1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_bit.h" 13 #include "xfs_sb.h" 14 #include "xfs_mount.h" 15 #include "xfs_inode.h" 16 #include "xfs_iwalk.h" 17 #include "xfs_quota.h" 18 #include "xfs_bmap.h" 19 #include "xfs_bmap_util.h" 20 #include "xfs_trans.h" 21 #include "xfs_trans_space.h" 22 #include "xfs_qm.h" 23 #include "xfs_trace.h" 24 #include "xfs_icache.h" 25 #include "xfs_error.h" 26 #include "xfs_ag.h" 27 #include "xfs_ialloc.h" 28 #include "xfs_log_priv.h" 29 30 /* 31 * The global quota manager. There is only one of these for the entire 32 * system, _not_ one per file system. XQM keeps track of the overall 33 * quota functionality, including maintaining the freelist and hash 34 * tables of dquots. 35 */ 36 STATIC int xfs_qm_init_quotainos(struct xfs_mount *mp); 37 STATIC int xfs_qm_init_quotainfo(struct xfs_mount *mp); 38 39 STATIC void xfs_qm_destroy_quotainos(struct xfs_quotainfo *qi); 40 STATIC void xfs_qm_dqfree_one(struct xfs_dquot *dqp); 41 /* 42 * We use the batch lookup interface to iterate over the dquots as it 43 * currently is the only interface into the radix tree code that allows 44 * fuzzy lookups instead of exact matches. Holding the lock over multiple 45 * operations is fine as all callers are used either during mount/umount 46 * or quotaoff. 47 */ 48 #define XFS_DQ_LOOKUP_BATCH 32 49 50 STATIC int 51 xfs_qm_dquot_walk( 52 struct xfs_mount *mp, 53 xfs_dqtype_t type, 54 int (*execute)(struct xfs_dquot *dqp, void *data), 55 void *data) 56 { 57 struct xfs_quotainfo *qi = mp->m_quotainfo; 58 struct radix_tree_root *tree = xfs_dquot_tree(qi, type); 59 uint32_t next_index; 60 int last_error = 0; 61 int skipped; 62 int nr_found; 63 64 restart: 65 skipped = 0; 66 next_index = 0; 67 nr_found = 0; 68 69 while (1) { 70 struct xfs_dquot *batch[XFS_DQ_LOOKUP_BATCH]; 71 int error = 0; 72 int i; 73 74 mutex_lock(&qi->qi_tree_lock); 75 nr_found = radix_tree_gang_lookup(tree, (void **)batch, 76 next_index, XFS_DQ_LOOKUP_BATCH); 77 if (!nr_found) { 78 mutex_unlock(&qi->qi_tree_lock); 79 break; 80 } 81 82 for (i = 0; i < nr_found; i++) { 83 struct xfs_dquot *dqp = batch[i]; 84 85 next_index = dqp->q_id + 1; 86 87 error = execute(batch[i], data); 88 if (error == -EAGAIN) { 89 skipped++; 90 continue; 91 } 92 if (error && last_error != -EFSCORRUPTED) 93 last_error = error; 94 } 95 96 mutex_unlock(&qi->qi_tree_lock); 97 98 /* bail out if the filesystem is corrupted. */ 99 if (last_error == -EFSCORRUPTED) { 100 skipped = 0; 101 break; 102 } 103 /* we're done if id overflows back to zero */ 104 if (!next_index) 105 break; 106 } 107 108 if (skipped) { 109 delay(1); 110 goto restart; 111 } 112 113 return last_error; 114 } 115 116 117 /* 118 * Purge a dquot from all tracking data structures and free it. 119 */ 120 STATIC int 121 xfs_qm_dqpurge( 122 struct xfs_dquot *dqp, 123 void *data) 124 { 125 struct xfs_quotainfo *qi = dqp->q_mount->m_quotainfo; 126 int error = -EAGAIN; 127 128 xfs_dqlock(dqp); 129 if ((dqp->q_flags & XFS_DQFLAG_FREEING) || dqp->q_nrefs != 0) 130 goto out_unlock; 131 132 dqp->q_flags |= XFS_DQFLAG_FREEING; 133 134 xfs_dqflock(dqp); 135 136 /* 137 * If we are turning this type of quotas off, we don't care 138 * about the dirty metadata sitting in this dquot. OTOH, if 139 * we're unmounting, we do care, so we flush it and wait. 140 */ 141 if (XFS_DQ_IS_DIRTY(dqp)) { 142 struct xfs_buf *bp = NULL; 143 144 /* 145 * We don't care about getting disk errors here. We need 146 * to purge this dquot anyway, so we go ahead regardless. 147 */ 148 error = xfs_qm_dqflush(dqp, &bp); 149 if (!error) { 150 error = xfs_bwrite(bp); 151 xfs_buf_relse(bp); 152 } else if (error == -EAGAIN) { 153 dqp->q_flags &= ~XFS_DQFLAG_FREEING; 154 goto out_unlock; 155 } 156 xfs_dqflock(dqp); 157 } 158 159 ASSERT(atomic_read(&dqp->q_pincount) == 0); 160 ASSERT(xlog_is_shutdown(dqp->q_logitem.qli_item.li_log) || 161 !test_bit(XFS_LI_IN_AIL, &dqp->q_logitem.qli_item.li_flags)); 162 163 xfs_dqfunlock(dqp); 164 xfs_dqunlock(dqp); 165 166 radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id); 167 qi->qi_dquots--; 168 169 /* 170 * We move dquots to the freelist as soon as their reference count 171 * hits zero, so it really should be on the freelist here. 172 */ 173 ASSERT(!list_empty(&dqp->q_lru)); 174 list_lru_del(&qi->qi_lru, &dqp->q_lru); 175 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused); 176 177 xfs_qm_dqdestroy(dqp); 178 return 0; 179 180 out_unlock: 181 xfs_dqunlock(dqp); 182 return error; 183 } 184 185 /* 186 * Purge the dquot cache. 187 */ 188 static void 189 xfs_qm_dqpurge_all( 190 struct xfs_mount *mp) 191 { 192 xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_dqpurge, NULL); 193 xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_dqpurge, NULL); 194 xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_dqpurge, NULL); 195 } 196 197 /* 198 * Just destroy the quotainfo structure. 199 */ 200 void 201 xfs_qm_unmount( 202 struct xfs_mount *mp) 203 { 204 if (mp->m_quotainfo) { 205 xfs_qm_dqpurge_all(mp); 206 xfs_qm_destroy_quotainfo(mp); 207 } 208 } 209 210 /* 211 * Called from the vfsops layer. 212 */ 213 void 214 xfs_qm_unmount_quotas( 215 xfs_mount_t *mp) 216 { 217 /* 218 * Release the dquots that root inode, et al might be holding, 219 * before we flush quotas and blow away the quotainfo structure. 220 */ 221 ASSERT(mp->m_rootip); 222 xfs_qm_dqdetach(mp->m_rootip); 223 if (mp->m_rbmip) 224 xfs_qm_dqdetach(mp->m_rbmip); 225 if (mp->m_rsumip) 226 xfs_qm_dqdetach(mp->m_rsumip); 227 228 /* 229 * Release the quota inodes. 230 */ 231 if (mp->m_quotainfo) { 232 if (mp->m_quotainfo->qi_uquotaip) { 233 xfs_irele(mp->m_quotainfo->qi_uquotaip); 234 mp->m_quotainfo->qi_uquotaip = NULL; 235 } 236 if (mp->m_quotainfo->qi_gquotaip) { 237 xfs_irele(mp->m_quotainfo->qi_gquotaip); 238 mp->m_quotainfo->qi_gquotaip = NULL; 239 } 240 if (mp->m_quotainfo->qi_pquotaip) { 241 xfs_irele(mp->m_quotainfo->qi_pquotaip); 242 mp->m_quotainfo->qi_pquotaip = NULL; 243 } 244 } 245 } 246 247 STATIC int 248 xfs_qm_dqattach_one( 249 struct xfs_inode *ip, 250 xfs_dqtype_t type, 251 bool doalloc, 252 struct xfs_dquot **IO_idqpp) 253 { 254 struct xfs_dquot *dqp; 255 int error; 256 257 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 258 error = 0; 259 260 /* 261 * See if we already have it in the inode itself. IO_idqpp is &i_udquot 262 * or &i_gdquot. This made the code look weird, but made the logic a lot 263 * simpler. 