1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2003 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_format.h" 9 #include "xfs_log_format.h" 10 #include "xfs_shared.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_bit.h" 13 #include "xfs_mount.h" 14 #include "xfs_defer.h" 15 #include "xfs_inode.h" 16 #include "xfs_bmap.h" 17 #include "xfs_quota.h" 18 #include "xfs_trans.h" 19 #include "xfs_buf_item.h" 20 #include "xfs_trans_space.h" 21 #include "xfs_trans_priv.h" 22 #include "xfs_qm.h" 23 #include "xfs_trace.h" 24 #include "xfs_log.h" 25 #include "xfs_bmap_btree.h" 26 #include "xfs_error.h" 27 #include "xfs_health.h" 28 29 /* 30 * Lock order: 31 * 32 * ip->i_lock 33 * qi->qi_tree_lock 34 * dquot->q_qlock 35 * dquot->q_flush (xfs_dqflock() and friends) 36 * qi->qi_lru_lock 37 * 38 * If two dquots need to be locked the order is user before group/project, 39 * otherwise by the lowest id first, see xfs_dqlock2. 40 */ 41 42 struct kmem_cache *xfs_dqtrx_cache; 43 static struct kmem_cache *xfs_dquot_cache; 44 45 static struct lock_class_key xfs_dquot_group_class; 46 static struct lock_class_key xfs_dquot_project_class; 47 48 /* Record observations of quota corruption with the health tracking system. */ 49 static void 50 xfs_dquot_mark_sick( 51 struct xfs_dquot *dqp) 52 { 53 struct xfs_mount *mp = dqp->q_mount; 54 55 switch (dqp->q_type) { 56 case XFS_DQTYPE_USER: 57 xfs_fs_mark_sick(mp, XFS_SICK_FS_UQUOTA); 58 break; 59 case XFS_DQTYPE_GROUP: 60 xfs_fs_mark_sick(mp, XFS_SICK_FS_GQUOTA); 61 break; 62 case XFS_DQTYPE_PROJ: 63 xfs_fs_mark_sick(mp, XFS_SICK_FS_PQUOTA); 64 break; 65 default: 66 ASSERT(0); 67 break; 68 } 69 } 70 71 /* 72 * Detach the dquot buffer if it's still attached, because we can get called 73 * through dqpurge after a log shutdown. Caller must hold the dqflock or have 74 * otherwise isolated the dquot. 75 */ 76 void 77 xfs_dquot_detach_buf( 78 struct xfs_dquot *dqp) 79 { 80 struct xfs_dq_logitem *qlip = &dqp->q_logitem; 81 struct xfs_buf *bp = NULL; 82 83 spin_lock(&qlip->qli_lock); 84 if (qlip->qli_item.li_buf) { 85 bp = qlip->qli_item.li_buf; 86 qlip->qli_item.li_buf = NULL; 87 } 88 spin_unlock(&qlip->qli_lock); 89 if (bp) { 90 xfs_buf_lock(bp); 91 list_del_init(&qlip->qli_item.li_bio_list); 92 xfs_buf_relse(bp); 93 } 94 } 95 96 /* 97 * This is called to free all the memory associated with a dquot 98 */ 99 void 100 xfs_qm_dqdestroy( 101 struct xfs_dquot *dqp) 102 { 103 ASSERT(list_empty(&dqp->q_lru)); 104 ASSERT(dqp->q_logitem.qli_item.li_buf == NULL); 105 106 kvfree(dqp->q_logitem.qli_item.li_lv_shadow); 107 mutex_destroy(&dqp->q_qlock); 108 109 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot); 110 kmem_cache_free(xfs_dquot_cache, dqp); 111 } 112 113 /* 114 * If default limits are in force, push them into the dquot now. 115 * We overwrite the dquot limits only if they are zero and this 116 * is not the root dquot. 117 */ 118 void 119 xfs_qm_adjust_dqlimits( 120 struct xfs_dquot *dq) 121 { 122 struct xfs_mount *mp = dq->q_mount; 123 struct xfs_quotainfo *q = mp->m_quotainfo; 124 struct xfs_def_quota *defq; 125 int prealloc = 0; 126 127 ASSERT(dq->q_id); 128 defq = xfs_get_defquota(q, xfs_dquot_type(dq)); 129 130 if (!dq->q_blk.softlimit) { 131 dq->q_blk.softlimit = defq->blk.soft; 132 prealloc = 1; 133 } 134 if (!dq->q_blk.hardlimit) { 135 dq->q_blk.hardlimit = defq->blk.hard; 136 prealloc = 1; 137 } 138 if (!dq->q_ino.softlimit) 139 dq->q_ino.softlimit = defq->ino.soft; 140 if (!dq->q_ino.hardlimit) 141 dq->q_ino.hardlimit = defq->ino.hard; 142 if (!dq->q_rtb.softlimit) 143 dq->q_rtb.softlimit = defq->rtb.soft; 144 if (!dq->q_rtb.hardlimit) 145 dq->q_rtb.hardlimit = defq->rtb.hard; 146 147 if (prealloc) 148 xfs_dquot_set_prealloc_limits(dq); 149 } 150 151 /* Set the expiration time of a quota's grace period. */ 152 time64_t 153 xfs_dquot_set_timeout( 154 struct xfs_mount *mp, 155 time64_t timeout) 156 { 157 struct xfs_quotainfo *qi = mp->m_quotainfo; 158 159 return clamp_t(time64_t, timeout, qi->qi_expiry_min, 160 qi->qi_expiry_max); 161 } 162 163 /* Set the length of the default grace period. */ 164 time64_t 165 xfs_dquot_set_grace_period( 166 time64_t grace) 167 { 168 return clamp_t(time64_t, grace, XFS_DQ_GRACE_MIN, XFS_DQ_GRACE_MAX); 169 } 170 171 /* 172 * Determine if this quota counter is over either limit and set the quota 173 * timers as appropriate. 174 */ 175 static inline void 176 xfs_qm_adjust_res_timer( 177 struct xfs_mount *mp, 178 struct xfs_dquot_res *res, 179 struct xfs_quota_limits *qlim) 180 { 181 ASSERT(res->hardlimit == 0 || res->softlimit <= res->hardlimit); 182 183 if ((res->softlimit && res->count > res->softlimit) || 184 (res->hardlimit && res->count > res->hardlimit)) { 185 if (res->timer == 0) 186 res->timer = xfs_dquot_set_timeout(mp, 187 ktime_get_real_seconds() + qlim->time); 188 } else { 189 res->timer = 0; 190 } 191 } 192 193 /* 194 * Check the limits and timers of a dquot and start or reset timers 195 * if necessary. 196 * This gets called even when quota enforcement is OFF, which makes our 197 * life a little less complicated. (We just don't reject any quota 198 * reservations in that case, when enforcement is off). 199 * We also return 0 as the values of the timers in Q_GETQUOTA calls, when 200 * enforcement's off. 201 * In contrast, warnings are a little different in that they don't 202 * 'automatically' get started when limits get exceeded. They do 203 * get reset to zero, however, when we find the count to be under 204 * the soft limit (they are only ever set non-zero via userspace). 