1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Implementation of the diskquota system for the LINUX operating system. QUOTA 4 * is implemented using the BSD system call interface as the means of 5 * communication with the user level. This file contains the generic routines 6 * called by the different filesystems on allocation of an inode or block. 7 * These routines take care of the administration needed to have a consistent 8 * diskquota tracking system. The ideas of both user and group quotas are based 9 * on the Melbourne quota system as used on BSD derived systems. The internal 10 * implementation is based on one of the several variants of the LINUX 11 * inode-subsystem with added complexity of the diskquota system. 12 * 13 * Author: Marco van Wieringen <mvw@planets.elm.net> 14 * 15 * Fixes: Dmitry Gorodchanin <pgmdsg@ibi.com>, 11 Feb 96 16 * 17 * Revised list management to avoid races 18 * -- Bill Hawes, <whawes@star.net>, 9/98 19 * 20 * Fixed races in dquot_transfer(), dqget() and dquot_alloc_...(). 21 * As the consequence the locking was moved from dquot_decr_...(), 22 * dquot_incr_...() to calling functions. 23 * invalidate_dquots() now writes modified dquots. 24 * Serialized quota_off() and quota_on() for mount point. 25 * Fixed a few bugs in grow_dquots(). 26 * Fixed deadlock in write_dquot() - we no longer account quotas on 27 * quota files 28 * remove_dquot_ref() moved to inode.c - it now traverses through inodes 29 * add_dquot_ref() restarts after blocking 30 * Added check for bogus uid and fixed check for group in quotactl. 31 * Jan Kara, <jack@suse.cz>, sponsored by SuSE CR, 10-11/99 32 * 33 * Used struct list_head instead of own list struct 34 * Invalidation of referenced dquots is no longer possible 35 * Improved free_dquots list management 36 * Quota and i_blocks are now updated in one place to avoid races 37 * Warnings are now delayed so we won't block in critical section 38 * Write updated not to require dquot lock 39 * Jan Kara, <jack@suse.cz>, 9/2000 40 * 41 * Added dynamic quota structure allocation 42 * Jan Kara <jack@suse.cz> 12/2000 43 * 44 * Rewritten quota interface. Implemented new quota format and 45 * formats registering. 46 * Jan Kara, <jack@suse.cz>, 2001,2002 47 * 48 * New SMP locking. 49 * Jan Kara, <jack@suse.cz>, 10/2002 50 * 51 * Added journalled quota support, fix lock inversion problems 52 * Jan Kara, <jack@suse.cz>, 2003,2004 53 * 54 * (C) Copyright 1994 - 1997 Marco van Wieringen 55 */ 56 57 #include <linux/errno.h> 58 #include <linux/kernel.h> 59 #include <linux/fs.h> 60 #include <linux/mount.h> 61 #include <linux/mm.h> 62 #include <linux/time.h> 63 #include <linux/types.h> 64 #include <linux/string.h> 65 #include <linux/fcntl.h> 66 #include <linux/stat.h> 67 #include <linux/tty.h> 68 #include <linux/file.h> 69 #include <linux/slab.h> 70 #include <linux/sysctl.h> 71 #include <linux/init.h> 72 #include <linux/module.h> 73 #include <linux/proc_fs.h> 74 #include <linux/security.h> 75 #include <linux/sched.h> 76 #include <linux/cred.h> 77 #include <linux/kmod.h> 78 #include <linux/namei.h> 79 #include <linux/capability.h> 80 #include <linux/quotaops.h> 81 #include <linux/blkdev.h> 82 #include <linux/sched/mm.h> 83 #include "../internal.h" /* ugh */ 84 85 #include <linux/uaccess.h> 86 87 /* 88 * There are five quota SMP locks: 89 * * dq_list_lock protects all lists with quotas and quota formats. 90 * * dquot->dq_dqb_lock protects data from dq_dqb 91 * * inode->i_lock protects inode->i_blocks, i_bytes and also guards 92 * consistency of dquot->dq_dqb with inode->i_blocks, i_bytes so that 93 * dquot_transfer() can stabilize amount it transfers 94 * * dq_data_lock protects mem_dqinfo structures and modifications of dquot 95 * pointers in the inode 96 * * dq_state_lock protects modifications of quota state (on quotaon and 97 * quotaoff) and readers who care about latest values take it as well. 98 * 99 * The spinlock ordering is hence: 100 * dq_data_lock > dq_list_lock > i_lock > dquot->dq_dqb_lock, 101 * dq_list_lock > dq_state_lock 102 * 103 * Note that some things (eg. sb pointer, type, id) doesn't change during 104 * the life of the dquot structure and so needn't to be protected by a lock 105 * 106 * Operation accessing dquots via inode pointers are protected by dquot_srcu. 107 * Operation of reading pointer needs srcu_read_lock(&dquot_srcu), and 108 * synchronize_srcu(&dquot_srcu) is called after clearing pointers from 109 * inode and before dropping dquot references to avoid use of dquots after 110 * they are freed. dq_data_lock is used to serialize the pointer setting and 111 * clearing operations. 112 * Special care needs to be taken about S_NOQUOTA inode flag (marking that 113 * inode is a quota file). Functions adding pointers from inode to dquots have 114 * to check this flag under dq_data_lock and then (if S_NOQUOTA is not set) they 115 * have to do all pointer modifications before dropping dq_data_lock. This makes 116 * sure they cannot race with quotaon which first sets S_NOQUOTA flag and 117 * then drops all pointers to dquots from an inode. 118 * 119 * Each dquot has its dq_lock mutex. Dquot is locked when it is being read to 120 * memory (or space for it is being allocated) on the first dqget(), when it is 121 * being written out, and when it is being released on the last dqput(). The 122 * allocation and release operations are serialized by the dq_lock and by 123 * checking the use count in dquot_release(). 124 * 125 * Lock ordering (including related VFS locks) is the following: 126 * s_umount > i_mutex > journal_lock > dquot->dq_lock > dqio_sem 127 */ 128 129 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_list_lock); 130 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_state_lock); 131 __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_data_lock); 132 EXPORT_SYMBOL(dq_data_lock); 133 DEFINE_STATIC_SRCU(dquot_srcu); 134 135 static DECLARE_WAIT_QUEUE_HEAD(dquot_ref_wq); 136 137 void __quota_error(struct super_block *sb, const char *func, 138 const char *fmt, ...) 139 { 140 if (printk_ratelimit()) { 141 va_list args; 142 struct va_format vaf; 143 144 va_start(args, fmt); 145 146 vaf.fmt = fmt; 147 vaf.va = &args; 148 149 printk(KERN_ERR "Quota error (device %s): %s: %pV\n", 150 sb->s_id, func, &vaf); 151 152 va_end(args); 153 } 154 } 155 EXPORT_SYMBOL(__quota_error); 156 157 #if defined(CONFIG_QUOTA_DEBUG) || defined(CONFIG_PRINT_QUOTA_WARNING) 158 static char *quotatypes[] = INITQFNAMES; 159 #endif 160 static struct quota_format_type *quota_formats; /* List of registered formats */ 161 static struct quota_module_name module_names[] = INIT_QUOTA_MODULE_NAMES; 162 163 /* SLAB cache for dquot structures */ 164 static struct kmem_cache *dquot_cachep; 165 166 int register_quota_format(struct quota_format_type *fmt) 167 { 168 spin_lock(&dq_list_lock); 169 fmt->qf_next = quota_formats; 170 quota_formats = fmt; 171 spin_unlock(&dq_list_lock); 172 return 0; 173 } 174 EXPORT_SYMBOL(register_quota_format); 175 176 void unregister_quota_format(struct quota_format_type *fmt) 177 { 178 struct quota_format_type **actqf; 179 180 spin_lock(&dq_list_lock); 181 for (actqf = "a_formats; *actqf && *actqf != fmt; 182 actqf = &(*actqf)->qf_next) 183 ; 184 if (*actqf) 185 *actqf = (*actqf)->qf_next; 186 spin_unlock(&dq_list_lock); 187 } 188 EXPORT_SYMBOL(unregister_quota_format); 189 190 static struct quota_format_type *find_quota_format(int id) 191 { 192 struct quota_format_type *actqf; 193 194 spin_lock(&dq_list_lock); 195 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; 196 actqf = actqf->qf_next) 197 ; 198 if (!actqf || !try_module_get(actqf->qf_owner)) { 199 int qm; 200 201 spin_unlock(&dq_list_lock); 202 203 for (qm = 0; module_names[qm].qm_fmt_id && 204 module_names[qm].qm_fmt_id != id; qm++) 205 ; 206 if (!module_names[qm].qm_fmt_id || 207 request_module(module_names[qm].qm_mod_name)) 208 return NULL; 209 210 spin_lock(&dq_list_lock); 211 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; 212 actqf = actqf->qf_next) 213 ; 214 if (actqf && !try_module_get(actqf->qf_owner)) 215 actqf = NULL; 216 } 217 spin_unlock(&dq_list_lock); 218 return actqf; 219 } 220 221 static void put_quota_format(struct quota_format_type *fmt) 222 { 223 module_put(fmt->qf_owner); 224 } 225 226 /* 227 * Dquot List Management: 228 * The quota code uses five lists for dquot management: the inuse_list, 229 * releasing_dquots, free_dquots, dqi_dirty_list, and dquot_hash[] array. 230 * A single dquot structure may be on some of those lists, depending on 231 * its current state. 232 * 233 * All dquots are placed to the end of inuse_list when first created, and this 234 * list is used for invalidate operation, which must look at every dquot. 235 * 236 * When the last reference of a dquot is dropped, the dquot is added to 237 * releasing_dquots. We'll then queue work item which will call 238 * synchronize_srcu() and after that perform the final cleanup of all the 239 * dquots on the list. Each cleaned up dquot is moved to free_dquots list. 240 * Both releasing_dquots and free_dquots use the dq_free list_head in the dquot 241 * struct. 242 * 243 * Unused and cleaned up dquots are in the free_dquots list and this list is 244 * searched whenever we need an available dquot. Dquots are removed from the 245 * list as soon as they are used again and dqstats.free_dquots gives the number 246 * of dquots on the list. When dquot is invalidated it's completely released 247 * from memory. 248 * 249 * Dirty dquots are added to the dqi_dirty_list of quota_info when mark 250 * dirtied, and this list is searched when writing dirty dquots back to 251 * quota file. Note that some filesystems do dirty dquot tracking on their 252 * own (e.g. in a journal) and thus don't use dqi_dirty_list. 253 * 254 * Dquots with a specific identity (device, type and id) are placed on 255 * one of the dquot_hash[] hash chains. The provides an efficient search 256 * mechanism to locate a specific dquot. 