264 */ 265 dqp = *IO_idqpp; 266 if (dqp) { 267 trace_xfs_dqattach_found(dqp); 268 return 0; 269 } 270 271 /* 272 * Find the dquot from somewhere. This bumps the reference count of 273 * dquot and returns it locked. This can return ENOENT if dquot didn't 274 * exist on disk and we didn't ask it to allocate; ESRCH if quotas got 275 * turned off suddenly. 276 */ 277 error = xfs_qm_dqget_inode(ip, type, doalloc, &dqp); 278 if (error) 279 return error; 280 281 trace_xfs_dqattach_get(dqp); 282 283 /* 284 * dqget may have dropped and re-acquired the ilock, but it guarantees 285 * that the dquot returned is the one that should go in the inode. 286 */ 287 *IO_idqpp = dqp; 288 xfs_dqunlock(dqp); 289 return 0; 290 } 291 292 static bool 293 xfs_qm_need_dqattach( 294 struct xfs_inode *ip) 295 { 296 struct xfs_mount *mp = ip->i_mount; 297 298 if (!XFS_IS_QUOTA_ON(mp)) 299 return false; 300 if (!XFS_NOT_DQATTACHED(mp, ip)) 301 return false; 302 if (xfs_is_quota_inode(&mp->m_sb, ip->i_ino)) 303 return false; 304 return true; 305 } 306 307 /* 308 * Given a locked inode, attach dquot(s) to it, taking U/G/P-QUOTAON 309 * into account. 310 * If @doalloc is true, the dquot(s) will be allocated if needed. 311 * Inode may get unlocked and relocked in here, and the caller must deal with 312 * the consequences. 313 */ 314 int 315 xfs_qm_dqattach_locked( 316 xfs_inode_t *ip, 317 bool doalloc) 318 { 319 xfs_mount_t *mp = ip->i_mount; 320 int error = 0; 321 322 if (!xfs_qm_need_dqattach(ip)) 323 return 0; 324 325 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 326 327 if (XFS_IS_UQUOTA_ON(mp) && !ip->i_udquot) { 328 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_USER, 329 doalloc, &ip->i_udquot); 330 if (error) 331 goto done; 332 ASSERT(ip->i_udquot); 333 } 334 335 if (XFS_IS_GQUOTA_ON(mp) && !ip->i_gdquot) { 336 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_GROUP, 337 doalloc, &ip->i_gdquot); 338 if (error) 339 goto done; 340 ASSERT(ip->i_gdquot); 341 } 342 343 if (XFS_IS_PQUOTA_ON(mp) && !ip->i_pdquot) { 344 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_PROJ, 345 doalloc, &ip->i_pdquot); 346 if (error) 347 goto done; 348 ASSERT(ip->i_pdquot); 349 } 350 351 done: 352 /* 353 * Don't worry about the dquots that we may have attached before any 354 * error - they'll get detached later if it has not already been done. 355 */ 356 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 357 return error; 358 } 359 360 int 361 xfs_qm_dqattach( 362 struct xfs_inode *ip) 363 { 364 int error; 365 366 if (!xfs_qm_need_dqattach(ip)) 367 return 0; 368 369 xfs_ilock(ip, XFS_ILOCK_EXCL); 370 error = xfs_qm_dqattach_locked(ip, false); 371 xfs_iunlock(ip, XFS_ILOCK_EXCL); 372 373 return error; 374 } 375 376 /* 377 * Release dquots (and their references) if any. 378 * The inode should be locked EXCL except when this's called by 379 * xfs_ireclaim. 380 */ 381 void 382 xfs_qm_dqdetach( 383 xfs_inode_t *ip) 384 { 385 if (!(ip->i_udquot || ip->i_gdquot || ip->i_pdquot)) 386 return; 387 388 trace_xfs_dquot_dqdetach(ip); 389 390 ASSERT(!xfs_is_quota_inode(&ip->i_mount->m_sb, ip->i_ino)); 391 if (ip->i_udquot) { 392 xfs_qm_dqrele(ip->i_udquot); 393 ip->i_udquot = NULL; 394 } 395 if (ip->i_gdquot) { 396 xfs_qm_dqrele(ip->i_gdquot); 397 ip->i_gdquot = NULL; 398 } 399 if (ip->i_pdquot) { 400 xfs_qm_dqrele(ip->i_pdquot); 401 ip->i_pdquot = NULL; 402 } 403 } 404 405 struct xfs_qm_isolate { 406 struct list_head buffers; 407 struct list_head dispose; 408 }; 409 410 static enum lru_status 411 xfs_qm_dquot_isolate( 412 struct list_head *item, 413 struct list_lru_one *lru, 414 spinlock_t *lru_lock, 415 void *arg) 416 __releases(lru_lock) __acquires(lru_lock) 417 { 418 struct xfs_dquot *dqp = container_of(item, 419 struct xfs_dquot, q_lru); 420 struct xfs_qm_isolate *isol = arg; 421 422 if (!xfs_dqlock_nowait(dqp)) 423 goto out_miss_busy; 424 425 /* 426 * This dquot has acquired a reference in the meantime remove it from 427 * the freelist and try again. 428 */ 429 if (dqp->q_nrefs) { 430 xfs_dqunlock(dqp); 431 XFS_STATS_INC(dqp->q_mount, xs_qm_dqwants); 432 433 trace_xfs_dqreclaim_want(dqp); 434 list_lru_isolate(lru, &dqp->q_lru); 435 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused); 436 return LRU_REMOVED; 437 } 438 439 /* 440 * If the dquot is dirty, flush it. If it's already being flushed, just 441 * skip it so there is time for the IO to complete before we try to 442 * reclaim it again on the next LRU pass. 443 */ 444 if (!xfs_dqflock_nowait(dqp)) { 445 xfs_dqunlock(dqp); 446 goto out_miss_busy; 447 } 448 449 if (XFS_DQ_IS_DIRTY(dqp)) { 450 struct xfs_buf *bp = NULL; 451 int error; 452 453 trace_xfs_dqreclaim_dirty(dqp); 454 455 /* we have to drop the LRU lock to flush the dquot */ 456 spin_unlock(lru_lock); 457 458 error = xfs_qm_dqflush(dqp, &bp); 459 if (error) 460 goto out_unlock_dirty; 461 462 xfs_buf_delwri_queue(bp, &isol->buffers); 463 xfs_buf_relse(bp); 464 goto out_unlock_dirty; 465 } 466 xfs_dqfunlock(dqp); 467 468 /* 469 * Prevent lookups now that we are past the point of no return. 470 */ 471 dqp->q_flags |= XFS_DQFLAG_FREEING; 472 xfs_dqunlock(dqp); 473 474 ASSERT(dqp->q_nrefs == 0); 475 list_lru_isolate_move(lru, &dqp->q_lru, &isol->dispose); 476 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused); 477 trace_xfs_dqreclaim_done(dqp); 478 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaims); 479 return LRU_REMOVED; 480 481 out_miss_busy: 482 trace_xfs_dqreclaim_busy(dqp); 483 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses); 484 return LRU_SKIP; 485 486 out_unlock_dirty: 487 trace_xfs_dqreclaim_busy(dqp); 488 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses); 489 xfs_dqunlock(dqp); 490 spin_lock(lru_lock); 491 return LRU_RETRY; 492 } 493 494 static unsigned long 495 xfs_qm_shrink_scan( 496 struct shrinker *shrink, 497 struct shrink_control *sc) 498 { 499 struct xfs_quotainfo *qi = container_of(shrink, 500 struct xfs_quotainfo, qi_shrinker); 501 struct xfs_qm_isolate isol; 502 unsigned long freed; 503 int error; 504 505 if ((sc->gfp_mask & (__GFP_FS|__GFP_DIRECT_RECLAIM)) != (__GFP_FS|__GFP_DIRECT_RECLAIM)) 506 return 0; 507 508 INIT_LIST_HEAD(&isol.buffers); 509 INIT_LIST_HEAD(&isol.dispose); 510 511 freed = list_lru_shrink_walk(&qi->qi_lru, sc, 512 xfs_qm_dquot_isolate, &isol); 513 514 error = xfs_buf_delwri_submit(&isol.buffers); 515 if (error) 516 xfs_warn(NULL, "%s: dquot reclaim failed", __func__); 517 518 while (!list_empty(&isol.dispose)) { 519 struct xfs_dquot *dqp; 520 