1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2003 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_format.h" 9 #include "xfs_log_format.h" 10 #include "xfs_shared.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_bit.h" 13 #include "xfs_mount.h" 14 #include "xfs_defer.h" 15 #include "xfs_inode.h" 16 #include "xfs_bmap.h" 17 #include "xfs_quota.h" 18 #include "xfs_trans.h" 19 #include "xfs_buf_item.h" 20 #include "xfs_trans_space.h" 21 #include "xfs_trans_priv.h" 22 #include "xfs_qm.h" 23 #include "xfs_trace.h" 24 #include "xfs_log.h" 25 #include "xfs_bmap_btree.h" 26 #include "xfs_error.h" 27 #include "xfs_health.h" 28 29 /* 30 * Lock order: 31 * 32 * ip->i_lock 33 * qi->qi_tree_lock 34 * dquot->q_qlock (xfs_dqlock() and friends) 35 * dquot->q_flush (xfs_dqflock() and friends) 36 * qi->qi_lru_lock 37 * 38 * If two dquots need to be locked the order is user before group/project, 39 * otherwise by the lowest id first, see xfs_dqlock2. 40 */ 41 42 struct kmem_cache *xfs_dqtrx_cache; 43 static struct kmem_cache *xfs_dquot_cache; 44 45 static struct lock_class_key xfs_dquot_group_class; 46 static struct lock_class_key xfs_dquot_project_class; 47 48 /* Record observations of quota corruption with the health tracking system. */ 49 static void 50 xfs_dquot_mark_sick( 51 struct xfs_dquot *dqp) 52 { 53 struct xfs_mount *mp = dqp->q_mount; 54 55 switch (dqp->q_type) { 56 case XFS_DQTYPE_USER: 57 xfs_fs_mark_sick(mp, XFS_SICK_FS_UQUOTA); 58 break; 59 case XFS_DQTYPE_GROUP: 60 xfs_fs_mark_sick(mp, XFS_SICK_FS_GQUOTA); 61 break; 62 case XFS_DQTYPE_PROJ: 63 xfs_fs_mark_sick(mp, XFS_SICK_FS_PQUOTA); 64 break; 65 default: 66 ASSERT(0); 67 break; 68 } 69 } 70 71 /* 72 * Detach the dquot buffer if it's still attached, because we can get called 73 * through dqpurge after a log shutdown. Caller must hold the dqflock or have 74 * otherwise isolated the dquot. 75 */ 76 void 77 xfs_dquot_detach_buf( 78 struct xfs_dquot *dqp) 79 { 80 struct xfs_dq_logitem *qlip = &dqp->q_logitem; 81 struct xfs_buf *bp = NULL; 82 83 spin_lock(&qlip->qli_lock); 84 if (qlip->qli_item.li_buf) { 85 bp = qlip->qli_item.li_buf; 86 qlip->qli_item.li_buf = NULL; 87 } 88 spin_unlock(&qlip->qli_lock); 89 if (bp) { 90 xfs_buf_lock(bp); 91 list_del_init(&qlip->qli_item.li_bio_list); 92 xfs_buf_relse(bp); 93 } 94 } 95 96 /* 97 * This is called to free all the memory associated with a dquot 98 */ 99 void 100 xfs_qm_dqdestroy( 101 struct xfs_dquot *dqp) 102 { 103 ASSERT(list_empty(&dqp->q_lru)); 104 ASSERT(dqp->q_logitem.qli_item.li_buf == NULL); 105 106 kvfree(dqp->q_logitem.qli_item.li_lv_shadow); 107 mutex_destroy(&dqp->q_qlock); 108 109 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot); 110 kmem_cache_free(xfs_dquot_cache, dqp); 111 } 112 113 /* 114 * If default limits are in force, push them into the dquot now. 115 * We overwrite the dquot limits only if they are zero and this 116 * is not the root dquot. 117 */ 118 void 119 xfs_qm_adjust_dqlimits( 120 struct xfs_dquot *dq) 121 { 122 struct xfs_mount *mp = dq->q_mount; 123 struct xfs_quotainfo *q = mp->m_quotainfo; 124 struct xfs_def_quota *defq; 125 int prealloc = 0; 126 127 ASSERT(dq->q_id); 128 defq = xfs_get_defquota(q, xfs_dquot_type(dq)); 129 130 if (!dq->q_blk.softlimit) { 131 dq->q_blk.softlimit = defq->blk.soft; 132 prealloc = 1; 133 } 134 if (!dq->q_blk.hardlimit) { 135 dq->q_blk.hardlimit = defq->blk.hard; 136 prealloc = 1; 137 } 138 if (!dq->q_ino.softlimit) 139 dq->q_ino.softlimit = defq->ino.soft; 140 if (!dq->q_ino.hardlimit) 141 dq->q_ino.hardlimit = defq->ino.hard; 142 if (!dq->q_rtb.softlimit) 143 dq->q_rtb.softlimit = defq->rtb.soft; 144 if (!dq->q_rtb.hardlimit) 145 dq->q_rtb.hardlimit = defq->rtb.hard; 146 147 if (prealloc) 148 xfs_dquot_set_prealloc_limits(dq); 149 } 150 151 /* Set the expiration time of a quota's grace period. */ 152 time64_t 153 xfs_dquot_set_timeout( 154 struct xfs_mount *mp, 155 time64_t timeout) 156 { 157 struct xfs_quotainfo *qi = mp->m_quotainfo; 158 159 return clamp_t(time64_t, timeout, qi->qi_expiry_min, 160 qi->qi_expiry_max); 161 } 162 163 /* Set the length of the default grace period. */ 164 time64_t 165 xfs_dquot_set_grace_period( 166 time64_t grace) 167 { 168 return clamp_t(time64_t, grace, XFS_DQ_GRACE_MIN, XFS_DQ_GRACE_MAX); 169 } 170 171 /* 172 * Determine if this quota counter is over either limit and set the quota 173 * timers as appropriate. 174 */ 175 static inline void 176 xfs_qm_adjust_res_timer( 177 struct xfs_mount *mp, 178 struct xfs_dquot_res *res, 179 struct xfs_quota_limits *qlim) 180 { 181 ASSERT(res->hardlimit == 0 || res->softlimit <= res->hardlimit); 182 183 if ((res->softlimit && res->count > res->softlimit) || 184 (res->hardlimit && res->count > res->hardlimit)) { 185 if (res->timer == 0) 186 res->timer = xfs_dquot_set_timeout(mp, 187 ktime_get_real_seconds() + qlim->time); 188 } else { 189 res->timer = 0; 190 } 191 } 192 193 /* 194 * Check the limits and timers of a dquot and start or reset timers 195 * if necessary. 196 * This gets called even when quota enforcement is OFF, which makes our 197 * life a little less complicated. (We just don't reject any quota 198 * reservations in that case, when enforcement is off). 199 * We also return 0 as the values of the timers in Q_GETQUOTA calls, when 200 * enforcement's off. 201 * In contrast, warnings are a little different in that they don't 202 * 'automatically' get started when limits get exceeded. They do 203 * get reset to zero, however, when we find the count to be under 204 * the soft limit (they are only ever set non-zero via userspace). 