1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 4 * All Rights Reserved. 5 */ 6 #include "xfs.h" 7 #include "xfs_fs.h" 8 #include "xfs_shared.h" 9 #include "xfs_format.h" 10 #include "xfs_log_format.h" 11 #include "xfs_trans_resv.h" 12 #include "xfs_bit.h" 13 #include "xfs_sb.h" 14 #include "xfs_mount.h" 15 #include "xfs_inode.h" 16 #include "xfs_iwalk.h" 17 #include "xfs_quota.h" 18 #include "xfs_bmap.h" 19 #include "xfs_bmap_util.h" 20 #include "xfs_trans.h" 21 #include "xfs_trans_space.h" 22 #include "xfs_qm.h" 23 #include "xfs_trace.h" 24 #include "xfs_icache.h" 25 #include "xfs_error.h" 26 #include "xfs_ag.h" 27 #include "xfs_ialloc.h" 28 #include "xfs_log_priv.h" 29 30 /* 31 * The global quota manager. There is only one of these for the entire 32 * system, _not_ one per file system. XQM keeps track of the overall 33 * quota functionality, including maintaining the freelist and hash 34 * tables of dquots. 35 */ 36 STATIC int xfs_qm_init_quotainos(struct xfs_mount *mp); 37 STATIC int xfs_qm_init_quotainfo(struct xfs_mount *mp); 38 39 STATIC void xfs_qm_destroy_quotainos(struct xfs_quotainfo *qi); 40 STATIC void xfs_qm_dqfree_one(struct xfs_dquot *dqp); 41 /* 42 * We use the batch lookup interface to iterate over the dquots as it 43 * currently is the only interface into the radix tree code that allows 44 * fuzzy lookups instead of exact matches. Holding the lock over multiple 45 * operations is fine as all callers are used either during mount/umount 46 * or quotaoff. 47 */ 48 #define XFS_DQ_LOOKUP_BATCH 32 49 50 STATIC int 51 xfs_qm_dquot_walk( 52 struct xfs_mount *mp, 53 xfs_dqtype_t type, 54 int (*execute)(struct xfs_dquot *dqp, void *data), 55 void *data) 56 { 57 struct xfs_quotainfo *qi = mp->m_quotainfo; 58 struct radix_tree_root *tree = xfs_dquot_tree(qi, type); 59 uint32_t next_index; 60 int last_error = 0; 61 int skipped; 62 int nr_found; 63 64 restart: 65 skipped = 0; 66 next_index = 0; 67 nr_found = 0; 68 69 while (1) { 70 struct xfs_dquot *batch[XFS_DQ_LOOKUP_BATCH]; 71 int error; 72 int i; 73 74 mutex_lock(&qi->qi_tree_lock); 75 nr_found = radix_tree_gang_lookup(tree, (void **)batch, 76 next_index, XFS_DQ_LOOKUP_BATCH); 77 if (!nr_found) { 78 mutex_unlock(&qi->qi_tree_lock); 79 break; 80 } 81 82 for (i = 0; i < nr_found; i++) { 83 struct xfs_dquot *dqp = batch[i]; 84 85 next_index = dqp->q_id + 1; 86 87 error = execute(batch[i], data); 88 if (error == -EAGAIN) { 89 skipped++; 90 continue; 91 } 92 if (error && last_error != -EFSCORRUPTED) 93 last_error = error; 94 } 95 96 mutex_unlock(&qi->qi_tree_lock); 97 98 /* bail out if the filesystem is corrupted. */ 99 if (last_error == -EFSCORRUPTED) { 100 skipped = 0; 101 break; 102 } 103 /* we're done if id overflows back to zero */ 104 if (!next_index) 105 break; 106 } 107 108 if (skipped) { 109 delay(1); 110 goto restart; 111 } 112 113 return last_error; 114 } 115 116 117 /* 118 * Purge a dquot from all tracking data structures and free it. 119 */ 120 STATIC int 121 xfs_qm_dqpurge( 122 struct xfs_dquot *dqp, 123 void *data) 124 { 125 struct xfs_quotainfo *qi = dqp->q_mount->m_quotainfo; 126 int error = -EAGAIN; 127 128 xfs_dqlock(dqp); 129 if ((dqp->q_flags & XFS_DQFLAG_FREEING) || dqp->q_nrefs != 0) 130 goto out_unlock; 131 132 dqp->q_flags |= XFS_DQFLAG_FREEING; 133 134 xfs_dqflock(dqp); 135 136 /* 137 * If we are turning this type of quotas off, we don't care 138 * about the dirty metadata sitting in this dquot. OTOH, if 139 * we're unmounting, we do care, so we flush it and wait. 140 */ 141 if (XFS_DQ_IS_DIRTY(dqp)) { 142 struct xfs_buf *bp = NULL; 143 144 /* 145 * We don't care about getting disk errors here. We need 146 * to purge this dquot anyway, so we go ahead regardless. 147 */ 148 error = xfs_qm_dqflush(dqp, &bp); 149 if (!error) { 150 error = xfs_bwrite(bp); 151 xfs_buf_relse(bp); 152 } else if (error == -EAGAIN) { 153 dqp->q_flags &= ~XFS_DQFLAG_FREEING; 154 goto out_unlock; 155 } 156 xfs_dqflock(dqp); 157 } 158 159 ASSERT(atomic_read(&dqp->q_pincount) == 0); 160 ASSERT(xlog_is_shutdown(dqp->q_logitem.qli_item.li_log) || 161 !test_bit(XFS_LI_IN_AIL, &dqp->q_logitem.qli_item.li_flags)); 162 163 xfs_dqfunlock(dqp); 164 xfs_dqunlock(dqp); 165 166 radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id); 167 qi->qi_dquots--; 168 169 /* 170 * We move dquots to the freelist as soon as their reference count 171 * hits zero, so it really should be on the freelist here. 172 */ 173 ASSERT(!list_empty(&dqp->q_lru)); 174 list_lru_del_obj(&qi->qi_lru, &dqp->q_lru); 175 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused); 176 177 xfs_qm_dqdestroy(dqp); 178 return 0; 179 180 out_unlock: 181 xfs_dqunlock(dqp); 182 return error; 183 } 184 185 /* 186 * Purge the dquot cache. 187 */ 188 static void 189 xfs_qm_dqpurge_all( 190 struct xfs_mount *mp) 191 { 192 xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_dqpurge, NULL); 193 xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_dqpurge, NULL); 194 xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_dqpurge, NULL); 195 } 196 197 /* 198 * Just destroy the quotainfo structure. 199 */ 200 void 201 xfs_qm_unmount( 202 struct xfs_mount *mp) 203 { 204 if (mp->m_quotainfo) { 205 xfs_qm_dqpurge_all(mp); 206 xfs_qm_destroy_quotainfo(mp); 207 } 208 } 209 210 /* 211 * Called from the vfsops layer. 212 */ 213 void 214 xfs_qm_unmount_quotas( 215 xfs_mount_t *mp) 216 { 217 /* 218 * Release the dquots that root inode, et al might be holding, 219 * before we flush quotas and blow away the quotainfo structure. 220 */ 221 ASSERT(mp->m_rootip); 222 xfs_qm_dqdetach(mp->m_rootip); 223 if (mp->m_rbmip) 224 xfs_qm_dqdetach(mp->m_rbmip); 225 if (mp->m_rsumip) 226 xfs_qm_dqdetach(mp->m_rsumip); 227 228 /* 229 * Release the quota inodes. 230 */ 231 if (mp->m_quotainfo) { 232 if (mp->m_quotainfo->qi_uquotaip) { 233 xfs_irele(mp->m_quotainfo->qi_uquotaip); 234 mp->m_quotainfo->qi_uquotaip = NULL; 235 } 236 if (mp->m_quotainfo->qi_gquotaip) { 237 xfs_irele(mp->m_quotainfo->qi_gquotaip); 238 mp->m_quotainfo->qi_gquotaip = NULL; 239 } 240 if (mp->m_quotainfo->qi_pquotaip) { 241 xfs_irele(mp->m_quotainfo->qi_pquotaip); 242 mp->m_quotainfo->qi_pquotaip = NULL; 243 } 244 } 245 } 246 247 STATIC int 248 xfs_qm_dqattach_one( 249 struct xfs_inode *ip, 250 xfs_dqtype_t type, 251 bool doalloc, 252 struct xfs_dquot **IO_idqpp) 253 { 254 struct xfs_dquot *dqp; 255 int error; 256 257 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); 258 error = 0; 259 260 /* 261 * See if we already have it in the inode itself. IO_idqpp is &i_udquot 262 * or &i_gdquot. This made the code look weird, but made the logic a lot 263 * simpler. 