1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4 * All Rights Reserved.
5 */
6 #include "xfs.h"
7 #include "xfs_fs.h"
8 #include "xfs_shared.h"
9 #include "xfs_format.h"
10 #include "xfs_log_format.h"
11 #include "xfs_trans_resv.h"
12 #include "xfs_bit.h"
13 #include "xfs_sb.h"
14 #include "xfs_mount.h"
15 #include "xfs_inode.h"
16 #include "xfs_iwalk.h"
17 #include "xfs_quota.h"
18 #include "xfs_bmap.h"
19 #include "xfs_bmap_util.h"
20 #include "xfs_trans.h"
21 #include "xfs_trans_space.h"
22 #include "xfs_qm.h"
23 #include "xfs_trace.h"
24 #include "xfs_icache.h"
25 #include "xfs_error.h"
26 #include "xfs_ag.h"
27 #include "xfs_ialloc.h"
28 #include "xfs_log_priv.h"
29 #include "xfs_health.h"
30 #include "xfs_da_format.h"
31 #include "xfs_metafile.h"
32 #include "xfs_rtgroup.h"
33
34 /*
35 * The global quota manager. There is only one of these for the entire
36 * system, _not_ one per file system. XQM keeps track of the overall
37 * quota functionality, including maintaining the freelist and hash
38 * tables of dquots.
39 */
40 STATIC int xfs_qm_init_quotainos(struct xfs_mount *mp);
41 STATIC int xfs_qm_init_quotainfo(struct xfs_mount *mp);
42
43 STATIC void xfs_qm_dqfree_one(struct xfs_dquot *dqp);
44 /*
45 * We use the batch lookup interface to iterate over the dquots as it
46 * currently is the only interface into the radix tree code that allows
47 * fuzzy lookups instead of exact matches. Holding the lock over multiple
48 * operations is fine as all callers are used either during mount/umount
49 * or quotaoff.
50 */
51 #define XFS_DQ_LOOKUP_BATCH 32
52
53 STATIC int
xfs_qm_dquot_walk(struct xfs_mount * mp,xfs_dqtype_t type,int (* execute)(struct xfs_dquot * dqp,void * data),void * data)54 xfs_qm_dquot_walk(
55 struct xfs_mount *mp,
56 xfs_dqtype_t type,
57 int (*execute)(struct xfs_dquot *dqp, void *data),
58 void *data)
59 {
60 struct xfs_quotainfo *qi = mp->m_quotainfo;
61 struct radix_tree_root *tree = xfs_dquot_tree(qi, type);
62 uint32_t next_index;
63 int last_error = 0;
64 int skipped;
65 int nr_found;
66
67 restart:
68 skipped = 0;
69 next_index = 0;
70 nr_found = 0;
71
72 while (1) {
73 struct xfs_dquot *batch[XFS_DQ_LOOKUP_BATCH];
74 int error;
75 int i;
76
77 mutex_lock(&qi->qi_tree_lock);
78 nr_found = radix_tree_gang_lookup(tree, (void **)batch,
79 next_index, XFS_DQ_LOOKUP_BATCH);
80 if (!nr_found) {
81 mutex_unlock(&qi->qi_tree_lock);
82 break;
83 }
84
85 for (i = 0; i < nr_found; i++) {
86 struct xfs_dquot *dqp = batch[i];
87
88 next_index = dqp->q_id + 1;
89
90 error = execute(batch[i], data);
91 if (error == -EAGAIN) {
92 skipped++;
93 continue;
94 }
95 if (error && last_error != -EFSCORRUPTED)
96 last_error = error;
97 }
98
99 mutex_unlock(&qi->qi_tree_lock);
100
101 /* bail out if the filesystem is corrupted. */
102 if (last_error == -EFSCORRUPTED) {
103 skipped = 0;
104 break;
105 }
106 /* we're done if id overflows back to zero */
107 if (!next_index)
108 break;
109 }
110
111 if (skipped) {
112 delay(1);
113 goto restart;
114 }
115
116 return last_error;
117 }
118
119
120 /*
121 * Purge a dquot from all tracking data structures and free it.
122 */
123 STATIC int
xfs_qm_dqpurge(struct xfs_dquot * dqp,void * data)124 xfs_qm_dqpurge(
125 struct xfs_dquot *dqp,
126 void *data)
127 {
128 struct xfs_quotainfo *qi = dqp->q_mount->m_quotainfo;
129 int error = -EAGAIN;
130
131 xfs_dqlock(dqp);
132 if ((dqp->q_flags & XFS_DQFLAG_FREEING) || dqp->q_nrefs != 0)
133 goto out_unlock;
134
135 dqp->q_flags |= XFS_DQFLAG_FREEING;
136
137 xfs_qm_dqunpin_wait(dqp);
138 xfs_dqflock(dqp);
139
140 /*
141 * If we are turning this type of quotas off, we don't care
142 * about the dirty metadata sitting in this dquot. OTOH, if
143 * we're unmounting, we do care, so we flush it and wait.
144 */
145 if (XFS_DQ_IS_DIRTY(dqp)) {
146 struct xfs_buf *bp = NULL;
147
148 /*
149 * We don't care about getting disk errors here. We need
150 * to purge this dquot anyway, so we go ahead regardless.
151 */
152 error = xfs_dquot_use_attached_buf(dqp, &bp);
153 if (error == -EAGAIN) {
154 xfs_dqfunlock(dqp);
155 dqp->q_flags &= ~XFS_DQFLAG_FREEING;
156 goto out_unlock;
157 }
158 if (!bp)
159 goto out_funlock;
160
161 /*
162 * dqflush completes dqflock on error, and the bwrite ioend
163 * does it on success.
164 */
165 error = xfs_qm_dqflush(dqp, bp);
166 if (!error) {
167 error = xfs_bwrite(bp);
168 xfs_buf_relse(bp);
169 }
170 xfs_dqflock(dqp);
171 }
172 xfs_dquot_detach_buf(dqp);
173
174 out_funlock:
175 ASSERT(atomic_read(&dqp->q_pincount) == 0);
176 ASSERT(xlog_is_shutdown(dqp->q_logitem.qli_item.li_log) ||
177 !test_bit(XFS_LI_IN_AIL, &dqp->q_logitem.qli_item.li_flags));
178
179 xfs_dqfunlock(dqp);
180 xfs_dqunlock(dqp);
181
182 radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id);
183 qi->qi_dquots--;
184
185 /*
186 * We move dquots to the freelist as soon as their reference count
187 * hits zero, so it really should be on the freelist here.
188 */
189 ASSERT(!list_empty(&dqp->q_lru));
190 list_lru_del_obj(&qi->qi_lru, &dqp->q_lru);
191 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
192
193 xfs_qm_dqdestroy(dqp);
194 return 0;
195
196 out_unlock:
197 xfs_dqunlock(dqp);
198 return error;
199 }
200
201 /*
202 * Purge the dquot cache.
203 */
204 static void
xfs_qm_dqpurge_all(struct xfs_mount * mp)205 xfs_qm_dqpurge_all(
206 struct xfs_mount *mp)
207 {
208 xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_dqpurge, NULL);
209 xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_dqpurge, NULL);
210 xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_dqpurge, NULL);
211 }
212
213 /*
214 * Just destroy the quotainfo structure.
215 */
216 void
xfs_qm_unmount(struct xfs_mount * mp)217 xfs_qm_unmount(
218 struct xfs_mount *mp)
219 {
220 if (mp->m_quotainfo) {
221 xfs_qm_dqpurge_all(mp);
222 xfs_qm_destroy_quotainfo(mp);
223 }
224 }
225
226 static void
xfs_qm_unmount_rt(struct xfs_mount * mp)227 xfs_qm_unmount_rt(
228 struct xfs_mount *mp)
229 {
230 struct xfs_rtgroup *rtg = xfs_rtgroup_grab(mp, 0);
231
232 if (!rtg)
233 return;
234 if (rtg_bitmap(rtg))
235 xfs_qm_dqdetach(rtg_bitmap(rtg));
236 if (rtg_summary(rtg))
237 xfs_qm_dqdetach(rtg_summary(rtg));
238 xfs_rtgroup_rele(rtg);
239 }
240
241 STATIC void
xfs_qm_destroy_quotainos(struct xfs_quotainfo * qi)242 xfs_qm_destroy_quotainos(
243 struct xfs_quotainfo *qi)
244 {
245 if (qi->qi_uquotaip) {
246 xfs_irele(qi->qi_uquotaip);
247 qi->qi_uquotaip = NULL; /* paranoia */
248 }
249 if (qi->qi_gquotaip) {
250 xfs_irele(qi->qi_gquotaip);
251 qi->qi_gquotaip = NULL;
252 }
253 if (qi->qi_pquotaip) {
254 xfs_irele(qi->qi_pquotaip);
255 qi->qi_pquotaip = NULL;
256 }
257 if (qi->qi_dirip) {
258 xfs_irele(qi->qi_dirip);
259 qi->qi_dirip = NULL;
260 }
261 }
262
263 /*
264 * Called from the vfsops layer.
265 */
266 void
xfs_qm_unmount_quotas(xfs_mount_t * mp)267 xfs_qm_unmount_quotas(
268 xfs_mount_t *mp)
269 {
270 /*
271 * Release the dquots that root inode, et al might be holding,
272 * before we flush quotas and blow away the quotainfo structure.
273 */
274 ASSERT(mp->m_rootip);
275 xfs_qm_dqdetach(mp->m_rootip);
276
277 /*
278 * For pre-RTG file systems, the RT inodes have quotas attached,
279 * detach them now.
280 */
281 if (!xfs_has_rtgroups(mp))
282 xfs_qm_unmount_rt(mp);
283
284 /*
285 * Release the quota inodes.
286 */
287 if (mp->m_quotainfo)
288 xfs_qm_destroy_quotainos(mp->m_quotainfo);
289 }
290
291 STATIC int
xfs_qm_dqattach_one(struct xfs_inode * ip,xfs_dqtype_t type,bool doalloc,struct xfs_dquot ** IO_idqpp)292 xfs_qm_dqattach_one(
293 struct xfs_inode *ip,
294 xfs_dqtype_t type,
295 bool doalloc,
296 struct xfs_dquot **IO_idqpp)
297 {
298 struct xfs_dquot *dqp;
299 int error;
300
301 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
302 error = 0;
303
304 /*
305 * See if we already have it in the inode itself. IO_idqpp is &i_udquot
306 * or &i_gdquot. This made the code look weird, but made the logic a lot
307 * simpler.