205 */ 206 void 207 xfs_qm_adjust_dqtimers( 208 struct xfs_dquot *dq) 209 { 210 struct xfs_mount *mp = dq->q_mount; 211 struct xfs_quotainfo *qi = mp->m_quotainfo; 212 struct xfs_def_quota *defq; 213 214 ASSERT(dq->q_id); 215 defq = xfs_get_defquota(qi, xfs_dquot_type(dq)); 216 217 xfs_qm_adjust_res_timer(dq->q_mount, &dq->q_blk, &defq->blk); 218 xfs_qm_adjust_res_timer(dq->q_mount, &dq->q_ino, &defq->ino); 219 xfs_qm_adjust_res_timer(dq->q_mount, &dq->q_rtb, &defq->rtb); 220 } 221 222 /* 223 * initialize a buffer full of dquots and log the whole thing 224 */ 225 void 226 xfs_qm_init_dquot_blk( 227 struct xfs_trans *tp, 228 xfs_dqid_t id, 229 xfs_dqtype_t type, 230 struct xfs_buf *bp) 231 { 232 struct xfs_mount *mp = tp->t_mountp; 233 struct xfs_quotainfo *q = mp->m_quotainfo; 234 struct xfs_dqblk *d; 235 xfs_dqid_t curid; 236 unsigned int qflag; 237 unsigned int blftype; 238 int i; 239 240 ASSERT(tp); 241 ASSERT(xfs_buf_islocked(bp)); 242 243 switch (type) { 244 case XFS_DQTYPE_USER: 245 qflag = XFS_UQUOTA_CHKD; 246 blftype = XFS_BLF_UDQUOT_BUF; 247 break; 248 case XFS_DQTYPE_PROJ: 249 qflag = XFS_PQUOTA_CHKD; 250 blftype = XFS_BLF_PDQUOT_BUF; 251 break; 252 case XFS_DQTYPE_GROUP: 253 qflag = XFS_GQUOTA_CHKD; 254 blftype = XFS_BLF_GDQUOT_BUF; 255 break; 256 default: 257 ASSERT(0); 258 return; 259 } 260 261 d = bp->b_addr; 262 263 /* 264 * ID of the first dquot in the block - id's are zero based. 265 */ 266 curid = id - (id % q->qi_dqperchunk); 267 memset(d, 0, BBTOB(q->qi_dqchunklen)); 268 for (i = 0; i < q->qi_dqperchunk; i++, d++, curid++) { 269 d->dd_diskdq.d_magic = cpu_to_be16(XFS_DQUOT_MAGIC); 270 d->dd_diskdq.d_version = XFS_DQUOT_VERSION; 271 d->dd_diskdq.d_id = cpu_to_be32(curid); 272 d->dd_diskdq.d_type = type; 273 if (curid > 0 && xfs_has_bigtime(mp)) 274 d->dd_diskdq.d_type |= XFS_DQTYPE_BIGTIME; 275 if (xfs_has_crc(mp)) { 276 uuid_copy(&d->dd_uuid, &mp->m_sb.sb_meta_uuid); 277 xfs_update_cksum((char *)d, sizeof(struct xfs_dqblk), 278 XFS_DQUOT_CRC_OFF); 279 } 280 } 281 282 xfs_trans_dquot_buf(tp, bp, blftype); 283 284 /* 285 * quotacheck uses delayed writes to update all the dquots on disk in an 286 * efficient manner instead of logging the individual dquot changes as 287 * they are made. However if we log the buffer allocated here and crash 288 * after quotacheck while the logged initialisation is still in the 289 * active region of the log, log recovery can replay the dquot buffer 290 * initialisation over the top of the checked dquots and corrupt quota 291 * accounting. 292 * 293 * To avoid this problem, quotacheck cannot log the initialised buffer. 294 * We must still dirty the buffer and write it back before the 295 * allocation transaction clears the log. Therefore, mark the buffer as 296 * ordered instead of logging it directly. This is safe for quotacheck 297 * because it detects and repairs allocated but initialized dquot blocks 298 * in the quota inodes. 299 */ 300 if (!(mp->m_qflags & qflag)) 301 xfs_trans_ordered_buf(tp, bp); 302 else 303 xfs_trans_log_buf(tp, bp, 0, BBTOB(q->qi_dqchunklen) - 1); 304 } 305 306 static void 307 xfs_dquot_set_prealloc( 308 struct xfs_dquot_pre *pre, 309 const struct xfs_dquot_res *res) 310 { 311 xfs_qcnt_t space; 312 313 pre->q_prealloc_hi_wmark = res->hardlimit; 314 pre->q_prealloc_lo_wmark = res->softlimit; 315 316 space = div_u64(pre->q_prealloc_hi_wmark, 100); 317 if (!pre->q_prealloc_lo_wmark) 318 pre->q_prealloc_lo_wmark = space * 95; 319 320 pre->q_low_space[XFS_QLOWSP_1_PCNT] = space; 321 pre->q_low_space[XFS_QLOWSP_3_PCNT] = space * 3; 322 pre->q_low_space[XFS_QLOWSP_5_PCNT] = space * 5; 323 } 324 325 /* 326 * Initialize the dynamic speculative preallocation thresholds. The lo/hi 327 * watermarks correspond to the soft and hard limits by default. If a soft limit 328 * is not specified, we use 95% of the hard limit. 329 */ 330 void 331 xfs_dquot_set_prealloc_limits(struct xfs_dquot *dqp) 332 { 333 xfs_dquot_set_prealloc(&dqp->q_blk_prealloc, &dqp->q_blk); 334 xfs_dquot_set_prealloc(&dqp->q_rtb_prealloc, &dqp->q_rtb); 335 } 336 337 /* 338 * Ensure that the given in-core dquot has a buffer on disk backing it, and 339 * return the buffer locked and held. This is called when the bmapi finds a 340 * hole. 341 */ 342 STATIC int 343 xfs_dquot_disk_alloc( 344 struct xfs_dquot *dqp, 345 struct xfs_buf **bpp) 346 { 347 struct xfs_bmbt_irec map; 348 struct xfs_trans *tp; 349 struct xfs_mount *mp = dqp->q_mount; 350 struct xfs_buf *bp; 351 xfs_dqtype_t qtype = xfs_dquot_type(dqp); 352 struct xfs_inode *quotip = xfs_quota_inode(mp, qtype); 353 int nmaps = 1; 354 int error; 355 356 trace_xfs_dqalloc(dqp); 357 358 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_qm_dqalloc, 359 XFS_QM_DQALLOC_SPACE_RES(mp), 0, 0, &tp); 360 if (error) 361 return error; 362 363 xfs_ilock(quotip, XFS_ILOCK_EXCL); 364 xfs_trans_ijoin(tp, quotip, 0); 365 366 if (!xfs_this_quota_on(dqp->q_mount, qtype)) { 367 /* 368 * Return if this type of quotas is turned off while we didn't 369 * have an inode lock 370 */ 371 error = -ESRCH; 372 goto err_cancel; 373 } 374 375 error = xfs_iext_count_extend(tp, quotip, XFS_DATA_FORK, 376 XFS_IEXT_ADD_NOSPLIT_CNT); 377 if (error) 378 goto err_cancel; 379 380 /* Create the block mapping. */ 381 error = xfs_bmapi_write(tp, quotip, dqp->q_fileoffset, 382 XFS_DQUOT_CLUSTER_SIZE_FSB, XFS_BMAPI_METADATA, 0, &map, 383 &nmaps); 384 if (error) 385 goto err_cancel; 386 387 ASSERT(map.br_blockcount == XFS_DQUOT_CLUSTER_SIZE_FSB); 388 ASSERT((map.br_startblock != DELAYSTARTBLOCK) && 389 (map.br_startblock != HOLESTARTBLOCK)); 390 391 /* 392 * Keep track of the blkno to save a lookup later 393 */ 394 dqp->q_blkno = XFS_FSB_TO_DADDR(mp, map.br_startblock); 395 396 /* now we can just get the buffer (there's nothing to read yet) */ 397 error = xfs_trans_get_buf(tp, mp->m_ddev_targp, dqp->q_blkno, 398 mp->m_quotainfo->qi_dqchunklen, 0, &bp); 399 if (error) 400 goto err_cancel; 401 bp->b_ops = &xfs_dquot_buf_ops; 402 403 /* 404 * Make a chunk of dquots out of this buffer and log 405 * the entire thing. 