xref: /netbsd-src/sbin/fsck_ffs/quota2.c (revision 252616f8e47e14afc82239fa7a1a911a996cf37b)
1 /* $NetBSD: quota2.c,v 1.8 2023/07/04 20:40:53 riastradh Exp $ */
2 
3 /*-
4   * Copyright (c) 2010 Manuel Bouyer
5   * All rights reserved.
6   *
7   * Redistribution and use in source and binary forms, with or without
8   * modification, are permitted provided that the following conditions
9   * are met:
10   * 1. Redistributions of source code must retain the above copyright
11   *    notice, this list of conditions and the following disclaimer.
12   * 2. Redistributions in binary form must reproduce the above copyright
13   *    notice, this list of conditions and the following disclaimer in the
14   *    documentation and/or other materials provided with the distribution.
15   *
16   * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
17   * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18   * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19   * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
20   * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22   * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23   * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24   * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26   * POSSIBILITY OF SUCH DAMAGE.
27   */
28 
29 #include <sys/param.h>
30 #include <sys/time.h>
31 
32 #include <ufs/ufs/dinode.h>
33 #include <ufs/ffs/fs.h>
34 #include <ufs/ffs/ffs_extern.h>
35 #include <ufs/ufs/ufs_bswap.h>
36 
37 #include <err.h>
38 #include <string.h>
39 #include <stdlib.h>
40 #include <ufs/ufs/quota2.h>
41 
42 #include "fsutil.h"
43 #include "fsck.h"
44 #include "extern.h"
45 #include "exitvalues.h"
46 
47 static char **quotamap;
48 
49 void
quota2_create_inode(struct fs * fs,int type)50 quota2_create_inode(struct fs *fs, int type)
51 {
52 	ino_t ino;
53 	struct bufarea *bp;
54 	union dinode *dp;
55 
56 	ino = allocino(0, IFREG);
57 	dp = ginode(ino);
58 	DIP_SET(dp, nlink, iswap16(1));
59 	inodirty();
60 
61 	if (readblk(dp, 0, &bp) != sblock->fs_bsize ||
62 	    bp->b_errs != 0) {
63 		freeino(ino);
64 		return;
65 	}
66 	quota2_create_blk0(sblock->fs_bsize, bp->b_un.b_buf,
67 	    q2h_hash_shift, type, needswap);
68 	dirty(bp);
69 	bp->b_flags &= ~B_INUSE;
70 	sblock->fs_quotafile[type] = ino;
71 	sbdirty();
72 	return;
73 }
74 
75 int
quota2_alloc_quota(union dinode * dp,struct bufarea * hbp,uid_t uid,uint64_t u_b,uint64_t u_i)76 quota2_alloc_quota(union dinode * dp, struct bufarea *hbp,
77 	uid_t uid, uint64_t u_b, uint64_t u_i)
78 {
79 	struct bufarea *bp;
80 	struct quota2_header *q2h = (void *)hbp->b_un.b_buf;
81 	struct quota2_entry *q2e;
82 	uint64_t off;
83 	uint64_t baseoff;
84 
85 	off = iswap64(q2h->q2h_free);
86 	if (off == 0) {
87 		baseoff = iswap64(DIP(dp, size));
88 		if ((bp = expandfile(dp)) == NULL) {
89 			pfatal("SORRY, CAN'T EXPAND QUOTA INODE\n");