308 */
309 dqp = *IO_idqpp;
310 if (dqp) {
311 trace_xfs_dqattach_found(dqp);
312 return 0;
313 }
314
315 /*
316 * Find the dquot from somewhere. This bumps the reference count of
317 * dquot and returns it locked. This can return ENOENT if dquot didn't
318 * exist on disk and we didn't ask it to allocate; ESRCH if quotas got
319 * turned off suddenly.
320 */
321 error = xfs_qm_dqget_inode(ip, type, doalloc, &dqp);
322 if (error)
323 return error;
324
325 trace_xfs_dqattach_get(dqp);
326
327 /*
328 * dqget may have dropped and re-acquired the ilock, but it guarantees
329 * that the dquot returned is the one that should go in the inode.
330 */
331 *IO_idqpp = dqp;
332 xfs_dqunlock(dqp);
333 return 0;
334 }
335
336 static bool
xfs_qm_need_dqattach(struct xfs_inode * ip)337 xfs_qm_need_dqattach(
338 struct xfs_inode *ip)
339 {
340 struct xfs_mount *mp = ip->i_mount;
341
342 if (!XFS_IS_QUOTA_ON(mp))
343 return false;
344 if (!XFS_NOT_DQATTACHED(mp, ip))
345 return false;
346 if (xfs_is_quota_inode(&mp->m_sb, ip->i_ino))
347 return false;
348 if (xfs_is_metadir_inode(ip))
349 return false;
350 return true;
351 }
352
353 /*
354 * Given a locked inode, attach dquot(s) to it, taking U/G/P-QUOTAON
355 * into account.
356 * If @doalloc is true, the dquot(s) will be allocated if needed.
357 * Inode may get unlocked and relocked in here, and the caller must deal with
358 * the consequences.
359 */
360 int
xfs_qm_dqattach_locked(xfs_inode_t * ip,bool doalloc)361 xfs_qm_dqattach_locked(
362 xfs_inode_t *ip,
363 bool doalloc)
364 {
365 xfs_mount_t *mp = ip->i_mount;
366 int error = 0;
367
368 if (!xfs_qm_need_dqattach(ip))
369 return 0;
370
371 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
372 ASSERT(!xfs_is_metadir_inode(ip));
373
374 if (XFS_IS_UQUOTA_ON(mp) && !ip->i_udquot) {
375 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_USER,
376 doalloc, &ip->i_udquot);
377 if (error)
378 goto done;
379 ASSERT(ip->i_udquot);
380 }
381
382 if (XFS_IS_GQUOTA_ON(mp) && !ip->i_gdquot) {
383 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_GROUP,
384 doalloc, &ip->i_gdquot);
385 if (error)
386 goto done;
387 ASSERT(ip->i_gdquot);
388 }
389
390 if (XFS_IS_PQUOTA_ON(mp) && !ip->i_pdquot) {
391 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_PROJ,
392 doalloc, &ip->i_pdquot);
393 if (error)
394 goto done;
395 ASSERT(ip->i_pdquot);
396 }
397
398 done:
399 /*
400 * Don't worry about the dquots that we may have attached before any
401 * error - they'll get detached later if it has not already been done.
402 */
403 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
404 return error;
405 }
406
407 int
xfs_qm_dqattach(struct xfs_inode * ip)408 xfs_qm_dqattach(
409 struct xfs_inode *ip)
410 {
411 int error;
412
413 if (!xfs_qm_need_dqattach(ip))
414 return 0;
415
416 xfs_ilock(ip, XFS_ILOCK_EXCL);
417 error = xfs_qm_dqattach_locked(ip, false);
418 xfs_iunlock(ip, XFS_ILOCK_EXCL);
419
420 return error;
421 }
422
423 /*
424 * Release dquots (and their references) if any.
425 * The inode should be locked EXCL except when this's called by
426 * xfs_ireclaim.
427 */
428 void
xfs_qm_dqdetach(xfs_inode_t * ip)429 xfs_qm_dqdetach(
430 xfs_inode_t *ip)
431 {
432 if (xfs_is_metadir_inode(ip))
433 return;
434 if (!(ip->i_udquot || ip->i_gdquot || ip->i_pdquot))
435 return;
436
437 trace_xfs_dquot_dqdetach(ip);
438
439 ASSERT(!xfs_is_quota_inode(&ip->i_mount->m_sb, ip->i_ino));
440 if (ip->i_udquot) {
441 xfs_qm_dqrele(ip->i_udquot);
442 ip->i_udquot = NULL;
443 }
444 if (ip->i_gdquot) {
445 xfs_qm_dqrele(ip->i_gdquot);
446 ip->i_gdquot = NULL;
447 }
448 if (ip->i_pdquot) {
449 xfs_qm_dqrele(ip->i_pdquot);
450 ip->i_pdquot = NULL;
451 }
452 }
453
454 struct xfs_qm_isolate {
455 struct list_head buffers;
456 struct list_head dispose;
457 };
458
459 static enum lru_status
xfs_qm_dquot_isolate(struct list_head * item,struct list_lru_one * lru,void * arg)460 xfs_qm_dquot_isolate(
461 struct list_head *item,
462 struct list_lru_one *lru,
463 void *arg)
464 __releases(&lru->lock) __acquires(&lru->lock)
465 {
466 struct xfs_dquot *dqp = container_of(item,
467 struct xfs_dquot, q_lru);
468 struct xfs_qm_isolate *isol = arg;
469 enum lru_status ret = LRU_SKIP;
470
471 if (!xfs_dqlock_nowait(dqp))
472 goto out_miss_busy;
473
474 /*
475 * If something else is freeing this dquot and hasn't yet removed it
476 * from the LRU, leave it for the freeing task to complete the freeing
477 * process rather than risk it being free from under us here.
478 */
479 if (dqp->q_flags & XFS_DQFLAG_FREEING)
480 goto out_miss_unlock;
481
482 /*
483 * If the dquot is pinned or dirty, rotate it to the end of the LRU to
484 * give some time for it to be cleaned before we try to isolate it
485 * again.
486 */
487 ret = LRU_ROTATE;
488 if (XFS_DQ_IS_DIRTY(dqp) || atomic_read(&dqp->q_pincount) > 0) {
489 goto out_miss_unlock;
490 }
491
492 /*
493 * This dquot has acquired a reference in the meantime remove it from
494 * the freelist and try again.
495 */
496 if (dqp->q_nrefs) {
497 xfs_dqunlock(dqp);
498 XFS_STATS_INC(dqp->q_mount, xs_qm_dqwants);
499
500 trace_xfs_dqreclaim_want(dqp);
501 list_lru_isolate(lru, &dqp->q_lru);
502 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
503 return LRU_REMOVED;
504 }
505
506 /*
507 * The dquot may still be under IO, in which case the flush lock will be
508 * held. If we can't get the flush lock now, just skip over the dquot as
509 * if it was dirty.
510 */
511 if (!xfs_dqflock_nowait(dqp))
512 goto out_miss_unlock;
513
514 ASSERT(!XFS_DQ_IS_DIRTY(dqp));
515 xfs_dquot_detach_buf(dqp);
516 xfs_dqfunlock(dqp);
517
518 /*
519 * Prevent lookups now that we are past the point of no return.
520 */
521 dqp->q_flags |= XFS_DQFLAG_FREEING;
522 xfs_dqunlock(dqp);
523
524 ASSERT(dqp->q_nrefs == 0);
525 list_lru_isolate_move(lru, &dqp->q_lru, &isol->dispose);
526 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
527 trace_xfs_dqreclaim_done(dqp);
528 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaims);
529 return LRU_REMOVED;
530
531 out_miss_unlock:
532 xfs_dqunlock(dqp);
533 out_miss_busy:
534 trace_xfs_dqreclaim_busy(dqp);
535 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses);
536 return ret;
537 }
538
539 static unsigned long
xfs_qm_shrink_scan(struct shrinker * shrink,struct shrink_control * sc)540 xfs_qm_shrink_scan(
541 struct shrinker *shrink,
542 struct shrink_control *sc)
543 {
544 struct xfs_quotainfo *qi = shrink->private_data;
545 struct xfs_qm_isolate isol;
546 unsigned long freed;
547 int error;
548
549 if ((sc->gfp_mask & (__GFP_FS|__GFP_DIRECT_RECLAIM)) != (__GFP_FS|__GFP_DIRECT_RECLAIM))
550 return 0;
551
552 INIT_LIST_HEAD(&isol.buffers);
553 INIT_LIST_HEAD(&isol.dispose);
554
555 freed = list_lru_shrink_walk(&qi->qi_lru, sc,
556 xfs_qm_dquot_isolate, &isol);
557
558 error = xfs_buf_delwri_submit(&isol.buffers);
559 if (error)
560 xfs_warn(NULL, "%s: dquot reclaim failed", __func__);
561
562 while (!list_empty(&isol.dispose)) {
563 struct xfs_dquot *dqp;
564
565 dqp = list_first_entry(&isol.dispose, struct xfs_dquot, q_lru);
566 list_del_init(&dqp->q_lru);
567 xfs_qm_dqfree_one(dqp);
568 }
569
570 return freed;
571 }
572
573 static unsigned long
xfs_qm_shrink_count(struct shrinker * shrink,struct shrink_control * sc)574 xfs_qm_shrink_count(
575 struct shrinker *shrink,
576 struct shrink_control *sc)
577 {
578 struct xfs_quotainfo *qi = shrink->private_data;
579
580 return list_lru_shrink_count(&qi->qi_lru, sc);
581 }
582
583 STATIC void
xfs_qm_set_defquota(struct xfs_mount * mp,xfs_dqtype_t type,struct xfs_quotainfo * qinf)584 xfs_qm_set_defquota(
585 struct xfs_mount *mp,
586 xfs_dqtype_t type,
587 struct xfs_quotainfo *qinf)
588 {
589 struct xfs_dquot *dqp;
590 struct xfs_def_quota *defq;
591 int error;
592
593 error = xfs_qm_dqget_uncached(mp, 0, type, &dqp);
594 if (error)
595 return;
596
597 defq = xfs_get_defquota(qinf, xfs_dquot_type(dqp));
598
599 /*
600 * Timers and warnings have been already set, let's just set the
601 * default limits for this quota type
602 */
603 defq->blk.hard = dqp->q_blk.hardlimit;
604 defq->blk.soft = dqp->q_blk.softlimit;
605 defq->ino.hard = dqp->q_ino.hardlimit;
606 defq->ino.soft = dqp->q_ino.softlimit;
607 defq->rtb.hard = dqp->q_rtb.hardlimit;
608 defq->rtb.soft = dqp->q_rtb.softlimit;
609 xfs_qm_dqdestroy(dqp);
610 }
611
612 /* Initialize quota time limits from the root dquot. */
613 static void
xfs_qm_init_timelimits(struct xfs_mount * mp,xfs_dqtype_t type)614 xfs_qm_init_timelimits(
615 struct xfs_mount *mp,
616 xfs_dqtype_t type)
617 {
618 struct xfs_quotainfo *qinf = mp->m_quotainfo;
619 struct xfs_def_quota *defq;
620 struct xfs_dquot *dqp;
621 int error;
622
623 defq = xfs_get_defquota(qinf, type);
624
625 defq->blk.time = XFS_QM_BTIMELIMIT;
626 defq->ino.time = XFS_QM_ITIMELIMIT;
627 defq->rtb.time = XFS_QM_RTBTIMELIMIT;
628
629 /*
630 * We try to get the limits from the superuser's limits fields.
