1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4 * All Rights Reserved.
5 */
6 #include "xfs.h"
7 #include "xfs_fs.h"
8 #include "xfs_shared.h"
9 #include "xfs_format.h"
10 #include "xfs_log_format.h"
11 #include "xfs_trans_resv.h"
12 #include "xfs_bit.h"
13 #include "xfs_sb.h"
14 #include "xfs_mount.h"
15 #include "xfs_inode.h"
16 #include "xfs_iwalk.h"
17 #include "xfs_quota.h"
18 #include "xfs_bmap.h"
19 #include "xfs_bmap_util.h"
20 #include "xfs_trans.h"
21 #include "xfs_trans_space.h"
22 #include "xfs_qm.h"
23 #include "xfs_trace.h"
24 #include "xfs_icache.h"
25 #include "xfs_error.h"
26 #include "xfs_ag.h"
27 #include "xfs_ialloc.h"
28 #include "xfs_log_priv.h"
29 #include "xfs_health.h"
30 #include "xfs_da_format.h"
31 #include "xfs_metafile.h"
32 #include "xfs_rtgroup.h"
33
34 /*
35 * The global quota manager. There is only one of these for the entire
36 * system, _not_ one per file system. XQM keeps track of the overall
37 * quota functionality, including maintaining the freelist and hash
38 * tables of dquots.
39 */
40 STATIC int xfs_qm_init_quotainos(struct xfs_mount *mp);
41 STATIC int xfs_qm_init_quotainfo(struct xfs_mount *mp);
42
43 STATIC void xfs_qm_dqfree_one(struct xfs_dquot *dqp);
44 /*
45 * We use the batch lookup interface to iterate over the dquots as it
46 * currently is the only interface into the radix tree code that allows
47 * fuzzy lookups instead of exact matches. Holding the lock over multiple
48 * operations is fine as all callers are used either during mount/umount
49 * or quotaoff.
50 */
51 #define XFS_DQ_LOOKUP_BATCH 32
52
53 STATIC int
xfs_qm_dquot_walk(struct xfs_mount * mp,xfs_dqtype_t type,int (* execute)(struct xfs_dquot * dqp,void * data),void * data)54 xfs_qm_dquot_walk(
55 struct xfs_mount *mp,
56 xfs_dqtype_t type,
57 int (*execute)(struct xfs_dquot *dqp, void *data),
58 void *data)
59 {
60 struct xfs_quotainfo *qi = mp->m_quotainfo;
61 struct radix_tree_root *tree = xfs_dquot_tree(qi, type);
62 uint32_t next_index;
63 int last_error = 0;
64 int skipped;
65 int nr_found;
66
67 restart:
68 skipped = 0;
69 next_index = 0;
70 nr_found = 0;
71
72 while (1) {
73 struct xfs_dquot *batch[XFS_DQ_LOOKUP_BATCH];
74 int error;
75 int i;
76
77 mutex_lock(&qi->qi_tree_lock);
78 nr_found = radix_tree_gang_lookup(tree, (void **)batch,
79 next_index, XFS_DQ_LOOKUP_BATCH);
80 if (!nr_found) {
81 mutex_unlock(&qi->qi_tree_lock);
82 break;
83 }
84
85 for (i = 0; i < nr_found; i++) {
86 struct xfs_dquot *dqp = batch[i];
87
88 next_index = dqp->q_id + 1;
89
90 error = execute(batch[i], data);
91 if (error == -EAGAIN) {
92 skipped++;
93 continue;
94 }
95 if (error && last_error != -EFSCORRUPTED)
96 last_error = error;
97 }
98
99 mutex_unlock(&qi->qi_tree_lock);
100
101 /* bail out if the filesystem is corrupted. */
102 if (last_error == -EFSCORRUPTED) {
103 skipped = 0;
104 break;
105 }
106 /* we're done if id overflows back to zero */
107 if (!next_index)
108 break;
109 }
110
111 if (skipped) {
112 delay(1);
113 goto restart;
114 }
115
116 return last_error;
117 }
118
119
120 /*
121 * Purge a dquot from all tracking data structures and free it.
122 */
123 STATIC int
xfs_qm_dqpurge(struct xfs_dquot * dqp,void * data)124 xfs_qm_dqpurge(
125 struct xfs_dquot *dqp,
126 void *data)
127 {
128 struct xfs_quotainfo *qi = dqp->q_mount->m_quotainfo;
129 int error = -EAGAIN;
130
131 xfs_dqlock(dqp);
132 if ((dqp->q_flags & XFS_DQFLAG_FREEING) || dqp->q_nrefs != 0)
133 goto out_unlock;
134
135 dqp->q_flags |= XFS_DQFLAG_FREEING;
136
137 xfs_qm_dqunpin_wait(dqp);
138 xfs_dqflock(dqp);
139
140 /*
141 * If we are turning this type of quotas off, we don't care
142 * about the dirty metadata sitting in this dquot. OTOH, if
143 * we're unmounting, we do care, so we flush it and wait.
144 */
145 if (XFS_DQ_IS_DIRTY(dqp)) {
146 struct xfs_buf *bp = NULL;
147
148 /*
149 * We don't care about getting disk errors here. We need
150 * to purge this dquot anyway, so we go ahead regardless.
151 */
152 error = xfs_dquot_use_attached_buf(dqp, &bp);
153 if (error == -EAGAIN) {
154 xfs_dqfunlock(dqp);
155 dqp->q_flags &= ~XFS_DQFLAG_FREEING;
156 goto out_unlock;
157 }
158 if (!bp)
159 goto out_funlock;
160
161 /*
162 * dqflush completes dqflock on error, and the bwrite ioend
163 * does it on success.
164 */
165 error = xfs_qm_dqflush(dqp, bp);
166 if (!error) {
167 error = xfs_bwrite(bp);
168 xfs_buf_relse(bp);
169 }
170 xfs_dqflock(dqp);
171 }
172 xfs_dquot_detach_buf(dqp);
173
174 out_funlock:
175 ASSERT(atomic_read(&dqp->q_pincount) == 0);
176 ASSERT(xlog_is_shutdown(dqp->q_logitem.qli_item.li_log) ||
177 !test_bit(XFS_LI_IN_AIL, &dqp->q_logitem.qli_item.li_flags));
178
179 xfs_dqfunlock(dqp);
180 xfs_dqunlock(dqp);
181
182 radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id);
183 qi->qi_dquots--;
184
185 /*
186 * We move dquots to the freelist as soon as their reference count
187 * hits zero, so it really should be on the freelist here.
188 */
189 ASSERT(!list_empty(&dqp->q_lru));
190 list_lru_del_obj(&qi->qi_lru, &dqp->q_lru);
191 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
192
193 xfs_qm_dqdestroy(dqp);
194 return 0;
195
196 out_unlock:
197 xfs_dqunlock(dqp);
198 return error;
199 }
200
201 /*
202 * Purge the dquot cache.
203 */
204 static void
xfs_qm_dqpurge_all(struct xfs_mount * mp)205 xfs_qm_dqpurge_all(
206 struct xfs_mount *mp)
207 {
208 xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_dqpurge, NULL);
209 xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_dqpurge, NULL);
210 xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_dqpurge, NULL);
211 }
212
213 /*
214 * Just destroy the quotainfo structure.
215 */
216 void
xfs_qm_unmount(struct xfs_mount * mp)217 xfs_qm_unmount(
218 struct xfs_mount *mp)
219 {
220 if (mp->m_quotainfo) {
221 xfs_qm_dqpurge_all(mp);
222 xfs_qm_destroy_quotainfo(mp);
223 }
224 }
225
226 static void
xfs_qm_unmount_rt(struct xfs_mount * mp)227 xfs_qm_unmount_rt(
228 struct xfs_mount *mp)
229 {
230 struct xfs_rtgroup *rtg = xfs_rtgroup_grab(mp, 0);
231
232 if (!rtg)
233 return;
234 if (rtg_bitmap(rtg))
235 xfs_qm_dqdetach(rtg_bitmap(rtg));
236 if (rtg_summary(rtg))
237 xfs_qm_dqdetach(rtg_summary(rtg));
238 xfs_rtgroup_rele(rtg);
239 }
240
241 STATIC void
xfs_qm_destroy_quotainos(struct xfs_quotainfo * qi)242 xfs_qm_destroy_quotainos(
243 struct xfs_quotainfo *qi)
244 {
245 if (qi->qi_uquotaip) {
246 xfs_irele(qi->qi_uquotaip);
247 qi->qi_uquotaip = NULL; /* paranoia */
248 }
249 if (qi->qi_gquotaip) {
250 xfs_irele(qi->qi_gquotaip);
251 qi->qi_gquotaip = NULL;
252 }
253 if (qi->qi_pquotaip) {
254 xfs_irele(qi->qi_pquotaip);
255 qi->qi_pquotaip = NULL;
256 }
257 if (qi->qi_dirip) {
258 xfs_irele(qi->qi_dirip);
259 qi->qi_dirip = NULL;
260 }
261 }
262
263 /*
264 * Called from the vfsops layer.
265 */
266 void
xfs_qm_unmount_quotas(xfs_mount_t * mp)267 xfs_qm_unmount_quotas(
268 xfs_mount_t *mp)
269 {
270 /*
271 * Release the dquots that root inode, et al might be holding,
272 * before we flush quotas and blow away the quotainfo structure.
273 */
274 ASSERT(mp->m_rootip);
275 xfs_qm_dqdetach(mp->m_rootip);
276
277 /*
278 * For pre-RTG file systems, the RT inodes have quotas attached,
279 * detach them now.
280 */
281 if (!xfs_has_rtgroups(mp))
282 xfs_qm_unmount_rt(mp);
283
284 /*
285 * Release the quota inodes.
286 */
287 if (mp->m_quotainfo)
288 xfs_qm_destroy_quotainos(mp->m_quotainfo);
289 }
290
291 STATIC int
xfs_qm_dqattach_one(struct xfs_inode * ip,xfs_dqtype_t type,bool doalloc,struct xfs_dquot ** IO_idqpp)292 xfs_qm_dqattach_one(
293 struct xfs_inode *ip,
294 xfs_dqtype_t type,
295 bool doalloc,
296 struct xfs_dquot **IO_idqpp)
297 {
298 struct xfs_dquot *dqp;
299 int error;
300
301 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
302 error = 0;
303
304 /*
305 * See if we already have it in the inode itself. IO_idqpp is &i_udquot
306 * or &i_gdquot. This made the code look weird, but made the logic a lot
307 * simpler.