521 dqp = list_first_entry(&isol.dispose, struct xfs_dquot, q_lru); 522 list_del_init(&dqp->q_lru); 523 xfs_qm_dqfree_one(dqp); 524 } 525 526 return freed; 527 } 528 529 static unsigned long 530 xfs_qm_shrink_count( 531 struct shrinker *shrink, 532 struct shrink_control *sc) 533 { 534 struct xfs_quotainfo *qi = container_of(shrink, 535 struct xfs_quotainfo, qi_shrinker); 536 537 return list_lru_shrink_count(&qi->qi_lru, sc); 538 } 539 540 STATIC void 541 xfs_qm_set_defquota( 542 struct xfs_mount *mp, 543 xfs_dqtype_t type, 544 struct xfs_quotainfo *qinf) 545 { 546 struct xfs_dquot *dqp; 547 struct xfs_def_quota *defq; 548 int error; 549 550 error = xfs_qm_dqget_uncached(mp, 0, type, &dqp); 551 if (error) 552 return; 553 554 defq = xfs_get_defquota(qinf, xfs_dquot_type(dqp)); 555 556 /* 557 * Timers and warnings have been already set, let's just set the 558 * default limits for this quota type 559 */ 560 defq->blk.hard = dqp->q_blk.hardlimit; 561 defq->blk.soft = dqp->q_blk.softlimit; 562 defq->ino.hard = dqp->q_ino.hardlimit; 563 defq->ino.soft = dqp->q_ino.softlimit; 564 defq->rtb.hard = dqp->q_rtb.hardlimit; 565 defq->rtb.soft = dqp->q_rtb.softlimit; 566 xfs_qm_dqdestroy(dqp); 567 } 568 569 /* Initialize quota time limits from the root dquot. */ 570 static void 571 xfs_qm_init_timelimits( 572 struct xfs_mount *mp, 573 xfs_dqtype_t type) 574 { 575 struct xfs_quotainfo *qinf = mp->m_quotainfo; 576 struct xfs_def_quota *defq; 577 struct xfs_dquot *dqp; 578 int error; 579 580 defq = xfs_get_defquota(qinf, type); 581 582 defq->blk.time = XFS_QM_BTIMELIMIT; 583 defq->ino.time = XFS_QM_ITIMELIMIT; 584 defq->rtb.time = XFS_QM_RTBTIMELIMIT; 585 586 /* 587 * We try to get the limits from the superuser's limits fields. 588 * This is quite hacky, but it is standard quota practice. 589 * 590 * Since we may not have done a quotacheck by this point, just read 591 * the dquot without attaching it to any hashtables or lists. 592 */ 593 error = xfs_qm_dqget_uncached(mp, 0, type, &dqp); 594 if (error) 595 return; 596 597 /* 598 * The warnings and timers set the grace period given to 599 * a user or group before he or she can not perform any 600 * more writing. If it is zero, a default is used. 601 */ 602 if (dqp->q_blk.timer) 603 defq->blk.time = dqp->q_blk.timer; 604 if (dqp->q_ino.timer) 605 defq->ino.time = dqp->q_ino.timer; 606 if (dqp->q_rtb.timer) 607 defq->rtb.time = dqp->q_rtb.timer; 608 609 xfs_qm_dqdestroy(dqp); 610 } 611 612 /* 613 * This initializes all the quota information that's kept in the 614 * mount structure 615 */ 616 STATIC int 617 xfs_qm_init_quotainfo( 618 struct xfs_mount *mp) 619 { 620 struct xfs_quotainfo *qinf; 621 int error; 622 623 ASSERT(XFS_IS_QUOTA_ON(mp)); 624 625 qinf = mp->m_quotainfo = kmem_zalloc(sizeof(struct xfs_quotainfo), 0); 626 627 error = list_lru_init(&qinf->qi_lru); 628 if (error) 629 goto out_free_qinf; 630 631 /* 632 * See if quotainodes are setup, and if not, allocate them, 633 * and change the superblock accordingly. 634 */ 635 error = xfs_qm_init_quotainos(mp); 636 if (error) 637 goto out_free_lru; 638 639 INIT_RADIX_TREE(&qinf->qi_uquota_tree, GFP_NOFS); 640 INIT_RADIX_TREE(&qinf->qi_gquota_tree, GFP_NOFS); 641 INIT_RADIX_TREE(&qinf->qi_pquota_tree, GFP_NOFS); 642 mutex_init(&qinf->qi_tree_lock); 643 644 /* mutex used to serialize quotaoffs */ 645 mutex_init(&qinf->qi_quotaofflock); 646 647 /* Precalc some constants */ 648 qinf->qi_dqchunklen = XFS_FSB_TO_BB(mp, XFS_DQUOT_CLUSTER_SIZE_FSB); 649 qinf->qi_dqperchunk = xfs_calc_dquots_per_chunk(qinf->qi_dqchunklen); 650 if (xfs_has_bigtime(mp)) { 651 qinf->qi_expiry_min = 652 xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MIN); 653 qinf->qi_expiry_max = 654 xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MAX); 655 } else { 656 qinf->qi_expiry_min = XFS_DQ_LEGACY_EXPIRY_MIN; 657 qinf->qi_expiry_max = XFS_DQ_LEGACY_EXPIRY_MAX; 658 } 659 trace_xfs_quota_expiry_range(mp, qinf->qi_expiry_min, 660 qinf->qi_expiry_max); 661 662 mp->m_qflags |= (mp->m_sb.sb_qflags & XFS_ALL_QUOTA_CHKD); 663 664 xfs_qm_init_timelimits(mp, XFS_DQTYPE_USER); 665 xfs_qm_init_timelimits(mp, XFS_DQTYPE_GROUP); 666 xfs_qm_init_timelimits(mp, XFS_DQTYPE_PROJ); 667 668 if (XFS_IS_UQUOTA_ON(mp)) 669 xfs_qm_set_defquota(mp, XFS_DQTYPE_USER, qinf); 670 if (XFS_IS_GQUOTA_ON(mp)) 671 xfs_qm_set_defquota(mp, XFS_DQTYPE_GROUP, qinf); 672 if (XFS_IS_PQUOTA_ON(mp)) 673 xfs_qm_set_defquota(mp, XFS_DQTYPE_PROJ, qinf); 674 675 qinf->qi_shrinker.count_objects = xfs_qm_shrink_count; 676 qinf->qi_shrinker.scan_objects = xfs_qm_shrink_scan; 677 qinf->qi_shrinker.seeks = DEFAULT_SEEKS; 678 qinf->qi_shrinker.flags = SHRINKER_NUMA_AWARE; 679 680 error = register_shrinker(&qinf->qi_shrinker, "xfs-qm:%s", 681 mp->m_super->s_id); 682 if (error) 683 goto out_free_inos; 684 685 return 0; 686 687 out_free_inos: 688 mutex_destroy(&qinf->qi_quotaofflock); 689 mutex_destroy(&qinf->qi_tree_lock); 690 xfs_qm_destroy_quotainos(qinf); 691 out_free_lru: 692 list_lru_destroy(&qinf->qi_lru); 693 out_free_qinf: 694 kmem_free(qinf); 695 mp->m_quotainfo = NULL; 696 return error; 697 } 698 699 /* 700 * Gets called when unmounting a filesystem or when all quotas get 701 * turned off. 702 * This purges the quota inodes, destroys locks and frees itself. 703 */ 704 void 705 xfs_qm_destroy_quotainfo( 706 struct xfs_mount *mp) 707 { 708 struct xfs_quotainfo *qi; 709 710 qi = mp->m_quotainfo; 711 ASSERT(qi != NULL); 712 713 unregister_shrinker(&qi->qi_shrinker); 714 list_lru_destroy(&qi->qi_lru); 715 xfs_qm_destroy_quotainos(qi); 716 mutex_destroy(&qi->qi_tree_lock); 717 mutex_destroy(&qi->qi_quotaofflock); 718 kmem_free(qi); 719 mp->m_quotainfo = NULL; 720 } 721 722 /* 723 * Create an inode and return with a reference already taken, but unlocked 724 * This is how we create quota inodes 725 */ 726 STATIC int 727 xfs_qm_qino_alloc( 728 struct xfs_mount *mp, 729 struct xfs_inode **ipp, 730 unsigned int flags) 731 { 732 struct xfs_trans *tp; 733 int error; 734 bool need_alloc = true; 735 736 *ipp = NULL; 737 /* 738 * With superblock that doesn't have separate pquotino, we 739 * share an inode between gquota and pquota. If the on-disk 740 * superblock has GQUOTA and the filesystem is now mounted 741 * with PQUOTA, just use sb_gquotino for sb_pquotino and 742 * vice-versa. 