631 * This is quite hacky, but it is standard quota practice.
632 *
633 * Since we may not have done a quotacheck by this point, just read
634 * the dquot without attaching it to any hashtables or lists.
635 */
636 error = xfs_qm_dqget_uncached(mp, 0, type, &dqp);
637 if (error)
638 return;
639
640 /*
641 * The warnings and timers set the grace period given to
642 * a user or group before he or she can not perform any
643 * more writing. If it is zero, a default is used.
644 */
645 if (dqp->q_blk.timer)
646 defq->blk.time = dqp->q_blk.timer;
647 if (dqp->q_ino.timer)
648 defq->ino.time = dqp->q_ino.timer;
649 if (dqp->q_rtb.timer)
650 defq->rtb.time = dqp->q_rtb.timer;
651
652 xfs_qm_dqdestroy(dqp);
653 }
654
655 static int
xfs_qm_load_metadir_qinos(struct xfs_mount * mp,struct xfs_quotainfo * qi)656 xfs_qm_load_metadir_qinos(
657 struct xfs_mount *mp,
658 struct xfs_quotainfo *qi)
659 {
660 struct xfs_trans *tp;
661 int error;
662
663 error = xfs_trans_alloc_empty(mp, &tp);
664 if (error)
665 return error;
666
667 error = xfs_dqinode_load_parent(tp, &qi->qi_dirip);
668 if (error == -ENOENT) {
669 /* no quota dir directory, but we'll create one later */
670 error = 0;
671 goto out_trans;
672 }
673 if (error)
674 goto out_trans;
675
676 if (XFS_IS_UQUOTA_ON(mp)) {
677 error = xfs_dqinode_load(tp, qi->qi_dirip, XFS_DQTYPE_USER,
678 &qi->qi_uquotaip);
679 if (error && error != -ENOENT)
680 goto out_trans;
681 }
682
683 if (XFS_IS_GQUOTA_ON(mp)) {
684 error = xfs_dqinode_load(tp, qi->qi_dirip, XFS_DQTYPE_GROUP,
685 &qi->qi_gquotaip);
686 if (error && error != -ENOENT)
687 goto out_trans;
688 }
689
690 if (XFS_IS_PQUOTA_ON(mp)) {
691 error = xfs_dqinode_load(tp, qi->qi_dirip, XFS_DQTYPE_PROJ,
692 &qi->qi_pquotaip);
693 if (error && error != -ENOENT)
694 goto out_trans;
695 }
696
697 error = 0;
698 out_trans:
699 xfs_trans_cancel(tp);
700 return error;
701 }
702
703 /* Create quota inodes in the metadata directory tree. */
704 STATIC int
xfs_qm_create_metadir_qinos(struct xfs_mount * mp,struct xfs_quotainfo * qi)705 xfs_qm_create_metadir_qinos(
706 struct xfs_mount *mp,
707 struct xfs_quotainfo *qi)
708 {
709 int error;
710
711 if (!qi->qi_dirip) {
712 error = xfs_dqinode_mkdir_parent(mp, &qi->qi_dirip);
713 if (error && error != -EEXIST)
714 return error;
715 /*
716 * If the /quotas dirent points to an inode that isn't
717 * loadable, qi_dirip will be NULL but mkdir_parent will return
718 * -EEXIST. In this case the metadir is corrupt, so bail out.
719 */
720 if (XFS_IS_CORRUPT(mp, qi->qi_dirip == NULL))
721 return -EFSCORRUPTED;
722 }
723
724 if (XFS_IS_UQUOTA_ON(mp) && !qi->qi_uquotaip) {
725 error = xfs_dqinode_metadir_create(qi->qi_dirip,
726 XFS_DQTYPE_USER, &qi->qi_uquotaip);
727 if (error)
728 return error;
729 }
730
731 if (XFS_IS_GQUOTA_ON(mp) && !qi->qi_gquotaip) {
732 error = xfs_dqinode_metadir_create(qi->qi_dirip,
733 XFS_DQTYPE_GROUP, &qi->qi_gquotaip);
734 if (error)
735 return error;
736 }
737
738 if (XFS_IS_PQUOTA_ON(mp) && !qi->qi_pquotaip) {
739 error = xfs_dqinode_metadir_create(qi->qi_dirip,
740 XFS_DQTYPE_PROJ, &qi->qi_pquotaip);
741 if (error)
742 return error;
743 }
744
745 return 0;
746 }
747
748 /*
749 * Add QUOTABIT to sb_versionnum and initialize qflags in preparation for
750 * creating quota files on a metadir filesystem.
751 */
752 STATIC int
xfs_qm_prep_metadir_sb(struct xfs_mount * mp)753 xfs_qm_prep_metadir_sb(
754 struct xfs_mount *mp)
755 {
756 struct xfs_trans *tp;
757 int error;
758
759 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_sb, 0, 0, 0, &tp);
760 if (error)
761 return error;
762
763 spin_lock(&mp->m_sb_lock);
764
765 xfs_add_quota(mp);
766
767 /* qflags will get updated fully _after_ quotacheck */
768 mp->m_sb.sb_qflags = mp->m_qflags & XFS_ALL_QUOTA_ACCT;
769
770 spin_unlock(&mp->m_sb_lock);
771 xfs_log_sb(tp);
772
773 return xfs_trans_commit(tp);
774 }
775
776 /*
777 * Load existing quota inodes or create them. Since this is a V5 filesystem,
778 * we don't have to deal with the grp/prjquota switcheroo thing from V4.
779 */
780 STATIC int
xfs_qm_init_metadir_qinos(struct xfs_mount * mp)781 xfs_qm_init_metadir_qinos(
782 struct xfs_mount *mp)
783 {
784 struct xfs_quotainfo *qi = mp->m_quotainfo;
785 int error;
786
787 if (!xfs_has_quota(mp)) {
788 error = xfs_qm_prep_metadir_sb(mp);
789 if (error)
790 return error;
791 }
792
793 error = xfs_qm_load_metadir_qinos(mp, qi);
794 if (error)
795 goto out_err;
796
797 error = xfs_qm_create_metadir_qinos(mp, qi);
798 if (error)
799 goto out_err;
800
801 /* The only user of the quota dir inode is online fsck */
802 #if !IS_ENABLED(CONFIG_XFS_ONLINE_SCRUB)
803 xfs_irele(qi->qi_dirip);
804 qi->qi_dirip = NULL;
805 #endif
806 return 0;
807 out_err:
808 xfs_qm_destroy_quotainos(mp->m_quotainfo);
809 return error;
810 }
811
812 /*
813 * This initializes all the quota information that's kept in the
814 * mount structure
815 */
816 STATIC int
xfs_qm_init_quotainfo(struct xfs_mount * mp)817 xfs_qm_init_quotainfo(
818 struct xfs_mount *mp)
819 {
820 struct xfs_quotainfo *qinf;
821 int error;
822
823 ASSERT(XFS_IS_QUOTA_ON(mp));
824
825 qinf = mp->m_quotainfo = kzalloc(sizeof(struct xfs_quotainfo),
826 GFP_KERNEL | __GFP_NOFAIL);
827
828 error = list_lru_init(&qinf->qi_lru);
829 if (error)
830 goto out_free_qinf;
831
832 /*
833 * See if quotainodes are setup, and if not, allocate them,
834 * and change the superblock accordingly.
835 */
836 if (xfs_has_metadir(mp))
837 error = xfs_qm_init_metadir_qinos(mp);
838 else
839 error = xfs_qm_init_quotainos(mp);
840 if (error)
841 goto out_free_lru;
842
843 INIT_RADIX_TREE(&qinf->qi_uquota_tree, GFP_KERNEL);
844 INIT_RADIX_TREE(&qinf->qi_gquota_tree, GFP_KERNEL);
845 INIT_RADIX_TREE(&qinf->qi_pquota_tree, GFP_KERNEL);
846 mutex_init(&qinf->qi_tree_lock);
847
848 /* mutex used to serialize quotaoffs */
849 mutex_init(&qinf->qi_quotaofflock);
850
851 /* Precalc some constants */
852 qinf->qi_dqchunklen = XFS_FSB_TO_BB(mp, XFS_DQUOT_CLUSTER_SIZE_FSB);
853 qinf->qi_dqperchunk = xfs_calc_dquots_per_chunk(qinf->qi_dqchunklen);
854 if (xfs_has_bigtime(mp)) {
855 qinf->qi_expiry_min =
856 xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MIN);
857 qinf->qi_expiry_max =
858 xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MAX);
859 } else {
860 qinf->qi_expiry_min = XFS_DQ_LEGACY_EXPIRY_MIN;
861 qinf->qi_expiry_max = XFS_DQ_LEGACY_EXPIRY_MAX;
862 }
863 trace_xfs_quota_expiry_range(mp, qinf->qi_expiry_min,
864 qinf->qi_expiry_max);
865
866 mp->m_qflags |= (mp->m_sb.sb_qflags & XFS_ALL_QUOTA_CHKD);
867
868 xfs_qm_init_timelimits(mp, XFS_DQTYPE_USER);
869 xfs_qm_init_timelimits(mp, XFS_DQTYPE_GROUP);
870 xfs_qm_init_timelimits(mp, XFS_DQTYPE_PROJ);
871
872 if (XFS_IS_UQUOTA_ON(mp))
873 xfs_qm_set_defquota(mp, XFS_DQTYPE_USER, qinf);
874 if (XFS_IS_GQUOTA_ON(mp))
875 xfs_qm_set_defquota(mp, XFS_DQTYPE_GROUP, qinf);
876 if (XFS_IS_PQUOTA_ON(mp))
877 xfs_qm_set_defquota(mp, XFS_DQTYPE_PROJ, qinf);
878
879 qinf->qi_shrinker = shrinker_alloc(SHRINKER_NUMA_AWARE, "xfs-qm:%s",
880 mp->m_super->s_id);
881 if (!qinf->qi_shrinker) {
882 error = -ENOMEM;
883 goto out_free_inos;
884 }
885
886 qinf->qi_shrinker->count_objects = xfs_qm_shrink_count;
887 qinf->qi_shrinker->scan_objects = xfs_qm_shrink_scan;
888 qinf->qi_shrinker->private_data = qinf;
889
890 shrinker_register(qinf->qi_shrinker);
891
892 xfs_hooks_init(&qinf->qi_mod_ino_dqtrx_hooks);
893 xfs_hooks_init(&qinf->qi_apply_dqtrx_hooks);
894
895 return 0;
896
897 out_free_inos:
898 mutex_destroy(&qinf->qi_quotaofflock);
899 mutex_destroy(&qinf->qi_tree_lock);
900 xfs_qm_destroy_quotainos(qinf);
901 out_free_lru:
902 list_lru_destroy(&qinf->qi_lru);
903 out_free_qinf:
904 kfree(qinf);
905 mp->m_quotainfo = NULL;
906 return error;
907 }
908
909 /*
910 * Gets called when unmounting a filesystem or when all quotas get
911 * turned off.