205 */ 206 void 207 xfs_qm_adjust_dqtimers( 208 struct xfs_dquot *dq) 209 { 210 struct xfs_mount *mp = dq->q_mount; 211 struct xfs_quotainfo *qi = mp->m_quotainfo; 212 struct xfs_def_quota *defq; 213 214 ASSERT(dq->q_id); 215 defq = xfs_get_defquota(qi, xfs_dquot_type(dq)); 216 217 xfs_qm_adjust_res_timer(dq->q_mount, &dq->q_blk, &defq->blk); 218 xfs_qm_adjust_res_timer(dq->q_mount, &dq->q_ino, &defq->ino); 219 xfs_qm_adjust_res_timer(dq->q_mount, &dq->q_rtb, &defq->rtb); 220 } 221 222 /* 223 * initialize a buffer full of dquots and log the whole thing 224 */ 225 void 226 xfs_qm_init_dquot_blk( 227 struct xfs_trans *tp, 228 xfs_dqid_t id, 229 xfs_dqtype_t type, 230 struct xfs_buf *bp) 231 { 232 struct xfs_mount *mp = tp->t_mountp; 233 struct xfs_quotainfo *q = mp->m_quotainfo; 234 struct xfs_dqblk *d; 235 xfs_dqid_t curid; 236 unsigned int qflag; 237 unsigned int blftype; 238 int i; 239 240 ASSERT(tp); 241 ASSERT(xfs_buf_islocked(bp)); 242 243 switch (type) { 244 case XFS_DQTYPE_USER: 245 qflag = XFS_UQUOTA_CHKD; 246 blftype = XFS_BLF_UDQUOT_BUF; 247 break; 248 case XFS_DQTYPE_PROJ: 249 qflag = XFS_PQUOTA_CHKD; 250 blftype = XFS_BLF_PDQUOT_BUF; 251 break; 252 case XFS_DQTYPE_GROUP: 253 qflag = XFS_GQUOTA_CHKD; 254 blftype = XFS_BLF_GDQUOT_BUF; 255 break; 256 default: 257 ASSERT(0); 258 return; 259 } 260 261 d = bp->b_addr; 262 263 /* 264 * ID of the first dquot in the block - id's are zero based. 265 */ 266 curid = id - (id % q->qi_dqperchunk); 267 memset(d, 0, BBTOB(q->qi_dqchunklen)); 268 for (i = 0; i < q->qi_dqperchunk; i++, d++, curid++) { 269 d->dd_diskdq.d_magic = cpu_to_be16(XFS_DQUOT_MAGIC); 270 d->dd_diskdq.d_version = XFS_DQUOT_VERSION; 271 d->dd_diskdq.d_id = cpu_to_be32(curid); 272 d->dd_diskdq.d_type = type; 273 if (curid > 0 && xfs_has_bigtime(mp)) 274 d->dd_diskdq.d_type |= XFS_DQTYPE_BIGTIME; 275 if (xfs_has_crc(mp)) { 276 uuid_copy(&d->dd_uuid, &mp->m_sb.sb_meta_uuid); 277 xfs_update_cksum((char *)d, sizeof(struct xfs_dqblk), 278 XFS_DQUOT_CRC_OFF); 279 } 280 } 281 282 xfs_trans_dquot_buf(tp, bp, blftype); 283 284 /* 285 * quotacheck uses delayed writes to update all the dquots on disk in an 286 * efficient manner instead of logging the individual dquot changes as 287 * they are made. However if we log the buffer allocated here and crash 288 * after quotacheck while the logged initialisation is still in the 289 * active region of the log, log recovery can replay the dquot buffer 290 * initialisation over the top of the checked dquots and corrupt quota 291 * accounting. 292 * 293 * To avoid this problem, quotacheck cannot log the initialised buffer. 294 * We must still dirty the buffer and write it back before the 295 * allocation transaction clears the log. Therefore, mark the buffer as 296 * ordered instead of logging it directly. This is safe for quotacheck 297 * because it detects and repairs allocated but initialized dquot blocks 298 * in the quota inodes. 299 */ 300 if (!(mp->m_qflags & qflag)) 301 xfs_trans_ordered_buf(tp, bp); 302 else 303 xfs_trans_log_buf(tp, bp, 0, BBTOB(q->qi_dqchunklen) - 1); 304 } 305 306 static void 307 xfs_dquot_set_prealloc( 308 struct xfs_dquot_pre *pre, 309 const struct xfs_dquot_res *res) 310 { 311 xfs_qcnt_t space; 312 313 pre->q_prealloc_hi_wmark = res->hardlimit; 314 pre->q_prealloc_lo_wmark = res->softlimit; 315 316 space = div_u64(pre->q_prealloc_hi_wmark, 100); 317 if (!pre->q_prealloc_lo_wmark) 318 pre->q_prealloc_lo_wmark = space * 95; 319 320 pre->q_low_space[XFS_QLOWSP_1_PCNT] = space; 321 pre->q_low_space[XFS_QLOWSP_3_PCNT] = space * 3; 322 pre->q_low_space[XFS_QLOWSP_5_PCNT] = space * 5; 323 } 324 325 /* 326 * Initialize the dynamic speculative preallocation thresholds. The lo/hi 327 * watermarks correspond to the soft and hard limits by default. If a soft limit 328 * is not specified, we use 95% of the hard limit. 329 */ 330 void 331 xfs_dquot_set_prealloc_limits(struct xfs_dquot *dqp) 332 { 333 xfs_dquot_set_prealloc(&dqp->q_blk_prealloc, &dqp->q_blk); 334 xfs_dquot_set_prealloc(&dqp->q_rtb_prealloc, &dqp->q_rtb); 335 } 336 337 /* 338 * Ensure that the given in-core dquot has a buffer on disk backing it, and 339 * return the buffer locked and held. This is called when the bmapi finds a 340 * hole. 341 */ 342 STATIC int 343 xfs_dquot_disk_alloc( 344 struct xfs_dquot *dqp, 345 struct xfs_buf **bpp) 346 { 347 struct xfs_bmbt_irec map; 348 struct xfs_trans *tp; 349 struct xfs_mount *mp = dqp->q_mount; 350 struct xfs_buf *bp; 351 xfs_dqtype_t qtype = xfs_dquot_type(dqp); 352 struct xfs_inode *quotip = xfs_quota_inode(mp, qtype); 353 int nmaps = 1; 354 int error; 355 356 trace_xfs_dqalloc(dqp); 357 358 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_qm_dqalloc, 359 XFS_QM_DQALLOC_SPACE_RES(mp), 0, 0, &tp); 360 if (error) 361 return error; 362 363 xfs_ilock(quotip, XFS_ILOCK_EXCL); 364 xfs_trans_ijoin(tp, quotip, 0); 365 366 if (!xfs_this_quota_on(dqp->q_mount, qtype)) { 367 /* 368 * Return if this type of quotas is turned off while we didn't 369 * have an inode lock 370 */ 371 error = -ESRCH; 372 goto err_cancel; 373 } 374 375 error = xfs_iext_count_extend(tp, quotip, XFS_DATA_FORK, 376 XFS_IEXT_ADD_NOSPLIT_CNT); 377 if (error) 378 goto err_cancel; 379 380 /* Create the block mapping. */ 381 error = xfs_bmapi_write(tp, quotip, dqp->q_fileoffset, 382 XFS_DQUOT_CLUSTER_SIZE_FSB, XFS_BMAPI_METADATA, 0, &map, 383 &nmaps); 384 if (error) 385 goto err_cancel; 386 387 ASSERT(map.br_blockcount == XFS_DQUOT_CLUSTER_SIZE_FSB); 388 ASSERT((map.br_startblock != DELAYSTARTBLOCK) && 389 (map.br_startblock != HOLESTARTBLOCK)); 390 391 /* 392 * Keep track of the blkno to save a lookup later 393 */ 394 dqp->q_blkno = XFS_FSB_TO_DADDR(mp, map.br_startblock); 395 396 /* now we can just get the buffer (there's nothing to read yet) */ 397 error = xfs_trans_get_buf(tp, mp->m_ddev_targp, dqp->q_blkno, 398 mp->m_quotainfo->qi_dqchunklen, 0, &bp); 399 if (error) 400 goto err_cancel; 401 bp->b_ops = &xfs_dquot_buf_ops; 402 403 /* 404 * Make a chunk of dquots out of this buffer and log 405 * the entire thing. 