90 			markclean = 0;
91 			return (0);
92 		}
93 		quota2_addfreeq2e(q2h, bp->b_un.b_buf, baseoff,
94 		    sblock->fs_bsize, needswap);
95 		dirty(bp);
96 		bp->b_flags &= ~B_INUSE;
97 		off = iswap64(q2h->q2h_free);
98 		if (off == 0)
99 			errexit("INTERNAL ERROR: "
100 			    "addfreeq2e didn't fill free list\n");
101 	}
102 	if (off < (uint64_t)sblock->fs_bsize) {
103 		/* in the header block */
104 		bp = hbp;
105 	} else {
106 		if (readblk(dp, off, &bp) != sblock->fs_bsize ||
107 		    bp->b_errs != 0) {
108 			pwarn("CAN'T READ QUOTA BLOCK\n");
109 			return FSCK_EXIT_CHECK_FAILED;
110 		}
111 	}
112 	q2e = (void *)((caddr_t)(bp->b_un.b_buf) +
113 	    (off % sblock->fs_bsize));
114 	/* remove from free list */
115 	q2h->q2h_free = q2e->q2e_next;
116 
117 	memcpy(q2e, &q2h->q2h_defentry, sizeof(*q2e));
118 	q2e->q2e_uid = iswap32(uid);
119 	q2e->q2e_val[QL_BLOCK].q2v_cur = iswap64(u_b);
120 	q2e->q2e_val[QL_FILE].q2v_cur = iswap64(u_i);
121 	/* insert in hash list */
122 	q2e->q2e_next = q2h->q2h_entries[uid & q2h_hash_mask];
123 	q2h->q2h_entries[uid & q2h_hash_mask] = iswap64(off);
124 	dirty(bp);
125 	dirty(hbp);
126 
127 	if (bp != hbp)
128 		bp->b_flags &= ~B_INUSE;
129 	return 0;
130 }
131 
132 /* walk a quota entry list, calling the callback for each entry */
133 static int quota2_walk_list(union dinode *, struct bufarea *, uint64_t *,
134     void *, int (*func)(uint64_t *, struct quota2_entry *, uint64_t, void *));
135 /* flags used by callbacks return */
136 #define Q2WL_ABORT 0x01
137 #define Q2WL_DIRTY 0x02
138 
139 static int
quota2_walk_list(union dinode * dp,struct bufarea * hbp,uint64_t * offp,void * a,int (* func)(uint64_t *,struct quota2_entry *,uint64_t,void *))140 quota2_walk_list(union dinode *dp, struct bufarea *hbp, uint64_t *offp, void *a,
141     int (*func)(uint64_t *, struct quota2_entry *, uint64_t, void *))
142 {
143 	daddr_t off = iswap64(*offp);
144 	struct bufarea *bp, *obp = hbp;
145 	int ret;
146 	struct quota2_entry *q2e;
147 
148 	while (off != 0) {
149 		if (off < sblock->fs_bsize) {
150 			/* in the header block */
151 			bp = hbp;
152 		} else {
153 			if (readblk(dp, off, &bp) != sblock->fs_bsize ||
154 			    bp->b_errs != 0) {
155 				pwarn("CAN'T READ QUOTA BLOCK");
156 				return FSCK_EXIT_CHECK_FAILED;
157 			}
158 		}
159 		q2e = (void *)((caddr_t)(bp->b_un.b_buf) +
160 		    (off % sblock->fs_bsize));
161 		ret = (*func)(offp, q2e, off, a);
162 		if (ret & Q2WL_DIRTY)
163 			dirty(bp);
164 		if (ret & Q2WL_ABORT)
165 			return FSCK_EXIT_CHECK_FAILED;
166 		if ((uint64_t)off != iswap64(*offp)) {
167 			/* callback changed parent's pointer, redo */
168 			dirty(obp);
169 			off = iswap64(*offp);
170 			if (bp != hbp && bp != obp)
171 				bp->b_flags &= ~B_INUSE;
172 		} else {
173 			/* parent if now current */
174 			if (obp != bp && obp != hbp)