308 */
309 dqp = *IO_idqpp;
310 if (dqp) {
311 trace_xfs_dqattach_found(dqp);
312 return 0;
313 }
314
315 /*
316 * Find the dquot from somewhere. This bumps the reference count of
317 * dquot and returns it locked. This can return ENOENT if dquot didn't
318 * exist on disk and we didn't ask it to allocate; ESRCH if quotas got
319 * turned off suddenly.
320 */
321 error = xfs_qm_dqget_inode(ip, type, doalloc, &dqp);
322 if (error)
323 return error;
324
325 trace_xfs_dqattach_get(dqp);
326
327 /*
328 * dqget may have dropped and re-acquired the ilock, but it guarantees
329 * that the dquot returned is the one that should go in the inode.
330 */
331 *IO_idqpp = dqp;
332 xfs_dqunlock(dqp);
333 return 0;
334 }
335
336 static bool
xfs_qm_need_dqattach(struct xfs_inode * ip)337 xfs_qm_need_dqattach(
338 struct xfs_inode *ip)
339 {
340 struct xfs_mount *mp = ip->i_mount;
341
342 if (!XFS_IS_QUOTA_ON(mp))
343 return false;
344 if (!XFS_NOT_DQATTACHED(mp, ip))
345 return false;
346 if (xfs_is_quota_inode(&mp->m_sb, ip->i_ino))
347 return false;
348 if (xfs_is_metadir_inode(ip))
349 return false;
350 return true;
351 }
352
353 /*
354 * Given a locked inode, attach dquot(s) to it, taking U/G/P-QUOTAON
355 * into account.
356 * If @doalloc is true, the dquot(s) will be allocated if needed.
357 * Inode may get unlocked and relocked in here, and the caller must deal with
358 * the consequences.
359 */
360 int
xfs_qm_dqattach_locked(xfs_inode_t * ip,bool doalloc)361 xfs_qm_dqattach_locked(
362 xfs_inode_t *ip,
363 bool doalloc)
364 {
365 xfs_mount_t *mp = ip->i_mount;
366 int error = 0;
367
368 if (!xfs_qm_need_dqattach(ip))
369 return 0;
370
371 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
372 ASSERT(!xfs_is_metadir_inode(ip));
373
374 if (XFS_IS_UQUOTA_ON(mp) && !ip->i_udquot) {
375 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_USER,
376 doalloc, &ip->i_udquot);
377 if (error)
378 goto done;
379 ASSERT(ip->i_udquot);
380 }
381
382 if (XFS_IS_GQUOTA_ON(mp) && !ip->i_gdquot) {
383 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_GROUP,
384 doalloc, &ip->i_gdquot);
385 if (error)
386 goto done;
387 ASSERT(ip->i_gdquot);
388 }
389
390 if (XFS_IS_PQUOTA_ON(mp) && !ip->i_pdquot) {
391 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_PROJ,
392 doalloc, &ip->i_pdquot);
393 if (error)
394 goto done;
395 ASSERT(ip->i_pdquot);
396 }
397
398 done:
399 /*
400 * Don't worry about the dquots that we may have attached before any
401 * error - they'll get detached later if it has not already been done.
402 */
403 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
404 return error;
405 }
406
407 int
xfs_qm_dqattach(struct xfs_inode * ip)408 xfs_qm_dqattach(
409 struct xfs_inode *ip)
410 {
411 int error;
412
413 if (!xfs_qm_need_dqattach(ip))
414 return 0;
415
416 xfs_ilock(ip, XFS_ILOCK_EXCL);
417 error = xfs_qm_dqattach_locked(ip, false);
418 xfs_iunlock(ip, XFS_ILOCK_EXCL);
419
420 return error;
421 }
422
423 /*
424 * Release dquots (and their references) if any.
425 * The inode should be locked EXCL except when this's called by
426 * xfs_ireclaim.
427 */
428 void
xfs_qm_dqdetach(xfs_inode_t * ip)429 xfs_qm_dqdetach(
430 xfs_inode_t *ip)
431 {
432 if (xfs_is_metadir_inode(ip))
433 return;
434 if (!(ip->i_udquot || ip->i_gdquot || ip->i_pdquot))
435 return;
436
437 trace_xfs_dquot_dqdetach(ip);
438
439 ASSERT(!xfs_is_quota_inode(&ip->i_mount->m_sb, ip->i_ino));
440 if (ip->i_udquot) {
441 xfs_qm_dqrele(ip->i_udquot);
442 ip->i_udquot = NULL;
443 }
444 if (ip->i_gdquot) {
445 xfs_qm_dqrele(ip->i_gdquot);
446 ip->i_gdquot = NULL;
447 }
448 if (ip->i_pdquot) {
449 xfs_qm_dqrele(ip->i_pdquot);
450 ip->i_pdquot = NULL;
451 }
452 }
453
454 struct xfs_qm_isolate {
455 struct list_head buffers;
456 struct list_head dispose;
457 };
458
459 static enum lru_status
xfs_qm_dquot_isolate(struct list_head * item,struct list_lru_one * lru,void * arg)460 xfs_qm_dquot_isolate(
461 struct list_head *item,
462 struct list_lru_one *lru,
463 void *arg)
464 __releases(&lru->lock) __acquires(&lru->lock)
465 {
466 struct xfs_dquot *dqp = container_of(item,
467 struct xfs_dquot, q_lru);
468 struct xfs_qm_isolate *isol = arg;
469 enum lru_status ret = LRU_SKIP;
470
471 if (!xfs_dqlock_nowait(dqp))
472 goto out_miss_busy;
473
474 /*
475 * If something else is freeing this dquot and hasn't yet removed it
476 * from the LRU, leave it for the freeing task to complete the freeing
477 * process rather than risk it being free from under us here.
478 */
479 if (dqp->q_flags & XFS_DQFLAG_FREEING)
480 goto out_miss_unlock;
481
482 /*
483 * If the dquot is pinned or dirty, rotate it to the end of the LRU to
484 * give some time for it to be cleaned before we try to isolate it
485 * again.
486 */
487 ret = LRU_ROTATE;
488 if (XFS_DQ_IS_DIRTY(dqp) || atomic_read(&dqp->q_pincount) > 0) {
489 goto out_miss_unlock;
490 }
491
492 /*
493 * This dquot has acquired a reference in the meantime remove it from
494 * the freelist and try again.
495 */
496 if (dqp->q_nrefs) {
497 xfs_dqunlock(dqp);
498 XFS_STATS_INC(dqp->q_mount, xs_qm_dqwants);
499
500 trace_xfs_dqreclaim_want(dqp);
501 list_lru_isolate(lru, &dqp->q_lru);
502 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
503 return LRU_REMOVED;
504 }
505
506 /*
507 * The dquot may still be under IO, in which case the flush lock will be
508 * held. If we can't get the flush lock now, just skip over the dquot as
509 * if it was dirty.
510 */
511 if (!xfs_dqflock_nowait(dqp))
512 goto out_miss_unlock;
513
514 ASSERT(!XFS_DQ_IS_DIRTY(dqp));
515 xfs_dquot_detach_buf(dqp);
516 xfs_dqfunlock(dqp);
517
518 /*
519 * Prevent lookups now that we are past the point of no return.
520 */
521 dqp->q_flags |= XFS_DQFLAG_FREEING;
522 xfs_dqunlock(dqp);
523
524 ASSERT(dqp->q_nrefs == 0);
525 list_lru_isolate_move(lru, &dqp->q_lru, &isol->dispose);
526 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
527 trace_xfs_dqreclaim_done(dqp);
528 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaims);
529 return LRU_REMOVED;
530
531 out_miss_unlock:
532 xfs_dqunlock(dqp);
533 out_miss_busy:
534 trace_xfs_dqreclaim_busy(dqp);
535 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses);
536 return ret;
537 }
538
539 static unsigned long
xfs_qm_shrink_scan(struct shrinker * shrink,struct shrink_control * sc)540 xfs_qm_shrink_scan(
541 struct shrinker *shrink,
542 struct shrink_control *sc)
543 {
544 struct xfs_quotainfo *qi = shrink->private_data;
545 struct xfs_qm_isolate isol;
546 unsigned long freed;
547 int error;
548
549 if ((sc->gfp_mask & (__GFP_FS|__GFP_DIRECT_RECLAIM)) != (__GFP_FS|__GFP_DIRECT_RECLAIM))
550 return 0;
551
552 INIT_LIST_HEAD(&isol.buffers);
553 INIT_LIST_HEAD(&isol.dispose);
554
555 freed = list_lru_shrink_walk(&qi->qi_lru, sc,
556 xfs_qm_dquot_isolate, &isol);
557
558 error = xfs_buf_delwri_submit(&isol.buffers);
559 if (error)
560 xfs_warn(NULL, "%s: dquot reclaim failed", __func__);
561
562 while (!list_empty(&isol.dispose)) {
563 struct xfs_dquot *dqp;
564
565 dqp = list_first_entry(&isol.dispose, struct xfs_dquot, q_lru);
566 list_del_init(&dqp->q_lru);
567 xfs_qm_dqfree_one(dqp);
568 }
569
570 return freed;
571 }
572
573 static unsigned long
xfs_qm_shrink_count(struct shrinker * shrink,struct shrink_control * sc)574 xfs_qm_shrink_count(
575 struct shrinker *shrink,
576 struct shrink_control *sc)
577 {
578 struct xfs_quotainfo *qi = shrink->private_data;
579
580 return list_lru_shrink_count(&qi->qi_lru, sc);
581 }
582
583 STATIC void
xfs_qm_set_defquota(struct xfs_mount * mp,xfs_dqtype_t type,struct xfs_quotainfo * qinf)584 xfs_qm_set_defquota(
585 struct xfs_mount *mp,
586 xfs_dqtype_t type,
587 struct xfs_quotainfo *qinf)
588 {
589 struct xfs_dquot *dqp;
590 struct xfs_def_quota *defq;
591 int error;
592
593 error = xfs_qm_dqget_uncached(mp, 0, type, &dqp);
594 if (error)
595 return;
596
597 defq = xfs_get_defquota(qinf, xfs_dquot_type(dqp));
598
599 /*
600 * Timers and warnings have been already set, let's just set the
601 * default limits for this quota type
602 */
603 defq->blk.hard = dqp->q_blk.hardlimit;
604 defq->blk.soft = dqp->q_blk.softlimit;
605 defq->ino.hard = dqp->q_ino.hardlimit;
606 defq->ino.soft = dqp->q_ino.softlimit;
607 defq->rtb.hard = dqp->q_rtb.hardlimit;
608 defq->rtb.soft = dqp->q_rtb.softlimit;
609 xfs_qm_dqdestroy(dqp);
610 }
611
612 /* Initialize quota time limits from the root dquot. */
613 static void
xfs_qm_init_timelimits(struct xfs_mount * mp,xfs_dqtype_t type)614 xfs_qm_init_timelimits(
615 struct xfs_mount *mp,
616 xfs_dqtype_t type)
617 {
618 struct xfs_quotainfo *qinf = mp->m_quotainfo;
619 struct xfs_def_quota *defq;
620 struct xfs_dquot *dqp;
621 int error;
622
623 defq = xfs_get_defquota(qinf, type);
624
625 defq->blk.time = XFS_QM_BTIMELIMIT;
626 defq->ino.time = XFS_QM_ITIMELIMIT;
627 defq->rtb.time = XFS_QM_RTBTIMELIMIT;
628
629 /*
630 * We try to get the limits from the superuser's limits fields.