264 */ 265 dqp = *IO_idqpp; 266 if (dqp) { 267 trace_xfs_dqattach_found(dqp); 268 return 0; 269 } 270 271 /* 272 * Find the dquot from somewhere. This bumps the reference count of 273 * dquot and returns it locked. This can return ENOENT if dquot didn't 274 * exist on disk and we didn't ask it to allocate; ESRCH if quotas got 275 * turned off suddenly. 276 */ 277 error = xfs_qm_dqget_inode(ip, type, doalloc, &dqp); 278 if (error) 279 return error; 280 281 trace_xfs_dqattach_get(dqp); 282 283 /* 284 * dqget may have dropped and re-acquired the ilock, but it guarantees 285 * that the dquot returned is the one that should go in the inode. 286 */ 287 *IO_idqpp = dqp; 288 xfs_dqunlock(dqp); 289 return 0; 290 } 291 292 static bool 293 xfs_qm_need_dqattach( 294 struct xfs_inode *ip) 295 { 296 struct xfs_mount *mp = ip->i_mount; 297 298 if (!XFS_IS_QUOTA_ON(mp)) 299 return false; 300 if (!XFS_NOT_DQATTACHED(mp, ip)) 301 return false; 302 if (xfs_is_quota_inode(&mp->m_sb, ip->i_ino)) 303 return false; 304 return true; 305 } 306 307 /* 308 * Given a locked inode, attach dquot(s) to it, taking U/G/P-QUOTAON 309 * into account. 310 * If @doalloc is true, the dquot(s) will be allocated if needed. 311 * Inode may get unlocked and relocked in here, and the caller must deal with 312 * the consequences. 313 */ 314 int 315 xfs_qm_dqattach_locked( 316 xfs_inode_t *ip, 317 bool doalloc) 318 { 319 xfs_mount_t *mp = ip->i_mount; 320 int error = 0; 321 322 if (!xfs_qm_need_dqattach(ip)) 323 return 0; 324 325 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); 326 327 if (XFS_IS_UQUOTA_ON(mp) && !ip->i_udquot) { 328 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_USER, 329 doalloc, &ip->i_udquot); 330 if (error) 331 goto done; 332 ASSERT(ip->i_udquot); 333 } 334 335 if (XFS_IS_GQUOTA_ON(mp) && !ip->i_gdquot) { 336 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_GROUP, 337 doalloc, &ip->i_gdquot); 338 if (error) 339 goto done; 340 ASSERT(ip->i_gdquot); 341 } 342 343 if (XFS_IS_PQUOTA_ON(mp) && !ip->i_pdquot) { 344 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_PROJ, 345 doalloc, &ip->i_pdquot); 346 if (error) 347 goto done; 348 ASSERT(ip->i_pdquot); 349 } 350 351 done: 352 /* 353 * Don't worry about the dquots that we may have attached before any 354 * error - they'll get detached later if it has not already been done. 355 */ 356 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); 357 return error; 358 } 359 360 int 361 xfs_qm_dqattach( 362 struct xfs_inode *ip) 363 { 364 int error; 365 366 if (!xfs_qm_need_dqattach(ip)) 367 return 0; 368 369 xfs_ilock(ip, XFS_ILOCK_EXCL); 370 error = xfs_qm_dqattach_locked(ip, false); 371 xfs_iunlock(ip, XFS_ILOCK_EXCL); 372 373 return error; 374 } 375 376 /* 377 * Release dquots (and their references) if any. 378 * The inode should be locked EXCL except when this's called by 379 * xfs_ireclaim. 380 */ 381 void 382 xfs_qm_dqdetach( 383 xfs_inode_t *ip) 384 { 385 if (!(ip->i_udquot || ip->i_gdquot || ip->i_pdquot)) 386 return; 387 388 trace_xfs_dquot_dqdetach(ip); 389 390 ASSERT(!xfs_is_quota_inode(&ip->i_mount->m_sb, ip->i_ino)); 391 if (ip->i_udquot) { 392 xfs_qm_dqrele(ip->i_udquot); 393 ip->i_udquot = NULL; 394 } 395 if (ip->i_gdquot) { 396 xfs_qm_dqrele(ip->i_gdquot); 397 ip->i_gdquot = NULL; 398 } 399 if (ip->i_pdquot) { 400 xfs_qm_dqrele(ip->i_pdquot); 401 ip->i_pdquot = NULL; 402 } 403 } 404 405 struct xfs_qm_isolate { 406 struct list_head buffers; 407 struct list_head dispose; 408 }; 409 410 static enum lru_status 411 xfs_qm_dquot_isolate( 412 struct list_head *item, 413 struct list_lru_one *lru, 414 spinlock_t *lru_lock, 415 void *arg) 416 __releases(lru_lock) __acquires(lru_lock) 417 { 418 struct xfs_dquot *dqp = container_of(item, 419 struct xfs_dquot, q_lru); 420 struct xfs_qm_isolate *isol = arg; 421 422 if (!xfs_dqlock_nowait(dqp)) 423 goto out_miss_busy; 424 425 /* 426 * If something else is freeing this dquot and hasn't yet removed it 427 * from the LRU, leave it for the freeing task to complete the freeing 428 * process rather than risk it being free from under us here. 429 */ 430 if (dqp->q_flags & XFS_DQFLAG_FREEING) 431 goto out_miss_unlock; 432 433 /* 434 * This dquot has acquired a reference in the meantime remove it from 435 * the freelist and try again. 436 */ 437 if (dqp->q_nrefs) { 438 xfs_dqunlock(dqp); 439 XFS_STATS_INC(dqp->q_mount, xs_qm_dqwants); 440 441 trace_xfs_dqreclaim_want(dqp); 442 list_lru_isolate(lru, &dqp->q_lru); 443 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused); 444 return LRU_REMOVED; 445 } 446 447 /* 448 * If the dquot is dirty, flush it. If it's already being flushed, just 449 * skip it so there is time for the IO to complete before we try to 450 * reclaim it again on the next LRU pass. 451 */ 452 if (!xfs_dqflock_nowait(dqp)) 453 goto out_miss_unlock; 454 455 if (XFS_DQ_IS_DIRTY(dqp)) { 456 struct xfs_buf *bp = NULL; 457 int error; 458 459 trace_xfs_dqreclaim_dirty(dqp); 460 461 /* we have to drop the LRU lock to flush the dquot */ 462 spin_unlock(lru_lock); 463 464 error = xfs_qm_dqflush(dqp, &bp); 465 if (error) 466 goto out_unlock_dirty; 467 468 xfs_buf_delwri_queue(bp, &isol->buffers); 469 xfs_buf_relse(bp); 470 goto out_unlock_dirty; 471 } 472 xfs_dqfunlock(dqp); 473 474 /* 475 * Prevent lookups now that we are past the point of no return. 476 */ 477 dqp->q_flags |= XFS_DQFLAG_FREEING; 478 xfs_dqunlock(dqp); 479 480 ASSERT(dqp->q_nrefs == 0); 481 list_lru_isolate_move(lru, &dqp->q_lru, &isol->dispose); 482 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused); 483 trace_xfs_dqreclaim_done(dqp); 484 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaims); 485 return LRU_REMOVED; 486 487 out_miss_unlock: 488 xfs_dqunlock(dqp); 489 out_miss_busy: 490 trace_xfs_dqreclaim_busy(dqp); 491 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses); 492 return LRU_SKIP; 493 494 out_unlock_dirty: 495 trace_xfs_dqreclaim_busy(dqp); 496 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses); 497 xfs_dqunlock(dqp); 498 spin_lock(lru_lock); 499 return LRU_RETRY; 500 } 501 502 static unsigned long 503 xfs_qm_shrink_scan( 504 struct shrinker *shrink, 505 struct shrink_control *sc) 506 { 507 struct xfs_quotainfo *qi = shrink->private_data; 508 struct xfs_qm_isolate isol; 509 unsigned long freed; 510 int error; 511 512 if ((sc->gfp_mask & (__GFP_FS|__GFP_DIRECT_RECLAIM)) != (__GFP_FS|__GFP_DIRECT_RECLAIM)) 513 return 0; 514 515 INIT_LIST_HEAD(&isol.buffers); 516 INIT_LIST_HEAD(&isol.dispose); 517 518 freed = list_lru_shrink_walk(&qi->qi_lru, sc, 519 xfs_qm_dquot_isolate, &isol); 520 521 error = xfs_buf_delwri_submit(&isol.buffers); 522 if (error) 523 xfs_warn(NULL, "%s: dquot reclaim