406 */ 407 xfs_qm_init_dquot_blk(tp, dqp->q_id, qtype, bp); 408 xfs_buf_set_ref(bp, XFS_DQUOT_REF); 409 410 /* 411 * Hold the buffer and join it to the dfops so that we'll still own 412 * the buffer when we return to the caller. The buffer disposal on 413 * error must be paid attention to very carefully, as it has been 414 * broken since commit efa092f3d4c6 "[XFS] Fixes a bug in the quota 415 * code when allocating a new dquot record" in 2005, and the later 416 * conversion to xfs_defer_ops in commit 310a75a3c6c747 failed to keep 417 * the buffer locked across the _defer_finish call. We can now do 418 * this correctly with xfs_defer_bjoin. 419 * 420 * Above, we allocated a disk block for the dquot information and used 421 * get_buf to initialize the dquot. If the _defer_finish fails, the old 422 * transaction is gone but the new buffer is not joined or held to any 423 * transaction, so we must _buf_relse it. 424 * 425 * If everything succeeds, the caller of this function is returned a 426 * buffer that is locked and held to the transaction. The caller 427 * is responsible for unlocking any buffer passed back, either 428 * manually or by committing the transaction. On error, the buffer is 429 * released and not passed back. 430 * 431 * Keep the quota inode ILOCKed until after the transaction commit to 432 * maintain the atomicity of bmap/rmap updates. 433 */ 434 xfs_trans_bhold(tp, bp); 435 error = xfs_trans_commit(tp); 436 xfs_iunlock(quotip, XFS_ILOCK_EXCL); 437 if (error) { 438 xfs_buf_relse(bp); 439 return error; 440 } 441 442 *bpp = bp; 443 return 0; 444 445 err_cancel: 446 xfs_trans_cancel(tp); 447 xfs_iunlock(quotip, XFS_ILOCK_EXCL); 448 return error; 449 } 450 451 /* 452 * Read in the in-core dquot's on-disk metadata and return the buffer. 453 * Returns ENOENT to signal a hole. 454 */ 455 STATIC int 456 xfs_dquot_disk_read( 457 struct xfs_mount *mp, 458 struct xfs_dquot *dqp, 459 struct xfs_buf **bpp) 460 { 461 struct xfs_bmbt_irec map; 462 struct xfs_buf *bp; 463 xfs_dqtype_t qtype = xfs_dquot_type(dqp); 464 struct xfs_inode *quotip = xfs_quota_inode(mp, qtype); 465 uint lock_mode; 466 int nmaps = 1; 467 int error; 468 469 lock_mode = xfs_ilock_data_map_shared(quotip); 470 if (!xfs_this_quota_on(mp, qtype)) { 471 /* 472 * Return if this type of quotas is turned off while we 473 * didn't have the quota inode lock. 474 */ 475 xfs_iunlock(quotip, lock_mode); 476 return -ESRCH; 477 } 478 479 /* 480 * Find the block map; no allocations yet 481 */ 482 error = xfs_bmapi_read(quotip, dqp->q_fileoffset, 483 XFS_DQUOT_CLUSTER_SIZE_FSB, &map, &nmaps, 0); 484 xfs_iunlock(quotip, lock_mode); 485 if (error) 486 return error; 487 488 ASSERT(nmaps == 1); 489 ASSERT(map.br_blockcount >= 1); 490 ASSERT(map.br_startblock != DELAYSTARTBLOCK); 491 if (map.br_startblock == HOLESTARTBLOCK) 492 return -ENOENT; 493 494 trace_xfs_dqtobp_read(dqp); 495 496 /* 497 * store the blkno etc so that we don't have to do the 498 * mapping all the time 499 */ 500 dqp->q_blkno = XFS_FSB_TO_DADDR(mp, map.br_startblock); 501 502 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, dqp->q_blkno, 503 mp->m_quotainfo->qi_dqchunklen, 0, &bp, 504 &xfs_dquot_buf_ops); 505 if (xfs_metadata_is_sick(error)) 506 xfs_dquot_mark_sick(dqp); 507 if (error) { 508 ASSERT(bp == NULL); 509 return error; 510 } 511 512 ASSERT(xfs_buf_islocked(bp)); 513 xfs_buf_set_ref(bp, XFS_DQUOT_REF); 514 *bpp = bp; 515 516 return 0; 517 } 518 519 /* Allocate and initialize everything we need for an incore dquot. */ 520 STATIC struct xfs_dquot * 521 xfs_dquot_alloc( 522 struct xfs_mount *mp, 523 xfs_dqid_t id, 524 xfs_dqtype_t type) 525 { 526 struct xfs_dquot *dqp; 527 528 dqp = kmem_cache_zalloc(xfs_dquot_cache, GFP_KERNEL | __GFP_NOFAIL); 529 530 dqp->q_type = type; 531 dqp->q_id = id; 532 dqp->q_mount = mp; 533 INIT_LIST_HEAD(&dqp->q_lru); 534 mutex_init(&dqp->q_qlock); 535 init_waitqueue_head(&dqp->q_pinwait); 536 dqp->q_fileoffset = (xfs_fileoff_t)id / mp->m_quotainfo->qi_dqperchunk; 537 /* 538 * Offset of dquot in the (fixed sized) dquot chunk. 539 */ 540 dqp->q_bufoffset = (id % mp->m_quotainfo->qi_dqperchunk) * 541 sizeof(struct xfs_dqblk); 542 543 /* 544 * Because we want to use a counting completion, complete 545 * the flush completion once to allow a single access to 546 * the flush completion without blocking. 547 */ 548 init_completion(&dqp->q_flush); 549 complete(&dqp->q_flush); 550 551 /* 552 * Make sure group quotas have a different lock class than user 553 * quotas. 