631 * This is quite hacky, but it is standard quota practice.
632 *
633 * Since we may not have done a quotacheck by this point, just read
634 * the dquot without attaching it to any hashtables or lists.
635 */
636 error = xfs_qm_dqget_uncached(mp, 0, type, &dqp);
637 if (error)
638 return;
639
640 /*
641 * The warnings and timers set the grace period given to
642 * a user or group before he or she can not perform any
643 * more writing. If it is zero, a default is used.
644 */
645 if (dqp->q_blk.timer)
646 defq->blk.time = dqp->q_blk.timer;
647 if (dqp->q_ino.timer)
648 defq->ino.time = dqp->q_ino.timer;
649 if (dqp->q_rtb.timer)
650 defq->rtb.time = dqp->q_rtb.timer;
651
652 xfs_qm_dqdestroy(dqp);
653 }
654
655 static int
xfs_qm_load_metadir_qinos(struct xfs_mount * mp,struct xfs_quotainfo * qi)656 xfs_qm_load_metadir_qinos(
657 struct xfs_mount *mp,
658 struct xfs_quotainfo *qi)
659 {
660 struct xfs_trans *tp;
661 int error;
662
663 tp = xfs_trans_alloc_empty(mp);
664 error = xfs_dqinode_load_parent(tp, &qi->qi_dirip);
665 if (error == -ENOENT) {
666 /* no quota dir directory, but we'll create one later */
667 error = 0;
668 goto out_trans;
669 }
670 if (error)
671 goto out_trans;
672
673 if (XFS_IS_UQUOTA_ON(mp)) {
674 error = xfs_dqinode_load(tp, qi->qi_dirip, XFS_DQTYPE_USER,
675 &qi->qi_uquotaip);
676 if (error && error != -ENOENT)
677 goto out_trans;
678 }
679
680 if (XFS_IS_GQUOTA_ON(mp)) {
681 error = xfs_dqinode_load(tp, qi->qi_dirip, XFS_DQTYPE_GROUP,
682 &qi->qi_gquotaip);
683 if (error && error != -ENOENT)
684 goto out_trans;
685 }
686
687 if (XFS_IS_PQUOTA_ON(mp)) {
688 error = xfs_dqinode_load(tp, qi->qi_dirip, XFS_DQTYPE_PROJ,
689 &qi->qi_pquotaip);
690 if (error && error != -ENOENT)
691 goto out_trans;
692 }
693
694 error = 0;
695 out_trans:
696 xfs_trans_cancel(tp);
697 return error;
698 }
699
700 /* Create quota inodes in the metadata directory tree. */
701 STATIC int
xfs_qm_create_metadir_qinos(struct xfs_mount * mp,struct xfs_quotainfo * qi)702 xfs_qm_create_metadir_qinos(
703 struct xfs_mount *mp,
704 struct xfs_quotainfo *qi)
705 {
706 int error;
707
708 if (!qi->qi_dirip) {
709 error = xfs_dqinode_mkdir_parent(mp, &qi->qi_dirip);
710 if (error && error != -EEXIST)
711 return error;
712 /*
713 * If the /quotas dirent points to an inode that isn't
714 * loadable, qi_dirip will be NULL but mkdir_parent will return
715 * -EEXIST. In this case the metadir is corrupt, so bail out.
716 */
717 if (XFS_IS_CORRUPT(mp, qi->qi_dirip == NULL))
718 return -EFSCORRUPTED;
719 }
720
721 if (XFS_IS_UQUOTA_ON(mp) && !qi->qi_uquotaip) {
722 error = xfs_dqinode_metadir_create(qi->qi_dirip,
723 XFS_DQTYPE_USER, &qi->qi_uquotaip);
724 if (error)
725 return error;
726 }
727
728 if (XFS_IS_GQUOTA_ON(mp) && !qi->qi_gquotaip) {
729 error = xfs_dqinode_metadir_create(qi->qi_dirip,
730 XFS_DQTYPE_GROUP, &qi->qi_gquotaip);
731 if (error)
732 return error;
733 }
734
735 if (XFS_IS_PQUOTA_ON(mp) && !qi->qi_pquotaip) {
736 error = xfs_dqinode_metadir_create(qi->qi_dirip,
737 XFS_DQTYPE_PROJ, &qi->qi_pquotaip);
738 if (error)
739 return error;
740 }
741
742 return 0;
743 }
744
745 /*
746 * Add QUOTABIT to sb_versionnum and initialize qflags in preparation for
747 * creating quota files on a metadir filesystem.
748 */
749 STATIC int
xfs_qm_prep_metadir_sb(struct xfs_mount * mp)750 xfs_qm_prep_metadir_sb(
751 struct xfs_mount *mp)
752 {
753 struct xfs_trans *tp;
754 int error;
755
756 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_sb, 0, 0, 0, &tp);
757 if (error)
758 return error;
759
760 spin_lock(&mp->m_sb_lock);
761
762 xfs_add_quota(mp);
763
764 /* qflags will get updated fully _after_ quotacheck */
765 mp->m_sb.sb_qflags = mp->m_qflags & XFS_ALL_QUOTA_ACCT;
766
767 spin_unlock(&mp->m_sb_lock);
768 xfs_log_sb(tp);
769
770 return xfs_trans_commit(tp);
771 }
772
773 /*
774 * Load existing quota inodes or create them. Since this is a V5 filesystem,
775 * we don't have to deal with the grp/prjquota switcheroo thing from V4.
776 */
777 STATIC int
xfs_qm_init_metadir_qinos(struct xfs_mount * mp)778 xfs_qm_init_metadir_qinos(
779 struct xfs_mount *mp)
780 {
781 struct xfs_quotainfo *qi = mp->m_quotainfo;
782 int error;
783
784 if (!xfs_has_quota(mp)) {
785 error = xfs_qm_prep_metadir_sb(mp);
786 if (error)
787 return error;
788 }
789
790 error = xfs_qm_load_metadir_qinos(mp, qi);
791 if (error)
792 goto out_err;
793
794 error = xfs_qm_create_metadir_qinos(mp, qi);
795 if (error)
796 goto out_err;
797
798 /* The only user of the quota dir inode is online fsck */
799 #if !IS_ENABLED(CONFIG_XFS_ONLINE_SCRUB)
800 xfs_irele(qi->qi_dirip);
801 qi->qi_dirip = NULL;
802 #endif
803 return 0;
804 out_err:
805 xfs_qm_destroy_quotainos(mp->m_quotainfo);
806 return error;
807 }
808
809 /*
810 * This initializes all the quota information that's kept in the
811 * mount structure
812 */
813 STATIC int
xfs_qm_init_quotainfo(struct xfs_mount * mp)814 xfs_qm_init_quotainfo(
815 struct xfs_mount *mp)
816 {
817 struct xfs_quotainfo *qinf;
818 int error;
819
820 ASSERT(XFS_IS_QUOTA_ON(mp));
821
822 qinf = mp->m_quotainfo = kzalloc(sizeof(struct xfs_quotainfo),
823 GFP_KERNEL | __GFP_NOFAIL);
824
825 error = list_lru_init(&qinf->qi_lru);
826 if (error)
827 goto out_free_qinf;
828
829 /*
830 * See if quotainodes are setup, and if not, allocate them,
831 * and change the superblock accordingly.
832 */
833 if (xfs_has_metadir(mp))
834 error = xfs_qm_init_metadir_qinos(mp);
835 else
836 error = xfs_qm_init_quotainos(mp);
837 if (error)
838 goto out_free_lru;
839
840 INIT_RADIX_TREE(&qinf->qi_uquota_tree, GFP_KERNEL);
841 INIT_RADIX_TREE(&qinf->qi_gquota_tree, GFP_KERNEL);
842 INIT_RADIX_TREE(&qinf->qi_pquota_tree, GFP_KERNEL);
843 mutex_init(&qinf->qi_tree_lock);
844
845 /* mutex used to serialize quotaoffs */
846 mutex_init(&qinf->qi_quotaofflock);
847
848 /* Precalc some constants */
849 qinf->qi_dqchunklen = XFS_FSB_TO_BB(mp, XFS_DQUOT_CLUSTER_SIZE_FSB);
850 qinf->qi_dqperchunk = xfs_calc_dquots_per_chunk(qinf->qi_dqchunklen);
851 if (xfs_has_bigtime(mp)) {
852 qinf->qi_expiry_min =
853 xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MIN);
854 qinf->qi_expiry_max =
855 xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MAX);
856 } else {
857 qinf->qi_expiry_min = XFS_DQ_LEGACY_EXPIRY_MIN;
858 qinf->qi_expiry_max = XFS_DQ_LEGACY_EXPIRY_MAX;
859 }
860 trace_xfs_quota_expiry_range(mp, qinf->qi_expiry_min,
861 qinf->qi_expiry_max);
862
863 mp->m_qflags |= (mp->m_sb.sb_qflags & XFS_ALL_QUOTA_CHKD);
864
865 xfs_qm_init_timelimits(mp, XFS_DQTYPE_USER);
866 xfs_qm_init_timelimits(mp, XFS_DQTYPE_GROUP);
867 xfs_qm_init_timelimits(mp, XFS_DQTYPE_PROJ);
868
869 if (XFS_IS_UQUOTA_ON(mp))
870 xfs_qm_set_defquota(mp, XFS_DQTYPE_USER, qinf);
871 if (XFS_IS_GQUOTA_ON(mp))
872 xfs_qm_set_defquota(mp, XFS_DQTYPE_GROUP, qinf);
873 if (XFS_IS_PQUOTA_ON(mp))
874 xfs_qm_set_defquota(mp, XFS_DQTYPE_PROJ, qinf);
875
876 qinf->qi_shrinker = shrinker_alloc(SHRINKER_NUMA_AWARE, "xfs-qm:%s",
877 mp->m_super->s_id);
878 if (!qinf->qi_shrinker) {
879 error = -ENOMEM;
880 goto out_free_inos;
881 }
882
883 qinf->qi_shrinker->count_objects = xfs_qm_shrink_count;
884 qinf->qi_shrinker->scan_objects = xfs_qm_shrink_scan;
885 qinf->qi_shrinker->private_data = qinf;
886
887 shrinker_register(qinf->qi_shrinker);
888
889 xfs_hooks_init(&qinf->qi_mod_ino_dqtrx_hooks);
890 xfs_hooks_init(&qinf->qi_apply_dqtrx_hooks);
891
892 return 0;
893
894 out_free_inos:
895 mutex_destroy(&qinf->qi_quotaofflock);
896 mutex_destroy(&qinf->qi_tree_lock);
897 xfs_qm_destroy_quotainos(qinf);
898 out_free_lru:
899 list_lru_destroy(&qinf->qi_lru);
900 out_free_qinf:
901 kfree(qinf);
902 mp->m_quotainfo = NULL;
903 return error;
904 }
905
906 /*
907 * Gets called when unmounting a filesystem or when all quotas get
908 * turned off.
