1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Implementation of the diskquota system for the LINUX operating system. QUOTA 4 * is implemented using the BSD system call interface as the means of 5 * communication with the user level. This file contains the generic routines 6 * called by the different filesystems on allocation of an inode or block. 7 * These routines take care of the administration needed to have a consistent 8 * diskquota tracking system. The ideas of both user and group quotas are based 9 * on the Melbourne quota system as used on BSD derived systems. The internal 10 * implementation is based on one of the several variants of the LINUX 11 * inode-subsystem with added complexity of the diskquota system. 12 * 13 * Author: Marco van Wieringen <mvw@planets.elm.net> 14 * 15 * Fixes: Dmitry Gorodchanin <pgmdsg@ibi.com>, 11 Feb 96 16 * 17 * Revised list management to avoid races 18 * -- Bill Hawes, <whawes@star.net>, 9/98 19 * 20 * Fixed races in dquot_transfer(), dqget() and dquot_alloc_...(). 21 * As the consequence the locking was moved from dquot_decr_...(), 22 * dquot_incr_...() to calling functions. 23 * invalidate_dquots() now writes modified dquots. 24 * Serialized quota_off() and quota_on() for mount point. 25 * Fixed a few bugs in grow_dquots(). 26 * Fixed deadlock in write_dquot() - we no longer account quotas on 27 * quota files 28 * remove_dquot_ref() moved to inode.c - it now traverses through inodes 29 * add_dquot_ref() restarts after blocking 30 * Added check for bogus uid and fixed check for group in quotactl. 31 * Jan Kara, <jack@suse.cz>, sponsored by SuSE CR, 10-11/99 32 * 33 * Used struct list_head instead of own list struct 34 * Invalidation of referenced dquots is no longer possible 35 * Improved free_dquots list management 36 * Quota and i_blocks are now updated in one place to avoid races 37 * Warnings are now delayed so we won't block in critical section 38 * Write updated not to require dquot lock 39 * Jan Kara, <jack@suse.cz>, 9/2000 40 * 41 * Added dynamic quota structure allocation 42 * Jan Kara <jack@suse.cz> 12/2000 43 * 44 * Rewritten quota interface. Implemented new quota format and 45 * formats registering. 46 * Jan Kara, <jack@suse.cz>, 2001,2002 47 * 48 * New SMP locking. 49 * Jan Kara, <jack@suse.cz>, 10/2002 50 * 51 * Added journalled quota support, fix lock inversion problems 52 * Jan Kara, <jack@suse.cz>, 2003,2004 53 * 54 * (C) Copyright 1994 - 1997 Marco van Wieringen 55 */ 56 57 #include <linux/errno.h> 58 #include <linux/kernel.h> 59 #include <linux/fs.h> 60 #include <linux/mount.h> 61 #include <linux/mm.h> 62 #include <linux/time.h> 63 #include <linux/types.h> 64 #include <linux/string.h> 65 #include <linux/fcntl.h> 66 #include <linux/stat.h> 67 #include <linux/tty.h> 68 #include <linux/file.h> 69 #include <linux/slab.h> 70 #include <linux/sysctl.h> 71 #include <linux/init.h> 72 #include <linux/module.h> 73 #include <linux/proc_fs.h> 74 #include <linux/security.h> 75 #include <linux/sched.h> 76 #include <linux/cred.h> 77 #include <linux/kmod.h> 78 #include <linux/namei.h> 79 #include <linux/capability.h> 80 #include <linux/quotaops.h> 81 #include <linux/blkdev.h> 82 #include <linux/sched/mm.h> 83 #include "../internal.h" /* ugh */ 84 85 #include <linux/uaccess.h> 86 87 /* 88 * There are five quota SMP locks: 89 * * dq_list_lock protects all lists with quotas and quota formats. 90 * * dquot->dq_dqb_lock protects data from dq_dqb 91 * * inode->i_lock protects inode->i_blocks, i_bytes and also guards 92 * consistency of dquot->dq_dqb with inode->i_blocks, i_bytes so that 93 * dquot_transfer() can stabilize amount it transfers 94 * * dq_data_lock protects mem_dqinfo structures and modifications of dquot 95 * pointers in the inode 96 * * dq_state_lock protects modifications of quota state (on quotaon and 97 * quotaoff) and readers who care about latest values take it as well. 98 * 99 * The spinlock ordering is hence: 100 * dq_data_lock > dq_list_lock > i_lock > dquot->dq_dqb_lock, 101 * dq_list_lock > dq_state_lock 102 * 103 * Note that some things (eg. sb pointer, type, id) doesn't change during 104 * the life of the dquot structure and so needn't to be protected by a lock 105 * 106 * Operation accessing dquots via inode pointers are protected by dquot_srcu. 107 * Operation of reading pointer needs srcu_read_lock(&dquot_srcu), and 108 * synchronize_srcu(&dquot_srcu) is called after clearing pointers from 109 * inode and before dropping dquot references to avoid use of dquots after 110 * they are freed. dq_data_lock is used to serialize the pointer setting and 111 * clearing operations. 112 * Special care needs to be taken about S_NOQUOTA inode flag (marking that 113 * inode is a quota file). Functions adding pointers from inode to dquots have 114 * to check this flag under dq_data_lock and then (if S_NOQUOTA is not set) they 115 * have to do all pointer modifications before dropping dq_data_lock. This makes 116 * sure they cannot race with quotaon which first sets S_NOQUOTA flag and 117 * then drops all pointers to dquots from an inode. 118 * 119 * Each dquot has its dq_lock mutex. Dquot is locked when it is being read to 120 * memory (or space for it is being allocated) on the first dqget(), when it is 121 * being written out, and when it is being released on the last dqput(). The 122 * allocation and release operations are serialized by the dq_lock and by 123 * checking the use count in dquot_release(). 124 * 125 * Lock ordering (including related VFS locks) is the following: 126 * s_umount > i_mutex > journal_lock > dquot->dq_lock > dqio_sem 127 */ 128 129 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_list_lock); 130 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_state_lock); 131 __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_data_lock); 132 EXPORT_SYMBOL(dq_data_lock); 133 DEFINE_STATIC_SRCU(dquot_srcu); 134 135 static DECLARE_WAIT_QUEUE_HEAD(dquot_ref_wq); 136 137 void __quota_error(struct super_block *sb, const char *func, 138 const char *fmt, ...) 139 { 140 if (printk_ratelimit()) { 141 va_list args; 142 struct va_format vaf; 143 144 va_start(args, fmt); 145 146 vaf.fmt = fmt; 147 vaf.va = &args; 148 149 printk(KERN_ERR "Quota error (device %s): %s: %pV\n", 150 sb->s_id, func, &vaf); 151 152 va_end(args); 153 } 154 } 155 EXPORT_SYMBOL(__quota_error); 156 157 #if defined(CONFIG_QUOTA_DEBUG) || defined(CONFIG_PRINT_QUOTA_WARNING) 158 static char *quotatypes[] = INITQFNAMES; 159 #endif 160 static struct quota_format_type *quota_formats; /* List of registered formats */ 161 static struct quota_module_name module_names[] = INIT_QUOTA_MODULE_NAMES; 162 163 /* SLAB cache for dquot structures */ 164 static struct kmem_cache *dquot_cachep; 165 166 void register_quota_format(struct quota_format_type *fmt) 167 { 168 spin_lock(&dq_list_lock); 169 fmt->qf_next = quota_formats; 170 quota_formats = fmt; 171 spin_unlock(&dq_list_lock); 172 } 173 EXPORT_SYMBOL(register_quota_format); 174 175 void unregister_quota_format(struct quota_format_type *fmt) 176 { 177 struct quota_format_type **actqf; 178 179 spin_lock(&dq_list_lock); 180 for (actqf = "a_formats; *actqf && *actqf != fmt; 181 actqf = &(*actqf)->qf_next) 182 ; 183 if (*actqf) 184 *actqf = (*actqf)->qf_next; 185 spin_unlock(&dq_list_lock); 186 } 187 EXPORT_SYMBOL(unregister_quota_format); 188 189 static struct quota_format_type *find_quota_format(int id) 190 { 191 struct quota_format_type *actqf; 192 193 spin_lock(&dq_list_lock); 194 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; 195 actqf = actqf->qf_next) 196 ; 197 if (!actqf || !try_module_get(actqf->qf_owner)) { 198 int qm; 199 200 spin_unlock(&dq_list_lock); 201 202 for (qm = 0; module_names[qm].qm_fmt_id && 203 module_names[qm].qm_fmt_id != id; qm++) 204 ; 205 if (!module_names[qm].qm_fmt_id || 206 request_module(module_names[qm].qm_mod_name)) 207 return NULL; 208 209 spin_lock(&dq_list_lock); 210 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; 211 actqf = actqf->qf_next) 212 ; 213 if (actqf && !try_module_get(actqf->qf_owner)) 214 actqf = NULL; 215 } 216 spin_unlock(&dq_list_lock); 217 return actqf; 218 } 219 220 static void put_quota_format(struct quota_format_type *fmt) 221 { 222 module_put(fmt->qf_owner); 223 } 224 225 /* 226 * Dquot List Management: 227 * The quota code uses five lists for dquot management: the inuse_list, 228 * releasing_dquots, free_dquots, dqi_dirty_list, and dquot_hash[] array. 229 * A single dquot structure may be on some of those lists, depending on 230 * its current state. 231 * 232 * All dquots are placed to the end of inuse_list when first created, and this 233 * list is used for invalidate operation, which must look at every dquot. 234 * 235 * When the last reference of a dquot is dropped, the dquot is added to 236 * releasing_dquots. We'll then queue work item which will call 237 * synchronize_srcu() and after that perform the final cleanup of all the 238 * dquots on the list. Each cleaned up dquot is moved to free_dquots list. 239 * Both releasing_dquots and free_dquots use the dq_free list_head in the dquot 240 * struct. 241 * 242 * Unused and cleaned up dquots are in the free_dquots list and this list is 243 * searched whenever we need an available dquot. Dquots are removed from the 244 * list as soon as they are used again and dqstats.free_dquots gives the number 245 * of dquots on the list. When dquot is invalidated it's completely released 246 * from memory. 247 * 248 * Dirty dquots are added to the dqi_dirty_list of quota_info when mark 249 * dirtied, and this list is searched when writing dirty dquots back to 250 * quota file. Note that some filesystems do dirty dquot tracking on their 251 * own (e.g. in a journal) and thus don't use dqi_dirty_list. 252 * 253 * Dquots with a specific identity (device, type and id) are placed on 254 * one of the dquot_hash[] hash chains. The provides an efficient search 255 * mechanism to locate a specific dquot. 