1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Implementation of the diskquota system for the LINUX operating system. QUOTA 4 * is implemented using the BSD system call interface as the means of 5 * communication with the user level. This file contains the generic routines 6 * called by the different filesystems on allocation of an inode or block. 7 * These routines take care of the administration needed to have a consistent 8 * diskquota tracking system. The ideas of both user and group quotas are based 9 * on the Melbourne quota system as used on BSD derived systems. The internal 10 * implementation is based on one of the several variants of the LINUX 11 * inode-subsystem with added complexity of the diskquota system. 12 * 13 * Author: Marco van Wieringen <mvw@planets.elm.net> 14 * 15 * Fixes: Dmitry Gorodchanin <pgmdsg@ibi.com>, 11 Feb 96 16 * 17 * Revised list management to avoid races 18 * -- Bill Hawes, <whawes@star.net>, 9/98 19 * 20 * Fixed races in dquot_transfer(), dqget() and dquot_alloc_...(). 21 * As the consequence the locking was moved from dquot_decr_...(), 22 * dquot_incr_...() to calling functions. 23 * invalidate_dquots() now writes modified dquots. 24 * Serialized quota_off() and quota_on() for mount point. 25 * Fixed a few bugs in grow_dquots(). 26 * Fixed deadlock in write_dquot() - we no longer account quotas on 27 * quota files 28 * remove_dquot_ref() moved to inode.c - it now traverses through inodes 29 * add_dquot_ref() restarts after blocking 30 * Added check for bogus uid and fixed check for group in quotactl. 31 * Jan Kara, <jack@suse.cz>, sponsored by SuSE CR, 10-11/99 32 * 33 * Used struct list_head instead of own list struct 34 * Invalidation of referenced dquots is no longer possible 35 * Improved free_dquots list management 36 * Quota and i_blocks are now updated in one place to avoid races 37 * Warnings are now delayed so we won't block in critical section 38 * Write updated not to require dquot lock 39 * Jan Kara, <jack@suse.cz>, 9/2000 40 * 41 * Added dynamic quota structure allocation 42 * Jan Kara <jack@suse.cz> 12/2000 43 * 44 * Rewritten quota interface. Implemented new quota format and 45 * formats registering. 46 * Jan Kara, <jack@suse.cz>, 2001,2002 47 * 48 * New SMP locking. 49 * Jan Kara, <jack@suse.cz>, 10/2002 50 * 51 * Added journalled quota support, fix lock inversion problems 52 * Jan Kara, <jack@suse.cz>, 2003,2004 53 * 54 * (C) Copyright 1994 - 1997 Marco van Wieringen 55 */ 56 57 #include <linux/errno.h> 58 #include <linux/kernel.h> 59 #include <linux/fs.h> 60 #include <linux/mount.h> 61 #include <linux/mm.h> 62 #include <linux/time.h> 63 #include <linux/types.h> 64 #include <linux/string.h> 65 #include <linux/fcntl.h> 66 #include <linux/stat.h> 67 #include <linux/tty.h> 68 #include <linux/file.h> 69 #include <linux/slab.h> 70 #include <linux/sysctl.h> 71 #include <linux/init.h> 72 #include <linux/module.h> 73 #include <linux/proc_fs.h> 74 #include <linux/security.h> 75 #include <linux/sched.h> 76 #include <linux/cred.h> 77 #include <linux/kmod.h> 78 #include <linux/namei.h> 79 #include <linux/capability.h> 80 #include <linux/quotaops.h> 81 #include <linux/blkdev.h> 82 #include <linux/sched/mm.h> 83 #include "../internal.h" /* ugh */ 84 85 #include <linux/uaccess.h> 86 87 /* 88 * There are five quota SMP locks: 89 * * dq_list_lock protects all lists with quotas and quota formats. 90 * * dquot->dq_dqb_lock protects data from dq_dqb 91 * * inode->i_lock protects inode->i_blocks, i_bytes and also guards 92 * consistency of dquot->dq_dqb with inode->i_blocks, i_bytes so that 93 * dquot_transfer() can stabilize amount it transfers 94 * * dq_data_lock protects mem_dqinfo structures and modifications of dquot 95 * pointers in the inode 96 * * dq_state_lock protects modifications of quota state (on quotaon and 97 * quotaoff) and readers who care about latest values take it as well. 98 * 99 * The spinlock ordering is hence: 100 * dq_data_lock > dq_list_lock > i_lock > dquot->dq_dqb_lock, 101 * dq_list_lock > dq_state_lock 102 * 103 * Note that some things (eg. sb pointer, type, id) doesn't change during 104 * the life of the dquot structure and so needn't to be protected by a lock 105 * 106 * Operation accessing dquots via inode pointers are protected by dquot_srcu. 107 * Operation of reading pointer needs srcu_read_lock(&dquot_srcu), and 108 * synchronize_srcu(&dquot_srcu) is called after clearing pointers from 109 * inode and before dropping dquot references to avoid use of dquots after 110 * they are freed. dq_data_lock is used to serialize the pointer setting and 111 * clearing operations. 112 * Special care needs to be taken about S_NOQUOTA inode flag (marking that 113 * inode is a quota file). Functions adding pointers from inode to dquots have 114 * to check this flag under dq_data_lock and then (if S_NOQUOTA is not set) they 115 * have to do all pointer modifications before dropping dq_data_lock. This makes 116 * sure they cannot race with quotaon which first sets S_NOQUOTA flag and 117 * then drops all pointers to dquots from an inode. 118 * 119 * Each dquot has its dq_lock mutex. Dquot is locked when it is being read to 120 * memory (or space for it is being allocated) on the first dqget(), when it is 121 * being written out, and when it is being released on the last dqput(). The 122 * allocation and release operations are serialized by the dq_lock and by 123 * checking the use count in dquot_release(). 124 * 125 * Lock ordering (including related VFS locks) is the following: 126 * s_umount > i_mutex > journal_lock > dquot->dq_lock > dqio_sem 127 */ 128 129 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_list_lock); 130 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_state_lock); 131 __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_data_lock); 132 EXPORT_SYMBOL(dq_data_lock); 133 DEFINE_STATIC_SRCU(dquot_srcu); 134 135 static DECLARE_WAIT_QUEUE_HEAD(dquot_ref_wq); 136 137 void __quota_error(struct super_block *sb, const char *func, 138 const char *fmt, ...) 139 { 140 if (printk_ratelimit()) { 141 va_list args; 142 struct va_format vaf; 143 144 va_start(args, fmt); 145 146 vaf.fmt = fmt; 147 vaf.va = &args; 148 149 printk(KERN_ERR "Quota error (device %s): %s: %pV\n", 150 sb->s_id, func, &vaf); 151 152 va_end(args); 153 } 154 } 155 EXPORT_SYMBOL(__quota_error); 156 157 #if defined(CONFIG_QUOTA_DEBUG) || defined(CONFIG_PRINT_QUOTA_WARNING) 158 static char *quotatypes[] = INITQFNAMES; 159 #endif 160 static struct quota_format_type *quota_formats; /* List of registered formats */ 161 static struct quota_module_name module_names[] = INIT_QUOTA_MODULE_NAMES; 162 163 /* SLAB cache for dquot structures */ 164 static struct kmem_cache *dquot_cachep; 165 166 int register_quota_format(struct quota_format_type *fmt) 167 { 168 spin_lock(&dq_list_lock); 169 fmt->qf_next = quota_formats; 170 quota_formats = fmt; 171 spin_unlock(&dq_list_lock); 172 return 0; 173 } 174 EXPORT_SYMBOL(register_quota_format); 175 176 void unregister_quota_format(struct quota_format_type *fmt) 177 { 178 struct quota_format_type **actqf; 179 180 spin_lock(&dq_list_lock); 181 for (actqf = "a_formats; *actqf && *actqf != fmt; 182 actqf = &(*actqf)->qf_next) 183 ; 184 if (*actqf) 185 *actqf = (*actqf)->qf_next; 186 spin_unlock(&dq_list_lock); 187 } 188 EXPORT_SYMBOL(unregister_quota_format); 