743 */ 744 if (!xfs_has_pquotino(mp) && 745 (flags & (XFS_QMOPT_PQUOTA|XFS_QMOPT_GQUOTA))) { 746 xfs_ino_t ino = NULLFSINO; 747 748 if ((flags & XFS_QMOPT_PQUOTA) && 749 (mp->m_sb.sb_gquotino != NULLFSINO)) { 750 ino = mp->m_sb.sb_gquotino; 751 if (XFS_IS_CORRUPT(mp, 752 mp->m_sb.sb_pquotino != NULLFSINO)) 753 return -EFSCORRUPTED; 754 } else if ((flags & XFS_QMOPT_GQUOTA) && 755 (mp->m_sb.sb_pquotino != NULLFSINO)) { 756 ino = mp->m_sb.sb_pquotino; 757 if (XFS_IS_CORRUPT(mp, 758 mp->m_sb.sb_gquotino != NULLFSINO)) 759 return -EFSCORRUPTED; 760 } 761 if (ino != NULLFSINO) { 762 error = xfs_iget(mp, NULL, ino, 0, 0, ipp); 763 if (error) 764 return error; 765 mp->m_sb.sb_gquotino = NULLFSINO; 766 mp->m_sb.sb_pquotino = NULLFSINO; 767 need_alloc = false; 768 } 769 } 770 771 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_create, 772 need_alloc ? XFS_QM_QINOCREATE_SPACE_RES(mp) : 0, 773 0, 0, &tp); 774 if (error) 775 return error; 776 777 if (need_alloc) { 778 xfs_ino_t ino; 779 780 error = xfs_dialloc(&tp, 0, S_IFREG, &ino); 781 if (!error) 782 error = xfs_init_new_inode(&init_user_ns, tp, NULL, ino, 783 S_IFREG, 1, 0, 0, false, ipp); 784 if (error) { 785 xfs_trans_cancel(tp); 786 return error; 787 } 788 } 789 790 /* 791 * Make the changes in the superblock, and log those too. 792 * sbfields arg may contain fields other than *QUOTINO; 793 * VERSIONNUM for example. 794 */ 795 spin_lock(&mp->m_sb_lock); 796 if (flags & XFS_QMOPT_SBVERSION) { 797 ASSERT(!xfs_has_quota(mp)); 798 799 xfs_add_quota(mp); 800 mp->m_sb.sb_uquotino = NULLFSINO; 801 mp->m_sb.sb_gquotino = NULLFSINO; 802 mp->m_sb.sb_pquotino = NULLFSINO; 803 804 /* qflags will get updated fully _after_ quotacheck */ 805 mp->m_sb.sb_qflags = mp->m_qflags & XFS_ALL_QUOTA_ACCT; 806 } 807 if (flags & XFS_QMOPT_UQUOTA) 808 mp->m_sb.sb_uquotino = (*ipp)->i_ino; 809 else if (flags & XFS_QMOPT_GQUOTA) 810 mp->m_sb.sb_gquotino = (*ipp)->i_ino; 811 else 812 mp->m_sb.sb_pquotino = (*ipp)->i_ino; 813 spin_unlock(&mp->m_sb_lock); 814 xfs_log_sb(tp); 815 816 error = xfs_trans_commit(tp); 817 if (error) { 818 ASSERT(xfs_is_shutdown(mp)); 819 xfs_alert(mp, "%s failed (error %d)!", __func__, error); 820 } 821 if (need_alloc) 822 xfs_finish_inode_setup(*ipp); 823 return error; 824 } 825 826 827 STATIC void 828 xfs_qm_reset_dqcounts( 829 struct xfs_mount *mp, 830 struct xfs_buf *bp, 831 xfs_dqid_t id, 832 xfs_dqtype_t type) 833 { 834 struct xfs_dqblk *dqb; 835 int j; 836 837 trace_xfs_reset_dqcounts(bp, _RET_IP_); 838 839 /* 840 * Reset all counters and timers. They'll be 841 * started afresh by xfs_qm_quotacheck. 842 */ 843 #ifdef DEBUG 844 j = (int)XFS_FSB_TO_B(mp, XFS_DQUOT_CLUSTER_SIZE_FSB) / 845 sizeof(struct xfs_dqblk); 846 ASSERT(mp->m_quotainfo->qi_dqperchunk == j); 847 #endif 848 dqb = bp->b_addr; 849 for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) { 850 struct xfs_disk_dquot *ddq; 851 852 ddq = (struct xfs_disk_dquot *)&dqb[j]; 853 854 /* 855 * Do a sanity check, and if needed, repair the dqblk. Don't 856 * output any warnings because it's perfectly possible to 857 * find uninitialised dquot blks. See comment in 858 * xfs_dquot_verify. 859 */ 860 if (xfs_dqblk_verify(mp, &dqb[j], id + j) || 861 (dqb[j].dd_diskdq.d_type & XFS_DQTYPE_REC_MASK) != type) 862 xfs_dqblk_repair(mp, &dqb[j], id + j, type); 863 864 /* 865 * Reset type in case we are reusing group quota file for 866 * project quotas or vice versa 867 */ 868 ddq->d_type = type; 869 ddq->d_bcount = 0; 870 ddq->d_icount = 0; 871 ddq->d_rtbcount = 0; 872 873 /* 874 * dquot id 0 stores the default grace period and the maximum 875 * warning limit that were set by the administrator, so we 876 * should not reset them. 877 */ 878 if (ddq->d_id != 0) { 879 ddq->d_btimer = 0; 880 ddq->d_itimer = 0; 881 ddq->d_rtbtimer = 0; 882 ddq->d_bwarns = 0; 883 ddq->d_iwarns = 0; 884 ddq->d_rtbwarns = 0; 885 if (xfs_has_bigtime(mp)) 886 ddq->d_type |= XFS_DQTYPE_BIGTIME; 887 } 888 889 if (xfs_has_crc(mp)) { 890 xfs_update_cksum((char *)&dqb[j], 891 sizeof(struct xfs_dqblk), 892 XFS_DQUOT_CRC_OFF); 893 } 894 } 895 } 896 897 STATIC int 898 xfs_qm_reset_dqcounts_all( 899 struct xfs_mount *mp, 900 xfs_dqid_t firstid, 901 xfs_fsblock_t bno, 902 xfs_filblks_t blkcnt, 903 xfs_dqtype_t type, 904 struct list_head *buffer_list) 905 { 906 struct xfs_buf *bp; 907 int error = 0; 908 909 ASSERT(blkcnt > 0); 910 911 /* 912 * Blkcnt arg can be a very big number, and might even be 913 * larger than the log itself. So, we have to break it up into 914 * manageable-sized transactions. 915 * Note that we don't start a permanent transaction here; we might 916 * not be able to get a log reservation for the whole thing up front, 917 * and we don't really care to either, because we just discard 918 * everything if we were to crash in the middle of this loop. 919 */ 920 while (blkcnt--) { 921 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, 922 XFS_FSB_TO_DADDR(mp, bno), 923 mp->m_quotainfo->qi_dqchunklen, 0, &bp, 924 &xfs_dquot_buf_ops); 925 926 /* 927 * CRC and validation errors will return a EFSCORRUPTED here. If 928 * this occurs, re-read without CRC validation so that we can 929 * repair the damage via xfs_qm_reset_dqcounts(). This process 930 * will leave a trace in the log indicating corruption has 931 * been detected. 932 */ 933 if (error == -EFSCORRUPTED) { 934 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, 935 XFS_FSB_TO_DADDR(mp, bno), 936 mp->m_quotainfo->qi_dqchunklen, 0, &bp, 937 NULL); 938 } 939 940 if (error) 941 break; 942 943 /* 944 * A corrupt buffer might not have a verifier attached, so 945 * make sure we have the correct one attached before writeback 946 * occurs. 947 */ 948 bp->b_ops = &xfs_dquot_buf_ops; 949 xfs_qm_reset_dqcounts(mp, bp, firstid, type); 950 xfs_buf_delwri_queue(bp, buffer_list); 951 xfs_buf_relse(bp); 952 953 /* goto the next block. */ 954 bno++; 955 firstid += mp->m_quotainfo->qi_dqperchunk; 956 } 957 958 return error; 959 } 960 961 /* 962 * Iterate over all allocated dquot blocks in this quota inode, zeroing all 963 * counters for every chunk of dquots that we find. 964 */ 965 STATIC int 966 xfs_qm_reset_dqcounts_buf( 967 struct xfs_mount *mp, 968 struct xfs_inode *qip, 969 xfs_dqtype_t type, 970 struct list_head *buffer_list) 971 { 972 struct xfs_bmbt_irec *map; 973 int i, nmaps; /* number of map entries */ 974 int error; /* return value */ 975 xfs_fileoff_t lblkno; 976 xfs_filblks_t maxlblkcnt; 977 xfs_dqid_t firstid; 978 xfs_fsblock_t rablkno; 979 xfs_filblks_t rablkcnt; 980 981 error = 0; 982 /* 983 * This looks racy, but we can't keep an inode lock across a 984 * trans_reserve. But, this gets called during quotacheck, and that 985 * happens only at mount time which is single threaded. 