1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Implementation of the diskquota system for the LINUX operating system. QUOTA 4 * is implemented using the BSD system call interface as the means of 5 * communication with the user level. This file contains the generic routines 6 * called by the different filesystems on allocation of an inode or block. 7 * These routines take care of the administration needed to have a consistent 8 * diskquota tracking system. The ideas of both user and group quotas are based 9 * on the Melbourne quota system as used on BSD derived systems. The internal 10 * implementation is based on one of the several variants of the LINUX 11 * inode-subsystem with added complexity of the diskquota system. 12 * 13 * Author: Marco van Wieringen <mvw@planets.elm.net> 14 * 15 * Fixes: Dmitry Gorodchanin <pgmdsg@ibi.com>, 11 Feb 96 16 * 17 * Revised list management to avoid races 18 * -- Bill Hawes, <whawes@star.net>, 9/98 19 * 20 * Fixed races in dquot_transfer(), dqget() and dquot_alloc_...(). 21 * As the consequence the locking was moved from dquot_decr_...(), 22 * dquot_incr_...() to calling functions. 23 * invalidate_dquots() now writes modified dquots. 24 * Serialized quota_off() and quota_on() for mount point. 25 * Fixed a few bugs in grow_dquots(). 26 * Fixed deadlock in write_dquot() - we no longer account quotas on 27 * quota files 28 * remove_dquot_ref() moved to inode.c - it now traverses through inodes 29 * add_dquot_ref() restarts after blocking 30 * Added check for bogus uid and fixed check for group in quotactl. 31 * Jan Kara, <jack@suse.cz>, sponsored by SuSE CR, 10-11/99 32 * 33 * Used struct list_head instead of own list struct 34 * Invalidation of referenced dquots is no longer possible 35 * Improved free_dquots list management 36 * Quota and i_blocks are now updated in one place to avoid races 37 * Warnings are now delayed so we won't block in critical section 38 * Write updated not to require dquot lock 39 * Jan Kara, <jack@suse.cz>, 9/2000 40 * 41 * Added dynamic quota structure allocation 42 * Jan Kara <jack@suse.cz> 12/2000 43 * 44 * Rewritten quota interface. Implemented new quota format and 45 * formats registering. 46 * Jan Kara, <jack@suse.cz>, 2001,2002 47 * 48 * New SMP locking. 49 * Jan Kara, <jack@suse.cz>, 10/2002 50 * 51 * Added journalled quota support, fix lock inversion problems 52 * Jan Kara, <jack@suse.cz>, 2003,2004 53 * 54 * (C) Copyright 1994 - 1997 Marco van Wieringen 55 */ 56 57 #include <linux/errno.h> 58 #include <linux/kernel.h> 59 #include <linux/fs.h> 60 #include <linux/mount.h> 61 #include <linux/mm.h> 62 #include <linux/time.h> 63 #include <linux/types.h> 64 #include <linux/string.h> 65 #include <linux/fcntl.h> 66 #include <linux/stat.h> 67 #include <linux/tty.h> 68 #include <linux/file.h> 69 #include <linux/slab.h> 70 #include <linux/sysctl.h> 71 #include <linux/init.h> 72 #include <linux/module.h> 73 #include <linux/proc_fs.h> 74 #include <linux/security.h> 75 #include <linux/sched.h> 76 #include <linux/cred.h> 77 #include <linux/kmod.h> 78 #include <linux/namei.h> 79 #include <linux/capability.h> 80 #include <linux/quotaops.h> 81 #include <linux/blkdev.h> 82 #include <linux/sched/mm.h> 83 84 #include <linux/uaccess.h> 85 86 /* 87 * There are five quota SMP locks: 88 * * dq_list_lock protects all lists with quotas and quota formats. 89 * * dquot->dq_dqb_lock protects data from dq_dqb 90 * * inode->i_lock protects inode->i_blocks, i_bytes and also guards 91 * consistency of dquot->dq_dqb with inode->i_blocks, i_bytes so that 92 * dquot_transfer() can stabilize amount it transfers 93 * * dq_data_lock protects mem_dqinfo structures and modifications of dquot 94 * pointers in the inode 95 * * dq_state_lock protects modifications of quota state (on quotaon and 96 * quotaoff) and readers who care about latest values take it as well. 97 * 98 * The spinlock ordering is hence: 99 * dq_data_lock > dq_list_lock > i_lock > dquot->dq_dqb_lock, 100 * dq_list_lock > dq_state_lock 101 * 102 * Note that some things (eg. sb pointer, type, id) doesn't change during 103 * the life of the dquot structure and so needn't to be protected by a lock 104 * 105 * Operation accessing dquots via inode pointers are protected by dquot_srcu. 106 * Operation of reading pointer needs srcu_read_lock(&dquot_srcu), and 107 * synchronize_srcu(&dquot_srcu) is called after clearing pointers from 108 * inode and before dropping dquot references to avoid use of dquots after 109 * they are freed. dq_data_lock is used to serialize the pointer setting and 110 * clearing operations. 111 * Special care needs to be taken about S_NOQUOTA inode flag (marking that 112 * inode is a quota file). Functions adding pointers from inode to dquots have 113 * to check this flag under dq_data_lock and then (if S_NOQUOTA is not set) they 114 * have to do all pointer modifications before dropping dq_data_lock. This makes 115 * sure they cannot race with quotaon which first sets S_NOQUOTA flag and 116 * then drops all pointers to dquots from an inode. 117 * 118 * Each dquot has its dq_lock mutex. Dquot is locked when it is being read to 119 * memory (or space for it is being allocated) on the first dqget(), when it is 120 * being written out, and when it is being released on the last dqput(). The 121 * allocation and release operations are serialized by the dq_lock and by 122 * checking the use count in dquot_release(). 123 * 124 * Lock ordering (including related VFS locks) is the following: 125 * s_umount > i_mutex > journal_lock > dquot->dq_lock > dqio_sem 126 */ 127 128 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_list_lock); 129 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_state_lock); 130 __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_data_lock); 131 EXPORT_SYMBOL(dq_data_lock); 132 DEFINE_STATIC_SRCU(dquot_srcu); 133 134 static DECLARE_WAIT_QUEUE_HEAD(dquot_ref_wq); 135 136 void __quota_error(struct super_block *sb, const char *func, 137 const char *fmt, ...) 138 { 139 if (printk_ratelimit()) { 140 va_list args; 141 struct va_format vaf; 142 143 va_start(args, fmt); 144 145 vaf.fmt = fmt; 146 vaf.va = &args; 147 148 printk(KERN_ERR "Quota error (device %s): %s: %pV\n", 149 sb->s_id, func, &vaf); 150 151 va_end(args); 152 } 153 } 154 EXPORT_SYMBOL(__quota_error); 155 156 #if defined(CONFIG_QUOTA_DEBUG) || defined(CONFIG_PRINT_QUOTA_WARNING) 157 static char *quotatypes[] = INITQFNAMES; 158 #endif 159 static struct quota_format_type *quota_formats; /* List of registered formats */ 160 static struct quota_module_name module_names[] = INIT_QUOTA_MODULE_NAMES; 161 162 /* SLAB cache for dquot structures */ 163 static struct kmem_cache *dquot_cachep; 164 165 void register_quota_format(struct quota_format_type *fmt) 166 { 167 spin_lock(&dq_list_lock); 168 fmt->qf_next = quota_formats; 169 quota_formats = fmt; 170 spin_unlock(&dq_list_lock); 171 } 172 EXPORT_SYMBOL(register_quota_format); 173 174 void unregister_quota_format(struct quota_format_type *fmt) 175 { 176 struct quota_format_type **actqf; 177 178 spin_lock(&dq_list_lock); 179 for (actqf = "a_formats; *actqf && *actqf != fmt; 180 actqf = &(*actqf)->qf_next) 181 ; 182 if (*actqf) 183 *actqf = (*actqf)->qf_next; 184 spin_unlock(&dq_list_lock); 185 } 186 EXPORT_SYMBOL(unregister_quota_format); 187 188 static struct quota_format_type *find_quota_format(int id) 189 { 190 struct quota_format_type *actqf; 191 192 spin_lock(&dq_list_lock); 193 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; 194 actqf = actqf->qf_next) 195 ; 196 if (!actqf || !try_module_get(actqf->qf_owner)) { 197 int qm; 198 199 spin_unlock(&dq_list_lock); 200 201 for (qm = 0; module_names[qm].qm_fmt_id && 202 module_names[qm].qm_fmt_id != id; qm++) 203 ; 204 if (!module_names[qm].qm_fmt_id || 205 request_module(module_names[qm].qm_mod_name)) 206 return NULL; 207 208 spin_lock(&dq_list_lock); 209 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; 210 actqf = actqf->qf_next) 211 ; 212 if (actqf && !try_module_get(actqf->qf_owner)) 213 actqf = NULL; 214 } 215 spin_unlock(&dq_list_lock); 216 return actqf; 217 } 218 219 static void put_quota_format(struct quota_format_type *fmt) 220 { 221 module_put(fmt->qf_owner); 222 } 223 224 /* 225 * Dquot List Management: 226 * The quota code uses five lists for dquot management: the inuse_list, 227 * releasing_dquots, free_dquots, dqi_dirty_list, and dquot_hash[] array. 228 * A single dquot structure may be on some of those lists, depending on 229 * its current state. 230 * 231 * All dquots are placed to the end of inuse_list when first created, and this 232 * list is used for invalidate operation, which must look at every dquot. 233 * 234 * When the last reference of a dquot is dropped, the dquot is added to 235 * releasing_dquots. We'll then queue work item which will call 236 * synchronize_srcu() and after that perform the final cleanup of all the 237 * dquots on the list. Each cleaned up dquot is moved to free_dquots list. 238 * Both releasing_dquots and free_dquots use the dq_free list_head in the dquot 239 * struct. 240 * 241 * Unused and cleaned up dquots are in the free_dquots list and this list is 242 * searched whenever we need an available dquot. Dquots are removed from the 243 * list as soon as they are used again and dqstats.free_dquots gives the number 244 * of dquots on the list. When dquot is invalidated it's completely released 245 * from memory. 246 * 247 * Dirty dquots are added to the dqi_dirty_list of quota_info when mark 248 * dirtied, and this list is searched when writing dirty dquots back to 249 * quota file. Note that some filesystems do dirty dquot tracking on their 250 * own (e.g. in a journal) and thus don't use dqi_dirty_list. 251 * 252 * Dquots with a specific identity (device, type and id) are placed on 253 * one of the dquot_hash[] hash chains. The provides an efficient search 254 * mechanism to locate a specific dquot. 255 */ 256 257 static LIST_HEAD(inuse_list); 258 static LIST_HEAD(free_dquots); 259 static LIST_HEAD(releasing_dquots); 260 static unsigned int dq_hash_bits, dq_hash_mask; 261 static struct hlist_head *dquot_hash; 262 263 struct dqstats dqstats; 264 EXPORT_SYMBOL(dqstats); 265 266 static qsize_t inode_get_rsv_space(struct inode *inode); 267 static qsize_t __inode_get_rsv_space(struct inode *inode); 268 static int __dquot_initialize(struct inode *inode, int type); 269 270 static void quota_release_workfn(struct work_struct *work); 271 static DECLARE_DELAYED_WORK(quota_release_work, quota_release_workfn); 272 273 static inline unsigned int 274 hashfn(const struct super_block *sb, struct kqid qid) 275 { 276 unsigned int id = from_kqid(&init_user_ns, qid); 277 int type = qid.type; 278 unsigned long tmp; 279 280 tmp = (((unsigned long)sb>>L1_CACHE_SHIFT) ^ id) * (MAXQUOTAS - type); 281 return (tmp + (tmp >> dq_hash_bits)) & dq_hash_mask; 282 } 283 284 /* 285 * Following list functions expect dq_list_lock to be held 286 */ 287 static inline void insert_dquot_hash(struct dquot *dquot) 288 { 289 struct hlist_head *head; 290 head = dquot_hash + hashfn(dquot->dq_sb, dquot->dq_id); 291 hlist_add_head(&dquot->dq_hash, head); 292 } 293 294 static inline void remove_dquot_hash(struct dquot *dquot) 295 { 296 hlist_del_init(&dquot->dq_hash); 297 } 298 299 static struct dquot *find_dquot(unsigned int hashent, struct super_block *sb, 300 struct kqid qid) 301 { 302 struct dquot *dquot; 303 304 hlist_for_each_entry(dquot, dquot_hash+hashent, dq_hash) 305 if (dquot->dq_sb == sb && qid_eq(dquot->dq_id, qid)) 306 return dquot; 307 308 return NULL; 309 } 310 311 /* Add a dquot to the tail of the free list */ 312 static inline void put_dquot_last(struct dquot *dquot) 313 { 314 