1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Implementation of the diskquota system for the LINUX operating system. QUOTA 4 * is implemented using the BSD system call interface as the means of 5 * communication with the user level. This file contains the generic routines 6 * called by the different filesystems on allocation of an inode or block. 7 * These routines take care of the administration needed to have a consistent 8 * diskquota tracking system. The ideas of both user and group quotas are based 9 * on the Melbourne quota system as used on BSD derived systems. The internal 10 * implementation is based on one of the several variants of the LINUX 11 * inode-subsystem with added complexity of the diskquota system. 12 * 13 * Author: Marco van Wieringen <mvw@planets.elm.net> 14 * 15 * Fixes: Dmitry Gorodchanin <pgmdsg@ibi.com>, 11 Feb 96 16 * 17 * Revised list management to avoid races 18 * -- Bill Hawes, <whawes@star.net>, 9/98 19 * 20 * Fixed races in dquot_transfer(), dqget() and dquot_alloc_...(). 21 * As the consequence the locking was moved from dquot_decr_...(), 22 * dquot_incr_...() to calling functions. 23 * invalidate_dquots() now writes modified dquots. 24 * Serialized quota_off() and quota_on() for mount point. 25 * Fixed a few bugs in grow_dquots(). 26 * Fixed deadlock in write_dquot() - we no longer account quotas on 27 * quota files 28 * remove_dquot_ref() moved to inode.c - it now traverses through inodes 29 * add_dquot_ref() restarts after blocking 30 * Added check for bogus uid and fixed check for group in quotactl. 31 * Jan Kara, <jack@suse.cz>, sponsored by SuSE CR, 10-11/99 32 * 33 * Used struct list_head instead of own list struct 34 * Invalidation of referenced dquots is no longer possible 35 * Improved free_dquots list management 36 * Quota and i_blocks are now updated in one place to avoid races 37 * Warnings are now delayed so we won't block in critical section 38 * Write updated not to require dquot lock 39 * Jan Kara, <jack@suse.cz>, 9/2000 40 * 41 * Added dynamic quota structure allocation 42 * Jan Kara <jack@suse.cz> 12/2000 43 * 44 * Rewritten quota interface. Implemented new quota format and 45 * formats registering. 46 * Jan Kara, <jack@suse.cz>, 2001,2002 47 * 48 * New SMP locking. 49 * Jan Kara, <jack@suse.cz>, 10/2002 50 * 51 * Added journalled quota support, fix lock inversion problems 52 * Jan Kara, <jack@suse.cz>, 2003,2004 53 * 54 * (C) Copyright 1994 - 1997 Marco van Wieringen 55 */ 56 57 #include <linux/errno.h> 58 #include <linux/kernel.h> 59 #include <linux/fs.h> 60 #include <linux/mount.h> 61 #include <linux/mm.h> 62 #include <linux/time.h> 63 #include <linux/types.h> 64 #include <linux/string.h> 65 #include <linux/fcntl.h> 66 #include <linux/stat.h> 67 #include <linux/tty.h> 68 #include <linux/file.h> 69 #include <linux/slab.h> 70 #include <linux/sysctl.h> 71 #include <linux/init.h> 72 #include <linux/module.h> 73 #include <linux/proc_fs.h> 74 #include <linux/security.h> 75 #include <linux/sched.h> 76 #include <linux/cred.h> 77 #include <linux/kmod.h> 78 #include <linux/namei.h> 79 #include <linux/capability.h> 80 #include <linux/quotaops.h> 81 #include "../internal.h" /* ugh */ 82 83 #include <linux/uaccess.h> 84 85 /* 86 * There are five quota SMP locks: 87 * * dq_list_lock protects all lists with quotas and quota formats. 88 * * dquot->dq_dqb_lock protects data from dq_dqb 89 * * inode->i_lock protects inode->i_blocks, i_bytes and also guards 90 * consistency of dquot->dq_dqb with inode->i_blocks, i_bytes so that 91 * dquot_transfer() can stabilize amount it transfers 92 * * dq_data_lock protects mem_dqinfo structures and modifications of dquot 93 * pointers in the inode 94 * * dq_state_lock protects modifications of quota state (on quotaon and 95 * quotaoff) and readers who care about latest values take it as well. 96 * 97 * The spinlock ordering is hence: 98 * dq_data_lock > dq_list_lock > i_lock > dquot->dq_dqb_lock, 99 * dq_list_lock > dq_state_lock 100 * 101 * Note that some things (eg. sb pointer, type, id) doesn't change during 102 * the life of the dquot structure and so needn't to be protected by a lock 103 * 104 * Operation accessing dquots via inode pointers are protected by dquot_srcu. 105 * Operation of reading pointer needs srcu_read_lock(&dquot_srcu), and 106 * synchronize_srcu(&dquot_srcu) is called after clearing pointers from 107 * inode and before dropping dquot references to avoid use of dquots after 108 * they are freed. dq_data_lock is used to serialize the pointer setting and 109 * clearing operations. 110 * Special care needs to be taken about S_NOQUOTA inode flag (marking that 111 * inode is a quota file). Functions adding pointers from inode to dquots have 112 * to check this flag under dq_data_lock and then (if S_NOQUOTA is not set) they 113 * have to do all pointer modifications before dropping dq_data_lock. This makes 114 * sure they cannot race with quotaon which first sets S_NOQUOTA flag and 115 * then drops all pointers to dquots from an inode. 116 * 117 * Each dquot has its dq_lock mutex. Dquot is locked when it is being read to 118 * memory (or space for it is being allocated) on the first dqget(), when it is 119 * being written out, and when it is being released on the last dqput(). The 120 * allocation and release operations are serialized by the dq_lock and by 121 * checking the use count in dquot_release(). 122 * 123 * Lock ordering (including related VFS locks) is the following: 124 * s_umount > i_mutex > journal_lock > dquot->dq_lock > dqio_sem 125 */ 126 127 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_list_lock); 128 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_state_lock); 129 __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_data_lock); 130 EXPORT_SYMBOL(dq_data_lock); 131 DEFINE_STATIC_SRCU(dquot_srcu); 132 133 static DECLARE_WAIT_QUEUE_HEAD(dquot_ref_wq); 134 135 void __quota_error(struct super_block *sb, const char *func, 136 const char *fmt, ...) 137 { 138 if (printk_ratelimit()) { 139 va_list args; 140 struct va_format vaf; 141 142 va_start(args, fmt); 143 144 vaf.fmt = fmt; 145 vaf.va = &args; 146 147 printk(KERN_ERR "Quota error (device %s): %s: %pV\n", 148 sb->s_id, func, &vaf); 149 150 va_end(args); 151 } 152 } 153 EXPORT_SYMBOL(__quota_error); 154 155 #if defined(CONFIG_QUOTA_DEBUG) || defined(CONFIG_PRINT_QUOTA_WARNING) 156 static char *quotatypes[] = INITQFNAMES; 157 #endif 158 static struct quota_format_type *quota_formats; /* List of registered formats */ 159 static struct quota_module_name module_names[] = INIT_QUOTA_MODULE_NAMES; 160 161 /* SLAB cache for dquot structures */ 162 static struct kmem_cache *dquot_cachep; 163 164 int register_quota_format(struct quota_format_type *fmt) 165 { 166 spin_lock(&dq_list_lock); 167 fmt->qf_next = quota_formats; 168 quota_formats = fmt; 169 spin_unlock(&dq_list_lock); 170 return 0; 171 } 172 EXPORT_SYMBOL(register_quota_format); 173 174 void unregister_quota_format(struct quota_format_type *fmt) 175 { 176 struct quota_format_type **actqf; 177 178 spin_lock(&dq_list_lock); 179 for (actqf = "a_formats; *actqf && *actqf != fmt; 180 actqf = &(*actqf)->qf_next) 181 ; 182 if (*actqf) 183 *actqf = (*actqf)->qf_next; 184 spin_unlock(&dq_list_lock); 185 } 186 EXPORT_SYMBOL(unregister_quota_format); 187 188 static struct quota_format_type *find_quota_format(int id) 189 { 190 struct quota_format_type *actqf; 191 192 spin_lock(&dq_list_lock); 193 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; 194 actqf = actqf->qf_next) 195 ; 196 if (!actqf || !try_module_get(actqf->qf_owner)) { 197 int qm; 198 199 spin_unlock(&dq_list_lock); 200 201 for (qm = 0; module_names[qm].qm_fmt_id && 202 module_names[qm].qm_fmt_id != id; qm++) 203 ; 204 if (!module_names[qm].qm_fmt_id || 205 request_module(module_names[qm].qm_mod_name)) 206 return NULL; 207 208 spin_lock(&dq_list_lock); 209 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; 210 actqf = actqf->qf_next) 211 ; 212 if (actqf && !try_module_get(actqf->qf_owner)) 213 actqf = NULL; 214 } 215 spin_unlock(&dq_list_lock); 216 return actqf; 217 } 218 219 static void put_quota_format(struct quota_format_type *fmt) 220 { 221 module_put(fmt->qf_owner); 222 } 223 224 /* 225 * Dquot List Management: 226 * The quota code uses three lists for dquot management: the inuse_list, 227 * free_dquots, and dquot_hash[] array. A single dquot structure may be 228 * on all three lists, depending on its current state. 229 * 230 * All dquots are placed to the end of inuse_list when first created, and this 231 * list is used for invalidate operation, which must look at every dquot. 232 * 233 * Unused dquots (dq_count == 0) are added to the free_dquots list when freed, 234 * and this list is searched whenever we need an available dquot. Dquots are 235 * removed from the list as soon as they are used again, and 236 * dqstats.free_dquots gives the number of dquots on the list. When 237 * dquot is invalidated it's completely released from memory. 238 * 239 * Dquots with a specific identity (device, type and id) are placed on 240 * one of the dquot_hash[] hash chains. The provides an efficient search 241 * mechanism to locate a specific dquot. 242 */ 243 244 static LIST_HEAD(inuse_list); 245 static LIST_HEAD(free_dquots); 246 static unsigned int dq_hash_bits, dq_hash_mask; 247 static struct hlist_head *dquot_hash; 248 249 struct dqstats dqstats; 250 EXPORT_SYMBOL(dqstats); 251 252 static qsize_t inode_get_rsv_space(struct inode *inode); 253 static qsize_t __inode_get_rsv_space(struct inode *inode); 254 static int __dquot_initialize(struct inode *inode, int type); 255 256 static inline unsigned int 257 hashfn(const struct super_block *sb, struct kqid qid) 258 { 259 unsigned int id = from_kqid(&init_user_ns, qid); 260 int type = qid.type; 261 unsigned long tmp; 262 263 tmp = (((unsigned long)sb>>L1_CACHE_SHIFT) ^ id) * (MAXQUOTAS - type); 264 return (tmp + (tmp >> dq_hash_bits)) & dq_hash_mask; 265 } 266 267 /* 268 * Following list functions expect dq_list_lock to be held 269 */ 270 static inline void insert_dquot_hash(struct dquot *dquot) 271 { 272 struct hlist_head *head; 273 head = dquot_hash + hashfn(dquot->dq_sb, dquot->dq_id); 274 hlist_add_head(&dquot->dq_hash, head); 275 } 276 277 static inline void remove_dquot_hash(struct dquot *dquot) 278 { 279 hlist_del_init(&dquot->dq_hash); 280 } 281 282 static struct dquot *find_dquot(unsigned int hashent, struct super_block *sb, 283 struct kqid qid) 284 { 285 struct hlist_node *node; 286 struct dquot *dquot; 287 288 hlist_for_each (node, dquot_hash+hashent) { 289 dquot = hlist_entry(node, struct dquot, dq_hash); 290 if (dquot->dq_sb == sb && qid_eq(dquot->dq_id, qid)) 291 return dquot; 292 } 293 return NULL; 294 } 295 296 /* Add a dquot to the tail of the free list */ 297 static inline void put_dquot_last(struct dquot *dquot) 298 { 299 list_add_tail(&dquot->dq_free, &free_dquots); 300 dqstats_inc(DQST_FREE_DQUOTS); 301 } 302 303 static inline void remove_free_dquot(struct dquot *dquot) 304 { 305 if (list_empty(&dquot->dq_free)) 306 return; 307 list_del_init(&dquot->dq_free); 308 dqstats_dec(DQST_FREE_DQUOTS); 309 } 310 311 static inline void put_inuse(struct dquot *dquot) 312 { 313 /* We add to the back of inuse list so we don't have to restart 314 * when traversing this list and we block */ 315 list_add_tail(&dquot->dq_inuse, &inuse_list); 