986 */ 987 if (qip->i_nblocks == 0) 988 return 0; 989 990 map = kmem_alloc(XFS_DQITER_MAP_SIZE * sizeof(*map), 0); 991 992 lblkno = 0; 993 maxlblkcnt = XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes); 994 do { 995 uint lock_mode; 996 997 nmaps = XFS_DQITER_MAP_SIZE; 998 /* 999 * We aren't changing the inode itself. Just changing 1000 * some of its data. No new blocks are added here, and 1001 * the inode is never added to the transaction. 1002 */ 1003 lock_mode = xfs_ilock_data_map_shared(qip); 1004 error = xfs_bmapi_read(qip, lblkno, maxlblkcnt - lblkno, 1005 map, &nmaps, 0); 1006 xfs_iunlock(qip, lock_mode); 1007 if (error) 1008 break; 1009 1010 ASSERT(nmaps <= XFS_DQITER_MAP_SIZE); 1011 for (i = 0; i < nmaps; i++) { 1012 ASSERT(map[i].br_startblock != DELAYSTARTBLOCK); 1013 ASSERT(map[i].br_blockcount); 1014 1015 1016 lblkno += map[i].br_blockcount; 1017 1018 if (map[i].br_startblock == HOLESTARTBLOCK) 1019 continue; 1020 1021 firstid = (xfs_dqid_t) map[i].br_startoff * 1022 mp->m_quotainfo->qi_dqperchunk; 1023 /* 1024 * Do a read-ahead on the next extent. 1025 */ 1026 if ((i+1 < nmaps) && 1027 (map[i+1].br_startblock != HOLESTARTBLOCK)) { 1028 rablkcnt = map[i+1].br_blockcount; 1029 rablkno = map[i+1].br_startblock; 1030 while (rablkcnt--) { 1031 xfs_buf_readahead(mp->m_ddev_targp, 1032 XFS_FSB_TO_DADDR(mp, rablkno), 1033 mp->m_quotainfo->qi_dqchunklen, 1034 &xfs_dquot_buf_ops); 1035 rablkno++; 1036 } 1037 } 1038 /* 1039 * Iterate thru all the blks in the extent and 1040 * reset the counters of all the dquots inside them. 1041 */ 1042 error = xfs_qm_reset_dqcounts_all(mp, firstid, 1043 map[i].br_startblock, 1044 map[i].br_blockcount, 1045 type, buffer_list); 1046 if (error) 1047 goto out; 1048 } 1049 } while (nmaps > 0); 1050 1051 out: 1052 kmem_free(map); 1053 return error; 1054 } 1055 1056 /* 1057 * Called by dqusage_adjust in doing a quotacheck. 1058 * 1059 * Given the inode, and a dquot id this updates both the incore dqout as well 1060 * as the buffer copy. This is so that once the quotacheck is done, we can 1061 * just log all the buffers, as opposed to logging numerous updates to 1062 * individual dquots. 1063 */ 1064 STATIC int 1065 xfs_qm_quotacheck_dqadjust( 1066 struct xfs_inode *ip, 1067 xfs_dqtype_t type, 1068 xfs_qcnt_t nblks, 1069 xfs_qcnt_t rtblks) 1070 { 1071 struct xfs_mount *mp = ip->i_mount; 1072 struct xfs_dquot *dqp; 1073 xfs_dqid_t id; 1074 int error; 1075 1076 id = xfs_qm_id_for_quotatype(ip, type); 1077 error = xfs_qm_dqget(mp, id, type, true, &dqp); 1078 if (error) { 1079 /* 1080 * Shouldn't be able to turn off quotas here. 1081 */ 1082 ASSERT(error != -ESRCH); 1083 ASSERT(error != -ENOENT); 1084 return error; 1085 } 1086 1087 trace_xfs_dqadjust(dqp); 1088 1089 /* 1090 * Adjust the inode count and the block count to reflect this inode's 1091 * resource usage. 1092 */ 1093 dqp->q_ino.count++; 1094 dqp->q_ino.reserved++; 1095 if (nblks) { 1096 dqp->q_blk.count += nblks; 1097 dqp->q_blk.reserved += nblks; 1098 } 1099 if (rtblks) { 1100 dqp->q_rtb.count += rtblks; 1101 dqp->q_rtb.reserved += rtblks; 1102 } 1103 1104 /* 1105 * Set default limits, adjust timers (since we changed usages) 1106 * 1107 * There are no timers for the default values set in the root dquot. 1108 */ 1109 if (dqp->q_id) { 1110 xfs_qm_adjust_dqlimits(dqp); 1111 xfs_qm_adjust_dqtimers(dqp); 1112 } 1113 1114 dqp->q_flags |= XFS_DQFLAG_DIRTY; 1115 xfs_qm_dqput(dqp); 1116 return 0; 1117 } 1118 1119 /* 1120 * callback routine supplied to bulkstat(). Given an inumber, find its 1121 * dquots and update them to account for resources taken by that inode. 1122 */ 1123 /* ARGSUSED */ 1124 STATIC int 1125 xfs_qm_dqusage_adjust( 1126 struct xfs_mount *mp, 1127 struct xfs_trans *tp, 1128 xfs_ino_t ino, 1129 void *data) 1130 { 1131 struct xfs_inode *ip; 1132 xfs_qcnt_t nblks; 1133 xfs_filblks_t rtblks = 0; /* total rt blks */ 1134 int error; 1135 1136 ASSERT(XFS_IS_QUOTA_ON(mp)); 1137 1138 /* 1139 * rootino must have its resources accounted for, not so with the quota 1140 * inodes. 1141 */ 1142 if (xfs_is_quota_inode(&mp->m_sb, ino)) 1143 return 0; 1144 1145 /* 1146 * We don't _need_ to take the ilock EXCL here because quotacheck runs 1147 * at mount time and therefore nobody will be racing chown/chproj. 1148 */ 1149 error = xfs_iget(mp, tp, ino, XFS_IGET_DONTCACHE, 0, &ip); 1150 if (error == -EINVAL || error == -ENOENT) 1151 return 0; 1152 if (error) 1153 return error; 1154 1155 ASSERT(ip->i_delayed_blks == 0); 1156 1157 if (XFS_IS_REALTIME_INODE(ip)) { 1158 struct xfs_ifork *ifp = xfs_ifork_ptr(ip, XFS_DATA_FORK); 1159 1160 error = xfs_iread_extents(tp, ip, XFS_DATA_FORK); 1161 if (error) 1162 goto error0; 1163 1164 xfs_bmap_count_leaves(ifp, &rtblks); 1165 } 1166 1167 nblks = (xfs_qcnt_t)ip->i_nblocks - rtblks; 1168 1169 /* 1170 * Add the (disk blocks and inode) resources occupied by this 1171 * inode to its dquots. We do this adjustment in the incore dquot, 1172 * and also copy the changes to its buffer. 1173 * We don't care about putting these changes in a transaction 1174 * envelope because if we crash in the middle of a 'quotacheck' 1175 * we have to start from the beginning anyway. 1176 * Once we're done, we'll log all the dquot bufs. 1177 * 1178 * The *QUOTA_ON checks below may look pretty racy, but quotachecks 1179 * and quotaoffs don't race. (Quotachecks happen at mount time only). 1180 */ 1181 if (XFS_IS_UQUOTA_ON(mp)) { 1182 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_USER, nblks, 1183 rtblks); 1184 if (error) 1185 goto error0; 1186 } 1187 1188 if (XFS_IS_GQUOTA_ON(mp)) { 1189 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_GROUP, nblks, 1190 rtblks); 1191 if (error) 1192 goto error0; 1193 } 1194 1195 if (XFS_IS_PQUOTA_ON(mp)) { 1196 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_PROJ, nblks, 1197 rtblks); 1198 if (error) 1199 goto error0; 1200 } 1201 1202 error0: 1203 xfs_irele(ip); 1204 return error; 1205 } 1206 1207 STATIC int 1208 xfs_qm_flush_one( 1209 struct xfs_dquot *dqp, 1210 void *data) 1211 { 1212 struct xfs_mount *mp = dqp->q_mount; 1213 struct list_head *buffer_list = data; 1214 struct xfs_buf *bp = NULL; 1215 int error = 0; 1216 1217 xfs_dqlock(dqp); 1218 if (dqp->q_flags & XFS_DQFLAG_FREEING) 1219 goto out_unlock; 1220 if (!XFS_DQ_IS_DIRTY(dqp)) 1221 goto out_unlock; 1222 1223 /* 1224 * The only way the dquot is already flush locked by the time quotacheck 1225 * gets here is if reclaim flushed it before the dqadjust walk dirtied 1226 * it for the final time. Quotacheck collects all dquot bufs in the 1227 * local delwri queue before dquots are dirtied, so reclaim can't have 1228 * possibly queued it for I/O. The only way out is to push the buffer to 1229 * cycle the flush lock. 1230 */ 1231 if (!xfs_dqflock_nowait(dqp)) { 1232 /* buf is pinned in-core by delwri list */ 1233 error = xfs_buf_incore(mp->m_ddev_targp, dqp->q_blkno, 1234 mp->m_quotainfo->qi_dqchunklen, 0, &bp); 1235 if (error) 1236 goto out_unlock; 1237 1238 if (!