175 				obp->b_flags &= ~B_INUSE;
176 			obp = bp;
177 			offp = &(q2e->q2e_next);
178 			off = iswap64(*offp);
179 		}
180 	}
181 	if (obp != hbp)
182 		obp->b_flags &= ~B_INUSE;
183 	return 0;
184 }
185 
186 static int quota2_list_check(uint64_t *, struct quota2_entry *, uint64_t,
187     void *);
188 static int
quota2_list_check(uint64_t * offp,struct quota2_entry * q2e,uint64_t off,void * v)189 quota2_list_check(uint64_t *offp, struct quota2_entry *q2e, uint64_t off,
190     void *v)
191 {
192 	int *hash = v;
193 	const int quota2_hash_size = 1 << q2h_hash_shift;
194 	const int quota2_full_header_size = sizeof(struct quota2_header) +
195 	    sizeof(uint64_t) * quota2_hash_size;
196 	uint64_t blk = off / sblock->fs_bsize;
197 	uint64_t boff = off % sblock->fs_bsize;
198 	int qidx = off2qindex((blk == 0) ? quota2_full_header_size : 0, boff);
199 
200 	/* check that we're not already in a list */
201 	if (!isset(quotamap[blk], qidx)) {
202 		pwarn("DUPLICATE QUOTA ENTRY");
203 	} else {
204 		clrbit(quotamap[blk], qidx);
205 		/* check that we're in the right hash entry */
206 		if (*hash < 0)
207 			return 0;
208 		if ((uint32_t)*hash == (iswap32(q2e->q2e_uid) & q2h_hash_mask))
209 			return 0;
210 
211 		pwarn("QUOTA uid %d IN WRONG HASH LIST %d",
212 		    iswap32(q2e->q2e_uid), *hash);
213 		/*
214 		 * remove from list, but keep the bit so
215 		 * it'll be added back to the free list
216 		 */
217 		setbit(quotamap[blk], qidx);
218 	}
219 
220 	if (preen)
221 		printf(" (FIXED)\n");
222 	else if (!reply("FIX")) {
223 		markclean = 0;
224 		return 0;
225 	}
226 	/* remove this entry from the list */
227 	*offp = q2e->q2e_next;
228 	q2e->q2e_next = 0;
229 	return Q2WL_DIRTY;
230 }
231 
232 int
quota2_check_inode(int type)233 quota2_check_inode(int type)
234 {
235 	const char *strtype = (type == USRQUOTA) ? "user" : "group";
236 	const char *capstrtype = (type == USRQUOTA) ? "USER" : "GROUP";
237 
238 	struct bufarea *bp, *hbp;
239 	union dinode *dp;
240 	struct quota2_header *q2h;
241 	struct quota2_entry *q2e;
242 	int freei = 0;
243 	int mode;
244 	daddr_t off;
245 	int nq2e, nq2map, i, j, ret;
246 	uint64_t /* blocks, e_blocks, */ filesize;
247 
248 	const int quota2_hash_size = 1 << q2h_hash_shift;
249 	const int quota2_full_header_size = sizeof(struct quota2_header) +
250 	    sizeof(q2h->q2h_entries[0]) * quota2_hash_size;
251 
252 	if ((sblock->fs_quota_flags & FS_Q2_DO_TYPE(type)) == 0)
253 		return 0;
254 	if (sblock->fs_quotafile[type] != 0) {
255 		struct inostat *info;
256 
257 		info = inoinfo(sblock->fs_quotafile[type]);
258 		switch(info->ino_state) {
259 		case FSTATE:
260 			break;
261 		case DSTATE:
262 			freei = 1;
263 			/* FALLTHROUGH */
264 		case DFOUND:
265 			pwarn("%s QUOTA INODE %" PRIu64 " IS A DIRECTORY",
266 			    capstrtype, sblock->fs_quotafile[type]);
267 			goto clear;