554 */ 555 switch (type) { 556 case XFS_DQTYPE_USER: 557 /* uses the default lock class */ 558 break; 559 case XFS_DQTYPE_GROUP: 560 lockdep_set_class(&dqp->q_qlock, &xfs_dquot_group_class); 561 break; 562 case XFS_DQTYPE_PROJ: 563 lockdep_set_class(&dqp->q_qlock, &xfs_dquot_project_class); 564 break; 565 default: 566 ASSERT(0); 567 break; 568 } 569 570 xfs_qm_dquot_logitem_init(dqp); 571 572 XFS_STATS_INC(mp, xs_qm_dquot); 573 return dqp; 574 } 575 576 /* Check the ondisk dquot's id and type match what the incore dquot expects. */ 577 static bool 578 xfs_dquot_check_type( 579 struct xfs_dquot *dqp, 580 struct xfs_disk_dquot *ddqp) 581 { 582 uint8_t ddqp_type; 583 uint8_t dqp_type; 584 585 ddqp_type = ddqp->d_type & XFS_DQTYPE_REC_MASK; 586 dqp_type = xfs_dquot_type(dqp); 587 588 if (be32_to_cpu(ddqp->d_id) != dqp->q_id) 589 return false; 590 591 /* 592 * V5 filesystems always expect an exact type match. V4 filesystems 593 * expect an exact match for user dquots and for non-root group and 594 * project dquots. 595 */ 596 if (xfs_has_crc(dqp->q_mount) || 597 dqp_type == XFS_DQTYPE_USER || dqp->q_id != 0) 598 return ddqp_type == dqp_type; 599 600 /* 601 * V4 filesystems support either group or project quotas, but not both 602 * at the same time. The non-user quota file can be switched between 603 * group and project quota uses depending on the mount options, which 604 * means that we can encounter the other type when we try to load quota 605 * defaults. Quotacheck will soon reset the entire quota file 606 * (including the root dquot) anyway, but don't log scary corruption 607 * reports to dmesg. 608 */ 609 return ddqp_type == XFS_DQTYPE_GROUP || ddqp_type == XFS_DQTYPE_PROJ; 610 } 611 612 /* Copy the in-core quota fields in from the on-disk buffer. */ 613 STATIC int 614 xfs_dquot_from_disk( 615 struct xfs_dquot *dqp, 616 struct xfs_buf *bp) 617 { 618 struct xfs_dqblk *dqb = xfs_buf_offset(bp, dqp->q_bufoffset); 619 struct xfs_disk_dquot *ddqp = &dqb->dd_diskdq; 620 621 /* 622 * Ensure that we got the type and ID we were looking for. 623 * Everything else was checked by the dquot buffer verifier. 624 */ 625 if (!xfs_dquot_check_type(dqp, ddqp)) { 626 xfs_alert_tag(bp->b_mount, XFS_PTAG_VERIFIER_ERROR, 627 "Metadata corruption detected at %pS, quota %u", 628 __this_address, dqp->q_id); 629 xfs_alert(bp->b_mount, "Unmount and run xfs_repair"); 630 xfs_dquot_mark_sick(dqp); 631 return -EFSCORRUPTED; 632 } 633 634 /* copy everything from disk dquot to the incore dquot */ 635 dqp->q_type = ddqp->d_type; 636 dqp->q_blk.hardlimit = be64_to_cpu(ddqp->d_blk_hardlimit); 637 dqp->q_blk.softlimit = be64_to_cpu(ddqp->d_blk_softlimit); 638 dqp->q_ino.hardlimit = be64_to_cpu(ddqp->d_ino_hardlimit); 639 dqp->q_ino.softlimit = be64_to_cpu(ddqp->d_ino_softlimit); 640 dqp->q_rtb.hardlimit = be64_to_cpu(ddqp->d_rtb_hardlimit); 641 dqp->q_rtb.softlimit = be64_to_cpu(ddqp->d_rtb_softlimit); 642 643 dqp->q_blk.count = be64_to_cpu(ddqp->d_bcount); 644 dqp->q_ino.count = be64_to_cpu(ddqp->d_icount); 645 dqp->q_rtb.count = be64_to_cpu(ddqp->d_rtbcount); 646 647 dqp->q_blk.timer = xfs_dquot_from_disk_ts(ddqp, ddqp->d_btimer); 648 dqp->q_ino.timer = xfs_dquot_from_disk_ts(ddqp, ddqp->d_itimer); 649 dqp->q_rtb.timer = xfs_dquot_from_disk_ts(ddqp, ddqp->d_rtbtimer); 650 651 /* 652 * Reservation counters are defined as reservation plus current usage 653 * to avoid having to add every time. 654 */ 655 dqp->q_blk.reserved = dqp->q_blk.count; 656 dqp->q_ino.reserved = dqp->q_ino.count; 657 dqp->q_rtb.reserved = dqp->q_rtb.count; 658 659 /* initialize the dquot speculative prealloc thresholds */ 660 xfs_dquot_set_prealloc_limits(dqp); 661 return 0; 662 } 663 664 /* Copy the in-core quota fields into the on-disk buffer. */ 665 void 666 xfs_dquot_to_disk( 667 struct xfs_disk_dquot *ddqp, 668 struct xfs_dquot *dqp) 669 { 670 ddqp->d_magic = cpu_to_be16(XFS_DQUOT_MAGIC); 671 ddqp->d_version = XFS_DQUOT_VERSION; 672 ddqp->d_type = dqp->q_type; 673 ddqp->d_id = cpu_to_be32(dqp->q_id); 674 ddqp->d_pad0 = 0; 675 ddqp->d_pad = 0; 676 677 ddqp->d_blk_hardlimit = cpu_to_be64(dqp->q_blk.hardlimit); 678 ddqp->d_blk_softlimit = cpu_to_be64(dqp->q_blk.softlimit); 679 ddqp->d_ino_hardlimit = cpu_to_be64(dqp->q_ino.hardlimit); 680 ddqp->d_ino_softlimit = cpu_to_be64(dqp->q_ino.softlimit); 681 ddqp->d_rtb_hardlimit = cpu_to_be64(dqp->q_rtb.hardlimit); 682 ddqp->d_rtb_softlimit = cpu_to_be64(dqp->q_rtb.softlimit); 683 684 ddqp->d_bcount = cpu_to_be64(dqp->q_blk.count); 685 ddqp->d_icount = cpu_to_be64(dqp->q_ino.count); 686 ddqp->d_rtbcount = cpu_to_be64(dqp->q_rtb.count); 687 688 ddqp->d_bwarns = 0; 689 ddqp->d_iwarns = 0; 690 ddqp->d_rtbwarns = 0; 691 692 ddqp->d_btimer = xfs_dquot_to_disk_ts(dqp, dqp->q_blk.timer); 693 ddqp->d_itimer = xfs_dquot_to_disk_ts(dqp, dqp->q_ino.timer); 694 ddqp->d_rtbtimer = xfs_dquot_to_disk_ts(dqp, dqp->q_rtb.timer); 695 } 696 697 /* 698 * Read in the ondisk dquot using dqtobp() then copy it to an incore version, 699 * and release the buffer immediately. If @can_alloc is true, fill any 700 * holes in the on-disk metadata. 701 */ 702 static int 703 xfs_qm_dqread( 704 struct xfs_mount *mp, 705 xfs_dqid_t id, 706 xfs_dqtype_t type, 707 bool can_alloc, 708 struct xfs_dquot **dqpp) 709 { 710 struct xfs_dquot *dqp; 711 struct xfs_buf *bp; 712 int error; 713 714 dqp = xfs_dquot_alloc(mp, id, type); 715 trace_xfs_dqread(dqp); 716 717 /* Try to read the buffer, allocating if necessary. */ 718 error = xfs_dquot_disk_read(mp, dqp, &bp); 719 if (error == -ENOENT && can_alloc) 720 error = xfs_dquot_disk_alloc(dqp, &bp); 721 if (error) 722 goto err; 723 724 /* 725 * At this point we should have a clean locked buffer. Copy the data 726 * to the incore dquot and release the buffer since the incore dquot 727 * has its own locking protocol so we needn't tie up the buffer any 728 * further. 