406 */ 407 xfs_qm_init_dquot_blk(tp, dqp->q_id, qtype, bp); 408 xfs_buf_set_ref(bp, XFS_DQUOT_REF); 409 410 /* 411 * Hold the buffer and join it to the dfops so that we'll still own 412 * the buffer when we return to the caller. The buffer disposal on 413 * error must be paid attention to very carefully, as it has been 414 * broken since commit efa092f3d4c6 "[XFS] Fixes a bug in the quota 415 * code when allocating a new dquot record" in 2005, and the later 416 * conversion to xfs_defer_ops in commit 310a75a3c6c747 failed to keep 417 * the buffer locked across the _defer_finish call. We can now do 418 * this correctly with xfs_defer_bjoin. 419 * 420 * Above, we allocated a disk block for the dquot information and used 421 * get_buf to initialize the dquot. If the _defer_finish fails, the old 422 * transaction is gone but the new buffer is not joined or held to any 423 * transaction, so we must _buf_relse it. 424 * 425 * If everything succeeds, the caller of this function is returned a 426 * buffer that is locked and held to the transaction. The caller 427 * is responsible for unlocking any buffer passed back, either 428 * manually or by committing the transaction. On error, the buffer is 429 * released and not passed back. 430 * 431 * Keep the quota inode ILOCKed until after the transaction commit to 432 * maintain the atomicity of bmap/rmap updates. 433 */ 434 xfs_trans_bhold(tp, bp); 435 error = xfs_trans_commit(tp); 436 xfs_iunlock(quotip, XFS_ILOCK_EXCL); 437 if (error) { 438 xfs_buf_relse(bp); 439 return error; 440 } 441 442 *bpp = bp; 443 return 0; 444 445 err_cancel: 446 xfs_trans_cancel(tp); 447 xfs_iunlock(quotip, XFS_ILOCK_EXCL); 448 return error; 449 } 450 451 /* 452 * Read in the in-core dquot's on-disk metadata and return the buffer. 453 * Returns ENOENT to signal a hole. 454 */ 455 STATIC int 456 xfs_dquot_disk_read( 457 struct xfs_mount *mp, 458 struct xfs_dquot *dqp, 459 struct xfs_buf **bpp) 460 { 461 struct xfs_bmbt_irec map; 462 struct xfs_buf *bp; 463 xfs_dqtype_t qtype = xfs_dquot_type(dqp); 464 struct xfs_inode *quotip = xfs_quota_inode(mp, qtype); 465 uint lock_mode; 466 int nmaps = 1; 467 int error; 468 469 lock_mode = xfs_ilock_data_map_shared(quotip); 470 if (!xfs_this_quota_on(mp, qtype)) { 471 /* 472 * Return if this type of quotas is turned off while we 473 * didn't have the quota inode lock. 474 */ 475 xfs_iunlock(quotip, lock_mode); 476 return -ESRCH; 477 } 478 479 /* 480 * Find the block map; no allocations yet 481 */ 482 error = xfs_bmapi_read(quotip, dqp->q_fileoffset, 483 XFS_DQUOT_CLUSTER_SIZE_FSB, &map, &nmaps, 0); 484 xfs_iunlock(quotip, lock_mode); 485 if (error) 486 return error; 487 488 ASSERT(nmaps == 1); 489 ASSERT(map.br_blockcount >= 1); 490 ASSERT(map.br_startblock != DELAYSTARTBLOCK); 491 if (map.br_startblock == HOLESTARTBLOCK) 492 return -ENOENT; 493 494 trace_xfs_dqtobp_read(dqp); 495 496 /* 497 * store the blkno etc so that we don't have to do the 498 * mapping all the time 499 */ 500 dqp->q_blkno = XFS_FSB_TO_DADDR(mp, map.br_startblock); 501 502 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, dqp->q_blkno, 503 mp->m_quotainfo->qi_dqchunklen, 0, &bp, 504 &xfs_dquot_buf_ops); 505 if (xfs_metadata_is_sick(error)) 506 xfs_dquot_mark_sick(dqp); 507 if (error) { 508 ASSERT(bp == NULL); 509 return error; 510 } 511 512 ASSERT(xfs_buf_islocked(bp)); 513 xfs_buf_set_ref(bp, XFS_DQUOT_REF); 514 *bpp = bp; 515 516 return 0; 517 } 518 519 /* Allocate and initialize everything we need for an incore dquot. */ 520 STATIC struct xfs_dquot * 521 xfs_dquot_alloc( 522 struct xfs_mount *mp, 523 xfs_dqid_t id, 524 xfs_dqtype_t type) 525 { 526 struct xfs_dquot *dqp; 527 528 dqp = kmem_cache_zalloc(xfs_dquot_cache, GFP_KERNEL | __GFP_NOFAIL); 529 530 dqp->q_type = type; 531 dqp->q_id = id; 532 dqp->q_mount = mp; 533 INIT_LIST_HEAD(&dqp->q_lru); 534 mutex_init(&dqp->q_qlock); 535 init_waitqueue_head(&dqp->q_pinwait); 536 dqp->q_fileoffset = (xfs_fileoff_t)id / mp->m_quotainfo->qi_dqperchunk; 537 /* 538 * Offset of dquot in the (fixed sized) dquot chunk. 539 */ 540 dqp->q_bufoffset = (id % mp->m_quotainfo->qi_dqperchunk) * 541 sizeof(struct xfs_dqblk); 542 543 /* 544 * Because we want to use a counting completion, complete 545 * the flush completion once to allow a single access to 546 * the flush completion without blocking. 547 */ 548 init_completion(&dqp->q_flush); 549 complete(&dqp->q_flush); 550 551 /* 552 * Make sure group quotas have a different lock class than user 553 * quotas. 554 */ 555 switch (type) { 556 case XFS_DQTYPE_USER: 557 /* uses the default lock class */ 558 break; 559 case XFS_DQTYPE_GROUP: 560 lockdep_set_class(&dqp->q_qlock, &xfs_dquot_group_class); 561 break; 562 case XFS_DQTYPE_PROJ: 563 lockdep_set_class(&dqp->q_qlock, &xfs_dquot_project_class); 564 break; 565 default: 566 ASSERT(0); 567 break; 568 } 569 570 xfs_qm_dquot_logitem_init(dqp); 571 572 XFS_STATS_INC(mp, xs_qm_dquot); 573 return dqp; 574 } 575 576 /* Check the ondisk dquot's id and type match what the incore dquot expects. */ 577 static bool 578 xfs_dquot_check_type( 579 struct xfs_dquot *dqp, 580 struct xfs_disk_dquot *ddqp) 581 { 582 uint8_t ddqp_type; 583 uint8_t dqp_type; 584 585 ddqp_type = ddqp->d_type & XFS_DQTYPE_REC_MASK; 586 dqp_type = xfs_dquot_type(dqp); 587 588 if (be32_to_cpu(ddqp->d_id) != dqp->q_id) 589 return false; 590 591 /* 592 * V5 filesystems always expect an exact type match. V4 filesystems 593 * expect an exact match for user dquots and for non-root group and 594 * project dquots. 