909 * This purges the quota inodes, destroys locks and frees itself.
910 */
911 void
xfs_qm_destroy_quotainfo(struct xfs_mount * mp)912 xfs_qm_destroy_quotainfo(
913 struct xfs_mount *mp)
914 {
915 struct xfs_quotainfo *qi;
916
917 qi = mp->m_quotainfo;
918 ASSERT(qi != NULL);
919
920 shrinker_free(qi->qi_shrinker);
921 list_lru_destroy(&qi->qi_lru);
922 xfs_qm_destroy_quotainos(qi);
923 mutex_destroy(&qi->qi_tree_lock);
924 mutex_destroy(&qi->qi_quotaofflock);
925 kfree(qi);
926 mp->m_quotainfo = NULL;
927 }
928
929 static inline enum xfs_metafile_type
xfs_qm_metafile_type(unsigned int flags)930 xfs_qm_metafile_type(
931 unsigned int flags)
932 {
933 if (flags & XFS_QMOPT_UQUOTA)
934 return XFS_METAFILE_USRQUOTA;
935 else if (flags & XFS_QMOPT_GQUOTA)
936 return XFS_METAFILE_GRPQUOTA;
937 return XFS_METAFILE_PRJQUOTA;
938 }
939
940 /*
941 * Create an inode and return with a reference already taken, but unlocked
942 * This is how we create quota inodes
943 */
944 STATIC int
xfs_qm_qino_alloc(struct xfs_mount * mp,struct xfs_inode ** ipp,unsigned int flags)945 xfs_qm_qino_alloc(
946 struct xfs_mount *mp,
947 struct xfs_inode **ipp,
948 unsigned int flags)
949 {
950 struct xfs_trans *tp;
951 enum xfs_metafile_type metafile_type = xfs_qm_metafile_type(flags);
952 int error;
953 bool need_alloc = true;
954
955 *ipp = NULL;
956 /*
957 * With superblock that doesn't have separate pquotino, we
958 * share an inode between gquota and pquota. If the on-disk
959 * superblock has GQUOTA and the filesystem is now mounted
960 * with PQUOTA, just use sb_gquotino for sb_pquotino and
961 * vice-versa.
962 */
963 if (!xfs_has_pquotino(mp) &&
964 (flags & (XFS_QMOPT_PQUOTA|XFS_QMOPT_GQUOTA))) {
965 xfs_ino_t ino = NULLFSINO;
966
967 if ((flags & XFS_QMOPT_PQUOTA) &&
968 (mp->m_sb.sb_gquotino != NULLFSINO)) {
969 ino = mp->m_sb.sb_gquotino;
970 if (XFS_IS_CORRUPT(mp,
971 mp->m_sb.sb_pquotino != NULLFSINO)) {
972 xfs_fs_mark_sick(mp, XFS_SICK_FS_PQUOTA);
973 return -EFSCORRUPTED;
974 }
975 } else if ((flags & XFS_QMOPT_GQUOTA) &&
976 (mp->m_sb.sb_pquotino != NULLFSINO)) {
977 ino = mp->m_sb.sb_pquotino;
978 if (XFS_IS_CORRUPT(mp,
979 mp->m_sb.sb_gquotino != NULLFSINO)) {
980 xfs_fs_mark_sick(mp, XFS_SICK_FS_GQUOTA);
981 return -EFSCORRUPTED;
982 }
983 }
984 if (ino != NULLFSINO) {
985 error = xfs_metafile_iget(mp, ino, metafile_type, ipp);
986 if (error)
987 return error;
988
989 mp->m_sb.sb_gquotino = NULLFSINO;
990 mp->m_sb.sb_pquotino = NULLFSINO;
991 need_alloc = false;
992 }
993 }
994
995 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_create,
996 need_alloc ? XFS_QM_QINOCREATE_SPACE_RES(mp) : 0,
997 0, 0, &tp);
998 if (error)
999 return error;
1000
1001 if (need_alloc) {
1002 struct xfs_icreate_args args = {
1003 .mode = S_IFREG,
1004 .flags = XFS_ICREATE_UNLINKABLE,
1005 };
1006 xfs_ino_t ino;
1007
1008 error = xfs_dialloc(&tp, &args, &ino);
1009 if (!error)
1010 error = xfs_icreate(tp, ino, &args, ipp);
1011 if (error) {
1012 xfs_trans_cancel(tp);
1013 return error;
1014 }
1015 if (xfs_has_metadir(mp))
1016 xfs_metafile_set_iflag(tp, *ipp, metafile_type);
1017 }
1018
1019 /*
1020 * Make the changes in the superblock, and log those too.
1021 * sbfields arg may contain fields other than *QUOTINO;
1022 * VERSIONNUM for example.
1023 */
1024 spin_lock(&mp->m_sb_lock);
1025 if (flags & XFS_QMOPT_SBVERSION) {
1026 ASSERT(!xfs_has_quota(mp));
1027
1028 xfs_add_quota(mp);
1029 mp->m_sb.sb_uquotino = NULLFSINO;
1030 mp->m_sb.sb_gquotino = NULLFSINO;
1031 mp->m_sb.sb_pquotino = NULLFSINO;
1032
1033 /* qflags will get updated fully _after_ quotacheck */
1034 mp->m_sb.sb_qflags = mp->m_qflags & XFS_ALL_QUOTA_ACCT;
1035 }
1036 if (flags & XFS_QMOPT_UQUOTA)
1037 mp->m_sb.sb_uquotino = (*ipp)->i_ino;
1038 else if (flags & XFS_QMOPT_GQUOTA)
1039 mp->m_sb.sb_gquotino = (*ipp)->i_ino;
1040 else
1041 mp->m_sb.sb_pquotino = (*ipp)->i_ino;
1042 spin_unlock(&mp->m_sb_lock);
1043 xfs_log_sb(tp);
1044
1045 error = xfs_trans_commit(tp);
1046 if (error) {
1047 ASSERT(xfs_is_shutdown(mp));
1048 xfs_alert(mp, "%s failed (error %d)!", __func__, error);
1049 }
1050 if (need_alloc) {
1051 xfs_iunlock(*ipp, XFS_ILOCK_EXCL);
1052 xfs_finish_inode_setup(*ipp);
1053 }
1054 return error;
1055 }
1056
1057
1058 STATIC void
xfs_qm_reset_dqcounts(struct xfs_mount * mp,struct xfs_buf * bp,xfs_dqid_t id,xfs_dqtype_t type)1059 xfs_qm_reset_dqcounts(
1060 struct xfs_mount *mp,
1061 struct xfs_buf *bp,
1062 xfs_dqid_t id,
1063 xfs_dqtype_t type)
1064 {
1065 struct xfs_dqblk *dqb;
1066 int j;
1067
1068 trace_xfs_reset_dqcounts(bp, _RET_IP_);
1069
1070 /*
1071 * Reset all counters and timers. They'll be
1072 * started afresh by xfs_qm_quotacheck.
1073 */
1074 #ifdef DEBUG
1075 j = (int)XFS_FSB_TO_B(mp, XFS_DQUOT_CLUSTER_SIZE_FSB) /
1076 sizeof(struct xfs_dqblk);
1077 ASSERT(mp->m_quotainfo->qi_dqperchunk == j);
1078 #endif
1079 dqb = bp->b_addr;
1080 for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) {
1081 struct xfs_disk_dquot *ddq;
1082
1083 ddq = (struct xfs_disk_dquot *)&dqb[j];
1084
1085 /*
1086 * Do a sanity check, and if needed, repair the dqblk. Don't
1087 * output any warnings because it's perfectly possible to
1088 * find uninitialised dquot blks. See comment in
1089 * xfs_dquot_verify.
1090 */
1091 if (xfs_dqblk_verify(mp, &dqb[j], id + j) ||
1092 (dqb[j].dd_diskdq.d_type & XFS_DQTYPE_REC_MASK) != type)
1093 xfs_dqblk_repair(mp, &dqb[j], id + j, type);
1094
1095 /*
1096 * Reset type in case we are reusing group quota file for
1097 * project quotas or vice versa
1098 */
1099 ddq->d_type = type;
1100 ddq->d_bcount = 0;
1101 ddq->d_icount = 0;
1102 ddq->d_rtbcount = 0;
1103
1104 /*
1105 * dquot id 0 stores the default grace period and the maximum
1106 * warning limit that were set by the administrator, so we
1107 * should not reset them.
1108 */
1109 if (ddq->d_id != 0) {
1110 ddq->d_btimer = 0;
1111 ddq->d_itimer = 0;
1112 ddq->d_rtbtimer = 0;
1113 ddq->d_bwarns = 0;
1114 ddq->d_iwarns = 0;
1115 ddq->d_rtbwarns = 0;
1116 if (xfs_has_bigtime(mp))
1117 ddq->d_type |= XFS_DQTYPE_BIGTIME;
1118 }
1119
1120 if (xfs_has_crc(mp)) {
1121 xfs_update_cksum((char *)&dqb[j],
1122 sizeof(struct xfs_dqblk),
1123 XFS_DQUOT_CRC_OFF);
1124 }
1125 }
1126 }
1127
1128 STATIC int
xfs_qm_reset_dqcounts_all(struct xfs_mount * mp,xfs_dqid_t firstid,xfs_fsblock_t bno,xfs_filblks_t blkcnt,xfs_dqtype_t type,struct list_head * buffer_list)1129 xfs_qm_reset_dqcounts_all(
1130 struct xfs_mount *mp,
1131 xfs_dqid_t firstid,
1132 xfs_fsblock_t bno,
1133 xfs_filblks_t blkcnt,
1134 xfs_dqtype_t type,
1135 struct list_head *buffer_list)
1136 {
1137 struct xfs_buf *bp;
1138 int error = 0;
1139
1140 ASSERT(blkcnt > 0);
1141
1142 /*
1143 * Blkcnt arg can be a very big number, and might even be
1144 * larger than the log itself. So, we have to break it up into
1145 * manageable-sized transactions.