189 190 static struct quota_format_type *find_quota_format(int id) 191 { 192 struct quota_format_type *actqf; 193 194 spin_lock(&dq_list_lock); 195 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; 196 actqf = actqf->qf_next) 197 ; 198 if (!actqf || !try_module_get(actqf->qf_owner)) { 199 int qm; 200 201 spin_unlock(&dq_list_lock); 202 203 for (qm = 0; module_names[qm].qm_fmt_id && 204 module_names[qm].qm_fmt_id != id; qm++) 205 ; 206 if (!module_names[qm].qm_fmt_id || 207 request_module(module_names[qm].qm_mod_name)) 208 return NULL; 209 210 spin_lock(&dq_list_lock); 211 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; 212 actqf = actqf->qf_next) 213 ; 214 if (actqf && !try_module_get(actqf->qf_owner)) 215 actqf = NULL; 216 } 217 spin_unlock(&dq_list_lock); 218 return actqf; 219 } 220 221 static void put_quota_format(struct quota_format_type *fmt) 222 { 223 module_put(fmt->qf_owner); 224 } 225 226 /* 227 * Dquot List Management: 228 * The quota code uses five lists for dquot management: the inuse_list, 229 * releasing_dquots, free_dquots, dqi_dirty_list, and dquot_hash[] array. 230 * A single dquot structure may be on some of those lists, depending on 231 * its current state. 232 * 233 * All dquots are placed to the end of inuse_list when first created, and this 234 * list is used for invalidate operation, which must look at every dquot. 235 * 236 * When the last reference of a dquot is dropped, the dquot is added to 237 * releasing_dquots. We'll then queue work item which will call 238 * synchronize_srcu() and after that perform the final cleanup of all the 239 * dquots on the list. Each cleaned up dquot is moved to free_dquots list. 240 * Both releasing_dquots and free_dquots use the dq_free list_head in the dquot 241 * struct. 242 * 243 * Unused and cleaned up dquots are in the free_dquots list and this list is 244 * searched whenever we need an available dquot. Dquots are removed from the 245 * list as soon as they are used again and dqstats.free_dquots gives the number 246 * of dquots on the list. When dquot is invalidated it's completely released 247 * from memory. 248 * 249 * Dirty dquots are added to the dqi_dirty_list of quota_info when mark 250 * dirtied, and this list is searched when writing dirty dquots back to 251 * quota file. Note that some filesystems do dirty dquot tracking on their 252 * own (e.g. in a journal) and thus don't use dqi_dirty_list. 253 * 254 * Dquots with a specific identity (device, type and id) are placed on 255 * one of the dquot_hash[] hash chains. The provides an efficient search 256 * mechanism to locate a specific dquot. 257 */ 258 259 static LIST_HEAD(inuse_list); 260 static LIST_HEAD(free_dquots); 261 static LIST_HEAD(releasing_dquots); 262 static unsigned int dq_hash_bits, dq_hash_mask; 263 static struct hlist_head *dquot_hash; 264 265 struct dqstats dqstats; 266 EXPORT_SYMBOL(dqstats); 267 268 static qsize_t inode_get_rsv_space(struct inode *inode); 269 static qsize_t __inode_get_rsv_space(struct inode *inode); 270 static int __dquot_initialize(struct inode *inode, int type); 271 272 static void quota_release_workfn(struct work_struct *work); 273 static DECLARE_DELAYED_WORK(quota_release_work, quota_release_workfn); 274 275 static inline unsigned int 276 hashfn(const struct super_block *sb, struct kqid qid) 277 { 278 unsigned int id = from_kqid(&init_user_ns, qid); 279 int type = qid.type; 280 unsigned long tmp; 281 282 tmp = (((unsigned long)sb>>L1_CACHE_SHIFT) ^ id) * (MAXQUOTAS - type); 283 return (tmp + (tmp >> dq_hash_bits)) & dq_hash_mask; 284 } 285 286 /* 287 * Following list functions expect dq_list_lock to be held 288 */ 289 static inline void insert_dquot_hash(struct dquot *dquot) 290 { 291 struct hlist_head *head; 292 head = dquot_hash + hashfn(dquot->dq_sb, dquot->dq_id); 293 hlist_add_head(&dquot->dq_hash, head); 294 } 295 296 static inline void remove_dquot_hash(struct dquot *dquot) 297 { 298 hlist_del_init(&dquot->dq_hash); 299 } 300 301 static struct dquot *find_dquot(unsigned int hashent, struct super_block *sb, 302 struct kqid qid) 303 { 304 struct dquot *dquot; 305 306 hlist_for_each_entry(dquot, dquot_hash+hashent, dq_hash) 307 if (dquot->dq_sb == sb && qid_eq(dquot->dq_id, qid)) 308 return dquot; 309 310 return NULL; 311 } 312 313 /* Add a dquot to the tail of the free list */ 314 static inline void put_dquot_last(struct dquot *dquot) 315 { 316 list_add_tail(&dquot->dq_free, &free_dquots); 317 dqstats_inc(DQST_FREE_DQUOTS); 318 } 319 320 static inline void put_releasing_dquots(struct dquot *dquot) 321 { 322 list_add_tail(&dquot->dq_free, &releasing_dquots); 323 set_bit(DQ_RELEASING_B, &dquot->dq_flags); 324 } 325 326 static inline void remove_free_dquot(struct dquot *dquot) 327 { 328 if (list_empty(&dquot->dq_free)) 329 return; 330 list_del_init(&dquot->dq_free); 331 if (!test_bit(DQ_RELEASING_B, &dquot->dq_flags)) 332 dqstats_dec(DQST_FREE_DQUOTS); 333 else 334 clear_bit(DQ_RELEASING_B, &dquot->dq_flags); 335 } 336 337 static inline void put_inuse(struct dquot *dquot) 338 { 339 /* We add to the back of inuse list so we don't have to restart 340 * when traversing this list and we block */ 341 list_add_tail(&dquot->dq_inuse, &inuse_list); 342 dqstats_inc(DQST_ALLOC_DQUOTS); 343 } 344 345 static inline void remove_inuse(struct dquot *dquot) 346 { 347 dqstats_dec(DQST_ALLOC_DQUOTS); 348 list_del(&dquot->dq_inuse); 349 } 350 /* 351 * End of list functions needing dq_list_lock 352 */ 353 354 static void wait_on_dquot(struct dquot *dquot) 355 { 356 mutex_lock(&dquot->dq_lock); 357 mutex_unlock(&dquot->dq_lock); 358 } 359 360 static inline int dquot_active(struct dquot *dquot) 361 { 362 return test_bit(DQ_ACTIVE_B, &dquot->dq_flags); 363 } 364 365 static inline int dquot_dirty(struct dquot *dquot) 366 { 367 return test_bit(DQ_MOD_B, &dquot->dq_flags); 368 } 369 370 static inline int mark_dquot_dirty(struct dquot *dquot) 371 { 372 return dquot->dq_sb->dq_op->mark_dirty(dquot); 373 } 374 375 /* Mark dquot dirty in atomic manner, and return it's old dirty flag state */ 376 int dquot_mark_dquot_dirty(struct dquot *dquot) 377 { 378 int ret = 1; 379 380 if (!dquot_active(dquot)) 381 return 0; 382 383 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY) 384 return test_and_set_bit(DQ_MOD_B, &dquot->dq_flags); 385 386 /* If quota is dirty already, we don't have to acquire dq_list_lock */ 387 if (dquot_dirty(dquot)) 388 return 1; 389 390 spin_lock(&dq_list_lock); 391 if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags)) { 392 list_add(&dquot->dq_dirty, &sb_dqopt(dquot->dq_sb)-> 393 info[dquot->dq_id.type].dqi_dirty_list); 394 ret = 0; 395 } 396 spin_unlock(&dq_list_lock); 397 return ret; 398 } 399 EXPORT_SYMBOL(dquot_mark_dquot_dirty); 400 401 /* Dirtify all the dquots - this can block when journalling */ 402 static inline int mark_all_dquot_dirty(struct dquot __rcu * const *dquots) 403 { 404 int ret, err, cnt; 405 struct dquot *dquot; 406 407 ret = err = 0; 408 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 409 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 410 if (dquot) 411 /* Even in case of error we have to continue */ 412 ret = mark_dquot_dirty(dquot); 413 if (!err) 414 err = ret; 415 } 416 return err; 417 } 418 419 static inline void dqput_all(struct dquot **dquot) 420 { 421 unsigned int cnt; 422 423 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 