(bp->b_flags & _XBF_DELWRI_Q)) { 1239 error = -EAGAIN; 1240 xfs_buf_relse(bp); 1241 goto out_unlock; 1242 } 1243 xfs_buf_unlock(bp); 1244 1245 xfs_buf_delwri_pushbuf(bp, buffer_list); 1246 xfs_buf_rele(bp); 1247 1248 error = -EAGAIN; 1249 goto out_unlock; 1250 } 1251 1252 error = xfs_qm_dqflush(dqp, &bp); 1253 if (error) 1254 goto out_unlock; 1255 1256 xfs_buf_delwri_queue(bp, buffer_list); 1257 xfs_buf_relse(bp); 1258 out_unlock: 1259 xfs_dqunlock(dqp); 1260 return error; 1261 } 1262 1263 /* 1264 * Walk thru all the filesystem inodes and construct a consistent view 1265 * of the disk quota world. If the quotacheck fails, disable quotas. 1266 */ 1267 STATIC int 1268 xfs_qm_quotacheck( 1269 xfs_mount_t *mp) 1270 { 1271 int error, error2; 1272 uint flags; 1273 LIST_HEAD (buffer_list); 1274 struct xfs_inode *uip = mp->m_quotainfo->qi_uquotaip; 1275 struct xfs_inode *gip = mp->m_quotainfo->qi_gquotaip; 1276 struct xfs_inode *pip = mp->m_quotainfo->qi_pquotaip; 1277 1278 flags = 0; 1279 1280 ASSERT(uip || gip || pip); 1281 ASSERT(XFS_IS_QUOTA_ON(mp)); 1282 1283 xfs_notice(mp, "Quotacheck needed: Please wait."); 1284 1285 /* 1286 * First we go thru all the dquots on disk, USR and GRP/PRJ, and reset 1287 * their counters to zero. We need a clean slate. 1288 * We don't log our changes till later. 1289 */ 1290 if (uip) { 1291 error = xfs_qm_reset_dqcounts_buf(mp, uip, XFS_DQTYPE_USER, 1292 &buffer_list); 1293 if (error) 1294 goto error_return; 1295 flags |= XFS_UQUOTA_CHKD; 1296 } 1297 1298 if (gip) { 1299 error = xfs_qm_reset_dqcounts_buf(mp, gip, XFS_DQTYPE_GROUP, 1300 &buffer_list); 1301 if (error) 1302 goto error_return; 1303 flags |= XFS_GQUOTA_CHKD; 1304 } 1305 1306 if (pip) { 1307 error = xfs_qm_reset_dqcounts_buf(mp, pip, XFS_DQTYPE_PROJ, 1308 &buffer_list); 1309 if (error) 1310 goto error_return; 1311 flags |= XFS_PQUOTA_CHKD; 1312 } 1313 1314 error = xfs_iwalk_threaded(mp, 0, 0, xfs_qm_dqusage_adjust, 0, true, 1315 NULL); 1316 if (error) { 1317 /* 1318 * The inode walk may have partially populated the dquot 1319 * caches. We must purge them before disabling quota and 1320 * tearing down the quotainfo, or else the dquots will leak. 1321 */ 1322 xfs_qm_dqpurge_all(mp); 1323 goto error_return; 1324 } 1325 1326 /* 1327 * We've made all the changes that we need to make incore. Flush them 1328 * down to disk buffers if everything was updated successfully. 1329 */ 1330 if (XFS_IS_UQUOTA_ON(mp)) { 1331 error = xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_flush_one, 1332 &buffer_list); 1333 } 1334 if (XFS_IS_GQUOTA_ON(mp)) { 1335 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_flush_one, 1336 &buffer_list); 1337 if (!error) 1338 error = error2; 1339 } 1340 if (XFS_IS_PQUOTA_ON(mp)) { 1341 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_flush_one, 1342 &buffer_list); 1343 if (!error) 1344 error = error2; 1345 } 1346 1347 error2 = xfs_buf_delwri_submit(&buffer_list); 1348 if (!error) 1349 error = error2; 1350 1351 /* 1352 * We can get this error if we couldn't do a dquot allocation inside 1353 * xfs_qm_dqusage_adjust (via bulkstat). We don't care about the 1354 * dirty dquots that might be cached, we just want to get rid of them 1355 * and turn quotaoff. The dquots won't be attached to any of the inodes 1356 * at this point (because we intentionally didn't in dqget_noattach). 1357 */ 1358 if (error) { 1359 xfs_qm_dqpurge_all(mp); 1360 goto error_return; 1361 } 1362 1363 /* 1364 * If one type of quotas is off, then it will lose its 1365 * quotachecked status, since we won't be doing accounting for 1366 * that type anymore. 1367 */ 1368 mp->m_qflags &= ~XFS_ALL_QUOTA_CHKD; 1369 mp->m_qflags |= flags; 1370 1371 error_return: 1372 xfs_buf_delwri_cancel(&buffer_list); 1373 1374 if (error) { 1375 xfs_warn(mp, 1376 "Quotacheck: Unsuccessful (Error %d): Disabling quotas.", 1377 error); 1378 /* 1379 * We must turn off quotas. 1380 */ 1381 ASSERT(mp->m_quotainfo != NULL); 1382 xfs_qm_destroy_quotainfo(mp); 1383 if (xfs_mount_reset_sbqflags(mp)) { 1384 xfs_warn(mp, 1385 "Quotacheck: Failed to reset quota flags."); 1386 } 1387 } else 1388 xfs_notice(mp, "Quotacheck: Done."); 1389 return error; 1390 } 1391 1392 /* 1393 * This is called from xfs_mountfs to start quotas and initialize all 1394 * necessary data structures like quotainfo. This is also responsible for 1395 * running a quotacheck as necessary. We are guaranteed that the superblock 1396 * is consistently read in at this point. 1397 * 1398 * If we fail here, the mount will continue with quota turned off. We don't 1399 * need to inidicate success or failure at all. 1400 */ 1401 void 1402 xfs_qm_mount_quotas( 1403 struct xfs_mount *mp) 1404 { 1405 int error = 0; 1406 uint sbf; 1407 1408 /* 1409 * If quotas on realtime volumes is not supported, we disable 1410 * quotas immediately. 1411 */ 1412 if (mp->m_sb.sb_rextents) { 1413 xfs_notice(mp, "Cannot turn on quotas for realtime filesystem"); 1414 mp->m_qflags = 0; 1415 goto write_changes; 1416 } 1417 1418 ASSERT(XFS_IS_QUOTA_ON(mp)); 1419 1420 /* 1421 * Allocate the quotainfo structure inside the mount struct, and 1422 * create quotainode(s), and change/rev superblock if necessary. 1423 */ 1424 error = xfs_qm_init_quotainfo(mp); 1425 if (error) { 1426 /* 1427 * We must turn off quotas. 1428 */ 1429 ASSERT(mp->m_quotainfo == NULL); 1430 mp->m_qflags = 0; 1431 goto write_changes; 1432 } 1433 /* 1434 * If any of the quotas are not consistent, do a quotacheck. 1435 */ 1436 if (XFS_QM_NEED_QUOTACHECK(mp)) { 1437 error = xfs_qm_quotacheck(mp); 1438 if (error) { 1439 /* Quotacheck failed and disabled quotas. */ 1440 return; 1441 } 1442 } 1443 /* 1444 * If one type of quotas is off, then it will lose its 1445 * quotachecked status, since we won't be doing accounting for 1446 * that type anymore. 