316 dqstats_inc(DQST_ALLOC_DQUOTS); 317 } 318 319 static inline void remove_inuse(struct dquot *dquot) 320 { 321 dqstats_dec(DQST_ALLOC_DQUOTS); 322 list_del(&dquot->dq_inuse); 323 } 324 /* 325 * End of list functions needing dq_list_lock 326 */ 327 328 static void wait_on_dquot(struct dquot *dquot) 329 { 330 mutex_lock(&dquot->dq_lock); 331 mutex_unlock(&dquot->dq_lock); 332 } 333 334 static inline int dquot_dirty(struct dquot *dquot) 335 { 336 return test_bit(DQ_MOD_B, &dquot->dq_flags); 337 } 338 339 static inline int mark_dquot_dirty(struct dquot *dquot) 340 { 341 return dquot->dq_sb->dq_op->mark_dirty(dquot); 342 } 343 344 /* Mark dquot dirty in atomic manner, and return it's old dirty flag state */ 345 int dquot_mark_dquot_dirty(struct dquot *dquot) 346 { 347 int ret = 1; 348 349 if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) 350 return 0; 351 352 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY) 353 return test_and_set_bit(DQ_MOD_B, &dquot->dq_flags); 354 355 /* If quota is dirty already, we don't have to acquire dq_list_lock */ 356 if (test_bit(DQ_MOD_B, &dquot->dq_flags)) 357 return 1; 358 359 spin_lock(&dq_list_lock); 360 if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags)) { 361 list_add(&dquot->dq_dirty, &sb_dqopt(dquot->dq_sb)-> 362 info[dquot->dq_id.type].dqi_dirty_list); 363 ret = 0; 364 } 365 spin_unlock(&dq_list_lock); 366 return ret; 367 } 368 EXPORT_SYMBOL(dquot_mark_dquot_dirty); 369 370 /* Dirtify all the dquots - this can block when journalling */ 371 static inline int mark_all_dquot_dirty(struct dquot * const *dquot) 372 { 373 int ret, err, cnt; 374 375 ret = err = 0; 376 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 377 if (dquot[cnt]) 378 /* Even in case of error we have to continue */ 379 ret = mark_dquot_dirty(dquot[cnt]); 380 if (!err) 381 err = ret; 382 } 383 return err; 384 } 385 386 static inline void dqput_all(struct dquot **dquot) 387 { 388 unsigned int cnt; 389 390 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 391 dqput(dquot[cnt]); 392 } 393 394 static inline int clear_dquot_dirty(struct dquot *dquot) 395 { 396 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY) 397 return test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags); 398 399 spin_lock(&dq_list_lock); 400 if (!test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags)) { 401 spin_unlock(&dq_list_lock); 402 return 0; 403 } 404 list_del_init(&dquot->dq_dirty); 405 spin_unlock(&dq_list_lock); 406 return 1; 407 } 408 409 void mark_info_dirty(struct super_block *sb, int type) 410 { 411 spin_lock(&dq_data_lock); 412 sb_dqopt(sb)->info[type].dqi_flags |= DQF_INFO_DIRTY; 413 spin_unlock(&dq_data_lock); 414 } 415 EXPORT_SYMBOL(mark_info_dirty); 416 417 /* 418 * Read dquot from disk and alloc space for it 419 */ 420 421 int dquot_acquire(struct dquot *dquot) 422 { 423 int ret = 0, ret2 = 0; 424 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 425 426 mutex_lock(&dquot->dq_lock); 427 if (!test_bit(DQ_READ_B, &dquot->dq_flags)) 428 ret = dqopt->ops[dquot->dq_id.type]->read_dqblk(dquot); 429 if (ret < 0) 430 goto out_iolock; 431 /* Make sure flags update is visible after dquot has been filled */ 432 smp_mb__before_atomic(); 433 set_bit(DQ_READ_B, &dquot->dq_flags); 434 /* Instantiate dquot if needed */ 435 if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags) && !dquot->dq_off) { 436 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot); 437 /* Write the info if needed */ 438 if (info_dirty(&dqopt->info[dquot->dq_id.type])) { 439 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info( 440 dquot->dq_sb, dquot->dq_id.type); 441 } 442 if (ret < 0) 443 goto out_iolock; 444 if (ret2 < 0) { 445 ret = ret2; 446 goto out_iolock; 447 } 448 } 449 /* 450 * Make sure flags update is visible after on-disk struct has been 451 * allocated. Paired with smp_rmb() in dqget(). 452 */ 453 smp_mb__before_atomic(); 454 set_bit(DQ_ACTIVE_B, &dquot->dq_flags); 455 out_iolock: 456 mutex_unlock(&dquot->dq_lock); 457 return ret; 458 } 459 EXPORT_SYMBOL(dquot_acquire); 460 461 /* 462 * Write dquot to disk 463 */ 464 int dquot_commit(struct dquot *dquot) 465 { 466 int ret = 0; 467 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 468 469 mutex_lock(&dquot->dq_lock); 470 if (!clear_dquot_dirty(dquot)) 471 goto out_lock; 472 /* Inactive dquot can be only if there was error during read/init 473 * => we have better not writing it */ 474 if (test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) 475 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot); 476 else 477 ret = -EIO; 478 out_lock: 479 mutex_unlock(&dquot->dq_lock); 480 return ret; 481 } 482 EXPORT_SYMBOL(dquot_commit); 483 484 /* 485 * Release dquot 486 */ 487 int dquot_release(struct dquot *dquot) 488 { 489 int ret = 0, ret2 = 0; 490 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 491 492 mutex_lock(&dquot->dq_lock); 493 /* Check whether we are not racing with some other dqget() */ 494 if (atomic_read(&dquot->dq_count) > 1) 495 goto out_dqlock; 496 if (dqopt->ops[dquot->dq_id.type]->release_dqblk) { 497 ret = dqopt->ops[dquot->dq_id.type]->release_dqblk(dquot); 498 /* Write the info */ 499 if (info_dirty(&dqopt->info[dquot->dq_id.type])) { 500 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info( 501 dquot->dq_sb, dquot->dq_id.type); 502 } 503 if (ret >= 0) 504 ret = ret2; 505 } 506 clear_bit(DQ_ACTIVE_B, &dquot->dq_flags); 507 out_dqlock: 508 mutex_unlock(&dquot->dq_lock); 509 return ret; 510 } 511 EXPORT_SYMBOL(dquot_release); 512 513 void dquot_destroy(struct dquot *dquot) 514 { 515 kmem_cache_free(dquot_cachep, dquot); 516 } 517 EXPORT_SYMBOL(dquot_destroy); 518 519 static inline void do_destroy_dquot(struct dquot *dquot) 520 { 521 dquot->dq_sb->dq_op->destroy_dquot(dquot); 522 } 523 524 /* Invalidate all dquots on the list. Note that this function is called after 525 * quota is disabled and pointers from inodes removed so there cannot be new 526 * quota users. There can still be some users of quotas due to inodes being 527 * just deleted or pruned by prune_icache() (those are not attached to any 528 * list) or parallel quotactl call. We have to wait for such users. 529 */ 530 static void invalidate_dquots(struct super_block *sb, int type) 531 { 532 struct dquot *dquot, *tmp; 533 534 restart: 535 spin_lock(&dq_list_lock); 536 list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) { 537 if (dquot->dq_sb != sb) 538 continue; 539 if (dquot->dq_id.type != type) 540 continue; 541 /* Wait for dquot users */ 542 if (atomic_read(&dquot->dq_count)) { 543 dqgrab(dquot); 544 spin_unlock(&dq_list_lock); 545 /* 546 * Once dqput() wakes us up, we know it's time to free 547 * the dquot. 548 * IMPORTANT: we rely on the fact that there is always 549 * at most one process waiting for dquot to free. 550 * Otherwise dq_count would be > 1 and we would never 551 * wake up. 552 */ 553 wait_event(dquot_ref_wq, 554 atomic_read(&dquot->dq_count) == 1); 555 dqput(dquot); 556 /* At this moment dquot() need not exist (it could be 557 * reclaimed by prune_dqcache(). Hence we must 558 * restart. */ 559 goto restart; 560 } 561 /* 562 * Quota now has no users and it has been written on last 563 * dqput() 564 */ 565 remove_dquot_hash(dquot); 566 remove_free_dquot(dquot); 567 remove_inuse(dquot); 568 do_destroy_dquot(dquot); 569 } 570 spin_unlock(&dq_list_lock); 571 } 572 573 /* Call callback for every active dquot on given filesystem */ 574 int dquot_scan_active(struct super_block *sb, 575 int (*fn)(struct dquot *dquot, unsigned long priv), 576 unsigned long priv) 577 { 578 struct dquot *dquot, *old_dquot = NULL; 579 int ret = 0; 580 581 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount)); 582 583 spin_lock(&dq_list_lock); 584 list_for_each_entry(dquot, &inuse_list, dq_inuse) { 585 if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) 586 continue; 587 if (dquot->dq_sb != sb) 588 continue; 589 /* Now we have active dquot so we can just increase use count */ 590 atomic_inc(&dquot->dq_count); 591 spin_unlock(&dq_list_lock); 592 dqstats_inc(DQST_LOOKUPS); 593 dqput(old_dquot); 594 old_dquot = dquot; 595 /* 596 * ->release_dquot() can be racing with us. Our reference 597 * protects us from new calls to it so just wait for any 598 * outstanding call and recheck the DQ_ACTIVE_B after that. 599 */ 600 wait_on_dquot(dquot); 601 if (test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) { 602 ret = fn(dquot, priv); 603 if (ret < 0) 604 goto out; 605 } 606 spin_lock(&dq_list_lock); 607 /* We are safe to continue now because our dquot could not 608 * be moved out of the inuse list while we hold the reference */ 609 } 610 spin_unlock(&dq_list_lock); 611 out: 612 dqput(old_dquot); 613 return ret; 614 } 615 EXPORT_SYMBOL(dquot_scan_active); 616 617 /* Write all dquot structures to quota files */ 618 int dquot_writeback_dquots(struct super_block *sb, int type) 619 { 620 struct list_head *dirty; 621 struct dquot *dquot; 622 struct quota_info *dqopt = sb_dqopt(sb); 623 int cnt; 624 int err, ret = 0; 625 626 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount)); 627 628 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 629 if (type != -1 && cnt != type) 630 continue; 631 if (!sb_has_quota_active(sb, cnt)) 632 continue; 633 spin_lock(&dq_list_lock); 634 dirty = &dqopt->info[cnt].dqi_dirty_list; 635 while (!list_empty(dirty)) { 636 dquot = list_first_entry(dirty, struct dquot, 637 dq_dirty); 638 639 WARN_ON(!test_bit(DQ_ACTIVE_B, &dquot->dq_flags)); 640 641 /* Now we have active dquot from which someone is 642 * holding reference so we can safely just increase 643 * use count */ 644 dqgrab(dquot); 645 spin_unlock(&dq_list_lock); 646 dqstats_inc(DQST_LOOKUPS); 647 err = sb->dq_op->write_dquot(dquot); 648 if (err) { 649 /* 650 * Clear dirty bit anyway to avoid infinite 651 * loop here. 652 */ 653 clear_dquot_dirty(dquot); 654 if (!ret) 655 ret = err; 656 } 657 dqput(dquot); 658 spin_lock(&dq_list_lock); 659 } 660 spin_unlock(&dq_list_lock); 661 } 662 663 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 664 if ((cnt == type || type == -1) && sb_has_quota_active(sb, cnt) 665 && info_dirty(&dqopt->info[cnt])) 666 sb->dq_op->write_info(sb, cnt); 667 dqstats_inc(DQST_SYNCS); 668 669 return ret; 670 } 671 EXPORT_SYMBOL(dquot_writeback_dquots); 672 673 /* Write all dquot structures to disk and make them visible from userspace */ 674 int dquot_quota_sync(struct super_block *sb, int type) 675 { 676 struct quota_info *dqopt = sb_dqopt(sb); 677 int cnt; 678 int ret; 679 680 ret = dquot_writeback_dquots(sb, type); 681 if (ret) 682 return ret; 683 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) 684 return 0; 685 686 /* This is not very clever (and fast) but currently I don't know about 687 * any other simple way of getting quota data to disk and we must get 688 * them there for userspace to be visible... */ 689 if (sb->s_op->sync_fs) 690 sb->s_op->sync_fs(sb, 1); 691 sync_blockdev(sb->s_bdev); 692 693 /* 694 * Now when everything is written we can discard the pagecache so 695 * that userspace sees the changes. 