424 dqput(dquot[cnt]); 425 } 426 427 static inline int clear_dquot_dirty(struct dquot *dquot) 428 { 429 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY) 430 return test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags); 431 432 spin_lock(&dq_list_lock); 433 if (!test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags)) { 434 spin_unlock(&dq_list_lock); 435 return 0; 436 } 437 list_del_init(&dquot->dq_dirty); 438 spin_unlock(&dq_list_lock); 439 return 1; 440 } 441 442 void mark_info_dirty(struct super_block *sb, int type) 443 { 444 spin_lock(&dq_data_lock); 445 sb_dqopt(sb)->info[type].dqi_flags |= DQF_INFO_DIRTY; 446 spin_unlock(&dq_data_lock); 447 } 448 EXPORT_SYMBOL(mark_info_dirty); 449 450 /* 451 * Read dquot from disk and alloc space for it 452 */ 453 454 int dquot_acquire(struct dquot *dquot) 455 { 456 int ret = 0, ret2 = 0; 457 unsigned int memalloc; 458 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 459 460 mutex_lock(&dquot->dq_lock); 461 memalloc = memalloc_nofs_save(); 462 if (!test_bit(DQ_READ_B, &dquot->dq_flags)) { 463 ret = dqopt->ops[dquot->dq_id.type]->read_dqblk(dquot); 464 if (ret < 0) 465 goto out_iolock; 466 } 467 /* Make sure flags update is visible after dquot has been filled */ 468 smp_mb__before_atomic(); 469 set_bit(DQ_READ_B, &dquot->dq_flags); 470 /* Instantiate dquot if needed */ 471 if (!dquot_active(dquot) && !dquot->dq_off) { 472 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot); 473 /* Write the info if needed */ 474 if (info_dirty(&dqopt->info[dquot->dq_id.type])) { 475 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info( 476 dquot->dq_sb, dquot->dq_id.type); 477 } 478 if (ret < 0) 479 goto out_iolock; 480 if (ret2 < 0) { 481 ret = ret2; 482 goto out_iolock; 483 } 484 } 485 /* 486 * Make sure flags update is visible after on-disk struct has been 487 * allocated. Paired with smp_rmb() in dqget(). 488 */ 489 smp_mb__before_atomic(); 490 set_bit(DQ_ACTIVE_B, &dquot->dq_flags); 491 out_iolock: 492 memalloc_nofs_restore(memalloc); 493 mutex_unlock(&dquot->dq_lock); 494 return ret; 495 } 496 EXPORT_SYMBOL(dquot_acquire); 497 498 /* 499 * Write dquot to disk 500 */ 501 int dquot_commit(struct dquot *dquot) 502 { 503 int ret = 0; 504 unsigned int memalloc; 505 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 506 507 mutex_lock(&dquot->dq_lock); 508 memalloc = memalloc_nofs_save(); 509 if (!clear_dquot_dirty(dquot)) 510 goto out_lock; 511 /* Inactive dquot can be only if there was error during read/init 512 * => we have better not writing it */ 513 if (dquot_active(dquot)) 514 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot); 515 else 516 ret = -EIO; 517 out_lock: 518 memalloc_nofs_restore(memalloc); 519 mutex_unlock(&dquot->dq_lock); 520 return ret; 521 } 522 EXPORT_SYMBOL(dquot_commit); 523 524 /* 525 * Release dquot 526 */ 527 int dquot_release(struct dquot *dquot) 528 { 529 int ret = 0, ret2 = 0; 530 unsigned int memalloc; 531 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 532 533 mutex_lock(&dquot->dq_lock); 534 memalloc = memalloc_nofs_save(); 535 /* Check whether we are not racing with some other dqget() */ 536 if (dquot_is_busy(dquot)) 537 goto out_dqlock; 538 if (dqopt->ops[dquot->dq_id.type]->release_dqblk) { 539 ret = dqopt->ops[dquot->dq_id.type]->release_dqblk(dquot); 540 /* Write the info */ 541 if (info_dirty(&dqopt->info[dquot->dq_id.type])) { 542 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info( 543 dquot->dq_sb, dquot->dq_id.type); 544 } 545 if (ret >= 0) 546 ret = ret2; 547 } 548 clear_bit(DQ_ACTIVE_B, &dquot->dq_flags); 549 out_dqlock: 550 memalloc_nofs_restore(memalloc); 551 mutex_unlock(&dquot->dq_lock); 552 return ret; 553 } 554 EXPORT_SYMBOL(dquot_release); 555 556 void dquot_destroy(struct dquot *dquot) 557 { 558 kmem_cache_free(dquot_cachep, dquot); 559 } 560 EXPORT_SYMBOL(dquot_destroy); 561 562 static inline void do_destroy_dquot(struct dquot *dquot) 563 { 564 dquot->dq_sb->dq_op->destroy_dquot(dquot); 565 } 566 567 /* Invalidate all dquots on the list. Note that this function is called after 568 * quota is disabled and pointers from inodes removed so there cannot be new 569 * quota users. There can still be some users of quotas due to inodes being 570 * just deleted or pruned by prune_icache() (those are not attached to any 571 * list) or parallel quotactl call. We have to wait for such users. 572 */ 573 static void invalidate_dquots(struct super_block *sb, int type) 574 { 575 struct dquot *dquot, *tmp; 576 577 restart: 578 flush_delayed_work("a_release_work); 579 580 spin_lock(&dq_list_lock); 581 list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) { 582 if (dquot->dq_sb != sb) 583 continue; 584 if (dquot->dq_id.type != type) 585 continue; 586 /* Wait for dquot users */ 587 if (atomic_read(&dquot->dq_count)) { 588 atomic_inc(&dquot->dq_count); 589 spin_unlock(&dq_list_lock); 590 /* 591 * Once dqput() wakes us up, we know it's time to free 592 * the dquot. 593 * IMPORTANT: we rely on the fact that there is always 594 * at most one process waiting for dquot to free. 595 * Otherwise dq_count would be > 1 and we would never 596 * wake up. 597 */ 598 wait_event(dquot_ref_wq, 599 atomic_read(&dquot->dq_count) == 1); 600 dqput(dquot); 601 /* At this moment dquot() need not exist (it could be 602 * reclaimed by prune_dqcache(). Hence we must 603 * restart. */ 604 goto restart; 605 } 606 /* 607 * The last user already dropped its reference but dquot didn't 608 * get fully cleaned up yet. Restart the scan which flushes the 609 * work cleaning up released dquots. 610 */ 611 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) { 612 spin_unlock(&dq_list_lock); 613 goto restart; 614 } 615 /* 616 * Quota now has no users and it has been written on last 617 * dqput() 618 */ 619 remove_dquot_hash(dquot); 620 remove_free_dquot(dquot); 621 remove_inuse(dquot); 622 do_destroy_dquot(dquot); 623 } 624 spin_unlock(&dq_list_lock); 625 } 626 627 /* Call callback for every active dquot on given filesystem */ 628 int dquot_scan_active(struct super_block *sb, 629 int (*fn)(struct dquot *dquot, unsigned long priv), 630 unsigned long priv) 631 { 632 struct dquot *dquot, *old_dquot = NULL; 633 int ret = 0; 634 635 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount)); 636 637 spin_lock(&dq_list_lock); 638 list_for_each_entry(dquot, &inuse_list, dq_inuse) { 639 if (!dquot_active(dquot)) 640 continue; 641 if (dquot->dq_sb != sb) 642 continue; 643 /* Now we have active dquot so we can just increase use count */ 644 atomic_inc(&dquot->dq_count); 645 spin_unlock(&dq_list_lock); 646 dqput(old_dquot); 647 old_dquot = dquot; 648 /* 649 * ->release_dquot() can be racing with us. Our reference 650 * protects us from new calls to it so just wait for any 651 * outstanding call and recheck the DQ_ACTIVE_B after that. 652 */ 653 wait_on_dquot(dquot); 654 if (dquot_active(dquot)) { 655 ret = fn(dquot, priv); 656 if (ret < 0) 657 goto out; 658 } 659 spin_lock(&dq_list_lock); 660 /* We are safe to continue now because our dquot could not 661 * be moved out of the inuse list while we hold the reference */ 662 } 663 spin_unlock(&dq_list_lock); 664 out: 665 dqput(old_dquot); 666 return ret; 667 } 668 EXPORT_SYMBOL(dquot_scan_active); 669 670 static inline int dquot_write_dquot(struct dquot *dquot) 671 { 672 int ret = dquot->dq_sb->dq_op->write_dquot(dquot); 673 if (ret < 0) { 674 quota_error(dquot->dq_sb, "Can't write quota structure " 675 "(error %d). Quota may get out of sync!", ret); 676 /* Clear dirty bit anyway to avoid infinite loop. */ 677 clear_dquot_dirty(dquot); 678 } 679 return ret; 680 } 681 682 /* Write all dquot structures to quota files */ 683 int dquot_writeback_dquots(struct super_block *sb, int type) 684 { 685 struct list_head dirty; 686 struct dquot *dquot; 687 struct quota_info *dqopt = sb_dqopt(sb); 688 int cnt; 689 int err, ret = 0; 690 691 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount)); 692 693 flush_delayed_work("a_release_work); 694 695 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 696 if (type != -1 && cnt != type) 697 continue; 698 if (!sb_has_quota_active(sb, cnt)) 699 continue; 700 spin_lock(&dq_list_lock); 701 /* Move list away to avoid livelock. */ 702 list_replace_init(&dqopt->info[cnt].dqi_dirty_list, &dirty); 703 while (!list_empty(&dirty)) { 704 dquot = list_first_entry(&dirty, struct dquot, 705 dq_dirty); 706 707 WARN_ON(!dquot_active(dquot)); 708 /* If the dquot is releasing we should not touch it */ 709 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) { 710 spin_unlock(&dq_list_lock); 711 flush_delayed_work("a_release_work); 712 spin_lock(&dq_list_lock); 713 continue; 714 } 715 716 /* Now we have active dquot from which someone is 717 * holding reference so we can safely just increase 718 * use count */ 719 dqgrab(dquot); 720 spin_unlock(&dq_list_lock); 721 err = dquot_write_dquot(dquot); 722 if (err && !ret) 723 ret = err; 724 dqput(dquot); 725 spin_lock(&dq_list_lock); 726 } 727 spin_unlock(&dq_list_lock); 728 } 729 730 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 731 if ((cnt == type || type == -1) && sb_has_quota_active(sb, cnt) 732 && info_dirty(&dqopt->info[cnt])) 733 sb->dq_op->write_info(sb, cnt); 734 dqstats_inc(DQST_SYNCS); 735 736 return ret; 737 } 738 EXPORT_SYMBOL(dquot_writeback_dquots); 739 740 /* Write all dquot structures to disk and make them visible from userspace */ 741 int dquot_quota_sync(struct super_block *sb, int type) 742 { 743 struct quota_info *dqopt = sb_dqopt(sb); 744 int cnt; 745 int ret; 746 747 ret = dquot_writeback_dquots(sb, type); 748 if (ret) 749 return ret; 750 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) 751 return 0; 752 753 /* This is not very clever (and fast) but currently I don't know about 754 * any other simple way of getting quota data to disk and we must get 755 * them there for userspace to be visible... */ 756 if (sb->s_op->sync_fs) { 757 ret = sb->s_op->sync_fs(sb, 1); 758 if (ret) 759 return ret; 760 } 761 ret = sync_blockdev(sb->s_bdev); 762 if (ret) 763 return ret; 764 765 /* 766 * Now when everything is written we can discard the pagecache so 767 * that userspace sees the changes. 768 */ 769 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 770 if (type != -1 && cnt != type) 771 continue; 772 if (!sb_has_quota_active(sb, cnt)) 773 continue; 774 inode_lock(dqopt->files[cnt]); 775 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0); 776 inode_unlock(dqopt->files[cnt]); 777 } 778 779 return 0; 780 } 781 EXPORT_SYMBOL(dquot_quota_sync); 782 783 static unsigned long 784 dqcache_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) 785 { 786 struct dquot *dquot; 787 unsigned long freed = 0; 788 789 spin_lock(&dq_list_lock); 790 while (!list_empty(&free_dquots) && sc->nr_to_scan) { 791 dquot = list_first_entry(&free_dquots, struct dquot, dq_free); 792 remove_dquot_hash(dquot); 793 remove_free_dquot(dquot); 794 remove_inuse(dquot); 795 do_destroy_dquot(dquot); 796 sc->nr_to_scan--; 797 freed++; 798 } 799 spin_unlock(&dq_list_lock); 800 return freed; 801 } 802 803 static unsigned long 804 dqcache_shrink_count(struct shrinker *shrink, struct shrink_control *sc) 805 { 806 return vfs_pressure_ratio( 807 percpu_counter_read_positive(&dqstats.counter[DQST_FREE_DQUOTS])); 808 } 809 810 static struct shrinker dqcache_shrinker = { 811 .count_objects = dqcache_shrink_count, 812 .scan_objects = dqcache_shrink_scan, 813 .seeks = DEFAULT_SEEKS, 814 }; 815 816 /* 817 * Safely release dquot and put reference to dquot. 818 */ 819 static void quota_release_workfn(struct work_struct *work) 820 { 821 struct dquot *dquot; 822 struct list_head rls_head; 823 824 spin_lock(&dq_list_lock); 825 /* Exchange the list head to avoid livelock. */ 826 list_replace_init(&releasing_dquots, &rls_head); 827 spin_unlock(&dq_list_lock); 828 synchronize_srcu(&dquot_srcu); 829 830 restart: 831 spin_lock(&dq_list_lock); 832 while (!list_empty(&rls_head)) { 833 dquot = list_first_entry(&rls_head, struct dquot, dq_free); 834 WARN_ON_ONCE(atomic_read(&dquot->dq_count)); 835 /* 836 * Note that DQ_RELEASING_B protects us from racing with 837 * invalidate_dquots() calls so we are safe to work with the 838 * dquot even after we drop dq_list_lock. 839 */ 840 if (dquot_dirty(dquot)) { 841 spin_unlock(&dq_list_lock); 842 /* Commit dquot before releasing */ 843 dquot_write_dquot(dquot); 844 goto restart; 845 } 846 if (dquot_active(dquot)) { 847 spin_unlock(&dq_list_lock); 848 dquot->dq_sb->dq_op->release_dquot(dquot); 849 goto restart; 850 } 851 /* Dquot is inactive and clean, now move it to free list */ 852 remove_free_dquot(dquot); 853 put_dquot_last(dquot); 854 } 855 spin_unlock(&dq_list_lock); 856 } 857 858 /* 859 * Put reference to dquot 860 */ 861 void dqput(struct dquot *dquot) 862 { 863 if (!dquot) 864 return; 865 #ifdef CONFIG_QUOTA_DEBUG 866 if (!atomic_read(&dquot->dq_count)) { 867 quota_error(dquot->dq_sb, "trying to free free dquot of %s %d", 868 quotatypes[dquot->dq_id.type], 869 from_kqid(&init_user_ns, dquot->dq_id)); 870 BUG(); 871 } 872 #endif 873 dqstats_inc(DQST_DROPS); 874 875 spin_lock(&dq_list_lock); 876 if (atomic_read(&dquot->dq_count) > 1) { 877 /* We have more than one user... nothing to do */ 878 atomic_dec(&dquot->dq_count); 879 /* Releasing dquot during quotaoff phase? */ 880 if (!sb_has_quota_active(dquot->dq_sb, dquot->dq_id.type) && 881 atomic_read(&dquot->dq_count) == 1) 882 wake_up(&dquot_ref_wq); 883 spin_unlock(&dq_list_lock); 884 return; 885 } 886 887 /* Need to release dquot? */ 888 #ifdef CONFIG_QUOTA_DEBUG 889 /* sanity check */ 890 BUG_ON(!list_empty(&dquot->dq_free)); 891 #endif 892 put_releasing_dquots(dquot); 893 atomic_dec(&dquot->dq_count); 894 spin_unlock(&dq_list_lock); 895 queue_delayed_work(system_unbound_wq, "a_release_work, 1); 896 } 897 EXPORT_SYMBOL(dqput); 898 899 struct dquot *dquot_alloc(struct super_block *sb, int type) 900 { 901 return kmem_cache_zalloc(dquot_cachep, GFP_NOFS); 902 } 903 EXPORT_SYMBOL(dquot_alloc); 904 905 static struct dquot *get_empty_dquot(struct super_block *sb, int type) 906 { 907 struct dquot *dquot; 908 909 dquot = sb->dq_op->alloc_dquot(sb, type); 910 if(!dquot) 911 return NULL; 912 913 mutex_init(&dquot->dq_lock); 914 INIT_LIST_HEAD(&dquot->dq_free); 915 INIT_LIST_HEAD(&dquot->dq_inuse); 916 INIT_HLIST_NODE(&dquot->dq_hash); 917 INIT_LIST_HEAD(&dquot->dq_dirty); 918 dquot->dq_sb = sb; 919 dquot->dq_id = make_kqid_invalid(type); 920 atomic_set(&dquot->dq_count, 1); 921 spin_lock_init(&dquot->dq_dqb_lock); 922 923 return dquot; 924 } 925 926 /* 927 * Get reference to dquot 928 * 929 * Locking is slightly tricky here. We are guarded from parallel quotaoff() 930 * destroying our