list_add_tail(&dquot->dq_free, &free_dquots); 315 dqstats_inc(DQST_FREE_DQUOTS); 316 } 317 318 static inline void put_releasing_dquots(struct dquot *dquot) 319 { 320 list_add_tail(&dquot->dq_free, &releasing_dquots); 321 set_bit(DQ_RELEASING_B, &dquot->dq_flags); 322 } 323 324 static inline void remove_free_dquot(struct dquot *dquot) 325 { 326 if (list_empty(&dquot->dq_free)) 327 return; 328 list_del_init(&dquot->dq_free); 329 if (!test_bit(DQ_RELEASING_B, &dquot->dq_flags)) 330 dqstats_dec(DQST_FREE_DQUOTS); 331 else 332 clear_bit(DQ_RELEASING_B, &dquot->dq_flags); 333 } 334 335 static inline void put_inuse(struct dquot *dquot) 336 { 337 /* We add to the back of inuse list so we don't have to restart 338 * when traversing this list and we block */ 339 list_add_tail(&dquot->dq_inuse, &inuse_list); 340 dqstats_inc(DQST_ALLOC_DQUOTS); 341 } 342 343 static inline void remove_inuse(struct dquot *dquot) 344 { 345 dqstats_dec(DQST_ALLOC_DQUOTS); 346 list_del(&dquot->dq_inuse); 347 } 348 /* 349 * End of list functions needing dq_list_lock 350 */ 351 352 static void wait_on_dquot(struct dquot *dquot) 353 { 354 mutex_lock(&dquot->dq_lock); 355 mutex_unlock(&dquot->dq_lock); 356 } 357 358 static inline int dquot_active(struct dquot *dquot) 359 { 360 return test_bit(DQ_ACTIVE_B, &dquot->dq_flags); 361 } 362 363 static inline int dquot_dirty(struct dquot *dquot) 364 { 365 return test_bit(DQ_MOD_B, &dquot->dq_flags); 366 } 367 368 static inline int mark_dquot_dirty(struct dquot *dquot) 369 { 370 return dquot->dq_sb->dq_op->mark_dirty(dquot); 371 } 372 373 /* Mark dquot dirty in atomic manner, and return it's old dirty flag state */ 374 int dquot_mark_dquot_dirty(struct dquot *dquot) 375 { 376 int ret = 1; 377 378 if (!dquot_active(dquot)) 379 return 0; 380 381 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY) 382 return test_and_set_bit(DQ_MOD_B, &dquot->dq_flags); 383 384 /* If quota is dirty already, we don't have to acquire dq_list_lock */ 385 if (dquot_dirty(dquot)) 386 return 1; 387 388 spin_lock(&dq_list_lock); 389 if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags)) { 390 list_add(&dquot->dq_dirty, &sb_dqopt(dquot->dq_sb)-> 391 info[dquot->dq_id.type].dqi_dirty_list); 392 ret = 0; 393 } 394 spin_unlock(&dq_list_lock); 395 return ret; 396 } 397 EXPORT_SYMBOL(dquot_mark_dquot_dirty); 398 399 /* Dirtify all the dquots - this can block when journalling */ 400 static inline int mark_all_dquot_dirty(struct dquot __rcu * const *dquots) 401 { 402 int ret, err, cnt; 403 struct dquot *dquot; 404 405 ret = err = 0; 406 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 407 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 408 if (dquot) 409 /* Even in case of error we have to continue */ 410 ret = mark_dquot_dirty(dquot); 411 if (!err && ret < 0) 412 err = ret; 413 } 414 return err; 415 } 416 417 static inline void dqput_all(struct dquot **dquot) 418 { 419 unsigned int cnt; 420 421 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 422 dqput(dquot[cnt]); 423 } 424 425 static inline int clear_dquot_dirty(struct dquot *dquot) 426 { 427 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY) 428 return test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags); 429 430 spin_lock(&dq_list_lock); 431 if (!test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags)) { 432 spin_unlock(&dq_list_lock); 433 return 0; 434 } 435 list_del_init(&dquot->dq_dirty); 436 spin_unlock(&dq_list_lock); 437 return 1; 438 } 439 440 void mark_info_dirty(struct super_block *sb, int type) 441 { 442 spin_lock(&dq_data_lock); 443 sb_dqopt(sb)->info[type].dqi_flags |= DQF_INFO_DIRTY; 444 spin_unlock(&dq_data_lock); 445 } 446 EXPORT_SYMBOL(mark_info_dirty); 447 448 /* 449 * Read dquot from disk and alloc space for it 450 */ 451 452 int dquot_acquire(struct dquot *dquot) 453 { 454 int ret = 0, ret2 = 0; 455 unsigned int memalloc; 456 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 457 458 mutex_lock(&dquot->dq_lock); 459 memalloc = memalloc_nofs_save(); 460 if (!test_bit(DQ_READ_B, &dquot->dq_flags)) { 461 ret = dqopt->ops[dquot->dq_id.type]->read_dqblk(dquot); 462 if (ret < 0) 463 goto out_iolock; 464 } 465 /* Make sure flags update is visible after dquot has been filled */ 466 smp_mb__before_atomic(); 467 set_bit(DQ_READ_B, &dquot->dq_flags); 468 /* Instantiate dquot if needed */ 469 if (!dquot_active(dquot) && !dquot->dq_off) { 470 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot); 471 /* Write the info if needed */ 472 if (info_dirty(&dqopt->info[dquot->dq_id.type])) { 473 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info( 474 dquot->dq_sb, dquot->dq_id.type); 475 } 476 if (ret < 0) 477 goto out_iolock; 478 if (ret2 < 0) { 479 ret = ret2; 480 goto out_iolock; 481 } 482 } 483 /* 484 * Make sure flags update is visible after on-disk struct has been 485 * allocated. Paired with smp_rmb() in dqget(). 486 */ 487 smp_mb__before_atomic(); 488 set_bit(DQ_ACTIVE_B, &dquot->dq_flags); 489 out_iolock: 490 memalloc_nofs_restore(memalloc); 491 mutex_unlock(&dquot->dq_lock); 492 return ret; 493 } 494 EXPORT_SYMBOL(dquot_acquire); 495 496 /* 497 * Write dquot to disk 498 */ 499 int dquot_commit(struct dquot *dquot) 500 { 501 int ret = 0; 502 unsigned int memalloc; 503 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 504 505 mutex_lock(&dquot->dq_lock); 506 memalloc = memalloc_nofs_save(); 507 if (!clear_dquot_dirty(dquot)) 508 goto out_lock; 509 /* Inactive dquot can be only if there was error during read/init 510 * => we have better not writing it */ 511 if (dquot_active(dquot)) 512 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot); 513 else 514 ret = -EIO; 515 out_lock: 516 memalloc_nofs_restore(memalloc); 517 mutex_unlock(&dquot->dq_lock); 518 return ret; 519 } 520 EXPORT_SYMBOL(dquot_commit); 521 522 /* 523 * Release dquot 524 */ 525 int dquot_release(struct dquot *dquot) 526 { 527 int ret = 0, ret2 = 0; 528 unsigned int memalloc; 529 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 530 531 mutex_lock(&dquot->dq_lock); 532 memalloc = memalloc_nofs_save(); 533 /* Check whether we are not racing with some other dqget() */ 534 if (dquot_is_busy(dquot)) 535 goto out_dqlock; 536 if (dqopt->ops[dquot->dq_id.type]->release_dqblk) { 537 ret = dqopt->ops[dquot->dq_id.type]->release_dqblk(dquot); 538 /* Write the info */ 539 if (info_dirty(&dqopt->info[dquot->dq_id.type])) { 540 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info( 541 dquot->dq_sb, dquot->dq_id.type); 542 } 543 if (ret >= 0) 544 ret = ret2; 545 } 546 clear_bit(DQ_ACTIVE_B, &dquot->dq_flags); 547 out_dqlock: 548 memalloc_nofs_restore(memalloc); 549 mutex_unlock(&dquot->dq_lock); 550 return ret; 551 } 552 EXPORT_SYMBOL(dquot_release); 553 554 void dquot_destroy(struct dquot *dquot) 555 { 556 kmem_cache_free(dquot_cachep, dquot); 557 } 558 EXPORT_SYMBOL(dquot_destroy); 559 560 static inline void do_destroy_dquot(struct dquot *dquot) 561 { 562 dquot->dq_sb->dq_op->destroy_dquot(dquot); 563 } 564 565 /* Invalidate all dquots on the list. Note that this function is called after 566 * quota is disabled and pointers from inodes removed so there cannot be new 567 * quota users. There can still be some users of quotas due to inodes being 568 * just deleted or pruned by prune_icache() (those are not attached to any 569 * list) or parallel quotactl call. We have to wait for such users. 570 */ 571 static void invalidate_dquots(struct super_block *sb, int type) 572 { 573 struct dquot *dquot, *tmp; 574 575 restart: 576 flush_delayed_work("a_release_work); 577 578 spin_lock(&dq_list_lock); 579 list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) { 580 if (dquot->dq_sb != sb) 581 continue; 582 if (dquot->dq_id.type != type) 583 continue; 584 /* Wait for dquot users */ 585 if (atomic_read(&dquot->dq_count)) { 586 atomic_inc(&dquot->dq_count); 587 spin_unlock(&dq_list_lock); 588 /* 589 * Once dqput() wakes us up, we know it's time to free 590 * the dquot. 591 * IMPORTANT: we rely on the fact that there is always 592 * at most one process waiting for dquot to free. 593 * Otherwise dq_count would be > 1 and we would never 594 * wake up. 595 */ 596 wait_event(dquot_ref_wq, 597 atomic_read(&dquot->dq_count) == 1); 598 dqput(dquot); 599 /* At this moment dquot() need not exist (it could be 600 * reclaimed by prune_dqcache(). Hence we must 601 * restart. */ 602 goto restart; 603 } 604 /* 605 * The last user already dropped its reference but dquot didn't 606 * get fully cleaned up yet. Restart the scan which flushes the 607 * work cleaning up released dquots. 608 */ 609 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) { 610 spin_unlock(&dq_list_lock); 611 goto restart; 612 } 613 /* 614 * Quota now has no users and it has been written on last 615 * dqput() 616 */ 617 remove_dquot_hash(dquot); 618 remove_free_dquot(dquot); 619 remove_inuse(dquot); 620 do_destroy_dquot(dquot); 621 } 622 spin_unlock(&dq_list_lock); 623 } 624 625 /* Call callback for every active dquot on given filesystem */ 626 int dquot_scan_active(struct super_block *sb, 627 int (*fn)(struct dquot *dquot, unsigned long priv), 628 unsigned long priv) 629 { 630 struct dquot *dquot, *old_dquot = NULL; 631 int ret = 0; 632 633 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount)); 634 635 spin_lock(&dq_list_lock); 636 list_for_each_entry(dquot, &inuse_list, dq_inuse) { 637 if (!dquot_active(dquot)) 638 continue; 639 if (dquot->dq_sb != sb) 640 continue; 641 /* Now we have active dquot so we can just increase use count */ 642 atomic_inc(&dquot->dq_count); 643 spin_unlock(&dq_list_lock); 644 dqput(old_dquot); 645 old_dquot = dquot; 646 /* 647 * ->release_dquot() can be racing with us. Our reference 648 * protects us from new calls to it so just wait for any 649 * outstanding call and recheck the DQ_ACTIVE_B after that. 650 */ 651 wait_on_dquot(dquot); 652 if (dquot_active(dquot)) { 653 ret = fn(dquot, priv); 654 if (ret < 0) 655 goto out; 656 } 657 spin_lock(&dq_list_lock); 658 /* We are safe to continue now because our dquot could not 659 * be moved out of the inuse list while we hold the reference */ 660 } 661 spin_unlock(&dq_list_lock); 662 out: 663 dqput(old_dquot); 664 return ret; 665 } 666 EXPORT_SYMBOL(dquot_scan_active); 667 668 static inline int dquot_write_dquot(struct dquot *dquot) 669 { 670 int ret = dquot->dq_sb->dq_op->write_dquot(dquot); 671 if (ret < 0) { 672 quota_error(dquot->dq_sb, "Can't write quota structure " 673 "(error %d). Quota may get out of sync!", ret); 674 /* Clear dirty bit anyway to avoid infinite loop. */ 675 clear_dquot_dirty(dquot); 676 } 677 return ret; 678 } 679 680 /* Write all dquot structures to quota files */ 681 int dquot_writeback_dquots(struct super_block *sb, int type) 682 { 683 struct list_head dirty; 684 struct dquot *dquot; 685 struct quota_info *dqopt = sb_dqopt(sb); 686 int cnt; 687 int err, ret = 0; 688 689 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount)); 690 691 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 692 if (type != -1 && cnt != type) 693 continue; 694 if (!sb_has_quota_active(sb, cnt)) 695 continue; 696 spin_lock(&dq_list_lock); 697 /* Move list away to avoid livelock. */ 698 list_replace_init(&dqopt->info[cnt].dqi_dirty_list, &dirty); 699 while (!list_empty(&dirty)) { 700 dquot = list_first_entry(&dirty, struct dquot, 701 dq_dirty); 702 703 WARN_ON(!dquot_active(dquot)); 704 /* If the dquot is releasing we should not touch it */ 705 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) { 706 spin_unlock(&dq_list_lock); 707 flush_delayed_work("a_release_work); 708 spin_lock(&dq_list_lock); 709 continue; 710 } 711 712 /* Now we have active dquot from which someone is 713 * holding reference so we can safely just increase 714 * use count */ 715 dqgrab(dquot); 716 spin_unlock(&dq_list_lock); 717 err = dquot_write_dquot(dquot); 718 if (err && !ret) 719 ret = err; 720 dqput(dquot); 721 spin_lock(&dq_list_lock); 722 } 723 spin_unlock(&dq_list_lock); 724 } 725 726 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 727 if ((cnt == type || type == -1) && sb_has_quota_active(sb, cnt) 728 && info_dirty(&dqopt->info[cnt])) 729 sb->dq_op->write_info(sb, cnt); 730 dqstats_inc(DQST_SYNCS); 731 732 return ret; 733 } 734 EXPORT_SYMBOL(dquot_writeback_dquots); 735 736 /* Write all dquot structures to disk and make them visible from userspace */ 737 int dquot_quota_sync(struct super_block *sb, int type) 738 { 739 struct quota_info *dqopt = sb_dqopt(sb); 740 int cnt; 741 int ret; 742 743 ret = dquot_writeback_dquots(sb, type); 744 if (ret) 745 return ret; 746 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) 747 return 0; 748 749 /* This is not very clever (and fast) but currently I don't know about 750 * any other simple way of getting quota data to disk and we must get 751 * them there for userspace to be visible... */ 752 if (sb->s_op->sync_fs) { 753 ret = sb->s_op->sync_fs(sb, 1); 754 if (ret) 755 return ret; 756 } 757 ret = sync_blockdev(sb->s_bdev); 758 if (ret) 759 return ret; 760 761 /* 762 * Now when everything is written we can discard the pagecache so 763 * that userspace sees the changes. 