failed", __func__); 524 525 while (!list_empty(&isol.dispose)) { 526 struct xfs_dquot *dqp; 527 528 dqp = list_first_entry(&isol.dispose, struct xfs_dquot, q_lru); 529 list_del_init(&dqp->q_lru); 530 xfs_qm_dqfree_one(dqp); 531 } 532 533 return freed; 534 } 535 536 static unsigned long 537 xfs_qm_shrink_count( 538 struct shrinker *shrink, 539 struct shrink_control *sc) 540 { 541 struct xfs_quotainfo *qi = shrink->private_data; 542 543 return list_lru_shrink_count(&qi->qi_lru, sc); 544 } 545 546 STATIC void 547 xfs_qm_set_defquota( 548 struct xfs_mount *mp, 549 xfs_dqtype_t type, 550 struct xfs_quotainfo *qinf) 551 { 552 struct xfs_dquot *dqp; 553 struct xfs_def_quota *defq; 554 int error; 555 556 error = xfs_qm_dqget_uncached(mp, 0, type, &dqp); 557 if (error) 558 return; 559 560 defq = xfs_get_defquota(qinf, xfs_dquot_type(dqp)); 561 562 /* 563 * Timers and warnings have been already set, let's just set the 564 * default limits for this quota type 565 */ 566 defq->blk.hard = dqp->q_blk.hardlimit; 567 defq->blk.soft = dqp->q_blk.softlimit; 568 defq->ino.hard = dqp->q_ino.hardlimit; 569 defq->ino.soft = dqp->q_ino.softlimit; 570 defq->rtb.hard = dqp->q_rtb.hardlimit; 571 defq->rtb.soft = dqp->q_rtb.softlimit; 572 xfs_qm_dqdestroy(dqp); 573 } 574 575 /* Initialize quota time limits from the root dquot. */ 576 static void 577 xfs_qm_init_timelimits( 578 struct xfs_mount *mp, 579 xfs_dqtype_t type) 580 { 581 struct xfs_quotainfo *qinf = mp->m_quotainfo; 582 struct xfs_def_quota *defq; 583 struct xfs_dquot *dqp; 584 int error; 585 586 defq = xfs_get_defquota(qinf, type); 587 588 defq->blk.time = XFS_QM_BTIMELIMIT; 589 defq->ino.time = XFS_QM_ITIMELIMIT; 590 defq->rtb.time = XFS_QM_RTBTIMELIMIT; 591 592 /* 593 * We try to get the limits from the superuser's limits fields. 594 * This is quite hacky, but it is standard quota practice. 595 * 596 * Since we may not have done a quotacheck by this point, just read 597 * the dquot without attaching it to any hashtables or lists. 598 */ 599 error = xfs_qm_dqget_uncached(mp, 0, type, &dqp); 600 if (error) 601 return; 602 603 /* 604 * The warnings and timers set the grace period given to 605 * a user or group before he or she can not perform any 606 * more writing. If it is zero, a default is used. 607 */ 608 if (dqp->q_blk.timer) 609 defq->blk.time = dqp->q_blk.timer; 610 if (dqp->q_ino.timer) 611 defq->ino.time = dqp->q_ino.timer; 612 if (dqp->q_rtb.timer) 613 defq->rtb.time = dqp->q_rtb.timer; 614 615 xfs_qm_dqdestroy(dqp); 616 } 617 618 /* 619 * This initializes all the quota information that's kept in the 620 * mount structure 621 */ 622 STATIC int 623 xfs_qm_init_quotainfo( 624 struct xfs_mount *mp) 625 { 626 struct xfs_quotainfo *qinf; 627 int error; 628 629 ASSERT(XFS_IS_QUOTA_ON(mp)); 630 631 qinf = mp->m_quotainfo = kzalloc(sizeof(struct xfs_quotainfo), 632 GFP_KERNEL | __GFP_NOFAIL); 633 634 error = list_lru_init(&qinf->qi_lru); 635 if (error) 636 goto out_free_qinf; 637 638 /* 639 * See if quotainodes are setup, and if not, allocate them, 640 * and change the superblock accordingly. 641 */ 642 error = xfs_qm_init_quotainos(mp); 643 if (error) 644 goto out_free_lru; 645 646 INIT_RADIX_TREE(&qinf->qi_uquota_tree, GFP_KERNEL); 647 INIT_RADIX_TREE(&qinf->qi_gquota_tree, GFP_KERNEL); 648 INIT_RADIX_TREE(&qinf->qi_pquota_tree, GFP_KERNEL); 649 mutex_init(&qinf->qi_tree_lock); 650 651 /* mutex used to serialize quotaoffs */ 652 mutex_init(&qinf->qi_quotaofflock); 653 654 /* Precalc some constants */ 655 qinf->qi_dqchunklen = XFS_FSB_TO_BB(mp, XFS_DQUOT_CLUSTER_SIZE_FSB); 656 qinf->qi_dqperchunk = xfs_calc_dquots_per_chunk(qinf->qi_dqchunklen); 657 if (xfs_has_bigtime(mp)) { 658 qinf->qi_expiry_min = 659 xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MIN); 660 qinf->qi_expiry_max = 661 xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MAX); 662 } else { 663 qinf->qi_expiry_min = XFS_DQ_LEGACY_EXPIRY_MIN; 664 qinf->qi_expiry_max = XFS_DQ_LEGACY_EXPIRY_MAX; 665 } 666 trace_xfs_quota_expiry_range(mp, qinf->qi_expiry_min, 667 qinf->qi_expiry_max); 668 669 mp->m_qflags |= (mp->m_sb.sb_qflags & XFS_ALL_QUOTA_CHKD); 670 671 xfs_qm_init_timelimits(mp, XFS_DQTYPE_USER); 672 xfs_qm_init_timelimits(mp, XFS_DQTYPE_GROUP); 673 xfs_qm_init_timelimits(mp, XFS_DQTYPE_PROJ); 674 675 if (XFS_IS_UQUOTA_ON(mp)) 676 xfs_qm_set_defquota(mp, XFS_DQTYPE_USER, qinf); 677 if (XFS_IS_GQUOTA_ON(mp)) 678 xfs_qm_set_defquota(mp, XFS_DQTYPE_GROUP, qinf); 679 if (XFS_IS_PQUOTA_ON(mp)) 680 xfs_qm_set_defquota(mp, XFS_DQTYPE_PROJ, qinf); 681 682 qinf->qi_shrinker = shrinker_alloc(SHRINKER_NUMA_AWARE, "xfs-qm:%s", 683 mp->m_super->s_id); 684 if (!qinf->qi_shrinker) { 685 error = -ENOMEM; 686 goto out_free_inos; 687 } 688 689 qinf->qi_shrinker->count_objects = xfs_qm_shrink_count; 690 qinf->qi_shrinker->scan_objects = xfs_qm_shrink_scan; 691 qinf->qi_shrinker->private_data = qinf; 692 693 shrinker_register(qinf->qi_shrinker); 694 695 return 0; 696 697 out_free_inos: 698 mutex_destroy(&qinf->qi_quotaofflock); 699 mutex_destroy(&qinf->qi_tree_lock); 700 xfs_qm_destroy_quotainos(qinf); 701 out_free_lru: 702 list_lru_destroy(&qinf->qi_lru); 703 out_free_qinf: 704 kfree(qinf); 705 mp->m_quotainfo = NULL; 706 return error; 707 } 708 709 /* 710 * Gets called when unmounting a filesystem or when all quotas get 711 * turned off. 712 * This purges the quota inodes, destroys locks and frees itself. 713 */ 714 void 715 xfs_qm_destroy_quotainfo( 716 struct xfs_mount *mp) 717 { 718 struct xfs_quotainfo *qi; 719 720 qi = mp->m_quotainfo; 721 ASSERT(qi != NULL); 722 723 shrinker_free(qi->qi_shrinker); 724 list_lru_destroy(&qi->qi_lru); 725 xfs_qm_destroy_quotainos(qi); 726 mutex_destroy(&qi->qi_tree_lock); 727 mutex_destroy(&qi->qi_quotaofflock); 728 kfree(qi); 729 mp->m_quotainfo = NULL; 730 } 731 732 /* 733 * Create an inode and return with a reference already taken, but unlocked 734 * This is how we create quota inodes 735 */ 736 STATIC int 737 xfs_qm_qino_alloc( 738 struct xfs_mount *mp, 739 struct xfs_inode **ipp, 740 unsigned int flags) 741 { 742 struct xfs_trans *tp; 743 int error; 744 bool need_alloc = true; 745 746 *ipp = NULL; 747 /* 748 * With superblock that doesn't have separate pquotino, we 749 * share an inode between gquota and pquota. If the on-disk 750 * superblock has GQUOTA and the filesystem is now mounted 751 * with PQUOTA, just use sb_gquotino for sb_pquotino and 752 * vice-versa. 