257 */ 258 259 static LIST_HEAD(inuse_list); 260 static LIST_HEAD(free_dquots); 261 static LIST_HEAD(releasing_dquots); 262 static unsigned int dq_hash_bits, dq_hash_mask; 263 static struct hlist_head *dquot_hash; 264 265 struct dqstats dqstats; 266 EXPORT_SYMBOL(dqstats); 267 268 static qsize_t inode_get_rsv_space(struct inode *inode); 269 static qsize_t __inode_get_rsv_space(struct inode *inode); 270 static int __dquot_initialize(struct inode *inode, int type); 271 272 static void quota_release_workfn(struct work_struct *work); 273 static DECLARE_DELAYED_WORK(quota_release_work, quota_release_workfn); 274 275 static inline unsigned int 276 hashfn(const struct super_block *sb, struct kqid qid) 277 { 278 unsigned int id = from_kqid(&init_user_ns, qid); 279 int type = qid.type; 280 unsigned long tmp; 281 282 tmp = (((unsigned long)sb>>L1_CACHE_SHIFT) ^ id) * (MAXQUOTAS - type); 283 return (tmp + (tmp >> dq_hash_bits)) & dq_hash_mask; 284 } 285 286 /* 287 * Following list functions expect dq_list_lock to be held 288 */ 289 static inline void insert_dquot_hash(struct dquot *dquot) 290 { 291 struct hlist_head *head; 292 head = dquot_hash + hashfn(dquot->dq_sb, dquot->dq_id); 293 hlist_add_head(&dquot->dq_hash, head); 294 } 295 296 static inline void remove_dquot_hash(struct dquot *dquot) 297 { 298 hlist_del_init(&dquot->dq_hash); 299 } 300 301 static struct dquot *find_dquot(unsigned int hashent, struct super_block *sb, 302 struct kqid qid) 303 { 304 struct dquot *dquot; 305 306 hlist_for_each_entry(dquot, dquot_hash+hashent, dq_hash) 307 if (dquot->dq_sb == sb && qid_eq(dquot->dq_id, qid)) 308 return dquot; 309 310 return NULL; 311 } 312 313 /* Add a dquot to the tail of the free list */ 314 static inline void put_dquot_last(struct dquot *dquot) 315 { 316 list_add_tail(&dquot->dq_free, &free_dquots); 317 dqstats_inc(DQST_FREE_DQUOTS); 318 } 319 320 static inline void put_releasing_dquots(struct dquot *dquot) 321 { 322 list_add_tail(&dquot->dq_free, &releasing_dquots); 323 set_bit(DQ_RELEASING_B, &dquot->dq_flags); 324 } 325 326 static inline void remove_free_dquot(struct dquot *dquot) 327 { 328 if (list_empty(&dquot->dq_free)) 329 return; 330 list_del_init(&dquot->dq_free); 331 if (!test_bit(DQ_RELEASING_B, &dquot->dq_flags)) 332 dqstats_dec(DQST_FREE_DQUOTS); 333 else 334 clear_bit(DQ_RELEASING_B, &dquot->dq_flags); 335 } 336 337 static inline void put_inuse(struct dquot *dquot) 338 { 339 /* We add to the back of inuse list so we don't have to restart 340 * when traversing this list and we block */ 341 list_add_tail(&dquot->dq_inuse, &inuse_list); 342 dqstats_inc(DQST_ALLOC_DQUOTS); 343 } 344 345 static inline void remove_inuse(struct dquot *dquot) 346 { 347 dqstats_dec(DQST_ALLOC_DQUOTS); 348 list_del(&dquot->dq_inuse); 349 } 350 /* 351 * End of list functions needing dq_list_lock 352 */ 353 354 static void wait_on_dquot(struct dquot *dquot) 355 { 356 mutex_lock(&dquot->dq_lock); 357 mutex_unlock(&dquot->dq_lock); 358 } 359 360 static inline int dquot_active(struct dquot *dquot) 361 { 362 return test_bit(DQ_ACTIVE_B, &dquot->dq_flags); 363 } 364 365 static inline int dquot_dirty(struct dquot *dquot) 366 { 367 return test_bit(DQ_MOD_B, &dquot->dq_flags); 368 } 369 370 static inline int mark_dquot_dirty(struct dquot *dquot) 371 { 372 return dquot->dq_sb->dq_op->mark_dirty(dquot); 373 } 374 375 /* Mark dquot dirty in atomic manner, and return it's old dirty flag state */ 376 int dquot_mark_dquot_dirty(struct dquot *dquot) 377 { 378 int ret = 1; 379 380 if (!dquot_active(dquot)) 381 return 0; 382 383 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY) 384 return test_and_set_bit(DQ_MOD_B, &dquot->dq_flags); 385 386 /* If quota is dirty already, we don't have to acquire dq_list_lock */ 387 if (dquot_dirty(dquot)) 388 return 1; 389 390 spin_lock(&dq_list_lock); 391 if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags)) { 392 list_add(&dquot->dq_dirty, &sb_dqopt(dquot->dq_sb)-> 393 info[dquot->dq_id.type].dqi_dirty_list); 394 ret = 0; 395 } 396 spin_unlock(&dq_list_lock); 397 return ret; 398 } 399 EXPORT_SYMBOL(dquot_mark_dquot_dirty); 400 401 /* Dirtify all the dquots - this can block when journalling */ 402 static inline int mark_all_dquot_dirty(struct dquot * const *dquots) 403 { 404 int ret, err, cnt; 405 struct dquot *dquot; 406 407 ret = err = 0; 408 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 409 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 410 if (dquot) 411 /* Even in case of error we have to continue */ 412 ret = mark_dquot_dirty(dquot); 413 if (!err) 414 err = ret; 415 } 416 return err; 417 } 418 419 static inline void dqput_all(struct dquot **dquot) 420 { 421 unsigned int cnt; 422 423 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 424 dqput(dquot[cnt]); 425 } 426 427 static inline int clear_dquot_dirty(struct dquot *dquot) 428 { 429 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY) 430 return test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags); 431 432 spin_lock(&dq_list_lock); 433 if (!test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags)) { 434 spin_unlock(&dq_list_lock); 435 return 0; 436 } 437 list_del_init(&dquot->dq_dirty); 438 spin_unlock(&dq_list_lock); 439 return 1; 440 } 441 442 void mark_info_dirty(struct super_block *sb, int type) 443 { 444 spin_lock(&dq_data_lock); 445 sb_dqopt(sb)->info[type].dqi_flags |= DQF_INFO_DIRTY; 446 spin_unlock(&dq_data_lock); 447 } 448 EXPORT_SYMBOL(mark_info_dirty); 449 450 /* 451 * Read dquot from disk and alloc space for it 452 */ 453 454 int dquot_acquire(struct dquot *dquot) 455 { 456 int ret = 0, ret2 = 0; 457 unsigned int memalloc; 458 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 459 460 mutex_lock(&dquot->dq_lock); 461 memalloc = memalloc_nofs_save(); 462 if (!test_bit(DQ_READ_B, &dquot->dq_flags)) { 463 ret = dqopt->ops[dquot->dq_id.type]->read_dqblk(dquot); 464 if (ret < 0) 465 goto out_iolock; 466 } 467 /* Make sure flags update is visible after dquot has been filled */ 468 smp_mb__before_atomic(); 469 set_bit(DQ_READ_B, &dquot->dq_flags); 470 /* Instantiate dquot if needed */ 471 if (!dquot_active(dquot) && !dquot->dq_off) { 472 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot); 473 /* Write the info if needed */ 474 if (info_dirty(&dqopt->info[dquot->dq_id.type])) { 475 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info( 476 dquot->dq_sb, dquot->dq_id.type); 477 } 478 if (ret < 0) 479 goto out_iolock; 480 if (ret2 < 0) { 481 ret = ret2; 482 goto out_iolock; 483 } 484 } 485 /* 486 * Make sure flags update is visible after on-disk struct has been 487 * allocated. Paired with smp_rmb() in dqget(). 488 */ 489 smp_mb__before_atomic(); 490 set_bit(DQ_ACTIVE_B, &dquot->dq_flags); 491 out_iolock: 492 memalloc_nofs_restore(memalloc); 493 mutex_unlock(&dquot->dq_lock); 494 return ret; 495 } 496 EXPORT_SYMBOL(dquot_acquire); 497 498 /* 499 * Write dquot to disk 500 */ 501 int dquot_commit(struct dquot *dquot) 502 { 503 int ret = 0; 504 unsigned int memalloc; 505 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 506 507 mutex_lock(&dquot->dq_lock); 508 memalloc = memalloc_nofs_save(); 509 if (!clear_dquot_dirty(dquot)) 510 goto out_lock; 511 /* Inactive dquot can be only if there was error during read/init 512 * => we have better not writing it */ 513 if (dquot_active(dquot)) 514 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot); 515 else 516 ret = -EIO; 517 out_lock: 518 memalloc_nofs_restore(memalloc); 519 mutex_unlock(&dquot->dq_lock); 520 return ret; 521 } 522 EXPORT_SYMBOL(dquot_commit); 523 524 /* 525 * Release dquot 526 */ 527 int dquot_release(struct dquot *dquot) 528 { 529 int ret = 0, ret2 = 0; 530 unsigned int memalloc; 531 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 532 533 mutex_lock(&dquot->dq_lock); 534 memalloc = memalloc_nofs_save(); 535 /* Check whether we are not racing with some other dqget() */ 536 if (dquot_is_busy(dquot)) 537 goto out_dqlock; 538 if (dqopt->ops[dquot->dq_id.type]->release_dqblk) { 539 ret = dqopt->ops[dquot->dq_id.type]->release_dqblk(dquot); 540 /* Write the info */ 541 if (info_dirty(&dqopt->info[dquot->dq_id.type])) { 542 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info( 543 dquot->dq_sb, dquot->dq_id.type); 544 } 545 if (ret >= 0) 546 ret = ret2; 547 } 548 clear_bit(DQ_ACTIVE_B, &dquot->dq_flags); 549 out_dqlock: 550 memalloc_nofs_restore(memalloc); 551 mutex_unlock(&dquot->dq_lock); 552 return ret; 553 } 554 EXPORT_SYMBOL(dquot_release); 555 556 void dquot_destroy(struct dquot *dquot) 557 { 558 kmem_cache_free(dquot_cachep, dquot); 559 } 560 EXPORT_SYMBOL(dquot_destroy); 561 562 static inline void do_destroy_dquot(struct dquot *dquot) 563 { 564 dquot->dq_sb->dq_op->destroy_dquot(dquot); 565 } 566 567 /* Invalidate all dquots on the list. Note that this function is called after 568 * quota is disabled and pointers from inodes removed so there cannot be new 569 * quota users. There can still be some users of quotas due to inodes being 570 * just deleted or pruned by prune_icache() (those are not attached to any 571 * list) or parallel quotactl call. We have to wait for such users. 572 */ 573 static void invalidate_dquots(struct super_block *sb, int type) 574 { 575 struct dquot *dquot, *tmp; 576 577 restart: 578 flush_delayed_work("a_release_work); 579 580 spin_lock(&dq_list_lock); 581 list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) { 582 if (dquot->dq_sb != sb) 583 continue; 584 if (dquot->dq_id.type != type) 585 continue; 586 /* Wait for dquot users */ 587 if (atomic_read(&dquot->dq_count)) { 588 atomic_inc(&dquot->dq_count); 589 spin_unlock(&dq_list_lock); 590 /* 591 * Once dqput() wakes us up, we know it's time to free 592 * the dquot. 593 * IMPORTANT: we rely on the fact that there is always 594 * at most one process waiting for dquot to free. 595 * Otherwise dq_count would be > 1 and we would never 596 * wake up. 597 */ 598 wait_event(dquot_ref_wq, 599 atomic_read(&dquot->dq_count) == 1); 600 dqput(dquot); 601 /* At this moment dquot() need not exist (it could be 602 * reclaimed by prune_dqcache(). Hence we must 603 * restart. */ 604 goto restart; 605 } 606 /* 607 * The last user already dropped its reference but dquot didn't 608 * get fully cleaned up yet. Restart the scan which flushes the 609 * work cleaning up released dquots. 610 */ 611 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) { 612 spin_unlock(&dq_list_lock); 613 goto restart; 614 } 615 /* 616 * Quota now has no users and it has been written on last 617 * dqput() 618 */ 619 remove_dquot_hash(dquot); 620 remove_free_dquot(dquot); 621 remove_inuse(dquot); 622 do_destroy_dquot(dquot); 623 } 624 spin_unlock(&dq_list_lock); 625 } 626 627 /* Call callback for every active dquot on given filesystem */ 628 int dquot_scan_active(struct super_block *sb, 629 int (*fn)(struct dquot *dquot, unsigned long priv), 630 unsigned long priv) 631 { 632 struct dquot *dquot, *old_dquot = NULL; 633 int ret = 0; 634 635 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount)); 636 637 spin_lock(&dq_list_lock); 638 list_for_each_entry(dquot, &inuse_list, dq_inuse) { 639 if (!dquot_active(dquot)) 640 continue; 641 if (dquot->dq_sb != sb) 642 continue; 643 /* Now we have active dquot so we can just increase use count */ 644 atomic_inc(&dquot->dq_count); 645 spin_unlock(&dq_list_lock); 646 dqput(old_dquot); 647 old_dquot = dquot; 648 /* 649 * ->release_dquot() can be racing with us. Our reference 650 * protects us from new calls to it so just wait for any 651 * outstanding call and recheck the DQ_ACTIVE_B after that. 652 */ 653 wait_on_dquot(dquot); 654 if (dquot_active(dquot)) { 655 ret = fn(dquot, priv); 656 if (ret < 0) 657 goto out; 658 } 659 spin_lock(&dq_list_lock); 660 /* We are safe to continue now because our dquot could not 661 * be moved out of the inuse list while we hold the reference */ 662 } 663 spin_unlock(&dq_list_lock); 664 out: 665 dqput(old_dquot); 666 return ret; 667 } 668 EXPORT_SYMBOL(dquot_scan_active); 669 670 static inline int dquot_write_dquot(struct dquot *dquot) 671 { 672 int ret = dquot->dq_sb->dq_op->write_dquot(dquot); 673 if (ret < 0) { 674 quota_error(dquot->dq_sb, "Can't write quota structure " 675 "(error %d). Quota may get out of sync!", ret); 676 /* Clear dirty bit anyway to avoid infinite loop. */ 677 clear_dquot_dirty(dquot); 678 } 679 return ret; 680 } 681 682 /* Write all dquot structures to quota files */ 683 int dquot_writeback_dquots(struct super_block *sb, int type) 684 { 685 struct list_head dirty; 686 struct dquot *dquot; 687 struct quota_info *dqopt = sb_dqopt(sb); 688 int cnt; 689 int err, ret = 0; 690 691 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount)); 692 693 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 694 if (type != -1 && cnt != type) 695 continue; 696 if (!sb_has_quota_active(sb, cnt)) 697 continue; 698 spin_lock(&dq_list_lock); 699 /* Move list away to avoid livelock. */ 700 list_replace_init(&dqopt->info[cnt].dqi_dirty_list, &dirty); 701 while (!list_empty(&dirty)) { 702 dquot = list_first_entry(&dirty, struct dquot, 703 dq_dirty); 704 705 WARN_ON(!dquot_active(dquot)); 706 /* If the dquot is releasing we should not touch it */ 707 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) { 708 spin_unlock(&dq_list_lock); 709 flush_delayed_work("a_release_work); 710 spin_lock(&dq_list_lock); 711 continue; 712 } 713 714 /* Now we have active dquot from which someone is 715 * holding reference so we can safely just increase 716 * use count */ 717 dqgrab(dquot); 718 spin_unlock(&dq_list_lock); 719 err = dquot_write_dquot(dquot); 720 if (err && !ret) 721 ret = err; 722 dqput(dquot); 723 spin_lock(&dq_list_lock); 724 } 725 spin_unlock(&dq_list_lock); 726 } 727 728 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 729 if ((cnt == type || type == -1) && sb_has_quota_active(sb, cnt) 730 && info_dirty(&dqopt->info[cnt])) 731 sb->dq_op->write_info(sb, cnt); 732 dqstats_inc(DQST_SYNCS); 733 734 return ret; 735 } 736 EXPORT_SYMBOL(dquot_writeback_dquots); 737 738 /* Write all dquot structures to disk and make them visible from userspace */ 739 int dquot_quota_sync(struct super_block *sb, int type) 740 { 741 struct quota_info *dqopt = sb_dqopt(sb); 742 int cnt; 743 int ret; 744 745 ret = dquot_writeback_dquots(sb, type); 746 if (ret) 747 return ret; 748 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) 749 return 0; 750 751 /* This is not very clever (and fast) but currently I don't know about 752 * any other simple way of getting quota data to disk and we must get 753 * them there for userspace to be visible... */ 754 if (sb->s_op->sync_fs) { 755 ret = sb->s_op->sync_fs(sb, 1); 756 if (ret) 757 return ret; 758 } 759 ret = sync_blockdev(sb->s_bdev); 760 if (ret) 761 return ret; 762 763 /* 764 * Now when everything is written we can discard the pagecache so 765 * that userspace sees the changes. 