256 */ 257 258 static LIST_HEAD(inuse_list); 259 static LIST_HEAD(free_dquots); 260 static LIST_HEAD(releasing_dquots); 261 static unsigned int dq_hash_bits, dq_hash_mask; 262 static struct hlist_head *dquot_hash; 263 264 struct dqstats dqstats; 265 EXPORT_SYMBOL(dqstats); 266 267 static qsize_t inode_get_rsv_space(struct inode *inode); 268 static qsize_t __inode_get_rsv_space(struct inode *inode); 269 static int __dquot_initialize(struct inode *inode, int type); 270 271 static void quota_release_workfn(struct work_struct *work); 272 static DECLARE_DELAYED_WORK(quota_release_work, quota_release_workfn); 273 274 static inline unsigned int 275 hashfn(const struct super_block *sb, struct kqid qid) 276 { 277 unsigned int id = from_kqid(&init_user_ns, qid); 278 int type = qid.type; 279 unsigned long tmp; 280 281 tmp = (((unsigned long)sb>>L1_CACHE_SHIFT) ^ id) * (MAXQUOTAS - type); 282 return (tmp + (tmp >> dq_hash_bits)) & dq_hash_mask; 283 } 284 285 /* 286 * Following list functions expect dq_list_lock to be held 287 */ 288 static inline void insert_dquot_hash(struct dquot *dquot) 289 { 290 struct hlist_head *head; 291 head = dquot_hash + hashfn(dquot->dq_sb, dquot->dq_id); 292 hlist_add_head(&dquot->dq_hash, head); 293 } 294 295 static inline void remove_dquot_hash(struct dquot *dquot) 296 { 297 hlist_del_init(&dquot->dq_hash); 298 } 299 300 static struct dquot *find_dquot(unsigned int hashent, struct super_block *sb, 301 struct kqid qid) 302 { 303 struct dquot *dquot; 304 305 hlist_for_each_entry(dquot, dquot_hash+hashent, dq_hash) 306 if (dquot->dq_sb == sb && qid_eq(dquot->dq_id, qid)) 307 return dquot; 308 309 return NULL; 310 } 311 312 /* Add a dquot to the tail of the free list */ 313 static inline void put_dquot_last(struct dquot *dquot) 314 { 315 list_add_tail(&dquot->dq_free, &free_dquots); 316 dqstats_inc(DQST_FREE_DQUOTS); 317 } 318 319 static inline void put_releasing_dquots(struct dquot *dquot) 320 { 321 list_add_tail(&dquot->dq_free, &releasing_dquots); 322 set_bit(DQ_RELEASING_B, &dquot->dq_flags); 323 } 324 325 static inline void remove_free_dquot(struct dquot *dquot) 326 { 327 if (list_empty(&dquot->dq_free)) 328 return; 329 list_del_init(&dquot->dq_free); 330 if (!test_bit(DQ_RELEASING_B, &dquot->dq_flags)) 331 dqstats_dec(DQST_FREE_DQUOTS); 332 else 333 clear_bit(DQ_RELEASING_B, &dquot->dq_flags); 334 } 335 336 static inline void put_inuse(struct dquot *dquot) 337 { 338 /* We add to the back of inuse list so we don't have to restart 339 * when traversing this list and we block */ 340 list_add_tail(&dquot->dq_inuse, &inuse_list); 341 dqstats_inc(DQST_ALLOC_DQUOTS); 342 } 343 344 static inline void remove_inuse(struct dquot *dquot) 345 { 346 dqstats_dec(DQST_ALLOC_DQUOTS); 347 list_del(&dquot->dq_inuse); 348 } 349 /* 350 * End of list functions needing dq_list_lock 351 */ 352 353 static void wait_on_dquot(struct dquot *dquot) 354 { 355 mutex_lock(&dquot->dq_lock); 356 mutex_unlock(&dquot->dq_lock); 357 } 358 359 static inline int dquot_active(struct dquot *dquot) 360 { 361 return test_bit(DQ_ACTIVE_B, &dquot->dq_flags); 362 } 363 364 static inline int dquot_dirty(struct dquot *dquot) 365 { 366 return test_bit(DQ_MOD_B, &dquot->dq_flags); 367 } 368 369 static inline int mark_dquot_dirty(struct dquot *dquot) 370 { 371 return dquot->dq_sb->dq_op->mark_dirty(dquot); 372 } 373 374 /* Mark dquot dirty in atomic manner, and return it's old dirty flag state */ 375 int dquot_mark_dquot_dirty(struct dquot *dquot) 376 { 377 int ret = 1; 378 379 if (!dquot_active(dquot)) 380 return 0; 381 382 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY) 383 return test_and_set_bit(DQ_MOD_B, &dquot->dq_flags); 384 385 /* If quota is dirty already, we don't have to acquire dq_list_lock */ 386 if (dquot_dirty(dquot)) 387 return 1; 388 389 spin_lock(&dq_list_lock); 390 if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags)) { 391 list_add(&dquot->dq_dirty, &sb_dqopt(dquot->dq_sb)-> 392 info[dquot->dq_id.type].dqi_dirty_list); 393 ret = 0; 394 } 395 spin_unlock(&dq_list_lock); 396 return ret; 397 } 398 EXPORT_SYMBOL(dquot_mark_dquot_dirty); 399 400 /* Dirtify all the dquots - this can block when journalling */ 401 static inline int mark_all_dquot_dirty(struct dquot __rcu * const *dquots) 402 { 403 int ret, err, cnt; 404 struct dquot *dquot; 405 406 ret = err = 0; 407 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 408 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 409 if (dquot) 410 /* Even in case of error we have to continue */ 411 ret = mark_dquot_dirty(dquot); 412 if (!err && ret < 0) 413 err = ret; 414 } 415 return err; 416 } 417 418 static inline void dqput_all(struct dquot **dquot) 419 { 420 unsigned int cnt; 421 422 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 423 dqput(dquot[cnt]); 424 } 425 426 static inline int clear_dquot_dirty(struct dquot *dquot) 427 { 428 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY) 429 return test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags); 430 431 spin_lock(&dq_list_lock); 432 if (!test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags)) { 433 spin_unlock(&dq_list_lock); 434 return 0; 435 } 436 list_del_init(&dquot->dq_dirty); 437 spin_unlock(&dq_list_lock); 438 return 1; 439 } 440 441 void mark_info_dirty(struct super_block *sb, int type) 442 { 443 spin_lock(&dq_data_lock); 444 sb_dqopt(sb)->info[type].dqi_flags |= DQF_INFO_DIRTY; 445 spin_unlock(&dq_data_lock); 446 } 447 EXPORT_SYMBOL(mark_info_dirty); 448 449 /* 450 * Read dquot from disk and alloc space for it 451 */ 452 453 int dquot_acquire(struct dquot *dquot) 454 { 455 int ret = 0, ret2 = 0; 456 unsigned int memalloc; 457 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 458 459 mutex_lock(&dquot->dq_lock); 460 memalloc = memalloc_nofs_save(); 461 if (!test_bit(DQ_READ_B, &dquot->dq_flags)) { 462 ret = dqopt->ops[dquot->dq_id.type]->read_dqblk(dquot); 463 if (ret < 0) 464 goto out_iolock; 465 } 466 /* Make sure flags update is visible after dquot has been filled */ 467 smp_mb__before_atomic(); 468 set_bit(DQ_READ_B, &dquot->dq_flags); 469 /* Instantiate dquot if needed */ 470 if (!dquot_active(dquot) && !dquot->dq_off) { 471 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot); 472 /* Write the info if needed */ 473 if (info_dirty(&dqopt->info[dquot->dq_id.type])) { 474 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info( 475 dquot->dq_sb, dquot->dq_id.type); 476 } 477 if (ret < 0) 478 goto out_iolock; 479 if (ret2 < 0) { 480 ret = ret2; 481 goto out_iolock; 482 } 483 } 484 /* 485 * Make sure flags update is visible after on-disk struct has been 486 * allocated. Paired with smp_rmb() in dqget(). 487 */ 488 smp_mb__before_atomic(); 489 set_bit(DQ_ACTIVE_B, &dquot->dq_flags); 490 out_iolock: 491 memalloc_nofs_restore(memalloc); 492 mutex_unlock(&dquot->dq_lock); 493 return ret; 494 } 495 EXPORT_SYMBOL(dquot_acquire); 496 497 /* 498 * Write dquot to disk 499 */ 500 int dquot_commit(struct dquot *dquot) 501 { 502 int ret = 0; 503 unsigned int memalloc; 504 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 505 506 mutex_lock(&dquot->dq_lock); 507 memalloc = memalloc_nofs_save(); 508 if (!clear_dquot_dirty(dquot)) 509 goto out_lock; 510 /* Inactive dquot can be only if there was error during read/init 511 * => we have better not writing it */ 512 if (dquot_active(dquot)) 513 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot); 514 else 515 ret = -EIO; 516 out_lock: 517 memalloc_nofs_restore(memalloc); 518 mutex_unlock(&dquot->dq_lock); 519 return ret; 520 } 521 EXPORT_SYMBOL(dquot_commit); 522 523 /* 524 * Release dquot 525 */ 526 int dquot_release(struct dquot *dquot) 527 { 528 int ret = 0, ret2 = 0; 529 unsigned int memalloc; 530 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 531 532 mutex_lock(&dquot->dq_lock); 533 memalloc = memalloc_nofs_save(); 534 /* Check whether we are not racing with some other dqget() */ 535 if (dquot_is_busy(dquot)) 536 goto out_dqlock; 537 if (dqopt->ops[dquot->dq_id.type]->release_dqblk) { 538 ret = dqopt->ops[dquot->dq_id.type]->release_dqblk(dquot); 539 /* Write the info */ 540 if (info_dirty(&dqopt->info[dquot->dq_id.type])) { 541 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info( 542 dquot->dq_sb, dquot->dq_id.type); 543 } 544 if (ret >= 0) 545 ret = ret2; 546 } 547 clear_bit(DQ_ACTIVE_B, &dquot->dq_flags); 548 out_dqlock: 549 memalloc_nofs_restore(memalloc); 550 mutex_unlock(&dquot->dq_lock); 551 return ret; 552 } 553 EXPORT_SYMBOL(dquot_release); 554 555 void dquot_destroy(struct dquot *dquot) 556 { 557 kmem_cache_free(dquot_cachep, dquot); 558 } 559 EXPORT_SYMBOL(dquot_destroy); 560 561 static inline void do_destroy_dquot(struct dquot *dquot) 562 { 563 dquot->dq_sb->dq_op->destroy_dquot(dquot); 564 } 565 566 /* Invalidate all dquots on the list. Note that this function is called after 567 * quota is disabled and pointers from inodes removed so there cannot be new 568 * quota users. There can still be some users of quotas due to inodes being 569 * just deleted or pruned by prune_icache() (those are not attached to any 570 * list) or parallel quotactl call. We have to wait for such users. 571 */ 572 static void invalidate_dquots(struct super_block *sb, int type) 573 { 574 struct dquot *dquot, *tmp; 575 576 restart: 577 flush_delayed_work("a_release_work); 578 579 spin_lock(&dq_list_lock); 580 list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) { 581 if (dquot->dq_sb != sb) 582 continue; 583 if (dquot->dq_id.type != type) 584 continue; 585 /* Wait for dquot users */ 586 if (atomic_read(&dquot->dq_count)) { 587 atomic_inc(&dquot->dq_count); 588 spin_unlock(&dq_list_lock); 589 /* 590 * Once dqput() wakes us up, we know it's time to free 591 * the dquot. 592 * IMPORTANT: we rely on the fact that there is always 593 * at most one process waiting for dquot to free. 594 * Otherwise dq_count would be > 1 and we would never 595 * wake up. 596 */ 597 wait_event(dquot_ref_wq, 598 atomic_read(&dquot->dq_count) == 1); 599 dqput(dquot); 600 /* At this moment dquot() need not exist (it could be 601 * reclaimed by prune_dqcache(). Hence we must 602 * restart. */ 603 goto restart; 604 } 605 /* 606 * The last user already dropped its reference but dquot didn't 607 * get fully cleaned up yet. Restart the scan which flushes the 608 * work cleaning up released dquots. 609 */ 610 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) { 611 spin_unlock(&dq_list_lock); 612 goto restart; 613 } 614 /* 615 * Quota now has no users and it has been written on last 616 * dqput() 617 */ 618 remove_dquot_hash(dquot); 619 remove_free_dquot(dquot); 620 remove_inuse(dquot); 621 do_destroy_dquot(dquot); 622 } 623 spin_unlock(&dq_list_lock); 624 } 625 626 /* Call callback for every active dquot on given filesystem */ 627 int dquot_scan_active(struct super_block *sb, 628 int (*fn)(struct dquot *dquot, unsigned long priv), 629 unsigned long priv) 630 { 631 struct dquot *dquot, *old_dquot = NULL; 632 int ret = 0; 633 634 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount)); 635 636 spin_lock(&dq_list_lock); 637 list_for_each_entry(dquot, &inuse_list, dq_inuse) { 638 if (!dquot_active(dquot)) 639 continue; 640 if (dquot->dq_sb != sb) 641 continue; 642 /* Now we have active dquot so we can just increase use count */ 643 atomic_inc(&dquot->dq_count); 644 spin_unlock(&dq_list_lock); 645 dqput(old_dquot); 646 old_dquot = dquot; 647 /* 648 * ->release_dquot() can be racing with us. Our reference 649 * protects us from new calls to it so just wait for any 650 * outstanding call and recheck the DQ_ACTIVE_B after that. 651 */ 652 wait_on_dquot(dquot); 653 if (dquot_active(dquot)) { 654 ret = fn(dquot, priv); 655 if (ret < 0) 656 goto out; 657 } 658 spin_lock(&dq_list_lock); 659 /* We are safe to continue now because our dquot could not 660 * be moved out of the inuse list while we hold the reference */ 661 } 662 spin_unlock(&dq_list_lock); 663 out: 664 dqput(old_dquot); 665 return ret; 666 } 667 EXPORT_SYMBOL(dquot_scan_active); 668 669 static inline int dquot_write_dquot(struct dquot *dquot) 670 { 671 int ret = dquot->dq_sb->dq_op->write_dquot(dquot); 672 if (ret < 0) { 673 quota_error(dquot->dq_sb, "Can't write quota structure " 674 "(error %d). Quota may get out of sync!", ret); 675 /* Clear dirty bit anyway to avoid infinite loop. */ 676 clear_dquot_dirty(dquot); 677 } 678 return ret; 679 } 680 681 /* Write all dquot structures to quota files */ 682 int dquot_writeback_dquots(struct super_block *sb, int type) 683 { 684 struct list_head dirty; 685 struct dquot *dquot; 686 struct quota_info *dqopt = sb_dqopt(sb); 687 int cnt; 688 int err, ret = 0; 689 690 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount)); 691 692 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 693 if (type != -1 && cnt != type) 694 continue; 695 if (!sb_has_quota_active(sb, cnt)) 696 continue; 697 spin_lock(&dq_list_lock); 698 /* Move list away to avoid livelock. */ 699 list_replace_init(&dqopt->info[cnt].dqi_dirty_list, &dirty); 700 while (!list_empty(&dirty)) { 701 dquot = list_first_entry(&dirty, struct dquot, 702 dq_dirty); 703 704 WARN_ON(!dquot_active(dquot)); 705 /* If the dquot is releasing we should not touch it */ 706 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) { 707 spin_unlock(&dq_list_lock); 708 flush_delayed_work("a_release_work); 709 spin_lock(&dq_list_lock); 710 continue; 711 } 712 713 /* Now we have active dquot from which someone is 714 * holding reference so we can safely just increase 715 * use count */ 716 dqgrab(dquot); 717 spin_unlock(&dq_list_lock); 718 err = dquot_write_dquot(dquot); 719 if (err && !ret) 720 ret = err; 721 dqput(dquot); 722 spin_lock(&dq_list_lock); 723 } 724 spin_unlock(&dq_list_lock); 725 } 726 727 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 728 if ((cnt == type || type == -1) && sb_has_quota_active(sb, cnt) 729 && info_dirty(&dqopt->info[cnt])) 730 sb->dq_op->write_info(sb, cnt); 731 dqstats_inc(DQST_SYNCS); 732 733 return ret; 734 } 735 EXPORT_SYMBOL(dquot_writeback_dquots); 736 737 /* Write all dquot structures to disk and make them visible from userspace */ 738 int dquot_quota_sync(struct super_block *sb, int type) 739 { 740 struct quota_info *dqopt = sb_dqopt(sb); 741 int cnt; 742 int ret; 743 744 ret = dquot_writeback_dquots(sb, type); 745 if (ret) 746 return ret; 747 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) 748 return 0; 749 750 /* This is not very clever (and fast) but currently I don't know about 751 * any other simple way of getting quota data to disk and we must get 752 * them there for userspace to be visible... */ 753 if (sb->s_op->sync_fs) { 754 ret = sb->s_op->sync_fs(sb, 1); 755 if (ret) 756 return ret; 757 } 758 ret = sync_blockdev(sb->s_bdev); 759 if (ret) 760 return ret; 761 762 /* 763 * Now when everything is written we can discard the pagecache so 764 * that userspace sees the changes. 