753 */ 754 if (!xfs_has_pquotino(mp) && 755 (flags & (XFS_QMOPT_PQUOTA|XFS_QMOPT_GQUOTA))) { 756 xfs_ino_t ino = NULLFSINO; 757 758 if ((flags & XFS_QMOPT_PQUOTA) && 759 (mp->m_sb.sb_gquotino != NULLFSINO)) { 760 ino = mp->m_sb.sb_gquotino; 761 if (XFS_IS_CORRUPT(mp, 762 mp->m_sb.sb_pquotino != NULLFSINO)) 763 return -EFSCORRUPTED; 764 } else if ((flags & XFS_QMOPT_GQUOTA) && 765 (mp->m_sb.sb_pquotino != NULLFSINO)) { 766 ino = mp->m_sb.sb_pquotino; 767 if (XFS_IS_CORRUPT(mp, 768 mp->m_sb.sb_gquotino != NULLFSINO)) 769 return -EFSCORRUPTED; 770 } 771 if (ino != NULLFSINO) { 772 error = xfs_iget(mp, NULL, ino, 0, 0, ipp); 773 if (error) 774 return error; 775 mp->m_sb.sb_gquotino = NULLFSINO; 776 mp->m_sb.sb_pquotino = NULLFSINO; 777 need_alloc = false; 778 } 779 } 780 781 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_create, 782 need_alloc ? XFS_QM_QINOCREATE_SPACE_RES(mp) : 0, 783 0, 0, &tp); 784 if (error) 785 return error; 786 787 if (need_alloc) { 788 xfs_ino_t ino; 789 790 error = xfs_dialloc(&tp, 0, S_IFREG, &ino); 791 if (!error) 792 error = xfs_init_new_inode(&nop_mnt_idmap, tp, NULL, ino, 793 S_IFREG, 1, 0, 0, false, ipp); 794 if (error) { 795 xfs_trans_cancel(tp); 796 return error; 797 } 798 } 799 800 /* 801 * Make the changes in the superblock, and log those too. 802 * sbfields arg may contain fields other than *QUOTINO; 803 * VERSIONNUM for example. 804 */ 805 spin_lock(&mp->m_sb_lock); 806 if (flags & XFS_QMOPT_SBVERSION) { 807 ASSERT(!xfs_has_quota(mp)); 808 809 xfs_add_quota(mp); 810 mp->m_sb.sb_uquotino = NULLFSINO; 811 mp->m_sb.sb_gquotino = NULLFSINO; 812 mp->m_sb.sb_pquotino = NULLFSINO; 813 814 /* qflags will get updated fully _after_ quotacheck */ 815 mp->m_sb.sb_qflags = mp->m_qflags & XFS_ALL_QUOTA_ACCT; 816 } 817 if (flags & XFS_QMOPT_UQUOTA) 818 mp->m_sb.sb_uquotino = (*ipp)->i_ino; 819 else if (flags & XFS_QMOPT_GQUOTA) 820 mp->m_sb.sb_gquotino = (*ipp)->i_ino; 821 else 822 mp->m_sb.sb_pquotino = (*ipp)->i_ino; 823 spin_unlock(&mp->m_sb_lock); 824 xfs_log_sb(tp); 825 826 error = xfs_trans_commit(tp); 827 if (error) { 828 ASSERT(xfs_is_shutdown(mp)); 829 xfs_alert(mp, "%s failed (error %d)!", __func__, error); 830 } 831 if (need_alloc) 832 xfs_finish_inode_setup(*ipp); 833 return error; 834 } 835 836 837 STATIC void 838 xfs_qm_reset_dqcounts( 839 struct xfs_mount *mp, 840 struct xfs_buf *bp, 841 xfs_dqid_t id, 842 xfs_dqtype_t type) 843 { 844 struct xfs_dqblk *dqb; 845 int j; 846 847 trace_xfs_reset_dqcounts(bp, _RET_IP_); 848 849 /* 850 * Reset all counters and timers. They'll be 851 * started afresh by xfs_qm_quotacheck. 852 */ 853 #ifdef DEBUG 854 j = (int)XFS_FSB_TO_B(mp, XFS_DQUOT_CLUSTER_SIZE_FSB) / 855 sizeof(struct xfs_dqblk); 856 ASSERT(mp->m_quotainfo->qi_dqperchunk == j); 857 #endif 858 dqb = bp->b_addr; 859 for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) { 860 struct xfs_disk_dquot *ddq; 861 862 ddq = (struct xfs_disk_dquot *)&dqb[j]; 863 864 /* 865 * Do a sanity check, and if needed, repair the dqblk. Don't 866 * output any warnings because it's perfectly possible to 867 * find uninitialised dquot blks. See comment in 868 * xfs_dquot_verify. 869 */ 870 if (xfs_dqblk_verify(mp, &dqb[j], id + j) || 871 (dqb[j].dd_diskdq.d_type & XFS_DQTYPE_REC_MASK) != type) 872 xfs_dqblk_repair(mp, &dqb[j], id + j, type); 873 874 /* 875 * Reset type in case we are reusing group quota file for 876 * project quotas or vice versa 877 */ 878 ddq->d_type = type; 879 ddq->d_bcount = 0; 880 ddq->d_icount = 0; 881 ddq->d_rtbcount = 0; 882 883 /* 884 * dquot id 0 stores the default grace period and the maximum 885 * warning limit that were set by the administrator, so we 886 * should not reset them. 887 */ 888 if (ddq->d_id != 0) { 889 ddq->d_btimer = 0; 890 ddq->d_itimer = 0; 891 ddq->d_rtbtimer = 0; 892 ddq->d_bwarns = 0; 893 ddq->d_iwarns = 0; 894 ddq->d_rtbwarns = 0; 895 if (xfs_has_bigtime(mp)) 896 ddq->d_type |= XFS_DQTYPE_BIGTIME; 897 } 898 899 if (xfs_has_crc(mp)) { 900 xfs_update_cksum((char *)&dqb[j], 901 sizeof(struct xfs_dqblk), 902 XFS_DQUOT_CRC_OFF); 903 } 904 } 905 } 906 907 STATIC int 908 xfs_qm_reset_dqcounts_all( 909 struct xfs_mount *mp, 910 xfs_dqid_t firstid, 911 xfs_fsblock_t bno, 912 xfs_filblks_t blkcnt, 913 xfs_dqtype_t type, 914 struct list_head *buffer_list) 915 { 916 struct xfs_buf *bp; 917 int error = 0; 918 919 ASSERT(blkcnt > 0); 920 921 /* 922 * Blkcnt arg can be a very big number, and might even be 923 * larger than the log itself. So, we have to break it up into 924 * manageable-sized transactions. 925 * Note that we don't start a permanent transaction here; we might 926 * not be able to get a log reservation for the whole thing up front, 927 * and we don't really care to either, because we just discard 928 * everything if we were to crash in the middle of this loop. 929 */ 930 while (blkcnt--) { 931 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, 932 XFS_FSB_TO_DADDR(mp, bno), 933 mp->m_quotainfo->qi_dqchunklen, 0, &bp, 934 &xfs_dquot_buf_ops); 935 936 /* 937 * CRC and validation errors will return a EFSCORRUPTED here. If 938 * this occurs, re-read without CRC validation so that we can 939 * repair the damage via xfs_qm_reset_dqcounts(). This process 940 * will leave a trace in the log indicating corruption has 941 * been detected. 942 */ 943 if (error == -EFSCORRUPTED) { 944 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, 945 XFS_FSB_TO_DADDR(mp, bno), 946 mp->m_quotainfo->qi_dqchunklen, 0, &bp, 947 NULL); 948 } 949 950 if (error) 951 break; 952 953 /* 954 * A corrupt buffer might not have a verifier attached, so 955 * make sure we have the correct one attached before writeback 956 * occurs. 957 */ 958 bp->b_ops = &xfs_dquot_buf_ops; 959 xfs_qm_reset_dqcounts(mp, bp, firstid, type); 960 xfs_buf_delwri_queue(bp, buffer_list); 961 xfs_buf_relse(bp); 962 963 /* goto the next block. */ 964 bno++; 965 firstid += mp->m_quotainfo->qi_dqperchunk; 966 } 967 968 return error; 969 } 970 971 /* 972 * Iterate over all allocated dquot blocks in this quota inode, zeroing all 973 * counters for every chunk of dquots that we find. 974 */ 975 STATIC int 976 xfs_qm_reset_dqcounts_buf( 977 struct xfs_mount *mp, 978 struct xfs_inode *qip, 979 xfs_dqtype_t type, 980 struct list_head *buffer_list) 981 { 982 struct xfs_bmbt_irec *map; 983 int i, nmaps; /* number of map entries */ 984 int error; /* return value */ 985 xfs_fileoff_t lblkno; 986 xfs_filblks_t maxlblkcnt; 987 xfs_dqid_t firstid; 988 xfs_fsblock_t rablkno; 989 xfs_filblks_t rablkcnt; 990 991 error = 0; 992 /* 993 * This looks racy, but we can't keep an inode lock across a 994 * trans_reserve. But, this gets called during quotacheck, and that 995 * happens only at mount time which is single threaded. 