766 */ 767 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 768 if (type != -1 && cnt != type) 769 continue; 770 if (!sb_has_quota_active(sb, cnt)) 771 continue; 772 inode_lock(dqopt->files[cnt]); 773 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0); 774 inode_unlock(dqopt->files[cnt]); 775 } 776 777 return 0; 778 } 779 EXPORT_SYMBOL(dquot_quota_sync); 780 781 static unsigned long 782 dqcache_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) 783 { 784 struct dquot *dquot; 785 unsigned long freed = 0; 786 787 spin_lock(&dq_list_lock); 788 while (!list_empty(&free_dquots) && sc->nr_to_scan) { 789 dquot = list_first_entry(&free_dquots, struct dquot, dq_free); 790 remove_dquot_hash(dquot); 791 remove_free_dquot(dquot); 792 remove_inuse(dquot); 793 do_destroy_dquot(dquot); 794 sc->nr_to_scan--; 795 freed++; 796 } 797 spin_unlock(&dq_list_lock); 798 return freed; 799 } 800 801 static unsigned long 802 dqcache_shrink_count(struct shrinker *shrink, struct shrink_control *sc) 803 { 804 return vfs_pressure_ratio( 805 percpu_counter_read_positive(&dqstats.counter[DQST_FREE_DQUOTS])); 806 } 807 808 static struct shrinker dqcache_shrinker = { 809 .count_objects = dqcache_shrink_count, 810 .scan_objects = dqcache_shrink_scan, 811 .seeks = DEFAULT_SEEKS, 812 }; 813 814 /* 815 * Safely release dquot and put reference to dquot. 816 */ 817 static void quota_release_workfn(struct work_struct *work) 818 { 819 struct dquot *dquot; 820 struct list_head rls_head; 821 822 spin_lock(&dq_list_lock); 823 /* Exchange the list head to avoid livelock. */ 824 list_replace_init(&releasing_dquots, &rls_head); 825 spin_unlock(&dq_list_lock); 826 synchronize_srcu(&dquot_srcu); 827 828 restart: 829 spin_lock(&dq_list_lock); 830 while (!list_empty(&rls_head)) { 831 dquot = list_first_entry(&rls_head, struct dquot, dq_free); 832 WARN_ON_ONCE(atomic_read(&dquot->dq_count)); 833 /* 834 * Note that DQ_RELEASING_B protects us from racing with 835 * invalidate_dquots() calls so we are safe to work with the 836 * dquot even after we drop dq_list_lock. 837 */ 838 if (dquot_dirty(dquot)) { 839 spin_unlock(&dq_list_lock); 840 /* Commit dquot before releasing */ 841 dquot_write_dquot(dquot); 842 goto restart; 843 } 844 if (dquot_active(dquot)) { 845 spin_unlock(&dq_list_lock); 846 dquot->dq_sb->dq_op->release_dquot(dquot); 847 goto restart; 848 } 849 /* Dquot is inactive and clean, now move it to free list */ 850 remove_free_dquot(dquot); 851 put_dquot_last(dquot); 852 } 853 spin_unlock(&dq_list_lock); 854 } 855 856 /* 857 * Put reference to dquot 858 */ 859 void dqput(struct dquot *dquot) 860 { 861 if (!dquot) 862 return; 863 #ifdef CONFIG_QUOTA_DEBUG 864 if (!atomic_read(&dquot->dq_count)) { 865 quota_error(dquot->dq_sb, "trying to free free dquot of %s %d", 866 quotatypes[dquot->dq_id.type], 867 from_kqid(&init_user_ns, dquot->dq_id)); 868 BUG(); 869 } 870 #endif 871 dqstats_inc(DQST_DROPS); 872 873 spin_lock(&dq_list_lock); 874 if (atomic_read(&dquot->dq_count) > 1) { 875 /* We have more than one user... nothing to do */ 876 atomic_dec(&dquot->dq_count); 877 /* Releasing dquot during quotaoff phase? */ 878 if (!sb_has_quota_active(dquot->dq_sb, dquot->dq_id.type) && 879 atomic_read(&dquot->dq_count) == 1) 880 wake_up(&dquot_ref_wq); 881 spin_unlock(&dq_list_lock); 882 return; 883 } 884 885 /* Need to release dquot? */ 886 #ifdef CONFIG_QUOTA_DEBUG 887 /* sanity check */ 888 BUG_ON(!list_empty(&dquot->dq_free)); 889 #endif 890 put_releasing_dquots(dquot); 891 atomic_dec(&dquot->dq_count); 892 spin_unlock(&dq_list_lock); 893 queue_delayed_work(system_unbound_wq, "a_release_work, 1); 894 } 895 EXPORT_SYMBOL(dqput); 896 897 struct dquot *dquot_alloc(struct super_block *sb, int type) 898 { 899 return kmem_cache_zalloc(dquot_cachep, GFP_NOFS); 900 } 901 EXPORT_SYMBOL(dquot_alloc); 902 903 static struct dquot *get_empty_dquot(struct super_block *sb, int type) 904 { 905 struct dquot *dquot; 906 907 dquot = sb->dq_op->alloc_dquot(sb, type); 908 if(!dquot) 909 return NULL; 910 911 mutex_init(&dquot->dq_lock); 912 INIT_LIST_HEAD(&dquot->dq_free); 913 INIT_LIST_HEAD(&dquot->dq_inuse); 914 INIT_HLIST_NODE(&dquot->dq_hash); 915 INIT_LIST_HEAD(&dquot->dq_dirty); 916 dquot->dq_sb = sb; 917 dquot->dq_id = make_kqid_invalid(type); 918 atomic_set(&dquot->dq_count, 1); 919 spin_lock_init(&dquot->dq_dqb_lock); 920 921 return dquot; 922 } 923 924 /* 925 * Get reference to dquot 926 * 927 * Locking is slightly tricky here. We are guarded from parallel quotaoff() 928 * destroying our dquot by: 929 * a) checking for quota flags under dq_list_lock and 930 * b) getting a reference to dquot before we release dq_list_lock 931 */ 932 struct dquot *dqget(struct super_block *sb, struct kqid qid) 933 { 934 unsigned int hashent = hashfn(sb, qid); 935 struct dquot *dquot, *empty = NULL; 936 937 if (!qid_has_mapping(sb->s_user_ns, qid)) 938 return ERR_PTR(-EINVAL); 939 940 if (!sb_has_quota_active(sb, qid.type)) 941 return ERR_PTR(-ESRCH); 942 we_slept: 943 spin_lock(&dq_list_lock); 944 spin_lock(&dq_state_lock); 945 if (!sb_has_quota_active(sb, qid.type)) { 946 spin_unlock(&dq_state_lock); 947 spin_unlock(&dq_list_lock); 948 dquot = ERR_PTR(-ESRCH); 949 goto out; 950 } 951 spin_unlock(&dq_state_lock); 952 953 dquot = find_dquot(hashent, sb, qid); 954 if (!dquot) { 955 if (!empty) { 956 spin_unlock(&dq_list_lock); 957 empty = get_empty_dquot(sb, qid.type); 958 if (!empty) 959 schedule(); /* Try to wait for a moment... */ 960 goto we_slept; 961 } 962 dquot = empty; 963 empty = NULL; 964 dquot->dq_id = qid; 965 /* all dquots go on the inuse_list */ 966 put_inuse(dquot); 967 /* hash it first so it can be found */ 968 insert_dquot_hash(dquot); 969 spin_unlock(&dq_list_lock); 970 dqstats_inc(DQST_LOOKUPS); 971 } else { 972 if (!atomic_read(&dquot->dq_count)) 973 remove_free_dquot(dquot); 974 atomic_inc(&dquot->dq_count); 975 spin_unlock(&dq_list_lock); 976 dqstats_inc(DQST_CACHE_HITS); 977 dqstats_inc(DQST_LOOKUPS); 978 } 979 /* Wait for dq_lock - after this we know that either dquot_release() is 980 * already finished or it will be canceled due to dq_count > 0 test */ 981 wait_on_dquot(dquot); 982 /* Read the dquot / allocate space in quota file */ 983 if (!dquot_active(dquot)) { 984 int err; 985 986 err = sb->dq_op->acquire_dquot(dquot); 987 if (err < 0) { 988 dqput(dquot); 989 dquot = ERR_PTR(err); 990 goto out; 991 } 992 } 993 /* 994 * Make sure following reads see filled structure - paired with 995 * smp_mb__before_atomic() in dquot_acquire(). 996 */ 997 smp_rmb(); 998 #ifdef CONFIG_QUOTA_DEBUG 999 BUG_ON(!dquot->dq_sb); /* Has somebody invalidated entry under us? */ 1000 #endif 1001 out: 1002 if (empty) 1003 do_destroy_dquot(empty); 1004 1005 return dquot; 1006 } 1007 EXPORT_SYMBOL(dqget); 1008 1009 static inline struct dquot **i_dquot(struct inode *inode) 1010 { 1011 return inode->i_sb->s_op->get_dquots(inode); 1012 } 1013 1014 static int dqinit_needed(struct inode *inode, int type) 1015 { 1016 struct dquot * const *dquots; 1017 int cnt; 1018 1019 if (IS_NOQUOTA(inode)) 1020 return 0; 1021 1022 dquots = i_dquot(inode); 1023 if (type != -1) 1024 return !dquots[type]; 1025 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1026 if (!dquots[cnt]) 1027 return 1; 1028 return 0; 1029 } 1030 1031 /* This routine is guarded by s_umount semaphore */ 1032 static int add_dquot_ref(struct super_block *sb, int type) 1033 { 1034 struct inode *inode, *old_inode = NULL; 1035 #ifdef CONFIG_QUOTA_DEBUG 1036 int reserved = 0; 1037 #endif 1038 int err = 0; 1039 1040 spin_lock(&sb->s_inode_list_lock); 1041 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { 1042 spin_lock(&inode->i_lock); 1043 if ((inode->i_state & (I_FREEING|I_WILL_FREE|I_NEW)) || 1044 !atomic_read(&inode->i_writecount) || 1045 !dqinit_needed(inode, type)) { 1046 spin_unlock(&inode->i_lock); 1047 continue; 1048 } 1049 __iget(inode); 1050 spin_unlock(&inode->i_lock); 1051 spin_unlock(&sb->s_inode_list_lock); 1052 1053 #ifdef CONFIG_QUOTA_DEBUG 1054 if (unlikely(inode_get_rsv_space(inode) > 0)) 1055 reserved = 1; 1056 #endif 1057 iput(old_inode); 1058 err = __dquot_initialize(inode, type); 1059 if (err) { 1060 iput(inode); 1061 goto out; 1062 } 1063 1064 /* 1065 * We hold a reference to 'inode' so it couldn't have been 1066 * removed from s_inodes list while we dropped the 1067 * s_inode_list_lock. We cannot iput the inode now as we can be 1068 * holding the last reference and we cannot iput it under 1069 * s_inode_list_lock. So we keep the reference and iput it 1070 * later. 1071 */ 1072 old_inode = inode; 1073 cond_resched(); 1074 spin_lock(&sb->s_inode_list_lock); 1075 } 1076 spin_unlock(&sb->s_inode_list_lock); 1077 iput(old_inode); 1078 out: 1079 #ifdef CONFIG_QUOTA_DEBUG 1080 if (reserved) { 1081 quota_error(sb, "Writes happened before quota was turned on " 1082 "thus quota information is probably inconsistent. " 1083 "Please run quotacheck(8)"); 1084 } 1085 #endif 1086 return err; 1087 } 1088 1089 static void remove_dquot_ref(struct super_block *sb, int type) 1090 { 1091 struct inode *inode; 1092 #ifdef CONFIG_QUOTA_DEBUG 1093 int reserved = 0; 1094 #endif 1095 1096 spin_lock(&sb->s_inode_list_lock); 1097 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { 1098 /* 1099 * We have to scan also I_NEW inodes because they can already 1100 * have quota pointer initialized. Luckily, we need to touch 1101 * only quota pointers and these have separate locking 1102 * (dq_data_lock). 1103 */ 1104 spin_lock(&dq_data_lock); 1105 if (!IS_NOQUOTA(inode)) { 1106 struct dquot **dquots = i_dquot(inode); 1107 struct dquot *dquot = dquots[type]; 1108 1109 #ifdef CONFIG_QUOTA_DEBUG 1110 if (unlikely(inode_get_rsv_space(inode) > 0)) 1111 reserved = 1; 1112 #endif 1113 dquots[type] = NULL; 1114 if (dquot) 1115 dqput(dquot); 1116 } 1117 spin_unlock(&dq_data_lock); 1118 } 1119 spin_unlock(&sb->s_inode_list_lock); 1120 #ifdef CONFIG_QUOTA_DEBUG 1121 if (reserved) { 1122 printk(KERN_WARNING "VFS (%s): Writes happened after quota" 1123 " was disabled thus quota information is probably " 1124 "inconsistent. Please run quotacheck(8).