912 * This purges the quota inodes, destroys locks and frees itself.
913 */
914 void
xfs_qm_destroy_quotainfo(struct xfs_mount * mp)915 xfs_qm_destroy_quotainfo(
916 struct xfs_mount *mp)
917 {
918 struct xfs_quotainfo *qi;
919
920 qi = mp->m_quotainfo;
921 ASSERT(qi != NULL);
922
923 shrinker_free(qi->qi_shrinker);
924 list_lru_destroy(&qi->qi_lru);
925 xfs_qm_destroy_quotainos(qi);
926 mutex_destroy(&qi->qi_tree_lock);
927 mutex_destroy(&qi->qi_quotaofflock);
928 kfree(qi);
929 mp->m_quotainfo = NULL;
930 }
931
932 static inline enum xfs_metafile_type
xfs_qm_metafile_type(unsigned int flags)933 xfs_qm_metafile_type(
934 unsigned int flags)
935 {
936 if (flags & XFS_QMOPT_UQUOTA)
937 return XFS_METAFILE_USRQUOTA;
938 else if (flags & XFS_QMOPT_GQUOTA)
939 return XFS_METAFILE_GRPQUOTA;
940 return XFS_METAFILE_PRJQUOTA;
941 }
942
943 /*
944 * Create an inode and return with a reference already taken, but unlocked
945 * This is how we create quota inodes
946 */
947 STATIC int
xfs_qm_qino_alloc(struct xfs_mount * mp,struct xfs_inode ** ipp,unsigned int flags)948 xfs_qm_qino_alloc(
949 struct xfs_mount *mp,
950 struct xfs_inode **ipp,
951 unsigned int flags)
952 {
953 struct xfs_trans *tp;
954 enum xfs_metafile_type metafile_type = xfs_qm_metafile_type(flags);
955 int error;
956 bool need_alloc = true;
957
958 *ipp = NULL;
959 /*
960 * With superblock that doesn't have separate pquotino, we
961 * share an inode between gquota and pquota. If the on-disk
962 * superblock has GQUOTA and the filesystem is now mounted
963 * with PQUOTA, just use sb_gquotino for sb_pquotino and
964 * vice-versa.
965 */
966 if (!xfs_has_pquotino(mp) &&
967 (flags & (XFS_QMOPT_PQUOTA|XFS_QMOPT_GQUOTA))) {
968 xfs_ino_t ino = NULLFSINO;
969
970 if ((flags & XFS_QMOPT_PQUOTA) &&
971 (mp->m_sb.sb_gquotino != NULLFSINO)) {
972 ino = mp->m_sb.sb_gquotino;
973 if (XFS_IS_CORRUPT(mp,
974 mp->m_sb.sb_pquotino != NULLFSINO)) {
975 xfs_fs_mark_sick(mp, XFS_SICK_FS_PQUOTA);
976 return -EFSCORRUPTED;
977 }
978 } else if ((flags & XFS_QMOPT_GQUOTA) &&
979 (mp->m_sb.sb_pquotino != NULLFSINO)) {
980 ino = mp->m_sb.sb_pquotino;
981 if (XFS_IS_CORRUPT(mp,
982 mp->m_sb.sb_gquotino != NULLFSINO)) {
983 xfs_fs_mark_sick(mp, XFS_SICK_FS_GQUOTA);
984 return -EFSCORRUPTED;
985 }
986 }
987 if (ino != NULLFSINO) {
988 error = xfs_metafile_iget(mp, ino, metafile_type, ipp);
989 if (error)
990 return error;
991
992 mp->m_sb.sb_gquotino = NULLFSINO;
993 mp->m_sb.sb_pquotino = NULLFSINO;
994 need_alloc = false;
995 }
996 }
997
998 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_create,
999 need_alloc ? XFS_QM_QINOCREATE_SPACE_RES(mp) : 0,
1000 0, 0, &tp);
1001 if (error)
1002 return error;
1003
1004 if (need_alloc) {
1005 struct xfs_icreate_args args = {
1006 .mode = S_IFREG,
1007 .flags = XFS_ICREATE_UNLINKABLE,
1008 };
1009 xfs_ino_t ino;
1010
1011 error = xfs_dialloc(&tp, &args, &ino);
1012 if (!error)
1013 error = xfs_icreate(tp, ino, &args, ipp);
1014 if (error) {
1015 xfs_trans_cancel(tp);
1016 return error;
1017 }
1018 if (xfs_has_metadir(mp))
1019 xfs_metafile_set_iflag(tp, *ipp, metafile_type);
1020 }
1021
1022 /*
1023 * Make the changes in the superblock, and log those too.
1024 * sbfields arg may contain fields other than *QUOTINO;
1025 * VERSIONNUM for example.
1026 */
1027 spin_lock(&mp->m_sb_lock);
1028 if (flags & XFS_QMOPT_SBVERSION) {
1029 ASSERT(!xfs_has_quota(mp));
1030
1031 xfs_add_quota(mp);
1032 mp->m_sb.sb_uquotino = NULLFSINO;
1033 mp->m_sb.sb_gquotino = NULLFSINO;
1034 mp->m_sb.sb_pquotino = NULLFSINO;
1035
1036 /* qflags will get updated fully _after_ quotacheck */
1037 mp->m_sb.sb_qflags = mp->m_qflags & XFS_ALL_QUOTA_ACCT;
1038 }
1039 if (flags & XFS_QMOPT_UQUOTA)
1040 mp->m_sb.sb_uquotino = (*ipp)->i_ino;
1041 else if (flags & XFS_QMOPT_GQUOTA)
1042 mp->m_sb.sb_gquotino = (*ipp)->i_ino;
1043 else
1044 mp->m_sb.sb_pquotino = (*ipp)->i_ino;
1045 spin_unlock(&mp->m_sb_lock);
1046 xfs_log_sb(tp);
1047
1048 error = xfs_trans_commit(tp);
1049 if (error) {
1050 ASSERT(xfs_is_shutdown(mp));
1051 xfs_alert(mp, "%s failed (error %d)!", __func__, error);
1052 }
1053 if (need_alloc) {
1054 xfs_iunlock(*ipp, XFS_ILOCK_EXCL);
1055 xfs_finish_inode_setup(*ipp);
1056 }
1057 return error;
1058 }
1059
1060
1061 STATIC void
xfs_qm_reset_dqcounts(struct xfs_mount * mp,struct xfs_buf * bp,xfs_dqid_t id,xfs_dqtype_t type)1062 xfs_qm_reset_dqcounts(
1063 struct xfs_mount *mp,
1064 struct xfs_buf *bp,
1065 xfs_dqid_t id,
1066 xfs_dqtype_t type)
1067 {
1068 struct xfs_dqblk *dqb;
1069 int j;
1070
1071 trace_xfs_reset_dqcounts(bp, _RET_IP_);
1072
1073 /*
1074 * Reset all counters and timers. They'll be
1075 * started afresh by xfs_qm_quotacheck.
1076 */
1077 #ifdef DEBUG
1078 j = (int)XFS_FSB_TO_B(mp, XFS_DQUOT_CLUSTER_SIZE_FSB) /
1079 sizeof(struct xfs_dqblk);
1080 ASSERT(mp->m_quotainfo->qi_dqperchunk == j);
1081 #endif
1082 dqb = bp->b_addr;
1083 for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) {
1084 struct xfs_disk_dquot *ddq;
1085
1086 ddq = (struct xfs_disk_dquot *)&dqb[j];
1087
1088 /*
1089 * Do a sanity check, and if needed, repair the dqblk. Don't
1090 * output any warnings because it's perfectly possible to
1091 * find uninitialised dquot blks. See comment in
1092 * xfs_dquot_verify.
1093 */
1094 if (xfs_dqblk_verify(mp, &dqb[j], id + j) ||
1095 (dqb[j].dd_diskdq.d_type & XFS_DQTYPE_REC_MASK) != type)
1096 xfs_dqblk_repair(mp, &dqb[j], id + j, type);
1097
1098 /*
1099 * Reset type in case we are reusing group quota file for
1100 * project quotas or vice versa
1101 */
1102 ddq->d_type = type;
1103 ddq->d_bcount = 0;
1104 ddq->d_icount = 0;
1105 ddq->d_rtbcount = 0;
1106
1107 /*
1108 * dquot id 0 stores the default grace period and the maximum
1109 * warning limit that were set by the administrator, so we
1110 * should not reset them.
1111 */
1112 if (ddq->d_id != 0) {
1113 ddq->d_btimer = 0;
1114 ddq->d_itimer = 0;
1115 ddq->d_rtbtimer = 0;
1116 ddq->d_bwarns = 0;
1117 ddq->d_iwarns = 0;
1118 ddq->d_rtbwarns = 0;
1119 if (xfs_has_bigtime(mp))
1120 ddq->d_type |= XFS_DQTYPE_BIGTIME;
1121 }
1122
1123 if (xfs_has_crc(mp)) {
1124 xfs_update_cksum((char *)&dqb[j],
1125 sizeof(struct xfs_dqblk),
1126 XFS_DQUOT_CRC_OFF);
1127 }
1128 }
1129 }
1130
1131 STATIC int
xfs_qm_reset_dqcounts_all(struct xfs_mount * mp,xfs_dqid_t firstid,xfs_fsblock_t bno,xfs_filblks_t blkcnt,xfs_dqtype_t type,struct list_head * buffer_list)1132 xfs_qm_reset_dqcounts_all(
1133 struct xfs_mount *mp,
1134 xfs_dqid_t firstid,
1135 xfs_fsblock_t bno,
1136 xfs_filblks_t blkcnt,
1137 xfs_dqtype_t type,
1138 struct list_head *buffer_list)
1139 {
1140 struct xfs_buf *bp;
1141 int error = 0;
1142
1143 ASSERT(blkcnt > 0);
1144
1145 /*
1146 * Blkcnt arg can be a very big number, and might even be
1147 * larger than the log itself. So, we have to break it up into
1148 * manageable-sized transactions.