696 */ 697 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 698 if (type != -1 && cnt != type) 699 continue; 700 if (!sb_has_quota_active(sb, cnt)) 701 continue; 702 inode_lock(dqopt->files[cnt]); 703 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0); 704 inode_unlock(dqopt->files[cnt]); 705 } 706 707 return 0; 708 } 709 EXPORT_SYMBOL(dquot_quota_sync); 710 711 static unsigned long 712 dqcache_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) 713 { 714 struct list_head *head; 715 struct dquot *dquot; 716 unsigned long freed = 0; 717 718 spin_lock(&dq_list_lock); 719 head = free_dquots.prev; 720 while (head != &free_dquots && sc->nr_to_scan) { 721 dquot = list_entry(head, struct dquot, dq_free); 722 remove_dquot_hash(dquot); 723 remove_free_dquot(dquot); 724 remove_inuse(dquot); 725 do_destroy_dquot(dquot); 726 sc->nr_to_scan--; 727 freed++; 728 head = free_dquots.prev; 729 } 730 spin_unlock(&dq_list_lock); 731 return freed; 732 } 733 734 static unsigned long 735 dqcache_shrink_count(struct shrinker *shrink, struct shrink_control *sc) 736 { 737 return vfs_pressure_ratio( 738 percpu_counter_read_positive(&dqstats.counter[DQST_FREE_DQUOTS])); 739 } 740 741 static struct shrinker dqcache_shrinker = { 742 .count_objects = dqcache_shrink_count, 743 .scan_objects = dqcache_shrink_scan, 744 .seeks = DEFAULT_SEEKS, 745 }; 746 747 /* 748 * Put reference to dquot 749 */ 750 void dqput(struct dquot *dquot) 751 { 752 int ret; 753 754 if (!dquot) 755 return; 756 #ifdef CONFIG_QUOTA_DEBUG 757 if (!atomic_read(&dquot->dq_count)) { 758 quota_error(dquot->dq_sb, "trying to free free dquot of %s %d", 759 quotatypes[dquot->dq_id.type], 760 from_kqid(&init_user_ns, dquot->dq_id)); 761 BUG(); 762 } 763 #endif 764 dqstats_inc(DQST_DROPS); 765 we_slept: 766 spin_lock(&dq_list_lock); 767 if (atomic_read(&dquot->dq_count) > 1) { 768 /* We have more than one user... nothing to do */ 769 atomic_dec(&dquot->dq_count); 770 /* Releasing dquot during quotaoff phase? */ 771 if (!sb_has_quota_active(dquot->dq_sb, dquot->dq_id.type) && 772 atomic_read(&dquot->dq_count) == 1) 773 wake_up(&dquot_ref_wq); 774 spin_unlock(&dq_list_lock); 775 return; 776 } 777 /* Need to release dquot? */ 778 if (dquot_dirty(dquot)) { 779 spin_unlock(&dq_list_lock); 780 /* Commit dquot before releasing */ 781 ret = dquot->dq_sb->dq_op->write_dquot(dquot); 782 if (ret < 0) { 783 quota_error(dquot->dq_sb, "Can't write quota structure" 784 " (error %d). Quota may get out of sync!", 785 ret); 786 /* 787 * We clear dirty bit anyway, so that we avoid 788 * infinite loop here 789 */ 790 clear_dquot_dirty(dquot); 791 } 792 goto we_slept; 793 } 794 if (test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) { 795 spin_unlock(&dq_list_lock); 796 dquot->dq_sb->dq_op->release_dquot(dquot); 797 goto we_slept; 798 } 799 atomic_dec(&dquot->dq_count); 800 #ifdef CONFIG_QUOTA_DEBUG 801 /* sanity check */ 802 BUG_ON(!list_empty(&dquot->dq_free)); 803 #endif 804 put_dquot_last(dquot); 805 spin_unlock(&dq_list_lock); 806 } 807 EXPORT_SYMBOL(dqput); 808 809 struct dquot *dquot_alloc(struct super_block *sb, int type) 810 { 811 return kmem_cache_zalloc(dquot_cachep, GFP_NOFS); 812 } 813 EXPORT_SYMBOL(dquot_alloc); 814 815 static struct dquot *get_empty_dquot(struct super_block *sb, int type) 816 { 817 struct dquot *dquot; 818 819 dquot = sb->dq_op->alloc_dquot(sb, type); 820 if(!dquot) 821 return NULL; 822 823 mutex_init(&dquot->dq_lock); 824 INIT_LIST_HEAD(&dquot->dq_free); 825 INIT_LIST_HEAD(&dquot->dq_inuse); 826 INIT_HLIST_NODE(&dquot->dq_hash); 827 INIT_LIST_HEAD(&dquot->dq_dirty); 828 dquot->dq_sb = sb; 829 dquot->dq_id = make_kqid_invalid(type); 830 atomic_set(&dquot->dq_count, 1); 831 spin_lock_init(&dquot->dq_dqb_lock); 832 833 return dquot; 834 } 835 836 /* 837 * Get reference to dquot 838 * 839 * Locking is slightly tricky here. We are guarded from parallel quotaoff() 840 * destroying our dquot by: 841 * a) checking for quota flags under dq_list_lock and 842 * b) getting a reference to dquot before we release dq_list_lock 843 */ 844 struct dquot *dqget(struct super_block *sb, struct kqid qid) 845 { 846 unsigned int hashent = hashfn(sb, qid); 847 struct dquot *dquot, *empty = NULL; 848 849 if (!qid_has_mapping(sb->s_user_ns, qid)) 850 return ERR_PTR(-EINVAL); 851 852 if (!sb_has_quota_active(sb, qid.type)) 853 return ERR_PTR(-ESRCH); 854 we_slept: 855 spin_lock(&dq_list_lock); 856 spin_lock(&dq_state_lock); 857 if (!sb_has_quota_active(sb, qid.type)) { 858 spin_unlock(&dq_state_lock); 859 spin_unlock(&dq_list_lock); 860 dquot = ERR_PTR(-ESRCH); 861 goto out; 862 } 863 spin_unlock(&dq_state_lock); 864 865 dquot = find_dquot(hashent, sb, qid); 866 if (!dquot) { 867 if (!empty) { 868 spin_unlock(&dq_list_lock); 869 empty = get_empty_dquot(sb, qid.type); 870 if (!empty) 871 schedule(); /* Try to wait for a moment... */ 872 goto we_slept; 873 } 874 dquot = empty; 875 empty = NULL; 876 dquot->dq_id = qid; 877 /* all dquots go on the inuse_list */ 878 put_inuse(dquot); 879 /* hash it first so it can be found */ 880 insert_dquot_hash(dquot); 881 spin_unlock(&dq_list_lock); 882 dqstats_inc(DQST_LOOKUPS); 883 } else { 884 if (!atomic_read(&dquot->dq_count)) 885 remove_free_dquot(dquot); 886 atomic_inc(&dquot->dq_count); 887 spin_unlock(&dq_list_lock); 888 dqstats_inc(DQST_CACHE_HITS); 889 dqstats_inc(DQST_LOOKUPS); 890 } 891 /* Wait for dq_lock - after this we know that either dquot_release() is 892 * already finished or it will be canceled due to dq_count > 1 test */ 893 wait_on_dquot(dquot); 894 /* Read the dquot / allocate space in quota file */ 895 if (!test_bit(DQ_ACTIVE_B, &dquot->dq_flags)) { 896 int err; 897 898 err = sb->dq_op->acquire_dquot(dquot); 899 if (err < 0) { 900 dqput(dquot); 901 dquot = ERR_PTR(err); 902 goto out; 903 } 904 } 905 /* 906 * Make sure following reads see filled structure - paired with 907 * smp_mb__before_atomic() in dquot_acquire(). 908 */ 909 smp_rmb(); 910 #ifdef CONFIG_QUOTA_DEBUG 911 BUG_ON(!dquot->dq_sb); /* Has somebody invalidated entry under us? */ 912 #endif 913 out: 914 if (empty) 915 do_destroy_dquot(empty); 916 917 return dquot; 918 } 919 EXPORT_SYMBOL(dqget); 920 921 static inline struct dquot **i_dquot(struct inode *inode) 922 { 923 return inode->i_sb->s_op->get_dquots(inode); 924 } 925 926 static int dqinit_needed(struct inode *inode, int type) 927 { 928 struct dquot * const *dquots; 929 int cnt; 930 931 if (IS_NOQUOTA(inode)) 932 return 0; 933 934 dquots = i_dquot(inode); 935 if (type != -1) 936 return !dquots[type]; 937 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 938 if (!dquots[cnt]) 939 return 1; 940 return 0; 941 } 942 943 /* This routine is guarded by s_umount semaphore */ 944 static int add_dquot_ref(struct super_block *sb, int type) 945 { 946 struct inode *inode, *old_inode = NULL; 947 #ifdef CONFIG_QUOTA_DEBUG 948 int reserved = 0; 949 #endif 950 int err = 0; 951 952 spin_lock(&sb->s_inode_list_lock); 953 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { 954 spin_lock(&inode->i_lock); 955 if ((inode->i_state & (I_FREEING|I_WILL_FREE|I_NEW)) || 956 !atomic_read(&inode->i_writecount) || 957 !dqinit_needed(inode, type)) { 958 spin_unlock(&inode->i_lock); 959 continue; 960 } 961 __iget(inode); 962 spin_unlock(&inode->i_lock); 963 spin_unlock(&sb->s_inode_list_lock); 964 965 #ifdef CONFIG_QUOTA_DEBUG 966 if (unlikely(inode_get_rsv_space(inode) > 0)) 967 reserved = 1; 968 #endif 969 iput(old_inode); 970 err = __dquot_initialize(inode, type); 971 if (err) { 972 iput(inode); 973 goto out; 974 } 975 976 /* 977 * We hold a reference to 'inode' so it couldn't have been 978 * removed from s_inodes list while we dropped the 979 * s_inode_list_lock. We cannot iput the inode now as we can be 980 * holding the last reference and we cannot iput it under 981 * s_inode_list_lock. So we keep the reference and iput it 982 * later. 983 */ 984 old_inode = inode; 985 spin_lock(&sb->s_inode_list_lock); 986 } 987 spin_unlock(&sb->s_inode_list_lock); 988 iput(old_inode); 989 out: 990 #ifdef CONFIG_QUOTA_DEBUG 991 if (reserved) { 992 quota_error(sb, "Writes happened before quota was turned on " 993 "thus quota information is probably inconsistent. " 994 "Please run quotacheck(8)"); 995 } 996 #endif 997 return err; 998 } 999 1000 /* 1001 * Remove references to dquots from inode and add dquot to list for freeing 1002 * if we have the last reference to dquot 1003 */ 1004 static void remove_inode_dquot_ref(struct inode *inode, int type, 1005 struct list_head *tofree_head) 1006 { 1007 struct dquot **dquots = i_dquot(inode); 1008 struct dquot *dquot = dquots[type]; 1009 1010 if (!dquot) 1011 return; 1012 1013 dquots[type] = NULL; 1014 if (list_empty(&dquot->dq_free)) { 1015 /* 1016 * The inode still has reference to dquot so it can't be in the 1017 * free list 1018 */ 1019 spin_lock(&dq_list_lock); 1020 list_add(&dquot->dq_free, tofree_head); 1021 spin_unlock(&dq_list_lock); 1022 } else { 1023 /* 1024 * Dquot is already in a list to put so we won't drop the last 1025 * reference here. 1026 */ 1027 dqput(dquot); 1028 } 1029 } 1030 1031 /* 1032 * Free list of dquots 1033 * Dquots are removed from inodes and no new references can be got so we are 1034 * the only ones holding reference 1035 */ 1036 static void put_dquot_list(struct list_head *tofree_head) 1037 { 1038 struct list_head *act_head; 1039 struct dquot *dquot; 1040 1041 act_head = tofree_head->next; 1042 while (act_head != tofree_head) { 1043 dquot = list_entry(act_head, struct dquot, dq_free); 1044 act_head = act_head->next; 1045 /* Remove dquot from the list so we won't have problems... */ 1046 list_del_init(&dquot->dq_free); 1047 dqput(dquot); 1048 } 1049 } 1050 1051 static void remove_dquot_ref(struct super_block *sb, int type, 1052 struct list_head *tofree_head) 1053 { 1054 struct inode *inode; 1055 int reserved = 0; 1056 1057 spin_lock(&sb->s_inode_list_lock); 1058 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { 1059 /* 1060 * We have to scan also I_NEW inodes because they can already 1061 * have quota pointer initialized. Luckily, we need to touch 1062 * only quota pointers and these have separate locking 1063 * (dq_data_lock). 1064 */ 1065 spin_lock(&dq_data_lock); 1066 if (!IS_NOQUOTA(inode)) { 1067 if (unlikely(inode_get_rsv_space(inode) > 0)) 1068 reserved = 1; 1069 remove_inode_dquot_ref(inode, type, tofree_head); 1070 } 1071 spin_unlock(&dq_data_lock); 1072 } 1073 spin_unlock(&sb->s_inode_list_lock); 1074 #ifdef CONFIG_QUOTA_DEBUG 1075 if (reserved) { 1076 printk(KERN_WARNING "VFS (%s): Writes happened after quota" 1077 " was disabled thus quota information is probably " 1078 "inconsistent. Please run quotacheck(8).