dquot by: 931 * a) checking for quota flags under dq_list_lock and 932 * b) getting a reference to dquot before we release dq_list_lock 933 */ 934 struct dquot *dqget(struct super_block *sb, struct kqid qid) 935 { 936 unsigned int hashent = hashfn(sb, qid); 937 struct dquot *dquot, *empty = NULL; 938 939 if (!qid_has_mapping(sb->s_user_ns, qid)) 940 return ERR_PTR(-EINVAL); 941 942 if (!sb_has_quota_active(sb, qid.type)) 943 return ERR_PTR(-ESRCH); 944 we_slept: 945 spin_lock(&dq_list_lock); 946 spin_lock(&dq_state_lock); 947 if (!sb_has_quota_active(sb, qid.type)) { 948 spin_unlock(&dq_state_lock); 949 spin_unlock(&dq_list_lock); 950 dquot = ERR_PTR(-ESRCH); 951 goto out; 952 } 953 spin_unlock(&dq_state_lock); 954 955 dquot = find_dquot(hashent, sb, qid); 956 if (!dquot) { 957 if (!empty) { 958 spin_unlock(&dq_list_lock); 959 empty = get_empty_dquot(sb, qid.type); 960 if (!empty) 961 schedule(); /* Try to wait for a moment... */ 962 goto we_slept; 963 } 964 dquot = empty; 965 empty = NULL; 966 dquot->dq_id = qid; 967 /* all dquots go on the inuse_list */ 968 put_inuse(dquot); 969 /* hash it first so it can be found */ 970 insert_dquot_hash(dquot); 971 spin_unlock(&dq_list_lock); 972 dqstats_inc(DQST_LOOKUPS); 973 } else { 974 if (!atomic_read(&dquot->dq_count)) 975 remove_free_dquot(dquot); 976 atomic_inc(&dquot->dq_count); 977 spin_unlock(&dq_list_lock); 978 dqstats_inc(DQST_CACHE_HITS); 979 dqstats_inc(DQST_LOOKUPS); 980 } 981 /* Wait for dq_lock - after this we know that either dquot_release() is 982 * already finished or it will be canceled due to dq_count > 0 test */ 983 wait_on_dquot(dquot); 984 /* Read the dquot / allocate space in quota file */ 985 if (!dquot_active(dquot)) { 986 int err; 987 988 err = sb->dq_op->acquire_dquot(dquot); 989 if (err < 0) { 990 dqput(dquot); 991 dquot = ERR_PTR(err); 992 goto out; 993 } 994 } 995 /* 996 * Make sure following reads see filled structure - paired with 997 * smp_mb__before_atomic() in dquot_acquire(). 998 */ 999 smp_rmb(); 1000 /* Has somebody invalidated entry under us? */ 1001 WARN_ON_ONCE(hlist_unhashed(&dquot->dq_hash)); 1002 out: 1003 if (empty) 1004 do_destroy_dquot(empty); 1005 1006 return dquot; 1007 } 1008 EXPORT_SYMBOL(dqget); 1009 1010 static inline struct dquot __rcu **i_dquot(struct inode *inode) 1011 { 1012 return inode->i_sb->s_op->get_dquots(inode); 1013 } 1014 1015 static int dqinit_needed(struct inode *inode, int type) 1016 { 1017 struct dquot __rcu * const *dquots; 1018 int cnt; 1019 1020 if (IS_NOQUOTA(inode)) 1021 return 0; 1022 1023 dquots = i_dquot(inode); 1024 if (type != -1) 1025 return !dquots[type]; 1026 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1027 if (!dquots[cnt]) 1028 return 1; 1029 return 0; 1030 } 1031 1032 /* This routine is guarded by s_umount semaphore */ 1033 static int add_dquot_ref(struct super_block *sb, int type) 1034 { 1035 struct inode *inode, *old_inode = NULL; 1036 #ifdef CONFIG_QUOTA_DEBUG 1037 int reserved = 0; 1038 #endif 1039 int err = 0; 1040 1041 spin_lock(&sb->s_inode_list_lock); 1042 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { 1043 spin_lock(&inode->i_lock); 1044 if ((inode->i_state & (I_FREEING|I_WILL_FREE|I_NEW)) || 1045 !atomic_read(&inode->i_writecount) || 1046 !dqinit_needed(inode, type)) { 1047 spin_unlock(&inode->i_lock); 1048 continue; 1049 } 1050 __iget(inode); 1051 spin_unlock(&inode->i_lock); 1052 spin_unlock(&sb->s_inode_list_lock); 1053 1054 #ifdef CONFIG_QUOTA_DEBUG 1055 if (unlikely(inode_get_rsv_space(inode) > 0)) 1056 reserved = 1; 1057 #endif 1058 iput(old_inode); 1059 err = __dquot_initialize(inode, type); 1060 if (err) { 1061 iput(inode); 1062 goto out; 1063 } 1064 1065 /* 1066 * We hold a reference to 'inode' so it couldn't have been 1067 * removed from s_inodes list while we dropped the 1068 * s_inode_list_lock. We cannot iput the inode now as we can be 1069 * holding the last reference and we cannot iput it under 1070 * s_inode_list_lock. So we keep the reference and iput it 1071 * later. 1072 */ 1073 old_inode = inode; 1074 cond_resched(); 1075 spin_lock(&sb->s_inode_list_lock); 1076 } 1077 spin_unlock(&sb->s_inode_list_lock); 1078 iput(old_inode); 1079 out: 1080 #ifdef CONFIG_QUOTA_DEBUG 1081 if (reserved) { 1082 quota_error(sb, "Writes happened before quota was turned on " 1083 "thus quota information is probably inconsistent. " 1084 "Please run quotacheck(8)"); 1085 } 1086 #endif 1087 return err; 1088 } 1089 1090 static void remove_dquot_ref(struct super_block *sb, int type) 1091 { 1092 struct inode *inode; 1093 #ifdef CONFIG_QUOTA_DEBUG 1094 int reserved = 0; 1095 #endif 1096 1097 spin_lock(&sb->s_inode_list_lock); 1098 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { 1099 /* 1100 * We have to scan also I_NEW inodes because they can already 1101 * have quota pointer initialized. Luckily, we need to touch 1102 * only quota pointers and these have separate locking 1103 * (dq_data_lock). 1104 */ 1105 spin_lock(&dq_data_lock); 1106 if (!IS_NOQUOTA(inode)) { 1107 struct dquot __rcu **dquots = i_dquot(inode); 1108 struct dquot *dquot = srcu_dereference_check( 1109 dquots[type], &dquot_srcu, 1110 lockdep_is_held(&dq_data_lock)); 1111 1112 #ifdef CONFIG_QUOTA_DEBUG 1113 if (unlikely(inode_get_rsv_space(inode) > 0)) 1114 reserved = 1; 1115 #endif 1116 rcu_assign_pointer(dquots[type], NULL); 1117 if (dquot) 1118 dqput(dquot); 1119 } 1120 spin_unlock(&dq_data_lock); 1121 } 1122 spin_unlock(&sb->s_inode_list_lock); 1123 #ifdef CONFIG_QUOTA_DEBUG 1124 if (reserved) { 1125 printk(KERN_WARNING "VFS (%s): Writes happened after quota" 1126 " was disabled thus quota information is probably " 1127 "inconsistent. Please run quotacheck(8).\n", sb->s_id); 1128 } 1129 #endif 1130 } 1131 1132 /* Gather all references from inodes and drop them */ 1133 static void drop_dquot_ref(struct super_block *sb, int type) 1134 { 1135 if (sb->dq_op) 1136 remove_dquot_ref(sb, type); 1137 } 1138 1139 static inline 1140 void dquot_free_reserved_space(struct dquot *dquot, qsize_t number) 1141 { 1142 if (dquot->dq_dqb.dqb_rsvspace >= number) 1143 dquot->dq_dqb.dqb_rsvspace -= number; 1144 else { 1145 WARN_ON_ONCE(1); 1146 dquot->dq_dqb.dqb_rsvspace = 0; 1147 } 1148 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <= 1149 dquot->dq_dqb.dqb_bsoftlimit) 1150 dquot->dq_dqb.dqb_btime = (time64_t) 0; 1151 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1152 } 1153 1154 static void dquot_decr_inodes(struct dquot *dquot, qsize_t number) 1155 { 1156 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE || 1157 dquot->dq_dqb.dqb_curinodes >= number) 1158 dquot->dq_dqb.dqb_curinodes -= number; 1159 else 1160 dquot->dq_dqb.dqb_curinodes = 0; 1161 if (dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit) 1162 dquot->dq_dqb.dqb_itime = (time64_t) 0; 1163 clear_bit(DQ_INODES_B, &dquot->dq_flags); 1164 } 1165 1166 static void dquot_decr_space(struct dquot *dquot, qsize_t number) 1167 { 1168 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE || 1169 dquot->dq_dqb.dqb_curspace >= number) 1170 dquot->dq_dqb.dqb_curspace -= number; 1171 else 1172 dquot->dq_dqb.dqb_curspace = 0; 1173 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <= 1174 dquot->dq_dqb.dqb_bsoftlimit) 1175 dquot->dq_dqb.dqb_btime = (time64_t) 0; 1176 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1177 } 1178 1179 struct dquot_warn { 1180 