765 */ 766 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 767 if (type != -1 && cnt != type) 768 continue; 769 if (!sb_has_quota_active(sb, cnt)) 770 continue; 771 inode_lock(dqopt->files[cnt]); 772 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0); 773 inode_unlock(dqopt->files[cnt]); 774 } 775 776 return 0; 777 } 778 EXPORT_SYMBOL(dquot_quota_sync); 779 780 static unsigned long 781 dqcache_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) 782 { 783 struct dquot *dquot; 784 unsigned long freed = 0; 785 786 spin_lock(&dq_list_lock); 787 while (!list_empty(&free_dquots) && sc->nr_to_scan) { 788 dquot = list_first_entry(&free_dquots, struct dquot, dq_free); 789 remove_dquot_hash(dquot); 790 remove_free_dquot(dquot); 791 remove_inuse(dquot); 792 do_destroy_dquot(dquot); 793 sc->nr_to_scan--; 794 freed++; 795 } 796 spin_unlock(&dq_list_lock); 797 return freed; 798 } 799 800 static unsigned long 801 dqcache_shrink_count(struct shrinker *shrink, struct shrink_control *sc) 802 { 803 return vfs_pressure_ratio( 804 percpu_counter_read_positive(&dqstats.counter[DQST_FREE_DQUOTS])); 805 } 806 807 /* 808 * Safely release dquot and put reference to dquot. 809 */ 810 static void quota_release_workfn(struct work_struct *work) 811 { 812 struct dquot *dquot; 813 struct list_head rls_head; 814 815 spin_lock(&dq_list_lock); 816 /* Exchange the list head to avoid livelock. */ 817 list_replace_init(&releasing_dquots, &rls_head); 818 spin_unlock(&dq_list_lock); 819 synchronize_srcu(&dquot_srcu); 820 821 restart: 822 spin_lock(&dq_list_lock); 823 while (!list_empty(&rls_head)) { 824 dquot = list_first_entry(&rls_head, struct dquot, dq_free); 825 WARN_ON_ONCE(atomic_read(&dquot->dq_count)); 826 /* 827 * Note that DQ_RELEASING_B protects us from racing with 828 * invalidate_dquots() calls so we are safe to work with the 829 * dquot even after we drop dq_list_lock. 830 */ 831 if (dquot_dirty(dquot)) { 832 spin_unlock(&dq_list_lock); 833 /* Commit dquot before releasing */ 834 dquot_write_dquot(dquot); 835 goto restart; 836 } 837 if (dquot_active(dquot)) { 838 spin_unlock(&dq_list_lock); 839 dquot->dq_sb->dq_op->release_dquot(dquot); 840 goto restart; 841 } 842 /* Dquot is inactive and clean, now move it to free list */ 843 remove_free_dquot(dquot); 844 put_dquot_last(dquot); 845 } 846 spin_unlock(&dq_list_lock); 847 } 848 849 /* 850 * Put reference to dquot 851 */ 852 void dqput(struct dquot *dquot) 853 { 854 if (!dquot) 855 return; 856 #ifdef CONFIG_QUOTA_DEBUG 857 if (!atomic_read(&dquot->dq_count)) { 858 quota_error(dquot->dq_sb, "trying to free free dquot of %s %d", 859 quotatypes[dquot->dq_id.type], 860 from_kqid(&init_user_ns, dquot->dq_id)); 861 BUG(); 862 } 863 #endif 864 dqstats_inc(DQST_DROPS); 865 866 spin_lock(&dq_list_lock); 867 if (atomic_read(&dquot->dq_count) > 1) { 868 /* We have more than one user... nothing to do */ 869 atomic_dec(&dquot->dq_count); 870 /* Releasing dquot during quotaoff phase? */ 871 if (!sb_has_quota_active(dquot->dq_sb, dquot->dq_id.type) && 872 atomic_read(&dquot->dq_count) == 1) 873 wake_up(&dquot_ref_wq); 874 spin_unlock(&dq_list_lock); 875 return; 876 } 877 878 /* Need to release dquot? */ 879 WARN_ON_ONCE(!list_empty(&dquot->dq_free)); 880 put_releasing_dquots(dquot); 881 atomic_dec(&dquot->dq_count); 882 spin_unlock(&dq_list_lock); 883 queue_delayed_work(system_unbound_wq, "a_release_work, 1); 884 } 885 EXPORT_SYMBOL(dqput); 886 887 struct dquot *dquot_alloc(struct super_block *sb, int type) 888 { 889 return kmem_cache_zalloc(dquot_cachep, GFP_NOFS); 890 } 891 EXPORT_SYMBOL(dquot_alloc); 892 893 static struct dquot *get_empty_dquot(struct super_block *sb, int type) 894 { 895 struct dquot *dquot; 896 897 dquot = sb->dq_op->alloc_dquot(sb, type); 898 if(!dquot) 899 return NULL; 900 901 mutex_init(&dquot->dq_lock); 902 INIT_LIST_HEAD(&dquot->dq_free); 903 INIT_LIST_HEAD(&dquot->dq_inuse); 904 INIT_HLIST_NODE(&dquot->dq_hash); 905 INIT_LIST_HEAD(&dquot->dq_dirty); 906 dquot->dq_sb = sb; 907 dquot->dq_id = make_kqid_invalid(type); 908 atomic_set(&dquot->dq_count, 1); 909 spin_lock_init(&dquot->dq_dqb_lock); 910 911 return dquot; 912 } 913 914 /* 915 * Get reference to dquot 916 * 917 * Locking is slightly tricky here. We are guarded from parallel quotaoff() 918 * destroying our dquot by: 919 * a) checking for quota flags under dq_list_lock and 920 * b) getting a reference to dquot before we release dq_list_lock 921 */ 922 struct dquot *dqget(struct super_block *sb, struct kqid qid) 923 { 924 unsigned int hashent = hashfn(sb, qid); 925 struct dquot *dquot, *empty = NULL; 926 927 if (!qid_has_mapping(sb->s_user_ns, qid)) 928 return ERR_PTR(-EINVAL); 929 930 if (!sb_has_quota_active(sb, qid.type)) 931 return ERR_PTR(-ESRCH); 932 we_slept: 933 spin_lock(&dq_list_lock); 934 spin_lock(&dq_state_lock); 935 if (!sb_has_quota_active(sb, qid.type)) { 936 spin_unlock(&dq_state_lock); 937 spin_unlock(&dq_list_lock); 938 dquot = ERR_PTR(-ESRCH); 939 goto out; 940 } 941 spin_unlock(&dq_state_lock); 942 943 dquot = find_dquot(hashent, sb, qid); 944 if (!dquot) { 945 if (!empty) { 946 spin_unlock(&dq_list_lock); 947 empty = get_empty_dquot(sb, qid.type); 948 if (!empty) 949 schedule(); /* Try to wait for a moment... */ 950 goto we_slept; 951 } 952 dquot = empty; 953 empty = NULL; 954 dquot->dq_id = qid; 955 /* all dquots go on the inuse_list */ 956 put_inuse(dquot); 957 /* hash it first so it can be found */ 958 insert_dquot_hash(dquot); 959 spin_unlock(&dq_list_lock); 960 dqstats_inc(DQST_LOOKUPS); 961 } else { 962 if (!atomic_read(&dquot->dq_count)) 963 remove_free_dquot(dquot); 964 atomic_inc(&dquot->dq_count); 965 spin_unlock(&dq_list_lock); 966 dqstats_inc(DQST_CACHE_HITS); 967 dqstats_inc(DQST_LOOKUPS); 968 } 969 /* Wait for dq_lock - after this we know that either dquot_release() is 970 * already finished or it will be canceled due to dq_count > 0 test */ 971 wait_on_dquot(dquot); 972 /* Read the dquot / allocate space in quota file */ 973 if (!dquot_active(dquot)) { 974 int err; 975 976 err = sb->dq_op->acquire_dquot(dquot); 977 if (err < 0) { 978 dqput(dquot); 979 dquot = ERR_PTR(err); 980 goto out; 981 } 982 } 983 /* 984 * Make sure following reads see filled structure - paired with 985 * smp_mb__before_atomic() in dquot_acquire(). 986 */ 987 smp_rmb(); 988 /* Has somebody invalidated entry under us? */ 989 WARN_ON_ONCE(hlist_unhashed(&dquot->dq_hash)); 990 out: 991 if (empty) 992 do_destroy_dquot(empty); 993 994 return dquot; 995 } 996 EXPORT_SYMBOL(dqget); 997 998 static inline struct dquot __rcu **i_dquot(struct inode *inode) 999 { 1000 return inode->i_sb->s_op->get_dquots(inode); 1001 } 1002 1003 static int dqinit_needed(struct inode *inode, int type) 1004 { 1005 struct dquot __rcu * const *dquots; 1006 int cnt; 1007 1008 if (IS_NOQUOTA(inode)) 1009 return 0; 1010 1011 dquots = i_dquot(inode); 1012 if (type != -1) 1013 return !dquots[type]; 1014 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1015 if (!dquots[cnt]) 1016 return 1; 1017 return 0; 1018 } 1019 1020 /* This routine is guarded by s_umount semaphore */ 1021 static int add_dquot_ref(struct super_block *sb, int type) 1022 { 1023 struct inode *inode, *old_inode = NULL; 1024 #ifdef CONFIG_QUOTA_DEBUG 1025 int reserved = 0; 1026 #endif 1027 int err = 0; 1028 1029 spin_lock(&sb->s_inode_list_lock); 1030 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { 1031 spin_lock(&inode->i_lock); 1032 if ((inode->i_state & (I_FREEING|I_WILL_FREE|I_NEW)) || 1033 !atomic_read(&inode->i_writecount) || 1034 !dqinit_needed(inode, type)) { 1035 spin_unlock(&inode->i_lock); 1036 continue; 1037 } 1038 __iget(inode); 1039 spin_unlock(&inode->i_lock); 1040 spin_unlock(&sb->s_inode_list_lock); 1041 1042 #ifdef CONFIG_QUOTA_DEBUG 1043 if (unlikely(inode_get_rsv_space(inode) > 0)) 1044 reserved = 1; 1045 #endif 1046 iput(old_inode); 1047 err = __dquot_initialize(inode, type); 1048 if (err) { 1049 iput(inode); 1050 goto out; 1051 } 1052 1053 /* 1054 * We hold a reference to 'inode' so it couldn't have been 1055 * removed from s_inodes list while we dropped the 1056 * s_inode_list_lock. We cannot iput the inode now as we can be 1057 * holding the last reference and we cannot iput it under 1058 * s_inode_list_lock. So we keep the reference and iput it 1059 * later. 1060 */ 1061 old_inode = inode; 1062 cond_resched(); 1063 spin_lock(&sb->s_inode_list_lock); 1064 } 1065 spin_unlock(&sb->s_inode_list_lock); 1066 iput(old_inode); 1067 out: 1068 #ifdef CONFIG_QUOTA_DEBUG 1069 if (reserved) { 1070 quota_error(sb, "Writes happened before quota was turned on " 1071 "thus quota information is probably inconsistent. " 1072 "Please run quotacheck(8)"); 1073 } 1074 #endif 1075 return err; 1076 } 1077 1078 static void remove_dquot_ref(struct super_block *sb, int type) 1079 { 1080 struct inode *inode; 1081 #ifdef CONFIG_QUOTA_DEBUG 1082 int reserved = 0; 1083 #endif 1084 1085 spin_lock(&sb->s_inode_list_lock); 1086 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { 1087 /* 1088 * We have to scan also I_NEW inodes because they can already 1089 * have quota pointer initialized. Luckily, we need to touch 1090 * only quota pointers and these have separate locking 1091 * (dq_data_lock). 1092 */ 1093 spin_lock(&dq_data_lock); 1094 if (!IS_NOQUOTA(inode)) { 1095 struct dquot __rcu **dquots = i_dquot(inode); 1096 struct dquot *dquot = srcu_dereference_check( 1097 dquots[type], &dquot_srcu, 1098 lockdep_is_held(&dq_data_lock)); 1099 1100 #ifdef CONFIG_QUOTA_DEBUG 1101 if (unlikely(inode_get_rsv_space(inode) > 0)) 1102 reserved = 1; 1103 #endif 1104 rcu_assign_pointer(dquots[type], NULL); 1105 if (dquot) 1106 dqput(dquot); 1107 } 1108 spin_unlock(&dq_data_lock); 1109 } 1110 spin_unlock(&sb->s_inode_list_lock); 1111 #ifdef CONFIG_QUOTA_DEBUG 1112 if (reserved) { 1113 printk(KERN_WARNING "VFS (%s): Writes happened after quota" 1114 " was disabled thus quota information is probably " 1115 "inconsistent. Please run quotacheck(8).