996 */ 997 if (qip->i_nblocks == 0) 998 return 0; 999 1000 map = kmalloc(XFS_DQITER_MAP_SIZE * sizeof(*map), 1001 GFP_KERNEL | __GFP_NOFAIL); 1002 1003 lblkno = 0; 1004 maxlblkcnt = XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes); 1005 do { 1006 uint lock_mode; 1007 1008 nmaps = XFS_DQITER_MAP_SIZE; 1009 /* 1010 * We aren't changing the inode itself. Just changing 1011 * some of its data. No new blocks are added here, and 1012 * the inode is never added to the transaction. 1013 */ 1014 lock_mode = xfs_ilock_data_map_shared(qip); 1015 error = xfs_bmapi_read(qip, lblkno, maxlblkcnt - lblkno, 1016 map, &nmaps, 0); 1017 xfs_iunlock(qip, lock_mode); 1018 if (error) 1019 break; 1020 1021 ASSERT(nmaps <= XFS_DQITER_MAP_SIZE); 1022 for (i = 0; i < nmaps; i++) { 1023 ASSERT(map[i].br_startblock != DELAYSTARTBLOCK); 1024 ASSERT(map[i].br_blockcount); 1025 1026 1027 lblkno += map[i].br_blockcount; 1028 1029 if (map[i].br_startblock == HOLESTARTBLOCK) 1030 continue; 1031 1032 firstid = (xfs_dqid_t) map[i].br_startoff * 1033 mp->m_quotainfo->qi_dqperchunk; 1034 /* 1035 * Do a read-ahead on the next extent. 1036 */ 1037 if ((i+1 < nmaps) && 1038 (map[i+1].br_startblock != HOLESTARTBLOCK)) { 1039 rablkcnt = map[i+1].br_blockcount; 1040 rablkno = map[i+1].br_startblock; 1041 while (rablkcnt--) { 1042 xfs_buf_readahead(mp->m_ddev_targp, 1043 XFS_FSB_TO_DADDR(mp, rablkno), 1044 mp->m_quotainfo->qi_dqchunklen, 1045 &xfs_dquot_buf_ops); 1046 rablkno++; 1047 } 1048 } 1049 /* 1050 * Iterate thru all the blks in the extent and 1051 * reset the counters of all the dquots inside them. 1052 */ 1053 error = xfs_qm_reset_dqcounts_all(mp, firstid, 1054 map[i].br_startblock, 1055 map[i].br_blockcount, 1056 type, buffer_list); 1057 if (error) 1058 goto out; 1059 } 1060 } while (nmaps > 0); 1061 1062 out: 1063 kfree(map); 1064 return error; 1065 } 1066 1067 /* 1068 * Called by dqusage_adjust in doing a quotacheck. 1069 * 1070 * Given the inode, and a dquot id this updates both the incore dqout as well 1071 * as the buffer copy. This is so that once the quotacheck is done, we can 1072 * just log all the buffers, as opposed to logging numerous updates to 1073 * individual dquots. 1074 */ 1075 STATIC int 1076 xfs_qm_quotacheck_dqadjust( 1077 struct xfs_inode *ip, 1078 xfs_dqtype_t type, 1079 xfs_qcnt_t nblks, 1080 xfs_qcnt_t rtblks) 1081 { 1082 struct xfs_mount *mp = ip->i_mount; 1083 struct xfs_dquot *dqp; 1084 xfs_dqid_t id; 1085 int error; 1086 1087 id = xfs_qm_id_for_quotatype(ip, type); 1088 error = xfs_qm_dqget(mp, id, type, true, &dqp); 1089 if (error) { 1090 /* 1091 * Shouldn't be able to turn off quotas here. 1092 */ 1093 ASSERT(error != -ESRCH); 1094 ASSERT(error != -ENOENT); 1095 return error; 1096 } 1097 1098 trace_xfs_dqadjust(dqp); 1099 1100 /* 1101 * Adjust the inode count and the block count to reflect this inode's 1102 * resource usage. 1103 */ 1104 dqp->q_ino.count++; 1105 dqp->q_ino.reserved++; 1106 if (nblks) { 1107 dqp->q_blk.count += nblks; 1108 dqp->q_blk.reserved += nblks; 1109 } 1110 if (rtblks) { 1111 dqp->q_rtb.count += rtblks; 1112 dqp->q_rtb.reserved += rtblks; 1113 } 1114 1115 /* 1116 * Set default limits, adjust timers (since we changed usages) 1117 * 1118 * There are no timers for the default values set in the root dquot. 1119 */ 1120 if (dqp->q_id) { 1121 xfs_qm_adjust_dqlimits(dqp); 1122 xfs_qm_adjust_dqtimers(dqp); 1123 } 1124 1125 dqp->q_flags |= XFS_DQFLAG_DIRTY; 1126 xfs_qm_dqput(dqp); 1127 return 0; 1128 } 1129 1130 /* 1131 * callback routine supplied to bulkstat(). Given an inumber, find its 1132 * dquots and update them to account for resources taken by that inode. 1133 */ 1134 /* ARGSUSED */ 1135 STATIC int 1136 xfs_qm_dqusage_adjust( 1137 struct xfs_mount *mp, 1138 struct xfs_trans *tp, 1139 xfs_ino_t ino, 1140 void *data) 1141 { 1142 struct xfs_inode *ip; 1143 xfs_qcnt_t nblks; 1144 xfs_filblks_t rtblks = 0; /* total rt blks */ 1145 int error; 1146 1147 ASSERT(XFS_IS_QUOTA_ON(mp)); 1148 1149 /* 1150 * rootino must have its resources accounted for, not so with the quota 1151 * inodes. 1152 */ 1153 if (xfs_is_quota_inode(&mp->m_sb, ino)) 1154 return 0; 1155 1156 /* 1157 * We don't _need_ to take the ilock EXCL here because quotacheck runs 1158 * at mount time and therefore nobody will be racing chown/chproj. 1159 */ 1160 error = xfs_iget(mp, tp, ino, XFS_IGET_DONTCACHE, 0, &ip); 1161 if (error == -EINVAL || error == -ENOENT) 1162 return 0; 1163 if (error) 1164 return error; 1165 1166 /* 1167 * Reload the incore unlinked list to avoid failure in inodegc. 1168 * Use an unlocked check here because unrecovered unlinked inodes 1169 * should be somewhat rare. 1170 */ 1171 if (xfs_inode_unlinked_incomplete(ip)) { 1172 error = xfs_inode_reload_unlinked(ip); 1173 if (error) { 1174 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE); 1175 goto error0; 1176 } 1177 } 1178 1179 ASSERT(ip->i_delayed_blks == 0); 1180 1181 if (XFS_IS_REALTIME_INODE(ip)) { 1182 struct xfs_ifork *ifp = xfs_ifork_ptr(ip, XFS_DATA_FORK); 1183 1184 error = xfs_iread_extents(tp, ip, XFS_DATA_FORK); 1185 if (error) 1186 goto error0; 1187 1188 xfs_bmap_count_leaves(ifp, &rtblks); 1189 } 1190 1191 nblks = (xfs_qcnt_t)ip->i_nblocks - rtblks; 1192 xfs_iflags_clear(ip, XFS_IQUOTAUNCHECKED); 1193 1194 /* 1195 * Add the (disk blocks and inode) resources occupied by this 1196 * inode to its dquots. We do this adjustment in the incore dquot, 1197 * and also copy the changes to its buffer. 1198 * We don't care about putting these changes in a transaction 1199 * envelope because if we crash in the middle of a 'quotacheck' 1200 * we have to start from the beginning anyway. 1201 * Once we're done, we'll log all the dquot bufs. 1202 * 1203 * The *QUOTA_ON checks below may look pretty racy, but quotachecks 1204 * and quotaoffs don't race. (Quotachecks happen at mount time only). 1205 */ 1206 if (XFS_IS_UQUOTA_ON(mp)) { 1207 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_USER, nblks, 1208 rtblks); 1209 if (error) 1210 goto error0; 1211 } 1212 1213 if (XFS_IS_GQUOTA_ON(mp)) { 1214 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_GROUP, nblks, 1215 rtblks); 1216 if (error) 1217 goto error0; 1218 } 1219 1220 if (XFS_IS_PQUOTA_ON(mp)) { 1221 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_PROJ, nblks, 1222 rtblks); 1223 if (error) 1224 goto error0; 1225 } 1226 1227 error0: 1228 xfs_irele(ip); 1229 return error; 1230 } 1231 1232 STATIC int 1233 xfs_qm_flush_one( 1234 struct xfs_dquot *dqp, 1235 void *data) 1236 { 1237 struct xfs_mount *mp = dqp->q_mount; 1238 struct list_head *buffer_list = data; 1239 struct xfs_buf *bp = NULL; 1240 int error = 0; 1241 1242 xfs_dqlock(dqp); 1243 if (dqp->q_flags & XFS_DQFLAG_FREEING) 1244 goto out_unlock; 1245 if (!XFS_DQ_IS_DIRTY(dqp)) 1246 goto out_unlock; 1247 1248 /* 1249 * The only way the dquot is already flush locked by the time quotacheck 1250 * gets here is if reclaim flushed it before the dqadjust walk dirtied 1251 * it for the final time. Quotacheck collects all dquot bufs in the 1252 * local delwri queue before dquots are dirtied, so reclaim can't have 1253 * possibly queued it for I/O. The only way out is to push the buffer to 1254 * cycle the flush lock. 1255 */ 1256 if (!xfs_dqflock_nowait(dqp)) { 1257 /* buf is pinned in-core by delwri list */ 1258 error = xfs_buf_incore(mp->m_ddev_targp, dqp->q_blkno, 1259 mp->m_quotainfo->qi_dqchunklen, 0, &bp); 1260 if (error) 1261 goto out_unlock; 1262 1263 if (!