struct super_block *w_sb; 1181 struct kqid w_dq_id; 1182 short w_type; 1183 }; 1184 1185 static int warning_issued(struct dquot *dquot, const int warntype) 1186 { 1187 int flag = (warntype == QUOTA_NL_BHARDWARN || 1188 warntype == QUOTA_NL_BSOFTLONGWARN) ? DQ_BLKS_B : 1189 ((warntype == QUOTA_NL_IHARDWARN || 1190 warntype == QUOTA_NL_ISOFTLONGWARN) ? DQ_INODES_B : 0); 1191 1192 if (!flag) 1193 return 0; 1194 return test_and_set_bit(flag, &dquot->dq_flags); 1195 } 1196 1197 #ifdef CONFIG_PRINT_QUOTA_WARNING 1198 static int flag_print_warnings = 1; 1199 1200 static int need_print_warning(struct dquot_warn *warn) 1201 { 1202 if (!flag_print_warnings) 1203 return 0; 1204 1205 switch (warn->w_dq_id.type) { 1206 case USRQUOTA: 1207 return uid_eq(current_fsuid(), warn->w_dq_id.uid); 1208 case GRPQUOTA: 1209 return in_group_p(warn->w_dq_id.gid); 1210 case PRJQUOTA: 1211 return 1; 1212 } 1213 return 0; 1214 } 1215 1216 /* Print warning to user which exceeded quota */ 1217 static void print_warning(struct dquot_warn *warn) 1218 { 1219 char *msg = NULL; 1220 struct tty_struct *tty; 1221 int warntype = warn->w_type; 1222 1223 if (warntype == QUOTA_NL_IHARDBELOW || 1224 warntype == QUOTA_NL_ISOFTBELOW || 1225 warntype == QUOTA_NL_BHARDBELOW || 1226 warntype == QUOTA_NL_BSOFTBELOW || !need_print_warning(warn)) 1227 return; 1228 1229 tty = get_current_tty(); 1230 if (!tty) 1231 return; 1232 tty_write_message(tty, warn->w_sb->s_id); 1233 if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN) 1234 tty_write_message(tty, ": warning, "); 1235 else 1236 tty_write_message(tty, ": write failed, "); 1237 tty_write_message(tty, quotatypes[warn->w_dq_id.type]); 1238 switch (warntype) { 1239 case QUOTA_NL_IHARDWARN: 1240 msg = " file limit reached.\r\n"; 1241 break; 1242 case QUOTA_NL_ISOFTLONGWARN: 1243 msg = " file quota exceeded too long.\r\n"; 1244 break; 1245 case QUOTA_NL_ISOFTWARN: 1246 msg = " file quota exceeded.\r\n"; 1247 break; 1248 case QUOTA_NL_BHARDWARN: 1249 msg = " block limit reached.\r\n"; 1250 break; 1251 case QUOTA_NL_BSOFTLONGWARN: 1252 msg = " block quota exceeded too long.\r\n"; 1253 break; 1254 case QUOTA_NL_BSOFTWARN: 1255 msg = " block quota exceeded.\r\n"; 1256 break; 1257 } 1258 tty_write_message(tty, msg); 1259 tty_kref_put(tty); 1260 } 1261 #endif 1262 1263 static void prepare_warning(struct dquot_warn *warn, struct dquot *dquot, 1264 int warntype) 1265 { 1266 if (warning_issued(dquot, warntype)) 1267 return; 1268 warn->w_type = warntype; 1269 warn->w_sb = dquot->dq_sb; 1270 warn->w_dq_id = dquot->dq_id; 1271 } 1272 1273 /* 1274 * Write warnings to the console and send warning messages over netlink. 1275 * 1276 * Note that this function can call into tty and networking code. 1277 */ 1278 static void flush_warnings(struct dquot_warn *warn) 1279 { 1280 int i; 1281 1282 for (i = 0; i < MAXQUOTAS; i++) { 1283 if (warn[i].w_type == QUOTA_NL_NOWARN) 1284 continue; 1285 #ifdef CONFIG_PRINT_QUOTA_WARNING 1286 print_warning(&warn[i]); 1287 #endif 1288 quota_send_warning(warn[i].w_dq_id, 1289 warn[i].w_sb->s_dev, warn[i].w_type); 1290 } 1291 } 1292 1293 static int ignore_hardlimit(struct dquot *dquot) 1294 { 1295 struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type]; 1296 1297 return capable(CAP_SYS_RESOURCE) && 1298 (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD || 1299 !(info->dqi_flags & DQF_ROOT_SQUASH)); 1300 } 1301 1302 static int dquot_add_inodes(struct dquot *dquot, qsize_t inodes, 1303 struct dquot_warn *warn) 1304 { 1305 qsize_t newinodes; 1306 int ret = 0; 1307 1308 spin_lock(&dquot->dq_dqb_lock); 1309 newinodes = dquot->dq_dqb.dqb_curinodes + inodes; 1310 if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type) || 1311 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1312 goto add; 1313 1314 if (dquot->dq_dqb.dqb_ihardlimit && 1315 newinodes > dquot->dq_dqb.dqb_ihardlimit && 1316 !ignore_hardlimit(dquot)) { 1317 prepare_warning(warn, dquot, QUOTA_NL_IHARDWARN); 1318 ret = -EDQUOT; 1319 goto out; 1320 } 1321 1322 if (dquot->dq_dqb.dqb_isoftlimit && 1323 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1324 dquot->dq_dqb.dqb_itime && 1325 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_itime && 1326 !ignore_hardlimit(dquot)) { 1327 prepare_warning(warn, dquot, QUOTA_NL_ISOFTLONGWARN); 1328 ret = -EDQUOT; 1329 goto out; 1330 } 1331 1332 if (dquot->dq_dqb.dqb_isoftlimit && 1333 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1334 dquot->dq_dqb.dqb_itime == 0) { 1335 prepare_warning(warn, dquot, QUOTA_NL_ISOFTWARN); 1336 dquot->dq_dqb.dqb_itime = ktime_get_real_seconds() + 1337 sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type].dqi_igrace; 1338 } 1339 add: 1340 dquot->dq_dqb.dqb_curinodes = newinodes; 1341 1342 out: 1343 spin_unlock(&dquot->dq_dqb_lock); 1344 return ret; 1345 } 1346 1347 static int dquot_add_space(struct dquot *dquot, qsize_t space, 1348 qsize_t rsv_space, unsigned int flags, 1349 struct dquot_warn *warn) 1350 { 1351 qsize_t tspace; 1352 struct super_block *sb = dquot->dq_sb; 1353 int ret = 0; 1354 1355 spin_lock(&dquot->dq_dqb_lock); 1356 if (!sb_has_quota_limits_enabled(sb, dquot->dq_id.type) || 1357 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1358 goto finish; 1359 1360 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace 1361 + space + rsv_space; 1362 1363 if (dquot->dq_dqb.dqb_bhardlimit && 1364 tspace > dquot->dq_dqb.dqb_bhardlimit && 1365 !ignore_hardlimit(dquot)) { 1366 if (flags & DQUOT_SPACE_WARN) 1367 prepare_warning(warn, dquot, QUOTA_NL_BHARDWARN); 1368 ret = -EDQUOT; 1369 goto finish; 1370 } 1371 1372 if (dquot->dq_dqb.dqb_bsoftlimit && 1373 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1374 dquot->dq_dqb.dqb_btime && 1375 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_btime && 1376 !ignore_hardlimit(dquot)) { 1377 if (flags & DQUOT_SPACE_WARN) 1378 prepare_warning(warn, dquot, QUOTA_NL_BSOFTLONGWARN); 1379 ret = -EDQUOT; 1380 goto finish; 1381 } 1382 1383 if (dquot->dq_dqb.dqb_bsoftlimit && 1384 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1385 dquot->dq_dqb.dqb_btime == 0) { 1386 if (flags & DQUOT_SPACE_WARN) { 1387 prepare_warning(warn, dquot, QUOTA_NL_BSOFTWARN); 1388 dquot->dq_dqb.dqb_btime = ktime_get_real_seconds() + 1389 sb_dqopt(sb)->info[dquot->dq_id.type].dqi_bgrace; 1390 } else { 1391 /* 1392 * We don't allow preallocation to exceed softlimit so exceeding will 1393 * be always printed 1394 */ 1395 ret = -EDQUOT; 1396 goto finish; 1397 } 1398 } 1399 finish: 1400 /* 1401 * We have to be careful and go through warning generation & grace time 1402 * setting even if DQUOT_SPACE_NOFAIL is set. That's why we check it 1403 * only here... 1404 */ 1405 if (flags & DQUOT_SPACE_NOFAIL) 1406 ret = 0; 1407 if (!ret) { 1408 dquot->dq_dqb.dqb_rsvspace += rsv_space; 1409 dquot->dq_dqb.dqb_curspace += space; 1410 } 1411 spin_unlock(&dquot->dq_dqb_lock); 1412 return ret; 1413 } 1414 1415 static int info_idq_free(struct dquot *dquot, qsize_t inodes) 1416 { 1417 qsize_t newinodes; 1418 1419 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1420 dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit || 1421 !sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type)) 1422 return QUOTA_NL_NOWARN; 1423 1424 newinodes = dquot->dq_dqb.dqb_curinodes - inodes; 1425 if (newinodes <= dquot->dq_dqb.dqb_isoftlimit) 1426 return