapping(sb->s_user_ns, qid))
653                 return -EINVAL;
654         ret = sb->s_qcop->get_dqblk(sb, qid, &qdq);
655         if (ret)
656                 return ret;
657         copy_to_xfs_dqblk(&fdq, &qdq, type, id);
658         if (copy_to_user(addr, &fdq, sizeof(fdq)))
659                 return -EFAULT;
660         return ret;
661 }
662
663 /*
664  * Return quota for next active quota >= this id, if any exists,
665  * otherwise return -ENOENT via ->get_nextdqblk.
666  */
667 static int quota_getnextxquota(struct super_block *sb, int type, qid_t id,
668                             void __user *addr)
669 {
670         struct fs_disk_quota fdq;
671         struct qc_dqblk qdq;
672         struct kqid qid;
673         qid_t id_out;
674         int ret;
675
676         if (!sb->s_qcop->get_nextdqblk)
677                 return -ENOSYS;
678         qid = make_kqid(current_user_ns(), type, id);
679         if (!qid_has_mapping(sb->s_user_ns, qid))
680                 return -EINVAL;
681         ret = sb->s_qcop->get_nextdqblk(sb, &qid, &qdq);
682         if (ret)
683                 return ret;
684         id_out = from_kqid(current_user_ns(), qid);
685         copy_to_xfs_dqblk(&fdq, &qdq, type, id_out);
686         if (copy_to_user(addr, &fdq, sizeof(fdq)))
687                 return -EFAULT;
688         return ret;
689 }
690
691 static int quota_rmxquota(struct super_block *sb, void __user *addr)
692 {
693         __u32 flags;
694
695         if (copy_from_user(&flags, addr, sizeof(flags)))
696                 return -EFAULT;
697         if (!sb->s_qcop->rm_xquota)
698                 return -ENOSYS;
699         return sb->s_qcop->rm_xquota(sb, flags);
700 }
701
702 /* Copy parameters and call proper function */
703 static int do_quotactl(struct super_block *sb, int type, int cmd, qid_t id,
704                        void __user *addr, struct path *path)
705 {
706         int ret;
707
708         if (type >= (XQM_COMMAND(cmd) ? XQM_MAXQUOTAS : MAXQUOTAS))
709                 return -EINVAL;
710         type = array_index_nospec(type, MAXQUOTAS);
711         /*
712          * Quota not supported on this fs? Check this before s_quota_types
713          * since they needn't be set if quota is not supported at all.
714          */
715         if (!sb->s_qcop)
716                 return -ENOSYS;
717         if (!(sb->s_quota_types & (1 << type)))
718                 return -EINVAL;
719
720         ret = check_quotactl_permission(sb, type, cmd, id);
721         if (ret < 0)
722                 return ret;
723
724         switch (cmd) {
725         case Q_QUOTAON:
726                 return quota_quotaon(sb, type, id, path);
727         case Q_QUOTAOFF:
728                 return quota_quotaoff(sb, type);
729         case Q_GETFMT:
730                 return quota_getfmt(sb, type, addr);
731         case Q_GETINFO:
732                 return quota_getinfo(sb, type, addr);
733         case Q_SETINFO:
734                 return quota_setinfo(sb, type, addr);
735         case Q_GETQUOTA:
736                 return quota_getquota(sb, type, id, addr);
737         case Q_GETNEXTQUOTA:
738                 return quota_getnextquota(sb, type, id, addr);
739         case Q_SETQUOTA:
740                 return quota_setquota(sb, type, id, addr);
741         case Q_SYNC:
742                 if (!sb->s_qcop->quota_sync)
743                         return -ENOSYS;
744                 return sb->s_qcop->quota_sync(sb, type);
745         case Q_XQUOTAON:
746                 return quota_enable(sb, addr);
747         case Q_XQUOTAOFF:
748                 return quota_disable(sb, addr);
749         case Q_XQUOTARM:
750                 return quota_rmxquota(sb, addr);
751         case Q_XGETQSTAT:
752                 return quota_getxstate(sb, addr);
753         case Q_XGETQSTATV:
754                 return quota_getxstatev(sb, addr);
755         case Q_XSETQLIM:
756                 return quota_setxquota(sb, type, id, addr);
757         case Q_XGETQUOTA:
758                 return quota_getxquota(sb, type, id, addr);
759         case Q_XGETNEXTQUOTA:
760                 return quota_getnextxquota(sb, type, id, addr);
761         case Q_XQUOTASYNC:
762                 if (sb->s_flags & MS_RDONLY)
763                         return -EROFS;
764                 /* XFS quotas are fully coherent now, making this call a noop */
765                 return 0;
766         default:
767                 return -EINVAL;
768         }
769 }
770
771 #ifdef CONFIG_BLOCK
772
773 /* Return 1 if 'cmd' will block on frozen filesystem */
774 static int quotactl_cmd_write(int cmd)
775 {
776         /*
777          * We cannot allow Q_GETQUOTA and Q_GETNEXTQUOTA without write access
778          * as dquot_acquire() may allocate space for new structure and OCFS2
779          * needs to increment on-disk use count.