\n", sb->s_id); 1116 } 1117 #endif 1118 } 1119 1120 /* Gather all references from inodes and drop them */ 1121 static void drop_dquot_ref(struct super_block *sb, int type) 1122 { 1123 if (sb->dq_op) 1124 remove_dquot_ref(sb, type); 1125 } 1126 1127 static inline 1128 void dquot_free_reserved_space(struct dquot *dquot, qsize_t number) 1129 { 1130 if (dquot->dq_dqb.dqb_rsvspace >= number) 1131 dquot->dq_dqb.dqb_rsvspace -= number; 1132 else { 1133 WARN_ON_ONCE(1); 1134 dquot->dq_dqb.dqb_rsvspace = 0; 1135 } 1136 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <= 1137 dquot->dq_dqb.dqb_bsoftlimit) 1138 dquot->dq_dqb.dqb_btime = (time64_t) 0; 1139 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1140 } 1141 1142 static void dquot_decr_inodes(struct dquot *dquot, qsize_t number) 1143 { 1144 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE || 1145 dquot->dq_dqb.dqb_curinodes >= number) 1146 dquot->dq_dqb.dqb_curinodes -= number; 1147 else 1148 dquot->dq_dqb.dqb_curinodes = 0; 1149 if (dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit) 1150 dquot->dq_dqb.dqb_itime = (time64_t) 0; 1151 clear_bit(DQ_INODES_B, &dquot->dq_flags); 1152 } 1153 1154 static void dquot_decr_space(struct dquot *dquot, qsize_t number) 1155 { 1156 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE || 1157 dquot->dq_dqb.dqb_curspace >= number) 1158 dquot->dq_dqb.dqb_curspace -= number; 1159 else 1160 dquot->dq_dqb.dqb_curspace = 0; 1161 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <= 1162 dquot->dq_dqb.dqb_bsoftlimit) 1163 dquot->dq_dqb.dqb_btime = (time64_t) 0; 1164 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1165 } 1166 1167 struct dquot_warn { 1168 struct super_block *w_sb; 1169 struct kqid w_dq_id; 1170 short w_type; 1171 }; 1172 1173 static int warning_issued(struct dquot *dquot, const int warntype) 1174 { 1175 int flag = (warntype == QUOTA_NL_BHARDWARN || 1176 warntype == QUOTA_NL_BSOFTLONGWARN) ? DQ_BLKS_B : 1177 ((warntype == QUOTA_NL_IHARDWARN || 1178 warntype == QUOTA_NL_ISOFTLONGWARN) ? DQ_INODES_B : 0); 1179 1180 if (!flag) 1181 return 0; 1182 return test_and_set_bit(flag, &dquot->dq_flags); 1183 } 1184 1185 #ifdef CONFIG_PRINT_QUOTA_WARNING 1186 static int flag_print_warnings = 1; 1187 1188 static int need_print_warning(struct dquot_warn *warn) 1189 { 1190 if (!flag_print_warnings) 1191 return 0; 1192 1193 switch (warn->w_dq_id.type) { 1194 case USRQUOTA: 1195 return uid_eq(current_fsuid(), warn->w_dq_id.uid); 1196 case GRPQUOTA: 1197 return in_group_p(warn->w_dq_id.gid); 1198 case PRJQUOTA: 1199 return 1; 1200 } 1201 return 0; 1202 } 1203 1204 /* Print warning to user which exceeded quota */ 1205 static void print_warning(struct dquot_warn *warn) 1206 { 1207 char *msg = NULL; 1208 struct tty_struct *tty; 1209 int warntype = warn->w_type; 1210 1211 if (warntype == QUOTA_NL_IHARDBELOW || 1212 warntype == QUOTA_NL_ISOFTBELOW || 1213 warntype == QUOTA_NL_BHARDBELOW || 1214 warntype == QUOTA_NL_BSOFTBELOW || !need_print_warning(warn)) 1215 return; 1216 1217 tty = get_current_tty(); 1218 if (!tty) 1219 return; 1220 tty_write_message(tty, warn->w_sb->s_id); 1221 if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN) 1222 tty_write_message(tty, ": warning, "); 1223 else 1224 tty_write_message(tty, ": write failed, "); 1225 tty_write_message(tty, quotatypes[warn->w_dq_id.type]); 1226 switch (warntype) { 1227 case QUOTA_NL_IHARDWARN: 1228 msg = " file limit reached.\r\n"; 1229 break; 1230 case QUOTA_NL_ISOFTLONGWARN: 1231 msg = " file quota exceeded too long.\r\n"; 1232 break; 1233 case QUOTA_NL_ISOFTWARN: 1234 msg = " file quota exceeded.\r\n"; 1235 break; 1236 case QUOTA_NL_BHARDWARN: 1237 msg = " block limit reached.\r\n"; 1238 break; 1239 case QUOTA_NL_BSOFTLONGWARN: 1240 msg = " block quota exceeded too long.\r\n"; 1241 break; 1242 case QUOTA_NL_BSOFTWARN: 1243 msg = " block quota exceeded.\r\n"; 1244 break; 1245 } 1246 tty_write_message(tty, msg); 1247 tty_kref_put(tty); 1248 } 1249 #endif 1250 1251 static void prepare_warning(struct dquot_warn *warn, struct dquot *dquot, 1252 int warntype) 1253 { 1254 if (warning_issued(dquot, warntype)) 1255 return; 1256 warn->w_type = warntype; 1257 warn->w_sb = dquot->dq_sb; 1258 warn->w_dq_id = dquot->dq_id; 1259 } 1260 1261 /* 1262 * Write warnings to the console and send warning messages over netlink. 1263 * 1264 * Note that this function can call into tty and networking code. 1265 */ 1266 static void flush_warnings(struct dquot_warn *warn) 1267 { 1268 int i; 1269 1270 for (i = 0; i < MAXQUOTAS; i++) { 1271 if (warn[i].w_type == QUOTA_NL_NOWARN) 1272 continue; 1273 #ifdef CONFIG_PRINT_QUOTA_WARNING 1274 print_warning(&warn[i]); 1275 #endif 1276 quota_send_warning(warn[i].w_dq_id, 1277 warn[i].w_sb->s_dev, warn[i].w_type); 1278 } 1279 } 1280 1281 static int ignore_hardlimit(struct dquot *dquot) 1282 { 1283 struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type]; 1284 1285 return capable(CAP_SYS_RESOURCE) && 1286 (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD || 1287 !(info->dqi_flags & DQF_ROOT_SQUASH)); 1288 } 1289 1290 static int dquot_add_inodes(struct dquot *dquot, qsize_t inodes, 1291 struct dquot_warn *warn) 1292 { 1293 qsize_t newinodes; 1294 int ret = 0; 1295 1296 spin_lock(&dquot->dq_dqb_lock); 1297 newinodes = dquot->dq_dqb.dqb_curinodes + inodes; 1298 if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type) || 1299 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1300 goto add; 1301 1302 if (dquot->dq_dqb.dqb_ihardlimit && 1303 newinodes > dquot->dq_dqb.dqb_ihardlimit && 1304 !ignore_hardlimit(dquot)) { 1305 prepare_warning(warn, dquot, QUOTA_NL_IHARDWARN); 1306 ret = -EDQUOT; 1307 goto out; 1308 } 1309 1310 if (dquot->dq_dqb.dqb_isoftlimit && 1311 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1312 dquot->dq_dqb.dqb_itime && 1313 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_itime && 1314 !ignore_hardlimit(dquot)) { 1315 prepare_warning(warn, dquot, QUOTA_NL_ISOFTLONGWARN); 1316 ret = -EDQUOT; 1317 goto out; 1318 } 1319 1320 if (dquot->dq_dqb.dqb_isoftlimit && 1321 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1322 dquot->dq_dqb.dqb_itime == 0) { 1323 prepare_warning(warn, dquot, QUOTA_NL_ISOFTWARN); 1324 dquot->dq_dqb.dqb_itime = ktime_get_real_seconds() + 1325 sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type].dqi_igrace; 1326 } 1327 add: 1328 dquot->dq_dqb.dqb_curinodes = newinodes; 1329 1330 out: 1331 spin_unlock(&dquot->dq_dqb_lock); 1332 return ret; 1333 } 1334 1335 static int dquot_add_space(struct dquot *dquot, qsize_t space, 1336 qsize_t rsv_space, unsigned int flags, 1337 struct dquot_warn *warn) 1338 { 1339 qsize_t tspace; 1340 struct super_block *sb = dquot->dq_sb; 1341 int ret = 0; 1342 1343 spin_lock(&dquot->dq_dqb_lock); 1344 if (!sb_has_quota_limits_enabled(sb, dquot->dq_id.type) || 1345 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1346 goto finish; 1347 1348 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace 1349 + space + rsv_space; 1350 1351 if (dquot->dq_dqb.dqb_bhardlimit && 1352 tspace > dquot->dq_dqb.dqb_bhardlimit && 1353 !ignore_hardlimit(dquot)) { 1354 if (flags & DQUOT_SPACE_WARN) 1355 prepare_warning(warn, dquot, QUOTA_NL_BHARDWARN); 1356 ret = -EDQUOT; 1357 goto finish; 1358 } 1359 1360 if (dquot->dq_dqb.dqb_bsoftlimit && 1361 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1362 dquot->dq_dqb.dqb_btime && 1363 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_btime && 1364 !ignore_hardlimit(dquot)) { 1365 if (flags & DQUOT_SPACE_WARN) 1366 prepare_warning(warn, dquot, QUOTA_NL_BSOFTLONGWARN); 1367 ret = -EDQUOT; 1368 goto finish; 1369 } 1370 1371 if (dquot->dq_dqb.dqb_bsoftlimit && 1372 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1373 dquot->dq_dqb.dqb_btime == 0) { 1374 if (flags & DQUOT_SPACE_WARN) { 1375 prepare_warning(warn, dquot, QUOTA_NL_BSOFTWARN); 1376 dquot->dq_dqb.dqb_btime = ktime_get_real_seconds() + 1377 sb_dqopt(sb)->info[dquot->dq_id.type].dqi_bgrace; 1378 } else { 1379 /* 1380 * We don't allow preallocation to exceed softlimit so exceeding will 1381 * be always printed 1382 */ 1383 ret = -EDQUOT; 1384 goto finish; 1385 } 1386 } 1387 finish: 1388 /* 1389 * We have to be careful and go through warning generation & grace time 1390 * setting even if DQUOT_SPACE_NOFAIL is set. That's why we check it 1391 * only here... 1392 */ 1393 if (flags & DQUOT_SPACE_NOFAIL) 1394 ret = 0; 1395 if (!ret) { 1396 dquot->dq_dqb.dqb_rsvspace += rsv_space; 1397 dquot->dq_dqb.dqb_curspace += space; 1398 } 1399 spin_unlock(&dquot->dq_dqb_lock); 1400 return ret; 1401 } 1402 1403 static int info_idq_free(struct dquot *dquot, qsize_t inodes) 1404 { 1405 qsize_t newinodes; 1406 1407 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1408 dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit || 1409 !sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type)) 1410 return QUOTA_NL_NOWARN; 1411 1412 newinodes = dquot->dq_dqb.dqb_curinodes - inodes; 1413 if (newinodes <= dquot->dq_dqb.dqb_isoftlimit) 1414 return QUOTA_NL_ISOFTBELOW; 1415 if (dquot->dq_dqb.dqb_curinodes >= dquot->dq_dqb.dqb_ihardlimit && 1416 newinodes < dquot->dq_dqb.dqb_ihardlimit) 1417 return QUOTA_NL_IHARDBELOW; 1418 return QUOTA_NL_NOWARN; 1419 } 1420 1421 static int info_bdq_free(struct dquot *dquot, qsize_t space) 1422 { 1423 qsize_t tspace; 1424 1425 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace; 1426 1427 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1428 tspace <= dquot->dq_dqb.dqb_bsoftlimit) 1429 return QUOTA_NL_NOWARN; 1430 1431 if (tspace - space <= dquot->dq_dqb.dqb_bsoftlimit) 1432 return QUOTA_NL_BSOFTBELOW; 1433 if (tspace >= dquot->dq_dqb.dqb_bhardlimit && 1434 tspace - space < dquot->dq_dqb.dqb_bhardlimit) 1435 return QUOTA_NL_BHARDBELOW; 1436 return QUOTA_NL_NOWARN; 1437 } 1438 1439 static int inode_quota_active(const struct inode *inode) 1440 { 1441 struct super_block *sb = inode->i_sb; 1442 1443 if (IS_NOQUOTA(inode)) 1444 return 0; 1445 return sb_any_quota_loaded(sb) & ~sb_any_quota_suspended(sb); 1446 } 1447 1448 /* 1449 * Initialize quota pointers in inode 1450 * 1451 * It is better to call this function outside of any transaction as it 1452 * might need a lot of space in journal for dquot structure allocation. 1453 */ 1454 static int __dquot_initialize(struct inode *inode, int type) 1455 { 1456 int cnt, init_needed = 0; 1457 struct dquot __rcu **dquots; 1458 struct dquot *got[MAXQUOTAS] = {}; 1459 struct super_block *sb = inode->i_sb; 1460 qsize_t rsv; 1461 int ret = 0; 1462 1463 if (!inode_quota_active(inode)) 1464 return 0; 1465 1466 dquots = i_dquot(inode); 1467 1468 /* First get references to structures we might need. */ 1469 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1470 struct kqid qid; 1471 kprojid_t projid; 1472 int rc; 1473 struct dquot *dquot; 1474 1475 if (type != -1 && cnt != type) 1476 continue; 1477 /* 1478 * The i_dquot should have been initialized in most cases, 1479 * we check it without locking here to avoid unnecessary 1480 * dqget()/dqput() calls. 