764 */ 765 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 766 if (type != -1 && cnt != type) 767 continue; 768 if (!sb_has_quota_active(sb, cnt)) 769 continue; 770 inode_lock(dqopt->files[cnt]); 771 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0); 772 inode_unlock(dqopt->files[cnt]); 773 } 774 775 return 0; 776 } 777 EXPORT_SYMBOL(dquot_quota_sync); 778 779 static unsigned long 780 dqcache_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) 781 { 782 struct dquot *dquot; 783 unsigned long freed = 0; 784 785 spin_lock(&dq_list_lock); 786 while (!list_empty(&free_dquots) && sc->nr_to_scan) { 787 dquot = list_first_entry(&free_dquots, struct dquot, dq_free); 788 remove_dquot_hash(dquot); 789 remove_free_dquot(dquot); 790 remove_inuse(dquot); 791 do_destroy_dquot(dquot); 792 sc->nr_to_scan--; 793 freed++; 794 } 795 spin_unlock(&dq_list_lock); 796 return freed; 797 } 798 799 static unsigned long 800 dqcache_shrink_count(struct shrinker *shrink, struct shrink_control *sc) 801 { 802 return vfs_pressure_ratio( 803 percpu_counter_read_positive(&dqstats.counter[DQST_FREE_DQUOTS])); 804 } 805 806 /* 807 * Safely release dquot and put reference to dquot. 808 */ 809 static void quota_release_workfn(struct work_struct *work) 810 { 811 struct dquot *dquot; 812 struct list_head rls_head; 813 814 spin_lock(&dq_list_lock); 815 /* Exchange the list head to avoid livelock. */ 816 list_replace_init(&releasing_dquots, &rls_head); 817 spin_unlock(&dq_list_lock); 818 synchronize_srcu(&dquot_srcu); 819 820 restart: 821 spin_lock(&dq_list_lock); 822 while (!list_empty(&rls_head)) { 823 dquot = list_first_entry(&rls_head, struct dquot, dq_free); 824 WARN_ON_ONCE(atomic_read(&dquot->dq_count)); 825 /* 826 * Note that DQ_RELEASING_B protects us from racing with 827 * invalidate_dquots() calls so we are safe to work with the 828 * dquot even after we drop dq_list_lock. 829 */ 830 if (dquot_dirty(dquot)) { 831 spin_unlock(&dq_list_lock); 832 /* Commit dquot before releasing */ 833 dquot_write_dquot(dquot); 834 goto restart; 835 } 836 if (dquot_active(dquot)) { 837 spin_unlock(&dq_list_lock); 838 dquot->dq_sb->dq_op->release_dquot(dquot); 839 goto restart; 840 } 841 /* Dquot is inactive and clean, now move it to free list */ 842 remove_free_dquot(dquot); 843 put_dquot_last(dquot); 844 } 845 spin_unlock(&dq_list_lock); 846 } 847 848 /* 849 * Put reference to dquot 850 */ 851 void dqput(struct dquot *dquot) 852 { 853 if (!dquot) 854 return; 855 #ifdef CONFIG_QUOTA_DEBUG 856 if (!atomic_read(&dquot->dq_count)) { 857 quota_error(dquot->dq_sb, "trying to free free dquot of %s %d", 858 quotatypes[dquot->dq_id.type], 859 from_kqid(&init_user_ns, dquot->dq_id)); 860 BUG(); 861 } 862 #endif 863 dqstats_inc(DQST_DROPS); 864 865 spin_lock(&dq_list_lock); 866 if (atomic_read(&dquot->dq_count) > 1) { 867 /* We have more than one user... nothing to do */ 868 atomic_dec(&dquot->dq_count); 869 /* Releasing dquot during quotaoff phase? */ 870 if (!sb_has_quota_active(dquot->dq_sb, dquot->dq_id.type) && 871 atomic_read(&dquot->dq_count) == 1) 872 wake_up(&dquot_ref_wq); 873 spin_unlock(&dq_list_lock); 874 return; 875 } 876 877 /* Need to release dquot? */ 878 WARN_ON_ONCE(!list_empty(&dquot->dq_free)); 879 put_releasing_dquots(dquot); 880 atomic_dec(&dquot->dq_count); 881 spin_unlock(&dq_list_lock); 882 queue_delayed_work(system_unbound_wq, "a_release_work, 1); 883 } 884 EXPORT_SYMBOL(dqput); 885 886 struct dquot *dquot_alloc(struct super_block *sb, int type) 887 { 888 return kmem_cache_zalloc(dquot_cachep, GFP_NOFS); 889 } 890 EXPORT_SYMBOL(dquot_alloc); 891 892 static struct dquot *get_empty_dquot(struct super_block *sb, int type) 893 { 894 struct dquot *dquot; 895 896 dquot = sb->dq_op->alloc_dquot(sb, type); 897 if(!dquot) 898 return NULL; 899 900 mutex_init(&dquot->dq_lock); 901 INIT_LIST_HEAD(&dquot->dq_free); 902 INIT_LIST_HEAD(&dquot->dq_inuse); 903 INIT_HLIST_NODE(&dquot->dq_hash); 904 INIT_LIST_HEAD(&dquot->dq_dirty); 905 dquot->dq_sb = sb; 906 dquot->dq_id = make_kqid_invalid(type); 907 atomic_set(&dquot->dq_count, 1); 908 spin_lock_init(&dquot->dq_dqb_lock); 909 910 return dquot; 911 } 912 913 /* 914 * Get reference to dquot 915 * 916 * Locking is slightly tricky here. We are guarded from parallel quotaoff() 917 * destroying our dquot by: 918 * a) checking for quota flags under dq_list_lock and 919 * b) getting a reference to dquot before we release dq_list_lock 920 */ 921 struct dquot *dqget(struct super_block *sb, struct kqid qid) 922 { 923 unsigned int hashent = hashfn(sb, qid); 924 struct dquot *dquot, *empty = NULL; 925 926 if (!qid_has_mapping(sb->s_user_ns, qid)) 927 return ERR_PTR(-EINVAL); 928 929 if (!sb_has_quota_active(sb, qid.type)) 930 return ERR_PTR(-ESRCH); 931 we_slept: 932 spin_lock(&dq_list_lock); 933 spin_lock(&dq_state_lock); 934 if (!sb_has_quota_active(sb, qid.type)) { 935 spin_unlock(&dq_state_lock); 936 spin_unlock(&dq_list_lock); 937 dquot = ERR_PTR(-ESRCH); 938 goto out; 939 } 940 spin_unlock(&dq_state_lock); 941 942 dquot = find_dquot(hashent, sb, qid); 943 if (!dquot) { 944 if (!empty) { 945 spin_unlock(&dq_list_lock); 946 empty = get_empty_dquot(sb, qid.type); 947 if (!empty) 948 schedule(); /* Try to wait for a moment... */ 949 goto we_slept; 950 } 951 dquot = empty; 952 empty = NULL; 953 dquot->dq_id = qid; 954 /* all dquots go on the inuse_list */ 955 put_inuse(dquot); 956 /* hash it first so it can be found */ 957 insert_dquot_hash(dquot); 958 spin_unlock(&dq_list_lock); 959 dqstats_inc(DQST_LOOKUPS); 960 } else { 961 if (!atomic_read(&dquot->dq_count)) 962 remove_free_dquot(dquot); 963 atomic_inc(&dquot->dq_count); 964 spin_unlock(&dq_list_lock); 965 dqstats_inc(DQST_CACHE_HITS); 966 dqstats_inc(DQST_LOOKUPS); 967 } 968 /* Wait for dq_lock - after this we know that either dquot_release() is 969 * already finished or it will be canceled due to dq_count > 0 test */ 970 wait_on_dquot(dquot); 971 /* Read the dquot / allocate space in quota file */ 972 if (!dquot_active(dquot)) { 973 int err; 974 975 err = sb->dq_op->acquire_dquot(dquot); 976 if (err < 0) { 977 dqput(dquot); 978 dquot = ERR_PTR(err); 979 goto out; 980 } 981 } 982 /* 983 * Make sure following reads see filled structure - paired with 984 * smp_mb__before_atomic() in dquot_acquire(). 985 */ 986 smp_rmb(); 987 /* Has somebody invalidated entry under us? */ 988 WARN_ON_ONCE(hlist_unhashed(&dquot->dq_hash)); 989 out: 990 if (empty) 991 do_destroy_dquot(empty); 992 993 return dquot; 994 } 995 EXPORT_SYMBOL(dqget); 996 997 static inline struct dquot __rcu **i_dquot(struct inode *inode) 998 { 999 return inode->i_sb->s_op->get_dquots(inode); 1000 } 1001 1002 static int dqinit_needed(struct inode *inode, int type) 1003 { 1004 struct dquot __rcu * const *dquots; 1005 int cnt; 1006 1007 if (IS_NOQUOTA(inode)) 1008 return 0; 1009 1010 dquots = i_dquot(inode); 1011 if (type != -1) 1012 return !dquots[type]; 1013 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1014 if (!dquots[cnt]) 1015 return 1; 1016 return 0; 1017 } 1018 1019 /* This routine is guarded by s_umount semaphore */ 1020 static int add_dquot_ref(struct super_block *sb, int type) 1021 { 1022 struct inode *inode, *old_inode = NULL; 1023 #ifdef CONFIG_QUOTA_DEBUG 1024 int reserved = 0; 1025 #endif 1026 int err = 0; 1027 1028 spin_lock(&sb->s_inode_list_lock); 1029 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { 1030 spin_lock(&inode->i_lock); 1031 if ((inode->i_state & (I_FREEING|I_WILL_FREE|I_NEW)) || 1032 !atomic_read(&inode->i_writecount) || 1033 !dqinit_needed(inode, type)) { 1034 spin_unlock(&inode->i_lock); 1035 continue; 1036 } 1037 __iget(inode); 1038 spin_unlock(&inode->i_lock); 1039 spin_unlock(&sb->s_inode_list_lock); 1040 1041 #ifdef CONFIG_QUOTA_DEBUG 1042 if (unlikely(inode_get_rsv_space(inode) > 0)) 1043 reserved = 1; 1044 #endif 1045 iput(old_inode); 1046 err = __dquot_initialize(inode, type); 1047 if (err) { 1048 iput(inode); 1049 goto out; 1050 } 1051 1052 /* 1053 * We hold a reference to 'inode' so it couldn't have been 1054 * removed from s_inodes list while we dropped the 1055 * s_inode_list_lock. We cannot iput the inode now as we can be 1056 * holding the last reference and we cannot iput it under 1057 * s_inode_list_lock. So we keep the reference and iput it 1058 * later. 1059 */ 1060 old_inode = inode; 1061 cond_resched(); 1062 spin_lock(&sb->s_inode_list_lock); 1063 } 1064 spin_unlock(&sb->s_inode_list_lock); 1065 iput(old_inode); 1066 out: 1067 #ifdef CONFIG_QUOTA_DEBUG 1068 if (reserved) { 1069 quota_error(sb, "Writes happened before quota was turned on " 1070 "thus quota information is probably inconsistent. " 1071 "Please run quotacheck(8)"); 1072 } 1073 #endif 1074 return err; 1075 } 1076 1077 static void remove_dquot_ref(struct super_block *sb, int type) 1078 { 1079 struct inode *inode; 1080 #ifdef CONFIG_QUOTA_DEBUG 1081 int reserved = 0; 1082 #endif 1083 1084 spin_lock(&sb->s_inode_list_lock); 1085 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { 1086 /* 1087 * We have to scan also I_NEW inodes because they can already 1088 * have quota pointer initialized. Luckily, we need to touch 1089 * only quota pointers and these have separate locking 1090 * (dq_data_lock). 1091 */ 1092 spin_lock(&dq_data_lock); 1093 if (!IS_NOQUOTA(inode)) { 1094 struct dquot __rcu **dquots = i_dquot(inode); 1095 struct dquot *dquot = srcu_dereference_check( 1096 dquots[type], &dquot_srcu, 1097 lockdep_is_held(&dq_data_lock)); 1098 1099 #ifdef CONFIG_QUOTA_DEBUG 1100 if (unlikely(inode_get_rsv_space(inode) > 0)) 1101 reserved = 1; 1102 #endif 1103 rcu_assign_pointer(dquots[type], NULL); 1104 if (dquot) 1105 dqput(dquot); 1106 } 1107 spin_unlock(&dq_data_lock); 1108 } 1109 spin_unlock(&sb->s_inode_list_lock); 1110 #ifdef CONFIG_QUOTA_DEBUG 1111 if (reserved) { 1112 printk(KERN_WARNING "VFS (%s): Writes happened after quota" 1113 " was disabled thus quota information is probably " 1114 "inconsistent. Please run quotacheck(8).