729 */ 730 ASSERT(xfs_buf_islocked(bp)); 731 error = xfs_dquot_from_disk(dqp, bp); 732 xfs_buf_relse(bp); 733 if (error) 734 goto err; 735 736 *dqpp = dqp; 737 return error; 738 739 err: 740 trace_xfs_dqread_fail(dqp); 741 xfs_qm_dqdestroy(dqp); 742 *dqpp = NULL; 743 return error; 744 } 745 746 /* 747 * Advance to the next id in the current chunk, or if at the 748 * end of the chunk, skip ahead to first id in next allocated chunk 749 * using the SEEK_DATA interface. 750 */ 751 static int 752 xfs_dq_get_next_id( 753 struct xfs_mount *mp, 754 xfs_dqtype_t type, 755 xfs_dqid_t *id) 756 { 757 struct xfs_inode *quotip = xfs_quota_inode(mp, type); 758 xfs_dqid_t next_id = *id + 1; /* simple advance */ 759 uint lock_flags; 760 struct xfs_bmbt_irec got; 761 struct xfs_iext_cursor cur; 762 xfs_fsblock_t start; 763 int error = 0; 764 765 /* If we'd wrap past the max ID, stop */ 766 if (next_id < *id) 767 return -ENOENT; 768 769 /* If new ID is within the current chunk, advancing it sufficed */ 770 if (next_id % mp->m_quotainfo->qi_dqperchunk) { 771 *id = next_id; 772 return 0; 773 } 774 775 /* Nope, next_id is now past the current chunk, so find the next one */ 776 start = (xfs_fsblock_t)next_id / mp->m_quotainfo->qi_dqperchunk; 777 778 lock_flags = xfs_ilock_data_map_shared(quotip); 779 error = xfs_iread_extents(NULL, quotip, XFS_DATA_FORK); 780 if (error) 781 return error; 782 783 if (xfs_iext_lookup_extent(quotip, "ip->i_df, start, &cur, &got)) { 784 /* contiguous chunk, bump startoff for the id calculation */ 785 if (got.br_startoff < start) 786 got.br_startoff = start; 787 *id = got.br_startoff * mp->m_quotainfo->qi_dqperchunk; 788 } else { 789 error = -ENOENT; 790 } 791 792 xfs_iunlock(quotip, lock_flags); 793 794 return error; 795 } 796 797 /* 798 * Look up the dquot in the in-core cache. If found, the dquot is returned 799 * locked and ready to go. 800 */ 801 static struct xfs_dquot * 802 xfs_qm_dqget_cache_lookup( 803 struct xfs_mount *mp, 804 xfs_dqid_t id, 805 xfs_dqtype_t type) 806 { 807 struct xfs_quotainfo *qi = mp->m_quotainfo; 808 struct radix_tree_root *tree = xfs_dquot_tree(qi, type); 809 struct xfs_dquot *dqp; 810 811 restart: 812 mutex_lock(&qi->qi_tree_lock); 813 dqp = radix_tree_lookup(tree, id); 814 if (!dqp) { 815 mutex_unlock(&qi->qi_tree_lock); 816 XFS_STATS_INC(mp, xs_qm_dqcachemisses); 817 return NULL; 818 } 819 820 if (!lockref_get_not_dead(&dqp->q_lockref)) { 821 mutex_unlock(&qi->qi_tree_lock); 822 trace_xfs_dqget_freeing(dqp); 823 delay(1); 824 goto restart; 825 } 826 mutex_unlock(&qi->qi_tree_lock); 827 828 trace_xfs_dqget_hit(dqp); 829 XFS_STATS_INC(mp, xs_qm_dqcachehits); 830 return dqp; 831 } 832 833 /* 834 * Try to insert a new dquot into the in-core cache. If an error occurs the 835 * caller should throw away the dquot and start over. Otherwise, the dquot 836 * is returned (and held by the cache) as if there had been a cache hit. 837 * 838 * The insert needs to be done under memalloc_nofs context because the radix 839 * tree can do memory allocation during insert. The qi->qi_tree_lock is taken in 840 * memory reclaim when freeing unused dquots, so we cannot have the radix tree 841 * node allocation recursing into filesystem reclaim whilst we hold the 842 * qi_tree_lock. 843 */ 844 static int 845 xfs_qm_dqget_cache_insert( 846 struct xfs_mount *mp, 847 xfs_dqid_t id, 848 xfs_dqtype_t type, 849 struct xfs_dquot *dqp) 850 { 851 struct xfs_quotainfo *qi = mp->m_quotainfo; 852 struct radix_tree_root *tree = xfs_dquot_tree(qi, type); 853 unsigned int nofs_flags; 854 int error; 855 856 nofs_flags = memalloc_nofs_save(); 857 mutex_lock(&qi->qi_tree_lock); 858 error = radix_tree_insert(tree, id, dqp); 859 if (unlikely(error)) { 860 trace_xfs_dqget_dup(dqp); 861 goto out_unlock; 862 } 863 864 lockref_init(&dqp->q_lockref); 865 qi->qi_dquots++; 866 867 out_unlock: 868 mutex_unlock(&qi->qi_tree_lock); 869 memalloc_nofs_restore(nofs_flags); 870 return error; 871 } 872 873 /* Check our input parameters. */ 874 static int 875 xfs_qm_dqget_checks( 876 struct xfs_mount *mp, 877 xfs_dqtype_t type) 878 { 879 switch (type) { 880 case XFS_DQTYPE_USER: 881 if (!XFS_IS_UQUOTA_ON(mp)) 882 return -ESRCH; 883 return 0; 884 case XFS_DQTYPE_GROUP: 885 if (!XFS_IS_GQUOTA_ON(mp)) 886 return -ESRCH; 887 return 0; 888 case XFS_DQTYPE_PROJ: 889 if (!XFS_IS_PQUOTA_ON(mp)) 890 return -ESRCH; 891 return 0; 892 default: 893 WARN_ON_ONCE(0); 894 return -EINVAL; 895 } 896 } 897 898 /* 899 * Given the file system, id, and type (UDQUOT/GDQUOT/PDQUOT), return a 900 * dquot, doing an allocation (if requested) as needed. 901 */ 902 int 903 xfs_qm_dqget( 904 struct xfs_mount *mp, 905 xfs_dqid_t id, 906 xfs_dqtype_t type, 907 bool can_alloc, 908 struct xfs_dquot **O_dqpp) 909 { 910 struct xfs_dquot *dqp; 911 int error; 912 913 error = xfs_qm_dqget_checks(mp, type); 914 if (error) 915 return error; 916 917 restart: 918 dqp = xfs_qm_dqget_cache_lookup(mp, id, type); 919 if (dqp) 920 goto found; 921 922 error = xfs_qm_dqread(mp, id, type, can_alloc, &dqp); 923 if (error) 924 return error; 925 926 error = xfs_qm_dqget_cache_insert(mp, id, type, dqp); 927 if (error) { 928 xfs_qm_dqdestroy(dqp); 929 if (error == -EEXIST) { 930 /* 931 * Duplicate found. Just throw away the new dquot and 932 * start over. 933 */ 934 XFS_STATS_INC(mp, xs_qm_dquot_dups); 935 goto restart; 936 } 937 return error; 938 } 939 940 trace_xfs_dqget_miss(dqp); 941 found: 942 *O_dqpp = dqp; 943 return 0; 944 } 945 946 /* 947 * Given a dquot id and type, read and initialize a dquot from the on-disk 948 * metadata. This function is only for use during quota initialization so 949 * it ignores the dquot cache assuming that the dquot shrinker isn't set up. 950 * The caller is responsible for _qm_dqdestroy'ing the returned dquot. 