268 		case USTATE:
269 		case DCLEAR:
270 		case FCLEAR:
271 			pwarn("UNALLOCATED %s QUOTA INODE %" PRIu64,
272 			    capstrtype, sblock->fs_quotafile[type]);
273 			goto clear;
274 		default:
275 			pfatal("INTERNAL ERROR: wrong quota inode %" PRIu64
276 			    " type %d\n", sblock->fs_quotafile[type],
277 			    info->ino_state);
278 			exit(FSCK_EXIT_CHECK_FAILED);
279 		}
280 		dp = ginode(sblock->fs_quotafile[type]);
281 		mode = iswap16(DIP(dp, mode)) & IFMT;
282 		switch(mode) {
283 		case IFREG:
284 			break;
285 		default:
286 			pwarn("WRONG TYPE %d for %s QUOTA INODE %" PRIu64,
287 			    mode, capstrtype, sblock->fs_quotafile[type]);
288 			freei = 1;
289 			goto clear;
290 		}
291 #if 0
292 		blocks = is_ufs2 ? iswap64(dp->dp2.di_blocks) :
293 		    iswap32(dp->dp1.di_blocks);
294 		filesize = iswap64(DIP(dp, size));
295 		e_blocks = btodb(filesize);
296 		if (btodb(filesize) != blocks) {
297 			pwarn("%s QUOTA INODE %" PRIu64 " HAS EMPTY BLOCKS",
298 			    capstrtype, sblock->fs_quotafile[type]);
299 			freei = 1;
300 			goto clear;
301 		}
302 #endif
303 		if (readblk(dp, 0, &hbp) != sblock->fs_bsize ||
304 		    hbp->b_errs != 0) {
305 			freeino(sblock->fs_quotafile[type]);
306 			sblock->fs_quotafile[type] = 0;
307 			goto alloc;
308 		}
309 		q2h = (void *)hbp->b_un.b_buf;
310 		if (q2h->q2h_magic_number != iswap32(Q2_HEAD_MAGIC) ||
311 		    q2h->q2h_type != type ||
312 		    q2h->q2h_hash_shift != q2h_hash_shift ||
313 		    q2h->q2h_hash_size != iswap16(quota2_hash_size)) {
314 			pwarn("CORRUPTED %s QUOTA INODE %" PRIu64, capstrtype,
315 			    sblock->fs_quotafile[type]);
316 			freei = 1;
317 			hbp->b_flags &= ~B_INUSE;
318 clear:
319 			if (preen)
320 				printf(" (CLEARED)\n");
321 			else {
322 				if (!reply("CLEAR")) {
323 					markclean = 0;
324 					return FSCK_EXIT_CHECK_FAILED;
325 				}
326 			}
327 			if (freei)
328 				freeino(sblock->fs_quotafile[type]);
329 			sblock->fs_quotafile[type] = 0;
330 		}
331 	}
332 alloc:
333 	if (sblock->fs_quotafile[type] == 0) {
334 		pwarn("NO %s QUOTA INODE", capstrtype);
335 		if (preen)
336 			printf(" (CREATED)\n");
337 		else {
338 			if (!reply("CREATE")) {
339 				markclean = 0;
340 				return FSCK_EXIT_CHECK_FAILED;
341 			}
342 		}
343 		quota2_create_inode(sblock, type);
344 	}
345 
346 	dp = ginode(sblock->fs_quotafile[type]);
347 	if (readblk(dp, 0, &hbp) != sblock->fs_bsize ||
348 	    hbp->b_errs != 0) {
349 		pfatal("can't re-read %s quota header\n", strtype);
350 		exit(FSCK_EXIT_CHECK_FAILED);
351 	}
352 	q2h = (void *)hbp->b_un.b_buf;
353 	filesize = iswap64(DIP(dp, size));
354 	nq2map = filesize / sblock->fs_bsize;
355 	quotamap = malloc(sizeof(*quotamap) * nq2map);
356 	/* map for full blocks */
357 	for (i = 0; i < nq2map; i++) {
358 		nq2e = (sblock->fs_bsize -
359 		    ((i == 0) ? quota2_full_header_size : 0)) / sizeof(*q2e);