780          */
781         switch (cmd) {
782         case Q_GETFMT:
783         case Q_GETINFO:
784         case Q_SYNC:
785         case Q_XGETQSTAT:
786         case Q_XGETQSTATV:
787         case Q_XGETQUOTA:
788         case Q_XGETNEXTQUOTA:
789         case Q_XQUOTASYNC:
790                 return 0;
791         }
792         return 1;
793 }
794
795 #endif /* CONFIG_BLOCK */
796
797 /*
798  * look up a superblock on which quota ops will be performed
799  * - use the name of a block device to find the superblock thereon
800  */
801 static struct super_block *quotactl_block(const char __user *special, int cmd)
802 {
803 #ifdef CONFIG_BLOCK
804         struct block_device *bdev;
805         struct super_block *sb;
806         struct filename *tmp = getname(special);
807
808         if (IS_ERR(tmp))
809                 return ERR_CAST(tmp);
810         bdev = lookup_bdev(tmp->name);
811         putname(tmp);
812         if (IS_ERR(bdev))
813                 return ERR_CAST(bdev);
814         if (quotactl_cmd_write(cmd))
815                 sb = get_super_thawed(bdev);
816         else
817                 sb = get_super(bdev);
818         bdput(bdev);
819         if (!sb)
820                 return ERR_PTR(-ENODEV);
821
822         return sb;
823 #else
824         return ERR_PTR(-ENODEV);
825 #endif
826 }
827
828 /*
829  * This is the system call interface. This communicates with
830  * the user-level programs. Currently this only supports diskquota
831  * calls. Maybe we need to add the process quotas etc. in the future,
832  * but we probably should use rlimits for that.
833  */
834 SYSCALL_DEFINE4(quotactl, unsigned int, cmd, const char __user *, special,
835                 qid_t, id, void __user *, addr)
836 {
837         uint cmds, type;
838         struct super_block *sb = NULL;
839         struct path path, *pathp = NULL;
840         int ret;
841
842         cmds = cmd >> SUBCMDSHIFT;
843         type = cmd & SUBCMDMASK;
844
845         /*
846          * As a special case Q_SYNC can be called without a specific device.
847          * It will iterate all superblocks that have quota enabled and call
848          * the sync action on each of them.
849          */
850         if (!special) {
851                 if (cmds == Q_SYNC)
852                         return quota_sync_all(type);
853                 return -ENODEV;
854         }
855
856         /*
857          * Path for quotaon has to be resolved before grabbing superblock
858          * because that gets s_umount sem which is also possibly needed by path
859          * resolution (think about autofs) and thus deadlocks could arise.
860          */
861         if (cmds == Q_QUOTAON) {
862                 ret = user_path_at(AT_FDCWD, addr, LOOKUP_FOLLOW|LOOKUP_AUTOMOUNT, &path);
863                 if (ret)
864                         pathp = ERR_PTR(ret);
865                 else
866                         pathp = &path;
867         }
868
869         sb = quotactl_block(special, cmds);
870         if (IS_ERR(sb)) {
871                 ret = PTR_ERR(sb);
872                 goto out;
873         }
874
875         ret = do_quotactl(sb, type, cmds, id, addr, pathp);
876
877         drop_super(sb);
878 out:
879         if (pathp && !IS_ERR(pathp))
880                 path_put(pathp);
881         return ret;
882 }