951 */ 952 int 953 xfs_qm_dqget_uncached( 954 struct xfs_mount *mp, 955 xfs_dqid_t id, 956 xfs_dqtype_t type, 957 struct xfs_dquot **dqpp) 958 { 959 int error; 960 961 error = xfs_qm_dqget_checks(mp, type); 962 if (error) 963 return error; 964 965 return xfs_qm_dqread(mp, id, type, 0, dqpp); 966 } 967 968 /* Return the quota id for a given inode and type. */ 969 xfs_dqid_t 970 xfs_qm_id_for_quotatype( 971 struct xfs_inode *ip, 972 xfs_dqtype_t type) 973 { 974 switch (type) { 975 case XFS_DQTYPE_USER: 976 return i_uid_read(VFS_I(ip)); 977 case XFS_DQTYPE_GROUP: 978 return i_gid_read(VFS_I(ip)); 979 case XFS_DQTYPE_PROJ: 980 return ip->i_projid; 981 } 982 ASSERT(0); 983 return 0; 984 } 985 986 /* 987 * Return the dquot for a given inode and type. If @can_alloc is true, then 988 * allocate blocks if needed. The inode's ILOCK must be held and it must not 989 * have already had an inode attached. 990 */ 991 int 992 xfs_qm_dqget_inode( 993 struct xfs_inode *ip, 994 xfs_dqtype_t type, 995 bool can_alloc, 996 struct xfs_dquot **dqpp) 997 { 998 struct xfs_mount *mp = ip->i_mount; 999 struct xfs_dquot *dqp; 1000 xfs_dqid_t id; 1001 int error; 1002 1003 ASSERT(!*dqpp); 1004 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); 1005 1006 error = xfs_qm_dqget_checks(mp, type); 1007 if (error) 1008 return error; 1009 1010 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); 1011 ASSERT(xfs_inode_dquot(ip, type) == NULL); 1012 ASSERT(!xfs_is_metadir_inode(ip)); 1013 1014 id = xfs_qm_id_for_quotatype(ip, type); 1015 1016 restart: 1017 dqp = xfs_qm_dqget_cache_lookup(mp, id, type); 1018 if (dqp) 1019 goto found; 1020 1021 /* 1022 * Dquot cache miss. We don't want to keep the inode lock across 1023 * a (potential) disk read. Also we don't want to deal with the lock 1024 * ordering between quotainode and this inode. OTOH, dropping the inode 1025 * lock here means dealing with a chown that can happen before 1026 * we re-acquire the lock. 1027 */ 1028 xfs_iunlock(ip, XFS_ILOCK_EXCL); 1029 error = xfs_qm_dqread(mp, id, type, can_alloc, &dqp); 1030 xfs_ilock(ip, XFS_ILOCK_EXCL); 1031 if (error) 1032 return error; 1033 1034 /* 1035 * A dquot could be attached to this inode by now, since we had 1036 * dropped the ilock. 1037 */ 1038 if (xfs_this_quota_on(mp, type)) { 1039 struct xfs_dquot *dqp1; 1040 1041 dqp1 = xfs_inode_dquot(ip, type); 1042 if (dqp1) { 1043 xfs_qm_dqdestroy(dqp); 1044 dqp = dqp1; 1045 goto dqret; 1046 } 1047 } else { 1048 /* inode stays locked on return */ 1049 xfs_qm_dqdestroy(dqp); 1050 return -ESRCH; 1051 } 1052 1053 error = xfs_qm_dqget_cache_insert(mp, id, type, dqp); 1054 if (error) { 1055 xfs_qm_dqdestroy(dqp); 1056 if (error == -EEXIST) { 1057 /* 1058 * Duplicate found. Just throw away the new dquot and 1059 * start over. 1060 */ 1061 XFS_STATS_INC(mp, xs_qm_dquot_dups); 1062 goto restart; 1063 } 1064 return error; 1065 } 1066 1067 dqret: 1068 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); 1069 trace_xfs_dqget_miss(dqp); 1070 found: 1071 trace_xfs_dqattach_get(dqp); 1072 *dqpp = dqp; 1073 return 0; 1074 } 1075 1076 /* 1077 * Starting at @id and progressing upwards, look for an initialized incore 1078 * dquot, lock it, and return it. 1079 */ 1080 int 1081 xfs_qm_dqget_next( 1082 struct xfs_mount *mp, 1083 xfs_dqid_t id, 1084 xfs_dqtype_t type, 1085 struct xfs_dquot **dqpp) 1086 { 1087 struct xfs_dquot *dqp; 1088 int error = 0; 1089 1090 *dqpp = NULL; 1091 for (; !error; error = xfs_dq_get_next_id(mp, type, &id)) { 1092 error = xfs_qm_dqget(mp, id, type, false, &dqp); 1093 if (error == -ENOENT) 1094 continue; 1095 else if (error != 0) 1096 break; 1097 1098 mutex_lock(&dqp->q_qlock); 1099 if (!XFS_IS_DQUOT_UNINITIALIZED(dqp)) { 1100 *dqpp = dqp; 1101 return 0; 1102 } 1103 1104 mutex_unlock(&dqp->q_qlock); 1105 xfs_qm_dqrele(dqp); 1106 } 1107 1108 return error; 1109 } 1110 1111 /* 1112 * Release a reference to the dquot. 1113 */ 1114 void 1115 xfs_qm_dqrele( 1116 struct xfs_dquot *dqp) 1117 { 1118 if (!dqp) 1119 return; 1120 1121 trace_xfs_dqrele(dqp); 1122 1123 if (lockref_put_or_lock(&dqp->q_lockref)) 1124 return; 1125 if (!--dqp->q_lockref.count) { 1126 struct xfs_quotainfo *qi = dqp->q_mount->m_quotainfo; 1127 1128 trace_xfs_dqrele_free(dqp); 1129 if (list_lru_add_obj(&qi->qi_lru, &dqp->q_lru)) 1130 XFS_STATS_INC(dqp->q_mount, xs_qm_dquot_unused); 1131 } 1132 spin_unlock(&dqp->q_lockref.lock); 1133 } 1134 1135 /* 1136 * This is the dquot flushing I/O completion routine. It is called 1137 * from interrupt level when the buffer containing the dquot is 1138 * flushed to disk. It is responsible for removing the dquot logitem 1139 * from the AIL if it has not been re-logged, and unlocking the dquot's 1140 * flush lock. This behavior is very similar to that of inodes.. 1141 */ 1142 static void 1143 xfs_qm_dqflush_done( 1144 struct xfs_log_item *lip) 1145 { 1146 struct xfs_dq_logitem *qlip = 1147 container_of(lip, struct xfs_dq_logitem, qli_item); 1148 struct xfs_dquot *dqp = qlip->qli_dquot; 1149 struct xfs_ail *ailp = lip->li_ailp; 1150 struct xfs_buf *bp = NULL; 1151 xfs_lsn_t tail_lsn; 1152 1153 /* 1154 * We only want to pull the item from the AIL if its 1155 * location in the log has not changed since we started the flush. 