595 */ 596 if (xfs_has_crc(dqp->q_mount) || 597 dqp_type == XFS_DQTYPE_USER || dqp->q_id != 0) 598 return ddqp_type == dqp_type; 599 600 /* 601 * V4 filesystems support either group or project quotas, but not both 602 * at the same time. The non-user quota file can be switched between 603 * group and project quota uses depending on the mount options, which 604 * means that we can encounter the other type when we try to load quota 605 * defaults. Quotacheck will soon reset the entire quota file 606 * (including the root dquot) anyway, but don't log scary corruption 607 * reports to dmesg. 608 */ 609 return ddqp_type == XFS_DQTYPE_GROUP || ddqp_type == XFS_DQTYPE_PROJ; 610 } 611 612 /* Copy the in-core quota fields in from the on-disk buffer. */ 613 STATIC int 614 xfs_dquot_from_disk( 615 struct xfs_dquot *dqp, 616 struct xfs_buf *bp) 617 { 618 struct xfs_dqblk *dqb = xfs_buf_offset(bp, dqp->q_bufoffset); 619 struct xfs_disk_dquot *ddqp = &dqb->dd_diskdq; 620 621 /* 622 * Ensure that we got the type and ID we were looking for. 623 * Everything else was checked by the dquot buffer verifier. 624 */ 625 if (!xfs_dquot_check_type(dqp, ddqp)) { 626 xfs_alert_tag(bp->b_mount, XFS_PTAG_VERIFIER_ERROR, 627 "Metadata corruption detected at %pS, quota %u", 628 __this_address, dqp->q_id); 629 xfs_alert(bp->b_mount, "Unmount and run xfs_repair"); 630 xfs_dquot_mark_sick(dqp); 631 return -EFSCORRUPTED; 632 } 633 634 /* copy everything from disk dquot to the incore dquot */ 635 dqp->q_type = ddqp->d_type; 636 dqp->q_blk.hardlimit = be64_to_cpu(ddqp->d_blk_hardlimit); 637 dqp->q_blk.softlimit = be64_to_cpu(ddqp->d_blk_softlimit); 638 dqp->q_ino.hardlimit = be64_to_cpu(ddqp->d_ino_hardlimit); 639 dqp->q_ino.softlimit = be64_to_cpu(ddqp->d_ino_softlimit); 640 dqp->q_rtb.hardlimit = be64_to_cpu(ddqp->d_rtb_hardlimit); 641 dqp->q_rtb.softlimit = be64_to_cpu(ddqp->d_rtb_softlimit); 642 643 dqp->q_blk.count = be64_to_cpu(ddqp->d_bcount); 644 dqp->q_ino.count = be64_to_cpu(ddqp->d_icount); 645 dqp->q_rtb.count = be64_to_cpu(ddqp->d_rtbcount); 646 647 dqp->q_blk.timer = xfs_dquot_from_disk_ts(ddqp, ddqp->d_btimer); 648 dqp->q_ino.timer = xfs_dquot_from_disk_ts(ddqp, ddqp->d_itimer); 649 dqp->q_rtb.timer = xfs_dquot_from_disk_ts(ddqp, ddqp->d_rtbtimer); 650 651 /* 652 * Reservation counters are defined as reservation plus current usage 653 * to avoid having to add every time. 654 */ 655 dqp->q_blk.reserved = dqp->q_blk.count; 656 dqp->q_ino.reserved = dqp->q_ino.count; 657 dqp->q_rtb.reserved = dqp->q_rtb.count; 658 659 /* initialize the dquot speculative prealloc thresholds */ 660 xfs_dquot_set_prealloc_limits(dqp); 661 return 0; 662 } 663 664 /* Copy the in-core quota fields into the on-disk buffer. */ 665 void 666 xfs_dquot_to_disk( 667 struct xfs_disk_dquot *ddqp, 668 struct xfs_dquot *dqp) 669 { 670 ddqp->d_magic = cpu_to_be16(XFS_DQUOT_MAGIC); 671 ddqp->d_version = XFS_DQUOT_VERSION; 672 ddqp->d_type = dqp->q_type; 673 ddqp->d_id = cpu_to_be32(dqp->q_id); 674 ddqp->d_pad0 = 0; 675 ddqp->d_pad = 0; 676 677 ddqp->d_blk_hardlimit = cpu_to_be64(dqp->q_blk.hardlimit); 678 ddqp->d_blk_softlimit = cpu_to_be64(dqp->q_blk.softlimit); 679 ddqp->d_ino_hardlimit = cpu_to_be64(dqp->q_ino.hardlimit); 680 ddqp->d_ino_softlimit = cpu_to_be64(dqp->q_ino.softlimit); 681 ddqp->d_rtb_hardlimit = cpu_to_be64(dqp->q_rtb.hardlimit); 682 ddqp->d_rtb_softlimit = cpu_to_be64(dqp->q_rtb.softlimit); 683 684 ddqp->d_bcount = cpu_to_be64(dqp->q_blk.count); 685 ddqp->d_icount = cpu_to_be64(dqp->q_ino.count); 686 ddqp->d_rtbcount = cpu_to_be64(dqp->q_rtb.count); 687 688 ddqp->d_bwarns = 0; 689 ddqp->d_iwarns = 0; 690 ddqp->d_rtbwarns = 0; 691 692 ddqp->d_btimer = xfs_dquot_to_disk_ts(dqp, dqp->q_blk.timer); 693 ddqp->d_itimer = xfs_dquot_to_disk_ts(dqp, dqp->q_ino.timer); 694 ddqp->d_rtbtimer = xfs_dquot_to_disk_ts(dqp, dqp->q_rtb.timer); 695 } 696 697 /* 698 * Read in the ondisk dquot using dqtobp() then copy it to an incore version, 699 * and release the buffer immediately. If @can_alloc is true, fill any 700 * holes in the on-disk metadata. 701 */ 702 static int 703 xfs_qm_dqread( 704 struct xfs_mount *mp, 705 xfs_dqid_t id, 706 xfs_dqtype_t type, 707 bool can_alloc, 708 struct xfs_dquot **dqpp) 709 { 710 struct xfs_dquot *dqp; 711 struct xfs_buf *bp; 712 int error; 713 714 dqp = xfs_dquot_alloc(mp, id, type); 715 trace_xfs_dqread(dqp); 716 717 /* Try to read the buffer, allocating if necessary. */ 718 error = xfs_dquot_disk_read(mp, dqp, &bp); 719 if (error == -ENOENT && can_alloc) 720 error = xfs_dquot_disk_alloc(dqp, &bp); 721 if (error) 722 goto err; 723 724 /* 725 * At this point we should have a clean locked buffer. Copy the data 726 * to the incore dquot and release the buffer since the incore dquot 727 * has its own locking protocol so we needn't tie up the buffer any 728 * further. 729 */ 730 ASSERT(xfs_buf_islocked(bp)); 731 error = xfs_dquot_from_disk(dqp, bp); 732 xfs_buf_relse(bp); 733 if (error) 734 goto err; 735 736 *dqpp = dqp; 737 return error; 738 739 err: 740 trace_xfs_dqread_fail(dqp); 741 xfs_qm_dqdestroy(dqp); 742 *dqpp = NULL; 743 return error; 744 } 745 746 /* 747 * Advance to the next id in the current chunk, or if at the 748 * end of the chunk, skip ahead to first id in next allocated chunk 749 * using the SEEK_DATA interface. 