\n", sb->s_id); 1125 } 1126 #endif 1127 } 1128 1129 /* Gather all references from inodes and drop them */ 1130 static void drop_dquot_ref(struct super_block *sb, int type) 1131 { 1132 if (sb->dq_op) 1133 remove_dquot_ref(sb, type); 1134 } 1135 1136 static inline 1137 void dquot_free_reserved_space(struct dquot *dquot, qsize_t number) 1138 { 1139 if (dquot->dq_dqb.dqb_rsvspace >= number) 1140 dquot->dq_dqb.dqb_rsvspace -= number; 1141 else { 1142 WARN_ON_ONCE(1); 1143 dquot->dq_dqb.dqb_rsvspace = 0; 1144 } 1145 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <= 1146 dquot->dq_dqb.dqb_bsoftlimit) 1147 dquot->dq_dqb.dqb_btime = (time64_t) 0; 1148 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1149 } 1150 1151 static void dquot_decr_inodes(struct dquot *dquot, qsize_t number) 1152 { 1153 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE || 1154 dquot->dq_dqb.dqb_curinodes >= number) 1155 dquot->dq_dqb.dqb_curinodes -= number; 1156 else 1157 dquot->dq_dqb.dqb_curinodes = 0; 1158 if (dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit) 1159 dquot->dq_dqb.dqb_itime = (time64_t) 0; 1160 clear_bit(DQ_INODES_B, &dquot->dq_flags); 1161 } 1162 1163 static void dquot_decr_space(struct dquot *dquot, qsize_t number) 1164 { 1165 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE || 1166 dquot->dq_dqb.dqb_curspace >= number) 1167 dquot->dq_dqb.dqb_curspace -= number; 1168 else 1169 dquot->dq_dqb.dqb_curspace = 0; 1170 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <= 1171 dquot->dq_dqb.dqb_bsoftlimit) 1172 dquot->dq_dqb.dqb_btime = (time64_t) 0; 1173 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1174 } 1175 1176 struct dquot_warn { 1177 struct super_block *w_sb; 1178 struct kqid w_dq_id; 1179 short w_type; 1180 }; 1181 1182 static int warning_issued(struct dquot *dquot, const int warntype) 1183 { 1184 int flag = (warntype == QUOTA_NL_BHARDWARN || 1185 warntype == QUOTA_NL_BSOFTLONGWARN) ? DQ_BLKS_B : 1186 ((warntype == QUOTA_NL_IHARDWARN || 1187 warntype == QUOTA_NL_ISOFTLONGWARN) ? DQ_INODES_B : 0); 1188 1189 if (!flag) 1190 return 0; 1191 return test_and_set_bit(flag, &dquot->dq_flags); 1192 } 1193 1194 #ifdef CONFIG_PRINT_QUOTA_WARNING 1195 static int flag_print_warnings = 1; 1196 1197 static int need_print_warning(struct dquot_warn *warn) 1198 { 1199 if (!flag_print_warnings) 1200 return 0; 1201 1202 switch (warn->w_dq_id.type) { 1203 case USRQUOTA: 1204 return uid_eq(current_fsuid(), warn->w_dq_id.uid); 1205 case GRPQUOTA: 1206 return in_group_p(warn->w_dq_id.gid); 1207 case PRJQUOTA: 1208 return 1; 1209 } 1210 return 0; 1211 } 1212 1213 /* Print warning to user which exceeded quota */ 1214 static void print_warning(struct dquot_warn *warn) 1215 { 1216 char *msg = NULL; 1217 struct tty_struct *tty; 1218 int warntype = warn->w_type; 1219 1220 if (warntype == QUOTA_NL_IHARDBELOW || 1221 warntype == QUOTA_NL_ISOFTBELOW || 1222 warntype == QUOTA_NL_BHARDBELOW || 1223 warntype == QUOTA_NL_BSOFTBELOW || !need_print_warning(warn)) 1224 return; 1225 1226 tty = get_current_tty(); 1227 if (!tty) 1228 return; 1229 tty_write_message(tty, warn->w_sb->s_id); 1230 if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN) 1231 tty_write_message(tty, ": warning, "); 1232 else 1233 tty_write_message(tty, ": write failed, "); 1234 tty_write_message(tty, quotatypes[warn->w_dq_id.type]); 1235 switch (warntype) { 1236 case QUOTA_NL_IHARDWARN: 1237 msg = " file limit reached.\r\n"; 1238 break; 1239 case QUOTA_NL_ISOFTLONGWARN: 1240 msg = " file quota exceeded too long.\r\n"; 1241 break; 1242 case QUOTA_NL_ISOFTWARN: 1243 msg = " file quota exceeded.\r\n"; 1244 break; 1245 case QUOTA_NL_BHARDWARN: 1246 msg = " block limit reached.\r\n"; 1247 break; 1248 case QUOTA_NL_BSOFTLONGWARN: 1249 msg = " block quota exceeded too long.\r\n"; 1250 break; 1251 case QUOTA_NL_BSOFTWARN: 1252 msg = " block quota exceeded.\r\n"; 1253 break; 1254 } 1255 tty_write_message(tty, msg); 1256 tty_kref_put(tty); 1257 } 1258 #endif 1259 1260 static void prepare_warning(struct dquot_warn *warn, struct dquot *dquot, 1261 int warntype) 1262 { 1263 if (warning_issued(dquot, warntype)) 1264 return; 1265 warn->w_type = warntype; 1266 warn->w_sb = dquot->dq_sb; 1267 warn->w_dq_id = dquot->dq_id; 1268 } 1269 1270 /* 1271 * Write warnings to the console and send warning messages over netlink. 1272 * 1273 * Note that this function can call into tty and networking code. 1274 */ 1275 static void flush_warnings(struct dquot_warn *warn) 1276 { 1277 int i; 1278 1279 for (i = 0; i < MAXQUOTAS; i++) { 1280 if (warn[i].w_type == QUOTA_NL_NOWARN) 1281 continue; 1282 #ifdef CONFIG_PRINT_QUOTA_WARNING 1283 print_warning(&warn[i]); 1284 #endif 1285 quota_send_warning(warn[i].w_dq_id, 1286 warn[i].w_sb->s_dev, warn[i].w_type); 1287 } 1288 } 1289 1290 static int ignore_hardlimit(struct dquot *dquot) 1291 { 1292 struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type]; 1293 1294 return capable(CAP_SYS_RESOURCE) && 1295 (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD || 1296 !(info->dqi_flags & DQF_ROOT_SQUASH)); 1297 } 1298 1299 static int dquot_add_inodes(struct dquot *dquot, qsize_t inodes, 1300 struct dquot_warn *warn) 1301 { 1302 qsize_t newinodes; 1303 int ret = 0; 1304 1305 spin_lock(&dquot->dq_dqb_lock); 1306 newinodes = dquot->dq_dqb.dqb_curinodes + inodes; 1307 if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type) || 1308 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1309 goto add; 1310 1311 if (dquot->dq_dqb.dqb_ihardlimit && 1312 newinodes > dquot->dq_dqb.dqb_ihardlimit && 1313 !ignore_hardlimit(dquot)) { 1314 prepare_warning(warn, dquot, QUOTA_NL_IHARDWARN); 1315 ret = -EDQUOT; 1316 goto out; 1317 } 1318 1319 if (dquot->dq_dqb.dqb_isoftlimit && 1320 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1321 dquot->dq_dqb.dqb_itime && 1322 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_itime && 1323 !ignore_hardlimit(dquot)) { 1324 prepare_warning(warn, dquot, QUOTA_NL_ISOFTLONGWARN); 1325 ret = -EDQUOT; 1326 goto out; 1327 } 1328 1329 if (dquot->dq_dqb.dqb_isoftlimit && 1330 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1331 dquot->dq_dqb.dqb_itime == 0) { 1332 prepare_warning(warn, dquot, QUOTA_NL_ISOFTWARN); 1333 dquot->dq_dqb.dqb_itime = ktime_get_real_seconds() + 1334 sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type].dqi_igrace; 1335 } 1336 add: 1337 dquot->dq_dqb.dqb_curinodes = newinodes; 1338 1339 out: 1340 spin_unlock(&dquot->dq_dqb_lock); 1341 return ret; 1342 } 1343 1344 static int dquot_add_space(struct dquot *dquot, qsize_t space, 1345 qsize_t rsv_space, unsigned int flags, 1346 struct dquot_warn *warn) 1347 { 1348 qsize_t tspace; 1349 struct super_block *sb = dquot->dq_sb; 1350 int ret = 0; 1351 1352 spin_lock(&dquot->dq_dqb_lock); 1353 if (!sb_has_quota_limits_enabled(sb, dquot->dq_id.type) || 1354 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1355 goto finish; 1356 1357 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace 1358 + space + rsv_space; 1359 1360 if (dquot->dq_dqb.dqb_bhardlimit && 1361 tspace > dquot->dq_dqb.dqb_bhardlimit && 1362 !ignore_hardlimit(dquot)) { 1363 if (flags & DQUOT_SPACE_WARN) 1364 prepare_warning(warn, dquot, QUOTA_NL_BHARDWARN); 1365 ret = -EDQUOT; 1366 goto finish; 1367 } 1368 1369 if (dquot->dq_dqb.dqb_bsoftlimit && 1370 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1371 dquot->dq_dqb.dqb_btime && 1372 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_btime && 1373 !ignore_hardlimit(dquot)) { 1374 if (flags & DQUOT_SPACE_WARN) 1375 prepare_warning(warn, dquot, QUOTA_NL_BSOFTLONGWARN); 1376 ret = -EDQUOT; 1377 goto finish; 1378 } 1379 1380 if (dquot->dq_dqb.dqb_bsoftlimit && 1381 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1382 dquot->dq_dqb.dqb_btime == 0) { 1383 if (flags & DQUOT_SPACE_WARN) { 1384 prepare_warning(warn, dquot, QUOTA_NL_BSOFTWARN); 1385 dquot->dq_dqb.dqb_btime = ktime_get_real_seconds() + 1386 sb_dqopt(sb)->info[dquot->dq_id.type].dqi_bgrace; 1387 } else { 1388 /* 1389 * We don't allow preallocation to exceed softlimit so exceeding will 1390 * be always printed 1391 */ 1392 ret = -EDQUOT; 1393 goto finish; 1394 } 1395 } 1396 finish: 1397 /* 1398 * We have to be careful and go through warning generation & grace time 1399 * setting even if DQUOT_SPACE_NOFAIL is set. That's why we check it 1400 * only here... 1401 */ 1402 if (flags & DQUOT_SPACE_NOFAIL) 1403 ret = 0; 1404 if (!ret) { 1405 dquot->dq_dqb.dqb_rsvspace += rsv_space; 1406 dquot->dq_dqb.dqb_curspace += space; 1407 } 1408 spin_unlock(&dquot->dq_dqb_lock); 1409 return ret; 1410 } 1411 1412 static int info_idq_free(struct dquot *dquot, qsize_t inodes) 1413 { 1414 qsize_t newinodes; 1415 1416 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1417 dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit || 1418 !sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type)) 1419 return QUOTA_NL_NOWARN; 1420 1421 newinodes = dquot->dq_dqb.dqb_curinodes - inodes; 1422 if (newinodes <= dquot->dq_dqb.dqb_isoftlimit) 1423 return QUOTA_NL_ISOFTBELOW; 1424 if (dquot->dq_dqb.dqb_curinodes >= dquot->dq_dqb.dqb_ihardlimit && 1425 newinodes < dquot->dq_dqb.dqb_ihardlimit) 1426 return QUOTA_NL_IHARDBELOW; 1427 return QUOTA_NL_NOWARN; 1428 } 1429 1430 static int info_bdq_free(struct dquot *dquot, qsize_t space) 1431 { 1432 qsize_t tspace; 1433 1434 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace; 1435 1436 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1437 tspace <= dquot->dq_dqb.dqb_bsoftlimit) 1438 return QUOTA_NL_NOWARN; 1439 1440 if (tspace - space <= dquot->dq_dqb.dqb_bsoftlimit) 1441 return QUOTA_NL_BSOFTBELOW; 1442 if (tspace >= dquot->dq_dqb.dqb_bhardlimit && 1443 tspace - space < dquot->dq_dqb.dqb_bhardlimit) 1444 return QUOTA_NL_BHARDBELOW; 1445 return QUOTA_NL_NOWARN; 1446 } 1447 1448 static int inode_quota_active(const struct inode *inode) 1449 { 1450 struct super_block *sb = inode->i_sb; 1451 1452 if (IS_NOQUOTA(inode)) 1453 return 0; 1454 return sb_any_quota_loaded(sb) & ~sb_any_quota_suspended(sb); 1455 } 1456 1457 /* 1458 * Initialize quota pointers in inode 1459 * 1460 * It is better to call this function outside of any transaction as it 1461 * might need a lot of space in journal for dquot structure allocation. 1462 */ 1463 static int __dquot_initialize(struct inode *inode, int type) 1464 { 1465 int cnt, init_needed = 0; 1466 struct dquot **dquots, *got[MAXQUOTAS] = {}; 1467 struct super_block *sb = inode->i_sb; 1468 qsize_t rsv; 1469 int ret = 0; 1470 1471 if (!inode_quota_active(inode)) 1472 return 0; 1473 1474 dquots = i_dquot(inode); 1475 1476 /* First get references to structures we might need. */ 1477 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1478 struct kqid qid; 1479 kprojid_t projid; 1480 int rc; 1481 struct dquot *dquot; 1482 1483 if (type != -1 && cnt != type) 1484 continue; 1485 /* 1486 * The i_dquot should have been initialized in most cases, 1487 * we check it without locking here to avoid unnecessary 1488 * dqget()/dqput() calls. 