1149 * Note that we don't start a permanent transaction here; we might
1150 * not be able to get a log reservation for the whole thing up front,
1151 * and we don't really care to either, because we just discard
1152 * everything if we were to crash in the middle of this loop.
1153 */
1154 while (blkcnt--) {
1155 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
1156 XFS_FSB_TO_DADDR(mp, bno),
1157 mp->m_quotainfo->qi_dqchunklen, 0, &bp,
1158 &xfs_dquot_buf_ops);
1159
1160 /*
1161 * CRC and validation errors will return a EFSCORRUPTED here. If
1162 * this occurs, re-read without CRC validation so that we can
1163 * repair the damage via xfs_qm_reset_dqcounts(). This process
1164 * will leave a trace in the log indicating corruption has
1165 * been detected.
1166 */
1167 if (error == -EFSCORRUPTED) {
1168 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
1169 XFS_FSB_TO_DADDR(mp, bno),
1170 mp->m_quotainfo->qi_dqchunklen, 0, &bp,
1171 NULL);
1172 }
1173
1174 if (error)
1175 break;
1176
1177 /*
1178 * A corrupt buffer might not have a verifier attached, so
1179 * make sure we have the correct one attached before writeback
1180 * occurs.
1181 */
1182 bp->b_ops = &xfs_dquot_buf_ops;
1183 xfs_qm_reset_dqcounts(mp, bp, firstid, type);
1184 xfs_buf_delwri_queue(bp, buffer_list);
1185 xfs_buf_relse(bp);
1186
1187 /* goto the next block. */
1188 bno++;
1189 firstid += mp->m_quotainfo->qi_dqperchunk;
1190 }
1191
1192 return error;
1193 }
1194
1195 /*
1196 * Iterate over all allocated dquot blocks in this quota inode, zeroing all
1197 * counters for every chunk of dquots that we find.
1198 */
1199 STATIC int
xfs_qm_reset_dqcounts_buf(struct xfs_mount * mp,struct xfs_inode * qip,xfs_dqtype_t type,struct list_head * buffer_list)1200 xfs_qm_reset_dqcounts_buf(
1201 struct xfs_mount *mp,
1202 struct xfs_inode *qip,
1203 xfs_dqtype_t type,
1204 struct list_head *buffer_list)
1205 {
1206 struct xfs_bmbt_irec *map;
1207 int i, nmaps; /* number of map entries */
1208 int error; /* return value */
1209 xfs_fileoff_t lblkno;
1210 xfs_filblks_t maxlblkcnt;
1211 xfs_dqid_t firstid;
1212 xfs_fsblock_t rablkno;
1213 xfs_filblks_t rablkcnt;
1214
1215 error = 0;
1216 /*
1217 * This looks racy, but we can't keep an inode lock across a
1218 * trans_reserve. But, this gets called during quotacheck, and that
1219 * happens only at mount time which is single threaded.
1220 */
1221 if (qip->i_nblocks == 0)
1222 return 0;
1223
1224 map = kmalloc(XFS_DQITER_MAP_SIZE * sizeof(*map),
1225 GFP_KERNEL | __GFP_NOFAIL);
1226
1227 lblkno = 0;
1228 maxlblkcnt = XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes);
1229 do {
1230 uint lock_mode;
1231
1232 nmaps = XFS_DQITER_MAP_SIZE;
1233 /*
1234 * We aren't changing the inode itself. Just changing
1235 * some of its data. No new blocks are added here, and
1236 * the inode is never added to the transaction.
1237 */
1238 lock_mode = xfs_ilock_data_map_shared(qip);
1239 error = xfs_bmapi_read(qip, lblkno, maxlblkcnt - lblkno,
1240 map, &nmaps, 0);
1241 xfs_iunlock(qip, lock_mode);
1242 if (error)
1243 break;
1244
1245 ASSERT(nmaps <= XFS_DQITER_MAP_SIZE);
1246 for (i = 0; i < nmaps; i++) {
1247 ASSERT(map[i].br_startblock != DELAYSTARTBLOCK);
1248 ASSERT(map[i].br_blockcount);
1249
1250
1251 lblkno += map[i].br_blockcount;
1252
1253 if (map[i].br_startblock == HOLESTARTBLOCK)
1254 continue;
1255
1256 firstid = (xfs_dqid_t) map[i].br_startoff *
1257 mp->m_quotainfo->qi_dqperchunk;
1258 /*
1259 * Do a read-ahead on the next extent.
1260 */
1261 if ((i+1 < nmaps) &&
1262 (map[i+1].br_startblock != HOLESTARTBLOCK)) {
1263 rablkcnt = map[i+1].br_blockcount;
1264 rablkno = map[i+1].br_startblock;
1265 while (rablkcnt--) {
1266 xfs_buf_readahead(mp->m_ddev_targp,
1267 XFS_FSB_TO_DADDR(mp, rablkno),
1268 mp->m_quotainfo->qi_dqchunklen,
1269 &xfs_dquot_buf_ops);
1270 rablkno++;
1271 }
1272 }
1273 /*
1274 * Iterate thru all the blks in the extent and
1275 * reset the counters of all the dquots inside them.
1276 */
1277 error = xfs_qm_reset_dqcounts_all(mp, firstid,
1278 map[i].br_startblock,
1279 map[i].br_blockcount,
1280 type, buffer_list);
1281 if (error)
1282 goto out;
1283 }
1284 } while (nmaps > 0);
1285
1286 out:
1287 kfree(map);
1288 return error;
1289 }
1290
1291 /*
1292 * Called by dqusage_adjust in doing a quotacheck.
1293 *
1294 * Given the inode, and a dquot id this updates both the incore dqout as well
1295 * as the buffer copy. This is so that once the quotacheck is done, we can
1296 * just log all the buffers, as opposed to logging numerous updates to
1297 * individual dquots.
1298 */
1299 STATIC int
xfs_qm_quotacheck_dqadjust(struct xfs_inode * ip,xfs_dqtype_t type,xfs_qcnt_t nblks,xfs_qcnt_t rtblks)1300 xfs_qm_quotacheck_dqadjust(
1301 struct xfs_inode *ip,
1302 xfs_dqtype_t type,
1303 xfs_qcnt_t nblks,
1304 xfs_qcnt_t rtblks)
1305 {
1306 struct xfs_mount *mp = ip->i_mount;
1307 struct xfs_dquot *dqp;
1308 xfs_dqid_t id;
1309 int error;
1310
1311 id = xfs_qm_id_for_quotatype(ip, type);
1312 error = xfs_qm_dqget(mp, id, type, true, &dqp);
1313 if (error) {
1314 /*
1315 * Shouldn't be able to turn off quotas here.
1316 */
1317 ASSERT(error != -ESRCH);
1318 ASSERT(error != -ENOENT);
1319 return error;
1320 }
1321
1322 error = xfs_dquot_attach_buf(NULL, dqp);
1323 if (error)
1324 return error;
1325
1326 trace_xfs_dqadjust(dqp);
1327
1328 /*
1329 * Adjust the inode count and the block count to reflect this inode's
1330 * resource usage.
1331 */
1332 dqp->q_ino.count++;
1333 dqp->q_ino.reserved++;
1334 if (nblks) {
1335 dqp->q_blk.count += nblks;
1336 dqp->q_blk.reserved += nblks;
1337 }
1338 if (rtblks) {
1339 dqp->q_rtb.count += rtblks;
1340 dqp->q_rtb.reserved += rtblks;
1341 }
1342
1343 /*
1344 * Set default limits, adjust timers (since we changed usages)
1345 *
1346 * There are no timers for the default values set in the root dquot.
1347 */
1348 if (dqp->q_id) {
1349 xfs_qm_adjust_dqlimits(dqp);
1350 xfs_qm_adjust_dqtimers(dqp);
1351 }
1352
1353 dqp->q_flags |= XFS_DQFLAG_DIRTY;
1354 xfs_qm_dqput(dqp);
1355 return 0;
1356 }
1357
1358 /*
1359 * callback routine supplied to bulkstat(). Given an inumber, find its
1360 * dquots and update them to account for resources taken by that inode.
1361 */
1362 /* ARGSUSED */
1363 STATIC int
xfs_qm_dqusage_adjust(struct xfs_mount * mp,struct xfs_trans * tp,xfs_ino_t ino,void * data)1364 xfs_qm_dqusage_adjust(
1365 struct xfs_mount *mp,
1366 struct xfs_trans *tp,
1367 xfs_ino_t ino,
1368 void *data)
1369 {
1370 struct xfs_inode *ip;
1371 xfs_filblks_t nblks, rtblks;
1372 unsigned int lock_mode;
1373 int error;
1374
1375 ASSERT(XFS_IS_QUOTA_ON(mp));
1376
1377 /*
1378 * rootino must have its resources accounted for, not so with the quota
1379 * inodes.
1380 */
1381 if (xfs_is_quota_inode(&mp->m_sb, ino))
1382 return 0;
1383
1384 /*
1385 * We don't _need_ to take the ilock EXCL here because quotacheck runs
1386 * at mount time and therefore nobody will be racing chown/chproj.
1387 */
1388 error = xfs_iget(mp, tp, ino, XFS_IGET_DONTCACHE, 0, &ip);
1389 if (error == -EINVAL || error == -ENOENT)
1390 return 0;
1391 if (error)
1392 return error;
1393
1394 /*
1395 * Reload the incore unlinked list to avoid failure in inodegc.
1396 * Use an unlocked check here because unrecovered unlinked inodes
1397 * should be somewhat rare.
1398 */
1399 if (xfs_inode_unlinked_incomplete(ip)) {
1400 error = xfs_inode_reload_unlinked(ip);
1401 if (error) {
1402 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
1403 goto error0;
1404 }
1405 }
1406
1407 /* Metadata directory files are not accounted to user-visible quotas. */
1408 if (xfs_is_metadir_inode(ip))
1409 goto error0;
1410
1411 ASSERT(ip->i_delayed_blks == 0);
1412
1413 lock_mode = xfs_ilock_data_map_shared(ip);
1414 if (XFS_IS_REALTIME_INODE(ip)) {
1415 error = xfs_iread_extents(tp, ip, XFS_DATA_FORK);
1416 if (error) {
1417 xfs_iunlock(ip, lock_mode);
1418 goto error0;
1419 }
1420 }
1421 xfs_inode_count_blocks(tp, ip, &nblks, &rtblks);
1422 xfs_iflags_clear(ip, XFS_IQUOTAUNCHECKED);
1423 xfs_iunlock(ip, lock_mode);
1424
1425 /*
1426 * Add the (disk blocks and inode) resources occupied by this
1427 * inode to its dquots. We do this adjustment in the incore dquot,
1428 * and also copy the changes to its buffer.