(bp->b_flags & _XBF_DELWRI_Q)) { 1264 error = -EAGAIN; 1265 xfs_buf_relse(bp); 1266 goto out_unlock; 1267 } 1268 xfs_buf_unlock(bp); 1269 1270 xfs_buf_delwri_pushbuf(bp, buffer_list); 1271 xfs_buf_rele(bp); 1272 1273 error = -EAGAIN; 1274 goto out_unlock; 1275 } 1276 1277 error = xfs_qm_dqflush(dqp, &bp); 1278 if (error) 1279 goto out_unlock; 1280 1281 xfs_buf_delwri_queue(bp, buffer_list); 1282 xfs_buf_relse(bp); 1283 out_unlock: 1284 xfs_dqunlock(dqp); 1285 return error; 1286 } 1287 1288 /* 1289 * Walk thru all the filesystem inodes and construct a consistent view 1290 * of the disk quota world. If the quotacheck fails, disable quotas. 1291 */ 1292 STATIC int 1293 xfs_qm_quotacheck( 1294 xfs_mount_t *mp) 1295 { 1296 int error, error2; 1297 uint flags; 1298 LIST_HEAD (buffer_list); 1299 struct xfs_inode *uip = mp->m_quotainfo->qi_uquotaip; 1300 struct xfs_inode *gip = mp->m_quotainfo->qi_gquotaip; 1301 struct xfs_inode *pip = mp->m_quotainfo->qi_pquotaip; 1302 1303 flags = 0; 1304 1305 ASSERT(uip || gip || pip); 1306 ASSERT(XFS_IS_QUOTA_ON(mp)); 1307 1308 xfs_notice(mp, "Quotacheck needed: Please wait."); 1309 1310 /* 1311 * First we go thru all the dquots on disk, USR and GRP/PRJ, and reset 1312 * their counters to zero. We need a clean slate. 1313 * We don't log our changes till later. 1314 */ 1315 if (uip) { 1316 error = xfs_qm_reset_dqcounts_buf(mp, uip, XFS_DQTYPE_USER, 1317 &buffer_list); 1318 if (error) 1319 goto error_return; 1320 flags |= XFS_UQUOTA_CHKD; 1321 } 1322 1323 if (gip) { 1324 error = xfs_qm_reset_dqcounts_buf(mp, gip, XFS_DQTYPE_GROUP, 1325 &buffer_list); 1326 if (error) 1327 goto error_return; 1328 flags |= XFS_GQUOTA_CHKD; 1329 } 1330 1331 if (pip) { 1332 error = xfs_qm_reset_dqcounts_buf(mp, pip, XFS_DQTYPE_PROJ, 1333 &buffer_list); 1334 if (error) 1335 goto error_return; 1336 flags |= XFS_PQUOTA_CHKD; 1337 } 1338 1339 xfs_set_quotacheck_running(mp); 1340 error = xfs_iwalk_threaded(mp, 0, 0, xfs_qm_dqusage_adjust, 0, true, 1341 NULL); 1342 xfs_clear_quotacheck_running(mp); 1343 1344 /* 1345 * On error, the inode walk may have partially populated the dquot 1346 * caches. We must purge them before disabling quota and tearing down 1347 * the quotainfo, or else the dquots will leak. 1348 */ 1349 if (error) 1350 goto error_purge; 1351 1352 /* 1353 * We've made all the changes that we need to make incore. Flush them 1354 * down to disk buffers if everything was updated successfully. 1355 */ 1356 if (XFS_IS_UQUOTA_ON(mp)) { 1357 error = xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_flush_one, 1358 &buffer_list); 1359 } 1360 if (XFS_IS_GQUOTA_ON(mp)) { 1361 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_flush_one, 1362 &buffer_list); 1363 if (!error) 1364 error = error2; 1365 } 1366 if (XFS_IS_PQUOTA_ON(mp)) { 1367 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_flush_one, 1368 &buffer_list); 1369 if (!error) 1370 error = error2; 1371 } 1372 1373 error2 = xfs_buf_delwri_submit(&buffer_list); 1374 if (!error) 1375 error = error2; 1376 1377 /* 1378 * We can get this error if we couldn't do a dquot allocation inside 1379 * xfs_qm_dqusage_adjust (via bulkstat). We don't care about the 1380 * dirty dquots that might be cached, we just want to get rid of them 1381 * and turn quotaoff. The dquots won't be attached to any of the inodes 1382 * at this point (because we intentionally didn't in dqget_noattach). 1383 */ 1384 if (error) 1385 goto error_purge; 1386 1387 /* 1388 * If one type of quotas is off, then it will lose its 1389 * quotachecked status, since we won't be doing accounting for 1390 * that type anymore. 1391 */ 1392 mp->m_qflags &= ~XFS_ALL_QUOTA_CHKD; 1393 mp->m_qflags |= flags; 1394 1395 error_return: 1396 xfs_buf_delwri_cancel(&buffer_list); 1397 1398 if (error) { 1399 xfs_warn(mp, 1400 "Quotacheck: Unsuccessful (Error %d): Disabling quotas.", 1401 error); 1402 /* 1403 * We must turn off quotas. 1404 */ 1405 ASSERT(mp->m_quotainfo != NULL); 1406 xfs_qm_destroy_quotainfo(mp); 1407 if (xfs_mount_reset_sbqflags(mp)) { 1408 xfs_warn(mp, 1409 "Quotacheck: Failed to reset quota flags."); 1410 } 1411 } else 1412 xfs_notice(mp, "Quotacheck: Done."); 1413 return error; 1414 1415 error_purge: 1416 /* 1417 * On error, we may have inodes queued for inactivation. This may try 1418 * to attach dquots to the inode before running cleanup operations on 1419 * the inode and this can race with the xfs_qm_destroy_quotainfo() call 1420 * below that frees mp->m_quotainfo. To avoid this race, flush all the 1421 * pending inodegc operations before we purge the dquots from memory, 1422 * ensuring that background inactivation is idle whilst we turn off 1423 * quotas. 1424 */ 1425 xfs_inodegc_flush(mp); 1426 xfs_qm_dqpurge_all(mp); 1427 goto error_return; 1428 1429 } 1430 1431 /* 1432 * This is called from xfs_mountfs to start quotas and initialize all 1433 * necessary data structures like quotainfo. This is also responsible for 1434 * running a quotacheck as necessary. We are guaranteed that the superblock 1435 * is consistently read in at this point. 1436 * 1437 * If we fail here, the mount will continue with quota turned off. We don't 1438 * need to inidicate success or failure at all. 1439 */ 1440 void 1441 xfs_qm_mount_quotas( 1442 struct xfs_mount *mp) 1443 { 1444 int error = 0; 1445 uint sbf; 1446 1447 /* 1448 * If quotas on realtime volumes is not supported, we disable 1449 * quotas immediately. 1450 */ 1451 if (mp->m_sb.sb_rextents) { 1452 xfs_notice(mp, "Cannot turn on quotas for realtime filesystem"); 1453 mp->m_qflags = 0; 1454 goto write_changes; 1455 } 1456 1457 ASSERT(XFS_IS_QUOTA_ON(mp)); 1458 1459 /* 1460 * Allocate the quotainfo structure inside the mount struct, and 1461 * create quotainode(s), and change/rev superblock if necessary. 1462 */ 1463 error = xfs_qm_init_quotainfo(mp); 1464 if (error) { 1465 /* 1466 * We must turn off quotas. 1467 */ 1468 ASSERT(mp->m_quotainfo == NULL); 1469 mp->m_qflags = 0; 1470 goto write_changes; 1471 } 1472 /* 1473 * If any of the quotas are not consistent, do a quotacheck. 