\n", sb->s_id); 1079 } 1080 #endif 1081 } 1082 1083 /* Gather all references from inodes and drop them */ 1084 static void drop_dquot_ref(struct super_block *sb, int type) 1085 { 1086 LIST_HEAD(tofree_head); 1087 1088 if (sb->dq_op) { 1089 remove_dquot_ref(sb, type, &tofree_head); 1090 synchronize_srcu(&dquot_srcu); 1091 put_dquot_list(&tofree_head); 1092 } 1093 } 1094 1095 static inline 1096 void dquot_free_reserved_space(struct dquot *dquot, qsize_t number) 1097 { 1098 if (dquot->dq_dqb.dqb_rsvspace >= number) 1099 dquot->dq_dqb.dqb_rsvspace -= number; 1100 else { 1101 WARN_ON_ONCE(1); 1102 dquot->dq_dqb.dqb_rsvspace = 0; 1103 } 1104 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <= 1105 dquot->dq_dqb.dqb_bsoftlimit) 1106 dquot->dq_dqb.dqb_btime = (time64_t) 0; 1107 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1108 } 1109 1110 static void dquot_decr_inodes(struct dquot *dquot, qsize_t number) 1111 { 1112 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE || 1113 dquot->dq_dqb.dqb_curinodes >= number) 1114 dquot->dq_dqb.dqb_curinodes -= number; 1115 else 1116 dquot->dq_dqb.dqb_curinodes = 0; 1117 if (dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit) 1118 dquot->dq_dqb.dqb_itime = (time64_t) 0; 1119 clear_bit(DQ_INODES_B, &dquot->dq_flags); 1120 } 1121 1122 static void dquot_decr_space(struct dquot *dquot, qsize_t number) 1123 { 1124 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE || 1125 dquot->dq_dqb.dqb_curspace >= number) 1126 dquot->dq_dqb.dqb_curspace -= number; 1127 else 1128 dquot->dq_dqb.dqb_curspace = 0; 1129 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <= 1130 dquot->dq_dqb.dqb_bsoftlimit) 1131 dquot->dq_dqb.dqb_btime = (time64_t) 0; 1132 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1133 } 1134 1135 struct dquot_warn { 1136 struct super_block *w_sb; 1137 struct kqid w_dq_id; 1138 short w_type; 1139 }; 1140 1141 static int warning_issued(struct dquot *dquot, const int warntype) 1142 { 1143 int flag = (warntype == QUOTA_NL_BHARDWARN || 1144 warntype == QUOTA_NL_BSOFTLONGWARN) ? DQ_BLKS_B : 1145 ((warntype == QUOTA_NL_IHARDWARN || 1146 warntype == QUOTA_NL_ISOFTLONGWARN) ? DQ_INODES_B : 0); 1147 1148 if (!flag) 1149 return 0; 1150 return test_and_set_bit(flag, &dquot->dq_flags); 1151 } 1152 1153 #ifdef CONFIG_PRINT_QUOTA_WARNING 1154 static int flag_print_warnings = 1; 1155 1156 static int need_print_warning(struct dquot_warn *warn) 1157 { 1158 if (!flag_print_warnings) 1159 return 0; 1160 1161 switch (warn->w_dq_id.type) { 1162 case USRQUOTA: 1163 return uid_eq(current_fsuid(), warn->w_dq_id.uid); 1164 case GRPQUOTA: 1165 return in_group_p(warn->w_dq_id.gid); 1166 case PRJQUOTA: 1167 return 1; 1168 } 1169 return 0; 1170 } 1171 1172 /* Print warning to user which exceeded quota */ 1173 static void print_warning(struct dquot_warn *warn) 1174 { 1175 char *msg = NULL; 1176 struct tty_struct *tty; 1177 int warntype = warn->w_type; 1178 1179 if (warntype == QUOTA_NL_IHARDBELOW || 1180 warntype == QUOTA_NL_ISOFTBELOW || 1181 warntype == QUOTA_NL_BHARDBELOW || 1182 warntype == QUOTA_NL_BSOFTBELOW || !need_print_warning(warn)) 1183 return; 1184 1185 tty = get_current_tty(); 1186 if (!tty) 1187 return; 1188 tty_write_message(tty, warn->w_sb->s_id); 1189 if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN) 1190 tty_write_message(tty, ": warning, "); 1191 else 1192 tty_write_message(tty, ": write failed, "); 1193 tty_write_message(tty, quotatypes[warn->w_dq_id.type]); 1194 switch (warntype) { 1195 case QUOTA_NL_IHARDWARN: 1196 msg = " file limit reached.\r\n"; 1197 break; 1198 case QUOTA_NL_ISOFTLONGWARN: 1199 msg = " file quota exceeded too long.\r\n"; 1200 break; 1201 case QUOTA_NL_ISOFTWARN: 1202 msg = " file quota exceeded.\r\n"; 1203 break; 1204 case QUOTA_NL_BHARDWARN: 1205 msg = " block limit reached.\r\n"; 1206 break; 1207 case QUOTA_NL_BSOFTLONGWARN: 1208 msg = " block quota exceeded too long.\r\n"; 1209 break; 1210 case QUOTA_NL_BSOFTWARN: 1211 msg = " block quota exceeded.\r\n"; 1212 break; 1213 } 1214 tty_write_message(tty, msg); 1215 tty_kref_put(tty); 1216 } 1217 #endif 1218 1219 static void prepare_warning(struct dquot_warn *warn, struct dquot *dquot, 1220 int warntype) 1221 { 1222 if (warning_issued(dquot, warntype)) 1223 return; 1224 warn->w_type = warntype; 1225 warn->w_sb = dquot->dq_sb; 1226 warn->w_dq_id = dquot->dq_id; 1227 } 1228 1229 /* 1230 * Write warnings to the console and send warning messages over netlink. 1231 * 1232 * Note that this function can call into tty and networking code. 1233 */ 1234 static void flush_warnings(struct dquot_warn *warn) 1235 { 1236 int i; 1237 1238 for (i = 0; i < MAXQUOTAS; i++) { 1239 if (warn[i].w_type == QUOTA_NL_NOWARN) 1240 continue; 1241 #ifdef CONFIG_PRINT_QUOTA_WARNING 1242 print_warning(&warn[i]); 1243 #endif 1244 quota_send_warning(warn[i].w_dq_id, 1245 warn[i].w_sb->s_dev, warn[i].w_type); 1246 } 1247 } 1248 1249 static int ignore_hardlimit(struct dquot *dquot) 1250 { 1251 struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type]; 1252 1253 return capable(CAP_SYS_RESOURCE) && 1254 (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD || 1255 !(info->dqi_flags & DQF_ROOT_SQUASH)); 1256 } 1257 1258 static int dquot_add_inodes(struct dquot *dquot, qsize_t inodes, 1259 struct dquot_warn *warn) 1260 { 1261 qsize_t newinodes; 1262 int ret = 0; 1263 1264 spin_lock(&dquot->dq_dqb_lock); 1265 newinodes = dquot->dq_dqb.dqb_curinodes + inodes; 1266 if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type) || 1267 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1268 goto add; 1269 1270 if (dquot->dq_dqb.dqb_ihardlimit && 1271 newinodes > dquot->dq_dqb.dqb_ihardlimit && 1272 !ignore_hardlimit(dquot)) { 1273 prepare_warning(warn, dquot, QUOTA_NL_IHARDWARN); 1274 ret = -EDQUOT; 1275 goto out; 1276 } 1277 1278 if (dquot->dq_dqb.dqb_isoftlimit && 1279 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1280 dquot->dq_dqb.dqb_itime && 1281 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_itime && 1282 !ignore_hardlimit(dquot)) { 1283 prepare_warning(warn, dquot, QUOTA_NL_ISOFTLONGWARN); 1284 ret = -EDQUOT; 1285 goto out; 1286 } 1287 1288 if (dquot->dq_dqb.dqb_isoftlimit && 1289 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1290 dquot->dq_dqb.dqb_itime == 0) { 1291 prepare_warning(warn, dquot, QUOTA_NL_ISOFTWARN); 1292 dquot->dq_dqb.dqb_itime = ktime_get_real_seconds() + 1293 sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type].dqi_igrace; 1294 } 1295 add: 1296 dquot->dq_dqb.dqb_curinodes = newinodes; 1297 1298 out: 1299 spin_unlock(&dquot->dq_dqb_lock); 1300 return ret; 1301 } 1302 1303 static int dquot_add_space(struct dquot *dquot, qsize_t space, 1304 qsize_t rsv_space, unsigned int flags, 1305 struct dquot_warn *warn) 1306 { 1307 qsize_t tspace; 1308 struct super_block *sb = dquot->dq_sb; 1309 int ret = 0; 1310 1311 spin_lock(&dquot->dq_dqb_lock); 1312 if (!sb_has_quota_limits_enabled(sb, dquot->dq_id.type) || 1313 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1314 goto finish; 1315 1316 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace 1317 + space + rsv_space; 1318 1319 if (dquot->dq_dqb.dqb_bhardlimit && 1320 tspace > dquot->dq_dqb.dqb_bhardlimit && 1321 !ignore_hardlimit(dquot)) { 1322 if (flags & DQUOT_SPACE_WARN) 1323 prepare_warning(warn, dquot, QUOTA_NL_BHARDWARN); 1324 ret = -EDQUOT; 1325 goto finish; 1326 } 1327 1328 if (dquot->dq_dqb.dqb_bsoftlimit && 1329 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1330 dquot->dq_dqb.dqb_btime && 1331 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_btime && 1332 !ignore_hardlimit(dquot)) { 1333 if (flags & DQUOT_SPACE_WARN) 1334 prepare_warning(warn, dquot, QUOTA_NL_BSOFTLONGWARN); 1335 ret = -EDQUOT; 1336 goto finish; 1337 } 1338 1339 if (dquot->dq_dqb.dqb_bsoftlimit && 1340 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1341 dquot->dq_dqb.dqb_btime == 0) { 1342 if (flags & DQUOT_SPACE_WARN) { 1343 prepare_warning(warn, dquot, QUOTA_NL_BSOFTWARN); 1344 dquot->dq_dqb.dqb_btime = ktime_get_real_seconds() + 1345 sb_dqopt(sb)->info[dquot->dq_id.type].dqi_bgrace; 1346 } else { 1347 /* 1348 * We don't allow preallocation to exceed softlimit so exceeding will 1349 * be always printed 1350 */ 1351 ret = -EDQUOT; 1352 goto finish; 1353 } 1354 } 1355 finish: 1356 /* 1357 * We have to be careful and go through warning generation & grace time 1358 * setting even if DQUOT_SPACE_NOFAIL is set. That's why we check it 1359 * only here... 1360 */ 1361 if (flags & DQUOT_SPACE_NOFAIL) 1362 ret = 0; 1363 if (!ret) { 1364 dquot->dq_dqb.dqb_rsvspace += rsv_space; 1365 dquot->dq_dqb.dqb_curspace += space; 1366 } 1367 spin_unlock(&dquot->dq_dqb_lock); 1368 return ret; 1369 } 1370 1371 static int info_idq_free(struct dquot *dquot, qsize_t inodes) 1372 { 1373 qsize_t newinodes; 1374 1375 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1376 dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit || 1377 !sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type)) 1378 return QUOTA_NL_NOWARN; 1379 1380 newinodes = dquot->dq_dqb.dqb_curinodes - inodes; 1381 if (newinodes <= dquot->dq_dqb.dqb_isoftlimit) 1382 return QUOTA_NL_ISOFTBELOW; 1383 if (dquot->dq_dqb.dqb_curinodes >= dquot->dq_dqb.dqb_ihardlimit && 1384 newinodes < dquot->dq_dqb.dqb_ihardlimit) 1385 return QUOTA_NL_IHARDBELOW; 1386 return QUOTA_NL_NOWARN; 1387 } 1388 1389 static int info_bdq_free(struct dquot *dquot, qsize_t space) 1390 { 1391 qsize_t tspace; 1392 1393 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace; 1394 1395 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1396 tspace <= dquot->dq_dqb.dqb_bsoftlimit) 1397 return QUOTA_NL_NOWARN; 1398 1399 if (tspace - space <= dquot->dq_dqb.dqb_bsoftlimit) 1400 return QUOTA_NL_BSOFTBELOW; 1401 if (tspace >= dquot->dq_dqb.dqb_bhardlimit && 1402 tspace - space < dquot->dq_dqb.dqb_bhardlimit) 1403 return QUOTA_NL_BHARDBELOW; 1404 return QUOTA_NL_NOWARN; 1405 } 1406 1407 static int dquot_active(const struct inode *inode) 1408 { 1409 struct super_block *sb = inode->i_sb; 1410 1411 if (IS_NOQUOTA(inode)) 1412 return 0; 1413 return sb_any_quota_loaded(sb) & ~sb_any_quota_suspended(sb); 1414 } 1415 1416 /* 1417 * Initialize quota pointers in inode 1418 * 1419 * It is better to call this function outside of any transaction as it 1420 * might need a lot of space in journal for dquot structure allocation. 1421 */ 1422 static int __dquot_initialize(struct inode *inode, int type) 1423 { 1424 int cnt, init_needed = 0; 1425 struct dquot **dquots, *got[MAXQUOTAS] = {}; 1426 struct super_block *sb = inode->i_sb; 1427 qsize_t rsv; 1428 int ret = 0; 1429 1430 if (!dquot_active(inode)) 1431 return 0; 1432 1433 dquots = i_dquot(inode); 1434 1435 /* First get references to structures we might need. */ 1436 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1437 struct kqid qid; 1438 kprojid_t projid; 1439 int rc; 1440 struct dquot *dquot; 1441 1442 if (type != -1 && cnt != type) 1443 continue; 1444 /* 1445 * The i_dquot should have been initialized in most cases, 1446 * we check it without locking here to avoid unnecessary 1447 * dqget()/dqput() calls. 