\n", sb->s_id); 1115 } 1116 #endif 1117 } 1118 1119 /* Gather all references from inodes and drop them */ 1120 static void drop_dquot_ref(struct super_block *sb, int type) 1121 { 1122 if (sb->dq_op) 1123 remove_dquot_ref(sb, type); 1124 } 1125 1126 static inline 1127 void dquot_free_reserved_space(struct dquot *dquot, qsize_t number) 1128 { 1129 if (dquot->dq_dqb.dqb_rsvspace >= number) 1130 dquot->dq_dqb.dqb_rsvspace -= number; 1131 else { 1132 WARN_ON_ONCE(1); 1133 dquot->dq_dqb.dqb_rsvspace = 0; 1134 } 1135 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <= 1136 dquot->dq_dqb.dqb_bsoftlimit) 1137 dquot->dq_dqb.dqb_btime = (time64_t) 0; 1138 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1139 } 1140 1141 static void dquot_decr_inodes(struct dquot *dquot, qsize_t number) 1142 { 1143 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE || 1144 dquot->dq_dqb.dqb_curinodes >= number) 1145 dquot->dq_dqb.dqb_curinodes -= number; 1146 else 1147 dquot->dq_dqb.dqb_curinodes = 0; 1148 if (dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit) 1149 dquot->dq_dqb.dqb_itime = (time64_t) 0; 1150 clear_bit(DQ_INODES_B, &dquot->dq_flags); 1151 } 1152 1153 static void dquot_decr_space(struct dquot *dquot, qsize_t number) 1154 { 1155 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE || 1156 dquot->dq_dqb.dqb_curspace >= number) 1157 dquot->dq_dqb.dqb_curspace -= number; 1158 else 1159 dquot->dq_dqb.dqb_curspace = 0; 1160 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <= 1161 dquot->dq_dqb.dqb_bsoftlimit) 1162 dquot->dq_dqb.dqb_btime = (time64_t) 0; 1163 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1164 } 1165 1166 struct dquot_warn { 1167 struct super_block *w_sb; 1168 struct kqid w_dq_id; 1169 short w_type; 1170 }; 1171 1172 static int warning_issued(struct dquot *dquot, const int warntype) 1173 { 1174 int flag = (warntype == QUOTA_NL_BHARDWARN || 1175 warntype == QUOTA_NL_BSOFTLONGWARN) ? DQ_BLKS_B : 1176 ((warntype == QUOTA_NL_IHARDWARN || 1177 warntype == QUOTA_NL_ISOFTLONGWARN) ? DQ_INODES_B : 0); 1178 1179 if (!flag) 1180 return 0; 1181 return test_and_set_bit(flag, &dquot->dq_flags); 1182 } 1183 1184 #ifdef CONFIG_PRINT_QUOTA_WARNING 1185 static int flag_print_warnings = 1; 1186 1187 static int need_print_warning(struct dquot_warn *warn) 1188 { 1189 if (!flag_print_warnings) 1190 return 0; 1191 1192 switch (warn->w_dq_id.type) { 1193 case USRQUOTA: 1194 return uid_eq(current_fsuid(), warn->w_dq_id.uid); 1195 case GRPQUOTA: 1196 return in_group_p(warn->w_dq_id.gid); 1197 case PRJQUOTA: 1198 return 1; 1199 } 1200 return 0; 1201 } 1202 1203 /* Print warning to user which exceeded quota */ 1204 static void print_warning(struct dquot_warn *warn) 1205 { 1206 char *msg = NULL; 1207 struct tty_struct *tty; 1208 int warntype = warn->w_type; 1209 1210 if (warntype == QUOTA_NL_IHARDBELOW || 1211 warntype == QUOTA_NL_ISOFTBELOW || 1212 warntype == QUOTA_NL_BHARDBELOW || 1213 warntype == QUOTA_NL_BSOFTBELOW || !need_print_warning(warn)) 1214 return; 1215 1216 tty = get_current_tty(); 1217 if (!tty) 1218 return; 1219 tty_write_message(tty, warn->w_sb->s_id); 1220 if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN) 1221 tty_write_message(tty, ": warning, "); 1222 else 1223 tty_write_message(tty, ": write failed, "); 1224 tty_write_message(tty, quotatypes[warn->w_dq_id.type]); 1225 switch (warntype) { 1226 case QUOTA_NL_IHARDWARN: 1227 msg = " file limit reached.\r\n"; 1228 break; 1229 case QUOTA_NL_ISOFTLONGWARN: 1230 msg = " file quota exceeded too long.\r\n"; 1231 break; 1232 case QUOTA_NL_ISOFTWARN: 1233 msg = " file quota exceeded.\r\n"; 1234 break; 1235 case QUOTA_NL_BHARDWARN: 1236 msg = " block limit reached.\r\n"; 1237 break; 1238 case QUOTA_NL_BSOFTLONGWARN: 1239 msg = " block quota exceeded too long.\r\n"; 1240 break; 1241 case QUOTA_NL_BSOFTWARN: 1242 msg = " block quota exceeded.\r\n"; 1243 break; 1244 } 1245 tty_write_message(tty, msg); 1246 tty_kref_put(tty); 1247 } 1248 #endif 1249 1250 static void prepare_warning(struct dquot_warn *warn, struct dquot *dquot, 1251 int warntype) 1252 { 1253 if (warning_issued(dquot, warntype)) 1254 return; 1255 warn->w_type = warntype; 1256 warn->w_sb = dquot->dq_sb; 1257 warn->w_dq_id = dquot->dq_id; 1258 } 1259 1260 /* 1261 * Write warnings to the console and send warning messages over netlink. 1262 * 1263 * Note that this function can call into tty and networking code. 1264 */ 1265 static void flush_warnings(struct dquot_warn *warn) 1266 { 1267 int i; 1268 1269 for (i = 0; i < MAXQUOTAS; i++) { 1270 if (warn[i].w_type == QUOTA_NL_NOWARN) 1271 continue; 1272 #ifdef CONFIG_PRINT_QUOTA_WARNING 1273 print_warning(&warn[i]); 1274 #endif 1275 quota_send_warning(warn[i].w_dq_id, 1276 warn[i].w_sb->s_dev, warn[i].w_type); 1277 } 1278 } 1279 1280 static int ignore_hardlimit(struct dquot *dquot) 1281 { 1282 struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type]; 1283 1284 return capable(CAP_SYS_RESOURCE) && 1285 (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD || 1286 !(info->dqi_flags & DQF_ROOT_SQUASH)); 1287 } 1288 1289 static int dquot_add_inodes(struct dquot *dquot, qsize_t inodes, 1290 struct dquot_warn *warn) 1291 { 1292 qsize_t newinodes; 1293 int ret = 0; 1294 1295 spin_lock(&dquot->dq_dqb_lock); 1296 newinodes = dquot->dq_dqb.dqb_curinodes + inodes; 1297 if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type) || 1298 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1299 goto add; 1300 1301 if (dquot->dq_dqb.dqb_ihardlimit && 1302 newinodes > dquot->dq_dqb.dqb_ihardlimit && 1303 !ignore_hardlimit(dquot)) { 1304 prepare_warning(warn, dquot, QUOTA_NL_IHARDWARN); 1305 ret = -EDQUOT; 1306 goto out; 1307 } 1308 1309 if (dquot->dq_dqb.dqb_isoftlimit && 1310 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1311 dquot->dq_dqb.dqb_itime && 1312 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_itime && 1313 !ignore_hardlimit(dquot)) { 1314 prepare_warning(warn, dquot, QUOTA_NL_ISOFTLONGWARN); 1315 ret = -EDQUOT; 1316 goto out; 1317 } 1318 1319 if (dquot->dq_dqb.dqb_isoftlimit && 1320 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1321 dquot->dq_dqb.dqb_itime == 0) { 1322 prepare_warning(warn, dquot, QUOTA_NL_ISOFTWARN); 1323 dquot->dq_dqb.dqb_itime = ktime_get_real_seconds() + 1324 sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type].dqi_igrace; 1325 } 1326 add: 1327 dquot->dq_dqb.dqb_curinodes = newinodes; 1328 1329 out: 1330 spin_unlock(&dquot->dq_dqb_lock); 1331 return ret; 1332 } 1333 1334 static int dquot_add_space(struct dquot *dquot, qsize_t space, 1335 qsize_t rsv_space, unsigned int flags, 1336 struct dquot_warn *warn) 1337 { 1338 qsize_t tspace; 1339 struct super_block *sb = dquot->dq_sb; 1340 int ret = 0; 1341 1342 spin_lock(&dquot->dq_dqb_lock); 1343 if (!sb_has_quota_limits_enabled(sb, dquot->dq_id.type) || 1344 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1345 goto finish; 1346 1347 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace 1348 + space + rsv_space; 1349 1350 if (dquot->dq_dqb.dqb_bhardlimit && 1351 tspace > dquot->dq_dqb.dqb_bhardlimit && 1352 !ignore_hardlimit(dquot)) { 1353 if (flags & DQUOT_SPACE_WARN) 1354 prepare_warning(warn, dquot, QUOTA_NL_BHARDWARN); 1355 ret = -EDQUOT; 1356 goto finish; 1357 } 1358 1359 if (dquot->dq_dqb.dqb_bsoftlimit && 1360 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1361 dquot->dq_dqb.dqb_btime && 1362 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_btime && 1363 !ignore_hardlimit(dquot)) { 1364 if (flags & DQUOT_SPACE_WARN) 1365 prepare_warning(warn, dquot, QUOTA_NL_BSOFTLONGWARN); 1366 ret = -EDQUOT; 1367 goto finish; 1368 } 1369 1370 if (dquot->dq_dqb.dqb_bsoftlimit && 1371 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1372 dquot->dq_dqb.dqb_btime == 0) { 1373 if (flags & DQUOT_SPACE_WARN) { 1374 prepare_warning(warn, dquot, QUOTA_NL_BSOFTWARN); 1375 dquot->dq_dqb.dqb_btime = ktime_get_real_seconds() + 1376 sb_dqopt(sb)->info[dquot->dq_id.type].dqi_bgrace; 1377 } else { 1378 /* 1379 * We don't allow preallocation to exceed softlimit so exceeding will 1380 * be always printed 1381 */ 1382 ret = -EDQUOT; 1383 goto finish; 1384 } 1385 } 1386 finish: 1387 /* 1388 * We have to be careful and go through warning generation & grace time 1389 * setting even if DQUOT_SPACE_NOFAIL is set. That's why we check it 1390 * only here... 1391 */ 1392 if (flags & DQUOT_SPACE_NOFAIL) 1393 ret = 0; 1394 if (!ret) { 1395 dquot->dq_dqb.dqb_rsvspace += rsv_space; 1396 dquot->dq_dqb.dqb_curspace += space; 1397 } 1398 spin_unlock(&dquot->dq_dqb_lock); 1399 return ret; 1400 } 1401 1402 static int info_idq_free(struct dquot *dquot, qsize_t inodes) 1403 { 1404 qsize_t newinodes; 1405 1406 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1407 dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit || 1408 !sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type)) 1409 return QUOTA_NL_NOWARN; 1410 1411 newinodes = dquot->dq_dqb.dqb_curinodes - inodes; 1412 if (newinodes <= dquot->dq_dqb.dqb_isoftlimit) 1413 return QUOTA_NL_ISOFTBELOW; 1414 if (dquot->dq_dqb.dqb_curinodes >= dquot->dq_dqb.dqb_ihardlimit && 1415 newinodes < dquot->dq_dqb.dqb_ihardlimit) 1416 return QUOTA_NL_IHARDBELOW; 1417 return QUOTA_NL_NOWARN; 1418 } 1419 1420 static int info_bdq_free(struct dquot *dquot, qsize_t space) 1421 { 1422 qsize_t tspace; 1423 1424 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace; 1425 1426 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1427 tspace <= dquot->dq_dqb.dqb_bsoftlimit) 1428 return QUOTA_NL_NOWARN; 1429 1430 if (tspace - space <= dquot->dq_dqb.dqb_bsoftlimit) 1431 return QUOTA_NL_BSOFTBELOW; 1432 if (tspace >= dquot->dq_dqb.dqb_bhardlimit && 1433 tspace - space < dquot->dq_dqb.dqb_bhardlimit) 1434 return QUOTA_NL_BHARDBELOW; 1435 return QUOTA_NL_NOWARN; 1436 } 1437 1438 static int inode_quota_active(const struct inode *inode) 1439 { 1440 struct super_block *sb = inode->i_sb; 1441 1442 if (IS_NOQUOTA(inode)) 1443 return 0; 1444 return sb_any_quota_loaded(sb) & ~sb_any_quota_suspended(sb); 1445 } 1446 1447 /* 1448 * Initialize quota pointers in inode 1449 * 1450 * It is better to call this function outside of any transaction as it 1451 * might need a lot of space in journal for dquot structure allocation. 1452 */ 1453 static int __dquot_initialize(struct inode *inode, int type) 1454 { 1455 int cnt, init_needed = 0; 1456 struct dquot __rcu **dquots; 1457 struct dquot *got[MAXQUOTAS] = {}; 1458 struct super_block *sb = inode->i_sb; 1459 qsize_t rsv; 1460 int ret = 0; 1461 1462 if (!inode_quota_active(inode)) 1463 return 0; 1464 1465 dquots = i_dquot(inode); 1466 1467 /* First get references to structures we might need. */ 1468 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1469 struct kqid qid; 1470 kprojid_t projid; 1471 int rc; 1472 struct dquot *dquot; 1473 1474 if (type != -1 && cnt != type) 1475 continue; 1476 /* 1477 * The i_dquot should have been initialized in most cases, 1478 * we check it without locking here to avoid unnecessary 1479 * dqget()/dqput() calls. 