360 		quotamap[i] = calloc(roundup(howmany(nq2e, NBBY),
361 		    sizeof(int16_t)), sizeof(char));
362 		for (j = 0; j < nq2e; j++)
363 			setbit(quotamap[i], j);
364 	}
365 
366 	/* check that all entries are in the lists (and only once) */
367 	i = -1;
368 	ret = quota2_walk_list(dp, hbp, &q2h->q2h_free, &i, quota2_list_check);
369 	if (ret)
370 		return ret;
371 	for (i = 0; i < quota2_hash_size; i++) {
372 		ret = quota2_walk_list(dp, hbp, &q2h->q2h_entries[i], &i,
373 		    quota2_list_check);
374 		if (ret)
375 			return ret;
376 	}
377 	for (i = 0; i < nq2map; i++) {
378 		nq2e = (sblock->fs_bsize -
379 		    ((i == 0) ? quota2_full_header_size : 0)) / sizeof(*q2e);
380 		for (j = 0; j < nq2e; j++) {
381 			if (!isset(quotamap[i], j))
382 				continue;
383 			pwarn("QUOTA ENTRY NOT IN LIST");
384 			if (preen)
385 				printf(" (FIXED)\n");
386 			else if (!reply("FIX")) {
387 				markclean = 0;
388 				break;
389 			}
390 			off = qindex2off(
391 			    (i == 0) ? quota2_full_header_size : 0, j);
392 			if (i == 0)
393 				bp = hbp;
394 			else {
395 				if (readblk(dp, i * sblock->fs_bsize, &bp)
396 				    != sblock->fs_bsize || bp->b_errs != 0) {
397 					pfatal("can't read %s quota entry\n",
398 					    strtype);
399 					break;
400 				}
401 			}
402 			q2e = (void *)((caddr_t)(bp->b_un.b_buf) + off);
403 			q2e->q2e_next = q2h->q2h_free;
404 			q2h->q2h_free = iswap64(off + i * sblock->fs_bsize);
405 			dirty(bp);
406 			dirty(hbp);
407 			if (bp != hbp)
408 				bp->b_flags &= ~B_INUSE;
409 		}
410 	}
411 	hbp->b_flags &= ~B_INUSE;
412 	return 0;
413 }
414 
415 /* compare/update on-disk usages to what we computed */
416 
417 struct qcheck_arg {
418 	const char *capstrtype;
419 	struct uquot_hash *uquot_hash;
420 };
421 
422 static int quota2_list_qcheck(uint64_t *, struct quota2_entry *, uint64_t,
423     void *);
424 static int
quota2_list_qcheck(uint64_t * offp,struct quota2_entry * q2e,uint64_t off,void * v)425 quota2_list_qcheck(uint64_t *offp, struct quota2_entry *q2e, uint64_t off,
426     void *v)
427 {
428 	uid_t uid = iswap32(q2e->q2e_uid);
429 	struct qcheck_arg *a = v;
430 	struct uquot *uq;
431 	struct uquot uq_null;
432 
433 	memset(&uq_null, 0, sizeof(uq_null));
434 
435 	uq = find_uquot(a->uquot_hash, uid, 0);
436 
437 	if (uq == NULL)
438 		uq = &uq_null;
439 	else
440 		remove_uquot(a->uquot_hash, uq);
441 
442 	if (iswap64(q2e->q2e_val[QL_BLOCK].q2v_cur) == uq->uq_b &&
443 	    iswap64(q2e->q2e_val[QL_FILE].q2v_cur) == uq->uq_i)
444 		return 0;
445 	pwarn("%s QUOTA MISMATCH FOR ID %d: %" PRIu64 "/%" PRIu64 " SHOULD BE "
446 	    "%" PRIu64 "/%" PRIu64, a->capstrtype, uid,
447 	    iswap64(q2e->q2e_val[QL_BLOCK].q2v_cur),
448 	    iswap64(q2e->q2e_val[QL_FILE].q2v_cur), uq->uq_b, uq->uq_i);
449 	if (preen) {
450 		printf(" (FIXED)\n");
451 	} else if (!reply("FIX")) {