1448 */ 1449 if (dquots[cnt]) 1450 continue; 1451 1452 if (!sb_has_quota_active(sb, cnt)) 1453 continue; 1454 1455 init_needed = 1; 1456 1457 switch (cnt) { 1458 case USRQUOTA: 1459 qid = make_kqid_uid(inode->i_uid); 1460 break; 1461 case GRPQUOTA: 1462 qid = make_kqid_gid(inode->i_gid); 1463 break; 1464 case PRJQUOTA: 1465 rc = inode->i_sb->dq_op->get_projid(inode, &projid); 1466 if (rc) 1467 continue; 1468 qid = make_kqid_projid(projid); 1469 break; 1470 } 1471 dquot = dqget(sb, qid); 1472 if (IS_ERR(dquot)) { 1473 /* We raced with somebody turning quotas off... */ 1474 if (PTR_ERR(dquot) != -ESRCH) { 1475 ret = PTR_ERR(dquot); 1476 goto out_put; 1477 } 1478 dquot = NULL; 1479 } 1480 got[cnt] = dquot; 1481 } 1482 1483 /* All required i_dquot has been initialized */ 1484 if (!init_needed) 1485 return 0; 1486 1487 spin_lock(&dq_data_lock); 1488 if (IS_NOQUOTA(inode)) 1489 goto out_lock; 1490 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1491 if (type != -1 && cnt != type) 1492 continue; 1493 /* Avoid races with quotaoff() */ 1494 if (!sb_has_quota_active(sb, cnt)) 1495 continue; 1496 /* We could race with quotaon or dqget() could have failed */ 1497 if (!got[cnt]) 1498 continue; 1499 if (!dquots[cnt]) { 1500 dquots[cnt] = got[cnt]; 1501 got[cnt] = NULL; 1502 /* 1503 * Make quota reservation system happy if someone 1504 * did a write before quota was turned on 1505 */ 1506 rsv = inode_get_rsv_space(inode); 1507 if (unlikely(rsv)) { 1508 spin_lock(&inode->i_lock); 1509 /* Get reservation again under proper lock */ 1510 rsv = __inode_get_rsv_space(inode); 1511 spin_lock(&dquots[cnt]->dq_dqb_lock); 1512 dquots[cnt]->dq_dqb.dqb_rsvspace += rsv; 1513 spin_unlock(&dquots[cnt]->dq_dqb_lock); 1514 spin_unlock(&inode->i_lock); 1515 } 1516 } 1517 } 1518 out_lock: 1519 spin_unlock(&dq_data_lock); 1520 out_put: 1521 /* Drop unused references */ 1522 dqput_all(got); 1523 1524 return ret; 1525 } 1526 1527 int dquot_initialize(struct inode *inode) 1528 { 1529 return __dquot_initialize(inode, -1); 1530 } 1531 EXPORT_SYMBOL(dquot_initialize); 1532 1533 bool dquot_initialize_needed(struct inode *inode) 1534 { 1535 struct dquot **dquots; 1536 int i; 1537 1538 if (!dquot_active(inode)) 1539 return false; 1540 1541 dquots = i_dquot(inode); 1542 for (i = 0; i < MAXQUOTAS; i++) 1543 if (!dquots[i] && sb_has_quota_active(inode->i_sb, i)) 1544 return true; 1545 return false; 1546 } 1547 EXPORT_SYMBOL(dquot_initialize_needed); 1548 1549 /* 1550 * Release all quotas referenced by inode. 1551 * 1552 * This function only be called on inode free or converting 1553 * a file to quota file, no other users for the i_dquot in 1554 * both cases, so we needn't call synchronize_srcu() after 1555 * clearing i_dquot. 1556 */ 1557 static void __dquot_drop(struct inode *inode) 1558 { 1559 int cnt; 1560 struct dquot **dquots = i_dquot(inode); 1561 struct dquot *put[MAXQUOTAS]; 1562 1563 spin_lock(&dq_data_lock); 1564 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1565 put[cnt] = dquots[cnt]; 1566 dquots[cnt] = NULL; 1567 } 1568 spin_unlock(&dq_data_lock); 1569 dqput_all(put); 1570 } 1571 1572 void dquot_drop(struct inode *inode) 1573 { 1574 struct dquot * const *dquots; 1575 int cnt; 1576 1577 if (IS_NOQUOTA(inode)) 1578 return; 1579 1580 /* 1581 * Test before calling to rule out calls from proc and such 1582 * where we are not allowed to block. Note that this is 1583 * actually reliable test even without the lock - the caller 1584 * must assure that nobody can come after the DQUOT_DROP and 1585 * add quota pointers back anyway. 1586 */ 1587 dquots = i_dquot(inode); 1588 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1589 if (dquots[cnt]) 1590 break; 1591 } 1592 1593 if (cnt < MAXQUOTAS) 1594 __dquot_drop(inode); 1595 } 1596 EXPORT_SYMBOL(dquot_drop); 1597 1598 /* 1599 * inode_reserved_space is managed internally by quota, and protected by 1600 * i_lock similar to i_blocks+i_bytes. 1601 */ 1602 static qsize_t *inode_reserved_space(struct inode * inode) 1603 { 1604 /* Filesystem must explicitly define it's own method in order to use 1605 * quota reservation interface */ 1606 BUG_ON(!inode->i_sb->dq_op->get_reserved_space); 1607 return inode->i_sb->dq_op->get_reserved_space(inode); 1608 } 1609 1610 static qsize_t __inode_get_rsv_space(struct inode *inode) 1611 { 1612 if (!inode->i_sb->dq_op->get_reserved_space) 1613 return 0; 1614 return *inode_reserved_space(inode); 1615 } 1616 1617 static qsize_t inode_get_rsv_space(struct inode *inode) 1618 { 1619 qsize_t ret; 1620 1621 if (!inode->i_sb->dq_op->get_reserved_space) 1622 return 0; 1623 spin_lock(&inode->i_lock); 1624 ret = __inode_get_rsv_space(inode); 1625 spin_unlock(&inode->i_lock); 1626 return ret; 1627 } 1628 1629 /* 1630 * This functions updates i_blocks+i_bytes fields and quota information 1631 * (together with appropriate checks). 1632 * 1633 * NOTE: We absolutely rely on the fact that caller dirties the inode 1634 * (usually helpers in quotaops.h care about this) and holds a handle for 1635 * the current transaction so that dquot write and inode write go into the 1636 * same transaction. 1637 */ 1638 1639 /* 1640 * This operation can block, but only after everything is updated 1641 */ 1642 int __dquot_alloc_space(struct inode *inode, qsize_t number, int flags) 1643 { 1644 int cnt, ret = 0, index; 1645 struct dquot_warn warn[MAXQUOTAS]; 1646 int reserve = flags & DQUOT_SPACE_RESERVE; 1647 struct dquot **dquots; 1648 1649 if (!dquot_active(inode)) { 1650 if (reserve) { 1651 spin_lock(&inode->i_lock); 1652 *inode_reserved_space(inode) += number; 1653 spin_unlock(&inode->i_lock); 1654 } else { 1655 inode_add_bytes(inode, number); 1656 } 1657 goto out; 1658 } 1659 1660 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1661 warn[cnt].w_type = QUOTA_NL_NOWARN; 1662 1663 dquots = i_dquot(inode); 1664 index = srcu_read_lock(&dquot_srcu); 1665 spin_lock(&inode->i_lock); 1666 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1667 if (!dquots[cnt]) 1668 continue; 1669 if (flags & DQUOT_SPACE_RESERVE) { 1670 ret = dquot_add_space(dquots[cnt], 0, number, flags, 1671 &warn[cnt]); 1672 } else { 1673 ret = dquot_add_space(dquots[cnt], number, 0, flags, 1674 &warn[cnt]); 1675 } 1676 if (ret) { 1677 /* Back out changes we already did */ 1678 for (cnt--; cnt >= 0; cnt--) { 1679 if (!dquots[cnt]) 1680 continue; 1681 spin_lock(&dquots[cnt]->dq_dqb_lock); 1682 if (flags & DQUOT_SPACE_RESERVE) { 1683 dquots[cnt]->dq_dqb.dqb_rsvspace -= 1684 number; 1685 } else { 1686 dquots[cnt]->dq_dqb.dqb_curspace -= 1687 number; 1688 } 1689 spin_unlock(&dquots[cnt]->dq_dqb_lock); 1690 } 1691 spin_unlock(&inode->i_lock); 1692 goto out_flush_warn; 1693 } 1694 } 1695 if (reserve) 1696 *inode_reserved_space(inode) += number; 1697 else 1698 __inode_add_bytes(inode, number); 1699 spin_unlock(&inode->i_lock); 1700 1701 if (reserve) 1702 goto out_flush_warn; 1703 mark_all_dquot_dirty(dquots); 1704 out_flush_warn: 1705 srcu_read_unlock(&dquot_srcu, index); 1706 flush_warnings(warn); 1707 out: 1708 return ret; 1709 } 1710 EXPORT_SYMBOL(__dquot_alloc_space); 1711 1712 /* 1713 * This operation can block, but only after everything is updated 1714 */ 1715 int dquot_alloc_inode(struct inode *inode) 1716 { 1717 int cnt, ret = 0, index; 1718 struct dquot_warn warn[MAXQUOTAS]; 1719 struct dquot * const *dquots; 1720 1721 if (!dquot_active(inode)) 1722 return 0; 1723 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1724 warn[cnt].w_type = QUOTA_NL_NOWARN; 1725 1726 dquots = i_dquot(inode); 1727 index = srcu_read_lock(&dquot_srcu); 1728 spin_lock(&inode->i_lock); 1729 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1730 if (!dquots[cnt]) 1731 continue; 1732 ret = dquot_add_inodes(dquots[cnt], 1, &warn[cnt]); 1733 if (ret) { 1734 for (cnt--; cnt >= 0; cnt--) { 1735 if (!dquots[cnt]) 1736 continue; 1737 /* Back out changes we already did */ 1738 spin_lock(&dquots[cnt]->dq_dqb_lock); 1739 dquots[cnt]->dq_dqb.dqb_curinodes--; 1740 spin_unlock(&dquots[cnt]->dq_dqb_lock); 1741 } 1742 goto warn_put_all; 1743 } 1744 } 1745 1746 warn_put_all: 1747 spin_unlock(&inode->i_lock); 1748 if (ret == 0) 1749 mark_all_dquot_dirty(dquots); 1750 srcu_read_unlock(&dquot_srcu, index); 1751 flush_warnings(warn); 1752 return ret; 1753 } 1754 EXPORT_SYMBOL(dquot_alloc_inode); 1755 1756 /* 1757 * Convert in-memory reserved quotas to real consumed quotas 1758 */ 1759 int dquot_claim_space_nodirty(struct inode *inode, qsize_t number) 1760 { 1761 struct dquot **dquots; 1762 int cnt, index; 1763 1764 if (!dquot_active(inode)) { 1765 spin_lock(&inode->i_lock); 1766 *inode_reserved_space(inode) -= number; 1767 __inode_add_bytes(inode, number); 1768 spin_unlock(&inode->i_lock); 1769 return 0; 1770 } 1771 1772 dquots = i_dquot(inode); 1773 index = srcu_read_lock(&dquot_srcu); 1774 spin_lock(&inode->i_lock); 1775 /* Claim reserved quotas to allocated quotas */ 1776 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1777 if (dquots[cnt]) { 1778 struct dquot *dquot = dquots[cnt]; 1779 1780 spin_lock(&dquot->dq_dqb_lock); 1781 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_rsvspace < number)) 1782 number = dquot->dq_dqb.dqb_rsvspace; 1783 dquot->dq_dqb.dqb_curspace += number; 1784 dquot->dq_dqb.dqb_rsvspace -= number; 1785 spin_unlock(&dquot->dq_dqb_lock); 1786 } 1787 } 1788 /* Update inode bytes */ 1789 *inode_reserved_space(inode) -= number; 1790 __inode_add_bytes(inode, number); 1791 spin_unlock(&inode->i_lock); 1792 mark_all_dquot_dirty(dquots); 1793 srcu_read_unlock(&dquot_srcu, index); 1794 return 0; 1795 } 1796 EXPORT_SYMBOL(dquot_claim_space_nodirty); 1797 1798 /* 1799 * Convert allocated space back to in-memory reserved quotas 1800 */ 1801 void dquot_reclaim_space_nodirty(struct inode *inode, qsize_t number) 1802 { 1803 struct dquot **dquots; 1804 int cnt, index; 1805 1806 if (!dquot_active(inode)) { 1807 spin_lock(&inode->i_lock); 1808 *inode_reserved_space(inode) += number; 1809 __inode_sub_bytes(inode, number); 1810 spin_unlock(&inode->i_lock); 1811 return; 1812 } 1813 1814 dquots = i_dquot(inode); 1815 index = srcu_read_lock(&dquot_srcu); 1816 spin_lock(&inode->i_lock); 1817 /* Claim reserved quotas to allocated quotas */ 1818 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1819 if (dquots[cnt]) { 1820 struct dquot *dquot = dquots[cnt]; 1821 1822 spin_lock(&dquot->dq_dqb_lock); 1823 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_curspace < number)) 1824 number = dquot->dq_dqb.dqb_curspace; 1825 dquot->dq_dqb.dqb_rsvspace += number; 1826 dquot->dq_dqb.dqb_curspace -= number; 1827 spin_unlock(&dquot->dq_dqb_lock); 1828 } 1829 } 1830 /* Update inode bytes */ 1831 *inode_reserved_space(inode) += number; 1832 __inode_sub_bytes(inode, number); 1833 spin_unlock(&inode->i_lock); 1834 mark_all_dquot_dirty(dquots); 1835 srcu_read_unlock(&dquot_srcu, index); 1836 return; 1837 } 1838 EXPORT_SYMBOL(dquot_reclaim_space_nodirty); 1839 1840 /* 1841 * This operation can block, but only after everything is updated 1842 */ 1843 void __dquot_free_space(struct inode *inode, qsize_t number, int flags) 1844 { 1845 unsigned int cnt; 1846 struct dquot_warn warn[MAXQUOTAS]; 1847 struct dquot **dquots; 1848 int reserve = flags & DQUOT_SPACE_RESERVE, index; 1849 1850 if (!dquot_active(inode)) { 1851 if (reserve) { 1852 spin_lock(&inode->i_lock); 1853 *inode_reserved_space(inode) -= number; 1854 spin_unlock(&inode->i_lock); 1855 } else { 1856 inode_sub_bytes(inode, number); 1857 } 1858 return; 1859 } 1860 1861 dquots = i_dquot(inode); 1862 index = srcu_read_lock(&dquot_srcu); 1863 spin_lock(&inode->i_lock); 1864 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1865 int wtype; 1866 1867 warn[cnt].w_type = QUOTA_NL_NOWARN; 1868 if (!dquots[cnt]) 1869 continue; 1870 spin_lock(&dquots[cnt]->dq_dqb_lock); 1871 wtype = info_bdq_free(dquots[cnt], number); 1872 if (wtype != QUOTA_NL_NOWARN) 1873 prepare_warning(&warn[cnt], dquots[cnt], wtype); 1874 if (reserve) 1875 dquot_free_reserved_space(dquots[cnt], number); 1876 else 1877 dquot_decr_space(dquots[cnt], number); 1878 spin_unlock(&dquots[cnt]->dq_dqb_lock); 1879 } 1880 if (reserve) 1881 *inode_reserved_space(inode) -= number; 1882 else 1883 __inode_sub_bytes(inode, number); 1884 spin_unlock(&inode->i_lock); 1885 1886 if (reserve) 1887 goto out_unlock; 1888 mark_all_dquot_dirty(dquots); 1889 out_unlock: 1890 srcu_read_unlock(&dquot_srcu, index); 1891 flush_warnings(warn); 1892 } 1893 EXPORT_SYMBOL(__dquot_free_space); 1894 1895 /* 1896 * This operation can block, but only after everything is updated 1897 */ 1898 void dquot_free_inode(struct inode *inode) 1899 { 1900 unsigned int cnt; 1901 struct dquot_warn warn[MAXQUOTAS]; 1902 struct dquot * const *dquots; 1903 int index; 1904 1905 if (!dquot_active(inode)) 1906 return; 1907 1908 dquots = i_dquot(inode); 1909 index = srcu_read_lock(&dquot_srcu); 1910 spin_lock(&inode->i_lock); 1911 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1912 int wtype; 1913 1914 warn[cnt].w_type = QUOTA_NL_NOWARN; 1915 if (!dquots[cnt]) 1916 continue; 1917 spin_lock(&dquots[cnt]->dq_dqb_lock); 1918 wtype = info_idq_free(dquots[cnt], 1); 1919 if (wtype != QUOTA_NL_NOWARN) 1920 prepare_warning(&warn[cnt], dquots[cnt], wtype); 1921 dquot_decr_inodes(dquots[cnt], 1); 1922 spin_unlock(&dquots[cnt]->dq_dqb_lock); 1923 } 1924 spin_unlock(&inode->i_lock); 1925 mark_all_dquot_dirty(dquots); 1926 srcu_read_unlock(&dquot_srcu, index); 1927 flush_warnings(warn); 1928 } 1929 EXPORT_SYMBOL(dquot_free_inode); 1930 1931 /* 1932 * Transfer the number of inode and blocks from one diskquota to an other. 