1480 */ 1481 if (dquots[cnt]) 1482 continue; 1483 1484 if (!sb_has_quota_active(sb, cnt)) 1485 continue; 1486 1487 init_needed = 1; 1488 1489 switch (cnt) { 1490 case USRQUOTA: 1491 qid = make_kqid_uid(inode->i_uid); 1492 break; 1493 case GRPQUOTA: 1494 qid = make_kqid_gid(inode->i_gid); 1495 break; 1496 case PRJQUOTA: 1497 rc = inode->i_sb->dq_op->get_projid(inode, &projid); 1498 if (rc) 1499 continue; 1500 qid = make_kqid_projid(projid); 1501 break; 1502 } 1503 dquot = dqget(sb, qid); 1504 if (IS_ERR(dquot)) { 1505 /* We raced with somebody turning quotas off... */ 1506 if (PTR_ERR(dquot) != -ESRCH) { 1507 ret = PTR_ERR(dquot); 1508 goto out_put; 1509 } 1510 dquot = NULL; 1511 } 1512 got[cnt] = dquot; 1513 } 1514 1515 /* All required i_dquot has been initialized */ 1516 if (!init_needed) 1517 return 0; 1518 1519 spin_lock(&dq_data_lock); 1520 if (IS_NOQUOTA(inode)) 1521 goto out_lock; 1522 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1523 if (type != -1 && cnt != type) 1524 continue; 1525 /* Avoid races with quotaoff() */ 1526 if (!sb_has_quota_active(sb, cnt)) 1527 continue; 1528 /* We could race with quotaon or dqget() could have failed */ 1529 if (!got[cnt]) 1530 continue; 1531 if (!dquots[cnt]) { 1532 rcu_assign_pointer(dquots[cnt], got[cnt]); 1533 got[cnt] = NULL; 1534 /* 1535 * Make quota reservation system happy if someone 1536 * did a write before quota was turned on 1537 */ 1538 rsv = inode_get_rsv_space(inode); 1539 if (unlikely(rsv)) { 1540 struct dquot *dquot = srcu_dereference_check( 1541 dquots[cnt], &dquot_srcu, 1542 lockdep_is_held(&dq_data_lock)); 1543 1544 spin_lock(&inode->i_lock); 1545 /* Get reservation again under proper lock */ 1546 rsv = __inode_get_rsv_space(inode); 1547 spin_lock(&dquot->dq_dqb_lock); 1548 dquot->dq_dqb.dqb_rsvspace += rsv; 1549 spin_unlock(&dquot->dq_dqb_lock); 1550 spin_unlock(&inode->i_lock); 1551 } 1552 } 1553 } 1554 out_lock: 1555 spin_unlock(&dq_data_lock); 1556 out_put: 1557 /* Drop unused references */ 1558 dqput_all(got); 1559 1560 return ret; 1561 } 1562 1563 int dquot_initialize(struct inode *inode) 1564 { 1565 return __dquot_initialize(inode, -1); 1566 } 1567 EXPORT_SYMBOL(dquot_initialize); 1568 1569 bool dquot_initialize_needed(struct inode *inode) 1570 { 1571 struct dquot __rcu **dquots; 1572 int i; 1573 1574 if (!inode_quota_active(inode)) 1575 return false; 1576 1577 dquots = i_dquot(inode); 1578 for (i = 0; i < MAXQUOTAS; i++) 1579 if (!dquots[i] && sb_has_quota_active(inode->i_sb, i)) 1580 return true; 1581 return false; 1582 } 1583 EXPORT_SYMBOL(dquot_initialize_needed); 1584 1585 /* 1586 * Release all quotas referenced by inode. 1587 * 1588 * This function only be called on inode free or converting 1589 * a file to quota file, no other users for the i_dquot in 1590 * both cases, so we needn't call synchronize_srcu() after 1591 * clearing i_dquot. 1592 */ 1593 static void __dquot_drop(struct inode *inode) 1594 { 1595 int cnt; 1596 struct dquot __rcu **dquots = i_dquot(inode); 1597 struct dquot *put[MAXQUOTAS]; 1598 1599 spin_lock(&dq_data_lock); 1600 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1601 put[cnt] = srcu_dereference_check(dquots[cnt], &dquot_srcu, 1602 lockdep_is_held(&dq_data_lock)); 1603 rcu_assign_pointer(dquots[cnt], NULL); 1604 } 1605 spin_unlock(&dq_data_lock); 1606 dqput_all(put); 1607 } 1608 1609 void dquot_drop(struct inode *inode) 1610 { 1611 struct dquot __rcu * const *dquots; 1612 int cnt; 1613 1614 if (IS_NOQUOTA(inode)) 1615 return; 1616 1617 /* 1618 * Test before calling to rule out calls from proc and such 1619 * where we are not allowed to block. Note that this is 1620 * actually reliable test even without the lock - the caller 1621 * must assure that nobody can come after the DQUOT_DROP and 1622 * add quota pointers back anyway. 1623 */ 1624 dquots = i_dquot(inode); 1625 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1626 if (dquots[cnt]) 1627 break; 1628 } 1629 1630 if (cnt < MAXQUOTAS) 1631 __dquot_drop(inode); 1632 } 1633 EXPORT_SYMBOL(dquot_drop); 1634 1635 /* 1636 * inode_reserved_space is managed internally by quota, and protected by 1637 * i_lock similar to i_blocks+i_bytes. 1638 */ 1639 static qsize_t *inode_reserved_space(struct inode * inode) 1640 { 1641 /* Filesystem must explicitly define it's own method in order to use 1642 * quota reservation interface */ 1643 BUG_ON(!inode->i_sb->dq_op->get_reserved_space); 1644 return inode->i_sb->dq_op->get_reserved_space(inode); 1645 } 1646 1647 static qsize_t __inode_get_rsv_space(struct inode *inode) 1648 { 1649 if (!inode->i_sb->dq_op->get_reserved_space) 1650 return 0; 1651 return *inode_reserved_space(inode); 1652 } 1653 1654 static qsize_t inode_get_rsv_space(struct inode *inode) 1655 { 1656 qsize_t ret; 1657 1658 if (!inode->i_sb->dq_op->get_reserved_space) 1659 return 0; 1660 spin_lock(&inode->i_lock); 1661 ret = __inode_get_rsv_space(inode); 1662 spin_unlock(&inode->i_lock); 1663 return ret; 1664 } 1665 1666 /* 1667 * This functions updates i_blocks+i_bytes fields and quota information 1668 * (together with appropriate checks). 1669 * 1670 * NOTE: We absolutely rely on the fact that caller dirties the inode 1671 * (usually helpers in quotaops.h care about this) and holds a handle for 1672 * the current transaction so that dquot write and inode write go into the 1673 * same transaction. 1674 */ 1675 1676 /* 1677 * This operation can block, but only after everything is updated 1678 */ 1679 int __dquot_alloc_space(struct inode *inode, qsize_t number, int flags) 1680 { 1681 int cnt, ret = 0, index; 1682 struct dquot_warn warn[MAXQUOTAS]; 1683 int reserve = flags & DQUOT_SPACE_RESERVE; 1684 struct dquot __rcu **dquots; 1685 struct dquot *dquot; 1686 1687 if (!inode_quota_active(inode)) { 1688 if (reserve) { 1689 spin_lock(&inode->i_lock); 1690 *inode_reserved_space(inode) += number; 1691 spin_unlock(&inode->i_lock); 1692 } else { 1693 inode_add_bytes(inode, number); 1694 } 1695 goto out; 1696 } 1697 1698 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1699 warn[cnt].w_type = QUOTA_NL_NOWARN; 1700 1701 dquots = i_dquot(inode); 1702 index = srcu_read_lock(&dquot_srcu); 1703 spin_lock(&inode->i_lock); 1704 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1705 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1706 if (!dquot) 1707 continue; 1708 if (reserve) { 1709 ret = dquot_add_space(dquot, 0, number, flags, &warn[cnt]); 1710 } else { 1711 ret = dquot_add_space(dquot, number, 0, flags, &warn[cnt]); 1712 } 1713 if (ret) { 1714 /* Back out changes we already did */ 1715 for (cnt--; cnt >= 0; cnt--) { 1716 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1717 if (!dquot) 1718 continue; 1719 spin_lock(&dquot->dq_dqb_lock); 1720 if (reserve) 1721 dquot_free_reserved_space(dquot, number); 1722 else 1723 dquot_decr_space(dquot, number); 1724 spin_unlock(&dquot->dq_dqb_lock); 1725 } 1726 spin_unlock(&inode->i_lock); 1727 goto out_flush_warn; 1728 } 1729 } 1730 if (reserve) 1731 *inode_reserved_space(inode) += number; 1732 else 1733 __inode_add_bytes(inode, number); 1734 spin_unlock(&inode->i_lock); 1735 1736 if (reserve) 1737 goto out_flush_warn; 1738 ret = mark_all_dquot_dirty(dquots); 1739 out_flush_warn: 1740 srcu_read_unlock(&dquot_srcu, index); 1741 flush_warnings(warn); 1742 out: 1743 return ret; 1744 } 1745 EXPORT_SYMBOL(__dquot_alloc_space); 1746 1747 /* 1748 * This operation can block, but only after everything is updated 1749 */ 1750 int dquot_alloc_inode(struct inode *inode) 1751 { 1752 int cnt, ret = 0, index; 1753 struct dquot_warn warn[MAXQUOTAS]; 1754 struct dquot __rcu * const *dquots; 1755 struct dquot *dquot; 1756 1757 if (!inode_quota_active(inode)) 1758 return 0; 1759 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1760 warn[cnt].w_type = QUOTA_NL_NOWARN; 1761 1762 dquots = i_dquot(inode); 1763 index = srcu_read_lock(&dquot_srcu); 1764 spin_lock(&inode->i_lock); 1765 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1766 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1767 if (!dquot) 1768 continue; 1769 ret = dquot_add_inodes(dquot, 1, &warn[cnt]); 1770 if (ret) { 1771 for (cnt--; cnt >= 0; cnt--) { 1772 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1773 if (!dquot) 1774 continue; 1775 /* Back out changes we already did */ 1776 spin_lock(&dquot->dq_dqb_lock); 1777 dquot_decr_inodes(dquot, 1); 1778 spin_unlock(&dquot->dq_dqb_lock); 1779 } 1780 goto warn_put_all; 1781 } 1782 } 1783 1784 warn_put_all: 1785 spin_unlock(&inode->i_lock); 1786 if (ret == 0) 1787 ret = mark_all_dquot_dirty(dquots); 1788 srcu_read_unlock(&dquot_srcu, index); 1789 flush_warnings(warn); 1790 return ret; 1791 } 1792 EXPORT_SYMBOL(dquot_alloc_inode); 1793 1794 /* 1795 * Convert in-memory reserved quotas to real consumed quotas 1796 */ 1797 void dquot_claim_space_nodirty(struct inode *inode, qsize_t number) 1798 { 1799 struct dquot __rcu **dquots; 1800 struct dquot *dquot; 1801 int cnt, index; 1802 1803 if (!inode_quota_active(inode)) { 1804 spin_lock(&inode->i_lock); 1805 *inode_reserved_space(inode) -= number; 1806 __inode_add_bytes(inode, number); 1807 spin_unlock(&inode->i_lock); 1808 return; 1809 } 1810 1811 dquots = i_dquot(inode); 1812 index = srcu_read_lock(&dquot_srcu); 1813 spin_lock(&inode->i_lock); 1814 /* Claim reserved quotas to allocated quotas */ 1815 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1816 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1817 if (dquot) { 1818 spin_lock(&dquot->dq_dqb_lock); 1819 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_rsvspace < number)) 1820 number = dquot->dq_dqb.dqb_rsvspace; 1821 dquot->dq_dqb.dqb_curspace += number; 1822 dquot->dq_dqb.dqb_rsvspace -= number; 1823 spin_unlock(&dquot->dq_dqb_lock); 1824 } 1825 } 1826 /* Update inode bytes */ 1827 *inode_reserved_space(inode) -= number; 1828 __inode_add_bytes(inode, number); 1829 spin_unlock(&inode->i_lock); 1830 mark_all_dquot_dirty(dquots); 1831 srcu_read_unlock(&dquot_srcu, index); 1832 } 1833 EXPORT_SYMBOL(dquot_claim_space_nodirty); 1834 1835 /* 1836 * Convert allocated space back to in-memory reserved quotas 1837 */ 1838 void dquot_reclaim_space_nodirty(struct inode *inode, qsize_t number) 1839 { 1840 struct dquot __rcu **dquots; 1841 struct dquot *dquot; 1842 int cnt, index; 1843 1844 if (!inode_quota_active(inode)) { 1845 spin_lock(&inode->i_lock); 1846 *inode_reserved_space(inode) += number; 1847 __inode_sub_bytes(inode, number); 1848 spin_unlock(&inode->i_lock); 1849 return; 1850 } 1851 1852 dquots = i_dquot(inode); 1853 index = srcu_read_lock(&dquot_srcu); 1854 spin_lock(&inode->i_lock); 1855 /* Claim reserved quotas to allocated quotas */ 1856 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1857 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1858 if (dquot) { 1859 spin_lock(&dquot->dq_dqb_lock); 1860 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_curspace < number)) 1861 number = dquot->dq_dqb.dqb_curspace; 1862 dquot->dq_dqb.dqb_rsvspace += number; 1863 dquot->dq_dqb.dqb_curspace -= number; 1864 spin_unlock(&dquot->dq_dqb_lock); 1865 } 1866 } 1867 /* Update inode bytes */ 1868 *inode_reserved_space(inode) += number; 1869 __inode_sub_bytes(inode, number); 1870 spin_unlock(&inode->i_lock); 1871 mark_all_dquot_dirty(dquots); 1872 srcu_read_unlock(&dquot_srcu, index); 1873 } 1874 EXPORT_SYMBOL(dquot_reclaim_space_nodirty); 1875 1876 /* 1877 * This operation can block, but only after everything is updated 1878 */ 1879 void __dquot_free_space(struct inode *inode, qsize_t number, int flags) 1880 { 1881 unsigned int cnt; 1882 struct dquot_warn warn[MAXQUOTAS]; 1883 struct dquot __rcu **dquots; 1884 struct dquot *dquot; 1885 int reserve = flags & DQUOT_SPACE_RESERVE, index; 1886 1887 if (!inode_quota_active(inode)) { 1888 if (reserve) { 1889 spin_lock(&inode->i_lock); 1890 *inode_reserved_space(inode) -= number; 1891 spin_unlock(&inode->i_lock); 1892 } else { 1893 inode_sub_bytes(inode, number); 1894 } 1895 return; 1896 } 1897 1898 dquots = i_dquot(inode); 1899 index = srcu_read_lock(&dquot_srcu); 1900 spin_lock(&inode->i_lock); 1901 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1902 int wtype; 1903 1904 warn[cnt].w_type = QUOTA_NL_NOWARN; 1905 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1906 if (!dquot) 1907 continue; 1908 spin_lock(&dquot->dq_dqb_lock); 1909 wtype = info_bdq_free(dquot, number); 1910 if (wtype != QUOTA_NL_NOWARN) 1911 prepare_warning(&warn[cnt], dquot, wtype); 1912 if (reserve) 1913 dquot_free_reserved_space(dquot, number); 1914 else 1915 dquot_decr_space(dquot, number); 1916 spin_unlock(&dquot->dq_dqb_lock); 1917 } 1918 if (reserve) 1919 *inode_reserved_space(inode) -= number; 1920 else 1921 __inode_sub_bytes(inode, number); 1922 spin_unlock(&inode->i_lock); 1923 1924 if (reserve) 1925 goto out_unlock; 1926 mark_all_dquot_dirty(dquots); 1927 out_unlock: 1928 srcu_read_unlock(&dquot_srcu, index); 1929 flush_warnings(warn); 1930 } 1931 EXPORT_SYMBOL(__dquot_free_space); 1932 1933 /* 1934 * This operation can block, but only after everything is updated 1935 */ 1936 void dquot_free_inode(struct inode *inode) 1937 { 1938 unsigned int cnt; 1939 struct dquot_warn warn[MAXQUOTAS]; 1940 struct dquot __rcu * const *dquots; 1941 struct dquot *dquot; 1942 int index; 1943 1944 if (!inode_quota_active(inode)) 1945 return; 1946 1947 dquots = i_dquot(inode); 1948 index = srcu_read_lock(&dquot_srcu); 1949 spin_lock(&inode->i_lock); 1950 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1951 int wtype; 1952 warn[cnt].w_type = QUOTA_NL_NOWARN; 1953 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1954 if (!dquot) 1955 continue; 1956 spin_lock(&dquot->dq_dqb_lock); 1957 wtype = info_idq_free(dquot, 1); 1958 if (wtype != QUOTA_NL_NOWARN) 1959 prepare_warning(&warn[cnt], dquot, wtype); 1960 dquot_decr_inodes(dquot, 1); 1961 spin_unlock(&dquot->dq_dqb_lock); 1962 } 1963 spin_unlock(&inode->i_lock); 1964 mark_all_dquot_dirty(dquots); 1965 srcu_read_unlock(&dquot_srcu, index); 1966 flush_warnings(warn); 1967 } 1968 EXPORT_SYMBOL(dquot_free_inode); 1969 1970 /* 1971 * Transfer the number of inode and blocks from one diskquota to an other. 