quota_ufs.c revision 7c478bd95313f5f23a4c958a745db2134aa03244
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License, Version 1.0 only
* (the "License"). You may not use this file except in compliance
* with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright 2004 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
/* Copyright (c) 1983, 1984, 1985, 1986, 1987, 1988, 1989 AT&T */
/* All Rights Reserved */
/*
* University Copyright- Copyright (c) 1982, 1986, 1988
* The Regents of the University of California
* All Rights Reserved
*
* University Acknowledgment- Portions of this document are derived from
* software developed by the University of California, Berkeley, and its
* contributors.
*/
#pragma ident "%Z%%M% %I% %E% SMI"
/*
* Routines used in checking limits on file system usage.
*/
/*
* Find the dquot structure that should
* be used in checking i/o on inode ip.
*/
struct dquot *
{
/*
* Check for quotas enabled.
*/
return (NULL);
}
/*
* Check for someone doing I/O to quota file.
*/
return (NULL);
}
/*
* Check for a legal inode, e.g. not a shadow inode,
* not a extended attribute directory inode and a valid mode.
*/
return (NULL);
}
} else {
}
return (dqp);
}
/*
* Update disk usage, and take corrective action.
*/
int
{
int error = 0;
long abs_change;
char *msg1 =
"!quota_ufs: over hard disk limit (pid %d, uid %d, inum %d, fs %s)\n";
char *msg2 =
"!quota_ufs: Warning: over disk limit (pid %d, uid %d, inum %d, fs %s)\n";
char *msg3 =
"!quota_ufs: over disk and time limit (pid %d, uid %d, inum %d, fs %s)\n";
char *msg4 =
"!quota_ufs: Warning: quota overflow (pid %d, uid %d, inum %d, fs %s)\n";
/*
* Shadow inodes do not need to hold the vfs_dqrwlock lock.
*/
if (change == 0)
return (0);
/*
* Make sure the quota info record matches the owner.
*/
#ifdef DEBUG
/*
* Shadow inodes and extended attribute directories
* should not have quota info records.
*/
}
/*
* Paranoia for verifying that quotas are okay.
*/
else {
int mismatch_ok = 0;
/* Get current quota information */
/*
* We got NULL back from getinoquota(), but there is
* no error code return from that interface and some
* errors are "ok" because we may be testing via error
* injection. If this is not the quota inode then we
* use getdiskquota() to see if there is an error and
* if the error is ok.
*/
int error;
&xdqp);
switch (error) {
/*
* Either the error was transient or the quota
* info record has no limits which gets optimized
* out by getinoquota().
*/
case 0:
if (xdqp->dq_fhardlimit == 0 &&
xdqp->dq_fsoftlimit == 0 &&
xdqp->dq_bhardlimit == 0 &&
xdqp->dq_bsoftlimit == 0) {
} else {
}
break;
case ESRCH: /* quotas are not enabled */
case EINVAL: /* error flag set on cached record */
case EUSERS: /* quota table is full */
case EIO: /* I/O error */
mismatch_ok = 1;
break;
}
}
/*
* Make sure dqp and the current quota info agree.
* The first part of the #ifndef is the quick way to
* do the check and should be part of the standard
* DEBUG code. The #else part is useful if you are
* actually chasing an inconsistency and don't want
* to have to look at stack frames to figure which
* variable has what value.
*/
#ifndef CHASE_QUOTA
#else /* CHASE_QUOTA */
/*
* If you hit this ASSERT() you know that quota
* subsystem does not expect quota info for this
* inode, but the inode has it.
*/
} else {
/*
* If you hit this ASSERT() you know that quota
* subsystem expects quota info for this inode,
* but the inode does not have it.
*/
/*
* If you hit this ASSERT() you know that quota
* subsystem expects quota info for this inode
* and the inode has quota info, but the two
* quota info pointers are not the same.
*/
}
#endif /* !CHASE_QUOTA */
/*
* Release for getinoquota() above or getdiskquota()
* call when error is transient.
*/
if (expect_dq) {
}
}
#endif /* DEBUG */
/*
* Shadow inodes and extended attribute directories
* do not have quota info records.
*/
return (0);
/*
* Quotas are not enabled on this file system so there is nothing
* more to do.
*/
return (0);
}
if (change < 0) {
dqp->dq_curblocks = 0;
else
dqp->dq_btimelimit = 0;
return (0);
}
/*
* Adding 'change' to dq_curblocks could cause an overflow.