750 */ 751 static int 752 xfs_dq_get_next_id( 753 struct xfs_mount *mp, 754 xfs_dqtype_t type, 755 xfs_dqid_t *id) 756 { 757 struct xfs_inode *quotip = xfs_quota_inode(mp, type); 758 xfs_dqid_t next_id = *id + 1; /* simple advance */ 759 uint lock_flags; 760 struct xfs_bmbt_irec got; 761 struct xfs_iext_cursor cur; 762 xfs_fsblock_t start; 763 int error = 0; 764 765 /* If we'd wrap past the max ID, stop */ 766 if (next_id < *id) 767 return -ENOENT; 768 769 /* If new ID is within the current chunk, advancing it sufficed */ 770 if (next_id % mp->m_quotainfo->qi_dqperchunk) { 771 *id = next_id; 772 return 0; 773 } 774 775 /* Nope, next_id is now past the current chunk, so find the next one */ 776 start = (xfs_fsblock_t)next_id / mp->m_quotainfo->qi_dqperchunk; 777 778 lock_flags = xfs_ilock_data_map_shared(quotip); 779 error = xfs_iread_extents(NULL, quotip, XFS_DATA_FORK); 780 if (error) 781 return error; 782 783 if (xfs_iext_lookup_extent(quotip, "ip->i_df, start, &cur, &got)) { 784 /* contiguous chunk, bump startoff for the id calculation */ 785 if (got.br_startoff < start) 786 got.br_startoff = start; 787 *id = got.br_startoff * mp->m_quotainfo->qi_dqperchunk; 788 } else { 789 error = -ENOENT; 790 } 791 792 xfs_iunlock(quotip, lock_flags); 793 794 return error; 795 } 796 797 /* 798 * Look up the dquot in the in-core cache. If found, the dquot is returned 799 * locked and ready to go. 800 */ 801 static struct xfs_dquot * 802 xfs_qm_dqget_cache_lookup( 803 struct xfs_mount *mp, 804 struct xfs_quotainfo *qi, 805 struct radix_tree_root *tree, 806 xfs_dqid_t id) 807 { 808 struct xfs_dquot *dqp; 809 810 restart: 811 mutex_lock(&qi->qi_tree_lock); 812 dqp = radix_tree_lookup(tree, id); 813 if (!dqp) { 814 mutex_unlock(&qi->qi_tree_lock); 815 XFS_STATS_INC(mp, xs_qm_dqcachemisses); 816 return NULL; 817 } 818 819 xfs_dqlock(dqp); 820 if (dqp->q_flags & XFS_DQFLAG_FREEING) { 821 xfs_dqunlock(dqp); 822 mutex_unlock(&qi->qi_tree_lock); 823 trace_xfs_dqget_freeing(dqp); 824 delay(1); 825 goto restart; 826 } 827 828 dqp->q_nrefs++; 829 mutex_unlock(&qi->qi_tree_lock); 830 831 trace_xfs_dqget_hit(dqp); 832 XFS_STATS_INC(mp, xs_qm_dqcachehits); 833 return dqp; 834 } 835 836 /* 837 * Try to insert a new dquot into the in-core cache. If an error occurs the 838 * caller should throw away the dquot and start over. Otherwise, the dquot 839 * is returned locked (and held by the cache) as if there had been a cache 840 * hit. 841 * 842 * The insert needs to be done under memalloc_nofs context because the radix 843 * tree can do memory allocation during insert. The qi->qi_tree_lock is taken in 844 * memory reclaim when freeing unused dquots, so we cannot have the radix tree 845 * node allocation recursing into filesystem reclaim whilst we hold the 846 * qi_tree_lock. 847 */ 848 static int 849 xfs_qm_dqget_cache_insert( 850 struct xfs_mount *mp, 851 struct xfs_quotainfo *qi, 852 struct radix_tree_root *tree, 853 xfs_dqid_t id, 854 struct xfs_dquot *dqp) 855 { 856 unsigned int nofs_flags; 857 int error; 858 859 nofs_flags = memalloc_nofs_save(); 860 mutex_lock(&qi->qi_tree_lock); 861 error = radix_tree_insert(tree, id, dqp); 862 if (unlikely(error)) { 863 /* Duplicate found! Caller must try again. */ 864 trace_xfs_dqget_dup(dqp); 865 goto out_unlock; 866 } 867 868 /* Return a locked dquot to the caller, with a reference taken. */ 869 xfs_dqlock(dqp); 870 dqp->q_nrefs = 1; 871 qi->qi_dquots++; 872 873 out_unlock: 874 mutex_unlock(&qi->qi_tree_lock); 875 memalloc_nofs_restore(nofs_flags); 876 return error; 877 } 878 879 /* Check our input parameters. */ 880 static int 881 xfs_qm_dqget_checks( 882 struct xfs_mount *mp, 883 xfs_dqtype_t type) 884 { 885 switch (type) { 886 case XFS_DQTYPE_USER: 887 if (!XFS_IS_UQUOTA_ON(mp)) 888 return -ESRCH; 889 return 0; 890 case XFS_DQTYPE_GROUP: 891 if (!XFS_IS_GQUOTA_ON(mp)) 892 return -ESRCH; 893 return 0; 894 case XFS_DQTYPE_PROJ: 895 if (!XFS_IS_PQUOTA_ON(mp)) 896 return -ESRCH; 897 return 0; 898 default: 899 WARN_ON_ONCE(0); 900 return -EINVAL; 901 } 902 } 903 904 /* 905 * Given the file system, id, and type (UDQUOT/GDQUOT/PDQUOT), return a 906 * locked dquot, doing an allocation (if requested) as needed. 907 */ 908 int 909 xfs_qm_dqget( 910 struct xfs_mount *mp, 911 xfs_dqid_t id, 912 xfs_dqtype_t type, 913 bool can_alloc, 914 struct xfs_dquot **O_dqpp) 915 { 916 struct xfs_quotainfo *qi = mp->m_quotainfo; 917 struct radix_tree_root *tree = xfs_dquot_tree(qi, type); 918 struct xfs_dquot *dqp; 919 int error; 920 921 error = xfs_qm_dqget_checks(mp, type); 922 if (error) 923 return error; 924 925 restart: 926 dqp = xfs_qm_dqget_cache_lookup(mp, qi, tree, id); 927 if (dqp) { 928 *O_dqpp = dqp; 929 return 0; 930 } 931 932 error = xfs_qm_dqread(mp, id, type, can_alloc, &dqp); 933 if (error) 934 return error; 935 936 error = xfs_qm_dqget_cache_insert(mp, qi, tree, id, dqp); 937 if (error) { 938 /* 939 * Duplicate found. Just throw away the new dquot and start 940 * over. 941 */ 942 xfs_qm_dqdestroy(dqp); 943 XFS_STATS_INC(mp, xs_qm_dquot_dups); 944 goto restart; 945 } 946 947 trace_xfs_dqget_miss(dqp); 948 *O_dqpp = dqp; 949 return 0; 950 } 951 952 /* 953 * Given a dquot id and type, read and initialize a dquot from the on-disk 954 * metadata. This function is only for use during quota initialization so 955 * it ignores the dquot cache assuming that the dquot shrinker isn't set up. 956 * The caller is responsible for _qm_dqdestroy'ing the returned dquot. 