QUOTA_NL_ISOFTBELOW; 1427 if (dquot->dq_dqb.dqb_curinodes >= dquot->dq_dqb.dqb_ihardlimit && 1428 newinodes < dquot->dq_dqb.dqb_ihardlimit) 1429 return QUOTA_NL_IHARDBELOW; 1430 return QUOTA_NL_NOWARN; 1431 } 1432 1433 static int info_bdq_free(struct dquot *dquot, qsize_t space) 1434 { 1435 qsize_t tspace; 1436 1437 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace; 1438 1439 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1440 tspace <= dquot->dq_dqb.dqb_bsoftlimit) 1441 return QUOTA_NL_NOWARN; 1442 1443 if (tspace - space <= dquot->dq_dqb.dqb_bsoftlimit) 1444 return QUOTA_NL_BSOFTBELOW; 1445 if (tspace >= dquot->dq_dqb.dqb_bhardlimit && 1446 tspace - space < dquot->dq_dqb.dqb_bhardlimit) 1447 return QUOTA_NL_BHARDBELOW; 1448 return QUOTA_NL_NOWARN; 1449 } 1450 1451 static int inode_quota_active(const struct inode *inode) 1452 { 1453 struct super_block *sb = inode->i_sb; 1454 1455 if (IS_NOQUOTA(inode)) 1456 return 0; 1457 return sb_any_quota_loaded(sb) & ~sb_any_quota_suspended(sb); 1458 } 1459 1460 /* 1461 * Initialize quota pointers in inode 1462 * 1463 * It is better to call this function outside of any transaction as it 1464 * might need a lot of space in journal for dquot structure allocation. 1465 */ 1466 static int __dquot_initialize(struct inode *inode, int type) 1467 { 1468 int cnt, init_needed = 0; 1469 struct dquot __rcu **dquots; 1470 struct dquot *got[MAXQUOTAS] = {}; 1471 struct super_block *sb = inode->i_sb; 1472 qsize_t rsv; 1473 int ret = 0; 1474 1475 if (!inode_quota_active(inode)) 1476 return 0; 1477 1478 dquots = i_dquot(inode); 1479 1480 /* First get references to structures we might need. */ 1481 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1482 struct kqid qid; 1483 kprojid_t projid; 1484 int rc; 1485 struct dquot *dquot; 1486 1487 if (type != -1 && cnt != type) 1488 continue; 1489 /* 1490 * The i_dquot should have been initialized in most cases, 1491 * we check it without locking here to avoid unnecessary 1492 * dqget()/dqput() calls. 1493 */ 1494 if (dquots[cnt]) 1495 continue; 1496 1497 if (!sb_has_quota_active(sb, cnt)) 1498 continue; 1499 1500 init_needed = 1; 1501 1502 switch (cnt) { 1503 case USRQUOTA: 1504 qid = make_kqid_uid(inode->i_uid); 1505 break; 1506 case GRPQUOTA: 1507 qid = make_kqid_gid(inode->i_gid); 1508 break; 1509 case PRJQUOTA: 1510 rc = inode->i_sb->dq_op->get_projid(inode, &projid); 1511 if (rc) 1512 continue; 1513 qid = make_kqid_projid(projid); 1514 break; 1515 } 1516 dquot = dqget(sb, qid); 1517 if (IS_ERR(dquot)) { 1518 /* We raced with somebody turning quotas off... */ 1519 if (PTR_ERR(dquot) != -ESRCH) { 1520 ret = PTR_ERR(dquot); 1521 goto out_put; 1522 } 1523 dquot = NULL; 1524 } 1525 got[cnt] = dquot; 1526 } 1527 1528 /* All required i_dquot has been initialized */ 1529 if (!init_needed) 1530 return 0; 1531 1532 spin_lock(&dq_data_lock); 1533 if (IS_NOQUOTA(inode)) 1534 goto out_lock; 1535 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1536 if (type != -1 && cnt != type) 1537 continue; 1538 /* Avoid races with quotaoff() */ 1539 if (!sb_has_quota_active(sb, cnt)) 1540 continue; 1541 /* We could race with quotaon or dqget() could have failed */ 1542 if (!got[cnt]) 1543 continue; 1544 if (!dquots[cnt]) { 1545 rcu_assign_pointer(dquots[cnt], got[cnt]); 1546 got[cnt] = NULL; 1547 /* 1548 * Make quota reservation system happy if someone 1549 * did a write before quota was turned on 1550 */ 1551 rsv = inode_get_rsv_space(inode); 1552 if (unlikely(rsv)) { 1553 struct dquot *dquot = srcu_dereference_check( 1554 dquots[cnt], &dquot_srcu, 1555 lockdep_is_held(&dq_data_lock)); 1556 1557 spin_lock(&inode->i_lock); 1558 /* Get reservation again under proper lock */ 1559 rsv = __inode_get_rsv_space(inode); 1560 spin_lock(&dquot->dq_dqb_lock); 1561 dquot->dq_dqb.dqb_rsvspace += rsv; 1562 spin_unlock(&dquot->dq_dqb_lock); 1563 spin_unlock(&inode->i_lock); 1564 } 1565 } 1566 } 1567 out_lock: 1568 spin_unlock(&dq_data_lock); 1569 out_put: 1570 /* Drop unused references */ 1571 dqput_all(got); 1572 1573 return ret; 1574 } 1575 1576 int dquot_initialize(struct inode *inode) 1577 { 1578 return __dquot_initialize(inode, -1); 1579 } 1580 EXPORT_SYMBOL(dquot_initialize); 1581 1582 bool dquot_initialize_needed(struct inode *inode) 1583 { 1584 struct dquot __rcu **dquots; 1585 int i; 1586 1587 if (!inode_quota_active(inode)) 1588 return false; 1589 1590 dquots = i_dquot(inode); 1591 for (i = 0; i < MAXQUOTAS; i++) 1592 if (!dquots[i] && sb_has_quota_active(inode->i_sb, i)) 1593 return true; 1594 return false; 1595 } 1596 EXPORT_SYMBOL(dquot_initialize_needed); 1597 1598 /* 1599 * Release all quotas referenced by inode. 1600 * 1601 * This function only be called on inode free or converting 1602 * a file to quota file, no other users for the i_dquot in 1603 * both cases, so we needn't call synchronize_srcu() after 1604 * clearing i_dquot. 1605 */ 1606 static void __dquot_drop(struct inode *inode) 1607 { 1608 int cnt; 1609 struct dquot __rcu **dquots = i_dquot(inode); 1610 struct dquot *put[MAXQUOTAS]; 1611 1612 spin_lock(&dq_data_lock); 1613 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1614 put[cnt] = srcu_dereference_check(dquots[cnt], &dquot_srcu, 1615 lockdep_is_held(&dq_data_lock)); 1616 rcu_assign_pointer(dquots[cnt], NULL); 1617 } 1618 spin_unlock(&dq_data_lock); 1619 dqput_all(put); 1620 } 1621 1622 void dquot_drop(struct inode *inode) 1623 { 1624 struct dquot __rcu * const *dquots; 1625 int cnt; 1626 1627 if (IS_NOQUOTA(inode)) 1628 return; 1629 1630 /* 1631 * Test before calling to rule out calls from proc and such 1632 * where we are not allowed to block. Note that this is 1633 * actually reliable test even without the lock - the caller 1634 * must assure that nobody can come after the DQUOT_DROP and 1635 * add quota pointers back anyway. 1636 */ 1637 dquots = i_dquot(inode); 1638 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1639 if (dquots[cnt]) 1640 break; 1641 } 1642 1643 if (cnt < MAXQUOTAS) 1644 __dquot_drop(inode); 1645 } 1646 EXPORT_SYMBOL(dquot_drop); 1647 1648 /* 1649 * inode_reserved_space is managed internally by quota, and protected by 1650 * i_lock similar to i_blocks+i_bytes. 1651 */ 1652 static qsize_t *inode_reserved_space(struct inode * inode) 1653 { 1654 /* Filesystem must explicitly define it's own method in order to use 1655 * quota reservation interface */ 1656 BUG_ON(!inode->i_sb->dq_op->get_reserved_space); 1657 return inode->i_sb->dq_op->get_reserved_space(inode); 1658 } 1659 1660 static qsize_t __inode_get_rsv_space(struct inode *inode) 1661 { 1662 if (!inode->i_sb->dq_op->get_reserved_space) 1663 return 0; 1664 return *inode_reserved_space(inode); 1665 } 1666 1667 static qsize_t inode_get_rsv_space(struct inode *inode) 1668 { 1669 qsize_t ret; 1670 1671 if (!inode->i_sb->dq_op->get_reserved_space) 1672 return 0; 1673 spin_lock(&inode->i_lock); 1674 ret = __inode_get_rsv_space(inode); 1675 spin_unlock(&inode->i_lock); 1676 return ret; 1677 } 1678 1679 /* 1680 * This functions updates i_blocks+i_bytes fields and quota information 1681 * (together with appropriate checks). 1682 * 1683 * NOTE: We absolutely rely on the fact that caller dirties the inode 1684 * (usually helpers in quotaops.h care about this) and holds a handle for 1685 * the current transaction so that dquot write and inode write go into the 1686 * same transaction. 