1972 * On success, dquot references in transfer_to are consumed and references 1973 * to original dquots that need to be released are placed there. On failure, 1974 * references are kept untouched. 1975 * 1976 * This operation can block, but only after everything is updated 1977 * A transaction must be started when entering this function. 1978 * 1979 * We are holding reference on transfer_from & transfer_to, no need to 1980 * protect them by srcu_read_lock(). 1981 */ 1982 int __dquot_transfer(struct inode *inode, struct dquot **transfer_to) 1983 { 1984 qsize_t cur_space; 1985 qsize_t rsv_space = 0; 1986 qsize_t inode_usage = 1; 1987 struct dquot __rcu **dquots; 1988 struct dquot *transfer_from[MAXQUOTAS] = {}; 1989 int cnt, index, ret = 0, err; 1990 char is_valid[MAXQUOTAS] = {}; 1991 struct dquot_warn warn_to[MAXQUOTAS]; 1992 struct dquot_warn warn_from_inodes[MAXQUOTAS]; 1993 struct dquot_warn warn_from_space[MAXQUOTAS]; 1994 1995 if (IS_NOQUOTA(inode)) 1996 return 0; 1997 1998 if (inode->i_sb->dq_op->get_inode_usage) { 1999 ret = inode->i_sb->dq_op->get_inode_usage(inode, &inode_usage); 2000 if (ret) 2001 return ret; 2002 } 2003 2004 /* Initialize the arrays */ 2005 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2006 warn_to[cnt].w_type = QUOTA_NL_NOWARN; 2007 warn_from_inodes[cnt].w_type = QUOTA_NL_NOWARN; 2008 warn_from_space[cnt].w_type = QUOTA_NL_NOWARN; 2009 } 2010 2011 spin_lock(&dq_data_lock); 2012 spin_lock(&inode->i_lock); 2013 if (IS_NOQUOTA(inode)) { /* File without quota accounting? */ 2014 spin_unlock(&inode->i_lock); 2015 spin_unlock(&dq_data_lock); 2016 return 0; 2017 } 2018 cur_space = __inode_get_bytes(inode); 2019 rsv_space = __inode_get_rsv_space(inode); 2020 dquots = i_dquot(inode); 2021 /* 2022 * Build the transfer_from list, check limits, and update usage in 2023 * the target structures. 2024 */ 2025 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2026 /* 2027 * Skip changes for same uid or gid or for turned off quota-type. 2028 */ 2029 if (!transfer_to[cnt]) 2030 continue; 2031 /* Avoid races with quotaoff() */ 2032 if (!sb_has_quota_active(inode->i_sb, cnt)) 2033 continue; 2034 is_valid[cnt] = 1; 2035 transfer_from[cnt] = srcu_dereference_check(dquots[cnt], 2036 &dquot_srcu, lockdep_is_held(&dq_data_lock)); 2037 ret = dquot_add_inodes(transfer_to[cnt], inode_usage, 2038 &warn_to[cnt]); 2039 if (ret) 2040 goto over_quota; 2041 ret = dquot_add_space(transfer_to[cnt], cur_space, rsv_space, 2042 DQUOT_SPACE_WARN, &warn_to[cnt]); 2043 if (ret) { 2044 spin_lock(&transfer_to[cnt]->dq_dqb_lock); 2045 dquot_decr_inodes(transfer_to[cnt], inode_usage); 2046 spin_unlock(&transfer_to[cnt]->dq_dqb_lock); 2047 goto over_quota; 2048 } 2049 } 2050 2051 /* Decrease usage for source structures and update quota pointers */ 2052 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2053 if (!is_valid[cnt]) 2054 continue; 2055 /* Due to IO error we might not have transfer_from[] structure */ 2056 if (transfer_from[cnt]) { 2057 int wtype; 2058 2059 spin_lock(&transfer_from[cnt]->dq_dqb_lock); 2060 wtype = info_idq_free(transfer_from[cnt], inode_usage); 2061 if (wtype != QUOTA_NL_NOWARN) 2062 prepare_warning(&warn_from_inodes[cnt], 2063 transfer_from[cnt], wtype); 2064 wtype = info_bdq_free(transfer_from[cnt], 2065 cur_space + rsv_space); 2066 if (wtype != QUOTA_NL_NOWARN) 2067 prepare_warning(&warn_from_space[cnt], 2068 transfer_from[cnt], wtype); 2069 dquot_decr_inodes(transfer_from[cnt], inode_usage); 2070 dquot_decr_space(transfer_from[cnt], cur_space); 2071 dquot_free_reserved_space(transfer_from[cnt], 2072 rsv_space); 2073 spin_unlock(&transfer_from[cnt]->dq_dqb_lock); 2074 } 2075 rcu_assign_pointer(dquots[cnt], transfer_to[cnt]); 2076 } 2077 spin_unlock(&inode->i_lock); 2078 spin_unlock(&dq_data_lock); 2079 2080 /* 2081 * These arrays are local and we hold dquot references so we don't need 2082 * the srcu protection but still take dquot_srcu to avoid warning in 2083 * mark_all_dquot_dirty(). 2084 */ 2085 index = srcu_read_lock(&dquot_srcu); 2086 err = mark_all_dquot_dirty((struct dquot __rcu **)transfer_from); 2087 if (err < 0) 2088 ret = err; 2089 err = mark_all_dquot_dirty((struct dquot __rcu **)transfer_to); 2090 if (err < 0) 2091 ret = err; 2092 srcu_read_unlock(&dquot_srcu, index); 2093 2094 flush_warnings(warn_to); 2095 flush_warnings(warn_from_inodes); 2096 flush_warnings(warn_from_space); 2097 /* Pass back references to put */ 2098 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2099 if (is_valid[cnt]) 2100 transfer_to[cnt] = transfer_from[cnt]; 2101 return ret; 2102 over_quota: 2103 /* Back out changes we already did */ 2104 for (cnt--; cnt >= 0; cnt--) { 2105 if (!is_valid[cnt]) 2106 continue; 2107 spin_lock(&transfer_to[cnt]->dq_dqb_lock); 2108 dquot_decr_inodes(transfer_to[cnt], inode_usage); 2109 dquot_decr_space(transfer_to[cnt], cur_space); 2110 dquot_free_reserved_space(transfer_to[cnt], rsv_space); 2111 spin_unlock(&transfer_to[cnt]->dq_dqb_lock); 2112 } 2113 spin_unlock(&inode->i_lock); 2114 spin_unlock(&dq_data_lock); 2115 flush_warnings(warn_to); 2116 return ret; 2117 } 2118 EXPORT_SYMBOL(__dquot_transfer); 2119 2120 /* Wrapper for transferring ownership of an inode for uid/gid only 2121 * Called from FSXXX_setattr() 2122 */ 2123 int dquot_transfer(struct mnt_idmap *idmap, struct inode *inode, 2124 struct iattr *iattr) 2125 { 2126 struct dquot *transfer_to[MAXQUOTAS] = {}; 2127 struct dquot *dquot; 2128 struct super_block *sb = inode->i_sb; 2129 int ret; 2130 2131 if (!inode_quota_active(inode)) 2132 return 0; 2133 2134 if (i_uid_needs_update(idmap, iattr, inode)) { 2135 kuid_t kuid = from_vfsuid(idmap, i_user_ns(inode), 2136 iattr->ia_vfsuid); 2137 2138 dquot = dqget(sb, make_kqid_uid(kuid)); 2139 if (IS_ERR(dquot)) { 2140 if (PTR_ERR(dquot) != -ESRCH) { 2141 ret = PTR_ERR(dquot); 2142 goto out_put; 2143 } 2144 dquot = NULL; 2145 } 2146 transfer_to[USRQUOTA] = dquot; 2147 } 2148 if (i_gid_needs_update(idmap, iattr, inode)) { 2149 kgid_t kgid = from_vfsgid(idmap, i_user_ns(inode), 2150 iattr->ia_vfsgid); 2151 2152 dquot = dqget(sb, make_kqid_gid(kgid)); 2153 if (IS_ERR(dquot)) { 2154 if (PTR_ERR(dquot) != -ESRCH) { 2155 ret = PTR_ERR(dquot); 2156 goto out_put; 2157 } 2158 dquot = NULL; 2159 } 2160 transfer_to[GRPQUOTA] = dquot; 2161 } 2162 ret = __dquot_transfer(inode, transfer_to); 2163 out_put: 2164 dqput_all(transfer_to); 2165 return ret; 2166 } 2167 EXPORT_SYMBOL(dquot_transfer); 2168 2169 /* 2170 * Write info of quota file to disk 2171 */ 2172 int dquot_commit_info(struct super_block *sb, int type) 2173 { 2174 struct quota_info *dqopt = sb_dqopt(sb); 2175 2176 return dqopt->ops[type]->write_file_info(sb, type); 2177 } 2178 EXPORT_SYMBOL(dquot_commit_info); 2179 2180 int dquot_get_next_id(struct super_block *sb, struct kqid *qid) 2181 { 2182 struct quota_info *dqopt = sb_dqopt(sb); 2183 2184 if (!sb_has_quota_active(sb, qid->type)) 2185 return -ESRCH; 2186 if (!dqopt->ops[qid->type]->get_next_id) 2187 return -ENOSYS; 2188 return dqopt->ops[qid->type]->get_next_id(sb, qid); 2189 } 2190 EXPORT_SYMBOL(dquot_get_next_id); 2191 2192 /* 2193 * Definitions of diskquota operations. 2194 */ 2195 const struct dquot_operations dquot_operations = { 2196 .write_dquot = dquot_commit, 2197 .acquire_dquot = dquot_acquire, 2198 .release_dquot = dquot_release, 2199 .mark_dirty = dquot_mark_dquot_dirty, 2200 .write_info = dquot_commit_info, 2201 .alloc_dquot = dquot_alloc, 2202 .destroy_dquot = dquot_destroy, 2203 .get_next_id = dquot_get_next_id, 2204 }; 2205 EXPORT_SYMBOL(dquot_operations); 2206 2207 /* 2208 * Generic helper for ->open on filesystems supporting disk quotas. 2209 */ 2210 int dquot_file_open(struct inode *inode, struct file *file) 2211 { 2212 int error; 2213 2214 error = generic_file_open(inode, file); 2215 if (!error && (file->f_mode & FMODE_WRITE)) 2216 error = dquot_initialize(inode); 2217 return error; 2218 } 2219 EXPORT_SYMBOL(dquot_file_open); 2220 2221 static void vfs_cleanup_quota_inode(struct super_block *sb, int type) 2222 { 2223 struct quota_info *dqopt = sb_dqopt(sb); 2224 struct inode *inode = dqopt->files[type]; 2225 2226 if (!inode) 2227 return; 2228 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2229 inode_lock(inode); 2230 inode->i_flags &= ~S_NOQUOTA; 2231 inode_unlock(inode); 2232 } 2233 dqopt->files[type] = NULL; 2234 iput(inode); 2235 } 2236 2237 /* 2238 * Turn quota off on a device. type == -1 ==> quotaoff for all types (umount) 2239 */ 2240 int dquot_disable(struct super_block *sb, int type, unsigned int flags) 2241 { 2242 int cnt; 2243 struct quota_info *dqopt = sb_dqopt(sb); 2244 2245 rwsem_assert_held_write(&sb->s_umount); 2246 2247 /* Cannot turn off usage accounting without turning off limits, or 2248 * suspend quotas and simultaneously turn quotas off. */ 2249 if ((flags & DQUOT_USAGE_ENABLED && !(flags & DQUOT_LIMITS_ENABLED)) 2250 || (flags & DQUOT_SUSPENDED && flags & (DQUOT_LIMITS_ENABLED | 2251 DQUOT_USAGE_ENABLED))) 2252 return -EINVAL; 2253 2254 /* 2255 * Skip everything if there's nothing to do. We have to do this because 2256 * sometimes we are called when fill_super() failed and calling 2257 * sync_fs() in such cases does no good. 2258 */ 2259 if (!sb_any_quota_loaded(sb)) 2260 return 0; 2261 2262 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2263 if (type != -1 && cnt != type) 2264 continue; 2265 if (!sb_has_quota_loaded(sb, cnt)) 2266 continue; 2267 2268 if (flags & DQUOT_SUSPENDED) { 2269 spin_lock(&dq_state_lock); 2270 dqopt->flags |= 2271 dquot_state_flag(DQUOT_SUSPENDED, cnt); 2272 spin_unlock(&dq_state_lock); 2273 } else { 2274 spin_lock(&dq_state_lock); 2275 dqopt->flags &= ~dquot_state_flag(flags, cnt); 2276 /* Turning off suspended quotas? */ 2277 if (!sb_has_quota_loaded(sb, cnt) && 2278 sb_has_quota_suspended(sb, cnt)) { 2279 dqopt->flags &= ~dquot_state_flag( 2280 DQUOT_SUSPENDED, cnt); 2281 spin_unlock(&dq_state_lock); 2282 vfs_cleanup_quota_inode(sb, cnt); 2283 continue; 2284 } 2285 spin_unlock(&dq_state_lock); 2286 } 2287 2288 /* We still have to keep quota loaded? */ 2289 if (sb_has_quota_loaded(sb, cnt) && !(flags & DQUOT_SUSPENDED)) 2290 continue; 2291 2292 /* Note: these are blocking operations */ 2293 drop_dquot_ref(sb, cnt); 2294 invalidate_dquots(sb, cnt); 2295 /* 2296 * Now all dquots should be invalidated, all writes done so we 2297 * should be only users of the info. No locks needed. 