1447 */ 1448 if (!XFS_IS_UQUOTA_ON(mp)) 1449 mp->m_qflags &= ~XFS_UQUOTA_CHKD; 1450 if (!XFS_IS_GQUOTA_ON(mp)) 1451 mp->m_qflags &= ~XFS_GQUOTA_CHKD; 1452 if (!XFS_IS_PQUOTA_ON(mp)) 1453 mp->m_qflags &= ~XFS_PQUOTA_CHKD; 1454 1455 write_changes: 1456 /* 1457 * We actually don't have to acquire the m_sb_lock at all. 1458 * This can only be called from mount, and that's single threaded. XXX 1459 */ 1460 spin_lock(&mp->m_sb_lock); 1461 sbf = mp->m_sb.sb_qflags; 1462 mp->m_sb.sb_qflags = mp->m_qflags & XFS_MOUNT_QUOTA_ALL; 1463 spin_unlock(&mp->m_sb_lock); 1464 1465 if (sbf != (mp->m_qflags & XFS_MOUNT_QUOTA_ALL)) { 1466 if (xfs_sync_sb(mp, false)) { 1467 /* 1468 * We could only have been turning quotas off. 1469 * We aren't in very good shape actually because 1470 * the incore structures are convinced that quotas are 1471 * off, but the on disk superblock doesn't know that ! 1472 */ 1473 ASSERT(!(XFS_IS_QUOTA_ON(mp))); 1474 xfs_alert(mp, "%s: Superblock update failed!", 1475 __func__); 1476 } 1477 } 1478 1479 if (error) { 1480 xfs_warn(mp, "Failed to initialize disk quotas."); 1481 return; 1482 } 1483 } 1484 1485 /* 1486 * This is called after the superblock has been read in and we're ready to 1487 * iget the quota inodes. 1488 */ 1489 STATIC int 1490 xfs_qm_init_quotainos( 1491 xfs_mount_t *mp) 1492 { 1493 struct xfs_inode *uip = NULL; 1494 struct xfs_inode *gip = NULL; 1495 struct xfs_inode *pip = NULL; 1496 int error; 1497 uint flags = 0; 1498 1499 ASSERT(mp->m_quotainfo); 1500 1501 /* 1502 * Get the uquota and gquota inodes 1503 */ 1504 if (xfs_has_quota(mp)) { 1505 if (XFS_IS_UQUOTA_ON(mp) && 1506 mp->m_sb.sb_uquotino != NULLFSINO) { 1507 ASSERT(mp->m_sb.sb_uquotino > 0); 1508 error = xfs_iget(mp, NULL, mp->m_sb.sb_uquotino, 1509 0, 0, &uip); 1510 if (error) 1511 return error; 1512 } 1513 if (XFS_IS_GQUOTA_ON(mp) && 1514 mp->m_sb.sb_gquotino != NULLFSINO) { 1515 ASSERT(mp->m_sb.sb_gquotino > 0); 1516 error = xfs_iget(mp, NULL, mp->m_sb.sb_gquotino, 1517 0, 0, &gip); 1518 if (error) 1519 goto error_rele; 1520 } 1521 if (XFS_IS_PQUOTA_ON(mp) && 1522 mp->m_sb.sb_pquotino != NULLFSINO) { 1523 ASSERT(mp->m_sb.sb_pquotino > 0); 1524 error = xfs_iget(mp, NULL, mp->m_sb.sb_pquotino, 1525 0, 0, &pip); 1526 if (error) 1527 goto error_rele; 1528 } 1529 } else { 1530 flags |= XFS_QMOPT_SBVERSION; 1531 } 1532 1533 /* 1534 * Create the three inodes, if they don't exist already. The changes 1535 * made above will get added to a transaction and logged in one of 1536 * the qino_alloc calls below. If the device is readonly, 1537 * temporarily switch to read-write to do this. 1538 */ 1539 if (XFS_IS_UQUOTA_ON(mp) && uip == NULL) { 1540 error = xfs_qm_qino_alloc(mp, &uip, 1541 flags | XFS_QMOPT_UQUOTA); 1542 if (error) 1543 goto error_rele; 1544 1545 flags &= ~XFS_QMOPT_SBVERSION; 1546 } 1547 if (XFS_IS_GQUOTA_ON(mp) && gip == NULL) { 1548 error = xfs_qm_qino_alloc(mp, &gip, 1549 flags | XFS_QMOPT_GQUOTA); 1550 if (error) 1551 goto error_rele; 1552 1553 flags &= ~XFS_QMOPT_SBVERSION; 1554 } 1555 if (XFS_IS_PQUOTA_ON(mp) && pip == NULL) { 1556 error = xfs_qm_qino_alloc(mp, &pip, 1557 flags | XFS_QMOPT_PQUOTA); 1558 if (error) 1559 goto error_rele; 1560 } 1561 1562 mp->m_quotainfo->qi_uquotaip = uip; 1563 mp->m_quotainfo->qi_gquotaip = gip; 1564 mp->m_quotainfo->qi_pquotaip = pip; 1565 1566 return 0; 1567 1568 error_rele: 1569 if (uip) 1570 xfs_irele(uip); 1571 if (gip) 1572 xfs_irele(gip); 1573 if (pip) 1574 xfs_irele(pip); 1575 return error; 1576 } 1577 1578 STATIC void 1579 xfs_qm_destroy_quotainos( 1580 struct xfs_quotainfo *qi) 1581 { 1582 if (qi->qi_uquotaip) { 1583 xfs_irele(qi->qi_uquotaip); 1584 qi->qi_uquotaip = NULL; /* paranoia */ 1585 } 1586 if (qi->qi_gquotaip) { 1587 xfs_irele(qi->qi_gquotaip); 1588 qi->qi_gquotaip = NULL; 1589 } 1590 if (qi->qi_pquotaip) { 1591 xfs_irele(qi->qi_pquotaip); 1592 qi->qi_pquotaip = NULL; 1593 } 1594 } 1595 1596 STATIC void 1597 xfs_qm_dqfree_one( 1598 struct xfs_dquot *dqp) 1599 { 1600 struct xfs_mount *mp = dqp->q_mount; 1601 struct xfs_quotainfo *qi = mp->m_quotainfo; 1602 1603 mutex_lock(&qi->qi_tree_lock); 1604 radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id); 1605 1606 qi->qi_dquots--; 1607 mutex_unlock(&qi->qi_tree_lock); 1608 1609 xfs_qm_dqdestroy(dqp); 1610 } 1611 1612 /* --------------- utility functions for vnodeops ---------------- */ 1613 1614 1615 /* 1616 * Given an inode, a uid, gid and prid make sure that we have 1617 * allocated relevant dquot(s) on disk, and that we won't exceed inode 1618 * quotas by creating this file. 1619 * This also attaches dquot(s) to the given inode after locking it, 1620 * and returns the dquots corresponding to the uid and/or gid. 1621 * 1622 * in : inode (unlocked) 1623 * out : udquot, gdquot with references taken and unlocked 1624 */ 1625 int 1626 xfs_qm_vop_dqalloc( 1627 struct xfs_inode *ip, 1628 kuid_t uid, 1629 kgid_t gid, 1630 prid_t prid, 1631 uint flags, 1632 struct xfs_dquot **O_udqpp, 1633 struct xfs_dquot **O_gdqpp, 1634 struct xfs_dquot **O_pdqpp) 1635 { 1636 struct xfs_mount *mp = ip->i_mount; 1637 struct inode *inode = VFS_I(ip); 1638 struct user_namespace *user_ns = inode->i_sb->s_user_ns; 1639 struct xfs_dquot *uq = NULL; 1640 struct xfs_dquot *gq = NULL; 1641 struct xfs_dquot *pq = NULL; 1642 int error; 1643 uint lockflags; 1644 1645 if (!XFS_IS_QUOTA_ON(mp)) 1646 return 0; 1647 1648 lockflags = XFS_ILOCK_EXCL; 1649 xfs_ilock(ip, lockflags); 1650 1651 if ((flags & XFS_QMOPT_INHERIT) && XFS_INHERIT_GID(ip)) 1652 gid = inode->i_gid; 1653 1654 /* 1655 * Attach the dquot(s) to this inode, doing a dquot allocation 1656 * if necessary. The dquot(s) will not be locked. 1657 */ 1658 if (XFS_NOT_DQATTACHED(mp, ip)) { 1659 error = xfs_qm_dqattach_locked(ip, true); 1660 if (error) { 1661 xfs_iunlock(ip, lockflags); 1662 return error; 1663 } 1664 } 1665 1666 if ((flags & XFS_QMOPT_UQUOTA) && XFS_IS_UQUOTA_ON(mp)) { 1667 ASSERT(O_udqpp); 1668 if (!uid_eq(inode->i_uid, uid)) { 1669 /* 1670 * What we need is the dquot that has this uid, and 1671 * if we send the inode to dqget, the uid of the inode 1672 * takes priority over what's sent in the uid argument. 1673 * We must unlock inode here before calling dqget if 1674 * we're not sending the inode, because otherwise 1675 * we'll deadlock by doing trans_reserve while 1676 * holding ilock. 1677 */ 1678 xfs_iunlock(ip, lockflags); 1679 error = xfs_qm_dqget(mp, from_kuid(user_ns, uid), 1680 XFS_DQTYPE_USER, true, &uq); 1681 if (error) { 1682 ASSERT(error != -ENOENT); 1683 return error; 1684 } 1685 /* 1686 * Get the ilock in the right order. 