1489 */ 1490 if (dquots[cnt]) 1491 continue; 1492 1493 if (!sb_has_quota_active(sb, cnt)) 1494 continue; 1495 1496 init_needed = 1; 1497 1498 switch (cnt) { 1499 case USRQUOTA: 1500 qid = make_kqid_uid(inode->i_uid); 1501 break; 1502 case GRPQUOTA: 1503 qid = make_kqid_gid(inode->i_gid); 1504 break; 1505 case PRJQUOTA: 1506 rc = inode->i_sb->dq_op->get_projid(inode, &projid); 1507 if (rc) 1508 continue; 1509 qid = make_kqid_projid(projid); 1510 break; 1511 } 1512 dquot = dqget(sb, qid); 1513 if (IS_ERR(dquot)) { 1514 /* We raced with somebody turning quotas off... */ 1515 if (PTR_ERR(dquot) != -ESRCH) { 1516 ret = PTR_ERR(dquot); 1517 goto out_put; 1518 } 1519 dquot = NULL; 1520 } 1521 got[cnt] = dquot; 1522 } 1523 1524 /* All required i_dquot has been initialized */ 1525 if (!init_needed) 1526 return 0; 1527 1528 spin_lock(&dq_data_lock); 1529 if (IS_NOQUOTA(inode)) 1530 goto out_lock; 1531 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1532 if (type != -1 && cnt != type) 1533 continue; 1534 /* Avoid races with quotaoff() */ 1535 if (!sb_has_quota_active(sb, cnt)) 1536 continue; 1537 /* We could race with quotaon or dqget() could have failed */ 1538 if (!got[cnt]) 1539 continue; 1540 if (!dquots[cnt]) { 1541 dquots[cnt] = got[cnt]; 1542 got[cnt] = NULL; 1543 /* 1544 * Make quota reservation system happy if someone 1545 * did a write before quota was turned on 1546 */ 1547 rsv = inode_get_rsv_space(inode); 1548 if (unlikely(rsv)) { 1549 spin_lock(&inode->i_lock); 1550 /* Get reservation again under proper lock */ 1551 rsv = __inode_get_rsv_space(inode); 1552 spin_lock(&dquots[cnt]->dq_dqb_lock); 1553 dquots[cnt]->dq_dqb.dqb_rsvspace += rsv; 1554 spin_unlock(&dquots[cnt]->dq_dqb_lock); 1555 spin_unlock(&inode->i_lock); 1556 } 1557 } 1558 } 1559 out_lock: 1560 spin_unlock(&dq_data_lock); 1561 out_put: 1562 /* Drop unused references */ 1563 dqput_all(got); 1564 1565 return ret; 1566 } 1567 1568 int dquot_initialize(struct inode *inode) 1569 { 1570 return __dquot_initialize(inode, -1); 1571 } 1572 EXPORT_SYMBOL(dquot_initialize); 1573 1574 bool dquot_initialize_needed(struct inode *inode) 1575 { 1576 struct dquot **dquots; 1577 int i; 1578 1579 if (!inode_quota_active(inode)) 1580 return false; 1581 1582 dquots = i_dquot(inode); 1583 for (i = 0; i < MAXQUOTAS; i++) 1584 if (!dquots[i] && sb_has_quota_active(inode->i_sb, i)) 1585 return true; 1586 return false; 1587 } 1588 EXPORT_SYMBOL(dquot_initialize_needed); 1589 1590 /* 1591 * Release all quotas referenced by inode. 1592 * 1593 * This function only be called on inode free or converting 1594 * a file to quota file, no other users for the i_dquot in 1595 * both cases, so we needn't call synchronize_srcu() after 1596 * clearing i_dquot. 1597 */ 1598 static void __dquot_drop(struct inode *inode) 1599 { 1600 int cnt; 1601 struct dquot **dquots = i_dquot(inode); 1602 struct dquot *put[MAXQUOTAS]; 1603 1604 spin_lock(&dq_data_lock); 1605 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1606 put[cnt] = dquots[cnt]; 1607 dquots[cnt] = NULL; 1608 } 1609 spin_unlock(&dq_data_lock); 1610 dqput_all(put); 1611 } 1612 1613 void dquot_drop(struct inode *inode) 1614 { 1615 struct dquot * const *dquots; 1616 int cnt; 1617 1618 if (IS_NOQUOTA(inode)) 1619 return; 1620 1621 /* 1622 * Test before calling to rule out calls from proc and such 1623 * where we are not allowed to block. Note that this is 1624 * actually reliable test even without the lock - the caller 1625 * must assure that nobody can come after the DQUOT_DROP and 1626 * add quota pointers back anyway. 1627 */ 1628 dquots = i_dquot(inode); 1629 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1630 if (dquots[cnt]) 1631 break; 1632 } 1633 1634 if (cnt < MAXQUOTAS) 1635 __dquot_drop(inode); 1636 } 1637 EXPORT_SYMBOL(dquot_drop); 1638 1639 /* 1640 * inode_reserved_space is managed internally by quota, and protected by 1641 * i_lock similar to i_blocks+i_bytes. 1642 */ 1643 static qsize_t *inode_reserved_space(struct inode * inode) 1644 { 1645 /* Filesystem must explicitly define it's own method in order to use 1646 * quota reservation interface */ 1647 BUG_ON(!inode->i_sb->dq_op->get_reserved_space); 1648 return inode->i_sb->dq_op->get_reserved_space(inode); 1649 } 1650 1651 static qsize_t __inode_get_rsv_space(struct inode *inode) 1652 { 1653 if (!inode->i_sb->dq_op->get_reserved_space) 1654 return 0; 1655 return *inode_reserved_space(inode); 1656 } 1657 1658 static qsize_t inode_get_rsv_space(struct inode *inode) 1659 { 1660 qsize_t ret; 1661 1662 if (!inode->i_sb->dq_op->get_reserved_space) 1663 return 0; 1664 spin_lock(&inode->i_lock); 1665 ret = __inode_get_rsv_space(inode); 1666 spin_unlock(&inode->i_lock); 1667 return ret; 1668 } 1669 1670 /* 1671 * This functions updates i_blocks+i_bytes fields and quota information 1672 * (together with appropriate checks). 1673 * 1674 * NOTE: We absolutely rely on the fact that caller dirties the inode 1675 * (usually helpers in quotaops.h care about this) and holds a handle for 1676 * the current transaction so that dquot write and inode write go into the 1677 * same transaction. 1678 */ 1679 1680 /* 1681 * This operation can block, but only after everything is updated 1682 */ 1683 int __dquot_alloc_space(struct inode *inode, qsize_t number, int flags) 1684 { 1685 int cnt, ret = 0, index; 1686 struct dquot_warn warn[MAXQUOTAS]; 1687 int reserve = flags & DQUOT_SPACE_RESERVE; 1688 struct dquot **dquots; 1689 struct dquot *dquot; 1690 1691 if (!inode_quota_active(inode)) { 1692 if (reserve) { 1693 spin_lock(&inode->i_lock); 1694 *inode_reserved_space(inode) += number; 1695 spin_unlock(&inode->i_lock); 1696 } else { 1697 inode_add_bytes(inode, number); 1698 } 1699 goto out; 1700 } 1701 1702 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1703 warn[cnt].w_type = QUOTA_NL_NOWARN; 1704 1705 dquots = i_dquot(inode); 1706 index = srcu_read_lock(&dquot_srcu); 1707 spin_lock(&inode->i_lock); 1708 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1709 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1710 if (!dquot) 1711 continue; 1712 if (reserve) { 1713 ret = dquot_add_space(dquot, 0, number, flags, &warn[cnt]); 1714 } else { 1715 ret = dquot_add_space(dquot, number, 0, flags, &warn[cnt]); 1716 } 1717 if (ret) { 1718 /* Back out changes we already did */ 1719 for (cnt--; cnt >= 0; cnt--) { 1720 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1721 if (!dquot) 1722 continue; 1723 spin_lock(&dquot->dq_dqb_lock); 1724 if (reserve) 1725 dquot_free_reserved_space(dquot, number); 1726 else 1727 dquot_decr_space(dquot, number); 1728 spin_unlock(&dquot->dq_dqb_lock); 1729 } 1730 spin_unlock(&inode->i_lock); 1731 goto out_flush_warn; 1732 } 1733 } 1734 if (reserve) 1735 *inode_reserved_space(inode) += number; 1736 else 1737 __inode_add_bytes(inode, number); 1738 spin_unlock(&inode->i_lock); 1739 1740 if (reserve) 1741 goto out_flush_warn; 1742 mark_all_dquot_dirty(dquots); 1743 out_flush_warn: 1744 srcu_read_unlock(&dquot_srcu, index); 1745 flush_warnings(warn); 1746 out: 1747 return ret; 1748 } 1749 EXPORT_SYMBOL(__dquot_alloc_space); 1750 1751 /* 1752 * This operation can block, but only after everything is updated 1753 */ 1754 int dquot_alloc_inode(struct inode *inode) 1755 { 1756 int cnt, ret = 0, index; 1757 struct dquot_warn warn[MAXQUOTAS]; 1758 struct dquot * const *dquots; 1759 struct dquot *dquot; 1760 1761 if (!inode_quota_active(inode)) 1762 return 0; 1763 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1764 warn[cnt].w_type = QUOTA_NL_NOWARN; 1765 1766 dquots = i_dquot(inode); 1767 index = srcu_read_lock(&dquot_srcu); 1768 spin_lock(&inode->i_lock); 1769 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1770 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1771 if (!dquot) 1772 continue; 1773 ret = dquot_add_inodes(dquot, 1, &warn[cnt]); 1774 if (ret) { 1775 for (cnt--; cnt >= 0; cnt--) { 1776 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1777 if (!dquot) 1778 continue; 1779 /* Back out changes we already did */ 1780 spin_lock(&dquot->dq_dqb_lock); 1781 dquot_decr_inodes(dquot, 1); 1782 spin_unlock(&dquot->dq_dqb_lock); 1783 } 1784 goto warn_put_all; 1785 } 1786 } 1787 1788 warn_put_all: 1789 spin_unlock(&inode->i_lock); 1790 if (ret == 0) 1791 mark_all_dquot_dirty(dquots); 1792 srcu_read_unlock(&dquot_srcu, index); 1793 flush_warnings(warn); 1794 return ret; 1795 } 1796 EXPORT_SYMBOL(dquot_alloc_inode); 1797 1798 /* 1799 * Convert in-memory reserved quotas to real consumed quotas 1800 */ 1801 int dquot_claim_space_nodirty(struct inode *inode, qsize_t number) 1802 { 1803 struct dquot **dquots; 1804 struct dquot *dquot; 1805 int cnt, index; 1806 1807 if (!inode_quota_active(inode)) { 1808 spin_lock(&inode->i_lock); 1809 *inode_reserved_space(inode) -= number; 1810 __inode_add_bytes(inode, number); 1811 spin_unlock(&inode->i_lock); 1812 return 0; 1813 } 1814 1815 dquots = i_dquot(inode); 1816 index = srcu_read_lock(&dquot_srcu); 1817 spin_lock(&inode->i_lock); 1818 /* Claim reserved quotas to allocated quotas */ 1819 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1820 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1821 if (dquot) { 1822 spin_lock(&dquot->dq_dqb_lock); 1823 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_rsvspace < number)) 1824 number = dquot->dq_dqb.dqb_rsvspace; 1825 dquot->dq_dqb.dqb_curspace += number; 1826 dquot->dq_dqb.dqb_rsvspace -= number; 1827 spin_unlock(&dquot->dq_dqb_lock); 1828 } 1829 } 1830 /* Update inode bytes */ 1831 *inode_reserved_space(inode) -= number; 1832 __inode_add_bytes(inode, number); 1833 spin_unlock(&inode->i_lock); 1834 mark_all_dquot_dirty(dquots); 1835 srcu_read_unlock(&dquot_srcu, index); 1836 return 0; 1837 } 1838 EXPORT_SYMBOL(dquot_claim_space_nodirty); 1839 1840 /* 1841 * Convert allocated space back to in-memory reserved quotas 1842 */ 1843 void dquot_reclaim_space_nodirty(struct inode *inode, qsize_t number) 1844 { 1845 struct dquot **dquots; 1846 struct dquot *dquot; 1847 int cnt, index; 1848 1849 if (!inode_quota_active(inode)) { 1850 spin_lock(&inode->i_lock); 1851 *inode_reserved_space(inode) += number; 1852 __inode_sub_bytes(inode, number); 1853 spin_unlock(&inode->i_lock); 1854 return; 1855 } 1856 1857 dquots = i_dquot(inode); 1858 index = srcu_read_lock(&dquot_srcu); 1859 spin_lock(&inode->i_lock); 1860 /* Claim reserved quotas to allocated quotas */ 1861 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1862 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1863 if (dquot) { 1864 spin_lock(&dquot->dq_dqb_lock); 1865 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_curspace < number)) 1866 number = dquot->dq_dqb.dqb_curspace; 1867 dquot->dq_dqb.dqb_rsvspace += number; 1868 dquot->dq_dqb.dqb_curspace -= number; 1869 spin_unlock(&dquot->dq_dqb_lock); 1870 } 1871 } 1872 /* Update inode bytes */ 1873 *inode_reserved_space(inode) += number; 1874 __inode_sub_bytes(inode, number); 1875 spin_unlock(&inode->i_lock); 1876 mark_all_dquot_dirty(dquots); 1877 srcu_read_unlock(&dquot_srcu, index); 1878 return; 1879 } 1880 EXPORT_SYMBOL(dquot_reclaim_space_nodirty); 1881 1882 /* 1883 * This operation can block, but only after everything is updated 1884 */ 1885 void __dquot_free_space(struct inode *inode, qsize_t number, int flags) 1886 { 1887 unsigned int cnt; 1888 struct dquot_warn warn[MAXQUOTAS]; 1889 struct dquot **dquots; 1890 struct dquot *dquot; 1891 int reserve = flags & DQUOT_SPACE_RESERVE, index; 1892 1893 if (!inode_quota_active(inode)) { 1894 if (reserve) { 1895 spin_lock(&inode->i_lock); 1896 *inode_reserved_space(inode) -= number; 1897 spin_unlock(&inode->i_lock); 1898 } else { 1899 inode_sub_bytes(inode, number); 1900 } 1901 return; 1902 } 1903 1904 dquots = i_dquot(inode); 1905 index = srcu_read_lock(&dquot_srcu); 1906 spin_lock(&inode->i_lock); 1907 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1908 int wtype; 1909 1910 warn[cnt].w_type = QUOTA_NL_NOWARN; 1911 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1912 if (!dquot) 1913 continue; 1914 spin_lock(&dquot->dq_dqb_lock); 1915 wtype = info_bdq_free(dquot, number); 1916 if (wtype != QUOTA_NL_NOWARN) 1917 prepare_warning(&warn[cnt], dquot, wtype); 1918 if (reserve) 1919 dquot_free_reserved_space(dquot, number); 1920 else 1921 dquot_decr_space(dquot, number); 1922 spin_unlock(&dquot->dq_dqb_lock); 1923 } 1924 if (reserve) 1925 *inode_reserved_space(inode) -= number; 1926 else 1927 __inode_sub_bytes(inode, number); 1928 spin_unlock(&inode->i_lock); 1929 1930 if (reserve) 1931 goto out_unlock; 1932 mark_all_dquot_dirty(dquots); 1933 out_unlock: 1934 srcu_read_unlock(&dquot_srcu, index); 1935 flush_warnings(warn); 1936 } 1937 EXPORT_SYMBOL(__dquot_free_space); 1938 1939 /* 1940 * This operation can block, but only after everything is updated 1941 */ 1942 void dquot_free_inode(struct inode *inode) 1943 { 1944 unsigned int cnt; 1945 struct dquot_warn warn[MAXQUOTAS]; 1946 struct dquot * const *dquots; 1947 struct dquot *dquot; 1948 int index; 1949 1950 if (!inode_quota_active(inode)) 1951 return; 1952 1953 dquots = i_dquot(inode); 1954 index = srcu_read_lock(&dquot_srcu); 1955 spin_lock(&inode->i_lock); 1956 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1957 int wtype; 1958 warn[cnt].w_type = QUOTA_NL_NOWARN; 1959 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1960 if (!dquot) 1961 continue; 1962 spin_lock(&dquot->dq_dqb_lock); 1963 wtype = info_idq_free(dquot, 1); 1964 if (wtype != QUOTA_NL_NOWARN) 1965 prepare_warning(&warn[cnt], dquot, wtype); 1966 dquot_decr_inodes(dquot, 1); 1967 spin_unlock(&dquot->dq_dqb_lock); 1968 } 1969 spin_unlock(&inode->i_lock); 1970 mark_all_dquot_dirty(dquots); 1971 srcu_read_unlock(&dquot_srcu, index); 1972 flush_warnings(warn); 1973 } 1974 EXPORT_SYMBOL(dquot_free_inode); 1975 1976 /* 1977 * Transfer the number of inode and blocks from one diskquota to an other. 