957 */ 958 int 959 xfs_qm_dqget_uncached( 960 struct xfs_mount *mp, 961 xfs_dqid_t id, 962 xfs_dqtype_t type, 963 struct xfs_dquot **dqpp) 964 { 965 int error; 966 967 error = xfs_qm_dqget_checks(mp, type); 968 if (error) 969 return error; 970 971 return xfs_qm_dqread(mp, id, type, 0, dqpp); 972 } 973 974 /* Return the quota id for a given inode and type. */ 975 xfs_dqid_t 976 xfs_qm_id_for_quotatype( 977 struct xfs_inode *ip, 978 xfs_dqtype_t type) 979 { 980 switch (type) { 981 case XFS_DQTYPE_USER: 982 return i_uid_read(VFS_I(ip)); 983 case XFS_DQTYPE_GROUP: 984 return i_gid_read(VFS_I(ip)); 985 case XFS_DQTYPE_PROJ: 986 return ip->i_projid; 987 } 988 ASSERT(0); 989 return 0; 990 } 991 992 /* 993 * Return the dquot for a given inode and type. If @can_alloc is true, then 994 * allocate blocks if needed. The inode's ILOCK must be held and it must not 995 * have already had an inode attached. 996 */ 997 int 998 xfs_qm_dqget_inode( 999 struct xfs_inode *ip, 1000 xfs_dqtype_t type, 1001 bool can_alloc, 1002 struct xfs_dquot **O_dqpp) 1003 { 1004 struct xfs_mount *mp = ip->i_mount; 1005 struct xfs_quotainfo *qi = mp->m_quotainfo; 1006 struct radix_tree_root *tree = xfs_dquot_tree(qi, type); 1007 struct xfs_dquot *dqp; 1008 xfs_dqid_t id; 1009 int error; 1010 1011 error = xfs_qm_dqget_checks(mp, type); 1012 if (error) 1013 return error; 1014 1015 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); 1016 ASSERT(xfs_inode_dquot(ip, type) == NULL); 1017 ASSERT(!xfs_is_metadir_inode(ip)); 1018 1019 id = xfs_qm_id_for_quotatype(ip, type); 1020 1021 restart: 1022 dqp = xfs_qm_dqget_cache_lookup(mp, qi, tree, id); 1023 if (dqp) { 1024 *O_dqpp = dqp; 1025 return 0; 1026 } 1027 1028 /* 1029 * Dquot cache miss. We don't want to keep the inode lock across 1030 * a (potential) disk read. Also we don't want to deal with the lock 1031 * ordering between quotainode and this inode. OTOH, dropping the inode 1032 * lock here means dealing with a chown that can happen before 1033 * we re-acquire the lock. 1034 */ 1035 xfs_iunlock(ip, XFS_ILOCK_EXCL); 1036 error = xfs_qm_dqread(mp, id, type, can_alloc, &dqp); 1037 xfs_ilock(ip, XFS_ILOCK_EXCL); 1038 if (error) 1039 return error; 1040 1041 /* 1042 * A dquot could be attached to this inode by now, since we had 1043 * dropped the ilock. 1044 */ 1045 if (xfs_this_quota_on(mp, type)) { 1046 struct xfs_dquot *dqp1; 1047 1048 dqp1 = xfs_inode_dquot(ip, type); 1049 if (dqp1) { 1050 xfs_qm_dqdestroy(dqp); 1051 dqp = dqp1; 1052 xfs_dqlock(dqp); 1053 goto dqret; 1054 } 1055 } else { 1056 /* inode stays locked on return */ 1057 xfs_qm_dqdestroy(dqp); 1058 return -ESRCH; 1059 } 1060 1061 error = xfs_qm_dqget_cache_insert(mp, qi, tree, id, dqp); 1062 if (error) { 1063 /* 1064 * Duplicate found. Just throw away the new dquot and start 1065 * over. 1066 */ 1067 xfs_qm_dqdestroy(dqp); 1068 XFS_STATS_INC(mp, xs_qm_dquot_dups); 1069 goto restart; 1070 } 1071 1072 dqret: 1073 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); 1074 trace_xfs_dqget_miss(dqp); 1075 *O_dqpp = dqp; 1076 return 0; 1077 } 1078 1079 /* 1080 * Starting at @id and progressing upwards, look for an initialized incore 1081 * dquot, lock it, and return it. 1082 */ 1083 int 1084 xfs_qm_dqget_next( 1085 struct xfs_mount *mp, 1086 xfs_dqid_t id, 1087 xfs_dqtype_t type, 1088 struct xfs_dquot **dqpp) 1089 { 1090 struct xfs_dquot *dqp; 1091 int error = 0; 1092 1093 *dqpp = NULL; 1094 for (; !error; error = xfs_dq_get_next_id(mp, type, &id)) { 1095 error = xfs_qm_dqget(mp, id, type, false, &dqp); 1096 if (error == -ENOENT) 1097 continue; 1098 else if (error != 0) 1099 break; 1100 1101 if (!XFS_IS_DQUOT_UNINITIALIZED(dqp)) { 1102 *dqpp = dqp; 1103 return 0; 1104 } 1105 1106 xfs_qm_dqput(dqp); 1107 } 1108 1109 return error; 1110 } 1111 1112 /* 1113 * Release a reference to the dquot (decrement ref-count) and unlock it. 1114 * 1115 * If there is a group quota attached to this dquot, carefully release that 1116 * too without tripping over deadlocks'n'stuff. 1117 */ 1118 void 1119 xfs_qm_dqput( 1120 struct xfs_dquot *dqp) 1121 { 1122 ASSERT(dqp->q_nrefs > 0); 1123 ASSERT(XFS_DQ_IS_LOCKED(dqp)); 1124 1125 trace_xfs_dqput(dqp); 1126 1127 if (--dqp->q_nrefs == 0) { 1128 struct xfs_quotainfo *qi = dqp->q_mount->m_quotainfo; 1129 trace_xfs_dqput_free(dqp); 1130 1131 if (list_lru_add_obj(&qi->qi_lru, &dqp->q_lru)) 1132 XFS_STATS_INC(dqp->q_mount, xs_qm_dquot_unused); 1133 } 1134 xfs_dqunlock(dqp); 1135 } 1136 1137 /* 1138 * Release a dquot. Flush it if dirty, then dqput() it. 1139 * dquot must not be locked. 1140 */ 1141 void 1142 xfs_qm_dqrele( 1143 struct xfs_dquot *dqp) 1144 { 1145 if (!dqp) 1146 return; 1147 1148 trace_xfs_dqrele(dqp); 1149 1150 xfs_dqlock(dqp); 1151 /* 1152 * We don't care to flush it if the dquot is dirty here. 1153 * That will create stutters that we want to avoid. 1154 * Instead we do a delayed write when we try to reclaim 1155 * a dirty dquot. Also xfs_sync will take part of the burden... 1156 */ 1157 xfs_qm_dqput(dqp); 1158 } 1159 1160 /* 1161 * This is the dquot flushing I/O completion routine. It is called 1162 * from interrupt level when the buffer containing the dquot is 1163 * flushed to disk. It is responsible for removing the dquot logitem 1164 * from the AIL if it has not been re-logged, and unlocking the dquot's 1165 * flush lock. This behavior is very similar to that of inodes.. 1166 */ 1167 static void 1168 xfs_qm_dqflush_done( 1169 struct xfs_log_item *lip) 1170 { 1171 struct xfs_dq_logitem *qlip = 1172 container_of(lip, struct xfs_dq_logitem, qli_item); 1173 struct xfs_dquot *dqp = qlip->qli_dquot; 1174 struct xfs_ail *ailp = lip->li_ailp; 1175 struct xfs_buf *bp = NULL; 1176 xfs_lsn_t tail_lsn; 1177 1178 /* 1179 * We only want to pull the item from the AIL if its 1180 * location in the log has not changed since we started the flush. 