1481 */ 1482 if (dquots[cnt]) 1483 continue; 1484 1485 if (!sb_has_quota_active(sb, cnt)) 1486 continue; 1487 1488 init_needed = 1; 1489 1490 switch (cnt) { 1491 case USRQUOTA: 1492 qid = make_kqid_uid(inode->i_uid); 1493 break; 1494 case GRPQUOTA: 1495 qid = make_kqid_gid(inode->i_gid); 1496 break; 1497 case PRJQUOTA: 1498 rc = inode->i_sb->dq_op->get_projid(inode, &projid); 1499 if (rc) 1500 continue; 1501 qid = make_kqid_projid(projid); 1502 break; 1503 } 1504 dquot = dqget(sb, qid); 1505 if (IS_ERR(dquot)) { 1506 /* We raced with somebody turning quotas off... */ 1507 if (PTR_ERR(dquot) != -ESRCH) { 1508 ret = PTR_ERR(dquot); 1509 goto out_put; 1510 } 1511 dquot = NULL; 1512 } 1513 got[cnt] = dquot; 1514 } 1515 1516 /* All required i_dquot has been initialized */ 1517 if (!init_needed) 1518 return 0; 1519 1520 spin_lock(&dq_data_lock); 1521 if (IS_NOQUOTA(inode)) 1522 goto out_lock; 1523 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1524 if (type != -1 && cnt != type) 1525 continue; 1526 /* Avoid races with quotaoff() */ 1527 if (!sb_has_quota_active(sb, cnt)) 1528 continue; 1529 /* We could race with quotaon or dqget() could have failed */ 1530 if (!got[cnt]) 1531 continue; 1532 if (!dquots[cnt]) { 1533 rcu_assign_pointer(dquots[cnt], got[cnt]); 1534 got[cnt] = NULL; 1535 /* 1536 * Make quota reservation system happy if someone 1537 * did a write before quota was turned on 1538 */ 1539 rsv = inode_get_rsv_space(inode); 1540 if (unlikely(rsv)) { 1541 struct dquot *dquot = srcu_dereference_check( 1542 dquots[cnt], &dquot_srcu, 1543 lockdep_is_held(&dq_data_lock)); 1544 1545 spin_lock(&inode->i_lock); 1546 /* Get reservation again under proper lock */ 1547 rsv = __inode_get_rsv_space(inode); 1548 spin_lock(&dquot->dq_dqb_lock); 1549 dquot->dq_dqb.dqb_rsvspace += rsv; 1550 spin_unlock(&dquot->dq_dqb_lock); 1551 spin_unlock(&inode->i_lock); 1552 } 1553 } 1554 } 1555 out_lock: 1556 spin_unlock(&dq_data_lock); 1557 out_put: 1558 /* Drop unused references */ 1559 dqput_all(got); 1560 1561 return ret; 1562 } 1563 1564 int dquot_initialize(struct inode *inode) 1565 { 1566 return __dquot_initialize(inode, -1); 1567 } 1568 EXPORT_SYMBOL(dquot_initialize); 1569 1570 bool dquot_initialize_needed(struct inode *inode) 1571 { 1572 struct dquot __rcu **dquots; 1573 int i; 1574 1575 if (!inode_quota_active(inode)) 1576 return false; 1577 1578 dquots = i_dquot(inode); 1579 for (i = 0; i < MAXQUOTAS; i++) 1580 if (!dquots[i] && sb_has_quota_active(inode->i_sb, i)) 1581 return true; 1582 return false; 1583 } 1584 EXPORT_SYMBOL(dquot_initialize_needed); 1585 1586 /* 1587 * Release all quotas referenced by inode. 1588 * 1589 * This function only be called on inode free or converting 1590 * a file to quota file, no other users for the i_dquot in 1591 * both cases, so we needn't call synchronize_srcu() after 1592 * clearing i_dquot. 1593 */ 1594 static void __dquot_drop(struct inode *inode) 1595 { 1596 int cnt; 1597 struct dquot __rcu **dquots = i_dquot(inode); 1598 struct dquot *put[MAXQUOTAS]; 1599 1600 spin_lock(&dq_data_lock); 1601 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1602 put[cnt] = srcu_dereference_check(dquots[cnt], &dquot_srcu, 1603 lockdep_is_held(&dq_data_lock)); 1604 rcu_assign_pointer(dquots[cnt], NULL); 1605 } 1606 spin_unlock(&dq_data_lock); 1607 dqput_all(put); 1608 } 1609 1610 void dquot_drop(struct inode *inode) 1611 { 1612 struct dquot __rcu * const *dquots; 1613 int cnt; 1614 1615 if (IS_NOQUOTA(inode)) 1616 return; 1617 1618 /* 1619 * Test before calling to rule out calls from proc and such 1620 * where we are not allowed to block. Note that this is 1621 * actually reliable test even without the lock - the caller 1622 * must assure that nobody can come after the DQUOT_DROP and 1623 * add quota pointers back anyway. 1624 */ 1625 dquots = i_dquot(inode); 1626 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1627 if (dquots[cnt]) 1628 break; 1629 } 1630 1631 if (cnt < MAXQUOTAS) 1632 __dquot_drop(inode); 1633 } 1634 EXPORT_SYMBOL(dquot_drop); 1635 1636 /* 1637 * inode_reserved_space is managed internally by quota, and protected by 1638 * i_lock similar to i_blocks+i_bytes. 1639 */ 1640 static qsize_t *inode_reserved_space(struct inode * inode) 1641 { 1642 /* Filesystem must explicitly define it's own method in order to use 1643 * quota reservation interface */ 1644 BUG_ON(!inode->i_sb->dq_op->get_reserved_space); 1645 return inode->i_sb->dq_op->get_reserved_space(inode); 1646 } 1647 1648 static qsize_t __inode_get_rsv_space(struct inode *inode) 1649 { 1650 if (!inode->i_sb->dq_op->get_reserved_space) 1651 return 0; 1652 return *inode_reserved_space(inode); 1653 } 1654 1655 static qsize_t inode_get_rsv_space(struct inode *inode) 1656 { 1657 qsize_t ret; 1658 1659 if (!inode->i_sb->dq_op->get_reserved_space) 1660 return 0; 1661 spin_lock(&inode->i_lock); 1662 ret = __inode_get_rsv_space(inode); 1663 spin_unlock(&inode->i_lock); 1664 return ret; 1665 } 1666 1667 /* 1668 * This functions updates i_blocks+i_bytes fields and quota information 1669 * (together with appropriate checks). 1670 * 1671 * NOTE: We absolutely rely on the fact that caller dirties the inode 1672 * (usually helpers in quotaops.h care about this) and holds a handle for 1673 * the current transaction so that dquot write and inode write go into the 1674 * same transaction. 1675 */ 1676 1677 /* 1678 * This operation can block, but only after everything is updated 1679 */ 1680 int __dquot_alloc_space(struct inode *inode, qsize_t number, int flags) 1681 { 1682 int cnt, ret = 0, index; 1683 struct dquot_warn warn[MAXQUOTAS]; 1684 int reserve = flags & DQUOT_SPACE_RESERVE; 1685 struct dquot __rcu **dquots; 1686 struct dquot *dquot; 1687 1688 if (!inode_quota_active(inode)) { 1689 if (reserve) { 1690 spin_lock(&inode->i_lock); 1691 *inode_reserved_space(inode) += number; 1692 spin_unlock(&inode->i_lock); 1693 } else { 1694 inode_add_bytes(inode, number); 1695 } 1696 goto out; 1697 } 1698 1699 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1700 warn[cnt].w_type = QUOTA_NL_NOWARN; 1701 1702 dquots = i_dquot(inode); 1703 index = srcu_read_lock(&dquot_srcu); 1704 spin_lock(&inode->i_lock); 1705 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1706 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1707 if (!dquot) 1708 continue; 1709 if (reserve) { 1710 ret = dquot_add_space(dquot, 0, number, flags, &warn[cnt]); 1711 } else { 1712 ret = dquot_add_space(dquot, number, 0, flags, &warn[cnt]); 1713 } 1714 if (ret) { 1715 /* Back out changes we already did */ 1716 for (cnt--; cnt >= 0; cnt--) { 1717 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1718 if (!dquot) 1719 continue; 1720 spin_lock(&dquot->dq_dqb_lock); 1721 if (reserve) 1722 dquot_free_reserved_space(dquot, number); 1723 else 1724 dquot_decr_space(dquot, number); 1725 spin_unlock(&dquot->dq_dqb_lock); 1726 } 1727 spin_unlock(&inode->i_lock); 1728 goto out_flush_warn; 1729 } 1730 } 1731 if (reserve) 1732 *inode_reserved_space(inode) += number; 1733 else 1734 __inode_add_bytes(inode, number); 1735 spin_unlock(&inode->i_lock); 1736 1737 if (reserve) 1738 goto out_flush_warn; 1739 ret = mark_all_dquot_dirty(dquots); 1740 out_flush_warn: 1741 srcu_read_unlock(&dquot_srcu, index); 1742 flush_warnings(warn); 1743 out: 1744 return ret; 1745 } 1746 EXPORT_SYMBOL(__dquot_alloc_space); 1747 1748 /* 1749 * This operation can block, but only after everything is updated 1750 */ 1751 int dquot_alloc_inode(struct inode *inode) 1752 { 1753 int cnt, ret = 0, index; 1754 struct dquot_warn warn[MAXQUOTAS]; 1755 struct dquot __rcu * const *dquots; 1756 struct dquot *dquot; 1757 1758 if (!inode_quota_active(inode)) 1759 return 0; 1760 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1761 warn[cnt].w_type = QUOTA_NL_NOWARN; 1762 1763 dquots = i_dquot(inode); 1764 index = srcu_read_lock(&dquot_srcu); 1765 spin_lock(&inode->i_lock); 1766 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1767 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1768 if (!dquot) 1769 continue; 1770 ret = dquot_add_inodes(dquot, 1, &warn[cnt]); 1771 if (ret) { 1772 for (cnt--; cnt >= 0; cnt--) { 1773 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1774 if (!dquot) 1775 continue; 1776 /* Back out changes we already did */ 1777 spin_lock(&dquot->dq_dqb_lock); 1778 dquot_decr_inodes(dquot, 1); 1779 spin_unlock(&dquot->dq_dqb_lock); 1780 } 1781 goto warn_put_all; 1782 } 1783 } 1784 1785 warn_put_all: 1786 spin_unlock(&inode->i_lock); 1787 if (ret == 0) 1788 ret = mark_all_dquot_dirty(dquots); 1789 srcu_read_unlock(&dquot_srcu, index); 1790 flush_warnings(warn); 1791 return ret; 1792 } 1793 EXPORT_SYMBOL(dquot_alloc_inode); 1794 1795 /* 1796 * Convert in-memory reserved quotas to real consumed quotas 1797 */ 1798 void dquot_claim_space_nodirty(struct inode *inode, qsize_t number) 1799 { 1800 struct dquot __rcu **dquots; 1801 struct dquot *dquot; 1802 int cnt, index; 1803 1804 if (!inode_quota_active(inode)) { 1805 spin_lock(&inode->i_lock); 1806 *inode_reserved_space(inode) -= number; 1807 __inode_add_bytes(inode, number); 1808 spin_unlock(&inode->i_lock); 1809 return; 1810 } 1811 1812 dquots = i_dquot(inode); 1813 index = srcu_read_lock(&dquot_srcu); 1814 spin_lock(&inode->i_lock); 1815 /* Claim reserved quotas to allocated quotas */ 1816 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1817 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1818 if (dquot) { 1819 spin_lock(&dquot->dq_dqb_lock); 1820 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_rsvspace < number)) 1821 number = dquot->dq_dqb.dqb_rsvspace; 1822 dquot->dq_dqb.dqb_curspace += number; 1823 dquot->dq_dqb.dqb_rsvspace -= number; 1824 spin_unlock(&dquot->dq_dqb_lock); 1825 } 1826 } 1827 /* Update inode bytes */ 1828 *inode_reserved_space(inode) -= number; 1829 __inode_add_bytes(inode, number); 1830 spin_unlock(&inode->i_lock); 1831 mark_all_dquot_dirty(dquots); 1832 srcu_read_unlock(&dquot_srcu, index); 1833 } 1834 EXPORT_SYMBOL(dquot_claim_space_nodirty); 1835 1836 /* 1837 * Convert allocated space back to in-memory reserved quotas 1838 */ 1839 void dquot_reclaim_space_nodirty(struct inode *inode, qsize_t number) 1840 { 1841 struct dquot __rcu **dquots; 1842 struct dquot *dquot; 1843 int cnt, index; 1844 1845 if (!inode_quota_active(inode)) { 1846 spin_lock(&inode->i_lock); 1847 *inode_reserved_space(inode) += number; 1848 __inode_sub_bytes(inode, number); 1849 spin_unlock(&inode->i_lock); 1850 return; 1851 } 1852 1853 dquots = i_dquot(inode); 1854 index = srcu_read_lock(&dquot_srcu); 1855 spin_lock(&inode->i_lock); 1856 /* Claim reserved quotas to allocated quotas */ 1857 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1858 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1859 if (dquot) { 1860 spin_lock(&dquot->dq_dqb_lock); 1861 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_curspace < number)) 1862 number = dquot->dq_dqb.dqb_curspace; 1863 dquot->dq_dqb.dqb_rsvspace += number; 1864 dquot->dq_dqb.dqb_curspace -= number; 1865 spin_unlock(&dquot->dq_dqb_lock); 1866 } 1867 } 1868 /* Update inode bytes */ 1869 *inode_reserved_space(inode) += number; 1870 __inode_sub_bytes(inode, number); 1871 spin_unlock(&inode->i_lock); 1872 mark_all_dquot_dirty(dquots); 1873 srcu_read_unlock(&dquot_srcu, index); 1874 } 1875 EXPORT_SYMBOL(dquot_reclaim_space_nodirty); 1876 1877 /* 1878 * This operation can block, but only after everything is updated 1879 */ 1880 void __dquot_free_space(struct inode *inode, qsize_t number, int flags) 1881 { 1882 unsigned int cnt; 1883 struct dquot_warn warn[MAXQUOTAS]; 1884 struct dquot __rcu **dquots; 1885 struct dquot *dquot; 1886 int reserve = flags & DQUOT_SPACE_RESERVE, index; 1887 1888 if (!inode_quota_active(inode)) { 1889 if (reserve) { 1890 spin_lock(&inode->i_lock); 1891 *inode_reserved_space(inode) -= number; 1892 spin_unlock(&inode->i_lock); 1893 } else { 1894 inode_sub_bytes(inode, number); 1895 } 1896 return; 1897 } 1898 1899 dquots = i_dquot(inode); 1900 index = srcu_read_lock(&dquot_srcu); 1901 spin_lock(&inode->i_lock); 1902 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1903 int wtype; 1904 1905 warn[cnt].w_type = QUOTA_NL_NOWARN; 1906 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1907 if (!dquot) 1908 continue; 1909 spin_lock(&dquot->dq_dqb_lock); 1910 wtype = info_bdq_free(dquot, number); 1911 if (wtype != QUOTA_NL_NOWARN) 1912 prepare_warning(&warn[cnt], dquot, wtype); 1913 if (reserve) 1914 dquot_free_reserved_space(dquot, number); 1915 else 1916 dquot_decr_space(dquot, number); 1917 spin_unlock(&dquot->dq_dqb_lock); 1918 } 1919 if (reserve) 1920 *inode_reserved_space(inode) -= number; 1921 else 1922 __inode_sub_bytes(inode, number); 1923 spin_unlock(&inode->i_lock); 1924 1925 if (reserve) 1926 goto out_unlock; 1927 mark_all_dquot_dirty(dquots); 1928 out_unlock: 1929 srcu_read_unlock(&dquot_srcu, index); 1930 flush_warnings(warn); 1931 } 1932 EXPORT_SYMBOL(__dquot_free_space); 1933 1934 /* 1935 * This operation can block, but only after everything is updated 1936 */ 1937 void dquot_free_inode(struct inode *inode) 1938 { 1939 unsigned int cnt; 1940 struct dquot_warn warn[MAXQUOTAS]; 1941 struct dquot __rcu * const *dquots; 1942 struct dquot *dquot; 1943 int index; 1944 1945 if (!inode_quota_active(inode)) 1946 return; 1947 1948 dquots = i_dquot(inode); 1949 index = srcu_read_lock(&dquot_srcu); 1950 spin_lock(&inode->i_lock); 1951 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1952 int wtype; 1953 warn[cnt].w_type = QUOTA_NL_NOWARN; 1954 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1955 if (!dquot) 1956 continue; 1957 spin_lock(&dquot->dq_dqb_lock); 1958 wtype = info_idq_free(dquot, 1); 1959 if (wtype != QUOTA_NL_NOWARN) 1960 prepare_warning(&warn[cnt], dquot, wtype); 1961 dquot_decr_inodes(dquot, 1); 1962 spin_unlock(&dquot->dq_dqb_lock); 1963 } 1964 spin_unlock(&inode->i_lock); 1965 mark_all_dquot_dirty(dquots); 1966 srcu_read_unlock(&dquot_srcu, index); 1967 flush_warnings(warn); 1968 } 1969 EXPORT_SYMBOL(dquot_free_inode); 1970 1971 /* 1972 * Transfer the number of inode and blocks from one diskquota to an other. 