1146 * Note that we don't start a permanent transaction here; we might
1147 * not be able to get a log reservation for the whole thing up front,
1148 * and we don't really care to either, because we just discard
1149 * everything if we were to crash in the middle of this loop.
1150 */
1151 while (blkcnt--) {
1152 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
1153 XFS_FSB_TO_DADDR(mp, bno),
1154 mp->m_quotainfo->qi_dqchunklen, 0, &bp,
1155 &xfs_dquot_buf_ops);
1156
1157 /*
1158 * CRC and validation errors will return a EFSCORRUPTED here. If
1159 * this occurs, re-read without CRC validation so that we can
1160 * repair the damage via xfs_qm_reset_dqcounts(). This process
1161 * will leave a trace in the log indicating corruption has
1162 * been detected.
1163 */
1164 if (error == -EFSCORRUPTED) {
1165 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
1166 XFS_FSB_TO_DADDR(mp, bno),
1167 mp->m_quotainfo->qi_dqchunklen, 0, &bp,
1168 NULL);
1169 }
1170
1171 if (error)
1172 break;
1173
1174 /*
1175 * A corrupt buffer might not have a verifier attached, so
1176 * make sure we have the correct one attached before writeback
1177 * occurs.
1178 */
1179 bp->b_ops = &xfs_dquot_buf_ops;
1180 xfs_qm_reset_dqcounts(mp, bp, firstid, type);
1181 xfs_buf_delwri_queue(bp, buffer_list);
1182 xfs_buf_relse(bp);
1183
1184 /* goto the next block. */
1185 bno++;
1186 firstid += mp->m_quotainfo->qi_dqperchunk;
1187 }
1188
1189 return error;
1190 }
1191
1192 /*
1193 * Iterate over all allocated dquot blocks in this quota inode, zeroing all
1194 * counters for every chunk of dquots that we find.
1195 */
1196 STATIC int
xfs_qm_reset_dqcounts_buf(struct xfs_mount * mp,struct xfs_inode * qip,xfs_dqtype_t type,struct list_head * buffer_list)1197 xfs_qm_reset_dqcounts_buf(
1198 struct xfs_mount *mp,
1199 struct xfs_inode *qip,
1200 xfs_dqtype_t type,
1201 struct list_head *buffer_list)
1202 {
1203 struct xfs_bmbt_irec *map;
1204 int i, nmaps; /* number of map entries */
1205 int error; /* return value */
1206 xfs_fileoff_t lblkno;
1207 xfs_filblks_t maxlblkcnt;
1208 xfs_dqid_t firstid;
1209 xfs_fsblock_t rablkno;
1210 xfs_filblks_t rablkcnt;
1211
1212 error = 0;
1213 /*
1214 * This looks racy, but we can't keep an inode lock across a
1215 * trans_reserve. But, this gets called during quotacheck, and that
1216 * happens only at mount time which is single threaded.
1217 */
1218 if (qip->i_nblocks == 0)
1219 return 0;
1220
1221 map = kmalloc(XFS_DQITER_MAP_SIZE * sizeof(*map),
1222 GFP_KERNEL | __GFP_NOFAIL);
1223
1224 lblkno = 0;
1225 maxlblkcnt = XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes);
1226 do {
1227 uint lock_mode;
1228
1229 nmaps = XFS_DQITER_MAP_SIZE;
1230 /*
1231 * We aren't changing the inode itself. Just changing
1232 * some of its data. No new blocks are added here, and
1233 * the inode is never added to the transaction.
1234 */
1235 lock_mode = xfs_ilock_data_map_shared(qip);
1236 error = xfs_bmapi_read(qip, lblkno, maxlblkcnt - lblkno,
1237 map, &nmaps, 0);
1238 xfs_iunlock(qip, lock_mode);
1239 if (error)
1240 break;
1241
1242 ASSERT(nmaps <= XFS_DQITER_MAP_SIZE);
1243 for (i = 0; i < nmaps; i++) {
1244 ASSERT(map[i].br_startblock != DELAYSTARTBLOCK);
1245 ASSERT(map[i].br_blockcount);
1246
1247
1248 lblkno += map[i].br_blockcount;
1249
1250 if (map[i].br_startblock == HOLESTARTBLOCK)
1251 continue;
1252
1253 firstid = (xfs_dqid_t) map[i].br_startoff *
1254 mp->m_quotainfo->qi_dqperchunk;
1255 /*
1256 * Do a read-ahead on the next extent.
1257 */
1258 if ((i+1 < nmaps) &&
1259 (map[i+1].br_startblock != HOLESTARTBLOCK)) {
1260 rablkcnt = map[i+1].br_blockcount;
1261 rablkno = map[i+1].br_startblock;
1262 while (rablkcnt--) {
1263 xfs_buf_readahead(mp->m_ddev_targp,
1264 XFS_FSB_TO_DADDR(mp, rablkno),
1265 mp->m_quotainfo->qi_dqchunklen,
1266 &xfs_dquot_buf_ops);
1267 rablkno++;
1268 }
1269 }
1270 /*
1271 * Iterate thru all the blks in the extent and
1272 * reset the counters of all the dquots inside them.
1273 */
1274 error = xfs_qm_reset_dqcounts_all(mp, firstid,
1275 map[i].br_startblock,
1276 map[i].br_blockcount,
1277 type, buffer_list);
1278 if (error)
1279 goto out;
1280 }
1281 } while (nmaps > 0);
1282
1283 out:
1284 kfree(map);
1285 return error;
1286 }
1287
1288 /*
1289 * Called by dqusage_adjust in doing a quotacheck.
1290 *
1291 * Given the inode, and a dquot id this updates both the incore dqout as well
1292 * as the buffer copy. This is so that once the quotacheck is done, we can
1293 * just log all the buffers, as opposed to logging numerous updates to
1294 * individual dquots.
1295 */
1296 STATIC int
xfs_qm_quotacheck_dqadjust(struct xfs_inode * ip,xfs_dqtype_t type,xfs_qcnt_t nblks,xfs_qcnt_t rtblks)1297 xfs_qm_quotacheck_dqadjust(
1298 struct xfs_inode *ip,
1299 xfs_dqtype_t type,
1300 xfs_qcnt_t nblks,
1301 xfs_qcnt_t rtblks)
1302 {
1303 struct xfs_mount *mp = ip->i_mount;
1304 struct xfs_dquot *dqp;
1305 xfs_dqid_t id;
1306 int error;
1307
1308 id = xfs_qm_id_for_quotatype(ip, type);
1309 error = xfs_qm_dqget(mp, id, type, true, &dqp);
1310 if (error) {
1311 /*
1312 * Shouldn't be able to turn off quotas here.
1313 */
1314 ASSERT(error != -ESRCH);
1315 ASSERT(error != -ENOENT);
1316 return error;
1317 }
1318
1319 error = xfs_dquot_attach_buf(NULL, dqp);
1320 if (error)
1321 return error;
1322
1323 trace_xfs_dqadjust(dqp);
1324
1325 /*
1326 * Adjust the inode count and the block count to reflect this inode's
1327 * resource usage.
1328 */
1329 dqp->q_ino.count++;
1330 dqp->q_ino.reserved++;
1331 if (nblks) {
1332 dqp->q_blk.count += nblks;
1333 dqp->q_blk.reserved += nblks;
1334 }
1335 if (rtblks) {
1336 dqp->q_rtb.count += rtblks;
1337 dqp->q_rtb.reserved += rtblks;
1338 }
1339
1340 /*
1341 * Set default limits, adjust timers (since we changed usages)
1342 *
1343 * There are no timers for the default values set in the root dquot.
1344 */
1345 if (dqp->q_id) {
1346 xfs_qm_adjust_dqlimits(dqp);
1347 xfs_qm_adjust_dqtimers(dqp);
1348 }
1349
1350 dqp->q_flags |= XFS_DQFLAG_DIRTY;
1351 xfs_qm_dqput(dqp);
1352 return 0;
1353 }
1354
1355 /*
1356 * callback routine supplied to bulkstat(). Given an inumber, find its
1357 * dquots and update them to account for resources taken by that inode.
1358 */
1359 /* ARGSUSED */
1360 STATIC int
xfs_qm_dqusage_adjust(struct xfs_mount * mp,struct xfs_trans * tp,xfs_ino_t ino,void * data)1361 xfs_qm_dqusage_adjust(
1362 struct xfs_mount *mp,
1363 struct xfs_trans *tp,
1364 xfs_ino_t ino,
1365 void *data)
1366 {
1367 struct xfs_inode *ip;
1368 xfs_filblks_t nblks, rtblks;
1369 unsigned int lock_mode;
1370 int error;
1371
1372 ASSERT(XFS_IS_QUOTA_ON(mp));
1373
1374 /*
1375 * rootino must have its resources accounted for, not so with the quota
1376 * inodes.
1377 */
1378 if (xfs_is_quota_inode(&mp->m_sb, ino))
1379 return 0;
1380
1381 /*
1382 * We don't _need_ to take the ilock EXCL here because quotacheck runs
1383 * at mount time and therefore nobody will be racing chown/chproj.
1384 */
1385 error = xfs_iget(mp, tp, ino, XFS_IGET_DONTCACHE, 0, &ip);
1386 if (error == -EINVAL || error == -ENOENT)
1387 return 0;
1388 if (error)
1389 return error;
1390
1391 /*
1392 * Reload the incore unlinked list to avoid failure in inodegc.
1393 * Use an unlocked check here because unrecovered unlinked inodes
1394 * should be somewhat rare.
1395 */
1396 if (xfs_inode_unlinked_incomplete(ip)) {
1397 error = xfs_inode_reload_unlinked(ip);
1398 if (error) {
1399 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
1400 goto error0;
1401 }
1402 }
1403
1404 /* Metadata directory files are not accounted to user-visible quotas. */
1405 if (xfs_is_metadir_inode(ip))
1406 goto error0;
1407
1408 ASSERT(ip->i_delayed_blks == 0);
1409
1410 lock_mode = xfs_ilock_data_map_shared(ip);
1411 if (XFS_IS_REALTIME_INODE(ip)) {
1412 error = xfs_iread_extents(tp, ip, XFS_DATA_FORK);
1413 if (error) {
1414 xfs_iunlock(ip, lock_mode);
1415 goto error0;
1416 }
1417 }
1418 xfs_inode_count_blocks(tp, ip, &nblks, &rtblks);
1419 xfs_iflags_clear(ip, XFS_IQUOTAUNCHECKED);
1420 xfs_iunlock(ip, lock_mode);
1421
1422 /*
1423 * Add the (disk blocks and inode) resources occupied by this
1424 * inode to its dquots. We do this adjustment in the incore dquot,
1425 * and also copy the changes to its buffer.