1978 * On success, dquot references in transfer_to are consumed and references 1979 * to original dquots that need to be released are placed there. On failure, 1980 * references are kept untouched. 1981 * 1982 * This operation can block, but only after everything is updated 1983 * A transaction must be started when entering this function. 1984 * 1985 * We are holding reference on transfer_from & transfer_to, no need to 1986 * protect them by srcu_read_lock(). 1987 */ 1988 int __dquot_transfer(struct inode *inode, struct dquot **transfer_to) 1989 { 1990 qsize_t cur_space; 1991 qsize_t rsv_space = 0; 1992 qsize_t inode_usage = 1; 1993 struct dquot *transfer_from[MAXQUOTAS] = {}; 1994 int cnt, index, ret = 0; 1995 char is_valid[MAXQUOTAS] = {}; 1996 struct dquot_warn warn_to[MAXQUOTAS]; 1997 struct dquot_warn warn_from_inodes[MAXQUOTAS]; 1998 struct dquot_warn warn_from_space[MAXQUOTAS]; 1999 2000 if (IS_NOQUOTA(inode)) 2001 return 0; 2002 2003 if (inode->i_sb->dq_op->get_inode_usage) { 2004 ret = inode->i_sb->dq_op->get_inode_usage(inode, &inode_usage); 2005 if (ret) 2006 return ret; 2007 } 2008 2009 /* Initialize the arrays */ 2010 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2011 warn_to[cnt].w_type = QUOTA_NL_NOWARN; 2012 warn_from_inodes[cnt].w_type = QUOTA_NL_NOWARN; 2013 warn_from_space[cnt].w_type = QUOTA_NL_NOWARN; 2014 } 2015 2016 spin_lock(&dq_data_lock); 2017 spin_lock(&inode->i_lock); 2018 if (IS_NOQUOTA(inode)) { /* File without quota accounting? */ 2019 spin_unlock(&inode->i_lock); 2020 spin_unlock(&dq_data_lock); 2021 return 0; 2022 } 2023 cur_space = __inode_get_bytes(inode); 2024 rsv_space = __inode_get_rsv_space(inode); 2025 /* 2026 * Build the transfer_from list, check limits, and update usage in 2027 * the target structures. 2028 */ 2029 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2030 /* 2031 * Skip changes for same uid or gid or for turned off quota-type. 2032 */ 2033 if (!transfer_to[cnt]) 2034 continue; 2035 /* Avoid races with quotaoff() */ 2036 if (!sb_has_quota_active(inode->i_sb, cnt)) 2037 continue; 2038 is_valid[cnt] = 1; 2039 transfer_from[cnt] = i_dquot(inode)[cnt]; 2040 ret = dquot_add_inodes(transfer_to[cnt], inode_usage, 2041 &warn_to[cnt]); 2042 if (ret) 2043 goto over_quota; 2044 ret = dquot_add_space(transfer_to[cnt], cur_space, rsv_space, 2045 DQUOT_SPACE_WARN, &warn_to[cnt]); 2046 if (ret) { 2047 spin_lock(&transfer_to[cnt]->dq_dqb_lock); 2048 dquot_decr_inodes(transfer_to[cnt], inode_usage); 2049 spin_unlock(&transfer_to[cnt]->dq_dqb_lock); 2050 goto over_quota; 2051 } 2052 } 2053 2054 /* Decrease usage for source structures and update quota pointers */ 2055 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2056 if (!is_valid[cnt]) 2057 continue; 2058 /* Due to IO error we might not have transfer_from[] structure */ 2059 if (transfer_from[cnt]) { 2060 int wtype; 2061 2062 spin_lock(&transfer_from[cnt]->dq_dqb_lock); 2063 wtype = info_idq_free(transfer_from[cnt], inode_usage); 2064 if (wtype != QUOTA_NL_NOWARN) 2065 prepare_warning(&warn_from_inodes[cnt], 2066 transfer_from[cnt], wtype); 2067 wtype = info_bdq_free(transfer_from[cnt], 2068 cur_space + rsv_space); 2069 if (wtype != QUOTA_NL_NOWARN) 2070 prepare_warning(&warn_from_space[cnt], 2071 transfer_from[cnt], wtype); 2072 dquot_decr_inodes(transfer_from[cnt], inode_usage); 2073 dquot_decr_space(transfer_from[cnt], cur_space); 2074 dquot_free_reserved_space(transfer_from[cnt], 2075 rsv_space); 2076 spin_unlock(&transfer_from[cnt]->dq_dqb_lock); 2077 } 2078 i_dquot(inode)[cnt] = transfer_to[cnt]; 2079 } 2080 spin_unlock(&inode->i_lock); 2081 spin_unlock(&dq_data_lock); 2082 2083 /* 2084 * These arrays are local and we hold dquot references so we don't need 2085 * the srcu protection but still take dquot_srcu to avoid warning in 2086 * mark_all_dquot_dirty(). 2087 */ 2088 index = srcu_read_lock(&dquot_srcu); 2089 mark_all_dquot_dirty(transfer_from); 2090 mark_all_dquot_dirty(transfer_to); 2091 srcu_read_unlock(&dquot_srcu, index); 2092 2093 flush_warnings(warn_to); 2094 flush_warnings(warn_from_inodes); 2095 flush_warnings(warn_from_space); 2096 /* Pass back references to put */ 2097 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2098 if (is_valid[cnt]) 2099 transfer_to[cnt] = transfer_from[cnt]; 2100 return 0; 2101 over_quota: 2102 /* Back out changes we already did */ 2103 for (cnt--; cnt >= 0; cnt--) { 2104 if (!is_valid[cnt]) 2105 continue; 2106 spin_lock(&transfer_to[cnt]->dq_dqb_lock); 2107 dquot_decr_inodes(transfer_to[cnt], inode_usage); 2108 dquot_decr_space(transfer_to[cnt], cur_space); 2109 dquot_free_reserved_space(transfer_to[cnt], rsv_space); 2110 spin_unlock(&transfer_to[cnt]->dq_dqb_lock); 2111 } 2112 spin_unlock(&inode->i_lock); 2113 spin_unlock(&dq_data_lock); 2114 flush_warnings(warn_to); 2115 return ret; 2116 } 2117 EXPORT_SYMBOL(__dquot_transfer); 2118 2119 /* Wrapper for transferring ownership of an inode for uid/gid only 2120 * Called from FSXXX_setattr() 2121 */ 2122 int dquot_transfer(struct mnt_idmap *idmap, struct inode *inode, 2123 struct iattr *iattr) 2124 { 2125 struct dquot *transfer_to[MAXQUOTAS] = {}; 2126 struct dquot *dquot; 2127 struct super_block *sb = inode->i_sb; 2128 int ret; 2129 2130 if (!inode_quota_active(inode)) 2131 return 0; 2132 2133 if (i_uid_needs_update(idmap, iattr, inode)) { 2134 kuid_t kuid = from_vfsuid(idmap, i_user_ns(inode), 2135 iattr->ia_vfsuid); 2136 2137 dquot = dqget(sb, make_kqid_uid(kuid)); 2138 if (IS_ERR(dquot)) { 2139 if (PTR_ERR(dquot) != -ESRCH) { 2140 ret = PTR_ERR(dquot); 2141 goto out_put; 2142 } 2143 dquot = NULL; 2144 } 2145 transfer_to[USRQUOTA] = dquot; 2146 } 2147 if (i_gid_needs_update(idmap, iattr, inode)) { 2148 kgid_t kgid = from_vfsgid(idmap, i_user_ns(inode), 2149 iattr->ia_vfsgid); 2150 2151 dquot = dqget(sb, make_kqid_gid(kgid)); 2152 if (IS_ERR(dquot)) { 2153 if (PTR_ERR(dquot) != -ESRCH) { 2154 ret = PTR_ERR(dquot); 2155 goto out_put; 2156 } 2157 dquot = NULL; 2158 } 2159 transfer_to[GRPQUOTA] = dquot; 2160 } 2161 ret = __dquot_transfer(inode, transfer_to); 2162 out_put: 2163 dqput_all(transfer_to); 2164 return ret; 2165 } 2166 EXPORT_SYMBOL(dquot_transfer); 2167 2168 /* 2169 * Write info of quota file to disk 2170 */ 2171 int dquot_commit_info(struct super_block *sb, int type) 2172 { 2173 struct quota_info *dqopt = sb_dqopt(sb); 2174 2175 return dqopt->ops[type]->write_file_info(sb, type); 2176 } 2177 EXPORT_SYMBOL(dquot_commit_info); 2178 2179 int dquot_get_next_id(struct super_block *sb, struct kqid *qid) 2180 { 2181 struct quota_info *dqopt = sb_dqopt(sb); 2182 2183 if (!sb_has_quota_active(sb, qid->type)) 2184 return -ESRCH; 2185 if (!dqopt->ops[qid->type]->get_next_id) 2186 return -ENOSYS; 2187 return dqopt->ops[qid->type]->get_next_id(sb, qid); 2188 } 2189 EXPORT_SYMBOL(dquot_get_next_id); 2190 2191 /* 2192 * Definitions of diskquota operations. 2193 */ 2194 const struct dquot_operations dquot_operations = { 2195 .write_dquot = dquot_commit, 2196 .acquire_dquot = dquot_acquire, 2197 .release_dquot = dquot_release, 2198 .mark_dirty = dquot_mark_dquot_dirty, 2199 .write_info = dquot_commit_info, 2200 .alloc_dquot = dquot_alloc, 2201 .destroy_dquot = dquot_destroy, 2202 .get_next_id = dquot_get_next_id, 2203 }; 2204 EXPORT_SYMBOL(dquot_operations); 2205 2206 /* 2207 * Generic helper for ->open on filesystems supporting disk quotas. 2208 */ 2209 int dquot_file_open(struct inode *inode, struct file *file) 2210 { 2211 int error; 2212 2213 error = generic_file_open(inode, file); 2214 if (!error && (file->f_mode & FMODE_WRITE)) 2215 error = dquot_initialize(inode); 2216 return error; 2217 } 2218 EXPORT_SYMBOL(dquot_file_open); 2219 2220 static void vfs_cleanup_quota_inode(struct super_block *sb, int type) 2221 { 2222 struct quota_info *dqopt = sb_dqopt(sb); 2223 struct inode *inode = dqopt->files[type]; 2224 2225 if (!inode) 2226 return; 2227 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2228 inode_lock(inode); 2229 inode->i_flags &= ~S_NOQUOTA; 2230 inode_unlock(inode); 2231 } 2232 dqopt->files[type] = NULL; 2233 iput(inode); 2234 } 2235 2236 /* 2237 * Turn quota off on a device. type == -1 ==> quotaoff for all types (umount) 2238 */ 2239 int dquot_disable(struct super_block *sb, int type, unsigned int flags) 2240 { 2241 int cnt; 2242 struct quota_info *dqopt = sb_dqopt(sb); 2243 2244 /* s_umount should be held in exclusive mode */ 2245 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount))) 2246 up_read(&sb->s_umount); 2247 2248 /* Cannot turn off usage accounting without turning off limits, or 2249 * suspend quotas and simultaneously turn quotas off. */ 2250 if ((flags & DQUOT_USAGE_ENABLED && !(flags & DQUOT_LIMITS_ENABLED)) 2251 || (flags & DQUOT_SUSPENDED && flags & (DQUOT_LIMITS_ENABLED | 2252 DQUOT_USAGE_ENABLED))) 2253 return -EINVAL; 2254 2255 /* 2256 * Skip everything if there's nothing to do. We have to do this because 2257 * sometimes we are called when fill_super() failed and calling 2258 * sync_fs() in such cases does no good. 2259 */ 2260 if (!sb_any_quota_loaded(sb)) 2261 return 0; 2262 2263 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2264 if (type != -1 && cnt != type) 2265 continue; 2266 if (!sb_has_quota_loaded(sb, cnt)) 2267 continue; 2268 2269 if (flags & DQUOT_SUSPENDED) { 2270 spin_lock(&dq_state_lock); 2271 dqopt->flags |= 2272 dquot_state_flag(DQUOT_SUSPENDED, cnt); 2273 spin_unlock(&dq_state_lock); 2274 } else { 2275 spin_lock(&dq_state_lock); 2276 dqopt->flags &= ~dquot_state_flag(flags, cnt); 2277 /* Turning off suspended quotas? */ 2278 if (!sb_has_quota_loaded(sb, cnt) && 2279 sb_has_quota_suspended(sb, cnt)) { 2280 dqopt->flags &= ~dquot_state_flag( 2281 DQUOT_SUSPENDED, cnt); 2282 spin_unlock(&dq_state_lock); 2283 vfs_cleanup_quota_inode(sb, cnt); 2284 continue; 2285 } 2286 spin_unlock(&dq_state_lock); 2287 } 2288 2289 /* We still have to keep quota loaded? */ 2290 if (sb_has_quota_loaded(sb, cnt) && !(flags & DQUOT_SUSPENDED)) 2291 continue; 2292 2293 /* Note: these are blocking operations */ 2294 drop_dquot_ref(sb, cnt); 2295 invalidate_dquots(sb, cnt); 2296 /* 2297 * Now all dquots should be invalidated, all writes done so we 2298 * should be only users of the info. No locks needed. 