1933 * On success, dquot references in transfer_to are consumed and references 1934 * to original dquots that need to be released are placed there. On failure, 1935 * references are kept untouched. 1936 * 1937 * This operation can block, but only after everything is updated 1938 * A transaction must be started when entering this function. 1939 * 1940 * We are holding reference on transfer_from & transfer_to, no need to 1941 * protect them by srcu_read_lock(). 1942 */ 1943 int __dquot_transfer(struct inode *inode, struct dquot **transfer_to) 1944 { 1945 qsize_t cur_space; 1946 qsize_t rsv_space = 0; 1947 qsize_t inode_usage = 1; 1948 struct dquot *transfer_from[MAXQUOTAS] = {}; 1949 int cnt, ret = 0; 1950 char is_valid[MAXQUOTAS] = {}; 1951 struct dquot_warn warn_to[MAXQUOTAS]; 1952 struct dquot_warn warn_from_inodes[MAXQUOTAS]; 1953 struct dquot_warn warn_from_space[MAXQUOTAS]; 1954 1955 if (IS_NOQUOTA(inode)) 1956 return 0; 1957 1958 if (inode->i_sb->dq_op->get_inode_usage) { 1959 ret = inode->i_sb->dq_op->get_inode_usage(inode, &inode_usage); 1960 if (ret) 1961 return ret; 1962 } 1963 1964 /* Initialize the arrays */ 1965 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1966 warn_to[cnt].w_type = QUOTA_NL_NOWARN; 1967 warn_from_inodes[cnt].w_type = QUOTA_NL_NOWARN; 1968 warn_from_space[cnt].w_type = QUOTA_NL_NOWARN; 1969 } 1970 1971 spin_lock(&dq_data_lock); 1972 spin_lock(&inode->i_lock); 1973 if (IS_NOQUOTA(inode)) { /* File without quota accounting? */ 1974 spin_unlock(&inode->i_lock); 1975 spin_unlock(&dq_data_lock); 1976 return 0; 1977 } 1978 cur_space = __inode_get_bytes(inode); 1979 rsv_space = __inode_get_rsv_space(inode); 1980 /* 1981 * Build the transfer_from list, check limits, and update usage in 1982 * the target structures. 1983 */ 1984 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1985 /* 1986 * Skip changes for same uid or gid or for turned off quota-type. 1987 */ 1988 if (!transfer_to[cnt]) 1989 continue; 1990 /* Avoid races with quotaoff() */ 1991 if (!sb_has_quota_active(inode->i_sb, cnt)) 1992 continue; 1993 is_valid[cnt] = 1; 1994 transfer_from[cnt] = i_dquot(inode)[cnt]; 1995 ret = dquot_add_inodes(transfer_to[cnt], inode_usage, 1996 &warn_to[cnt]); 1997 if (ret) 1998 goto over_quota; 1999 ret = dquot_add_space(transfer_to[cnt], cur_space, rsv_space, 0, 2000 &warn_to[cnt]); 2001 if (ret) { 2002 spin_lock(&transfer_to[cnt]->dq_dqb_lock); 2003 dquot_decr_inodes(transfer_to[cnt], inode_usage); 2004 spin_unlock(&transfer_to[cnt]->dq_dqb_lock); 2005 goto over_quota; 2006 } 2007 } 2008 2009 /* Decrease usage for source structures and update quota pointers */ 2010 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2011 if (!is_valid[cnt]) 2012 continue; 2013 /* Due to IO error we might not have transfer_from[] structure */ 2014 if (transfer_from[cnt]) { 2015 int wtype; 2016 2017 spin_lock(&transfer_from[cnt]->dq_dqb_lock); 2018 wtype = info_idq_free(transfer_from[cnt], inode_usage); 2019 if (wtype != QUOTA_NL_NOWARN) 2020 prepare_warning(&warn_from_inodes[cnt], 2021 transfer_from[cnt], wtype); 2022 wtype = info_bdq_free(transfer_from[cnt], 2023 cur_space + rsv_space); 2024 if (wtype != QUOTA_NL_NOWARN) 2025 prepare_warning(&warn_from_space[cnt], 2026 transfer_from[cnt], wtype); 2027 dquot_decr_inodes(transfer_from[cnt], inode_usage); 2028 dquot_decr_space(transfer_from[cnt], cur_space); 2029 dquot_free_reserved_space(transfer_from[cnt], 2030 rsv_space); 2031 spin_unlock(&transfer_from[cnt]->dq_dqb_lock); 2032 } 2033 i_dquot(inode)[cnt] = transfer_to[cnt]; 2034 } 2035 spin_unlock(&inode->i_lock); 2036 spin_unlock(&dq_data_lock); 2037 2038 mark_all_dquot_dirty(transfer_from); 2039 mark_all_dquot_dirty(transfer_to); 2040 flush_warnings(warn_to); 2041 flush_warnings(warn_from_inodes); 2042 flush_warnings(warn_from_space); 2043 /* Pass back references to put */ 2044 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2045 if (is_valid[cnt]) 2046 transfer_to[cnt] = transfer_from[cnt]; 2047 return 0; 2048 over_quota: 2049 /* Back out changes we already did */ 2050 for (cnt--; cnt >= 0; cnt--) { 2051 if (!is_valid[cnt]) 2052 continue; 2053 spin_lock(&transfer_to[cnt]->dq_dqb_lock); 2054 dquot_decr_inodes(transfer_to[cnt], inode_usage); 2055 dquot_decr_space(transfer_to[cnt], cur_space); 2056 dquot_free_reserved_space(transfer_to[cnt], rsv_space); 2057 spin_unlock(&transfer_to[cnt]->dq_dqb_lock); 2058 } 2059 spin_unlock(&inode->i_lock); 2060 spin_unlock(&dq_data_lock); 2061 flush_warnings(warn_to); 2062 return ret; 2063 } 2064 EXPORT_SYMBOL(__dquot_transfer); 2065 2066 /* Wrapper for transferring ownership of an inode for uid/gid only 2067 * Called from FSXXX_setattr() 2068 */ 2069 int dquot_transfer(struct inode *inode, struct iattr *iattr) 2070 { 2071 struct dquot *transfer_to[MAXQUOTAS] = {}; 2072 struct dquot *dquot; 2073 struct super_block *sb = inode->i_sb; 2074 int ret; 2075 2076 if (!dquot_active(inode)) 2077 return 0; 2078 2079 if (iattr->ia_valid & ATTR_UID && !uid_eq(iattr->ia_uid, inode->i_uid)){ 2080 dquot = dqget(sb, make_kqid_uid(iattr->ia_uid)); 2081 if (IS_ERR(dquot)) { 2082 if (PTR_ERR(dquot) != -ESRCH) { 2083 ret = PTR_ERR(dquot); 2084 goto out_put; 2085 } 2086 dquot = NULL; 2087 } 2088 transfer_to[USRQUOTA] = dquot; 2089 } 2090 if (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid)){ 2091 dquot = dqget(sb, make_kqid_gid(iattr->ia_gid)); 2092 if (IS_ERR(dquot)) { 2093 if (PTR_ERR(dquot) != -ESRCH) { 2094 ret = PTR_ERR(dquot); 2095 goto out_put; 2096 } 2097 dquot = NULL; 2098 } 2099 transfer_to[GRPQUOTA] = dquot; 2100 } 2101 ret = __dquot_transfer(inode, transfer_to); 2102 out_put: 2103 dqput_all(transfer_to); 2104 return ret; 2105 } 2106 EXPORT_SYMBOL(dquot_transfer); 2107 2108 /* 2109 * Write info of quota file to disk 2110 */ 2111 int dquot_commit_info(struct super_block *sb, int type) 2112 { 2113 struct quota_info *dqopt = sb_dqopt(sb); 2114 2115 return dqopt->ops[type]->write_file_info(sb, type); 2116 } 2117 EXPORT_SYMBOL(dquot_commit_info); 2118 2119 int dquot_get_next_id(struct super_block *sb, struct kqid *qid) 2120 { 2121 struct quota_info *dqopt = sb_dqopt(sb); 2122 2123 if (!sb_has_quota_active(sb, qid->type)) 2124 return -ESRCH; 2125 if (!dqopt->ops[qid->type]->get_next_id) 2126 return -ENOSYS; 2127 return dqopt->ops[qid->type]->get_next_id(sb, qid); 2128 } 2129 EXPORT_SYMBOL(dquot_get_next_id); 2130 2131 /* 2132 * Definitions of diskquota operations. 2133 */ 2134 const struct dquot_operations dquot_operations = { 2135 .write_dquot = dquot_commit, 2136 .acquire_dquot = dquot_acquire, 2137 .release_dquot = dquot_release, 2138 .mark_dirty = dquot_mark_dquot_dirty, 2139 .write_info = dquot_commit_info, 2140 .alloc_dquot = dquot_alloc, 2141 .destroy_dquot = dquot_destroy, 2142 .get_next_id = dquot_get_next_id, 2143 }; 2144 EXPORT_SYMBOL(dquot_operations); 2145 2146 /* 2147 * Generic helper for ->open on filesystems supporting disk quotas. 2148 */ 2149 int dquot_file_open(struct inode *inode, struct file *file) 2150 { 2151 int error; 2152 2153 error = generic_file_open(inode, file); 2154 if (!error && (file->f_mode & FMODE_WRITE)) 2155 error = dquot_initialize(inode); 2156 return error; 2157 } 2158 EXPORT_SYMBOL(dquot_file_open); 2159 2160 /* 2161 * Turn quota off on a device. type == -1 ==> quotaoff for all types (umount) 2162 */ 2163 int dquot_disable(struct super_block *sb, int type, unsigned int flags) 2164 { 2165 int cnt, ret = 0; 2166 struct quota_info *dqopt = sb_dqopt(sb); 2167 struct inode *toputinode[MAXQUOTAS]; 2168 2169 /* s_umount should be held in exclusive mode */ 2170 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount))) 2171 up_read(&sb->s_umount); 2172 2173 /* Cannot turn off usage accounting without turning off limits, or 2174 * suspend quotas and simultaneously turn quotas off. */ 2175 if ((flags & DQUOT_USAGE_ENABLED && !(flags & DQUOT_LIMITS_ENABLED)) 2176 || (flags & DQUOT_SUSPENDED && flags & (DQUOT_LIMITS_ENABLED | 2177 DQUOT_USAGE_ENABLED))) 2178 return -EINVAL; 2179 2180 /* 2181 * Skip everything if there's nothing to do. We have to do this because 2182 * sometimes we are called when fill_super() failed and calling 2183 * sync_fs() in such cases does no good. 2184 */ 2185 if (!sb_any_quota_loaded(sb)) 2186 return 0; 2187 2188 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2189 toputinode[cnt] = NULL; 2190 if (type != -1 && cnt != type) 2191 continue; 2192 if (!sb_has_quota_loaded(sb, cnt)) 2193 continue; 2194 2195 if (flags & DQUOT_SUSPENDED) { 2196 spin_lock(&dq_state_lock); 2197 dqopt->flags |= 2198 dquot_state_flag(DQUOT_SUSPENDED, cnt); 2199 spin_unlock(&dq_state_lock); 2200 } else { 2201 spin_lock(&dq_state_lock); 2202 dqopt->flags &= ~dquot_state_flag(flags, cnt); 2203 /* Turning off suspended quotas? */ 2204 if (!sb_has_quota_loaded(sb, cnt) && 2205 sb_has_quota_suspended(sb, cnt)) { 2206 dqopt->flags &= ~dquot_state_flag( 2207 DQUOT_SUSPENDED, cnt); 2208 spin_unlock(&dq_state_lock); 2209 iput(dqopt->files[cnt]); 2210 dqopt->files[cnt] = NULL; 2211 continue; 2212 } 2213 spin_unlock(&dq_state_lock); 2214 } 2215 2216 /* We still have to keep quota loaded? */ 2217 if (sb_has_quota_loaded(sb, cnt) && !(flags & DQUOT_SUSPENDED)) 2218 continue; 2219 2220 /* Note: these are blocking operations */ 2221 drop_dquot_ref(sb, cnt); 2222 invalidate_dquots(sb, cnt); 2223 /* 2224 * Now all dquots should be invalidated, all writes done so we 2225 * should be only users of the info. No locks needed. 