1973 * On success, dquot references in transfer_to are consumed and references 1974 * to original dquots that need to be released are placed there. On failure, 1975 * references are kept untouched. 1976 * 1977 * This operation can block, but only after everything is updated 1978 * A transaction must be started when entering this function. 1979 * 1980 * We are holding reference on transfer_from & transfer_to, no need to 1981 * protect them by srcu_read_lock(). 1982 */ 1983 int __dquot_transfer(struct inode *inode, struct dquot **transfer_to) 1984 { 1985 qsize_t cur_space; 1986 qsize_t rsv_space = 0; 1987 qsize_t inode_usage = 1; 1988 struct dquot __rcu **dquots; 1989 struct dquot *transfer_from[MAXQUOTAS] = {}; 1990 int cnt, index, ret = 0, err; 1991 char is_valid[MAXQUOTAS] = {}; 1992 struct dquot_warn warn_to[MAXQUOTAS]; 1993 struct dquot_warn warn_from_inodes[MAXQUOTAS]; 1994 struct dquot_warn warn_from_space[MAXQUOTAS]; 1995 1996 if (IS_NOQUOTA(inode)) 1997 return 0; 1998 1999 if (inode->i_sb->dq_op->get_inode_usage) { 2000 ret = inode->i_sb->dq_op->get_inode_usage(inode, &inode_usage); 2001 if (ret) 2002 return ret; 2003 } 2004 2005 /* Initialize the arrays */ 2006 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2007 warn_to[cnt].w_type = QUOTA_NL_NOWARN; 2008 warn_from_inodes[cnt].w_type = QUOTA_NL_NOWARN; 2009 warn_from_space[cnt].w_type = QUOTA_NL_NOWARN; 2010 } 2011 2012 spin_lock(&dq_data_lock); 2013 spin_lock(&inode->i_lock); 2014 if (IS_NOQUOTA(inode)) { /* File without quota accounting? */ 2015 spin_unlock(&inode->i_lock); 2016 spin_unlock(&dq_data_lock); 2017 return 0; 2018 } 2019 cur_space = __inode_get_bytes(inode); 2020 rsv_space = __inode_get_rsv_space(inode); 2021 dquots = i_dquot(inode); 2022 /* 2023 * Build the transfer_from list, check limits, and update usage in 2024 * the target structures. 2025 */ 2026 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2027 /* 2028 * Skip changes for same uid or gid or for turned off quota-type. 2029 */ 2030 if (!transfer_to[cnt]) 2031 continue; 2032 /* Avoid races with quotaoff() */ 2033 if (!sb_has_quota_active(inode->i_sb, cnt)) 2034 continue; 2035 is_valid[cnt] = 1; 2036 transfer_from[cnt] = srcu_dereference_check(dquots[cnt], 2037 &dquot_srcu, lockdep_is_held(&dq_data_lock)); 2038 ret = dquot_add_inodes(transfer_to[cnt], inode_usage, 2039 &warn_to[cnt]); 2040 if (ret) 2041 goto over_quota; 2042 ret = dquot_add_space(transfer_to[cnt], cur_space, rsv_space, 2043 DQUOT_SPACE_WARN, &warn_to[cnt]); 2044 if (ret) { 2045 spin_lock(&transfer_to[cnt]->dq_dqb_lock); 2046 dquot_decr_inodes(transfer_to[cnt], inode_usage); 2047 spin_unlock(&transfer_to[cnt]->dq_dqb_lock); 2048 goto over_quota; 2049 } 2050 } 2051 2052 /* Decrease usage for source structures and update quota pointers */ 2053 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2054 if (!is_valid[cnt]) 2055 continue; 2056 /* Due to IO error we might not have transfer_from[] structure */ 2057 if (transfer_from[cnt]) { 2058 int wtype; 2059 2060 spin_lock(&transfer_from[cnt]->dq_dqb_lock); 2061 wtype = info_idq_free(transfer_from[cnt], inode_usage); 2062 if (wtype != QUOTA_NL_NOWARN) 2063 prepare_warning(&warn_from_inodes[cnt], 2064 transfer_from[cnt], wtype); 2065 wtype = info_bdq_free(transfer_from[cnt], 2066 cur_space + rsv_space); 2067 if (wtype != QUOTA_NL_NOWARN) 2068 prepare_warning(&warn_from_space[cnt], 2069 transfer_from[cnt], wtype); 2070 dquot_decr_inodes(transfer_from[cnt], inode_usage); 2071 dquot_decr_space(transfer_from[cnt], cur_space); 2072 dquot_free_reserved_space(transfer_from[cnt], 2073 rsv_space); 2074 spin_unlock(&transfer_from[cnt]->dq_dqb_lock); 2075 } 2076 rcu_assign_pointer(dquots[cnt], transfer_to[cnt]); 2077 } 2078 spin_unlock(&inode->i_lock); 2079 spin_unlock(&dq_data_lock); 2080 2081 /* 2082 * These arrays are local and we hold dquot references so we don't need 2083 * the srcu protection but still take dquot_srcu to avoid warning in 2084 * mark_all_dquot_dirty(). 2085 */ 2086 index = srcu_read_lock(&dquot_srcu); 2087 err = mark_all_dquot_dirty((struct dquot __rcu **)transfer_from); 2088 if (err < 0) 2089 ret = err; 2090 err = mark_all_dquot_dirty((struct dquot __rcu **)transfer_to); 2091 if (err < 0) 2092 ret = err; 2093 srcu_read_unlock(&dquot_srcu, index); 2094 2095 flush_warnings(warn_to); 2096 flush_warnings(warn_from_inodes); 2097 flush_warnings(warn_from_space); 2098 /* Pass back references to put */ 2099 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2100 if (is_valid[cnt]) 2101 transfer_to[cnt] = transfer_from[cnt]; 2102 return ret; 2103 over_quota: 2104 /* Back out changes we already did */ 2105 for (cnt--; cnt >= 0; cnt--) { 2106 if (!is_valid[cnt]) 2107 continue; 2108 spin_lock(&transfer_to[cnt]->dq_dqb_lock); 2109 dquot_decr_inodes(transfer_to[cnt], inode_usage); 2110 dquot_decr_space(transfer_to[cnt], cur_space); 2111 dquot_free_reserved_space(transfer_to[cnt], rsv_space); 2112 spin_unlock(&transfer_to[cnt]->dq_dqb_lock); 2113 } 2114 spin_unlock(&inode->i_lock); 2115 spin_unlock(&dq_data_lock); 2116 flush_warnings(warn_to); 2117 return ret; 2118 } 2119 EXPORT_SYMBOL(__dquot_transfer); 2120 2121 /* Wrapper for transferring ownership of an inode for uid/gid only 2122 * Called from FSXXX_setattr() 2123 */ 2124 int dquot_transfer(struct mnt_idmap *idmap, struct inode *inode, 2125 struct iattr *iattr) 2126 { 2127 struct dquot *transfer_to[MAXQUOTAS] = {}; 2128 struct dquot *dquot; 2129 struct super_block *sb = inode->i_sb; 2130 int ret; 2131 2132 if (!inode_quota_active(inode)) 2133 return 0; 2134 2135 if (i_uid_needs_update(idmap, iattr, inode)) { 2136 kuid_t kuid = from_vfsuid(idmap, i_user_ns(inode), 2137 iattr->ia_vfsuid); 2138 2139 dquot = dqget(sb, make_kqid_uid(kuid)); 2140 if (IS_ERR(dquot)) { 2141 if (PTR_ERR(dquot) != -ESRCH) { 2142 ret = PTR_ERR(dquot); 2143 goto out_put; 2144 } 2145 dquot = NULL; 2146 } 2147 transfer_to[USRQUOTA] = dquot; 2148 } 2149 if (i_gid_needs_update(idmap, iattr, inode)) { 2150 kgid_t kgid = from_vfsgid(idmap, i_user_ns(inode), 2151 iattr->ia_vfsgid); 2152 2153 dquot = dqget(sb, make_kqid_gid(kgid)); 2154 if (IS_ERR(dquot)) { 2155 if (PTR_ERR(dquot) != -ESRCH) { 2156 ret = PTR_ERR(dquot); 2157 goto out_put; 2158 } 2159 dquot = NULL; 2160 } 2161 transfer_to[GRPQUOTA] = dquot; 2162 } 2163 ret = __dquot_transfer(inode, transfer_to); 2164 out_put: 2165 dqput_all(transfer_to); 2166 return ret; 2167 } 2168 EXPORT_SYMBOL(dquot_transfer); 2169 2170 /* 2171 * Write info of quota file to disk 2172 */ 2173 int dquot_commit_info(struct super_block *sb, int type) 2174 { 2175 struct quota_info *dqopt = sb_dqopt(sb); 2176 2177 return dqopt->ops[type]->write_file_info(sb, type); 2178 } 2179 EXPORT_SYMBOL(dquot_commit_info); 2180 2181 int dquot_get_next_id(struct super_block *sb, struct kqid *qid) 2182 { 2183 struct quota_info *dqopt = sb_dqopt(sb); 2184 2185 if (!sb_has_quota_active(sb, qid->type)) 2186 return -ESRCH; 2187 if (!dqopt->ops[qid->type]->get_next_id) 2188 return -ENOSYS; 2189 return dqopt->ops[qid->type]->get_next_id(sb, qid); 2190 } 2191 EXPORT_SYMBOL(dquot_get_next_id); 2192 2193 /* 2194 * Definitions of diskquota operations. 2195 */ 2196 const struct dquot_operations dquot_operations = { 2197 .write_dquot = dquot_commit, 2198 .acquire_dquot = dquot_acquire, 2199 .release_dquot = dquot_release, 2200 .mark_dirty = dquot_mark_dquot_dirty, 2201 .write_info = dquot_commit_info, 2202 .alloc_dquot = dquot_alloc, 2203 .destroy_dquot = dquot_destroy, 2204 .get_next_id = dquot_get_next_id, 2205 }; 2206 EXPORT_SYMBOL(dquot_operations); 2207 2208 /* 2209 * Generic helper for ->open on filesystems supporting disk quotas. 2210 */ 2211 int dquot_file_open(struct inode *inode, struct file *file) 2212 { 2213 int error; 2214 2215 error = generic_file_open(inode, file); 2216 if (!error && (file->f_mode & FMODE_WRITE)) 2217 error = dquot_initialize(inode); 2218 return error; 2219 } 2220 EXPORT_SYMBOL(dquot_file_open); 2221 2222 static void vfs_cleanup_quota_inode(struct super_block *sb, int type) 2223 { 2224 struct quota_info *dqopt = sb_dqopt(sb); 2225 struct inode *inode = dqopt->files[type]; 2226 2227 if (!inode) 2228 return; 2229 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2230 inode_lock(inode); 2231 inode->i_flags &= ~S_NOQUOTA; 2232 inode_unlock(inode); 2233 } 2234 dqopt->files[type] = NULL; 2235 iput(inode); 2236 } 2237 2238 /* 2239 * Turn quota off on a device. type == -1 ==> quotaoff for all types (umount) 2240 */ 2241 int dquot_disable(struct super_block *sb, int type, unsigned int flags) 2242 { 2243 int cnt; 2244 struct quota_info *dqopt = sb_dqopt(sb); 2245 2246 rwsem_assert_held_write(&sb->s_umount); 2247 2248 /* Cannot turn off usage accounting without turning off limits, or 2249 * suspend quotas and simultaneously turn quotas off. */ 2250 if ((flags & DQUOT_USAGE_ENABLED && !(flags & DQUOT_LIMITS_ENABLED)) 2251 || (flags & DQUOT_SUSPENDED && flags & (DQUOT_LIMITS_ENABLED | 2252 DQUOT_USAGE_ENABLED))) 2253 return -EINVAL; 2254 2255 /* 2256 * Skip everything if there's nothing to do. We have to do this because 2257 * sometimes we are called when fill_super() failed and calling 2258 * sync_fs() in such cases does no good. 2259 */ 2260 if (!sb_any_quota_loaded(sb)) 2261 return 0; 2262 2263 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2264 if (type != -1 && cnt != type) 2265 continue; 2266 if (!sb_has_quota_loaded(sb, cnt)) 2267 continue; 2268 2269 if (flags & DQUOT_SUSPENDED) { 2270 spin_lock(&dq_state_lock); 2271 dqopt->flags |= 2272 dquot_state_flag(DQUOT_SUSPENDED, cnt); 2273 spin_unlock(&dq_state_lock); 2274 } else { 2275 spin_lock(&dq_state_lock); 2276 dqopt->flags &= ~dquot_state_flag(flags, cnt); 2277 /* Turning off suspended quotas? */ 2278 if (!sb_has_quota_loaded(sb, cnt) && 2279 sb_has_quota_suspended(sb, cnt)) { 2280 dqopt->flags &= ~dquot_state_flag( 2281 DQUOT_SUSPENDED, cnt); 2282 spin_unlock(&dq_state_lock); 2283 vfs_cleanup_quota_inode(sb, cnt); 2284 continue; 2285 } 2286 spin_unlock(&dq_state_lock); 2287 } 2288 2289 /* We still have to keep quota loaded? */ 2290 if (sb_has_quota_loaded(sb, cnt) && !(flags & DQUOT_SUSPENDED)) 2291 continue; 2292 2293 /* Note: these are blocking operations */ 2294 drop_dquot_ref(sb, cnt); 2295 invalidate_dquots(sb, cnt); 2296 /* 2297 * Now all dquots should be invalidated, all writes done so we 2298 * should be only users of the info. No locks needed. 