1426 * We don't care about putting these changes in a transaction
1427 * envelope because if we crash in the middle of a 'quotacheck'
1428 * we have to start from the beginning anyway.
1429 * Once we're done, we'll log all the dquot bufs.
1430 *
1431 * The *QUOTA_ON checks below may look pretty racy, but quotachecks
1432 * and quotaoffs don't race. (Quotachecks happen at mount time only).
1433 */
1434 if (XFS_IS_UQUOTA_ON(mp)) {
1435 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_USER, nblks,
1436 rtblks);
1437 if (error)
1438 goto error0;
1439 }
1440
1441 if (XFS_IS_GQUOTA_ON(mp)) {
1442 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_GROUP, nblks,
1443 rtblks);
1444 if (error)
1445 goto error0;
1446 }
1447
1448 if (XFS_IS_PQUOTA_ON(mp)) {
1449 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_PROJ, nblks,
1450 rtblks);
1451 if (error)
1452 goto error0;
1453 }
1454
1455 error0:
1456 xfs_irele(ip);
1457 return error;
1458 }
1459
1460 STATIC int
xfs_qm_flush_one(struct xfs_dquot * dqp,void * data)1461 xfs_qm_flush_one(
1462 struct xfs_dquot *dqp,
1463 void *data)
1464 {
1465 struct list_head *buffer_list = data;
1466 struct xfs_buf *bp = NULL;
1467 int error = 0;
1468
1469 xfs_dqlock(dqp);
1470 if (dqp->q_flags & XFS_DQFLAG_FREEING)
1471 goto out_unlock;
1472 if (!XFS_DQ_IS_DIRTY(dqp))
1473 goto out_unlock;
1474
1475 xfs_qm_dqunpin_wait(dqp);
1476 xfs_dqflock(dqp);
1477
1478 error = xfs_dquot_use_attached_buf(dqp, &bp);
1479 if (error)
1480 goto out_unlock;
1481 if (!bp) {
1482 error = -EFSCORRUPTED;
1483 goto out_unlock;
1484 }
1485
1486 error = xfs_qm_dqflush(dqp, bp);
1487 if (!error)
1488 xfs_buf_delwri_queue(bp, buffer_list);
1489 xfs_buf_relse(bp);
1490 out_unlock:
1491 xfs_dqunlock(dqp);
1492 return error;
1493 }
1494
1495 /*
1496 * Walk thru all the filesystem inodes and construct a consistent view
1497 * of the disk quota world. If the quotacheck fails, disable quotas.
1498 */
1499 STATIC int
xfs_qm_quotacheck(xfs_mount_t * mp)1500 xfs_qm_quotacheck(
1501 xfs_mount_t *mp)
1502 {
1503 int error, error2;
1504 uint flags;
1505 LIST_HEAD (buffer_list);
1506 struct xfs_inode *uip = mp->m_quotainfo->qi_uquotaip;
1507 struct xfs_inode *gip = mp->m_quotainfo->qi_gquotaip;
1508 struct xfs_inode *pip = mp->m_quotainfo->qi_pquotaip;
1509
1510 flags = 0;
1511
1512 ASSERT(uip || gip || pip);
1513 ASSERT(XFS_IS_QUOTA_ON(mp));
1514
1515 xfs_notice(mp, "Quotacheck needed: Please wait.");
1516
1517 /*
1518 * First we go thru all the dquots on disk, USR and GRP/PRJ, and reset
1519 * their counters to zero. We need a clean slate.
1520 * We don't log our changes till later.
1521 */
1522 if (uip) {
1523 error = xfs_qm_reset_dqcounts_buf(mp, uip, XFS_DQTYPE_USER,
1524 &buffer_list);
1525 if (error)
1526 goto error_return;
1527 flags |= XFS_UQUOTA_CHKD;
1528 }
1529
1530 if (gip) {
1531 error = xfs_qm_reset_dqcounts_buf(mp, gip, XFS_DQTYPE_GROUP,
1532 &buffer_list);
1533 if (error)
1534 goto error_return;
1535 flags |= XFS_GQUOTA_CHKD;
1536 }
1537
1538 if (pip) {
1539 error = xfs_qm_reset_dqcounts_buf(mp, pip, XFS_DQTYPE_PROJ,
1540 &buffer_list);
1541 if (error)
1542 goto error_return;
1543 flags |= XFS_PQUOTA_CHKD;
1544 }
1545
1546 xfs_set_quotacheck_running(mp);
1547 error = xfs_iwalk_threaded(mp, 0, 0, xfs_qm_dqusage_adjust, 0, true,
1548 NULL);
1549 xfs_clear_quotacheck_running(mp);
1550
1551 /*
1552 * On error, the inode walk may have partially populated the dquot
1553 * caches. We must purge them before disabling quota and tearing down
1554 * the quotainfo, or else the dquots will leak.
1555 */
1556 if (error)
1557 goto error_purge;
1558
1559 /*
1560 * We've made all the changes that we need to make incore. Flush them
1561 * down to disk buffers if everything was updated successfully.
1562 */
1563 if (XFS_IS_UQUOTA_ON(mp)) {
1564 error = xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_flush_one,
1565 &buffer_list);
1566 }
1567 if (XFS_IS_GQUOTA_ON(mp)) {
1568 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_flush_one,
1569 &buffer_list);
1570 if (!error)
1571 error = error2;
1572 }
1573 if (XFS_IS_PQUOTA_ON(mp)) {
1574 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_flush_one,
1575 &buffer_list);
1576 if (!error)
1577 error = error2;
1578 }
1579
1580 error2 = xfs_buf_delwri_submit(&buffer_list);
1581 if (!error)
1582 error = error2;
1583
1584 /*
1585 * We can get this error if we couldn't do a dquot allocation inside
1586 * xfs_qm_dqusage_adjust (via bulkstat). We don't care about the
1587 * dirty dquots that might be cached, we just want to get rid of them
1588 * and turn quotaoff. The dquots won't be attached to any of the inodes
1589 * at this point (because we intentionally didn't in dqget_noattach).
1590 */
1591 if (error)
1592 goto error_purge;
1593
1594 /*
1595 * If one type of quotas is off, then it will lose its
1596 * quotachecked status, since we won't be doing accounting for
1597 * that type anymore.
1598 */
1599 mp->m_qflags &= ~XFS_ALL_QUOTA_CHKD;
1600 mp->m_qflags |= flags;
1601
1602 error_return:
1603 xfs_buf_delwri_cancel(&buffer_list);
1604
1605 if (error) {
1606 xfs_warn(mp,
1607 "Quotacheck: Unsuccessful (Error %d): Disabling quotas.",
1608 error);
1609 /*
1610 * We must turn off quotas.
1611 */
1612 ASSERT(mp->m_quotainfo != NULL);
1613 xfs_qm_destroy_quotainfo(mp);
1614 if (xfs_mount_reset_sbqflags(mp)) {
1615 xfs_warn(mp,
1616 "Quotacheck: Failed to reset quota flags.");
1617 }
1618 xfs_fs_mark_sick(mp, XFS_SICK_FS_QUOTACHECK);
1619 } else {
1620 xfs_notice(mp, "Quotacheck: Done.");
1621 xfs_fs_mark_healthy(mp, XFS_SICK_FS_QUOTACHECK);
1622 }
1623
1624 return error;
1625
1626 error_purge:
1627 /*
1628 * On error, we may have inodes queued for inactivation. This may try
1629 * to attach dquots to the inode before running cleanup operations on
1630 * the inode and this can race with the xfs_qm_destroy_quotainfo() call
1631 * below that frees mp->m_quotainfo. To avoid this race, flush all the
1632 * pending inodegc operations before we purge the dquots from memory,
1633 * ensuring that background inactivation is idle whilst we turn off
1634 * quotas.
1635 */
1636 xfs_inodegc_flush(mp);
1637 xfs_qm_dqpurge_all(mp);
1638 goto error_return;
1639
1640 }
1641
1642 /*
1643 * This is called from xfs_mountfs to start quotas and initialize all
1644 * necessary data structures like quotainfo. This is also responsible for
1645 * running a quotacheck as necessary. We are guaranteed that the superblock
1646 * is consistently read in at this point.
1647 *
1648 * If we fail here, the mount will continue with quota turned off. We don't
1649 * need to inidicate success or failure at all.
1650 */
1651 void
xfs_qm_mount_quotas(struct xfs_mount * mp)1652 xfs_qm_mount_quotas(
1653 struct xfs_mount *mp)
1654 {
1655 int error = 0;
1656 uint sbf;
1657
1658 /*
1659 * If quotas on realtime volumes is not supported, disable quotas
1660 * immediately. We only support rtquota if rtgroups are enabled to
1661 * avoid problems with older kernels.
1662 */
1663 if (mp->m_sb.sb_rextents &&
1664 (!xfs_has_rtgroups(mp) || xfs_has_zoned(mp))) {
1665 xfs_notice(mp, "Cannot turn on quotas for realtime filesystem");
1666 mp->m_qflags = 0;
1667 goto write_changes;
1668 }
1669
1670 ASSERT(XFS_IS_QUOTA_ON(mp));
1671
1672 /*
1673 * Allocate the quotainfo structure inside the mount struct, and
1674 * create quotainode(s), and change/rev superblock if necessary.
1675 */
1676 error = xfs_qm_init_quotainfo(mp);
1677 if (error) {
1678 /*
1679 * We must turn off quotas.
1680 */
1681 ASSERT(mp->m_quotainfo == NULL);
1682 mp->m_qflags = 0;
1683 goto write_changes;
1684 }
1685 /*
1686 * If any of the quotas are not consistent, do a quotacheck.
1687 */
1688 if (XFS_QM_NEED_QUOTACHECK(mp)) {
1689 error = xfs_qm_quotacheck(mp);
1690 if (error) {
1691 /* Quotacheck failed and disabled quotas. */
1692 return;
1693 }
1694 }
1695 /*
1696 * If one type of quotas is off, then it will lose its
1697 * quotachecked status, since we won't be doing accounting for
1698 * that type anymore.
1699 */
1700 if (!XFS_IS_UQUOTA_ON(mp))
1701 mp->m_qflags &= ~XFS_UQUOTA_CHKD;
1702 if (!XFS_IS_GQUOTA_ON(mp))
1703 mp->m_qflags &= ~XFS_GQUOTA_CHKD;
1704 if (!XFS_IS_PQUOTA_ON(mp))
1705 mp->m_qflags &= ~XFS_PQUOTA_CHKD;
1706
1707 write_changes:
1708 /*
1709 * We actually don't have to acquire the m_sb_lock at all.