2298 */ 2299 if (info_dirty(&dqopt->info[cnt])) 2300 sb->dq_op->write_info(sb, cnt); 2301 if (dqopt->ops[cnt]->free_file_info) 2302 dqopt->ops[cnt]->free_file_info(sb, cnt); 2303 put_quota_format(dqopt->info[cnt].dqi_format); 2304 dqopt->info[cnt].dqi_flags = 0; 2305 dqopt->info[cnt].dqi_igrace = 0; 2306 dqopt->info[cnt].dqi_bgrace = 0; 2307 dqopt->ops[cnt] = NULL; 2308 } 2309 2310 /* Skip syncing and setting flags if quota files are hidden */ 2311 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) 2312 goto put_inodes; 2313 2314 /* Sync the superblock so that buffers with quota data are written to 2315 * disk (and so userspace sees correct data afterwards). */ 2316 if (sb->s_op->sync_fs) 2317 sb->s_op->sync_fs(sb, 1); 2318 sync_blockdev(sb->s_bdev); 2319 /* Now the quota files are just ordinary files and we can set the 2320 * inode flags back. Moreover we discard the pagecache so that 2321 * userspace sees the writes we did bypassing the pagecache. We 2322 * must also discard the blockdev buffers so that we see the 2323 * changes done by userspace on the next quotaon() */ 2324 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2325 if (!sb_has_quota_loaded(sb, cnt) && dqopt->files[cnt]) { 2326 inode_lock(dqopt->files[cnt]); 2327 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0); 2328 inode_unlock(dqopt->files[cnt]); 2329 } 2330 if (sb->s_bdev) 2331 invalidate_bdev(sb->s_bdev); 2332 put_inodes: 2333 /* We are done when suspending quotas */ 2334 if (flags & DQUOT_SUSPENDED) 2335 return 0; 2336 2337 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2338 if (!sb_has_quota_loaded(sb, cnt)) 2339 vfs_cleanup_quota_inode(sb, cnt); 2340 return 0; 2341 } 2342 EXPORT_SYMBOL(dquot_disable); 2343 2344 int dquot_quota_off(struct super_block *sb, int type) 2345 { 2346 return dquot_disable(sb, type, 2347 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2348 } 2349 EXPORT_SYMBOL(dquot_quota_off); 2350 2351 /* 2352 * Turn quotas on on a device 2353 */ 2354 2355 static int vfs_setup_quota_inode(struct inode *inode, int type) 2356 { 2357 struct super_block *sb = inode->i_sb; 2358 struct quota_info *dqopt = sb_dqopt(sb); 2359 2360 if (is_bad_inode(inode)) 2361 return -EUCLEAN; 2362 if (!S_ISREG(inode->i_mode)) 2363 return -EACCES; 2364 if (IS_RDONLY(inode)) 2365 return -EROFS; 2366 if (sb_has_quota_loaded(sb, type)) 2367 return -EBUSY; 2368 2369 /* 2370 * Quota files should never be encrypted. They should be thought of as 2371 * filesystem metadata, not user data. New-style internal quota files 2372 * cannot be encrypted by users anyway, but old-style external quota 2373 * files could potentially be incorrectly created in an encrypted 2374 * directory, hence this explicit check. Some reasons why encrypted 2375 * quota files don't work include: (1) some filesystems that support 2376 * encryption don't handle it in their quota_read and quota_write, and 2377 * (2) cleaning up encrypted quota files at unmount would need special 2378 * consideration, as quota files are cleaned up later than user files. 2379 */ 2380 if (IS_ENCRYPTED(inode)) 2381 return -EINVAL; 2382 2383 dqopt->files[type] = igrab(inode); 2384 if (!dqopt->files[type]) 2385 return -EIO; 2386 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2387 /* We don't want quota and atime on quota files (deadlocks 2388 * possible) Also nobody should write to the file - we use 2389 * special IO operations which ignore the immutable bit. */ 2390 inode_lock(inode); 2391 inode->i_flags |= S_NOQUOTA; 2392 inode_unlock(inode); 2393 /* 2394 * When S_NOQUOTA is set, remove dquot references as no more 2395 * references can be added 2396 */ 2397 __dquot_drop(inode); 2398 } 2399 return 0; 2400 } 2401 2402 int dquot_load_quota_sb(struct super_block *sb, int type, int format_id, 2403 unsigned int flags) 2404 { 2405 struct quota_format_type *fmt; 2406 struct quota_info *dqopt = sb_dqopt(sb); 2407 int error; 2408 2409 lockdep_assert_held_write(&sb->s_umount); 2410 2411 /* Just unsuspend quotas? */ 2412 if (WARN_ON_ONCE(flags & DQUOT_SUSPENDED)) 2413 return -EINVAL; 2414 2415 fmt = find_quota_format(format_id); 2416 if (!fmt) 2417 return -ESRCH; 2418 if (!sb->dq_op || !sb->s_qcop || 2419 (type == PRJQUOTA && sb->dq_op->get_projid == NULL)) { 2420 error = -EINVAL; 2421 goto out_fmt; 2422 } 2423 /* Filesystems outside of init_user_ns not yet supported */ 2424 if (sb->s_user_ns != &init_user_ns) { 2425 error = -EINVAL; 2426 goto out_fmt; 2427 } 2428 /* Usage always has to be set... */ 2429 if (!(flags & DQUOT_USAGE_ENABLED)) { 2430 error = -EINVAL; 2431 goto out_fmt; 2432 } 2433 if (sb_has_quota_loaded(sb, type)) { 2434 error = -EBUSY; 2435 goto out_fmt; 2436 } 2437 2438 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2439 /* As we bypass the pagecache we must now flush all the 2440 * dirty data and invalidate caches so that kernel sees 2441 * changes from userspace. It is not enough to just flush 2442 * the quota file since if blocksize < pagesize, invalidation 2443 * of the cache could fail because of other unrelated dirty 2444 * data */ 2445 sync_filesystem(sb); 2446 invalidate_bdev(sb->s_bdev); 2447 } 2448 2449 error = -EINVAL; 2450 if (!fmt->qf_ops->check_quota_file(sb, type)) 2451 goto out_fmt; 2452 2453 dqopt->ops[type] = fmt->qf_ops; 2454 dqopt->info[type].dqi_format = fmt; 2455 dqopt->info[type].dqi_fmt_id = format_id; 2456 INIT_LIST_HEAD(&dqopt->info[type].dqi_dirty_list); 2457 error = dqopt->ops[type]->read_file_info(sb, type); 2458 if (error < 0) 2459 goto out_fmt; 2460 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) { 2461 spin_lock(&dq_data_lock); 2462 dqopt->info[type].dqi_flags |= DQF_SYS_FILE; 2463 spin_unlock(&dq_data_lock); 2464 } 2465 spin_lock(&dq_state_lock); 2466 dqopt->flags |= dquot_state_flag(flags, type); 2467 spin_unlock(&dq_state_lock); 2468 2469 error = add_dquot_ref(sb, type); 2470 if (error) 2471 dquot_disable(sb, type, 2472 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2473 2474 return error; 2475 out_fmt: 2476 put_quota_format(fmt); 2477 2478 return error; 2479 } 2480 EXPORT_SYMBOL(dquot_load_quota_sb); 2481 2482 /* 2483 * More powerful function for turning on quotas on given quota inode allowing 2484 * setting of individual quota flags 2485 */ 2486 int dquot_load_quota_inode(struct inode *inode, int type, int format_id, 2487 unsigned int flags) 2488 { 2489 int err; 2490 2491 err = vfs_setup_quota_inode(inode, type); 2492 if (err < 0) 2493 return err; 2494 err = dquot_load_quota_sb(inode->i_sb, type, format_id, flags); 2495 if (err < 0) 2496 vfs_cleanup_quota_inode(inode->i_sb, type); 2497 return err; 2498 } 2499 EXPORT_SYMBOL(dquot_load_quota_inode); 2500 2501 /* Reenable quotas on remount RW */ 2502 int dquot_resume(struct super_block *sb, int type) 2503 { 2504 struct quota_info *dqopt = sb_dqopt(sb); 2505 int ret = 0, cnt; 2506 unsigned int flags; 2507 2508 rwsem_assert_held_write(&sb->s_umount); 2509 2510 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2511 if (type != -1 && cnt != type) 2512 continue; 2513 if (!sb_has_quota_suspended(sb, cnt)) 2514 continue; 2515 2516 spin_lock(&dq_state_lock); 2517 flags = dqopt->flags & dquot_state_flag(DQUOT_USAGE_ENABLED | 2518 DQUOT_LIMITS_ENABLED, 2519 cnt); 2520 dqopt->flags &= ~dquot_state_flag(DQUOT_STATE_FLAGS, cnt); 2521 spin_unlock(&dq_state_lock); 2522 2523 flags = dquot_generic_flag(flags, cnt); 2524 ret = dquot_load_quota_sb(sb, cnt, dqopt->info[cnt].dqi_fmt_id, 2525 flags); 2526 if (ret < 0) 2527 vfs_cleanup_quota_inode(sb, cnt); 2528 } 2529 2530 return ret; 2531 } 2532 EXPORT_SYMBOL(dquot_resume); 2533 2534 int dquot_quota_on(struct super_block *sb, int type, int format_id, 2535 const struct path *path) 2536 { 2537 int error = security_quota_on(path->dentry); 2538 if (error) 2539 return error; 2540 /* Quota file not on the same filesystem? */ 2541 if (path->dentry->d_sb != sb) 2542 error = -EXDEV; 2543 else 2544 error = dquot_load_quota_inode(d_inode(path->dentry), type, 2545 format_id, DQUOT_USAGE_ENABLED | 2546 DQUOT_LIMITS_ENABLED); 2547 return error; 2548 } 2549 EXPORT_SYMBOL(dquot_quota_on); 2550 2551 /* 2552 * This function is used when filesystem needs to initialize quotas 2553 * during mount time. 2554 */ 2555 int dquot_quota_on_mount(struct super_block *sb, char *qf_name, 2556 int format_id, int type) 2557 { 2558 struct dentry *dentry; 2559 int error; 2560 2561 dentry = lookup_positive_unlocked(qf_name, sb->s_root, strlen(qf_name)); 2562 if (IS_ERR(dentry)) 2563 return PTR_ERR(dentry); 2564 2565 error = security_quota_on(dentry); 2566 if (!error) 2567 error = dquot_load_quota_inode(d_inode(dentry), type, format_id, 2568 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2569 2570 dput(dentry); 2571 return error; 2572 } 2573 EXPORT_SYMBOL(dquot_quota_on_mount); 2574 2575 static int dquot_quota_enable(struct super_block *sb, unsigned int flags) 2576 { 2577 int ret; 2578 int type; 2579 struct quota_info *dqopt = sb_dqopt(sb); 2580 2581 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) 2582 return -ENOSYS; 2583 /* Accounting cannot be turned on while fs is mounted */ 2584 flags &= ~(FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT); 2585 if (!flags) 2586 return -EINVAL; 2587 for (type = 0; type < MAXQUOTAS; type++) { 2588 if (!(flags & qtype_enforce_flag(type))) 2589 continue; 2590 /* Can't enforce without accounting */ 2591 if (!sb_has_quota_usage_enabled(sb, type)) { 2592 ret = -EINVAL; 2593 goto out_err; 2594 } 2595 if (sb_has_quota_limits_enabled(sb, type)) { 2596 /* compatible with XFS */ 2597 ret = -EEXIST; 2598 goto out_err; 2599 } 2600 spin_lock(&dq_state_lock); 2601 dqopt->flags |= dquot_state_flag(DQUOT_LIMITS_ENABLED, type); 2602 spin_unlock(&dq_state_lock); 2603 } 2604 return 0; 2605 out_err: 2606 /* Backout enforcement enablement we already did */ 2607 for (type--; type >= 0; type--) { 2608 if (flags & qtype_enforce_flag(type)) 2609 dquot_disable(sb, type, DQUOT_LIMITS_ENABLED); 2610 } 2611 return ret; 2612 } 2613 2614 static int dquot_quota_disable(struct super_block *sb, unsigned int flags) 2615 { 2616 int ret; 2617 int type; 2618 struct quota_info *dqopt = sb_dqopt(sb); 2619 2620 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) 2621 return -ENOSYS; 2622 /* 2623 * We don't support turning off accounting via quotactl. In principle 2624 * quota infrastructure can do this but filesystems don't expect 2625 * userspace to be able to do it. 2626 */ 2627 if (flags & 2628 (FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT)) 2629 return -EOPNOTSUPP; 2630 2631 /* Filter out limits not enabled */ 2632 for (type = 0; type < MAXQUOTAS; type++) 2633 if (!sb_has_quota_limits_enabled(sb, type)) 2634 flags &= ~qtype_enforce_flag(type); 2635 /* Nothing left? */ 2636 if (!flags) 2637 return -EEXIST; 2638 for (type = 0; type < MAXQUOTAS; type++) { 2639 if (flags & qtype_enforce_flag(type)) { 2640 ret = dquot_disable(sb, type, DQUOT_LIMITS_ENABLED); 2641 if (ret < 0) 2642 goto out_err; 2643 } 2644 } 2645 return 0; 2646 out_err: 2647 /* Backout enforcement disabling we already did */ 2648 for (type--; type >= 0; type--) { 2649 if (flags & qtype_enforce_flag(type)) { 2650 spin_lock(&dq_state_lock); 2651 dqopt->flags |= 2652 dquot_state_flag(DQUOT_LIMITS_ENABLED, type); 2653 spin_unlock(&dq_state_lock); 2654 } 2655 } 2656 return ret; 2657 } 2658 2659 /* Generic routine for getting common part of quota structure */ 2660 static void do_get_dqblk(struct dquot *dquot, struct qc_dqblk *di) 2661 { 2662 struct mem_dqblk *dm = &dquot->dq_dqb; 2663 2664 memset(di, 0, sizeof(*di)); 2665 spin_lock(&dquot->dq_dqb_lock); 2666 di->d_spc_hardlimit = dm->dqb_bhardlimit; 