2299 */ 2300 if (info_dirty(&dqopt->info[cnt])) 2301 sb->dq_op->write_info(sb, cnt); 2302 if (dqopt->ops[cnt]->free_file_info) 2303 dqopt->ops[cnt]->free_file_info(sb, cnt); 2304 put_quota_format(dqopt->info[cnt].dqi_format); 2305 dqopt->info[cnt].dqi_flags = 0; 2306 dqopt->info[cnt].dqi_igrace = 0; 2307 dqopt->info[cnt].dqi_bgrace = 0; 2308 dqopt->ops[cnt] = NULL; 2309 } 2310 2311 /* Skip syncing and setting flags if quota files are hidden */ 2312 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) 2313 goto put_inodes; 2314 2315 /* Sync the superblock so that buffers with quota data are written to 2316 * disk (and so userspace sees correct data afterwards). */ 2317 if (sb->s_op->sync_fs) 2318 sb->s_op->sync_fs(sb, 1); 2319 sync_blockdev(sb->s_bdev); 2320 /* Now the quota files are just ordinary files and we can set the 2321 * inode flags back. Moreover we discard the pagecache so that 2322 * userspace sees the writes we did bypassing the pagecache. We 2323 * must also discard the blockdev buffers so that we see the 2324 * changes done by userspace on the next quotaon() */ 2325 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2326 if (!sb_has_quota_loaded(sb, cnt) && dqopt->files[cnt]) { 2327 inode_lock(dqopt->files[cnt]); 2328 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0); 2329 inode_unlock(dqopt->files[cnt]); 2330 } 2331 if (sb->s_bdev) 2332 invalidate_bdev(sb->s_bdev); 2333 put_inodes: 2334 /* We are done when suspending quotas */ 2335 if (flags & DQUOT_SUSPENDED) 2336 return 0; 2337 2338 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2339 if (!sb_has_quota_loaded(sb, cnt)) 2340 vfs_cleanup_quota_inode(sb, cnt); 2341 return 0; 2342 } 2343 EXPORT_SYMBOL(dquot_disable); 2344 2345 int dquot_quota_off(struct super_block *sb, int type) 2346 { 2347 return dquot_disable(sb, type, 2348 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2349 } 2350 EXPORT_SYMBOL(dquot_quota_off); 2351 2352 /* 2353 * Turn quotas on on a device 2354 */ 2355 2356 static int vfs_setup_quota_inode(struct inode *inode, int type) 2357 { 2358 struct super_block *sb = inode->i_sb; 2359 struct quota_info *dqopt = sb_dqopt(sb); 2360 2361 if (is_bad_inode(inode)) 2362 return -EUCLEAN; 2363 if (!S_ISREG(inode->i_mode)) 2364 return -EACCES; 2365 if (IS_RDONLY(inode)) 2366 return -EROFS; 2367 if (sb_has_quota_loaded(sb, type)) 2368 return -EBUSY; 2369 2370 /* 2371 * Quota files should never be encrypted. They should be thought of as 2372 * filesystem metadata, not user data. New-style internal quota files 2373 * cannot be encrypted by users anyway, but old-style external quota 2374 * files could potentially be incorrectly created in an encrypted 2375 * directory, hence this explicit check. Some reasons why encrypted 2376 * quota files don't work include: (1) some filesystems that support 2377 * encryption don't handle it in their quota_read and quota_write, and 2378 * (2) cleaning up encrypted quota files at unmount would need special 2379 * consideration, as quota files are cleaned up later than user files. 2380 */ 2381 if (IS_ENCRYPTED(inode)) 2382 return -EINVAL; 2383 2384 dqopt->files[type] = igrab(inode); 2385 if (!dqopt->files[type]) 2386 return -EIO; 2387 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2388 /* We don't want quota and atime on quota files (deadlocks 2389 * possible) Also nobody should write to the file - we use 2390 * special IO operations which ignore the immutable bit. */ 2391 inode_lock(inode); 2392 inode->i_flags |= S_NOQUOTA; 2393 inode_unlock(inode); 2394 /* 2395 * When S_NOQUOTA is set, remove dquot references as no more 2396 * references can be added 2397 */ 2398 __dquot_drop(inode); 2399 } 2400 return 0; 2401 } 2402 2403 int dquot_load_quota_sb(struct super_block *sb, int type, int format_id, 2404 unsigned int flags) 2405 { 2406 struct quota_format_type *fmt; 2407 struct quota_info *dqopt = sb_dqopt(sb); 2408 int error; 2409 2410 lockdep_assert_held_write(&sb->s_umount); 2411 2412 /* Just unsuspend quotas? */ 2413 if (WARN_ON_ONCE(flags & DQUOT_SUSPENDED)) 2414 return -EINVAL; 2415 2416 fmt = find_quota_format(format_id); 2417 if (!fmt) 2418 return -ESRCH; 2419 if (!sb->dq_op || !sb->s_qcop || 2420 (type == PRJQUOTA && sb->dq_op->get_projid == NULL)) { 2421 error = -EINVAL; 2422 goto out_fmt; 2423 } 2424 /* Filesystems outside of init_user_ns not yet supported */ 2425 if (sb->s_user_ns != &init_user_ns) { 2426 error = -EINVAL; 2427 goto out_fmt; 2428 } 2429 /* Usage always has to be set... */ 2430 if (!(flags & DQUOT_USAGE_ENABLED)) { 2431 error = -EINVAL; 2432 goto out_fmt; 2433 } 2434 if (sb_has_quota_loaded(sb, type)) { 2435 error = -EBUSY; 2436 goto out_fmt; 2437 } 2438 2439 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2440 /* As we bypass the pagecache we must now flush all the 2441 * dirty data and invalidate caches so that kernel sees 2442 * changes from userspace. It is not enough to just flush 2443 * the quota file since if blocksize < pagesize, invalidation 2444 * of the cache could fail because of other unrelated dirty 2445 * data */ 2446 sync_filesystem(sb); 2447 invalidate_bdev(sb->s_bdev); 2448 } 2449 2450 error = -EINVAL; 2451 if (!fmt->qf_ops->check_quota_file(sb, type)) 2452 goto out_fmt; 2453 2454 dqopt->ops[type] = fmt->qf_ops; 2455 dqopt->info[type].dqi_format = fmt; 2456 dqopt->info[type].dqi_fmt_id = format_id; 2457 INIT_LIST_HEAD(&dqopt->info[type].dqi_dirty_list); 2458 error = dqopt->ops[type]->read_file_info(sb, type); 2459 if (error < 0) 2460 goto out_fmt; 2461 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) { 2462 spin_lock(&dq_data_lock); 2463 dqopt->info[type].dqi_flags |= DQF_SYS_FILE; 2464 spin_unlock(&dq_data_lock); 2465 } 2466 spin_lock(&dq_state_lock); 2467 dqopt->flags |= dquot_state_flag(flags, type); 2468 spin_unlock(&dq_state_lock); 2469 2470 error = add_dquot_ref(sb, type); 2471 if (error) 2472 dquot_disable(sb, type, 2473 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2474 2475 return error; 2476 out_fmt: 2477 put_quota_format(fmt); 2478 2479 return error; 2480 } 2481 EXPORT_SYMBOL(dquot_load_quota_sb); 2482 2483 /* 2484 * More powerful function for turning on quotas on given quota inode allowing 2485 * setting of individual quota flags 2486 */ 2487 int dquot_load_quota_inode(struct inode *inode, int type, int format_id, 2488 unsigned int flags) 2489 { 2490 int err; 2491 2492 err = vfs_setup_quota_inode(inode, type); 2493 if (err < 0) 2494 return err; 2495 err = dquot_load_quota_sb(inode->i_sb, type, format_id, flags); 2496 if (err < 0) 2497 vfs_cleanup_quota_inode(inode->i_sb, type); 2498 return err; 2499 } 2500 EXPORT_SYMBOL(dquot_load_quota_inode); 2501 2502 /* Reenable quotas on remount RW */ 2503 int dquot_resume(struct super_block *sb, int type) 2504 { 2505 struct quota_info *dqopt = sb_dqopt(sb); 2506 int ret = 0, cnt; 2507 unsigned int flags; 2508 2509 rwsem_assert_held_write(&sb->s_umount); 2510 2511 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2512 if (type != -1 && cnt != type) 2513 continue; 2514 if (!sb_has_quota_suspended(sb, cnt)) 2515 continue; 2516 2517 spin_lock(&dq_state_lock); 2518 flags = dqopt->flags & dquot_state_flag(DQUOT_USAGE_ENABLED | 2519 DQUOT_LIMITS_ENABLED, 2520 cnt); 2521 dqopt->flags &= ~dquot_state_flag(DQUOT_STATE_FLAGS, cnt); 2522 spin_unlock(&dq_state_lock); 2523 2524 flags = dquot_generic_flag(flags, cnt); 2525 ret = dquot_load_quota_sb(sb, cnt, dqopt->info[cnt].dqi_fmt_id, 2526 flags); 2527 if (ret < 0) 2528 vfs_cleanup_quota_inode(sb, cnt); 2529 } 2530 2531 return ret; 2532 } 2533 EXPORT_SYMBOL(dquot_resume); 2534 2535 int dquot_quota_on(struct super_block *sb, int type, int format_id, 2536 const struct path *path) 2537 { 2538 int error = security_quota_on(path->dentry); 2539 if (error) 2540 return error; 2541 /* Quota file not on the same filesystem? */ 2542 if (path->dentry->d_sb != sb) 2543 error = -EXDEV; 2544 else 2545 error = dquot_load_quota_inode(d_inode(path->dentry), type, 2546 format_id, DQUOT_USAGE_ENABLED | 2547 DQUOT_LIMITS_ENABLED); 2548 return error; 2549 } 2550 EXPORT_SYMBOL(dquot_quota_on); 2551 2552 /* 2553 * This function is used when filesystem needs to initialize quotas 2554 * during mount time. 2555 */ 2556 int dquot_quota_on_mount(struct super_block *sb, char *qf_name, 2557 int format_id, int type) 2558 { 2559 struct dentry *dentry; 2560 int error; 2561 2562 dentry = lookup_positive_unlocked(qf_name, sb->s_root, strlen(qf_name)); 2563 if (IS_ERR(dentry)) 2564 return PTR_ERR(dentry); 2565 2566 error = security_quota_on(dentry); 2567 if (!error) 2568 error = dquot_load_quota_inode(d_inode(dentry), type, format_id, 2569 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2570 2571 dput(dentry); 2572 return error; 2573 } 2574 EXPORT_SYMBOL(dquot_quota_on_mount); 2575 2576 static int dquot_quota_enable(struct super_block *sb, unsigned int flags) 2577 { 2578 int ret; 2579 int type; 2580 struct quota_info *dqopt = sb_dqopt(sb); 2581 2582 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) 2583 return -ENOSYS; 2584 /* Accounting cannot be turned on while fs is mounted */ 2585 flags &= ~(FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT); 2586 if (!flags) 2587 return -EINVAL; 2588 for (type = 0; type < MAXQUOTAS; type++) { 2589 if (!(flags & qtype_enforce_flag(type))) 2590 continue; 2591 /* Can't enforce without accounting */ 2592 if (!sb_has_quota_usage_enabled(sb, type)) { 2593 ret = -EINVAL; 2594 goto out_err; 2595 } 2596 if (sb_has_quota_limits_enabled(sb, type)) { 2597 /* compatible with XFS */ 2598 ret = -EEXIST; 2599 goto out_err; 2600 } 2601 spin_lock(&dq_state_lock); 2602 dqopt->flags |= dquot_state_flag(DQUOT_LIMITS_ENABLED, type); 2603 spin_unlock(&dq_state_lock); 2604 } 2605 return 0; 2606 out_err: 2607 /* Backout enforcement enablement we already did */ 2608 for (type--; type >= 0; type--) { 2609 if (flags & qtype_enforce_flag(type)) 2610 dquot_disable(sb, type, DQUOT_LIMITS_ENABLED); 2611 } 2612 return ret; 2613 } 2614 2615 static int dquot_quota_disable(struct super_block *sb, unsigned int flags) 2616 { 2617 int ret; 2618 int type; 2619 struct quota_info *dqopt = sb_dqopt(sb); 2620 2621 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) 2622 return -ENOSYS; 2623 /* 2624 * We don't support turning off accounting via quotactl. In principle 2625 * quota infrastructure can do this but filesystems don't expect 2626 * userspace to be able to do it. 2627 */ 2628 if (flags & 2629 (FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT)) 2630 return -EOPNOTSUPP; 2631 2632 /* Filter out limits not enabled */ 2633 for (type = 0; type < MAXQUOTAS; type++) 2634 if (!sb_has_quota_limits_enabled(sb, type)) 2635 flags &= ~qtype_enforce_flag(type); 2636 /* Nothing left? */ 2637 if (!flags) 2638 return -EEXIST; 2639 for (type = 0; type < MAXQUOTAS; type++) { 2640 if (flags & qtype_enforce_flag(type)) { 2641 ret = dquot_disable(sb, type, DQUOT_LIMITS_ENABLED); 2642 if (ret < 0) 2643 goto out_err; 2644 } 2645 } 2646 return 0; 2647 out_err: 2648 /* Backout enforcement disabling we already did */ 2649 for (type--; type >= 0; type--) { 2650 if (flags & qtype_enforce_flag(type)) { 2651 spin_lock(&dq_state_lock); 2652 dqopt->flags |= 2653 dquot_state_flag(DQUOT_LIMITS_ENABLED, type); 2654 spin_unlock(&dq_state_lock); 2655 } 2656 } 2657 return ret; 2658 } 2659 2660 /* Generic routine for getting common part of quota structure */ 2661 static void do_get_dqblk(struct dquot *dquot, struct qc_dqblk *di) 2662 { 2663 struct mem_dqblk *dm = &dquot->dq_dqb; 2664 2665 memset(di, 0, sizeof(*di)); 2666 spin_lock(&dquot->dq_dqb_lock); 2667 di->d_spc_hardlimit = dm->dqb_bhardlimit; 