* So store the result in a 64-bit variable and check for
* overflow below.
*/
/*
* Allocation. Check hard and soft limits.
* Skip checks for uid 0 owned files.
* This check used to require both euid and ip->i_uid
* to be 0; but there are no quotas for uid 0 so
* it really doesn't matter who is writing to the
* root owned file. And even root cannot write
* past a user's quota limit.
*/
goto out;
/*
* Disallow allocation if it would bring the current usage over
* the hard limit or if the user is over his soft limit and his time
* has run out.
*/
!force) {
/* If the user was not informed yet and the caller */
/* is the owner of the file */
}
goto out;
}
now = gethrestime_sec();
dqp->dq_btimelimit == 0) {
}
/* If the user was not informed yet and the */
/* caller is the owner of the file */
}
}
}
out:
if (error == 0) {
/*
* ncurblocks can be bigger than the maximum
* number that can be represented in 32-bits.
* When copying ncurblocks to dq_curblocks
* (an unsigned 32-bit quantity), make sure there
* is no overflow. The only way this can happen
* is if "force" is set. Otherwise, this allocation
* would have exceeded the hard limit check above
* (since the hard limit is a 32-bit quantity).
*/
if (ncurblocks > 0xffffffffLL) {
} else {
}
}
/*
* Check for any error messages to be sent
*/
/*
* Send message to the error log.
*/
/*
* Set up message caller should send to user;
* gets copied to the message buffer as a side-
* effect of the caller's uprintf().
*/
/* errmsg+1 => skip leading ! */
}
} else {
/*
* Caller doesn't care, so just copy to the
* message buffer.
*/
}
}
return (error);
}
/*
* Check the inode limit, applying corrective action.
*/
int
{
unsigned int ncurfiles;
char *err1 =
"!quota_ufs: over file hard limit (pid %d, uid %d, fs %s)\n";
char *err2 =
"!quota_ufs: Warning: too many files (pid %d, uid %d, fs %s)\n";
char *err3 =
"!quota_ufs: over file and time limit (pid %d, uid %d, fs %s)\n";
int error = 0;
/*
* Change must be either a single increment or decrement.
* If change is an increment, then ip must be NULL.
*/
/*
* Quotas are not enabled so bail out now.
*/
return (0);
}
/*
* Free a specific inode.
*/
/*
* Shadow inodes and extended attribute directories
* do not have quota info records.
*/
return (0);
if (dqp->dq_curfiles) {
dqp->dq_curfiles--;
}
dqp->dq_ftimelimit = 0;
}
return (0);
}
/*
* Allocation or deallocation without a specific inode.
* Get dquot for for uid, fs.
*/
return (0);
}
return (0);
}
/*
* Skip checks for uid 0 owned files.
* This check used to require both euid and uid
* to be 0; but there are no quotas for uid 0 so
* it really doesn't matter who is writing to the
* root owned file. And even root can not write
* past the user's quota limit.
*/
if (uid == 0)
goto out;
/*
* Theoretically, this could overflow, but in practice, it
* won't. Multi-terabyte file systems are required to have an
* nbpi value of at least 1MB. In order to overflow this
* field, there would have to be 2^32 inodes in the file.
* That would imply a file system of 2^32 * 1MB, which is
* 2^(32 + 20), which is 4096 terabytes, which is not
* contemplated for ufs any time soon.
*/
/*
* Dissallow allocation if it would bring the current usage over
* the hard limit or if the user is over his soft limit and his time
* has run out.
*/
/* If the user was not informed yet and the caller */
/* is the owner of the file */
}
dqp->dq_fsoftlimit) {
now = gethrestime_sec();
dqp->dq_ftimelimit == 0) {
/* If the caller owns the file */
/* If the user was not informed yet and the */
/* caller is the owner of the file */
}
}
}
out:
if (error == 0) {
}
/*
* Check for any error messages to be sent
*/
/*
* Send message to the error log.
*/
/*
* Set up message caller should send to user;
* gets copied to the message buffer as a side-
* effect of the caller's uprintf().
*/
/* errmsg+1 => skip leading ! */
}
} else {
/*
* Caller doesn't care, so just copy to the
* message buffer.
*/
}
}
return (error);
}
/*
* Release a dquot.
*/
void
{
/*
* Shadow inodes and extended attribute directories
* do not have quota info records.
*/
}
}