1156 * Thus, we only bother if the dquot's lsn has 1157 * not changed. First we check the lsn outside the lock 1158 * since it's cheaper, and then we recheck while 1159 * holding the lock before removing the dquot from the AIL. 1160 */ 1161 if (test_bit(XFS_LI_IN_AIL, &lip->li_flags) && 1162 (lip->li_lsn == qlip->qli_flush_lsn || 1163 test_bit(XFS_LI_FAILED, &lip->li_flags))) { 1164 spin_lock(&ailp->ail_lock); 1165 clear_bit(XFS_LI_FAILED, &lip->li_flags); 1166 if (lip->li_lsn == qlip->qli_flush_lsn) { 1167 /* xfs_ail_update_finish() drops the AIL lock */ 1168 tail_lsn = xfs_ail_delete_one(ailp, lip); 1169 xfs_ail_update_finish(ailp, tail_lsn); 1170 } else { 1171 spin_unlock(&ailp->ail_lock); 1172 } 1173 } 1174 1175 /* 1176 * If this dquot hasn't been dirtied since initiating the last dqflush, 1177 * release the buffer reference. We already unlinked this dquot item 1178 * from the buffer. 1179 */ 1180 spin_lock(&qlip->qli_lock); 1181 if (!qlip->qli_dirty) { 1182 bp = lip->li_buf; 1183 lip->li_buf = NULL; 1184 } 1185 spin_unlock(&qlip->qli_lock); 1186 if (bp) 1187 xfs_buf_rele(bp); 1188 1189 /* 1190 * Release the dq's flush lock since we're done with it. 1191 */ 1192 xfs_dqfunlock(dqp); 1193 } 1194 1195 void 1196 xfs_buf_dquot_iodone( 1197 struct xfs_buf *bp) 1198 { 1199 struct xfs_log_item *lip, *n; 1200 1201 list_for_each_entry_safe(lip, n, &bp->b_li_list, li_bio_list) { 1202 list_del_init(&lip->li_bio_list); 1203 xfs_qm_dqflush_done(lip); 1204 } 1205 } 1206 1207 /* Check incore dquot for errors before we flush. */ 1208 static xfs_failaddr_t 1209 xfs_qm_dqflush_check( 1210 struct xfs_dquot *dqp) 1211 { 1212 xfs_dqtype_t type = xfs_dquot_type(dqp); 1213 1214 if (type != XFS_DQTYPE_USER && 1215 type != XFS_DQTYPE_GROUP && 1216 type != XFS_DQTYPE_PROJ) 1217 return __this_address; 1218 1219 if (dqp->q_id == 0) 1220 return NULL; 1221 1222 if (dqp->q_blk.softlimit && dqp->q_blk.count > dqp->q_blk.softlimit && 1223 !dqp->q_blk.timer) 1224 return __this_address; 1225 1226 if (dqp->q_ino.softlimit && dqp->q_ino.count > dqp->q_ino.softlimit && 1227 !dqp->q_ino.timer) 1228 return __this_address; 1229 1230 if (dqp->q_rtb.softlimit && dqp->q_rtb.count > dqp->q_rtb.softlimit && 1231 !dqp->q_rtb.timer) 1232 return __this_address; 1233 1234 /* bigtime flag should never be set on root dquots */ 1235 if (dqp->q_type & XFS_DQTYPE_BIGTIME) { 1236 if (!xfs_has_bigtime(dqp->q_mount)) 1237 return __this_address; 1238 if (dqp->q_id == 0) 1239 return __this_address; 1240 } 1241 1242 return NULL; 1243 } 1244 1245 /* 1246 * Get the buffer containing the on-disk dquot. 1247 * 1248 * Requires dquot flush lock, will clear the dirty flag, delete the quota log 1249 * item from the AIL, and shut down the system if something goes wrong. 1250 */ 1251 static int 1252 xfs_dquot_read_buf( 1253 struct xfs_trans *tp, 1254 struct xfs_dquot *dqp, 1255 struct xfs_buf **bpp) 1256 { 1257 struct xfs_mount *mp = dqp->q_mount; 1258 struct xfs_buf *bp = NULL; 1259 int error; 1260 1261 error = xfs_trans_read_buf(mp, tp, mp->m_ddev_targp, dqp->q_blkno, 1262 mp->m_quotainfo->qi_dqchunklen, 0, 1263 &bp, &xfs_dquot_buf_ops); 1264 if (xfs_metadata_is_sick(error)) 1265 xfs_dquot_mark_sick(dqp); 1266 if (error) 1267 goto out_abort; 1268 1269 *bpp = bp; 1270 return 0; 1271 1272 out_abort: 1273 dqp->q_flags &= ~XFS_DQFLAG_DIRTY; 1274 xfs_trans_ail_delete(&dqp->q_logitem.qli_item, 0); 1275 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE); 1276 return error; 1277 } 1278 1279 /* 1280 * Attach a dquot buffer to this dquot to avoid allocating a buffer during a 1281 * dqflush, since dqflush can be called from reclaim context. Caller must hold 1282 * the dqlock. 1283 */ 1284 int 1285 xfs_dquot_attach_buf( 1286 struct xfs_trans *tp, 1287 struct xfs_dquot *dqp) 1288 { 1289 struct xfs_dq_logitem *qlip = &dqp->q_logitem; 1290 struct xfs_log_item *lip = &qlip->qli_item; 1291 int error; 1292 1293 spin_lock(&qlip->qli_lock); 1294 if (!lip->li_buf) { 1295 struct xfs_buf *bp = NULL; 1296 1297 spin_unlock(&qlip->qli_lock); 1298 error = xfs_dquot_read_buf(tp, dqp, &bp); 1299 if (error) 1300 return error; 1301 1302 /* 1303 * Hold the dquot buffer so that we retain our ref to it after 1304 * detaching it from the transaction, then give that ref to the 1305 * dquot log item so that the AIL does not have to read the 1306 * dquot buffer to push this item. 1307 */ 1308 xfs_buf_hold(bp); 1309 xfs_trans_brelse(tp, bp); 1310 1311 spin_lock(&qlip->qli_lock); 1312 lip->li_buf = bp; 1313 } 1314 qlip->qli_dirty = true; 1315 spin_unlock(&qlip->qli_lock); 1316 1317 return 0; 1318 } 1319 1320 /* 1321 * Get a new reference the dquot buffer attached to this dquot for a dqflush 1322 * operation. 1323 * 1324 * Returns 0 and a NULL bp if none was attached to the dquot; 0 and a locked 1325 * bp; or -EAGAIN if the buffer could not be locked. 1326 */ 1327 int 1328 xfs_dquot_use_attached_buf( 1329 struct xfs_dquot *dqp, 1330 struct xfs_buf **bpp) 1331 { 1332 struct xfs_buf *bp = dqp->q_logitem.qli_item.li_buf; 1333 1334 /* 1335 * A NULL buffer can happen if the dquot dirty flag was set but the 1336 * filesystem shut down before transaction commit happened. In that 1337 * case we're not going to flush anyway. 