1687 */ 1688 xfs_dqunlock(uq); 1689 lockflags = XFS_ILOCK_SHARED; 1690 xfs_ilock(ip, lockflags); 1691 } else { 1692 /* 1693 * Take an extra reference, because we'll return 1694 * this to caller 1695 */ 1696 ASSERT(ip->i_udquot); 1697 uq = xfs_qm_dqhold(ip->i_udquot); 1698 } 1699 } 1700 if ((flags & XFS_QMOPT_GQUOTA) && XFS_IS_GQUOTA_ON(mp)) { 1701 ASSERT(O_gdqpp); 1702 if (!gid_eq(inode->i_gid, gid)) { 1703 xfs_iunlock(ip, lockflags); 1704 error = xfs_qm_dqget(mp, from_kgid(user_ns, gid), 1705 XFS_DQTYPE_GROUP, true, &gq); 1706 if (error) { 1707 ASSERT(error != -ENOENT); 1708 goto error_rele; 1709 } 1710 xfs_dqunlock(gq); 1711 lockflags = XFS_ILOCK_SHARED; 1712 xfs_ilock(ip, lockflags); 1713 } else { 1714 ASSERT(ip->i_gdquot); 1715 gq = xfs_qm_dqhold(ip->i_gdquot); 1716 } 1717 } 1718 if ((flags & XFS_QMOPT_PQUOTA) && XFS_IS_PQUOTA_ON(mp)) { 1719 ASSERT(O_pdqpp); 1720 if (ip->i_projid != prid) { 1721 xfs_iunlock(ip, lockflags); 1722 error = xfs_qm_dqget(mp, prid, 1723 XFS_DQTYPE_PROJ, true, &pq); 1724 if (error) { 1725 ASSERT(error != -ENOENT); 1726 goto error_rele; 1727 } 1728 xfs_dqunlock(pq); 1729 lockflags = XFS_ILOCK_SHARED; 1730 xfs_ilock(ip, lockflags); 1731 } else { 1732 ASSERT(ip->i_pdquot); 1733 pq = xfs_qm_dqhold(ip->i_pdquot); 1734 } 1735 } 1736 trace_xfs_dquot_dqalloc(ip); 1737 1738 xfs_iunlock(ip, lockflags); 1739 if (O_udqpp) 1740 *O_udqpp = uq; 1741 else 1742 xfs_qm_dqrele(uq); 1743 if (O_gdqpp) 1744 *O_gdqpp = gq; 1745 else 1746 xfs_qm_dqrele(gq); 1747 if (O_pdqpp) 1748 *O_pdqpp = pq; 1749 else 1750 xfs_qm_dqrele(pq); 1751 return 0; 1752 1753 error_rele: 1754 xfs_qm_dqrele(gq); 1755 xfs_qm_dqrele(uq); 1756 return error; 1757 } 1758 1759 /* 1760 * Actually transfer ownership, and do dquot modifications. 1761 * These were already reserved. 1762 */ 1763 struct xfs_dquot * 1764 xfs_qm_vop_chown( 1765 struct xfs_trans *tp, 1766 struct xfs_inode *ip, 1767 struct xfs_dquot **IO_olddq, 1768 struct xfs_dquot *newdq) 1769 { 1770 struct xfs_dquot *prevdq; 1771 uint bfield = XFS_IS_REALTIME_INODE(ip) ? 1772 XFS_TRANS_DQ_RTBCOUNT : XFS_TRANS_DQ_BCOUNT; 1773 1774 1775 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 1776 ASSERT(XFS_IS_QUOTA_ON(ip->i_mount)); 1777 1778 /* old dquot */ 1779 prevdq = *IO_olddq; 1780 ASSERT(prevdq); 1781 ASSERT(prevdq != newdq); 1782 1783 xfs_trans_mod_dquot(tp, prevdq, bfield, -(ip->i_nblocks)); 1784 xfs_trans_mod_dquot(tp, prevdq, XFS_TRANS_DQ_ICOUNT, -1); 1785 1786 /* the sparkling new dquot */ 1787 xfs_trans_mod_dquot(tp, newdq, bfield, ip->i_nblocks); 1788 xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_ICOUNT, 1); 1789 1790 /* 1791 * Back when we made quota reservations for the chown, we reserved the 1792 * ondisk blocks + delalloc blocks with the new dquot. Now that we've 1793 * switched the dquots, decrease the new dquot's block reservation 1794 * (having already bumped up the real counter) so that we don't have 1795 * any reservation to give back when we commit. 1796 */ 1797 xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_RES_BLKS, 1798 -ip->i_delayed_blks); 1799 1800 /* 1801 * Give the incore reservation for delalloc blocks back to the old 1802 * dquot. We don't normally handle delalloc quota reservations 1803 * transactionally, so just lock the dquot and subtract from the 1804 * reservation. Dirty the transaction because it's too late to turn 1805 * back now. 1806 */ 1807 tp->t_flags |= XFS_TRANS_DIRTY; 1808 xfs_dqlock(prevdq); 1809 ASSERT(prevdq->q_blk.reserved >= ip->i_delayed_blks); 1810 prevdq->q_blk.reserved -= ip->i_delayed_blks; 1811 xfs_dqunlock(prevdq); 1812 1813 /* 1814 * Take an extra reference, because the inode is going to keep 1815 * this dquot pointer even after the trans_commit. 1816 */ 1817 *IO_olddq = xfs_qm_dqhold(newdq); 1818 1819 return prevdq; 1820 } 1821 1822 int 1823 xfs_qm_vop_rename_dqattach( 1824 struct xfs_inode **i_tab) 1825 { 1826 struct xfs_mount *mp = i_tab[0]->i_mount; 1827 int i; 1828 1829 if (!XFS_IS_QUOTA_ON(mp)) 1830 return 0; 1831 1832 for (i = 0; (i < 4 && i_tab[i]); i++) { 1833 struct xfs_inode *ip = i_tab[i]; 1834 int error; 1835 1836 /* 1837 * Watch out for duplicate entries in the table. 1838 */ 1839 if (i == 0 || ip != i_tab[i-1]) { 1840 if (XFS_NOT_DQATTACHED(mp, ip)) { 1841 error = xfs_qm_dqattach(ip); 1842 if (error) 1843 return error; 1844 } 1845 } 1846 } 1847 return 0; 1848 } 1849 1850 void 1851 xfs_qm_vop_create_dqattach( 1852 struct xfs_trans *tp, 1853 struct xfs_inode *ip, 1854 struct xfs_dquot *udqp, 1855 struct xfs_dquot *gdqp, 1856 struct xfs_dquot *pdqp) 1857 { 1858 struct xfs_mount *mp = tp->t_mountp; 1859 1860 if (!XFS_IS_QUOTA_ON(mp)) 1861 return; 1862 1863 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 1864 1865 if (udqp && XFS_IS_UQUOTA_ON(mp)) { 1866 ASSERT(ip->i_udquot == NULL); 1867 ASSERT(i_uid_read(VFS_I(ip)) == udqp->q_id); 1868 1869 ip->i_udquot = xfs_qm_dqhold(udqp); 1870 xfs_trans_mod_dquot(tp, udqp, XFS_TRANS_DQ_ICOUNT, 1); 1871 } 1872 if (gdqp && XFS_IS_GQUOTA_ON(mp)) { 1873 ASSERT(ip->i_gdquot == NULL); 1874 ASSERT(i_gid_read(VFS_I(ip)) == gdqp->q_id); 1875 1876 ip->i_gdquot = xfs_qm_dqhold(gdqp); 1877 xfs_trans_mod_dquot(tp, gdqp, XFS_TRANS_DQ_ICOUNT, 1); 1878 } 1879 if (pdqp && XFS_IS_PQUOTA_ON(mp)) { 1880 ASSERT(ip->i_pdquot == NULL); 1881 ASSERT(ip->i_projid == pdqp->q_id); 1882 1883 ip->i_pdquot = xfs_qm_dqhold(pdqp); 1884 xfs_trans_mod_dquot(tp, pdqp, XFS_TRANS_DQ_ICOUNT, 1); 1885 } 1886 } 1887 1888 /* Decide if this inode's dquot is near an enforcement boundary. */ 1889 bool 1890 xfs_inode_near_dquot_enforcement( 1891 struct xfs_inode *ip, 1892 xfs_dqtype_t type) 1893 { 1894 struct xfs_dquot *dqp; 1895 int64_t freesp; 1896 1897 /* We only care for quotas that are enabled and enforced. */ 1898 dqp = xfs_inode_dquot(ip, type); 1899 if (!dqp || !xfs_dquot_is_enforced(dqp)) 1900 return false; 1901 1902 if (xfs_dquot_res_over_limits(&dqp->q_ino) || 1903 xfs_dquot_res_over_limits(&dqp->q_rtb)) 1904 return true; 1905 1906 /* For space on the data device, check the various thresholds. */ 1907 if (!dqp->q_prealloc_hi_wmark) 1908 return false; 1909 1910 if (dqp->q_blk.reserved < dqp->q_prealloc_lo_wmark) 1911 return false; 1912 1913 if (dqp->q_blk.reserved >= dqp->q_prealloc_hi_wmark) 1914 return true; 1915 1916 freesp = dqp->q_prealloc_hi_wmark - dqp->q_blk.reserved; 1917 if (freesp < dqp->q_low_space[XFS_QLOWSP_5_PCNT]) 1918 return true; 1919 1920 return false; 1921 } 1922