1710 * This can only be called from mount, and that's single threaded. XXX
1711 */
1712 spin_lock(&mp->m_sb_lock);
1713 sbf = mp->m_sb.sb_qflags;
1714 mp->m_sb.sb_qflags = mp->m_qflags & XFS_MOUNT_QUOTA_ALL;
1715 spin_unlock(&mp->m_sb_lock);
1716
1717 if (sbf != (mp->m_qflags & XFS_MOUNT_QUOTA_ALL)) {
1718 if (xfs_sync_sb(mp, false)) {
1719 /*
1720 * We could only have been turning quotas off.
1721 * We aren't in very good shape actually because
1722 * the incore structures are convinced that quotas are
1723 * off, but the on disk superblock doesn't know that !
1724 */
1725 ASSERT(!(XFS_IS_QUOTA_ON(mp)));
1726 xfs_alert(mp, "%s: Superblock update failed!",
1727 __func__);
1728 }
1729 }
1730
1731 if (error) {
1732 xfs_warn(mp, "Failed to initialize disk quotas, err %d.", error);
1733 return;
1734 }
1735 }
1736
1737 /*
1738 * Load the inode for a given type of quota, assuming that the sb fields have
1739 * been sorted out. This is not true when switching quota types on a V4
1740 * filesystem, so do not use this function for that.
1741 *
1742 * Returns -ENOENT if the quota inode field is NULLFSINO; 0 and an inode on
1743 * success; or a negative errno.
1744 */
1745 int
xfs_qm_qino_load(struct xfs_mount * mp,xfs_dqtype_t type,struct xfs_inode ** ipp)1746 xfs_qm_qino_load(
1747 struct xfs_mount *mp,
1748 xfs_dqtype_t type,
1749 struct xfs_inode **ipp)
1750 {
1751 struct xfs_trans *tp;
1752 struct xfs_inode *dp = NULL;
1753 int error;
1754
1755 tp = xfs_trans_alloc_empty(mp);
1756 if (xfs_has_metadir(mp)) {
1757 error = xfs_dqinode_load_parent(tp, &dp);
1758 if (error)
1759 goto out_cancel;
1760 }
1761
1762 error = xfs_dqinode_load(tp, dp, type, ipp);
1763 if (dp)
1764 xfs_irele(dp);
1765 out_cancel:
1766 xfs_trans_cancel(tp);
1767 return error;
1768 }
1769
1770 /*
1771 * This is called after the superblock has been read in and we're ready to
1772 * iget the quota inodes.
1773 */
1774 STATIC int
xfs_qm_init_quotainos(xfs_mount_t * mp)1775 xfs_qm_init_quotainos(
1776 xfs_mount_t *mp)
1777 {
1778 struct xfs_inode *uip = NULL;
1779 struct xfs_inode *gip = NULL;
1780 struct xfs_inode *pip = NULL;
1781 int error;
1782 uint flags = 0;
1783
1784 ASSERT(mp->m_quotainfo);
1785
1786 /*
1787 * Get the uquota and gquota inodes
1788 */
1789 if (xfs_has_quota(mp)) {
1790 if (XFS_IS_UQUOTA_ON(mp) &&
1791 mp->m_sb.sb_uquotino != NULLFSINO) {
1792 ASSERT(mp->m_sb.sb_uquotino > 0);
1793 error = xfs_qm_qino_load(mp, XFS_DQTYPE_USER, &uip);
1794 if (error)
1795 return error;
1796 }
1797 if (XFS_IS_GQUOTA_ON(mp) &&
1798 mp->m_sb.sb_gquotino != NULLFSINO) {
1799 ASSERT(mp->m_sb.sb_gquotino > 0);
1800 error = xfs_qm_qino_load(mp, XFS_DQTYPE_GROUP, &gip);
1801 if (error)
1802 goto error_rele;
1803 }
1804 if (XFS_IS_PQUOTA_ON(mp) &&
1805 mp->m_sb.sb_pquotino != NULLFSINO) {
1806 ASSERT(mp->m_sb.sb_pquotino > 0);
1807 error = xfs_qm_qino_load(mp, XFS_DQTYPE_PROJ, &pip);
1808 if (error)
1809 goto error_rele;
1810 }
1811 } else {
1812 flags |= XFS_QMOPT_SBVERSION;
1813 }
1814
1815 /*
1816 * Create the three inodes, if they don't exist already. The changes
1817 * made above will get added to a transaction and logged in one of
1818 * the qino_alloc calls below. If the device is readonly,
1819 * temporarily switch to read-write to do this.
1820 */
1821 if (XFS_IS_UQUOTA_ON(mp) && uip == NULL) {
1822 error = xfs_qm_qino_alloc(mp, &uip,
1823 flags | XFS_QMOPT_UQUOTA);
1824 if (error)
1825 goto error_rele;
1826
1827 flags &= ~XFS_QMOPT_SBVERSION;
1828 }
1829 if (XFS_IS_GQUOTA_ON(mp) && gip == NULL) {
1830 error = xfs_qm_qino_alloc(mp, &gip,
1831 flags | XFS_QMOPT_GQUOTA);
1832 if (error)
1833 goto error_rele;
1834
1835 flags &= ~XFS_QMOPT_SBVERSION;
1836 }
1837 if (XFS_IS_PQUOTA_ON(mp) && pip == NULL) {
1838 error = xfs_qm_qino_alloc(mp, &pip,
1839 flags | XFS_QMOPT_PQUOTA);
1840 if (error)
1841 goto error_rele;
1842 }
1843
1844 mp->m_quotainfo->qi_uquotaip = uip;
1845 mp->m_quotainfo->qi_gquotaip = gip;
1846 mp->m_quotainfo->qi_pquotaip = pip;
1847
1848 return 0;
1849
1850 error_rele:
1851 if (uip)
1852 xfs_irele(uip);
1853 if (gip)
1854 xfs_irele(gip);
1855 if (pip)
1856 xfs_irele(pip);
1857 return error;
1858 }
1859
1860 STATIC void
xfs_qm_dqfree_one(struct xfs_dquot * dqp)1861 xfs_qm_dqfree_one(
1862 struct xfs_dquot *dqp)
1863 {
1864 struct xfs_mount *mp = dqp->q_mount;
1865 struct xfs_quotainfo *qi = mp->m_quotainfo;
1866
1867 mutex_lock(&qi->qi_tree_lock);
1868 radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id);
1869
1870 qi->qi_dquots--;
1871 mutex_unlock(&qi->qi_tree_lock);
1872
1873 xfs_qm_dqdestroy(dqp);
1874 }
1875
1876 /* --------------- utility functions for vnodeops ---------------- */
1877
1878
1879 /*
1880 * Given an inode, a uid, gid and prid make sure that we have
1881 * allocated relevant dquot(s) on disk, and that we won't exceed inode
1882 * quotas by creating this file.
1883 * This also attaches dquot(s) to the given inode after locking it,
1884 * and returns the dquots corresponding to the uid and/or gid.
1885 *
1886 * in : inode (unlocked)
1887 * out : udquot, gdquot with references taken and unlocked
1888 */
1889 int
xfs_qm_vop_dqalloc(struct xfs_inode * ip,kuid_t uid,kgid_t gid,prid_t prid,uint flags,struct xfs_dquot ** O_udqpp,struct xfs_dquot ** O_gdqpp,struct xfs_dquot ** O_pdqpp)1890 xfs_qm_vop_dqalloc(
1891 struct xfs_inode *ip,
1892 kuid_t uid,
1893 kgid_t gid,
1894 prid_t prid,
1895 uint flags,
1896 struct xfs_dquot **O_udqpp,
1897 struct xfs_dquot **O_gdqpp,
1898 struct xfs_dquot **O_pdqpp)
1899 {
1900 struct xfs_mount *mp = ip->i_mount;
1901 struct inode *inode = VFS_I(ip);
1902 struct user_namespace *user_ns = inode->i_sb->s_user_ns;
1903 struct xfs_dquot *uq = NULL;
1904 struct xfs_dquot *gq = NULL;
1905 struct xfs_dquot *pq = NULL;
1906 int error;
1907 uint lockflags;
1908
1909 if (!XFS_IS_QUOTA_ON(mp))
1910 return 0;
1911
1912 ASSERT(!xfs_is_metadir_inode(ip));
1913
1914 lockflags = XFS_ILOCK_EXCL;
1915 xfs_ilock(ip, lockflags);
1916
1917 if ((flags & XFS_QMOPT_INHERIT) && XFS_INHERIT_GID(ip))
1918 gid = inode->i_gid;
1919
1920 /*
1921 * Attach the dquot(s) to this inode, doing a dquot allocation
1922 * if necessary. The dquot(s) will not be locked.
1923 */
1924 if (XFS_NOT_DQATTACHED(mp, ip)) {
1925 error = xfs_qm_dqattach_locked(ip, true);
1926 if (error) {
1927 xfs_iunlock(ip, lockflags);
1928 return error;
1929 }
1930 }
1931
1932 if ((flags & XFS_QMOPT_UQUOTA) && XFS_IS_UQUOTA_ON(mp)) {
1933 ASSERT(O_udqpp);
1934 if (!uid_eq(inode->i_uid, uid)) {
1935 /*
1936 * What we need is the dquot that has this uid, and
1937 * if we send the inode to dqget, the uid of the inode
1938 * takes priority over what's sent in the uid argument.
1939 * We must unlock inode here before calling dqget if
1940 * we're not sending the inode, because otherwise
1941 * we'll deadlock by doing trans_reserve while
1942 * holding ilock.
1943 */
1944 xfs_iunlock(ip, lockflags);
1945 error = xfs_qm_dqget(mp, from_kuid(user_ns, uid),
1946 XFS_DQTYPE_USER, true, &uq);
1947 if (error) {
1948 ASSERT(error != -ENOENT);
1949 return error;
1950 }
1951 /*
1952 * Get the ilock in the right order.