1429 * We don't care about putting these changes in a transaction
1430 * envelope because if we crash in the middle of a 'quotacheck'
1431 * we have to start from the beginning anyway.
1432 * Once we're done, we'll log all the dquot bufs.
1433 *
1434 * The *QUOTA_ON checks below may look pretty racy, but quotachecks
1435 * and quotaoffs don't race. (Quotachecks happen at mount time only).
1436 */
1437 if (XFS_IS_UQUOTA_ON(mp)) {
1438 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_USER, nblks,
1439 rtblks);
1440 if (error)
1441 goto error0;
1442 }
1443
1444 if (XFS_IS_GQUOTA_ON(mp)) {
1445 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_GROUP, nblks,
1446 rtblks);
1447 if (error)
1448 goto error0;
1449 }
1450
1451 if (XFS_IS_PQUOTA_ON(mp)) {
1452 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_PROJ, nblks,
1453 rtblks);
1454 if (error)
1455 goto error0;
1456 }
1457
1458 error0:
1459 xfs_irele(ip);
1460 return error;
1461 }
1462
1463 STATIC int
xfs_qm_flush_one(struct xfs_dquot * dqp,void * data)1464 xfs_qm_flush_one(
1465 struct xfs_dquot *dqp,
1466 void *data)
1467 {
1468 struct list_head *buffer_list = data;
1469 struct xfs_buf *bp = NULL;
1470 int error = 0;
1471
1472 xfs_dqlock(dqp);
1473 if (dqp->q_flags & XFS_DQFLAG_FREEING)
1474 goto out_unlock;
1475 if (!XFS_DQ_IS_DIRTY(dqp))
1476 goto out_unlock;
1477
1478 xfs_qm_dqunpin_wait(dqp);
1479 xfs_dqflock(dqp);
1480
1481 error = xfs_dquot_use_attached_buf(dqp, &bp);
1482 if (error)
1483 goto out_unlock;
1484 if (!bp) {
1485 error = -EFSCORRUPTED;
1486 goto out_unlock;
1487 }
1488
1489 error = xfs_qm_dqflush(dqp, bp);
1490 if (!error)
1491 xfs_buf_delwri_queue(bp, buffer_list);
1492 xfs_buf_relse(bp);
1493 out_unlock:
1494 xfs_dqunlock(dqp);
1495 return error;
1496 }
1497
1498 /*
1499 * Walk thru all the filesystem inodes and construct a consistent view
1500 * of the disk quota world. If the quotacheck fails, disable quotas.
1501 */
1502 STATIC int
xfs_qm_quotacheck(xfs_mount_t * mp)1503 xfs_qm_quotacheck(
1504 xfs_mount_t *mp)
1505 {
1506 int error, error2;
1507 uint flags;
1508 LIST_HEAD (buffer_list);
1509 struct xfs_inode *uip = mp->m_quotainfo->qi_uquotaip;
1510 struct xfs_inode *gip = mp->m_quotainfo->qi_gquotaip;
1511 struct xfs_inode *pip = mp->m_quotainfo->qi_pquotaip;
1512
1513 flags = 0;
1514
1515 ASSERT(uip || gip || pip);
1516 ASSERT(XFS_IS_QUOTA_ON(mp));
1517
1518 xfs_notice(mp, "Quotacheck needed: Please wait.");
1519
1520 /*
1521 * First we go thru all the dquots on disk, USR and GRP/PRJ, and reset
1522 * their counters to zero. We need a clean slate.
1523 * We don't log our changes till later.
1524 */
1525 if (uip) {
1526 error = xfs_qm_reset_dqcounts_buf(mp, uip, XFS_DQTYPE_USER,
1527 &buffer_list);
1528 if (error)
1529 goto error_return;
1530 flags |= XFS_UQUOTA_CHKD;
1531 }
1532
1533 if (gip) {
1534 error = xfs_qm_reset_dqcounts_buf(mp, gip, XFS_DQTYPE_GROUP,
1535 &buffer_list);
1536 if (error)
1537 goto error_return;
1538 flags |= XFS_GQUOTA_CHKD;
1539 }
1540
1541 if (pip) {
1542 error = xfs_qm_reset_dqcounts_buf(mp, pip, XFS_DQTYPE_PROJ,
1543 &buffer_list);
1544 if (error)
1545 goto error_return;
1546 flags |= XFS_PQUOTA_CHKD;
1547 }
1548
1549 xfs_set_quotacheck_running(mp);
1550 error = xfs_iwalk_threaded(mp, 0, 0, xfs_qm_dqusage_adjust, 0, true,
1551 NULL);
1552 xfs_clear_quotacheck_running(mp);
1553
1554 /*
1555 * On error, the inode walk may have partially populated the dquot
1556 * caches. We must purge them before disabling quota and tearing down
1557 * the quotainfo, or else the dquots will leak.
1558 */
1559 if (error)
1560 goto error_purge;
1561
1562 /*
1563 * We've made all the changes that we need to make incore. Flush them
1564 * down to disk buffers if everything was updated successfully.
1565 */
1566 if (XFS_IS_UQUOTA_ON(mp)) {
1567 error = xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_flush_one,
1568 &buffer_list);
1569 }
1570 if (XFS_IS_GQUOTA_ON(mp)) {
1571 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_flush_one,
1572 &buffer_list);
1573 if (!error)
1574 error = error2;
1575 }
1576 if (XFS_IS_PQUOTA_ON(mp)) {
1577 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_flush_one,
1578 &buffer_list);
1579 if (!error)
1580 error = error2;
1581 }
1582
1583 error2 = xfs_buf_delwri_submit(&buffer_list);
1584 if (!error)
1585 error = error2;
1586
1587 /*
1588 * We can get this error if we couldn't do a dquot allocation inside
1589 * xfs_qm_dqusage_adjust (via bulkstat). We don't care about the
1590 * dirty dquots that might be cached, we just want to get rid of them
1591 * and turn quotaoff. The dquots won't be attached to any of the inodes
1592 * at this point (because we intentionally didn't in dqget_noattach).
1593 */
1594 if (error)
1595 goto error_purge;
1596
1597 /*
1598 * If one type of quotas is off, then it will lose its
1599 * quotachecked status, since we won't be doing accounting for
1600 * that type anymore.
1601 */
1602 mp->m_qflags &= ~XFS_ALL_QUOTA_CHKD;
1603 mp->m_qflags |= flags;
1604
1605 error_return:
1606 xfs_buf_delwri_cancel(&buffer_list);
1607
1608 if (error) {
1609 xfs_warn(mp,
1610 "Quotacheck: Unsuccessful (Error %d): Disabling quotas.",
1611 error);
1612 /*
1613 * We must turn off quotas.
1614 */
1615 ASSERT(mp->m_quotainfo != NULL);
1616 xfs_qm_destroy_quotainfo(mp);
1617 if (xfs_mount_reset_sbqflags(mp)) {
1618 xfs_warn(mp,
1619 "Quotacheck: Failed to reset quota flags.");
1620 }
1621 xfs_fs_mark_sick(mp, XFS_SICK_FS_QUOTACHECK);
1622 } else {
1623 xfs_notice(mp, "Quotacheck: Done.");
1624 xfs_fs_mark_healthy(mp, XFS_SICK_FS_QUOTACHECK);
1625 }
1626
1627 return error;
1628
1629 error_purge:
1630 /*
1631 * On error, we may have inodes queued for inactivation. This may try
1632 * to attach dquots to the inode before running cleanup operations on
1633 * the inode and this can race with the xfs_qm_destroy_quotainfo() call
1634 * below that frees mp->m_quotainfo. To avoid this race, flush all the
1635 * pending inodegc operations before we purge the dquots from memory,
1636 * ensuring that background inactivation is idle whilst we turn off
1637 * quotas.
1638 */
1639 xfs_inodegc_flush(mp);
1640 xfs_qm_dqpurge_all(mp);
1641 goto error_return;
1642
1643 }
1644
1645 /*
1646 * This is called from xfs_mountfs to start quotas and initialize all
1647 * necessary data structures like quotainfo. This is also responsible for
1648 * running a quotacheck as necessary. We are guaranteed that the superblock
1649 * is consistently read in at this point.
1650 *
1651 * If we fail here, the mount will continue with quota turned off. We don't
1652 * need to inidicate success or failure at all.
1653 */
1654 void
xfs_qm_mount_quotas(struct xfs_mount * mp)1655 xfs_qm_mount_quotas(
1656 struct xfs_mount *mp)
1657 {
1658 int error = 0;
1659 uint sbf;
1660
1661 /*
1662 * If quotas on realtime volumes is not supported, disable quotas
1663 * immediately. We only support rtquota if rtgroups are enabled to
1664 * avoid problems with older kernels.
1665 */
1666 if (mp->m_sb.sb_rextents &&
1667 (!xfs_has_rtgroups(mp) || xfs_has_zoned(mp))) {
1668 xfs_notice(mp, "Cannot turn on quotas for realtime filesystem");
1669 mp->m_qflags = 0;
1670 goto write_changes;
1671 }
1672
1673 ASSERT(XFS_IS_QUOTA_ON(mp));
1674
1675 /*
1676 * Allocate the quotainfo structure inside the mount struct, and
1677 * create quotainode(s), and change/rev superblock if necessary.
1678 */
1679 error = xfs_qm_init_quotainfo(mp);
1680 if (error) {
1681 /*
1682 * We must turn off quotas.
1683 */
1684 ASSERT(mp->m_quotainfo == NULL);
1685 mp->m_qflags = 0;
1686 goto write_changes;
1687 }
1688 /*
1689 * If any of the quotas are not consistent, do a quotacheck.
1690 */
1691 if (XFS_QM_NEED_QUOTACHECK(mp)) {
1692 error = xfs_qm_quotacheck(mp);
1693 if (error) {
1694 /* Quotacheck failed and disabled quotas. */
1695 return;
1696 }
1697 }
1698 /*
1699 * If one type of quotas is off, then it will lose its
1700 * quotachecked status, since we won't be doing accounting for
1701 * that type anymore.
1702 */
1703 if (!XFS_IS_UQUOTA_ON(mp))
1704 mp->m_qflags &= ~XFS_UQUOTA_CHKD;
1705 if (!XFS_IS_GQUOTA_ON(mp))
1706 mp->m_qflags &= ~XFS_GQUOTA_CHKD;
1707 if (!XFS_IS_PQUOTA_ON(mp))
1708 mp->m_qflags &= ~XFS_PQUOTA_CHKD;
1709
1710 write_changes:
1711 /*
1712 * We actually don't have to acquire the m_sb_lock at all.