2667 di->d_spc_softlimit = dm->dqb_bsoftlimit; 2668 di->d_ino_hardlimit = dm->dqb_ihardlimit; 2669 di->d_ino_softlimit = dm->dqb_isoftlimit; 2670 di->d_space = dm->dqb_curspace + dm->dqb_rsvspace; 2671 di->d_ino_count = dm->dqb_curinodes; 2672 di->d_spc_timer = dm->dqb_btime; 2673 di->d_ino_timer = dm->dqb_itime; 2674 spin_unlock(&dquot->dq_dqb_lock); 2675 } 2676 2677 int dquot_get_dqblk(struct super_block *sb, struct kqid qid, 2678 struct qc_dqblk *di) 2679 { 2680 struct dquot *dquot; 2681 2682 dquot = dqget(sb, qid); 2683 if (IS_ERR(dquot)) 2684 return PTR_ERR(dquot); 2685 do_get_dqblk(dquot, di); 2686 dqput(dquot); 2687 2688 return 0; 2689 } 2690 EXPORT_SYMBOL(dquot_get_dqblk); 2691 2692 int dquot_get_next_dqblk(struct super_block *sb, struct kqid *qid, 2693 struct qc_dqblk *di) 2694 { 2695 struct dquot *dquot; 2696 int err; 2697 2698 if (!sb->dq_op->get_next_id) 2699 return -ENOSYS; 2700 err = sb->dq_op->get_next_id(sb, qid); 2701 if (err < 0) 2702 return err; 2703 dquot = dqget(sb, *qid); 2704 if (IS_ERR(dquot)) 2705 return PTR_ERR(dquot); 2706 do_get_dqblk(dquot, di); 2707 dqput(dquot); 2708 2709 return 0; 2710 } 2711 EXPORT_SYMBOL(dquot_get_next_dqblk); 2712 2713 #define VFS_QC_MASK \ 2714 (QC_SPACE | QC_SPC_SOFT | QC_SPC_HARD | \ 2715 QC_INO_COUNT | QC_INO_SOFT | QC_INO_HARD | \ 2716 QC_SPC_TIMER | QC_INO_TIMER) 2717 2718 /* Generic routine for setting common part of quota structure */ 2719 static int do_set_dqblk(struct dquot *dquot, struct qc_dqblk *di) 2720 { 2721 struct mem_dqblk *dm = &dquot->dq_dqb; 2722 int check_blim = 0, check_ilim = 0; 2723 struct mem_dqinfo *dqi = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type]; 2724 int ret; 2725 2726 if (di->d_fieldmask & ~VFS_QC_MASK) 2727 return -EINVAL; 2728 2729 if (((di->d_fieldmask & QC_SPC_SOFT) && 2730 di->d_spc_softlimit > dqi->dqi_max_spc_limit) || 2731 ((di->d_fieldmask & QC_SPC_HARD) && 2732 di->d_spc_hardlimit > dqi->dqi_max_spc_limit) || 2733 ((di->d_fieldmask & QC_INO_SOFT) && 2734 (di->d_ino_softlimit > dqi->dqi_max_ino_limit)) || 2735 ((di->d_fieldmask & QC_INO_HARD) && 2736 (di->d_ino_hardlimit > dqi->dqi_max_ino_limit))) 2737 return -ERANGE; 2738 2739 spin_lock(&dquot->dq_dqb_lock); 2740 if (di->d_fieldmask & QC_SPACE) { 2741 dm->dqb_curspace = di->d_space - dm->dqb_rsvspace; 2742 check_blim = 1; 2743 set_bit(DQ_LASTSET_B + QIF_SPACE_B, &dquot->dq_flags); 2744 } 2745 2746 if (di->d_fieldmask & QC_SPC_SOFT) 2747 dm->dqb_bsoftlimit = di->d_spc_softlimit; 2748 if (di->d_fieldmask & QC_SPC_HARD) 2749 dm->dqb_bhardlimit = di->d_spc_hardlimit; 2750 if (di->d_fieldmask & (QC_SPC_SOFT | QC_SPC_HARD)) { 2751 check_blim = 1; 2752 set_bit(DQ_LASTSET_B + QIF_BLIMITS_B, &dquot->dq_flags); 2753 } 2754 2755 if (di->d_fieldmask & QC_INO_COUNT) { 2756 dm->dqb_curinodes = di->d_ino_count; 2757 check_ilim = 1; 2758 set_bit(DQ_LASTSET_B + QIF_INODES_B, &dquot->dq_flags); 2759 } 2760 2761 if (di->d_fieldmask & QC_INO_SOFT) 2762 dm->dqb_isoftlimit = di->d_ino_softlimit; 2763 if (di->d_fieldmask & QC_INO_HARD) 2764 dm->dqb_ihardlimit = di->d_ino_hardlimit; 2765 if (di->d_fieldmask & (QC_INO_SOFT | QC_INO_HARD)) { 2766 check_ilim = 1; 2767 set_bit(DQ_LASTSET_B + QIF_ILIMITS_B, &dquot->dq_flags); 2768 } 2769 2770 if (di->d_fieldmask & QC_SPC_TIMER) { 2771 dm->dqb_btime = di->d_spc_timer; 2772 check_blim = 1; 2773 set_bit(DQ_LASTSET_B + QIF_BTIME_B, &dquot->dq_flags); 2774 } 2775 2776 if (di->d_fieldmask & QC_INO_TIMER) { 2777 dm->dqb_itime = di->d_ino_timer; 2778 check_ilim = 1; 2779 set_bit(DQ_LASTSET_B + QIF_ITIME_B, &dquot->dq_flags); 2780 } 2781 2782 if (check_blim) { 2783 if (!dm->dqb_bsoftlimit || 2784 dm->dqb_curspace + dm->dqb_rsvspace <= dm->dqb_bsoftlimit) { 2785 dm->dqb_btime = 0; 2786 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 2787 } else if (!(di->d_fieldmask & QC_SPC_TIMER)) 2788 /* Set grace only if user hasn't provided his own... */ 2789 dm->dqb_btime = ktime_get_real_seconds() + dqi->dqi_bgrace; 2790 } 2791 if (check_ilim) { 2792 if (!dm->dqb_isoftlimit || 2793 dm->dqb_curinodes <= dm->dqb_isoftlimit) { 2794 dm->dqb_itime = 0; 2795 clear_bit(DQ_INODES_B, &dquot->dq_flags); 2796 } else if (!(di->d_fieldmask & QC_INO_TIMER)) 2797 /* Set grace only if user hasn't provided his own... */ 2798 dm->dqb_itime = ktime_get_real_seconds() + dqi->dqi_igrace; 2799 } 2800 if (dm->dqb_bhardlimit || dm->dqb_bsoftlimit || dm->dqb_ihardlimit || 2801 dm->dqb_isoftlimit) 2802 clear_bit(DQ_FAKE_B, &dquot->dq_flags); 2803 else 2804 set_bit(DQ_FAKE_B, &dquot->dq_flags); 2805 spin_unlock(&dquot->dq_dqb_lock); 2806 ret = mark_dquot_dirty(dquot); 2807 if (ret < 0) 2808 return ret; 2809 return 0; 2810 } 2811 2812 int dquot_set_dqblk(struct super_block *sb, struct kqid qid, 2813 struct qc_dqblk *di) 2814 { 2815 struct dquot *dquot; 2816 int rc; 2817 2818 dquot = dqget(sb, qid); 2819 if (IS_ERR(dquot)) { 2820 rc = PTR_ERR(dquot); 2821 goto out; 2822 } 2823 rc = do_set_dqblk(dquot, di); 2824 dqput(dquot); 2825 out: 2826 return rc; 2827 } 2828 EXPORT_SYMBOL(dquot_set_dqblk); 2829 2830 /* Generic routine for getting common part of quota file information */ 2831 int dquot_get_state(struct super_block *sb, struct qc_state *state) 2832 { 2833 struct mem_dqinfo *mi; 2834 struct qc_type_state *tstate; 2835 struct quota_info *dqopt = sb_dqopt(sb); 2836 int type; 2837 2838 memset(state, 0, sizeof(*state)); 2839 for (type = 0; type < MAXQUOTAS; type++) { 2840 if (!sb_has_quota_active(sb, type)) 2841 continue; 2842 tstate = state->s_state + type; 2843 mi = sb_dqopt(sb)->info + type; 2844 tstate->flags = QCI_ACCT_ENABLED; 2845 spin_lock(&dq_data_lock); 2846 if (mi->dqi_flags & DQF_SYS_FILE) 2847 tstate->flags |= QCI_SYSFILE; 2848 if (mi->dqi_flags & DQF_ROOT_SQUASH) 2849 tstate->flags |= QCI_ROOT_SQUASH; 2850 if (sb_has_quota_limits_enabled(sb, type)) 2851 tstate->flags |= QCI_LIMITS_ENFORCED; 2852 tstate->spc_timelimit = mi->dqi_bgrace; 2853 tstate->ino_timelimit = mi->dqi_igrace; 2854 if (dqopt->files[type]) { 2855 tstate->ino = dqopt->files[type]->i_ino; 2856 tstate->blocks = dqopt->files[type]->i_blocks; 2857 } 2858 tstate->nextents = 1; /* We don't know... */ 2859 spin_unlock(&dq_data_lock); 2860 } 2861 return 0; 2862 } 2863 EXPORT_SYMBOL(dquot_get_state); 2864 2865 /* Generic routine for setting common part of quota file information */ 2866 int dquot_set_dqinfo(struct super_block *sb, int type, struct qc_info *ii) 2867 { 2868 struct mem_dqinfo *mi; 2869 2870 if ((ii->i_fieldmask & QC_WARNS_MASK) || 2871 (ii->i_fieldmask & QC_RT_SPC_TIMER)) 2872 return -EINVAL; 2873 if (!sb_has_quota_active(sb, type)) 2874 return -ESRCH; 2875 mi = sb_dqopt(sb)->info + type; 2876 if (ii->i_fieldmask & QC_FLAGS) { 2877 if ((ii->i_flags & QCI_ROOT_SQUASH && 2878 mi->dqi_format->qf_fmt_id != QFMT_VFS_OLD)) 2879 return -EINVAL; 2880 } 2881 spin_lock(&dq_data_lock); 2882 if (ii->i_fieldmask & QC_SPC_TIMER) 2883 mi->dqi_bgrace = ii->i_spc_timelimit; 2884 if (ii->i_fieldmask & QC_INO_TIMER) 2885 mi->dqi_igrace = ii->i_ino_timelimit; 2886 if (ii->i_fieldmask & QC_FLAGS) { 2887 if (ii->i_flags & QCI_ROOT_SQUASH) 2888 mi->dqi_flags |= DQF_ROOT_SQUASH; 2889 else 2890 mi->dqi_flags &= ~DQF_ROOT_SQUASH; 2891 } 2892 spin_unlock(&dq_data_lock); 2893 mark_info_dirty(sb, type); 2894 /* Force write to disk */ 2895 return sb->dq_op->write_info(sb, type); 2896 } 2897 EXPORT_SYMBOL(dquot_set_dqinfo); 2898 2899 const struct quotactl_ops dquot_quotactl_sysfile_ops = { 2900 .quota_enable = dquot_quota_enable, 2901 .quota_disable = dquot_quota_disable, 2902 .quota_sync = dquot_quota_sync, 2903 .get_state = dquot_get_state, 2904 .set_info = dquot_set_dqinfo, 2905 .get_dqblk = dquot_get_dqblk, 2906 .get_nextdqblk = dquot_get_next_dqblk, 2907 .set_dqblk = dquot_set_dqblk 2908 }; 2909 EXPORT_SYMBOL(dquot_quotactl_sysfile_ops); 2910 2911 static int do_proc_dqstats(const struct ctl_table *table, int write, 2912 void *buffer, size_t *lenp, loff_t *ppos) 2913 { 2914 unsigned int type = (unsigned long *)table->data - dqstats.stat; 2915 s64 value = percpu_counter_sum(&dqstats.counter[type]); 2916 2917 /* Filter negative values for non-monotonic counters */ 2918 if (value < 0 && (type == DQST_ALLOC_DQUOTS || 2919 type == DQST_FREE_DQUOTS)) 2920 value = 0; 2921 2922 /* Update global table */ 2923 dqstats.stat[type] = value; 2924 return proc_doulongvec_minmax(table, write, buffer, lenp, ppos); 2925 } 2926 2927 static struct ctl_table fs_dqstats_table[] = { 2928 { 2929 .procname = "lookups", 2930 .data = &dqstats.stat[DQST_LOOKUPS], 2931 .maxlen = sizeof(unsigned long), 2932 .mode = 0444, 2933 .proc_handler = do_proc_dqstats, 2934 }, 2935 { 2936 .procname = "drops", 2937 .data = &dqstats.stat[DQST_DROPS], 2938 .maxlen = sizeof(unsigned long), 2939 .mode = 0444, 2940 .proc_handler = do_proc_dqstats, 2941 }, 2942 { 2943 .procname = "reads", 2944 .data = &dqstats.stat[DQST_READS], 2945 .maxlen = sizeof(unsigned long), 2946 .mode = 0444, 2947 .proc_handler = do_proc_dqstats, 2948 }, 2949 { 2950 .procname = "writes", 2951 .data = &dqstats.stat[DQST_WRITES], 2952 .maxlen = sizeof(unsigned long), 2953 .mode = 0444, 2954 .proc_handler = do_proc_dqstats, 2955 }, 2956 { 2957 .procname = "cache_hits", 2958 .data = &dqstats.stat[DQST_CACHE_HITS], 2959 .maxlen = sizeof(unsigned long), 2960 .mode = 0444, 2961 .proc_handler = do_proc_dqstats, 2962 }, 2963 { 2964 .procname = "allocated_dquots", 2965 .data = &dqstats.stat[DQST_ALLOC_DQUOTS], 2966 .maxlen = sizeof(unsigned long), 2967 .mode = 0444, 2968 .proc_handler = do_proc_dqstats, 2969 }, 2970 { 2971 .procname = "free_dquots", 2972 .data = &dqstats.stat[DQST_FREE_DQUOTS], 2973 .maxlen = sizeof(unsigned long), 2974 .mode = 0444, 2975 .proc_handler = do_proc_dqstats, 2976 }, 2977 { 2978 .procname = "syncs", 2979 .data = &dqstats.stat[DQST_SYNCS], 2980 .maxlen = sizeof(unsigned long), 2981 .mode = 0444, 2982 .proc_handler = do_proc_dqstats, 2983 }, 2984 #ifdef CONFIG_PRINT_QUOTA_WARNING 2985 { 2986 .procname = "warnings", 2987 .data = &flag_print_warnings, 2988 .maxlen = sizeof(int), 2989 .mode = 0644, 2990 .proc_handler = proc_dointvec, 2991 }, 2992 #endif 2993 }; 2994 2995 static int __init dquot_init(void) 2996 { 2997 int i, ret; 2998 unsigned long nr_hash, order; 2999 struct shrinker *dqcache_shrinker; 3000 3001 printk(KERN_NOTICE "VFS: Disk quotas %s\n", __DQUOT_VERSION__); 3002 3003 register_sysctl_init("fs/quota", fs_dqstats_table); 3004 3005 dquot_cachep = kmem_cache_create("dquot", 3006 sizeof(struct dquot), sizeof(unsigned long) * 4, 3007 (SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT| 3008 SLAB_PANIC), 3009 NULL); 3010 3011 order = 0; 3012 dquot_hash = (struct hlist_head *)__get_free_pages(GFP_KERNEL, order); 3013 if (!dquot_hash) 3014 panic("Cannot create dquot hash table"); 3015 3016 ret = percpu_counter_init_many(dqstats.counter, 0, GFP_KERNEL, 3017 _DQST_DQSTAT_LAST); 3018 if (ret) 3019 panic("Cannot create dquot stat counters"); 3020 3021 /* Find power-of-two hlist_heads which can fit into allocation */ 3022 nr_hash = (1UL << order) * PAGE_SIZE / sizeof(struct hlist_head); 3023 dq_hash_bits = ilog2(nr_hash); 3024 3025 nr_hash = 1UL << dq_hash_bits; 3026 dq_hash_mask = nr_hash - 1; 3027 for (i = 0; i < nr_hash; i++) 3028 INIT_HLIST_HEAD(dquot_hash + i); 3029 3030 pr_info("VFS: Dquot-cache hash table entries: %ld (order %ld," 3031 " %ld bytes)\n", nr_hash, order, (PAGE_SIZE << order)); 3032 3033 dqcache_shrinker = shrinker_alloc(0, "dquota-cache"); 3034 if (!dqcache_shrinker) 3035 panic("Cannot allocate dquot shrinker"); 3036 3037 dqcache_shrinker->count_objects = dqcache_shrink_count; 3038 dqcache_shrinker->scan_objects = dqcache_shrink_scan; 3039 3040 shrinker_register(dqcache_shrinker); 3041 3042 return 0; 3043 } 3044 fs_initcall(dquot_init); 3045