1953 */
1954 xfs_dqunlock(uq);
1955 lockflags = XFS_ILOCK_SHARED;
1956 xfs_ilock(ip, lockflags);
1957 } else {
1958 /*
1959 * Take an extra reference, because we'll return
1960 * this to caller
1961 */
1962 ASSERT(ip->i_udquot);
1963 uq = xfs_qm_dqhold(ip->i_udquot);
1964 }
1965 }
1966 if ((flags & XFS_QMOPT_GQUOTA) && XFS_IS_GQUOTA_ON(mp)) {
1967 ASSERT(O_gdqpp);
1968 if (!gid_eq(inode->i_gid, gid)) {
1969 xfs_iunlock(ip, lockflags);
1970 error = xfs_qm_dqget(mp, from_kgid(user_ns, gid),
1971 XFS_DQTYPE_GROUP, true, &gq);
1972 if (error) {
1973 ASSERT(error != -ENOENT);
1974 goto error_rele;
1975 }
1976 xfs_dqunlock(gq);
1977 lockflags = XFS_ILOCK_SHARED;
1978 xfs_ilock(ip, lockflags);
1979 } else {
1980 ASSERT(ip->i_gdquot);
1981 gq = xfs_qm_dqhold(ip->i_gdquot);
1982 }
1983 }
1984 if ((flags & XFS_QMOPT_PQUOTA) && XFS_IS_PQUOTA_ON(mp)) {
1985 ASSERT(O_pdqpp);
1986 if (ip->i_projid != prid) {
1987 xfs_iunlock(ip, lockflags);
1988 error = xfs_qm_dqget(mp, prid,
1989 XFS_DQTYPE_PROJ, true, &pq);
1990 if (error) {
1991 ASSERT(error != -ENOENT);
1992 goto error_rele;
1993 }
1994 xfs_dqunlock(pq);
1995 lockflags = XFS_ILOCK_SHARED;
1996 xfs_ilock(ip, lockflags);
1997 } else {
1998 ASSERT(ip->i_pdquot);
1999 pq = xfs_qm_dqhold(ip->i_pdquot);
2000 }
2001 }
2002 trace_xfs_dquot_dqalloc(ip);
2003
2004 xfs_iunlock(ip, lockflags);
2005 if (O_udqpp)
2006 *O_udqpp = uq;
2007 else
2008 xfs_qm_dqrele(uq);
2009 if (O_gdqpp)
2010 *O_gdqpp = gq;
2011 else
2012 xfs_qm_dqrele(gq);
2013 if (O_pdqpp)
2014 *O_pdqpp = pq;
2015 else
2016 xfs_qm_dqrele(pq);
2017 return 0;
2018
2019 error_rele:
2020 xfs_qm_dqrele(gq);
2021 xfs_qm_dqrele(uq);
2022 return error;
2023 }
2024
2025 /*
2026 * Actually transfer ownership, and do dquot modifications.
2027 * These were already reserved.
2028 */
2029 struct xfs_dquot *
xfs_qm_vop_chown(struct xfs_trans * tp,struct xfs_inode * ip,struct xfs_dquot ** IO_olddq,struct xfs_dquot * newdq)2030 xfs_qm_vop_chown(
2031 struct xfs_trans *tp,
2032 struct xfs_inode *ip,
2033 struct xfs_dquot **IO_olddq,
2034 struct xfs_dquot *newdq)
2035 {
2036 struct xfs_dquot *prevdq;
2037 xfs_filblks_t dblocks, rblocks;
2038 bool isrt = XFS_IS_REALTIME_INODE(ip);
2039
2040 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
2041 ASSERT(XFS_IS_QUOTA_ON(ip->i_mount));
2042 ASSERT(!xfs_is_metadir_inode(ip));
2043
2044 /* old dquot */
2045 prevdq = *IO_olddq;
2046 ASSERT(prevdq);
2047 ASSERT(prevdq != newdq);
2048
2049 xfs_inode_count_blocks(tp, ip, &dblocks, &rblocks);
2050
2051 xfs_trans_mod_ino_dquot(tp, ip, prevdq, XFS_TRANS_DQ_BCOUNT,
2052 -(xfs_qcnt_t)dblocks);
2053 xfs_trans_mod_ino_dquot(tp, ip, prevdq, XFS_TRANS_DQ_RTBCOUNT,
2054 -(xfs_qcnt_t)rblocks);
2055 xfs_trans_mod_ino_dquot(tp, ip, prevdq, XFS_TRANS_DQ_ICOUNT, -1);
2056
2057 /* the sparkling new dquot */
2058 xfs_trans_mod_ino_dquot(tp, ip, newdq, XFS_TRANS_DQ_BCOUNT, dblocks);
2059 xfs_trans_mod_ino_dquot(tp, ip, newdq, XFS_TRANS_DQ_RTBCOUNT, rblocks);
2060 xfs_trans_mod_ino_dquot(tp, ip, newdq, XFS_TRANS_DQ_ICOUNT, 1);
2061
2062 /*
2063 * Back when we made quota reservations for the chown, we reserved the
2064 * ondisk blocks + delalloc blocks with the new dquot. Now that we've
2065 * switched the dquots, decrease the new dquot's block reservation
2066 * (having already bumped up the real counter) so that we don't have
2067 * any reservation to give back when we commit.
2068 */
2069 xfs_trans_mod_dquot(tp, newdq,
2070 isrt ? XFS_TRANS_DQ_RES_RTBLKS : XFS_TRANS_DQ_RES_BLKS,
2071 -ip->i_delayed_blks);
2072
2073 /*
2074 * Give the incore reservation for delalloc blocks back to the old
2075 * dquot. We don't normally handle delalloc quota reservations
2076 * transactionally, so just lock the dquot and subtract from the
2077 * reservation. Dirty the transaction because it's too late to turn
2078 * back now.
2079 */
2080 tp->t_flags |= XFS_TRANS_DIRTY;
2081 xfs_dqlock(prevdq);
2082 if (isrt) {
2083 ASSERT(prevdq->q_rtb.reserved >= ip->i_delayed_blks);
2084 prevdq->q_rtb.reserved -= ip->i_delayed_blks;
2085 } else {
2086 ASSERT(prevdq->q_blk.reserved >= ip->i_delayed_blks);
2087 prevdq->q_blk.reserved -= ip->i_delayed_blks;
2088 }
2089 xfs_dqunlock(prevdq);
2090
2091 /*
2092 * Take an extra reference, because the inode is going to keep
2093 * this dquot pointer even after the trans_commit.
2094 */
2095 *IO_olddq = xfs_qm_dqhold(newdq);
2096
2097 return prevdq;
2098 }
2099
2100 int
xfs_qm_vop_rename_dqattach(struct xfs_inode ** i_tab)2101 xfs_qm_vop_rename_dqattach(
2102 struct xfs_inode **i_tab)
2103 {
2104 struct xfs_mount *mp = i_tab[0]->i_mount;
2105 int i;
2106
2107 if (!XFS_IS_QUOTA_ON(mp))
2108 return 0;
2109
2110 for (i = 0; (i < 4 && i_tab[i]); i++) {
2111 struct xfs_inode *ip = i_tab[i];
2112 int error;
2113
2114 /*
2115 * Watch out for duplicate entries in the table.
2116 */
2117 if (i == 0 || ip != i_tab[i-1]) {
2118 if (XFS_NOT_DQATTACHED(mp, ip)) {
2119 error = xfs_qm_dqattach(ip);
2120 if (error)
2121 return error;
2122 }
2123 }
2124 }
2125 return 0;
2126 }
2127
2128 void
xfs_qm_vop_create_dqattach(struct xfs_trans * tp,struct xfs_inode * ip,struct xfs_dquot * udqp,struct xfs_dquot * gdqp,struct xfs_dquot * pdqp)2129 xfs_qm_vop_create_dqattach(
2130 struct xfs_trans *tp,
2131 struct xfs_inode *ip,
2132 struct xfs_dquot *udqp,
2133 struct xfs_dquot *gdqp,
2134 struct xfs_dquot *pdqp)
2135 {
2136 struct xfs_mount *mp = tp->t_mountp;
2137
2138 if (!XFS_IS_QUOTA_ON(mp))
2139 return;
2140
2141 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
2142 ASSERT(!xfs_is_metadir_inode(ip));
2143
2144 if (udqp && XFS_IS_UQUOTA_ON(mp)) {
2145 ASSERT(ip->i_udquot == NULL);
2146 ASSERT(i_uid_read(VFS_I(ip)) == udqp->q_id);
2147
2148 ip->i_udquot = xfs_qm_dqhold(udqp);
2149 }
2150 if (gdqp && XFS_IS_GQUOTA_ON(mp)) {
2151 ASSERT(ip->i_gdquot == NULL);
2152 ASSERT(i_gid_read(VFS_I(ip)) == gdqp->q_id);
2153
2154 ip->i_gdquot = xfs_qm_dqhold(gdqp);
2155 }
2156 if (pdqp && XFS_IS_PQUOTA_ON(mp)) {
2157 ASSERT(ip->i_pdquot == NULL);
2158 ASSERT(ip->i_projid == pdqp->q_id);
2159
2160 ip->i_pdquot = xfs_qm_dqhold(pdqp);
2161 }
2162
2163 xfs_trans_mod_dquot_byino(tp, ip, XFS_TRANS_DQ_ICOUNT, 1);
2164 }
2165
2166 /* Decide if this inode's dquot is near an enforcement boundary. */
2167 bool
xfs_inode_near_dquot_enforcement(struct xfs_inode * ip,xfs_dqtype_t type)2168 xfs_inode_near_dquot_enforcement(
2169 struct xfs_inode *ip,
2170 xfs_dqtype_t type)
2171 {
2172 struct xfs_dquot *dqp;
2173 struct xfs_dquot_res *res;
2174 struct xfs_dquot_pre *pre;
2175 int64_t freesp;
2176
2177 /* We only care for quotas that are enabled and enforced. */
2178 dqp = xfs_inode_dquot(ip, type);
2179 if (!dqp || !xfs_dquot_is_enforced(dqp))
2180 return false;
2181
2182 if (xfs_dquot_res_over_limits(&dqp->q_ino) ||
2183 xfs_dquot_res_over_limits(&dqp->q_blk) ||
2184 xfs_dquot_res_over_limits(&dqp->q_rtb))
2185 return true;
2186
2187 if (XFS_IS_REALTIME_INODE(ip)) {
2188 res = &dqp->q_rtb;
2189 pre = &dqp->q_rtb_prealloc;
2190 } else {
2191 res = &dqp->q_blk;
2192 pre = &dqp->q_blk_prealloc;
2193 }
2194
2195 /* For space on the data device, check the various thresholds. */
2196 if (!pre->q_prealloc_hi_wmark)
2197 return false;
2198
2199 if (res->reserved < pre->q_prealloc_lo_wmark)
2200 return false;
2201
2202 if (res->reserved >= pre->q_prealloc_hi_wmark)
2203 return true;
2204
2205 freesp = pre->q_prealloc_hi_wmark - res->reserved;
2206 if (freesp < pre->q_low_space[XFS_QLOWSP_5_PCNT])
2207 return true;
2208
2209 return false;
2210 }
2211