1181 * Thus, we only bother if the dquot's lsn has 1182 * not changed. First we check the lsn outside the lock 1183 * since it's cheaper, and then we recheck while 1184 * holding the lock before removing the dquot from the AIL. 1185 */ 1186 if (test_bit(XFS_LI_IN_AIL, &lip->li_flags) && 1187 (lip->li_lsn == qlip->qli_flush_lsn || 1188 test_bit(XFS_LI_FAILED, &lip->li_flags))) { 1189 1190 spin_lock(&ailp->ail_lock); 1191 xfs_clear_li_failed(lip); 1192 if (lip->li_lsn == qlip->qli_flush_lsn) { 1193 /* xfs_ail_update_finish() drops the AIL lock */ 1194 tail_lsn = xfs_ail_delete_one(ailp, lip); 1195 xfs_ail_update_finish(ailp, tail_lsn); 1196 } else { 1197 spin_unlock(&ailp->ail_lock); 1198 } 1199 } 1200 1201 /* 1202 * If this dquot hasn't been dirtied since initiating the last dqflush, 1203 * release the buffer reference. We already unlinked this dquot item 1204 * from the buffer. 1205 */ 1206 spin_lock(&qlip->qli_lock); 1207 if (!qlip->qli_dirty) { 1208 bp = lip->li_buf; 1209 lip->li_buf = NULL; 1210 } 1211 spin_unlock(&qlip->qli_lock); 1212 if (bp) 1213 xfs_buf_rele(bp); 1214 1215 /* 1216 * Release the dq's flush lock since we're done with it. 1217 */ 1218 xfs_dqfunlock(dqp); 1219 } 1220 1221 void 1222 xfs_buf_dquot_iodone( 1223 struct xfs_buf *bp) 1224 { 1225 struct xfs_log_item *lip, *n; 1226 1227 list_for_each_entry_safe(lip, n, &bp->b_li_list, li_bio_list) { 1228 list_del_init(&lip->li_bio_list); 1229 xfs_qm_dqflush_done(lip); 1230 } 1231 } 1232 1233 void 1234 xfs_buf_dquot_io_fail( 1235 struct xfs_buf *bp) 1236 { 1237 struct xfs_log_item *lip; 1238 1239 spin_lock(&bp->b_mount->m_ail->ail_lock); 1240 list_for_each_entry(lip, &bp->b_li_list, li_bio_list) 1241 set_bit(XFS_LI_FAILED, &lip->li_flags); 1242 spin_unlock(&bp->b_mount->m_ail->ail_lock); 1243 } 1244 1245 /* Check incore dquot for errors before we flush. */ 1246 static xfs_failaddr_t 1247 xfs_qm_dqflush_check( 1248 struct xfs_dquot *dqp) 1249 { 1250 xfs_dqtype_t type = xfs_dquot_type(dqp); 1251 1252 if (type != XFS_DQTYPE_USER && 1253 type != XFS_DQTYPE_GROUP && 1254 type != XFS_DQTYPE_PROJ) 1255 return __this_address; 1256 1257 if (dqp->q_id == 0) 1258 return NULL; 1259 1260 if (dqp->q_blk.softlimit && dqp->q_blk.count > dqp->q_blk.softlimit && 1261 !dqp->q_blk.timer) 1262 return __this_address; 1263 1264 if (dqp->q_ino.softlimit && dqp->q_ino.count > dqp->q_ino.softlimit && 1265 !dqp->q_ino.timer) 1266 return __this_address; 1267 1268 if (dqp->q_rtb.softlimit && dqp->q_rtb.count > dqp->q_rtb.softlimit && 1269 !dqp->q_rtb.timer) 1270 return __this_address; 1271 1272 /* bigtime flag should never be set on root dquots */ 1273 if (dqp->q_type & XFS_DQTYPE_BIGTIME) { 1274 if (!xfs_has_bigtime(dqp->q_mount)) 1275 return __this_address; 1276 if (dqp->q_id == 0) 1277 return __this_address; 1278 } 1279 1280 return NULL; 1281 } 1282 1283 /* 1284 * Get the buffer containing the on-disk dquot. 1285 * 1286 * Requires dquot flush lock, will clear the dirty flag, delete the quota log 1287 * item from the AIL, and shut down the system if something goes wrong. 1288 */ 1289 static int 1290 xfs_dquot_read_buf( 1291 struct xfs_trans *tp, 1292 struct xfs_dquot *dqp, 1293 struct xfs_buf **bpp) 1294 { 1295 struct xfs_mount *mp = dqp->q_mount; 1296 struct xfs_buf *bp = NULL; 1297 int error; 1298 1299 error = xfs_trans_read_buf(mp, tp, mp->m_ddev_targp, dqp->q_blkno, 1300 mp->m_quotainfo->qi_dqchunklen, 0, 1301 &bp, &xfs_dquot_buf_ops); 1302 if (xfs_metadata_is_sick(error)) 1303 xfs_dquot_mark_sick(dqp); 1304 if (error) 1305 goto out_abort; 1306 1307 *bpp = bp; 1308 return 0; 1309 1310 out_abort: 1311 dqp->q_flags &= ~XFS_DQFLAG_DIRTY; 1312 xfs_trans_ail_delete(&dqp->q_logitem.qli_item, 0); 1313 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE); 1314 return error; 1315 } 1316 1317 /* 1318 * Attach a dquot buffer to this dquot to avoid allocating a buffer during a 1319 * dqflush, since dqflush can be called from reclaim context. 1320 */ 1321 int 1322 xfs_dquot_attach_buf( 1323 struct xfs_trans *tp, 1324 struct xfs_dquot *dqp) 1325 { 1326 struct xfs_dq_logitem *qlip = &dqp->q_logitem; 1327 struct xfs_log_item *lip = &qlip->qli_item; 1328 int error; 1329 1330 spin_lock(&qlip->qli_lock); 1331 if (!lip->li_buf) { 1332 struct xfs_buf *bp = NULL; 1333 1334 spin_unlock(&qlip->qli_lock); 1335 error = xfs_dquot_read_buf(tp, dqp, &bp); 1336 if (error) 1337 return error; 1338 1339 /* 1340 * Attach the dquot to the buffer so that the AIL does not have 1341 * to read the dquot buffer to push this item. 1342 */ 1343 xfs_buf_hold(bp); 1344 spin_lock(&qlip->qli_lock); 1345 lip->li_buf = bp; 1346 xfs_trans_brelse(tp, bp); 1347 } 1348 qlip->qli_dirty = true; 1349 spin_unlock(&qlip->qli_lock); 1350 1351 return 0; 1352 } 1353 1354 /* 1355 * Get a new reference the dquot buffer attached to this dquot for a dqflush 1356 * operation. 1357 * 1358 * Returns 0 and a NULL bp if none was attached to the dquot; 0 and a locked 1359 * bp; or -EAGAIN if the buffer could not be locked. 1360 */ 1361 int 1362 xfs_dquot_use_attached_buf( 1363 struct xfs_dquot *dqp, 1364 struct xfs_buf **bpp) 1365 { 1366 struct xfs_buf *bp = dqp->q_logitem.qli_item.li_buf; 1367 1368 /* 1369 * A NULL buffer can happen if the dquot dirty flag was set but the 1370 * filesystem shut down before transaction commit happened. In that 1371 * case we're not going to flush anyway. 