452 		markclean = 0;
453 		return 0;
454 	}
455 	q2e->q2e_val[QL_BLOCK].q2v_cur = iswap64(uq->uq_b);
456 	q2e->q2e_val[QL_FILE].q2v_cur = iswap64(uq->uq_i);
457 	return Q2WL_DIRTY;
458 }
459 
460 int
quota2_check_usage(int type)461 quota2_check_usage(int type)
462 {
463 	const char *strtype = (type == USRQUOTA) ? "user" : "group";
464 	const char *capstrtype = (type == USRQUOTA) ? "USER" : "GROUP";
465 
466 	struct bufarea *hbp;
467 	union dinode *dp;
468 	struct quota2_header *q2h;
469 	struct qcheck_arg a;
470 	int i, ret;
471 	const int quota2_hash_size = 1 << q2h_hash_shift;
472 
473 	if ((sblock->fs_quota_flags & FS_Q2_DO_TYPE(type)) == 0)
474 		return 0;
475 
476 	a.capstrtype = capstrtype;
477 	a.uquot_hash =
478 	    (type == USRQUOTA) ? uquot_user_hash : uquot_group_hash;
479 	dp = ginode(sblock->fs_quotafile[type]);
480 	if (readblk(dp, 0, &hbp) != sblock->fs_bsize ||
481 	    hbp->b_errs != 0) {
482 		pfatal("can't re-read %s quota header\n", strtype);
483 		exit(FSCK_EXIT_CHECK_FAILED);
484 	}
485 	q2h = (void *)hbp->b_un.b_buf;
486 	for (i = 0; i < quota2_hash_size; i++) {
487 		ret = quota2_walk_list(dp, hbp, &q2h->q2h_entries[i], &a,
488 		    quota2_list_qcheck);
489 		if (ret)
490 			return ret;
491 	}
492 
493 	for (i = 0; i < quota2_hash_size; i++) {
494 		struct uquot *uq;
495 		SLIST_FOREACH(uq, &a.uquot_hash[i], uq_entries) {
496 			pwarn("%s QUOTA MISMATCH FOR ID %d: 0/0"
497 			    " SHOULD BE %" PRIu64 "/%" PRIu64, capstrtype,
498 			    uq->uq_uid, uq->uq_b, uq->uq_i);
499 			if (preen) {
500 				printf(" (ALLOCATED)\n");
501 			} else if (!reply("ALLOC")) {
502 				markclean = 0;
503 				return 0;
504 			}
505 			ret = quota2_alloc_quota(dp, hbp,
506 			    uq->uq_uid, uq->uq_b, uq->uq_i);
507 			if (ret)
508 				return ret;
509 		}
510 	}
511 	hbp->b_flags &= ~B_INUSE;
512 	return 0;
513 }
514 
515 /*
516  * check if a quota check needs to be run, regardless of the clean flag
517  */
518 int
quota2_check_doquota(void)519 quota2_check_doquota(void)
520 {
521 	int retval = 1;
522 
523 	if ((sblock->fs_flags & FS_DOQUOTA2) == 0)
524 		return 1;
525 	if (sblock->fs_quota_magic != Q2_HEAD_MAGIC) {
526 		pfatal("Invalid quota magic number\n");
527 		if (preen)
528 			return 0;
529 		if (reply("CONTINUE") == 0) {
530 			exit(FSCK_EXIT_CHECK_FAILED);
531 		}
532 		return 0;
533 	}
534 	if ((sblock->fs_quota_flags & FS_Q2_DO_TYPE(USRQUOTA)) &&
535 	    sblock->fs_quotafile[USRQUOTA] == 0) {
536 		pwarn("no user quota inode\n");
537 		retval = 0;
538 	}
539 	if ((sblock->fs_quota_flags & FS_Q2_DO_TYPE(GRPQUOTA)) &&
540 	    sblock->fs_quotafile[GRPQUOTA] == 0) {
541 		pwarn("no group quota inode\n");
542 		retval = 0;
543 	}
544 	if (preen)
545 		return retval;
546 	if (!retval) {
547 		if (reply("CONTINUE") == 0) {
548 			exit(FSCK_EXIT_CHECK_FAILED);
549 		}
550 		return 0;
551 	}
552 	return 1;
553 }
554