1474 */ 1475 if (XFS_QM_NEED_QUOTACHECK(mp)) { 1476 error = xfs_qm_quotacheck(mp); 1477 if (error) { 1478 /* Quotacheck failed and disabled quotas. */ 1479 return; 1480 } 1481 } 1482 /* 1483 * If one type of quotas is off, then it will lose its 1484 * quotachecked status, since we won't be doing accounting for 1485 * that type anymore. 1486 */ 1487 if (!XFS_IS_UQUOTA_ON(mp)) 1488 mp->m_qflags &= ~XFS_UQUOTA_CHKD; 1489 if (!XFS_IS_GQUOTA_ON(mp)) 1490 mp->m_qflags &= ~XFS_GQUOTA_CHKD; 1491 if (!XFS_IS_PQUOTA_ON(mp)) 1492 mp->m_qflags &= ~XFS_PQUOTA_CHKD; 1493 1494 write_changes: 1495 /* 1496 * We actually don't have to acquire the m_sb_lock at all. 1497 * This can only be called from mount, and that's single threaded. XXX 1498 */ 1499 spin_lock(&mp->m_sb_lock); 1500 sbf = mp->m_sb.sb_qflags; 1501 mp->m_sb.sb_qflags = mp->m_qflags & XFS_MOUNT_QUOTA_ALL; 1502 spin_unlock(&mp->m_sb_lock); 1503 1504 if (sbf != (mp->m_qflags & XFS_MOUNT_QUOTA_ALL)) { 1505 if (xfs_sync_sb(mp, false)) { 1506 /* 1507 * We could only have been turning quotas off. 1508 * We aren't in very good shape actually because 1509 * the incore structures are convinced that quotas are 1510 * off, but the on disk superblock doesn't know that ! 1511 */ 1512 ASSERT(!(XFS_IS_QUOTA_ON(mp))); 1513 xfs_alert(mp, "%s: Superblock update failed!", 1514 __func__); 1515 } 1516 } 1517 1518 if (error) { 1519 xfs_warn(mp, "Failed to initialize disk quotas."); 1520 return; 1521 } 1522 } 1523 1524 /* 1525 * This is called after the superblock has been read in and we're ready to 1526 * iget the quota inodes. 1527 */ 1528 STATIC int 1529 xfs_qm_init_quotainos( 1530 xfs_mount_t *mp) 1531 { 1532 struct xfs_inode *uip = NULL; 1533 struct xfs_inode *gip = NULL; 1534 struct xfs_inode *pip = NULL; 1535 int error; 1536 uint flags = 0; 1537 1538 ASSERT(mp->m_quotainfo); 1539 1540 /* 1541 * Get the uquota and gquota inodes 1542 */ 1543 if (xfs_has_quota(mp)) { 1544 if (XFS_IS_UQUOTA_ON(mp) && 1545 mp->m_sb.sb_uquotino != NULLFSINO) { 1546 ASSERT(mp->m_sb.sb_uquotino > 0); 1547 error = xfs_iget(mp, NULL, mp->m_sb.sb_uquotino, 1548 0, 0, &uip); 1549 if (error) 1550 return error; 1551 } 1552 if (XFS_IS_GQUOTA_ON(mp) && 1553 mp->m_sb.sb_gquotino != NULLFSINO) { 1554 ASSERT(mp->m_sb.sb_gquotino > 0); 1555 error = xfs_iget(mp, NULL, mp->m_sb.sb_gquotino, 1556 0, 0, &gip); 1557 if (error) 1558 goto error_rele; 1559 } 1560 if (XFS_IS_PQUOTA_ON(mp) && 1561 mp->m_sb.sb_pquotino != NULLFSINO) { 1562 ASSERT(mp->m_sb.sb_pquotino > 0); 1563 error = xfs_iget(mp, NULL, mp->m_sb.sb_pquotino, 1564 0, 0, &pip); 1565 if (error) 1566 goto error_rele; 1567 } 1568 } else { 1569 flags |= XFS_QMOPT_SBVERSION; 1570 } 1571 1572 /* 1573 * Create the three inodes, if they don't exist already. The changes 1574 * made above will get added to a transaction and logged in one of 1575 * the qino_alloc calls below. If the device is readonly, 1576 * temporarily switch to read-write to do this. 1577 */ 1578 if (XFS_IS_UQUOTA_ON(mp) && uip == NULL) { 1579 error = xfs_qm_qino_alloc(mp, &uip, 1580 flags | XFS_QMOPT_UQUOTA); 1581 if (error) 1582 goto error_rele; 1583 1584 flags &= ~XFS_QMOPT_SBVERSION; 1585 } 1586 if (XFS_IS_GQUOTA_ON(mp) && gip == NULL) { 1587 error = xfs_qm_qino_alloc(mp, &gip, 1588 flags | XFS_QMOPT_GQUOTA); 1589 if (error) 1590 goto error_rele; 1591 1592 flags &= ~XFS_QMOPT_SBVERSION; 1593 } 1594 if (XFS_IS_PQUOTA_ON(mp) && pip == NULL) { 1595 error = xfs_qm_qino_alloc(mp, &pip, 1596 flags | XFS_QMOPT_PQUOTA); 1597 if (error) 1598 goto error_rele; 1599 } 1600 1601 mp->m_quotainfo->qi_uquotaip = uip; 1602 mp->m_quotainfo->qi_gquotaip = gip; 1603 mp->m_quotainfo->qi_pquotaip = pip; 1604 1605 return 0; 1606 1607 error_rele: 1608 if (uip) 1609 xfs_irele(uip); 1610 if (gip) 1611 xfs_irele(gip); 1612 if (pip) 1613 xfs_irele(pip); 1614 return error; 1615 } 1616 1617 STATIC void 1618 xfs_qm_destroy_quotainos( 1619 struct xfs_quotainfo *qi) 1620 { 1621 if (qi->qi_uquotaip) { 1622 xfs_irele(qi->qi_uquotaip); 1623 qi->qi_uquotaip = NULL; /* paranoia */ 1624 } 1625 if (qi->qi_gquotaip) { 1626 xfs_irele(qi->qi_gquotaip); 1627 qi->qi_gquotaip = NULL; 1628 } 1629 if (qi->qi_pquotaip) { 1630 xfs_irele(qi->qi_pquotaip); 1631 qi->qi_pquotaip = NULL; 1632 } 1633 } 1634 1635 STATIC void 1636 xfs_qm_dqfree_one( 1637 struct xfs_dquot *dqp) 1638 { 1639 struct xfs_mount *mp = dqp->q_mount; 1640 struct xfs_quotainfo *qi = mp->m_quotainfo; 1641 1642 mutex_lock(&qi->qi_tree_lock); 1643 radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id); 1644 1645 qi->qi_dquots--; 1646 mutex_unlock(&qi->qi_tree_lock); 1647 1648 xfs_qm_dqdestroy(dqp); 1649 } 1650 1651 /* --------------- utility functions for vnodeops ---------------- */ 1652 1653 1654 /* 1655 * Given an inode, a uid, gid and prid make sure that we have 1656 * allocated relevant dquot(s) on disk, and that we won't exceed inode 1657 * quotas by creating this file. 1658 * This also attaches dquot(s) to the given inode after locking it, 1659 * and returns the dquots corresponding to the uid and/or gid. 1660 * 1661 * in : inode (unlocked) 1662 * out : udquot, gdquot with references taken and unlocked 1663 */ 1664 int 1665 xfs_qm_vop_dqalloc( 1666 struct xfs_inode *ip, 1667 kuid_t uid, 1668 kgid_t gid, 1669 prid_t prid, 1670 uint flags, 1671 struct xfs_dquot **O_udqpp, 1672 struct xfs_dquot **O_gdqpp, 1673 struct xfs_dquot **O_pdqpp) 1674 { 1675 struct xfs_mount *mp = ip->i_mount; 1676 struct inode *inode = VFS_I(ip); 1677 struct user_namespace *user_ns = inode->i_sb->s_user_ns; 1678 struct xfs_dquot *uq = NULL; 1679 struct xfs_dquot *gq = NULL; 1680 struct xfs_dquot *pq = NULL; 1681 int error; 1682 uint lockflags; 1683 1684 if (!XFS_IS_QUOTA_ON(mp)) 1685 return 0; 1686 1687 lockflags = XFS_ILOCK_EXCL; 1688 xfs_ilock(ip, lockflags); 1689 1690 if ((flags & XFS_QMOPT_INHERIT) && XFS_INHERIT_GID(ip)) 1691 gid = inode->i_gid; 1692 1693 /* 1694 * Attach the dquot(s) to this inode, doing a dquot allocation 1695 * if necessary. The dquot(s) will not be locked. 1696 */ 1697 if (XFS_NOT_DQATTACHED(mp, ip)) { 1698 error = xfs_qm_dqattach_locked(ip, true); 1699 if (error) { 1700 xfs_iunlock(ip, lockflags); 1701 return error; 1702 } 1703 } 1704 1705 if ((flags & XFS_QMOPT_UQUOTA) && XFS_IS_UQUOTA_ON(mp)) { 1706 ASSERT(O_udqpp); 1707 if (!uid_eq(inode->i_uid, uid)) { 1708 /* 1709 * What we need is the dquot that has this uid, and 1710 * if we send the inode to dqget, the uid of the inode 1711 * takes priority over what's sent in the uid argument. 1712 * We must unlock inode here before calling dqget if 1713 * we're not sending the inode, because otherwise 1714 * we'll deadlock by doing trans_reserve while 1715 * holding ilock. 