1372 */ 1373 if (!bp) { 1374 ASSERT(xfs_is_shutdown(dqp->q_mount)); 1375 1376 *bpp = NULL; 1377 return 0; 1378 } 1379 1380 if (!xfs_buf_trylock(bp)) 1381 return -EAGAIN; 1382 1383 xfs_buf_hold(bp); 1384 *bpp = bp; 1385 return 0; 1386 } 1387 1388 /* 1389 * Write a modified dquot to disk. 1390 * The dquot must be locked and the flush lock too taken by caller. 1391 * The flush lock will not be unlocked until the dquot reaches the disk, 1392 * but the dquot is free to be unlocked and modified by the caller 1393 * in the interim. Dquot is still locked on return. This behavior is 1394 * identical to that of inodes. 1395 */ 1396 int 1397 xfs_qm_dqflush( 1398 struct xfs_dquot *dqp, 1399 struct xfs_buf *bp) 1400 { 1401 struct xfs_mount *mp = dqp->q_mount; 1402 struct xfs_dq_logitem *qlip = &dqp->q_logitem; 1403 struct xfs_log_item *lip = &qlip->qli_item; 1404 struct xfs_dqblk *dqblk; 1405 xfs_failaddr_t fa; 1406 int error; 1407 1408 ASSERT(XFS_DQ_IS_LOCKED(dqp)); 1409 ASSERT(!completion_done(&dqp->q_flush)); 1410 1411 trace_xfs_dqflush(dqp); 1412 1413 xfs_qm_dqunpin_wait(dqp); 1414 1415 fa = xfs_qm_dqflush_check(dqp); 1416 if (fa) { 1417 xfs_alert(mp, "corrupt dquot ID 0x%x in memory at %pS", 1418 dqp->q_id, fa); 1419 xfs_dquot_mark_sick(dqp); 1420 error = -EFSCORRUPTED; 1421 goto out_abort; 1422 } 1423 1424 /* Flush the incore dquot to the ondisk buffer. */ 1425 dqblk = xfs_buf_offset(bp, dqp->q_bufoffset); 1426 xfs_dquot_to_disk(&dqblk->dd_diskdq, dqp); 1427 1428 /* 1429 * Clear the dirty field and remember the flush lsn for later use. 1430 */ 1431 dqp->q_flags &= ~XFS_DQFLAG_DIRTY; 1432 1433 /* 1434 * We hold the dquot lock, so nobody can dirty it while we're 1435 * scheduling the write out. Clear the dirty-since-flush flag. 1436 */ 1437 spin_lock(&qlip->qli_lock); 1438 qlip->qli_dirty = false; 1439 spin_unlock(&qlip->qli_lock); 1440 1441 xfs_trans_ail_copy_lsn(mp->m_ail, &qlip->qli_flush_lsn, &lip->li_lsn); 1442 1443 /* 1444 * copy the lsn into the on-disk dquot now while we have the in memory 1445 * dquot here. This can't be done later in the write verifier as we 1446 * can't get access to the log item at that point in time. 1447 * 1448 * We also calculate the CRC here so that the on-disk dquot in the 1449 * buffer always has a valid CRC. This ensures there is no possibility 1450 * of a dquot without an up-to-date CRC getting to disk. 1451 */ 1452 if (xfs_has_crc(mp)) { 1453 dqblk->dd_lsn = cpu_to_be64(lip->li_lsn); 1454 xfs_update_cksum((char *)dqblk, sizeof(struct xfs_dqblk), 1455 XFS_DQUOT_CRC_OFF); 1456 } 1457 1458 /* 1459 * Attach the dquot to the buffer so that we can remove this dquot from 1460 * the AIL and release the flush lock once the dquot is synced to disk. 1461 */ 1462 bp->b_flags |= _XBF_DQUOTS; 1463 list_add_tail(&lip->li_bio_list, &bp->b_li_list); 1464 1465 /* 1466 * If the buffer is pinned then push on the log so we won't 1467 * get stuck waiting in the write for too long. 1468 */ 1469 if (xfs_buf_ispinned(bp)) { 1470 trace_xfs_dqflush_force(dqp); 1471 xfs_log_force(mp, 0); 1472 } 1473 1474 trace_xfs_dqflush_done(dqp); 1475 return 0; 1476 1477 out_abort: 1478 dqp->q_flags &= ~XFS_DQFLAG_DIRTY; 1479 xfs_trans_ail_delete(lip, 0); 1480 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE); 1481 xfs_dqfunlock(dqp); 1482 return error; 1483 } 1484 1485 /* 1486 * Lock two xfs_dquot structures. 1487 * 1488 * To avoid deadlocks we always lock the quota structure with 1489 * the lowerd id first. 1490 */ 1491 void 1492 xfs_dqlock2( 1493 struct xfs_dquot *d1, 1494 struct xfs_dquot *d2) 1495 { 1496 if (d1 && d2) { 1497 ASSERT(d1 != d2); 1498 if (d1->q_id > d2->q_id) { 1499 mutex_lock(&d2->q_qlock); 1500 mutex_lock_nested(&d1->q_qlock, XFS_QLOCK_NESTED); 1501 } else { 1502 mutex_lock(&d1->q_qlock); 1503 mutex_lock_nested(&d2->q_qlock, XFS_QLOCK_NESTED); 1504 } 1505 } else if (d1) { 1506 mutex_lock(&d1->q_qlock); 1507 } else if (d2) { 1508 mutex_lock(&d2->q_qlock); 1509 } 1510 } 1511 1512 static int 1513 xfs_dqtrx_cmp( 1514 const void *a, 1515 const void *b) 1516 { 1517 const struct xfs_dqtrx *qa = a; 1518 const struct xfs_dqtrx *qb = b; 1519 1520 if (qa->qt_dquot->q_id > qb->qt_dquot->q_id) 1521 return 1; 1522 if (qa->qt_dquot->q_id < qb->qt_dquot->q_id) 1523 return -1; 1524 return 0; 1525 } 1526 1527 void 1528 xfs_dqlockn( 1529 struct xfs_dqtrx *q) 1530 { 1531 unsigned int i; 1532 1533 BUILD_BUG_ON(XFS_QM_TRANS_MAXDQS > MAX_LOCKDEP_SUBCLASSES); 1534 1535 /* Sort in order of dquot id, do not allow duplicates */ 1536 for (i = 0; i < XFS_QM_TRANS_MAXDQS && q[i].qt_dquot != NULL; i++) { 1537 unsigned int j; 1538 1539 for (j = 0; j < i; j++) 1540 ASSERT(q[i].qt_dquot != q[j].qt_dquot); 1541 } 1542 if (i == 0) 1543 return; 1544 1545 sort(q, i, sizeof(struct xfs_dqtrx), xfs_dqtrx_cmp, NULL); 1546 1547 mutex_lock(&q[0].qt_dquot->q_qlock); 1548 for (i = 1; i < XFS_QM_TRANS_MAXDQS && q[i].qt_dquot != NULL; i++) 1549 mutex_lock_nested(&q[i].qt_dquot->q_qlock, 1550 XFS_QLOCK_NESTED + i - 1); 1551 } 1552 1553 int __init 1554 xfs_qm_init(void) 1555 { 1556 xfs_dquot_cache = kmem_cache_create("xfs_dquot", 1557 sizeof(struct xfs_dquot), 1558 0, 0, NULL); 1559 if (!xfs_dquot_cache) 1560 goto out; 1561 1562 xfs_dqtrx_cache = kmem_cache_create("xfs_dqtrx", 1563 sizeof(struct xfs_dquot_acct), 1564 0, 0, NULL); 1565 if (!xfs_dqtrx_cache) 1566 goto out_free_dquot_cache; 1567 1568 return 0; 1569 1570 out_free_dquot_cache: 1571 kmem_cache_destroy(xfs_dquot_cache); 1572 out: 1573 return -ENOMEM; 1574 } 1575 1576 void 1577 xfs_qm_exit(void) 1578 { 1579 kmem_cache_destroy(xfs_dqtrx_cache); 1580 kmem_cache_destroy(xfs_dquot_cache); 1581 } 1582