1713 * This can only be called from mount, and that's single threaded. XXX
1714 */
1715 spin_lock(&mp->m_sb_lock);
1716 sbf = mp->m_sb.sb_qflags;
1717 mp->m_sb.sb_qflags = mp->m_qflags & XFS_MOUNT_QUOTA_ALL;
1718 spin_unlock(&mp->m_sb_lock);
1719
1720 if (sbf != (mp->m_qflags & XFS_MOUNT_QUOTA_ALL)) {
1721 if (xfs_sync_sb(mp, false)) {
1722 /*
1723 * We could only have been turning quotas off.
1724 * We aren't in very good shape actually because
1725 * the incore structures are convinced that quotas are
1726 * off, but the on disk superblock doesn't know that !
1727 */
1728 ASSERT(!(XFS_IS_QUOTA_ON(mp)));
1729 xfs_alert(mp, "%s: Superblock update failed!",
1730 __func__);
1731 }
1732 }
1733
1734 if (error) {
1735 xfs_warn(mp, "Failed to initialize disk quotas, err %d.", error);
1736 return;
1737 }
1738 }
1739
1740 /*
1741 * Load the inode for a given type of quota, assuming that the sb fields have
1742 * been sorted out. This is not true when switching quota types on a V4
1743 * filesystem, so do not use this function for that.
1744 *
1745 * Returns -ENOENT if the quota inode field is NULLFSINO; 0 and an inode on
1746 * success; or a negative errno.
1747 */
1748 int
xfs_qm_qino_load(struct xfs_mount * mp,xfs_dqtype_t type,struct xfs_inode ** ipp)1749 xfs_qm_qino_load(
1750 struct xfs_mount *mp,
1751 xfs_dqtype_t type,
1752 struct xfs_inode **ipp)
1753 {
1754 struct xfs_trans *tp;
1755 struct xfs_inode *dp = NULL;
1756 int error;
1757
1758 error = xfs_trans_alloc_empty(mp, &tp);
1759 if (error)
1760 return error;
1761
1762 if (xfs_has_metadir(mp)) {
1763 error = xfs_dqinode_load_parent(tp, &dp);
1764 if (error)
1765 goto out_cancel;
1766 }
1767
1768 error = xfs_dqinode_load(tp, dp, type, ipp);
1769 if (dp)
1770 xfs_irele(dp);
1771 out_cancel:
1772 xfs_trans_cancel(tp);
1773 return error;
1774 }
1775
1776 /*
1777 * This is called after the superblock has been read in and we're ready to
1778 * iget the quota inodes.
1779 */
1780 STATIC int
xfs_qm_init_quotainos(xfs_mount_t * mp)1781 xfs_qm_init_quotainos(
1782 xfs_mount_t *mp)
1783 {
1784 struct xfs_inode *uip = NULL;
1785 struct xfs_inode *gip = NULL;
1786 struct xfs_inode *pip = NULL;
1787 int error;
1788 uint flags = 0;
1789
1790 ASSERT(mp->m_quotainfo);
1791
1792 /*
1793 * Get the uquota and gquota inodes
1794 */
1795 if (xfs_has_quota(mp)) {
1796 if (XFS_IS_UQUOTA_ON(mp) &&
1797 mp->m_sb.sb_uquotino != NULLFSINO) {
1798 ASSERT(mp->m_sb.sb_uquotino > 0);
1799 error = xfs_qm_qino_load(mp, XFS_DQTYPE_USER, &uip);
1800 if (error)
1801 return error;
1802 }
1803 if (XFS_IS_GQUOTA_ON(mp) &&
1804 mp->m_sb.sb_gquotino != NULLFSINO) {
1805 ASSERT(mp->m_sb.sb_gquotino > 0);
1806 error = xfs_qm_qino_load(mp, XFS_DQTYPE_GROUP, &gip);
1807 if (error)
1808 goto error_rele;
1809 }
1810 if (XFS_IS_PQUOTA_ON(mp) &&
1811 mp->m_sb.sb_pquotino != NULLFSINO) {
1812 ASSERT(mp->m_sb.sb_pquotino > 0);
1813 error = xfs_qm_qino_load(mp, XFS_DQTYPE_PROJ, &pip);
1814 if (error)
1815 goto error_rele;
1816 }
1817 } else {
1818 flags |= XFS_QMOPT_SBVERSION;
1819 }
1820
1821 /*
1822 * Create the three inodes, if they don't exist already. The changes
1823 * made above will get added to a transaction and logged in one of
1824 * the qino_alloc calls below. If the device is readonly,
1825 * temporarily switch to read-write to do this.
1826 */
1827 if (XFS_IS_UQUOTA_ON(mp) && uip == NULL) {
1828 error = xfs_qm_qino_alloc(mp, &uip,
1829 flags | XFS_QMOPT_UQUOTA);
1830 if (error)
1831 goto error_rele;
1832
1833 flags &= ~XFS_QMOPT_SBVERSION;
1834 }
1835 if (XFS_IS_GQUOTA_ON(mp) && gip == NULL) {
1836 error = xfs_qm_qino_alloc(mp, &gip,
1837 flags | XFS_QMOPT_GQUOTA);
1838 if (error)
1839 goto error_rele;
1840
1841 flags &= ~XFS_QMOPT_SBVERSION;
1842 }
1843 if (XFS_IS_PQUOTA_ON(mp) && pip == NULL) {
1844 error = xfs_qm_qino_alloc(mp, &pip,
1845 flags | XFS_QMOPT_PQUOTA);
1846 if (error)
1847 goto error_rele;
1848 }
1849
1850 mp->m_quotainfo->qi_uquotaip = uip;
1851 mp->m_quotainfo->qi_gquotaip = gip;
1852 mp->m_quotainfo->qi_pquotaip = pip;
1853
1854 return 0;
1855
1856 error_rele:
1857 if (uip)
1858 xfs_irele(uip);
1859 if (gip)
1860 xfs_irele(gip);
1861 if (pip)
1862 xfs_irele(pip);
1863 return error;
1864 }
1865
1866 STATIC void
xfs_qm_dqfree_one(struct xfs_dquot * dqp)1867 xfs_qm_dqfree_one(
1868 struct xfs_dquot *dqp)
1869 {
1870 struct xfs_mount *mp = dqp->q_mount;
1871 struct xfs_quotainfo *qi = mp->m_quotainfo;
1872
1873 mutex_lock(&qi->qi_tree_lock);
1874 radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id);
1875
1876 qi->qi_dquots--;
1877 mutex_unlock(&qi->qi_tree_lock);
1878
1879 xfs_qm_dqdestroy(dqp);
1880 }
1881
1882 /* --------------- utility functions for vnodeops ---------------- */
1883
1884
1885 /*
1886 * Given an inode, a uid, gid and prid make sure that we have
1887 * allocated relevant dquot(s) on disk, and that we won't exceed inode
1888 * quotas by creating this file.
1889 * This also attaches dquot(s) to the given inode after locking it,
1890 * and returns the dquots corresponding to the uid and/or gid.
1891 *
1892 * in : inode (unlocked)
1893 * out : udquot, gdquot with references taken and unlocked
1894 */
1895 int
xfs_qm_vop_dqalloc(struct xfs_inode * ip,kuid_t uid,kgid_t gid,prid_t prid,uint flags,struct xfs_dquot ** O_udqpp,struct xfs_dquot ** O_gdqpp,struct xfs_dquot ** O_pdqpp)1896 xfs_qm_vop_dqalloc(
1897 struct xfs_inode *ip,
1898 kuid_t uid,
1899 kgid_t gid,
1900 prid_t prid,
1901 uint flags,
1902 struct xfs_dquot **O_udqpp,
1903 struct xfs_dquot **O_gdqpp,
1904 struct xfs_dquot **O_pdqpp)
1905 {
1906 struct xfs_mount *mp = ip->i_mount;
1907 struct inode *inode = VFS_I(ip);
1908 struct user_namespace *user_ns = inode->i_sb->s_user_ns;
1909 struct xfs_dquot *uq = NULL;
1910 struct xfs_dquot *gq = NULL;
1911 struct xfs_dquot *pq = NULL;
1912 int error;
1913 uint lockflags;
1914
1915 if (!XFS_IS_QUOTA_ON(mp))
1916 return 0;
1917
1918 ASSERT(!xfs_is_metadir_inode(ip));
1919
1920 lockflags = XFS_ILOCK_EXCL;
1921 xfs_ilock(ip, lockflags);
1922
1923 if ((flags & XFS_QMOPT_INHERIT) && XFS_INHERIT_GID(ip))
1924 gid = inode->i_gid;
1925
1926 /*
1927 * Attach the dquot(s) to this inode, doing a dquot allocation
1928 * if necessary. The dquot(s) will not be locked.
1929 */
1930 if (XFS_NOT_DQATTACHED(mp, ip)) {
1931 error = xfs_qm_dqattach_locked(ip, true);
1932 if (error) {
1933 xfs_iunlock(ip, lockflags);
1934 return error;
1935 }
1936 }
1937
1938 if ((flags & XFS_QMOPT_UQUOTA) && XFS_IS_UQUOTA_ON(mp)) {
1939 ASSERT(O_udqpp);
1940 if (!uid_eq(inode->i_uid, uid)) {
1941 /*
1942 * What we need is the dquot that has this uid, and
1943 * if we send the inode to dqget, the uid of the inode
1944 * takes priority over what's sent in the uid argument.
1945 * We must unlock inode here before calling dqget if
1946 * we're not sending the inode, because otherwise
1947 * we'll deadlock by doing trans_reserve while
1948 * holding ilock.
1949 */
1950 xfs_iunlock(ip, lockflags);
1951 error = xfs_qm_dqget(mp, from_kuid(user_ns, uid),
1952 XFS_DQTYPE_USER, true, &uq);
1953 if (error) {
1954 ASSERT(error != -ENOENT);
1955 return error;
1956 }
1957 /*
1958 * Get the ilock in the right order.