1716 */ 1717 xfs_iunlock(ip, lockflags); 1718 error = xfs_qm_dqget(mp, from_kuid(user_ns, uid), 1719 XFS_DQTYPE_USER, true, &uq); 1720 if (error) { 1721 ASSERT(error != -ENOENT); 1722 return error; 1723 } 1724 /* 1725 * Get the ilock in the right order. 1726 */ 1727 xfs_dqunlock(uq); 1728 lockflags = XFS_ILOCK_SHARED; 1729 xfs_ilock(ip, lockflags); 1730 } else { 1731 /* 1732 * Take an extra reference, because we'll return 1733 * this to caller 1734 */ 1735 ASSERT(ip->i_udquot); 1736 uq = xfs_qm_dqhold(ip->i_udquot); 1737 } 1738 } 1739 if ((flags & XFS_QMOPT_GQUOTA) && XFS_IS_GQUOTA_ON(mp)) { 1740 ASSERT(O_gdqpp); 1741 if (!gid_eq(inode->i_gid, gid)) { 1742 xfs_iunlock(ip, lockflags); 1743 error = xfs_qm_dqget(mp, from_kgid(user_ns, gid), 1744 XFS_DQTYPE_GROUP, true, &gq); 1745 if (error) { 1746 ASSERT(error != -ENOENT); 1747 goto error_rele; 1748 } 1749 xfs_dqunlock(gq); 1750 lockflags = XFS_ILOCK_SHARED; 1751 xfs_ilock(ip, lockflags); 1752 } else { 1753 ASSERT(ip->i_gdquot); 1754 gq = xfs_qm_dqhold(ip->i_gdquot); 1755 } 1756 } 1757 if ((flags & XFS_QMOPT_PQUOTA) && XFS_IS_PQUOTA_ON(mp)) { 1758 ASSERT(O_pdqpp); 1759 if (ip->i_projid != prid) { 1760 xfs_iunlock(ip, lockflags); 1761 error = xfs_qm_dqget(mp, prid, 1762 XFS_DQTYPE_PROJ, true, &pq); 1763 if (error) { 1764 ASSERT(error != -ENOENT); 1765 goto error_rele; 1766 } 1767 xfs_dqunlock(pq); 1768 lockflags = XFS_ILOCK_SHARED; 1769 xfs_ilock(ip, lockflags); 1770 } else { 1771 ASSERT(ip->i_pdquot); 1772 pq = xfs_qm_dqhold(ip->i_pdquot); 1773 } 1774 } 1775 trace_xfs_dquot_dqalloc(ip); 1776 1777 xfs_iunlock(ip, lockflags); 1778 if (O_udqpp) 1779 *O_udqpp = uq; 1780 else 1781 xfs_qm_dqrele(uq); 1782 if (O_gdqpp) 1783 *O_gdqpp = gq; 1784 else 1785 xfs_qm_dqrele(gq); 1786 if (O_pdqpp) 1787 *O_pdqpp = pq; 1788 else 1789 xfs_qm_dqrele(pq); 1790 return 0; 1791 1792 error_rele: 1793 xfs_qm_dqrele(gq); 1794 xfs_qm_dqrele(uq); 1795 return error; 1796 } 1797 1798 /* 1799 * Actually transfer ownership, and do dquot modifications. 1800 * These were already reserved. 1801 */ 1802 struct xfs_dquot * 1803 xfs_qm_vop_chown( 1804 struct xfs_trans *tp, 1805 struct xfs_inode *ip, 1806 struct xfs_dquot **IO_olddq, 1807 struct xfs_dquot *newdq) 1808 { 1809 struct xfs_dquot *prevdq; 1810 uint bfield = XFS_IS_REALTIME_INODE(ip) ? 1811 XFS_TRANS_DQ_RTBCOUNT : XFS_TRANS_DQ_BCOUNT; 1812 1813 1814 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); 1815 ASSERT(XFS_IS_QUOTA_ON(ip->i_mount)); 1816 1817 /* old dquot */ 1818 prevdq = *IO_olddq; 1819 ASSERT(prevdq); 1820 ASSERT(prevdq != newdq); 1821 1822 xfs_trans_mod_dquot(tp, prevdq, bfield, -(ip->i_nblocks)); 1823 xfs_trans_mod_dquot(tp, prevdq, XFS_TRANS_DQ_ICOUNT, -1); 1824 1825 /* the sparkling new dquot */ 1826 xfs_trans_mod_dquot(tp, newdq, bfield, ip->i_nblocks); 1827 xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_ICOUNT, 1); 1828 1829 /* 1830 * Back when we made quota reservations for the chown, we reserved the 1831 * ondisk blocks + delalloc blocks with the new dquot. Now that we've 1832 * switched the dquots, decrease the new dquot's block reservation 1833 * (having already bumped up the real counter) so that we don't have 1834 * any reservation to give back when we commit. 1835 */ 1836 xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_RES_BLKS, 1837 -ip->i_delayed_blks); 1838 1839 /* 1840 * Give the incore reservation for delalloc blocks back to the old 1841 * dquot. We don't normally handle delalloc quota reservations 1842 * transactionally, so just lock the dquot and subtract from the 1843 * reservation. Dirty the transaction because it's too late to turn 1844 * back now. 1845 */ 1846 tp->t_flags |= XFS_TRANS_DIRTY; 1847 xfs_dqlock(prevdq); 1848 ASSERT(prevdq->q_blk.reserved >= ip->i_delayed_blks); 1849 prevdq->q_blk.reserved -= ip->i_delayed_blks; 1850 xfs_dqunlock(prevdq); 1851 1852 /* 1853 * Take an extra reference, because the inode is going to keep 1854 * this dquot pointer even after the trans_commit. 1855 */ 1856 *IO_olddq = xfs_qm_dqhold(newdq); 1857 1858 return prevdq; 1859 } 1860 1861 int 1862 xfs_qm_vop_rename_dqattach( 1863 struct xfs_inode **i_tab) 1864 { 1865 struct xfs_mount *mp = i_tab[0]->i_mount; 1866 int i; 1867 1868 if (!XFS_IS_QUOTA_ON(mp)) 1869 return 0; 1870 1871 for (i = 0; (i < 4 && i_tab[i]); i++) { 1872 struct xfs_inode *ip = i_tab[i]; 1873 int error; 1874 1875 /* 1876 * Watch out for duplicate entries in the table. 1877 */ 1878 if (i == 0 || ip != i_tab[i-1]) { 1879 if (XFS_NOT_DQATTACHED(mp, ip)) { 1880 error = xfs_qm_dqattach(ip); 1881 if (error) 1882 return error; 1883 } 1884 } 1885 } 1886 return 0; 1887 } 1888 1889 void 1890 xfs_qm_vop_create_dqattach( 1891 struct xfs_trans *tp, 1892 struct xfs_inode *ip, 1893 struct xfs_dquot *udqp, 1894 struct xfs_dquot *gdqp, 1895 struct xfs_dquot *pdqp) 1896 { 1897 struct xfs_mount *mp = tp->t_mountp; 1898 1899 if (!XFS_IS_QUOTA_ON(mp)) 1900 return; 1901 1902 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); 1903 1904 if (udqp && XFS_IS_UQUOTA_ON(mp)) { 1905 ASSERT(ip->i_udquot == NULL); 1906 ASSERT(i_uid_read(VFS_I(ip)) == udqp->q_id); 1907 1908 ip->i_udquot = xfs_qm_dqhold(udqp); 1909 xfs_trans_mod_dquot(tp, udqp, XFS_TRANS_DQ_ICOUNT, 1); 1910 } 1911 if (gdqp && XFS_IS_GQUOTA_ON(mp)) { 1912 ASSERT(ip->i_gdquot == NULL); 1913 ASSERT(i_gid_read(VFS_I(ip)) == gdqp->q_id); 1914 1915 ip->i_gdquot = xfs_qm_dqhold(gdqp); 1916 xfs_trans_mod_dquot(tp, gdqp, XFS_TRANS_DQ_ICOUNT, 1); 1917 } 1918 if (pdqp && XFS_IS_PQUOTA_ON(mp)) { 1919 ASSERT(ip->i_pdquot == NULL); 1920 ASSERT(ip->i_projid == pdqp->q_id); 1921 1922 ip->i_pdquot = xfs_qm_dqhold(pdqp); 1923 xfs_trans_mod_dquot(tp, pdqp, XFS_TRANS_DQ_ICOUNT, 1); 1924 } 1925 } 1926 1927 /* Decide if this inode's dquot is near an enforcement boundary. */ 1928 bool 1929 xfs_inode_near_dquot_enforcement( 1930 struct xfs_inode *ip, 1931 xfs_dqtype_t type) 1932 { 1933 struct xfs_dquot *dqp; 1934 int64_t freesp; 1935 1936 /* We only care for quotas that are enabled and enforced. */ 1937 dqp = xfs_inode_dquot(ip, type); 1938 if (!dqp || !xfs_dquot_is_enforced(dqp)) 1939 return false; 1940 1941 if (xfs_dquot_res_over_limits(&dqp->q_ino) || 1942 xfs_dquot_res_over_limits(&dqp->q_rtb)) 1943 return true; 1944 1945 /* For space on the data device, check the various thresholds. */ 1946 if (!dqp->q_prealloc_hi_wmark) 1947 return false; 1948 1949 if (dqp->q_blk.reserved < dqp->q_prealloc_lo_wmark) 1950 return false; 1951 1952 if (dqp->q_blk.reserved >= dqp->q_prealloc_hi_wmark) 1953 return true; 1954 1955 freesp = dqp->q_prealloc_hi_wmark - dqp->q_blk.reserved; 1956 if (freesp < dqp->q_low_space[XFS_QLOWSP_5_PCNT]) 1957 return true; 1958 1959 return false; 1960 } 1961