2299 */ 2300 if (info_dirty(&dqopt->info[cnt])) 2301 sb->dq_op->write_info(sb, cnt); 2302 if (dqopt->ops[cnt]->free_file_info) 2303 dqopt->ops[cnt]->free_file_info(sb, cnt); 2304 put_quota_format(dqopt->info[cnt].dqi_format); 2305 dqopt->info[cnt].dqi_flags = 0; 2306 dqopt->info[cnt].dqi_igrace = 0; 2307 dqopt->info[cnt].dqi_bgrace = 0; 2308 dqopt->ops[cnt] = NULL; 2309 } 2310 2311 /* Skip syncing and setting flags if quota files are hidden */ 2312 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) 2313 goto put_inodes; 2314 2315 /* Sync the superblock so that buffers with quota data are written to 2316 * disk (and so userspace sees correct data afterwards). */ 2317 if (sb->s_op->sync_fs) 2318 sb->s_op->sync_fs(sb, 1); 2319 sync_blockdev(sb->s_bdev); 2320 /* Now the quota files are just ordinary files and we can set the 2321 * inode flags back. Moreover we discard the pagecache so that 2322 * userspace sees the writes we did bypassing the pagecache. We 2323 * must also discard the blockdev buffers so that we see the 2324 * changes done by userspace on the next quotaon() */ 2325 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2326 if (!sb_has_quota_loaded(sb, cnt) && dqopt->files[cnt]) { 2327 inode_lock(dqopt->files[cnt]); 2328 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0); 2329 inode_unlock(dqopt->files[cnt]); 2330 } 2331 if (sb->s_bdev) 2332 invalidate_bdev(sb->s_bdev); 2333 put_inodes: 2334 /* We are done when suspending quotas */ 2335 if (flags & DQUOT_SUSPENDED) 2336 return 0; 2337 2338 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2339 if (!sb_has_quota_loaded(sb, cnt)) 2340 vfs_cleanup_quota_inode(sb, cnt); 2341 return 0; 2342 } 2343 EXPORT_SYMBOL(dquot_disable); 2344 2345 int dquot_quota_off(struct super_block *sb, int type) 2346 { 2347 return dquot_disable(sb, type, 2348 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2349 } 2350 EXPORT_SYMBOL(dquot_quota_off); 2351 2352 /* 2353 * Turn quotas on on a device 2354 */ 2355 2356 static int vfs_setup_quota_inode(struct inode *inode, int type) 2357 { 2358 struct super_block *sb = inode->i_sb; 2359 struct quota_info *dqopt = sb_dqopt(sb); 2360 2361 if (is_bad_inode(inode)) 2362 return -EUCLEAN; 2363 if (!S_ISREG(inode->i_mode)) 2364 return -EACCES; 2365 if (IS_RDONLY(inode)) 2366 return -EROFS; 2367 if (sb_has_quota_loaded(sb, type)) 2368 return -EBUSY; 2369 2370 /* 2371 * Quota files should never be encrypted. They should be thought of as 2372 * filesystem metadata, not user data. New-style internal quota files 2373 * cannot be encrypted by users anyway, but old-style external quota 2374 * files could potentially be incorrectly created in an encrypted 2375 * directory, hence this explicit check. Some reasons why encrypted 2376 * quota files don't work include: (1) some filesystems that support 2377 * encryption don't handle it in their quota_read and quota_write, and 2378 * (2) cleaning up encrypted quota files at unmount would need special 2379 * consideration, as quota files are cleaned up later than user files. 2380 */ 2381 if (IS_ENCRYPTED(inode)) 2382 return -EINVAL; 2383 2384 dqopt->files[type] = igrab(inode); 2385 if (!dqopt->files[type]) 2386 return -EIO; 2387 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2388 /* We don't want quota and atime on quota files (deadlocks 2389 * possible) Also nobody should write to the file - we use 2390 * special IO operations which ignore the immutable bit. */ 2391 inode_lock(inode); 2392 inode->i_flags |= S_NOQUOTA; 2393 inode_unlock(inode); 2394 /* 2395 * When S_NOQUOTA is set, remove dquot references as no more 2396 * references can be added 2397 */ 2398 __dquot_drop(inode); 2399 } 2400 return 0; 2401 } 2402 2403 int dquot_load_quota_sb(struct super_block *sb, int type, int format_id, 2404 unsigned int flags) 2405 { 2406 struct quota_format_type *fmt = find_quota_format(format_id); 2407 struct quota_info *dqopt = sb_dqopt(sb); 2408 int error; 2409 2410 lockdep_assert_held_write(&sb->s_umount); 2411 2412 /* Just unsuspend quotas? */ 2413 BUG_ON(flags & DQUOT_SUSPENDED); 2414 2415 if (!fmt) 2416 return -ESRCH; 2417 if (!sb->dq_op || !sb->s_qcop || 2418 (type == PRJQUOTA && sb->dq_op->get_projid == NULL)) { 2419 error = -EINVAL; 2420 goto out_fmt; 2421 } 2422 /* Filesystems outside of init_user_ns not yet supported */ 2423 if (sb->s_user_ns != &init_user_ns) { 2424 error = -EINVAL; 2425 goto out_fmt; 2426 } 2427 /* Usage always has to be set... */ 2428 if (!(flags & DQUOT_USAGE_ENABLED)) { 2429 error = -EINVAL; 2430 goto out_fmt; 2431 } 2432 if (sb_has_quota_loaded(sb, type)) { 2433 error = -EBUSY; 2434 goto out_fmt; 2435 } 2436 2437 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2438 /* As we bypass the pagecache we must now flush all the 2439 * dirty data and invalidate caches so that kernel sees 2440 * changes from userspace. It is not enough to just flush 2441 * the quota file since if blocksize < pagesize, invalidation 2442 * of the cache could fail because of other unrelated dirty 2443 * data */ 2444 sync_filesystem(sb); 2445 invalidate_bdev(sb->s_bdev); 2446 } 2447 2448 error = -EINVAL; 2449 if (!fmt->qf_ops->check_quota_file(sb, type)) 2450 goto out_fmt; 2451 2452 dqopt->ops[type] = fmt->qf_ops; 2453 dqopt->info[type].dqi_format = fmt; 2454 dqopt->info[type].dqi_fmt_id = format_id; 2455 INIT_LIST_HEAD(&dqopt->info[type].dqi_dirty_list); 2456 error = dqopt->ops[type]->read_file_info(sb, type); 2457 if (error < 0) 2458 goto out_fmt; 2459 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) { 2460 spin_lock(&dq_data_lock); 2461 dqopt->info[type].dqi_flags |= DQF_SYS_FILE; 2462 spin_unlock(&dq_data_lock); 2463 } 2464 spin_lock(&dq_state_lock); 2465 dqopt->flags |= dquot_state_flag(flags, type); 2466 spin_unlock(&dq_state_lock); 2467 2468 error = add_dquot_ref(sb, type); 2469 if (error) 2470 dquot_disable(sb, type, 2471 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2472 2473 return error; 2474 out_fmt: 2475 put_quota_format(fmt); 2476 2477 return error; 2478 } 2479 EXPORT_SYMBOL(dquot_load_quota_sb); 2480 2481 /* 2482 * More powerful function for turning on quotas on given quota inode allowing 2483 * setting of individual quota flags 2484 */ 2485 int dquot_load_quota_inode(struct inode *inode, int type, int format_id, 2486 unsigned int flags) 2487 { 2488 int err; 2489 2490 err = vfs_setup_quota_inode(inode, type); 2491 if (err < 0) 2492 return err; 2493 err = dquot_load_quota_sb(inode->i_sb, type, format_id, flags); 2494 if (err < 0) 2495 vfs_cleanup_quota_inode(inode->i_sb, type); 2496 return err; 2497 } 2498 EXPORT_SYMBOL(dquot_load_quota_inode); 2499 2500 /* Reenable quotas on remount RW */ 2501 int dquot_resume(struct super_block *sb, int type) 2502 { 2503 struct quota_info *dqopt = sb_dqopt(sb); 2504 int ret = 0, cnt; 2505 unsigned int flags; 2506 2507 /* s_umount should be held in exclusive mode */ 2508 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount))) 2509 up_read(&sb->s_umount); 2510 2511 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2512 if (type != -1 && cnt != type) 2513 continue; 2514 if (!sb_has_quota_suspended(sb, cnt)) 2515 continue; 2516 2517 spin_lock(&dq_state_lock); 2518 flags = dqopt->flags & dquot_state_flag(DQUOT_USAGE_ENABLED | 2519 DQUOT_LIMITS_ENABLED, 2520 cnt); 2521 dqopt->flags &= ~dquot_state_flag(DQUOT_STATE_FLAGS, cnt); 2522 spin_unlock(&dq_state_lock); 2523 2524 flags = dquot_generic_flag(flags, cnt); 2525 ret = dquot_load_quota_sb(sb, cnt, dqopt->info[cnt].dqi_fmt_id, 2526 flags); 2527 if (ret < 0) 2528 vfs_cleanup_quota_inode(sb, cnt); 2529 } 2530 2531 return ret; 2532 } 2533 EXPORT_SYMBOL(dquot_resume); 2534 2535 int dquot_quota_on(struct super_block *sb, int type, int format_id, 2536 const struct path *path) 2537 { 2538 int error = security_quota_on(path->dentry); 2539 if (error) 2540 return error; 2541 /* Quota file not on the same filesystem? */ 2542 if (path->dentry->d_sb != sb) 2543 error = -EXDEV; 2544 else 2545 error = dquot_load_quota_inode(d_inode(path->dentry), type, 2546 format_id, DQUOT_USAGE_ENABLED | 2547 DQUOT_LIMITS_ENABLED); 2548 return error; 2549 } 2550 EXPORT_SYMBOL(dquot_quota_on); 2551 2552 /* 2553 * This function is used when filesystem needs to initialize quotas 2554 * during mount time. 2555 */ 2556 int dquot_quota_on_mount(struct super_block *sb, char *qf_name, 2557 int format_id, int type) 2558 { 2559 struct dentry *dentry; 2560 int error; 2561 2562 dentry = lookup_positive_unlocked(qf_name, sb->s_root, strlen(qf_name)); 2563 if (IS_ERR(dentry)) 2564 return PTR_ERR(dentry); 2565 2566 error = security_quota_on(dentry); 2567 if (!error) 2568 error = dquot_load_quota_inode(d_inode(dentry), type, format_id, 2569 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2570 2571 dput(dentry); 2572 return error; 2573 } 2574 EXPORT_SYMBOL(dquot_quota_on_mount); 2575 2576 static int dquot_quota_enable(struct super_block *sb, unsigned int flags) 2577 { 2578 int ret; 2579 int type; 2580 struct quota_info *dqopt = sb_dqopt(sb); 2581 2582 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) 2583 return -ENOSYS; 2584 /* Accounting cannot be turned on while fs is mounted */ 2585 flags &= ~(FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT); 2586 if (!flags) 2587 return -EINVAL; 2588 for (type = 0; type < MAXQUOTAS; type++) { 2589 if (!(flags & qtype_enforce_flag(type))) 2590 continue; 2591 /* Can't enforce without accounting */ 2592 if (!sb_has_quota_usage_enabled(sb, type)) { 2593 ret = -EINVAL; 2594 goto out_err; 2595 } 2596 if (sb_has_quota_limits_enabled(sb, type)) { 2597 ret = -EBUSY; 2598 goto out_err; 2599 } 2600 spin_lock(&dq_state_lock); 2601 dqopt->flags |= dquot_state_flag(DQUOT_LIMITS_ENABLED, type); 2602 spin_unlock(&dq_state_lock); 2603 } 2604 return 0; 2605 out_err: 2606 /* Backout enforcement enablement we already did */ 2607 for (type--; type >= 0; type--) { 2608 if (flags & qtype_enforce_flag(type)) 2609 dquot_disable(sb, type, DQUOT_LIMITS_ENABLED); 2610 } 2611 /* Error code translation for better compatibility with XFS */ 2612 if (ret == -EBUSY) 2613 ret = -EEXIST; 2614 return ret; 2615 } 2616 2617 static int dquot_quota_disable(struct super_block *sb, unsigned int flags) 2618 { 2619 int ret; 2620 int type; 2621 struct quota_info *dqopt = sb_dqopt(sb); 2622 2623 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) 2624 return -ENOSYS; 2625 /* 2626 * We don't support turning off accounting via quotactl. In principle 2627 * quota infrastructure can do this but filesystems don't expect 2628 * userspace to be able to do it. 2629 */ 2630 if (flags & 2631 (FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT)) 2632 return -EOPNOTSUPP; 2633 2634 /* Filter out limits not enabled */ 2635 for (type = 0; type < MAXQUOTAS; type++) 2636 if (!sb_has_quota_limits_enabled(sb, type)) 2637 flags &= ~qtype_enforce_flag(type); 2638 /* Nothing left? */ 2639 if (!flags) 2640 return -EEXIST; 2641 for (type = 0; type < MAXQUOTAS; type++) { 2642 if (flags & qtype_enforce_flag(type)) { 2643 ret = dquot_disable(sb, type, DQUOT_LIMITS_ENABLED); 2644 if (ret < 0) 2645 goto out_err; 2646 } 2647 } 2648 return 0; 2649 out_err: 2650 /* Backout enforcement disabling we already did */ 2651 for (type--; type >= 0; type--) { 2652 if (flags & qtype_enforce_flag(type)) { 2653 spin_lock(&dq_state_lock); 2654 dqopt->flags |= 2655 dquot_state_flag(DQUOT_LIMITS_ENABLED, type); 2656 spin_unlock(&dq_state_lock); 2657 } 2658 } 2659 return ret; 2660 } 2661 2662 /* Generic routine for getting common part of quota structure */ 2663 static void do_get_dqblk(struct dquot *dquot, struct