1338 */ 1339 if (!bp) { 1340 ASSERT(xfs_is_shutdown(dqp->q_mount)); 1341 1342 *bpp = NULL; 1343 return 0; 1344 } 1345 1346 if (!xfs_buf_trylock(bp)) 1347 return -EAGAIN; 1348 1349 xfs_buf_hold(bp); 1350 *bpp = bp; 1351 return 0; 1352 } 1353 1354 /* 1355 * Write a modified dquot to disk. 1356 * The dquot must be locked and the flush lock too taken by caller. 1357 * The flush lock will not be unlocked until the dquot reaches the disk, 1358 * but the dquot is free to be unlocked and modified by the caller 1359 * in the interim. Dquot is still locked on return. This behavior is 1360 * identical to that of inodes. 1361 */ 1362 int 1363 xfs_qm_dqflush( 1364 struct xfs_dquot *dqp, 1365 struct xfs_buf *bp) 1366 { 1367 struct xfs_mount *mp = dqp->q_mount; 1368 struct xfs_dq_logitem *qlip = &dqp->q_logitem; 1369 struct xfs_log_item *lip = &qlip->qli_item; 1370 struct xfs_dqblk *dqblk; 1371 xfs_failaddr_t fa; 1372 int error; 1373 1374 ASSERT(XFS_DQ_IS_LOCKED(dqp)); 1375 ASSERT(!completion_done(&dqp->q_flush)); 1376 ASSERT(atomic_read(&dqp->q_pincount) == 0); 1377 1378 trace_xfs_dqflush(dqp); 1379 fa = xfs_qm_dqflush_check(dqp); 1380 if (fa) { 1381 xfs_alert(mp, "corrupt dquot ID 0x%x in memory at %pS", 1382 dqp->q_id, fa); 1383 xfs_dquot_mark_sick(dqp); 1384 error = -EFSCORRUPTED; 1385 goto out_abort; 1386 } 1387 1388 /* Flush the incore dquot to the ondisk buffer. */ 1389 dqblk = xfs_buf_offset(bp, dqp->q_bufoffset); 1390 xfs_dquot_to_disk(&dqblk->dd_diskdq, dqp); 1391 1392 /* 1393 * Clear the dirty field and remember the flush lsn for later use. 1394 */ 1395 dqp->q_flags &= ~XFS_DQFLAG_DIRTY; 1396 1397 /* 1398 * We hold the dquot lock, so nobody can dirty it while we're 1399 * scheduling the write out. Clear the dirty-since-flush flag. 1400 */ 1401 spin_lock(&qlip->qli_lock); 1402 qlip->qli_dirty = false; 1403 spin_unlock(&qlip->qli_lock); 1404 1405 xfs_trans_ail_copy_lsn(mp->m_ail, &qlip->qli_flush_lsn, &lip->li_lsn); 1406 1407 /* 1408 * copy the lsn into the on-disk dquot now while we have the in memory 1409 * dquot here. This can't be done later in the write verifier as we 1410 * can't get access to the log item at that point in time. 1411 * 1412 * We also calculate the CRC here so that the on-disk dquot in the 1413 * buffer always has a valid CRC. This ensures there is no possibility 1414 * of a dquot without an up-to-date CRC getting to disk. 1415 */ 1416 if (xfs_has_crc(mp)) { 1417 dqblk->dd_lsn = cpu_to_be64(lip->li_lsn); 1418 xfs_update_cksum((char *)dqblk, sizeof(struct xfs_dqblk), 1419 XFS_DQUOT_CRC_OFF); 1420 } 1421 1422 /* 1423 * Attach the dquot to the buffer so that we can remove this dquot from 1424 * the AIL and release the flush lock once the dquot is synced to disk. 1425 */ 1426 bp->b_iodone = xfs_buf_dquot_iodone; 1427 list_add_tail(&lip->li_bio_list, &bp->b_li_list); 1428 1429 /* 1430 * If the buffer is pinned then push on the log so we won't 1431 * get stuck waiting in the write for too long. 1432 */ 1433 if (xfs_buf_ispinned(bp)) { 1434 trace_xfs_dqflush_force(dqp); 1435 xfs_log_force(mp, 0); 1436 } 1437 1438 trace_xfs_dqflush_done(dqp); 1439 return 0; 1440 1441 out_abort: 1442 dqp->q_flags &= ~XFS_DQFLAG_DIRTY; 1443 xfs_trans_ail_delete(lip, 0); 1444 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE); 1445 xfs_dqfunlock(dqp); 1446 return error; 1447 } 1448 1449 /* 1450 * Lock two xfs_dquot structures. 1451 * 1452 * To avoid deadlocks we always lock the quota structure with 1453 * the lowerd id first. 1454 */ 1455 void 1456 xfs_dqlock2( 1457 struct xfs_dquot *d1, 1458 struct xfs_dquot *d2) 1459 { 1460 if (d1 && d2) { 1461 ASSERT(d1 != d2); 1462 if (d1->q_id > d2->q_id) { 1463 mutex_lock(&d2->q_qlock); 1464 mutex_lock_nested(&d1->q_qlock, XFS_QLOCK_NESTED); 1465 } else { 1466 mutex_lock(&d1->q_qlock); 1467 mutex_lock_nested(&d2->q_qlock, XFS_QLOCK_NESTED); 1468 } 1469 } else if (d1) { 1470 mutex_lock(&d1->q_qlock); 1471 } else if (d2) { 1472 mutex_lock(&d2->q_qlock); 1473 } 1474 } 1475 1476 static int 1477 xfs_dqtrx_cmp( 1478 const void *a, 1479 const void *b) 1480 { 1481 const struct xfs_dqtrx *qa = a; 1482 const struct xfs_dqtrx *qb = b; 1483 1484 if (qa->qt_dquot->q_id > qb->qt_dquot->q_id) 1485 return 1; 1486 if (qa->qt_dquot->q_id < qb->qt_dquot->q_id) 1487 return -1; 1488 return 0; 1489 } 1490 1491 void 1492 xfs_dqlockn( 1493 struct xfs_dqtrx *q) 1494 { 1495 unsigned int i; 1496 1497 BUILD_BUG_ON(XFS_QM_TRANS_MAXDQS > MAX_LOCKDEP_SUBCLASSES); 1498 1499 /* Sort in order of dquot id, do not allow duplicates */ 1500 for (i = 0; i < XFS_QM_TRANS_MAXDQS && q[i].qt_dquot != NULL; i++) { 1501 unsigned int j; 1502 1503 for (j = 0; j < i; j++) 1504 ASSERT(q[i].qt_dquot != q[j].qt_dquot); 1505 } 1506 if (i == 0) 1507 return; 1508 1509 sort(q, i, sizeof(struct xfs_dqtrx), xfs_dqtrx_cmp, NULL); 1510 1511 mutex_lock(&q[0].qt_dquot->q_qlock); 1512 for (i = 1; i < XFS_QM_TRANS_MAXDQS && q[i].qt_dquot != NULL; i++) 1513 mutex_lock_nested(&q[i].qt_dquot->q_qlock, 1514 XFS_QLOCK_NESTED + i - 1); 1515 } 1516 1517 int __init 1518 xfs_qm_init(void) 1519 { 1520 xfs_dquot_cache = kmem_cache_create("xfs_dquot", 1521 sizeof(struct xfs_dquot), 1522 0, 0, NULL); 1523 if (!xfs_dquot_cache) 1524 goto out; 1525 1526 xfs_dqtrx_cache = kmem_cache_create("xfs_dqtrx", 1527 sizeof(struct xfs_dquot_acct), 1528 0, 0, NULL); 1529 if (!xfs_dqtrx_cache) 1530 goto out_free_dquot_cache; 1531 1532 return 0; 1533 1534 out_free_dquot_cache: 1535 kmem_cache_destroy(xfs_dquot_cache); 1536 out: 1537 return -ENOMEM; 1538 } 1539 1540 void 1541 xfs_qm_exit(void) 1542 { 1543 kmem_cache_destroy(xfs_dqtrx_cache); 1544 kmem_cache_destroy(xfs_dquot_cache); 1545 } 1546