2226 */ 2227 if (info_dirty(&dqopt->info[cnt])) 2228 sb->dq_op->write_info(sb, cnt); 2229 if (dqopt->ops[cnt]->free_file_info) 2230 dqopt->ops[cnt]->free_file_info(sb, cnt); 2231 put_quota_format(dqopt->info[cnt].dqi_format); 2232 2233 toputinode[cnt] = dqopt->files[cnt]; 2234 if (!sb_has_quota_loaded(sb, cnt)) 2235 dqopt->files[cnt] = NULL; 2236 dqopt->info[cnt].dqi_flags = 0; 2237 dqopt->info[cnt].dqi_igrace = 0; 2238 dqopt->info[cnt].dqi_bgrace = 0; 2239 dqopt->ops[cnt] = NULL; 2240 } 2241 2242 /* Skip syncing and setting flags if quota files are hidden */ 2243 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) 2244 goto put_inodes; 2245 2246 /* Sync the superblock so that buffers with quota data are written to 2247 * disk (and so userspace sees correct data afterwards). */ 2248 if (sb->s_op->sync_fs) 2249 sb->s_op->sync_fs(sb, 1); 2250 sync_blockdev(sb->s_bdev); 2251 /* Now the quota files are just ordinary files and we can set the 2252 * inode flags back. Moreover we discard the pagecache so that 2253 * userspace sees the writes we did bypassing the pagecache. We 2254 * must also discard the blockdev buffers so that we see the 2255 * changes done by userspace on the next quotaon() */ 2256 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2257 /* This can happen when suspending quotas on remount-ro... */ 2258 if (toputinode[cnt] && !sb_has_quota_loaded(sb, cnt)) { 2259 inode_lock(toputinode[cnt]); 2260 toputinode[cnt]->i_flags &= ~S_NOQUOTA; 2261 truncate_inode_pages(&toputinode[cnt]->i_data, 0); 2262 inode_unlock(toputinode[cnt]); 2263 mark_inode_dirty_sync(toputinode[cnt]); 2264 } 2265 if (sb->s_bdev) 2266 invalidate_bdev(sb->s_bdev); 2267 put_inodes: 2268 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2269 if (toputinode[cnt]) { 2270 /* On remount RO, we keep the inode pointer so that we 2271 * can reenable quota on the subsequent remount RW. We 2272 * have to check 'flags' variable and not use sb_has_ 2273 * function because another quotaon / quotaoff could 2274 * change global state before we got here. We refuse 2275 * to suspend quotas when there is pending delete on 2276 * the quota file... */ 2277 if (!(flags & DQUOT_SUSPENDED)) 2278 iput(toputinode[cnt]); 2279 else if (!toputinode[cnt]->i_nlink) 2280 ret = -EBUSY; 2281 } 2282 return ret; 2283 } 2284 EXPORT_SYMBOL(dquot_disable); 2285 2286 int dquot_quota_off(struct super_block *sb, int type) 2287 { 2288 return dquot_disable(sb, type, 2289 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2290 } 2291 EXPORT_SYMBOL(dquot_quota_off); 2292 2293 /* 2294 * Turn quotas on on a device 2295 */ 2296 2297 /* 2298 * Helper function to turn quotas on when we already have the inode of 2299 * quota file and no quota information is loaded. 2300 */ 2301 static int vfs_load_quota_inode(struct inode *inode, int type, int format_id, 2302 unsigned int flags) 2303 { 2304 struct quota_format_type *fmt = find_quota_format(format_id); 2305 struct super_block *sb = inode->i_sb; 2306 struct quota_info *dqopt = sb_dqopt(sb); 2307 int error; 2308 2309 if (!fmt) 2310 return -ESRCH; 2311 if (!S_ISREG(inode->i_mode)) { 2312 error = -EACCES; 2313 goto out_fmt; 2314 } 2315 if (IS_RDONLY(inode)) { 2316 error = -EROFS; 2317 goto out_fmt; 2318 } 2319 if (!sb->s_op->quota_write || !sb->s_op->quota_read || 2320 (type == PRJQUOTA && sb->dq_op->get_projid == NULL)) { 2321 error = -EINVAL; 2322 goto out_fmt; 2323 } 2324 /* Filesystems outside of init_user_ns not yet supported */ 2325 if (sb->s_user_ns != &init_user_ns) { 2326 error = -EINVAL; 2327 goto out_fmt; 2328 } 2329 /* Usage always has to be set... */ 2330 if (!(flags & DQUOT_USAGE_ENABLED)) { 2331 error = -EINVAL; 2332 goto out_fmt; 2333 } 2334 if (sb_has_quota_loaded(sb, type)) { 2335 error = -EBUSY; 2336 goto out_fmt; 2337 } 2338 2339 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2340 /* As we bypass the pagecache we must now flush all the 2341 * dirty data and invalidate caches so that kernel sees 2342 * changes from userspace. It is not enough to just flush 2343 * the quota file since if blocksize < pagesize, invalidation 2344 * of the cache could fail because of other unrelated dirty 2345 * data */ 2346 sync_filesystem(sb); 2347 invalidate_bdev(sb->s_bdev); 2348 } 2349 2350 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2351 /* We don't want quota and atime on quota files (deadlocks 2352 * possible) Also nobody should write to the file - we use 2353 * special IO operations which ignore the immutable bit. */ 2354 inode_lock(inode); 2355 inode->i_flags |= S_NOQUOTA; 2356 inode_unlock(inode); 2357 /* 2358 * When S_NOQUOTA is set, remove dquot references as no more 2359 * references can be added 2360 */ 2361 __dquot_drop(inode); 2362 } 2363 2364 error = -EIO; 2365 dqopt->files[type] = igrab(inode); 2366 if (!dqopt->files[type]) 2367 goto out_file_flags; 2368 error = -EINVAL; 2369 if (!fmt->qf_ops->check_quota_file(sb, type)) 2370 goto out_file_init; 2371 2372 dqopt->ops[type] = fmt->qf_ops; 2373 dqopt->info[type].dqi_format = fmt; 2374 dqopt->info[type].dqi_fmt_id = format_id; 2375 INIT_LIST_HEAD(&dqopt->info[type].dqi_dirty_list); 2376 error = dqopt->ops[type]->read_file_info(sb, type); 2377 if (error < 0) 2378 goto out_file_init; 2379 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) { 2380 spin_lock(&dq_data_lock); 2381 dqopt->info[type].dqi_flags |= DQF_SYS_FILE; 2382 spin_unlock(&dq_data_lock); 2383 } 2384 spin_lock(&dq_state_lock); 2385 dqopt->flags |= dquot_state_flag(flags, type); 2386 spin_unlock(&dq_state_lock); 2387 2388 error = add_dquot_ref(sb, type); 2389 if (error) 2390 dquot_disable(sb, type, flags); 2391 2392 return error; 2393 out_file_init: 2394 dqopt->files[type] = NULL; 2395 iput(inode); 2396 out_file_flags: 2397 inode_lock(inode); 2398 inode->i_flags &= ~S_NOQUOTA; 2399 inode_unlock(inode); 2400 out_fmt: 2401 put_quota_format(fmt); 2402 2403 return error; 2404 } 2405 2406 /* Reenable quotas on remount RW */ 2407 int dquot_resume(struct super_block *sb, int type) 2408 { 2409 struct quota_info *dqopt = sb_dqopt(sb); 2410 struct inode *inode; 2411 int ret = 0, cnt; 2412 unsigned int flags; 2413 2414 /* s_umount should be held in exclusive mode */ 2415 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount))) 2416 up_read(&sb->s_umount); 2417 2418 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2419 if (type != -1 && cnt != type) 2420 continue; 2421 if (!sb_has_quota_suspended(sb, cnt)) 2422 continue; 2423 2424 inode = dqopt->files[cnt]; 2425 dqopt->files[cnt] = NULL; 2426 spin_lock(&dq_state_lock); 2427 flags = dqopt->flags & dquot_state_flag(DQUOT_USAGE_ENABLED | 2428 DQUOT_LIMITS_ENABLED, 2429 cnt); 2430 dqopt->flags &= ~dquot_state_flag(DQUOT_STATE_FLAGS, cnt); 2431 spin_unlock(&dq_state_lock); 2432 2433 flags = dquot_generic_flag(flags, cnt); 2434 ret = vfs_load_quota_inode(inode, cnt, 2435 dqopt->info[cnt].dqi_fmt_id, flags); 2436 iput(inode); 2437 } 2438 2439 return ret; 2440 } 2441 EXPORT_SYMBOL(dquot_resume); 2442 2443 int dquot_quota_on(struct super_block *sb, int type, int format_id, 2444 const struct path *path) 2445 { 2446 int error = security_quota_on(path->dentry); 2447 if (error) 2448 return error; 2449 /* Quota file not on the same filesystem? */ 2450 if (path->dentry->d_sb != sb) 2451 error = -EXDEV; 2452 else 2453 error = vfs_load_quota_inode(d_inode(path->dentry), type, 2454 format_id, DQUOT_USAGE_ENABLED | 2455 DQUOT_LIMITS_ENABLED); 2456 return error; 2457 } 2458 EXPORT_SYMBOL(dquot_quota_on); 2459 2460 /* 2461 * More powerful function for turning on quotas allowing setting 2462 * of individual quota flags 2463 */ 2464 int dquot_enable(struct inode *inode, int type, int format_id, 2465 unsigned int flags) 2466 { 2467 struct super_block *sb = inode->i_sb; 2468 2469 /* Just unsuspend quotas? */ 2470 BUG_ON(flags & DQUOT_SUSPENDED); 2471 /* s_umount should be held in exclusive mode */ 2472 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount))) 2473 up_read(&sb->s_umount); 2474 2475 if (!flags) 2476 return 0; 2477 /* Just updating flags needed? */ 2478 if (sb_has_quota_loaded(sb, type)) { 2479 if (flags & DQUOT_USAGE_ENABLED && 2480 sb_has_quota_usage_enabled(sb, type)) 2481 return -EBUSY; 2482 if (flags & DQUOT_LIMITS_ENABLED && 2483 sb_has_quota_limits_enabled(sb, type)) 2484 return -EBUSY; 2485 spin_lock(&dq_state_lock); 2486 sb_dqopt(sb)->flags |= dquot_state_flag(flags, type); 2487 spin_unlock(&dq_state_lock); 2488 return 0; 2489 } 2490 2491 return vfs_load_quota_inode(inode, type, format_id, flags); 2492 } 2493 EXPORT_SYMBOL(dquot_enable); 2494 2495 /* 2496 * This function is used when filesystem needs to initialize quotas 2497 * during mount time. 2498 */ 2499 int dquot_quota_on_mount(struct super_block *sb, char *qf_name, 2500 int format_id, int type) 2501 { 2502 struct dentry *dentry; 2503 int error; 2504 2505 dentry = lookup_one_len_unlocked(qf_name, sb->s_root, strlen(qf_name)); 2506 if (IS_ERR(dentry)) 2507 return PTR_ERR(dentry); 2508 2509 if (d_really_is_negative(dentry)) { 2510 error = -ENOENT; 2511 goto out; 2512 } 2513 2514 error = security_quota_on(dentry); 2515 if (!error) 2516 error = vfs_load_quota_inode(d_inode(dentry), type, format_id, 2517 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2518 2519 out: 2520 dput(dentry); 2521 return error; 2522 } 2523 EXPORT_SYMBOL(dquot_quota_on_mount); 2524 2525 static int dquot_quota_enable(struct super_block *sb, unsigned int flags) 2526 { 2527 int ret; 2528 int type; 2529 struct quota_info *dqopt = sb_dqopt(sb); 2530 2531 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) 2532 return -ENOSYS; 2533 /* Accounting cannot be turned on while fs is mounted */ 2534 flags &= ~(FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT); 2535 if (!flags) 2536 return -EINVAL; 2537 for (type = 0; type < MAXQUOTAS; type++) { 2538 if (!(flags & qtype_enforce_flag(type))) 2539 continue; 2540 /* Can't enforce without accounting */ 2541 if (!sb_has_quota_usage_enabled(sb, type)) 2542 return -EINVAL; 2543 ret = dquot_enable(dqopt->files[type], type, 2544 dqopt->info[type].dqi_fmt_id, 2545 DQUOT_LIMITS_ENABLED); 2546 if (ret < 0) 2547 goto out_err; 2548 } 2549 return 0; 2550 out_err: 2551 /* Backout enforcement enablement we already did */ 2552 for (type--; type >= 0; type--) { 2553 if (flags & qtype_enforce_flag(type)) 2554 dquot_disable(sb, type, DQUOT_LIMITS_ENABLED); 2555 } 2556 /* Error code translation for better compatibility with XFS */ 2557 if (ret == -EBUSY) 2558 ret = -EEXIST; 2559 return ret; 2560 } 2561 2562 static int dquot_quota_disable(struct super_block *sb, unsigned int flags) 2563 { 2564 int ret; 2565 int type; 2566 struct quota_info *dqopt = sb_dqopt(sb); 2567 2568 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) 2569 return -ENOSYS; 2570 /* 2571 * We don't support turning off accounting via quotactl. In principle 2572 * quota infrastructure can do this but filesystems don't expect 2573 * userspace to be able to do it. 2574 */ 2575 if (flags & 2576 (FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT)) 2577 return -EOPNOTSUPP; 2578 2579 /* Filter out limits not enabled */ 2580 for (type = 0; type < MAXQUOTAS; type++) 2581 if (!sb_has_quota_limits_enabled(sb, type)) 2582 flags &= ~qtype_enforce_flag(type); 2583 /* Nothing left? */ 2584 if (!flags) 2585 return -EEXIST; 2586 for (type = 0; type < MAXQUOTAS; type++) { 2587 if (flags & qtype_enforce_flag(type)) { 2588 ret = dquot_disable(sb, type, DQUOT_LIMITS_ENABLED); 2589 if (ret < 0) 2590 goto out_err; 2591 } 2592 } 2593 return 0; 2594 out_err: 2595 /* Backout enforcement disabling we already did */ 2596 for (type--; type >= 0; type--) { 2597 if (flags & qtype_enforce_flag(type)) 2598 dquot_enable(dqopt->files[type], type, 2599 dqopt->info[type].dqi_fmt_id, 2600 DQUOT_LIMITS_ENABLED); 2601 } 2602 return ret; 2603 } 2604 2605 /* Generic routine for getting common part of quota structure */ 2606 static void do_get_dqblk(struct dquot *dquot, struct qc_dqblk *di) 2607 { 2608 struct mem_dqblk *dm = &dquot->dq_dqb; 2609 2610 memset(di, 0, sizeof(*di)); 2611 spin_lock(&dquot->dq_dqb_lock); 2612 di->d_spc_hardlimit = dm->dqb_bhardlimit; 2613 di->d_spc_softlimit = dm->dqb_bsoftlimit; 2614 di->d_ino_hardlimit = dm->dqb_ihardlimit; 2615 di->d_ino_softlimit = dm->dqb_isoftlimit; 2616 di->d_space = dm->dqb_curspace + dm->dqb_rsvspace; 2617 di->d_ino_count = dm->dqb_curinodes; 2618 di->d_spc_timer = dm->dqb_btime; 2619 di->d_ino_timer = dm->dqb_itime; 2620 spin_unlock(&dquot->dq_dqb_lock); 2621 } 2622 2623 int dquot_get_dqblk(struct super_block *sb, struct kqid qid, 2624 struct qc_dqblk *di) 2625 { 2626 struct dquot *dquot; 2627 2628 dquot = dqget(sb, qid); 2629 if (IS_ERR(dquot)) 2630 return PTR_ERR(dquot); 2631 do_get_dqblk(dquot, di); 2632 dqput(dquot); 2633 2634 return 0; 2635 } 2636 EXPORT_SYMBOL(dquot_get_dqblk); 2637 2638 int dquot_get_next_dqblk(struct super_block *sb, struct kqid *qid, 2639 struct qc_dqblk *di) 2640 { 2641 struct dquot *dquot; 2642 int err; 2643 2644 if (!sb->dq_op->get_next_id) 2645 return -ENOSYS; 2646 err = sb->dq_op->get_next_id(sb, qid); 2647 if (err < 0) 2648 return err; 2649 dquot = dqget(sb, *qid); 2650 if (IS_ERR(dquot)) 2651 return PTR_ERR(dquot); 2652 do_get_dqblk(dquot, di); 2653 dqput(dquot); 2654 2655 return 0; 2656 } 2657 EXPORT_SYMBOL(dquot_get_next_dqblk); 2658 2659 #define VFS_QC_MASK \ 2660 (QC_SPACE | QC_SPC_SOFT | QC_SPC_HARD | \ 2661 QC_INO_COUNT | QC_INO_SOFT | QC_INO_HARD | \ 2662 QC_SPC_TIMER | QC_INO_TIMER) 2663 2664 /* Generic routine for setting common part of quota structure */ 2665 static int do_set_dqblk(struct dquot *dquot, struct qc_dqblk *di) 2666 { 2667 struct mem_dqblk *dm = &dquot->dq_dqb; 2668 int check_blim = 0, check_ilim = 0; 2669 struct mem_dqinfo *dqi = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type]; 2670 2671 if (di->d_fieldmask & ~VFS_QC_MASK) 2672 return -EINVAL; 2673 2674 if (((di->d_fieldmask & QC_SPC_SOFT) && 2675 di->d_spc_softlimit > dqi->dqi_max_spc_limit) || 2676 ((di->d_fieldmask & QC_SPC_HARD) && 2677 di->d_spc_hardlimit > dqi->dqi_max_spc_limit) || 2678 ((di->d_fieldmask & QC_INO_SOFT) && 2679 (di->d_ino_softlimit > dqi->dqi_max_ino_limit)) || 2680 ((di->d_fieldmask & QC_INO_HARD) && 2681 (di->d_ino_hardlimit > dqi->dqi_max_ino_limit))) 2682 return -ERANGE; 2683 2684 spin_lock(&dquot->dq_dqb_lock); 2685 if (di->d_fieldmask & QC_SPACE) { 2686 dm->dqb_curspace = di->d_space - dm->dqb_rsvspace; 2687 check_blim = 1; 2688 set_bit(DQ_LASTSET_B + QIF_SPACE_B, &dquot->dq_flags); 2689 } 2690 2691 if (di->d_fieldmask & QC_SPC_SOFT) 2692 dm->dqb_bsoftlimit = di->d_spc_softlimit; 2693 if (di->d_fieldmask & QC_SPC_HARD) 2694 dm->dqb_bhardlimit = di->d_spc_hardlimit; 2695 if (di->d_fieldmask & (QC_SPC_SOFT | QC_SPC_HARD)) { 2696 check_blim = 1; 2697 set_bit(DQ_LASTSET_B + QIF_BLIMITS_B, &dquot->dq_flags); 2698 } 2699 2700 if (di->d_fieldmask & QC_INO_COUNT) { 2701 dm->dqb_curinodes = di->d_ino_count; 2702 check_ilim = 1; 2703 set_bit(DQ_LASTSET_B + QIF_INODES_B, &dquot->dq_flags); 2704 } 2705 2706 if (di->d_fieldmask & QC_INO_SOFT) 2707 dm->dqb_isoftlimit = di->d_ino_softlimit; 2708 if (di->d_fieldmask & QC_INO_HARD) 2709 dm->dqb_ihardlimit = di->d_ino_hardlimit; 2710 if (di->d_fieldmask & (QC_INO_SOFT | QC_INO_HARD)) { 2711 check_ilim = 1; 2712 set_bit(DQ_LASTSET_B + QIF_ILIMITS_B, &dquot->dq_flags); 2713 } 2714 2715 if (di->d_fieldmask & QC_SPC_TIMER) { 2716 dm->dqb_btime = di->d_spc_timer; 2717 check_blim = 1; 2718 set_bit(DQ_LASTSET_B + QIF_BTIME_B, &dquot->dq_flags); 2719 } 2720 2721 if (di->d_fieldmask & QC_INO_TIMER) { 2722 dm->dqb_itime = di->d_ino_timer; 2723 check_ilim = 1; 2724 set_bit(DQ_LASTSET_B + QIF_ITIME_B, &dquot->dq_flags); 2725 } 2726 2727 if (check_blim) { 2728 if (!dm->dqb_bsoftlimit || 2729 dm->dqb_curspace + dm->dqb_rsvspace < dm->dqb_bsoftlimit) { 2730 dm->dqb_btime = 0; 2731 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 2732 } else if (!(di->d_fieldmask & QC_SPC_TIMER)) 2733 /* Set grace only if user hasn't provided his own... */ 2734 dm->dqb_btime = ktime_get_real_seconds() + dqi->dqi_bgrace; 2735 } 2736 if (check_ilim) { 2737 if (!dm->dqb_isoftlimit || 2738 dm->dqb_curinodes < dm->dqb_isoftlimit) { 2739 dm->dqb_itime = 0; 2740 clear_bit(DQ_INODES_B, &dquot->dq_flags); 2741 } else if (!(di->d_fieldmask & QC_INO_TIMER)) 2742 /* Set grace only if user hasn't provided his own... */ 2743 dm->dqb_itime = ktime_get_real_seconds() + dqi->dqi_igrace; 2744 } 2745 if (dm->dqb_bhardlimit || dm->dqb_bsoftlimit || dm->dqb_ihardlimit || 2746 dm->dqb_isoftlimit) 2747 clear_bit(DQ_FAKE_B, &dquot->dq_flags); 2748 else 2749 set_bit(DQ_FAKE_B, &dquot->dq_flags); 2750 spin_unlock(&dquot->dq_dqb_lock); 2751 mark_dquot_dirty(dquot); 2752 2753 return 0; 2754 } 2755 2756 int dquot_set_dqblk(struct super_block *sb, struct kqid qid, 2757 struct qc_dqblk *di) 2758 { 2759 struct dquot *dquot; 2760 int rc; 2761 2762 dquot = dqget(sb, qid); 2763 if (IS_ERR(dquot)) { 2764 rc = PTR_ERR(dquot); 2765 goto out; 2766 } 2767 rc = do_set_dqblk(dquot, di); 2768 dqput(dquot); 2769 out: 2770 return rc; 2771 } 2772 EXPORT_SYMBOL(dquot_set_dqblk); 2773 2774 /* Generic routine for getting common part of quota file information */ 2775 int dquot_get_state(struct super_block *sb, struct qc_state *state) 2776 { 2777 struct mem_dqinfo *mi; 2778 struct qc_type_state *tstate; 2779 struct quota_info *dqopt = sb_dqopt(sb); 2780 int type; 2781 2782 memset(state, 0, sizeof(*state)); 2783 for (type = 0; type < MAXQUOTAS; type++) { 2784 if (!sb_has_quota_active(sb, type)) 2785 continue; 2786 tstate = state->s_state + type; 2787 mi = sb_dqopt(sb)->info + type; 2788 tstate->flags = QCI_ACCT_ENABLED; 2789 spin_lock(&dq_data_lock); 2790 if (mi->dqi_flags & DQF_SYS_FILE) 2791 tstate->flags |= QCI_SYSFILE; 2792 if (mi->dqi_flags & DQF_ROOT_SQUASH) 2793 tstate->flags |= QCI_ROOT_SQUASH; 2794 if (sb_has_quota_limits_enabled(sb, type)) 2795 tstate->flags |= QCI_LIMITS_ENFORCED; 2796 tstate->spc_timelimit = mi->dqi_bgrace; 2797 tstate->ino_timelimit = mi->dqi_igrace; 2798 tstate->ino = dqopt->files[type]->i_ino; 2799 tstate->blocks = dqopt->files[type]->i_blocks; 2800 tstate->nextents = 1; /* We don't know... */ 2801 spin_unlock(&dq_data_lock); 2802 } 2803 return 0; 2804 } 2805 EXPORT_SYMBOL(dquot_get_state); 2806 2807 /* Generic routine for setting common part of quota file information */ 2808 int dquot_set_dqinfo(struct super_block *sb, int type, struct qc_info *ii) 2809 { 2810 struct mem_dqinfo *mi; 2811 int err = 0; 2812 2813 if ((ii->i_fieldmask & QC_WARNS_MASK) || 2814 (ii->i_fieldmask & QC_RT_SPC_TIMER)) 2815 return -EINVAL; 2816 if (!sb_has_quota_active(sb, type)) 2817 return -ESRCH; 2818 mi = sb_dqopt(sb)->info + type; 2819 if (ii->i_fieldmask & QC_FLAGS) { 2820 if ((ii->i_flags & QCI_ROOT_SQUASH && 2821 mi->dqi_format->qf_fmt_id != QFMT_VFS_OLD)) 2822 return -EINVAL; 2823 } 2824 spin_lock(&dq_data_lock); 2825 if (ii->i_fieldmask & QC_SPC_TIMER) 2826 mi->dqi_bgrace = ii->i_spc_timelimit; 2827 if (ii->i_fieldmask & QC_INO_TIMER) 2828 mi->dqi_igrace = ii->i_ino_timelimit; 2829 if (ii->i_fieldmask & QC_FLAGS) { 2830 if (ii->i_flags & QCI_ROOT_SQUASH) 2831 mi->dqi_flags |= DQF_ROOT_SQUASH; 2832 else 2833 mi->dqi_flags &= ~DQF_ROOT_SQUASH; 2834 } 2835 spin_unlock(&dq_data_lock); 2836 mark_info_dirty(sb, type); 2837 /* Force write to disk */ 2838 sb->dq_op->write_info(sb, type); 2839 return err; 2840 } 2841 EXPORT_SYMBOL(dquot_set_dqinfo); 2842 2843 const struct quotactl_ops dquot_quotactl_sysfile_ops = { 2844 .quota_enable = dquot_quota_enable, 2845 .quota_disable = dquot_quota_disable, 2846 .quota_sync = dquot_quota_sync, 2847 .get_state = dquot_get_state, 2848 .set_info = dquot_set_dqinfo, 2849 .get_dqblk = dquot_get_dqblk, 2850 .get_nextdqblk = dquot_get_next_dqblk, 2851 .set_dqblk = dquot_set_dqblk 2852 }; 2853 EXPORT_SYMBOL(dquot_quotactl_sysfile_ops); 2854 2855 static int do_proc_dqstats(struct ctl_table *table, int write, 2856 void __user *buffer, size_t *lenp, loff_t *ppos) 2857 { 2858 unsigned int type = (int *)table->data - dqstats.stat; 2859 2860 /* Update global table */ 2861 dqstats.stat[type] = 2862 percpu_counter_sum_positive(&dqstats.counter[type]); 2863 return proc_dointvec(table, write, buffer, lenp, ppos); 2864 } 2865 2866 static struct ctl_table fs_dqstats_table[] = { 2867 { 2868 .procname = "lookups", 2869 .data = &dqstats.stat[DQST_LOOKUPS], 2870 .maxlen = sizeof(int), 2871 .mode = 0444, 2872 .proc_handler = do_proc_dqstats, 2873 }, 2874 { 2875 .procname = "drops", 2876 .data = &dqstats.stat[DQST_DROPS], 2877 .maxlen = sizeof(int), 2878 .mode = 0444, 2879 .proc_handler = do_proc_dqstats, 2880 }, 2881 { 2882 .procname = "reads", 2883 .data = &dqstats.stat[DQST_READS], 2884 .maxlen = sizeof(int), 2885 .mode = 0444, 2886 .proc_handler = do_proc_dqstats, 2887 }, 2888 { 2889 .procname = "writes", 2890 .data = &dqstats.stat[DQST_WRITES], 2891 .maxlen = sizeof(int), 2892 .mode = 0444, 2893 .proc_handler = do_proc_dqstats, 2894 }, 2895 { 2896 .procname = "cache_hits", 2897 .data = &dqstats.stat[DQST_CACHE_HITS], 2898 .maxlen = sizeof(int), 2899 .mode = 0444, 2900 .proc_handler = do_proc_dqstats, 2901 }, 2902 { 2903 .procname = "allocated_dquots", 2904 .data = &dqstats.stat[DQST_ALLOC_DQUOTS], 2905 .maxlen = sizeof(int), 2906 .mode = 0444, 2907 .proc_handler = do_proc_dqstats, 2908 }, 2909 { 2910 .procname = "free_dquots", 2911 .data = &dqstats.stat[DQST_FREE_DQUOTS], 2912 .maxlen = sizeof(int), 2913 .mode = 0444, 2914 .proc_handler = do_proc_dqstats, 2915 }, 2916 { 2917 .procname = "syncs", 2918 .data = &dqstats.stat[DQST_SYNCS], 2919 .maxlen = sizeof(int), 2920 .mode = 0444, 2921 .proc_handler = do_proc_dqstats, 2922 }, 2923 #ifdef CONFIG_PRINT_QUOTA_WARNING 2924 { 2925 .procname = "warnings", 2926 .data = &flag_print_warnings, 2927 .maxlen = sizeof(int), 2928 .mode = 0644, 2929 .proc_handler = proc_dointvec, 2930 }, 2931 #endif 2932 { }, 2933 }; 2934 2935 static struct ctl_table fs_table[] = { 2936 { 2937 .procname = "quota", 2938 .mode = 0555, 2939 .child = fs_dqstats_table, 2940 }, 2941 { }, 2942 }; 2943 2944 static struct ctl_table sys_table[] = { 2945 { 2946 .procname = "fs", 2947 .mode = 0555, 2948 .child = fs_table, 2949 }, 2950 { }, 2951 }; 2952 2953 static int __init dquot_init(void) 2954 { 2955 int i, ret; 2956 unsigned long nr_hash, order; 2957 2958 printk(KERN_NOTICE "VFS: Disk quotas %s\n", __DQUOT_VERSION__); 2959 2960 register_sysctl_table(sys_table); 2961 2962 dquot_cachep = kmem_cache_create("dquot", 2963 sizeof(struct dquot), sizeof(unsigned long) * 4, 2964 (SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT| 2965 SLAB_MEM_SPREAD|SLAB_PANIC), 2966 NULL); 2967 2968 order = 0; 2969 dquot_hash = (struct hlist_head *)__get_free_pages(GFP_KERNEL, order); 2970 if (!dquot_hash) 2971 panic("Cannot create dquot hash table"); 2972 2973 for (i = 0; i < _DQST_DQSTAT_LAST; i++) { 2974 ret = percpu_counter_init(&dqstats.counter[i], 0, GFP_KERNEL); 2975 if (ret) 2976 panic("Cannot create dquot stat counters"); 2977 } 2978 2979 /* Find power-of-two hlist_heads which can fit into allocation */ 2980 nr_hash = (1UL << order) * PAGE_SIZE / sizeof(struct hlist_head); 2981 dq_hash_bits = 0; 2982 do { 2983 dq_hash_bits++; 2984 } while (nr_hash >> dq_hash_bits); 2985 dq_hash_bits--; 2986 2987 nr_hash = 1UL << dq_hash_bits; 2988 dq_hash_mask = nr_hash - 1; 2989 for (i = 0; i < nr_hash; i++) 2990 INIT_HLIST_HEAD(dquot_hash + i); 2991 2992 pr_info("VFS: Dquot-cache hash table entries: %ld (order %ld," 2993 " %ld bytes)\n", nr_hash, order, (PAGE_SIZE << order)); 2994 2995 if (register_shrinker(&dqcache_shrinker)) 2996 panic("Cannot register dquot shrinker"); 2997 2998 return 0; 2999 } 3000 fs_initcall(dquot_init); 3001