qc_dqblk *di) 2664 { 2665 struct mem_dqblk *dm = &dquot->dq_dqb; 2666 2667 memset(di, 0, sizeof(*di)); 2668 spin_lock(&dquot->dq_dqb_lock); 2669 di->d_spc_hardlimit = dm->dqb_bhardlimit; 2670 di->d_spc_softlimit = dm->dqb_bsoftlimit; 2671 di->d_ino_hardlimit = dm->dqb_ihardlimit; 2672 di->d_ino_softlimit = dm->dqb_isoftlimit; 2673 di->d_space = dm->dqb_curspace + dm->dqb_rsvspace; 2674 di->d_ino_count = dm->dqb_curinodes; 2675 di->d_spc_timer = dm->dqb_btime; 2676 di->d_ino_timer = dm->dqb_itime; 2677 spin_unlock(&dquot->dq_dqb_lock); 2678 } 2679 2680 int dquot_get_dqblk(struct super_block *sb, struct kqid qid, 2681 struct qc_dqblk *di) 2682 { 2683 struct dquot *dquot; 2684 2685 dquot = dqget(sb, qid); 2686 if (IS_ERR(dquot)) 2687 return PTR_ERR(dquot); 2688 do_get_dqblk(dquot, di); 2689 dqput(dquot); 2690 2691 return 0; 2692 } 2693 EXPORT_SYMBOL(dquot_get_dqblk); 2694 2695 int dquot_get_next_dqblk(struct super_block *sb, struct kqid *qid, 2696 struct qc_dqblk *di) 2697 { 2698 struct dquot *dquot; 2699 int err; 2700 2701 if (!sb->dq_op->get_next_id) 2702 return -ENOSYS; 2703 err = sb->dq_op->get_next_id(sb, qid); 2704 if (err < 0) 2705 return err; 2706 dquot = dqget(sb, *qid); 2707 if (IS_ERR(dquot)) 2708 return PTR_ERR(dquot); 2709 do_get_dqblk(dquot, di); 2710 dqput(dquot); 2711 2712 return 0; 2713 } 2714 EXPORT_SYMBOL(dquot_get_next_dqblk); 2715 2716 #define VFS_QC_MASK \ 2717 (QC_SPACE | QC_SPC_SOFT | QC_SPC_HARD | \ 2718 QC_INO_COUNT | QC_INO_SOFT | QC_INO_HARD | \ 2719 QC_SPC_TIMER | QC_INO_TIMER) 2720 2721 /* Generic routine for setting common part of quota structure */ 2722 static int do_set_dqblk(struct dquot *dquot, struct qc_dqblk *di) 2723 { 2724 struct mem_dqblk *dm = &dquot->dq_dqb; 2725 int check_blim = 0, check_ilim = 0; 2726 struct mem_dqinfo *dqi = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type]; 2727 2728 if (di->d_fieldmask & ~VFS_QC_MASK) 2729 return -EINVAL; 2730 2731 if (((di->d_fieldmask & QC_SPC_SOFT) && 2732 di->d_spc_softlimit > dqi->dqi_max_spc_limit) || 2733 ((di->d_fieldmask & QC_SPC_HARD) && 2734 di->d_spc_hardlimit > dqi->dqi_max_spc_limit) || 2735 ((di->d_fieldmask & QC_INO_SOFT) && 2736 (di->d_ino_softlimit > dqi->dqi_max_ino_limit)) || 2737 ((di->d_fieldmask & QC_INO_HARD) && 2738 (di->d_ino_hardlimit > dqi->dqi_max_ino_limit))) 2739 return -ERANGE; 2740 2741 spin_lock(&dquot->dq_dqb_lock); 2742 if (di->d_fieldmask & QC_SPACE) { 2743 dm->dqb_curspace = di->d_space - dm->dqb_rsvspace; 2744 check_blim = 1; 2745 set_bit(DQ_LASTSET_B + QIF_SPACE_B, &dquot->dq_flags); 2746 } 2747 2748 if (di->d_fieldmask & QC_SPC_SOFT) 2749 dm->dqb_bsoftlimit = di->d_spc_softlimit; 2750 if (di->d_fieldmask & QC_SPC_HARD) 2751 dm->dqb_bhardlimit = di->d_spc_hardlimit; 2752 if (di->d_fieldmask & (QC_SPC_SOFT | QC_SPC_HARD)) { 2753 check_blim = 1; 2754 set_bit(DQ_LASTSET_B + QIF_BLIMITS_B, &dquot->dq_flags); 2755 } 2756 2757 if (di->d_fieldmask & QC_INO_COUNT) { 2758 dm->dqb_curinodes = di->d_ino_count; 2759 check_ilim = 1; 2760 set_bit(DQ_LASTSET_B + QIF_INODES_B, &dquot->dq_flags); 2761 } 2762 2763 if (di->d_fieldmask & QC_INO_SOFT) 2764 dm->dqb_isoftlimit = di->d_ino_softlimit; 2765 if (di->d_fieldmask & QC_INO_HARD) 2766 dm->dqb_ihardlimit = di->d_ino_hardlimit; 2767 if (di->d_fieldmask & (QC_INO_SOFT | QC_INO_HARD)) { 2768 check_ilim = 1; 2769 set_bit(DQ_LASTSET_B + QIF_ILIMITS_B, &dquot->dq_flags); 2770 } 2771 2772 if (di->d_fieldmask & QC_SPC_TIMER) { 2773 dm->dqb_btime = di->d_spc_timer; 2774 check_blim = 1; 2775 set_bit(DQ_LASTSET_B + QIF_BTIME_B, &dquot->dq_flags); 2776 } 2777 2778 if (di->d_fieldmask & QC_INO_TIMER) { 2779 dm->dqb_itime = di->d_ino_timer; 2780 check_ilim = 1; 2781 set_bit(DQ_LASTSET_B + QIF_ITIME_B, &dquot->dq_flags); 2782 } 2783 2784 if (check_blim) { 2785 if (!dm->dqb_bsoftlimit || 2786 dm->dqb_curspace + dm->dqb_rsvspace <= dm->dqb_bsoftlimit) { 2787 dm->dqb_btime = 0; 2788 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 2789 } else if (!(di->d_fieldmask & QC_SPC_TIMER)) 2790 /* Set grace only if user hasn't provided his own... */ 2791 dm->dqb_btime = ktime_get_real_seconds() + dqi->dqi_bgrace; 2792 } 2793 if (check_ilim) { 2794 if (!dm->dqb_isoftlimit || 2795 dm->dqb_curinodes <= dm->dqb_isoftlimit) { 2796 dm->dqb_itime = 0; 2797 clear_bit(DQ_INODES_B, &dquot->dq_flags); 2798 } else if (!(di->d_fieldmask & QC_INO_TIMER)) 2799 /* Set grace only if user hasn't provided his own... */ 2800 dm->dqb_itime = ktime_get_real_seconds() + dqi->dqi_igrace; 2801 } 2802 if (dm->dqb_bhardlimit || dm->dqb_bsoftlimit || dm->dqb_ihardlimit || 2803 dm->dqb_isoftlimit) 2804 clear_bit(DQ_FAKE_B, &dquot->dq_flags); 2805 else 2806 set_bit(DQ_FAKE_B, &dquot->dq_flags); 2807 spin_unlock(&dquot->dq_dqb_lock); 2808 mark_dquot_dirty(dquot); 2809 2810 return 0; 2811 } 2812 2813 int dquot_set_dqblk(struct super_block *sb, struct kqid qid, 2814 struct qc_dqblk *di) 2815 { 2816 struct dquot *dquot; 2817 int rc; 2818 2819 dquot = dqget(sb, qid); 2820 if (IS_ERR(dquot)) { 2821 rc = PTR_ERR(dquot); 2822 goto out; 2823 } 2824 rc = do_set_dqblk(dquot, di); 2825 dqput(dquot); 2826 out: 2827 return rc; 2828 } 2829 EXPORT_SYMBOL(dquot_set_dqblk); 2830 2831 /* Generic routine for getting common part of quota file information */ 2832 int dquot_get_state(struct super_block *sb, struct qc_state *state) 2833 { 2834 struct mem_dqinfo *mi; 2835 struct qc_type_state *tstate; 2836 struct quota_info *dqopt = sb_dqopt(sb); 2837 int type; 2838 2839 memset(state, 0, sizeof(*state)); 2840 for (type = 0; type < MAXQUOTAS; type++) { 2841 if (!sb_has_quota_active(sb, type)) 2842 continue; 2843 tstate = state->s_state + type; 2844 mi = sb_dqopt(sb)->info + type; 2845 tstate->flags = QCI_ACCT_ENABLED; 2846 spin_lock(&dq_data_lock); 2847 if (mi->dqi_flags & DQF_SYS_FILE) 2848 tstate->flags |= QCI_SYSFILE; 2849 if (mi->dqi_flags & DQF_ROOT_SQUASH) 2850 tstate->flags |= QCI_ROOT_SQUASH; 2851 if (sb_has_quota_limits_enabled(sb, type)) 2852 tstate->flags |= QCI_LIMITS_ENFORCED; 2853 tstate->spc_timelimit = mi->dqi_bgrace; 2854 tstate->ino_timelimit = mi->dqi_igrace; 2855 if (dqopt->files[type]) { 2856 tstate->ino = dqopt->files[type]->i_ino; 2857 tstate->blocks = dqopt->files[type]->i_blocks; 2858 } 2859 tstate->nextents = 1; /* We don't know... */ 2860 spin_unlock(&dq_data_lock); 2861 } 2862 return 0; 2863 } 2864 EXPORT_SYMBOL(dquot_get_state); 2865 2866 /* Generic routine for setting common part of quota file information */ 2867 int dquot_set_dqinfo(struct super_block *sb, int type, struct qc_info *ii) 2868 { 2869 struct mem_dqinfo *mi; 2870 2871 if ((ii->i_fieldmask & QC_WARNS_MASK) || 2872 (ii->i_fieldmask & QC_RT_SPC_TIMER)) 2873 return -EINVAL; 2874 if (!sb_has_quota_active(sb, type)) 2875 return -ESRCH; 2876 mi = sb_dqopt(sb)->info + type; 2877 if (ii->i_fieldmask & QC_FLAGS) { 2878 if ((ii->i_flags & QCI_ROOT_SQUASH && 2879 mi->dqi_format->qf_fmt_id != QFMT_VFS_OLD)) 2880 return -EINVAL; 2881 } 2882 spin_lock(&dq_data_lock); 2883 if (ii->i_fieldmask & QC_SPC_TIMER) 2884 mi->dqi_bgrace = ii->i_spc_timelimit; 2885 if (ii->i_fieldmask & QC_INO_TIMER) 2886 mi->dqi_igrace = ii->i_ino_timelimit; 2887 if (ii->i_fieldmask & QC_FLAGS) { 2888 if (ii->i_flags & QCI_ROOT_SQUASH) 2889 mi->dqi_flags |= DQF_ROOT_SQUASH; 2890 else 2891 mi->dqi_flags &= ~DQF_ROOT_SQUASH; 2892 } 2893 spin_unlock(&dq_data_lock); 2894 mark_info_dirty(sb, type); 2895 /* Force write to disk */ 2896 return sb->dq_op->write_info(sb, type); 2897 } 2898 EXPORT_SYMBOL(dquot_set_dqinfo); 2899 2900 const struct quotactl_ops dquot_quotactl_sysfile_ops = { 2901 .quota_enable = dquot_quota_enable, 2902 .quota_disable = dquot_quota_disable, 2903 .quota_sync = dquot_quota_sync, 2904 .get_state = dquot_get_state, 2905 .set_info = dquot_set_dqinfo, 2906 .get_dqblk = dquot_get_dqblk, 2907 .get_nextdqblk = dquot_get_next_dqblk, 2908 .set_dqblk = dquot_set_dqblk 2909 }; 2910 EXPORT_SYMBOL(dquot_quotactl_sysfile_ops); 2911 2912 static int do_proc_dqstats(struct ctl_table *table, int write, 2913 void *buffer, size_t *lenp, loff_t *ppos) 2914 { 2915 unsigned int type = (unsigned long *)table->data - dqstats.stat; 2916 s64 value = percpu_counter_sum(&dqstats.counter[type]); 2917 2918 /* Filter negative values for non-monotonic counters */ 2919 if (value < 0 && (type == DQST_ALLOC_DQUOTS || 2920 type == DQST_FREE_DQUOTS)) 2921 value = 0; 2922 2923 /* Update global table */ 2924 dqstats.stat[type] = value; 2925 return proc_doulongvec_minmax(table, write, buffer, lenp, ppos); 2926 } 2927 2928 static struct ctl_table fs_dqstats_table[] = { 2929 { 2930 .procname = "lookups", 2931 .data = &dqstats.stat[DQST_LOOKUPS], 2932 .maxlen = sizeof(unsigned long), 2933 .mode = 0444, 2934 .proc_handler = do_proc_dqstats, 2935 }, 2936 { 2937 .procname = "drops", 2938 .data = &dqstats.stat[DQST_DROPS], 2939 .maxlen = sizeof(unsigned long), 2940 .mode = 0444, 2941 .proc_handler = do_proc_dqstats, 2942 }, 2943 { 2944 .procname = "reads", 2945 .data = &dqstats.stat[DQST_READS], 2946 .maxlen = sizeof(unsigned long), 2947 .mode = 0444, 2948 .proc_handler = do_proc_dqstats, 2949 }, 2950 { 2951 .procname = "writes", 2952 .data = &dqstats.stat[DQST_WRITES], 2953 .maxlen = sizeof(unsigned long), 2954 .mode = 0444, 2955 .proc_handler = do_proc_dqstats, 2956 }, 2957 { 2958 .procname = "cache_hits", 2959 .data = &dqstats.stat[DQST_CACHE_HITS], 2960 .maxlen = sizeof(unsigned long), 2961 .mode = 0444, 2962 .proc_handler = do_proc_dqstats, 2963 }, 2964 { 2965 .procname = "allocated_dquots", 2966 .data = &dqstats.stat[DQST_ALLOC_DQUOTS], 2967 .maxlen = sizeof(unsigned long), 2968 .mode = 0444, 2969 .proc_handler = do_proc_dqstats, 2970 }, 2971 { 2972 .procname = "free_dquots", 2973 .data = &dqstats.stat[DQST_FREE_DQUOTS], 2974 .maxlen = sizeof(unsigned long), 2975 .mode = 0444, 2976 .proc_handler = do_proc_dqstats, 2977 }, 2978 { 2979 .procname = "syncs", 2980 .data = &dqstats.stat[DQST_SYNCS], 2981 .maxlen = sizeof(unsigned long), 2982 .mode = 0444, 2983 .proc_handler = do_proc_dqstats, 2984 }, 2985 #ifdef CONFIG_PRINT_QUOTA_WARNING 2986 { 2987 .procname = "warnings", 2988 .data = &flag_print_warnings, 2989 .maxlen = sizeof(int), 2990 .mode = 0644, 2991 .proc_handler = proc_dointvec, 2992 }, 2993 #endif 2994 { }, 2995 }; 2996 2997 static int __init dquot_init(void) 2998 { 2999 int i, ret; 3000 unsigned long nr_hash, order; 3001 3002 printk(KERN_NOTICE "VFS: Disk quotas %s\n", __DQUOT_VERSION__); 3003 3004 register_sysctl_init("fs/quota", fs_dqstats_table); 3005 3006 dquot_cachep = kmem_cache_create("dquot", 3007 sizeof(struct dquot), sizeof(unsigned long) * 4, 3008 (SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT| 3009 SLAB_MEM_SPREAD|SLAB_PANIC), 3010 NULL); 3011 3012 order = 0; 3013 dquot_hash = (struct hlist_head *)__get_free_pages(GFP_KERNEL, order); 3014 if (!dquot_hash) 3015 panic("Cannot create dquot hash table"); 3016 3017 for (i = 0; i < _DQST_DQSTAT_LAST; i++) { 3018 ret = percpu_counter_init(&dqstats.counter[i], 0, GFP_KERNEL); 3019 if (ret) 3020 panic("Cannot create dquot stat counters"); 3021 } 3022 3023 /* Find power-of-two hlist_heads which can fit into allocation */ 3024 nr_hash = (1UL << order) * PAGE_SIZE / sizeof(struct hlist_head); 3025 dq_hash_bits = ilog2(nr_hash); 3026 3027 nr_hash = 1UL << dq_hash_bits; 3028 dq_hash_mask = nr_hash - 1; 3029 for (i = 0; i < nr_hash; i++) 3030 INIT_HLIST_HEAD(dquot_hash + i); 3031 3032 pr_info("VFS: Dquot-cache hash table entries: %ld (order %ld," 3033 " %ld bytes)\n", nr_hash, order, (PAGE_SIZE << order)); 3034 3035 if (register_shrinker(&dqcache_shrinker, "dquota-cache")) 3036 panic("Cannot register dquot shrinker"); 3037 3038 return 0; 3039 } 3040 fs_initcall(dquot_init); 3041