2668 di->d_spc_softlimit = dm->dqb_bsoftlimit; 2669 di->d_ino_hardlimit = dm->dqb_ihardlimit; 2670 di->d_ino_softlimit = dm->dqb_isoftlimit; 2671 di->d_space = dm->dqb_curspace + dm->dqb_rsvspace; 2672 di->d_ino_count = dm->dqb_curinodes; 2673 di->d_spc_timer = dm->dqb_btime; 2674 di->d_ino_timer = dm->dqb_itime; 2675 spin_unlock(&dquot->dq_dqb_lock); 2676 } 2677 2678 int dquot_get_dqblk(struct super_block *sb, struct kqid qid, 2679 struct qc_dqblk *di) 2680 { 2681 struct dquot *dquot; 2682 2683 dquot = dqget(sb, qid); 2684 if (IS_ERR(dquot)) 2685 return PTR_ERR(dquot); 2686 do_get_dqblk(dquot, di); 2687 dqput(dquot); 2688 2689 return 0; 2690 } 2691 EXPORT_SYMBOL(dquot_get_dqblk); 2692 2693 int dquot_get_next_dqblk(struct super_block *sb, struct kqid *qid, 2694 struct qc_dqblk *di) 2695 { 2696 struct dquot *dquot; 2697 int err; 2698 2699 if (!sb->dq_op->get_next_id) 2700 return -ENOSYS; 2701 err = sb->dq_op->get_next_id(sb, qid); 2702 if (err < 0) 2703 return err; 2704 dquot = dqget(sb, *qid); 2705 if (IS_ERR(dquot)) 2706 return PTR_ERR(dquot); 2707 do_get_dqblk(dquot, di); 2708 dqput(dquot); 2709 2710 return 0; 2711 } 2712 EXPORT_SYMBOL(dquot_get_next_dqblk); 2713 2714 #define VFS_QC_MASK \ 2715 (QC_SPACE | QC_SPC_SOFT | QC_SPC_HARD | \ 2716 QC_INO_COUNT | QC_INO_SOFT | QC_INO_HARD | \ 2717 QC_SPC_TIMER | QC_INO_TIMER) 2718 2719 /* Generic routine for setting common part of quota structure */ 2720 static int do_set_dqblk(struct dquot *dquot, struct qc_dqblk *di) 2721 { 2722 struct mem_dqblk *dm = &dquot->dq_dqb; 2723 int check_blim = 0, check_ilim = 0; 2724 struct mem_dqinfo *dqi = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type]; 2725 int ret; 2726 2727 if (di->d_fieldmask & ~VFS_QC_MASK) 2728 return -EINVAL; 2729 2730 if (((di->d_fieldmask & QC_SPC_SOFT) && 2731 di->d_spc_softlimit > dqi->dqi_max_spc_limit) || 2732 ((di->d_fieldmask & QC_SPC_HARD) && 2733 di->d_spc_hardlimit > dqi->dqi_max_spc_limit) || 2734 ((di->d_fieldmask & QC_INO_SOFT) && 2735 (di->d_ino_softlimit > dqi->dqi_max_ino_limit)) || 2736 ((di->d_fieldmask & QC_INO_HARD) && 2737 (di->d_ino_hardlimit > dqi->dqi_max_ino_limit))) 2738 return -ERANGE; 2739 2740 spin_lock(&dquot->dq_dqb_lock); 2741 if (di->d_fieldmask & QC_SPACE) { 2742 dm->dqb_curspace = di->d_space - dm->dqb_rsvspace; 2743 check_blim = 1; 2744 set_bit(DQ_LASTSET_B + QIF_SPACE_B, &dquot->dq_flags); 2745 } 2746 2747 if (di->d_fieldmask & QC_SPC_SOFT) 2748 dm->dqb_bsoftlimit = di->d_spc_softlimit; 2749 if (di->d_fieldmask & QC_SPC_HARD) 2750 dm->dqb_bhardlimit = di->d_spc_hardlimit; 2751 if (di->d_fieldmask & (QC_SPC_SOFT | QC_SPC_HARD)) { 2752 check_blim = 1; 2753 set_bit(DQ_LASTSET_B + QIF_BLIMITS_B, &dquot->dq_flags); 2754 } 2755 2756 if (di->d_fieldmask & QC_INO_COUNT) { 2757 dm->dqb_curinodes = di->d_ino_count; 2758 check_ilim = 1; 2759 set_bit(DQ_LASTSET_B + QIF_INODES_B, &dquot->dq_flags); 2760 } 2761 2762 if (di->d_fieldmask & QC_INO_SOFT) 2763 dm->dqb_isoftlimit = di->d_ino_softlimit; 2764 if (di->d_fieldmask & QC_INO_HARD) 2765 dm->dqb_ihardlimit = di->d_ino_hardlimit; 2766 if (di->d_fieldmask & (QC_INO_SOFT | QC_INO_HARD)) { 2767 check_ilim = 1; 2768 set_bit(DQ_LASTSET_B + QIF_ILIMITS_B, &dquot->dq_flags); 2769 } 2770 2771 if (di->d_fieldmask & QC_SPC_TIMER) { 2772 dm->dqb_btime = di->d_spc_timer; 2773 check_blim = 1; 2774 set_bit(DQ_LASTSET_B + QIF_BTIME_B, &dquot->dq_flags); 2775 } 2776 2777 if (di->d_fieldmask & QC_INO_TIMER) { 2778 dm->dqb_itime = di->d_ino_timer; 2779 check_ilim = 1; 2780 set_bit(DQ_LASTSET_B + QIF_ITIME_B, &dquot->dq_flags); 2781 } 2782 2783 if (check_blim) { 2784 if (!dm->dqb_bsoftlimit || 2785 dm->dqb_curspace + dm->dqb_rsvspace <= dm->dqb_bsoftlimit) { 2786 dm->dqb_btime = 0; 2787 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 2788 } else if (!(di->d_fieldmask & QC_SPC_TIMER)) 2789 /* Set grace only if user hasn't provided his own... */ 2790 dm->dqb_btime = ktime_get_real_seconds() + dqi->dqi_bgrace; 2791 } 2792 if (check_ilim) { 2793 if (!dm->dqb_isoftlimit || 2794 dm->dqb_curinodes <= dm->dqb_isoftlimit) { 2795 dm->dqb_itime = 0; 2796 clear_bit(DQ_INODES_B, &dquot->dq_flags); 2797 } else if (!(di->d_fieldmask & QC_INO_TIMER)) 2798 /* Set grace only if user hasn't provided his own... */ 2799 dm->dqb_itime = ktime_get_real_seconds() + dqi->dqi_igrace; 2800 } 2801 if (dm->dqb_bhardlimit || dm->dqb_bsoftlimit || dm->dqb_ihardlimit || 2802 dm->dqb_isoftlimit) 2803 clear_bit(DQ_FAKE_B, &dquot->dq_flags); 2804 else 2805 set_bit(DQ_FAKE_B, &dquot->dq_flags); 2806 spin_unlock(&dquot->dq_dqb_lock); 2807 ret = mark_dquot_dirty(dquot); 2808 if (ret < 0) 2809 return ret; 2810 return 0; 2811 } 2812 2813 int dquot_set_dqblk(struct super_block *sb, struct kqid qid, 2814 struct qc_dqblk *di) 2815 { 2816 struct dquot *dquot; 2817 int rc; 2818 2819 dquot = dqget(sb, qid); 2820 if (IS_ERR(dquot)) { 2821 rc = PTR_ERR(dquot); 2822 goto out; 2823 } 2824 rc = do_set_dqblk(dquot, di); 2825 dqput(dquot); 2826 out: 2827 return rc; 2828 } 2829 EXPORT_SYMBOL(dquot_set_dqblk); 2830 2831 /* Generic routine for getting common part of quota file information */ 2832 int dquot_get_state(struct super_block *sb, struct qc_state *state) 2833 { 2834 struct mem_dqinfo *mi; 2835 struct qc_type_state *tstate; 2836 struct quota_info *dqopt = sb_dqopt(sb); 2837 int type; 2838 2839 memset(state, 0, sizeof(*state)); 2840 for (type = 0; type < MAXQUOTAS; type++) { 2841 if (!sb_has_quota_active(sb, type)) 2842 continue; 2843 tstate = state->s_state + type; 2844 mi = sb_dqopt(sb)->info + type; 2845 tstate->flags = QCI_ACCT_ENABLED; 2846 spin_lock(&dq_data_lock); 2847 if (mi->dqi_flags & DQF_SYS_FILE) 2848 tstate->flags |= QCI_SYSFILE; 2849 if (mi->dqi_flags & DQF_ROOT_SQUASH) 2850 tstate->flags |= QCI_ROOT_SQUASH; 2851 if (sb_has_quota_limits_enabled(sb, type)) 2852 tstate->flags |= QCI_LIMITS_ENFORCED; 2853 tstate->spc_timelimit = mi->dqi_bgrace; 2854 tstate->ino_timelimit = mi->dqi_igrace; 2855 if (dqopt->files[type]) { 2856 tstate->ino = dqopt->files[type]->i_ino; 2857 tstate->blocks = dqopt->files[type]->i_blocks; 2858 } 2859 tstate->nextents = 1; /* We don't know... */ 2860 spin_unlock(&dq_data_lock); 2861 } 2862 return 0; 2863 } 2864 EXPORT_SYMBOL(dquot_get_state); 2865 2866 /* Generic routine for setting common part of quota file information */ 2867 int dquot_set_dqinfo(struct super_block *sb, int type, struct qc_info *ii) 2868 { 2869 struct mem_dqinfo *mi; 2870 2871 if ((ii->i_fieldmask & QC_WARNS_MASK) || 2872 (ii->i_fieldmask & QC_RT_SPC_TIMER)) 2873 return -EINVAL; 2874 if (!sb_has_quota_active(sb, type)) 2875 return -ESRCH; 2876 mi = sb_dqopt(sb)->info + type; 2877 if (ii->i_fieldmask & QC_FLAGS) { 2878 if ((ii->i_flags & QCI_ROOT_SQUASH && 2879 mi->dqi_format->qf_fmt_id != QFMT_VFS_OLD)) 2880 return -EINVAL; 2881 } 2882 spin_lock(&dq_data_lock); 2883 if (ii->i_fieldmask & QC_SPC_TIMER) 2884 mi->dqi_bgrace = ii->i_spc_timelimit; 2885 if (ii->i_fieldmask & QC_INO_TIMER) 2886 mi->dqi_igrace = ii->i_ino_timelimit; 2887 if (ii->i_fieldmask & QC_FLAGS) { 2888 if (ii->i_flags & QCI_ROOT_SQUASH) 2889 mi->dqi_flags |= DQF_ROOT_SQUASH; 2890 else 2891 mi->dqi_flags &= ~DQF_ROOT_SQUASH; 2892 } 2893 spin_unlock(&dq_data_lock); 2894 mark_info_dirty(sb, type); 2895 /* Force write to disk */ 2896 return sb->dq_op->write_info(sb, type); 2897 } 2898 EXPORT_SYMBOL(dquot_set_dqinfo); 2899 2900 const struct quotactl_ops dquot_quotactl_sysfile_ops = { 2901 .quota_enable = dquot_quota_enable, 2902 .quota_disable = dquot_quota_disable, 2903 .quota_sync = dquot_quota_sync, 2904 .get_state = dquot_get_state, 2905 .set_info = dquot_set_dqinfo, 2906 .get_dqblk = dquot_get_dqblk, 2907 .get_nextdqblk = dquot_get_next_dqblk, 2908 .set_dqblk = dquot_set_dqblk 2909 }; 2910 EXPORT_SYMBOL(dquot_quotactl_sysfile_ops); 2911 2912 static int do_proc_dqstats(const struct ctl_table *table, int write, 2913 void *buffer, size_t *lenp, loff_t *ppos) 2914 { 2915 unsigned int type = (unsigned long *)table->data - dqstats.stat; 2916 s64 value = percpu_counter_sum(&dqstats.counter[type]); 2917 2918 /* Filter negative values for non-monotonic counters */ 2919 if (value < 0 && (type == DQST_ALLOC_DQUOTS || 2920 type == DQST_FREE_DQUOTS)) 2921 value = 0; 2922 2923 /* Update global table */ 2924 dqstats.stat[type] = value; 2925 return proc_doulongvec_minmax(table, write, buffer, lenp, ppos); 2926 } 2927 2928 static struct ctl_table fs_dqstats_table[] = { 2929 { 2930 .procname = "lookups", 2931 .data = &dqstats.stat[DQST_LOOKUPS], 2932 .maxlen = sizeof(unsigned long), 2933 .mode = 0444, 2934 .proc_handler = do_proc_dqstats, 2935 }, 2936 { 2937 .procname = "drops", 2938 .data = &dqstats.stat[DQST_DROPS], 2939 .maxlen = sizeof(unsigned long), 2940 .mode = 0444, 2941 .proc_handler = do_proc_dqstats, 2942 }, 2943 { 2944 .procname = "reads", 2945 .data = &dqstats.stat[DQST_READS], 2946 .maxlen = sizeof(unsigned long), 2947 .mode = 0444, 2948 .proc_handler = do_proc_dqstats, 2949 }, 2950 { 2951 .procname = "writes", 2952 .data = &dqstats.stat[DQST_WRITES], 2953 .maxlen = sizeof(unsigned long), 2954 .mode = 0444, 2955 .proc_handler = do_proc_dqstats, 2956 }, 2957 { 2958 .procname = "cache_hits", 2959 .data = &dqstats.stat[DQST_CACHE_HITS], 2960 .maxlen = sizeof(unsigned long), 2961 .mode = 0444, 2962 .proc_handler = do_proc_dqstats, 2963 }, 2964 { 2965 .procname = "allocated_dquots", 2966 .data = &dqstats.stat[DQST_ALLOC_DQUOTS], 2967 .maxlen = sizeof(unsigned long), 2968 .mode = 0444, 2969 .proc_handler = do_proc_dqstats, 2970 }, 2971 { 2972 .procname = "free_dquots", 2973 .data = &dqstats.stat[DQST_FREE_DQUOTS], 2974 .maxlen = sizeof(unsigned long), 2975 .mode = 0444, 2976 .proc_handler = do_proc_dqstats, 2977 }, 2978 { 2979 .procname = "syncs", 2980 .data = &dqstats.stat[DQST_SYNCS], 2981 .maxlen = sizeof(unsigned long), 2982 .mode = 0444, 2983 .proc_handler = do_proc_dqstats, 2984 }, 2985 #ifdef CONFIG_PRINT_QUOTA_WARNING 2986 { 2987 .procname = "warnings", 2988 .data = &flag_print_warnings, 2989 .maxlen = sizeof(int), 2990 .mode = 0644, 2991 .proc_handler = proc_dointvec, 2992 }, 2993 #endif 2994 }; 2995 2996 static int __init dquot_init(void) 2997 { 2998 int i, ret; 2999 unsigned long nr_hash, order; 3000 struct shrinker *dqcache_shrinker; 3001 3002 printk(KERN_NOTICE "VFS: Disk quotas %s\n", __DQUOT_VERSION__); 3003 3004 register_sysctl_init("fs/quota", fs_dqstats_table); 3005 3006 dquot_cachep = kmem_cache_create("dquot", 3007 sizeof(struct dquot), sizeof(unsigned long) * 4, 3008 (SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT| 3009 SLAB_PANIC), 3010 NULL); 3011 3012 order = 0; 3013 dquot_hash = (struct hlist_head *)__get_free_pages(GFP_KERNEL, order); 3014 if (!dquot_hash) 3015 panic("Cannot create dquot hash table"); 3016 3017 ret = percpu_counter_init_many(dqstats.counter, 0, GFP_KERNEL, 3018 _DQST_DQSTAT_LAST); 3019 if (ret) 3020 panic("Cannot create dquot stat counters"); 3021 3022 /* Find power-of-two hlist_heads which can fit into allocation */ 3023 nr_hash = (1UL << order) * PAGE_SIZE / sizeof(struct hlist_head); 3024 dq_hash_bits = ilog2(nr_hash); 3025 3026 nr_hash = 1UL << dq_hash_bits; 3027 dq_hash_mask = nr_hash - 1; 3028 for (i = 0; i < nr_hash; i++) 3029 INIT_HLIST_HEAD(dquot_hash + i); 3030 3031 pr_info("VFS: Dquot-cache hash table entries: %ld (order %ld," 3032 " %ld bytes)\n", nr_hash, order, (PAGE_SIZE << order)); 3033 3034 dqcache_shrinker = shrinker_alloc(0, "dquota-cache"); 3035 if (!dqcache_shrinker) 3036 panic("Cannot allocate dquot shrinker"); 3037 3038 dqcache_shrinker->count_objects = dqcache_shrink_count; 3039 dqcache_shrinker->scan_objects = dqcache_shrink_scan; 3040 3041 shrinker_register(dqcache_shrinker); 3042 3043 return 0; 3044 } 3045 fs_initcall(dquot_init); 3046