1959 */
1960 xfs_dqunlock(uq);
1961 lockflags = XFS_ILOCK_SHARED;
1962 xfs_ilock(ip, lockflags);
1963 } else {
1964 /*
1965 * Take an extra reference, because we'll return
1966 * this to caller
1967 */
1968 ASSERT(ip->i_udquot);
1969 uq = xfs_qm_dqhold(ip->i_udquot);
1970 }
1971 }
1972 if ((flags & XFS_QMOPT_GQUOTA) && XFS_IS_GQUOTA_ON(mp)) {
1973 ASSERT(O_gdqpp);
1974 if (!gid_eq(inode->i_gid, gid)) {
1975 xfs_iunlock(ip, lockflags);
1976 error = xfs_qm_dqget(mp, from_kgid(user_ns, gid),
1977 XFS_DQTYPE_GROUP, true, &gq);
1978 if (error) {
1979 ASSERT(error != -ENOENT);
1980 goto error_rele;
1981 }
1982 xfs_dqunlock(gq);
1983 lockflags = XFS_ILOCK_SHARED;
1984 xfs_ilock(ip, lockflags);
1985 } else {
1986 ASSERT(ip->i_gdquot);
1987 gq = xfs_qm_dqhold(ip->i_gdquot);
1988 }
1989 }
1990 if ((flags & XFS_QMOPT_PQUOTA) && XFS_IS_PQUOTA_ON(mp)) {
1991 ASSERT(O_pdqpp);
1992 if (ip->i_projid != prid) {
1993 xfs_iunlock(ip, lockflags);
1994 error = xfs_qm_dqget(mp, prid,
1995 XFS_DQTYPE_PROJ, true, &pq);
1996 if (error) {
1997 ASSERT(error != -ENOENT);
1998 goto error_rele;
1999 }
2000 xfs_dqunlock(pq);
2001 lockflags = XFS_ILOCK_SHARED;
2002 xfs_ilock(ip, lockflags);
2003 } else {
2004 ASSERT(ip->i_pdquot);
2005 pq = xfs_qm_dqhold(ip->i_pdquot);
2006 }
2007 }
2008 trace_xfs_dquot_dqalloc(ip);
2009
2010 xfs_iunlock(ip, lockflags);
2011 if (O_udqpp)
2012 *O_udqpp = uq;
2013 else
2014 xfs_qm_dqrele(uq);
2015 if (O_gdqpp)
2016 *O_gdqpp = gq;
2017 else
2018 xfs_qm_dqrele(gq);
2019 if (O_pdqpp)
2020 *O_pdqpp = pq;
2021 else
2022 xfs_qm_dqrele(pq);
2023 return 0;
2024
2025 error_rele:
2026 xfs_qm_dqrele(gq);
2027 xfs_qm_dqrele(uq);
2028 return error;
2029 }
2030
2031 /*
2032 * Actually transfer ownership, and do dquot modifications.
2033 * These were already reserved.
2034 */
2035 struct xfs_dquot *
xfs_qm_vop_chown(struct xfs_trans * tp,struct xfs_inode * ip,struct xfs_dquot ** IO_olddq,struct xfs_dquot * newdq)2036 xfs_qm_vop_chown(
2037 struct xfs_trans *tp,
2038 struct xfs_inode *ip,
2039 struct xfs_dquot **IO_olddq,
2040 struct xfs_dquot *newdq)
2041 {
2042 struct xfs_dquot *prevdq;
2043 xfs_filblks_t dblocks, rblocks;
2044 bool isrt = XFS_IS_REALTIME_INODE(ip);
2045
2046 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
2047 ASSERT(XFS_IS_QUOTA_ON(ip->i_mount));
2048 ASSERT(!xfs_is_metadir_inode(ip));
2049
2050 /* old dquot */
2051 prevdq = *IO_olddq;
2052 ASSERT(prevdq);
2053 ASSERT(prevdq != newdq);
2054
2055 xfs_inode_count_blocks(tp, ip, &dblocks, &rblocks);
2056
2057 xfs_trans_mod_ino_dquot(tp, ip, prevdq, XFS_TRANS_DQ_BCOUNT,
2058 -(xfs_qcnt_t)dblocks);
2059 xfs_trans_mod_ino_dquot(tp, ip, prevdq, XFS_TRANS_DQ_RTBCOUNT,
2060 -(xfs_qcnt_t)rblocks);
2061 xfs_trans_mod_ino_dquot(tp, ip, prevdq, XFS_TRANS_DQ_ICOUNT, -1);
2062
2063 /* the sparkling new dquot */
2064 xfs_trans_mod_ino_dquot(tp, ip, newdq, XFS_TRANS_DQ_BCOUNT, dblocks);
2065 xfs_trans_mod_ino_dquot(tp, ip, newdq, XFS_TRANS_DQ_RTBCOUNT, rblocks);
2066 xfs_trans_mod_ino_dquot(tp, ip, newdq, XFS_TRANS_DQ_ICOUNT, 1);
2067
2068 /*
2069 * Back when we made quota reservations for the chown, we reserved the
2070 * ondisk blocks + delalloc blocks with the new dquot. Now that we've
2071 * switched the dquots, decrease the new dquot's block reservation
2072 * (having already bumped up the real counter) so that we don't have
2073 * any reservation to give back when we commit.
2074 */
2075 xfs_trans_mod_dquot(tp, newdq,
2076 isrt ? XFS_TRANS_DQ_RES_RTBLKS : XFS_TRANS_DQ_RES_BLKS,
2077 -ip->i_delayed_blks);
2078
2079 /*
2080 * Give the incore reservation for delalloc blocks back to the old
2081 * dquot. We don't normally handle delalloc quota reservations
2082 * transactionally, so just lock the dquot and subtract from the
2083 * reservation. Dirty the transaction because it's too late to turn
2084 * back now.
2085 */
2086 tp->t_flags |= XFS_TRANS_DIRTY;
2087 xfs_dqlock(prevdq);
2088 if (isrt) {
2089 ASSERT(prevdq->q_rtb.reserved >= ip->i_delayed_blks);
2090 prevdq->q_rtb.reserved -= ip->i_delayed_blks;
2091 } else {
2092 ASSERT(prevdq->q_blk.reserved >= ip->i_delayed_blks);
2093 prevdq->q_blk.reserved -= ip->i_delayed_blks;
2094 }
2095 xfs_dqunlock(prevdq);
2096
2097 /*
2098 * Take an extra reference, because the inode is going to keep
2099 * this dquot pointer even after the trans_commit.
2100 */
2101 *IO_olddq = xfs_qm_dqhold(newdq);
2102
2103 return prevdq;
2104 }
2105
2106 int
xfs_qm_vop_rename_dqattach(struct xfs_inode ** i_tab)2107 xfs_qm_vop_rename_dqattach(
2108 struct xfs_inode **i_tab)
2109 {
2110 struct xfs_mount *mp = i_tab[0]->i_mount;
2111 int i;
2112
2113 if (!XFS_IS_QUOTA_ON(mp))
2114 return 0;
2115
2116 for (i = 0; (i < 4 && i_tab[i]); i++) {
2117 struct xfs_inode *ip = i_tab[i];
2118 int error;
2119
2120 /*
2121 * Watch out for duplicate entries in the table.
2122 */
2123 if (i == 0 || ip != i_tab[i-1]) {
2124 if (XFS_NOT_DQATTACHED(mp, ip)) {
2125 error = xfs_qm_dqattach(ip);
2126 if (error)
2127 return error;
2128 }
2129 }
2130 }
2131 return 0;
2132 }
2133
2134 void
xfs_qm_vop_create_dqattach(struct xfs_trans * tp,struct xfs_inode * ip,struct xfs_dquot * udqp,struct xfs_dquot * gdqp,struct xfs_dquot * pdqp)2135 xfs_qm_vop_create_dqattach(
2136 struct xfs_trans *tp,
2137 struct xfs_inode *ip,
2138 struct xfs_dquot *udqp,
2139 struct xfs_dquot *gdqp,
2140 struct xfs_dquot *pdqp)
2141 {
2142 struct xfs_mount *mp = tp->t_mountp;
2143
2144 if (!XFS_IS_QUOTA_ON(mp))
2145 return;
2146
2147 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
2148 ASSERT(!xfs_is_metadir_inode(ip));
2149
2150 if (udqp && XFS_IS_UQUOTA_ON(mp)) {
2151 ASSERT(ip->i_udquot == NULL);
2152 ASSERT(i_uid_read(VFS_I(ip)) == udqp->q_id);
2153
2154 ip->i_udquot = xfs_qm_dqhold(udqp);
2155 }
2156 if (gdqp && XFS_IS_GQUOTA_ON(mp)) {
2157 ASSERT(ip->i_gdquot == NULL);
2158 ASSERT(i_gid_read(VFS_I(ip)) == gdqp->q_id);
2159
2160 ip->i_gdquot = xfs_qm_dqhold(gdqp);
2161 }
2162 if (pdqp && XFS_IS_PQUOTA_ON(mp)) {
2163 ASSERT(ip->i_pdquot == NULL);
2164 ASSERT(ip->i_projid == pdqp->q_id);
2165
2166 ip->i_pdquot = xfs_qm_dqhold(pdqp);
2167 }
2168
2169 xfs_trans_mod_dquot_byino(tp, ip, XFS_TRANS_DQ_ICOUNT, 1);
2170 }
2171
2172 /* Decide if this inode's dquot is near an enforcement boundary. */
2173 bool
xfs_inode_near_dquot_enforcement(struct xfs_inode * ip,xfs_dqtype_t type)2174 xfs_inode_near_dquot_enforcement(
2175 struct xfs_inode *ip,
2176 xfs_dqtype_t type)
2177 {
2178 struct xfs_dquot *dqp;
2179 struct xfs_dquot_res *res;
2180 struct xfs_dquot_pre *pre;
2181 int64_t freesp;
2182
2183 /* We only care for quotas that are enabled and enforced. */
2184 dqp = xfs_inode_dquot(ip, type);
2185 if (!dqp || !xfs_dquot_is_enforced(dqp))
2186 return false;
2187
2188 if (xfs_dquot_res_over_limits(&dqp->q_ino) ||
2189 xfs_dquot_res_over_limits(&dqp->q_blk) ||
2190 xfs_dquot_res_over_limits(&dqp->q_rtb))
2191 return true;
2192
2193 if (XFS_IS_REALTIME_INODE(ip)) {
2194 res = &dqp->q_rtb;
2195 pre = &dqp->q_rtb_prealloc;
2196 } else {
2197 res = &dqp->q_blk;
2198 pre = &dqp->q_blk_prealloc;
2199 }
2200
2201 /* For space on the data device, check the various thresholds. */
2202 if (!pre->q_prealloc_hi_wmark)
2203 return false;
2204
2205 if (res->reserved < pre->q_prealloc_lo_wmark)
2206 return false;
2207
2208 if (res->reserved >= pre->q_prealloc_hi_wmark)
2209 return true;
2210
2211 freesp = pre->q_prealloc_hi_wmark - res->reserved;
2212 if (freesp < pre->q_low_space[XFS_QLOWSP_5_PCNT])
2213 return true;
2214
2215 return false;
2216 }
2217