1687 */ 1688 1689 /* 1690 * This operation can block, but only after everything is updated 1691 */ 1692 int __dquot_alloc_space(struct inode *inode, qsize_t number, int flags) 1693 { 1694 int cnt, ret = 0, index; 1695 struct dquot_warn warn[MAXQUOTAS]; 1696 int reserve = flags & DQUOT_SPACE_RESERVE; 1697 struct dquot __rcu **dquots; 1698 struct dquot *dquot; 1699 1700 if (!inode_quota_active(inode)) { 1701 if (reserve) { 1702 spin_lock(&inode->i_lock); 1703 *inode_reserved_space(inode) += number; 1704 spin_unlock(&inode->i_lock); 1705 } else { 1706 inode_add_bytes(inode, number); 1707 } 1708 goto out; 1709 } 1710 1711 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1712 warn[cnt].w_type = QUOTA_NL_NOWARN; 1713 1714 dquots = i_dquot(inode); 1715 index = srcu_read_lock(&dquot_srcu); 1716 spin_lock(&inode->i_lock); 1717 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1718 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1719 if (!dquot) 1720 continue; 1721 if (reserve) { 1722 ret = dquot_add_space(dquot, 0, number, flags, &warn[cnt]); 1723 } else { 1724 ret = dquot_add_space(dquot, number, 0, flags, &warn[cnt]); 1725 } 1726 if (ret) { 1727 /* Back out changes we already did */ 1728 for (cnt--; cnt >= 0; cnt--) { 1729 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1730 if (!dquot) 1731 continue; 1732 spin_lock(&dquot->dq_dqb_lock); 1733 if (reserve) 1734 dquot_free_reserved_space(dquot, number); 1735 else 1736 dquot_decr_space(dquot, number); 1737 spin_unlock(&dquot->dq_dqb_lock); 1738 } 1739 spin_unlock(&inode->i_lock); 1740 goto out_flush_warn; 1741 } 1742 } 1743 if (reserve) 1744 *inode_reserved_space(inode) += number; 1745 else 1746 __inode_add_bytes(inode, number); 1747 spin_unlock(&inode->i_lock); 1748 1749 if (reserve) 1750 goto out_flush_warn; 1751 mark_all_dquot_dirty(dquots); 1752 out_flush_warn: 1753 srcu_read_unlock(&dquot_srcu, index); 1754 flush_warnings(warn); 1755 out: 1756 return ret; 1757 } 1758 EXPORT_SYMBOL(__dquot_alloc_space); 1759 1760 /* 1761 * This operation can block, but only after everything is updated 1762 */ 1763 int dquot_alloc_inode(struct inode *inode) 1764 { 1765 int cnt, ret = 0, index; 1766 struct dquot_warn warn[MAXQUOTAS]; 1767 struct dquot __rcu * const *dquots; 1768 struct dquot *dquot; 1769 1770 if (!inode_quota_active(inode)) 1771 return 0; 1772 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1773 warn[cnt].w_type = QUOTA_NL_NOWARN; 1774 1775 dquots = i_dquot(inode); 1776 index = srcu_read_lock(&dquot_srcu); 1777 spin_lock(&inode->i_lock); 1778 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1779 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1780 if (!dquot) 1781 continue; 1782 ret = dquot_add_inodes(dquot, 1, &warn[cnt]); 1783 if (ret) { 1784 for (cnt--; cnt >= 0; cnt--) { 1785 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1786 if (!dquot) 1787 continue; 1788 /* Back out changes we already did */ 1789 spin_lock(&dquot->dq_dqb_lock); 1790 dquot_decr_inodes(dquot, 1); 1791 spin_unlock(&dquot->dq_dqb_lock); 1792 } 1793 goto warn_put_all; 1794 } 1795 } 1796 1797 warn_put_all: 1798 spin_unlock(&inode->i_lock); 1799 if (ret == 0) 1800 mark_all_dquot_dirty(dquots); 1801 srcu_read_unlock(&dquot_srcu, index); 1802 flush_warnings(warn); 1803 return ret; 1804 } 1805 EXPORT_SYMBOL(dquot_alloc_inode); 1806 1807 /* 1808 * Convert in-memory reserved quotas to real consumed quotas 1809 */ 1810 int dquot_claim_space_nodirty(struct inode *inode, qsize_t number) 1811 { 1812 struct dquot __rcu **dquots; 1813 struct dquot *dquot; 1814 int cnt, index; 1815 1816 if (!inode_quota_active(inode)) { 1817 spin_lock(&inode->i_lock); 1818 *inode_reserved_space(inode) -= number; 1819 __inode_add_bytes(inode, number); 1820 spin_unlock(&inode->i_lock); 1821 return 0; 1822 } 1823 1824 dquots = i_dquot(inode); 1825 index = srcu_read_lock(&dquot_srcu); 1826 spin_lock(&inode->i_lock); 1827 /* Claim reserved quotas to allocated quotas */ 1828 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1829 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1830 if (dquot) { 1831 spin_lock(&dquot->dq_dqb_lock); 1832 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_rsvspace < number)) 1833 number = dquot->dq_dqb.dqb_rsvspace; 1834 dquot->dq_dqb.dqb_curspace += number; 1835 dquot->dq_dqb.dqb_rsvspace -= number; 1836 spin_unlock(&dquot->dq_dqb_lock); 1837 } 1838 } 1839 /* Update inode bytes */ 1840 *inode_reserved_space(inode) -= number; 1841 __inode_add_bytes(inode, number); 1842 spin_unlock(&inode->i_lock); 1843 mark_all_dquot_dirty(dquots); 1844 srcu_read_unlock(&dquot_srcu, index); 1845 return 0; 1846 } 1847 EXPORT_SYMBOL(dquot_claim_space_nodirty); 1848 1849 /* 1850 * Convert allocated space back to in-memory reserved quotas 1851 */ 1852 void dquot_reclaim_space_nodirty(struct inode *inode, qsize_t number) 1853 { 1854 struct dquot __rcu **dquots; 1855 struct dquot *dquot; 1856 int cnt, index; 1857 1858 if (!inode_quota_active(inode)) { 1859 spin_lock(&inode->i_lock); 1860 *inode_reserved_space(inode) += number; 1861 __inode_sub_bytes(inode, number); 1862 spin_unlock(&inode->i_lock); 1863 return; 1864 } 1865 1866 dquots = i_dquot(inode); 1867 index = srcu_read_lock(&dquot_srcu); 1868 spin_lock(&inode->i_lock); 1869 /* Claim reserved quotas to allocated quotas */ 1870 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1871 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1872 if (dquot) { 1873 spin_lock(&dquot->dq_dqb_lock); 1874 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_curspace < number)) 1875 number = dquot->dq_dqb.dqb_curspace; 1876 dquot->dq_dqb.dqb_rsvspace += number; 1877 dquot->dq_dqb.dqb_curspace -= number; 1878 spin_unlock(&dquot->dq_dqb_lock); 1879 } 1880 } 1881 /* Update inode bytes */ 1882 *inode_reserved_space(inode) += number; 1883 __inode_sub_bytes(inode, number); 1884 spin_unlock(&inode->i_lock); 1885 mark_all_dquot_dirty(dquots); 1886 srcu_read_unlock(&dquot_srcu, index); 1887 return; 1888 } 1889 EXPORT_SYMBOL(dquot_reclaim_space_nodirty); 1890 1891 /* 1892 * This operation can block, but only after everything is updated 1893 */ 1894 void __dquot_free_space(struct inode *inode, qsize_t number, int flags) 1895 { 1896 unsigned int cnt; 1897 struct dquot_warn warn[MAXQUOTAS]; 1898 struct dquot __rcu **dquots; 1899 struct dquot *dquot; 1900 int reserve = flags & DQUOT_SPACE_RESERVE, index; 1901 1902 if (!inode_quota_active(inode)) { 1903 if (reserve) { 1904 spin_lock(&inode->i_lock); 1905 *inode_reserved_space(inode) -= number; 1906 spin_unlock(&inode->i_lock); 1907 } else { 1908 inode_sub_bytes(inode, number); 1909 } 1910 return; 1911 } 1912 1913 dquots = i_dquot(inode); 1914 index = srcu_read_lock(&dquot_srcu); 1915 spin_lock(&inode->i_lock); 1916 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1917 int wtype; 1918 1919 warn[cnt].w_type = QUOTA_NL_NOWARN; 1920 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1921 if (!dquot) 1922 continue; 1923 spin_lock(&dquot->dq_dqb_lock); 1924 wtype = info_bdq_free(dquot, number); 1925 if (wtype != QUOTA_NL_NOWARN) 1926 prepare_warning(&warn[cnt], dquot, wtype); 1927 if (reserve) 1928 dquot_free_reserved_space(dquot, number); 1929 else 1930 dquot_decr_space(dquot, number); 1931 spin_unlock(&dquot->dq_dqb_lock); 1932 } 1933 if (reserve) 1934 *inode_reserved_space(inode) -= number; 1935 else 1936 __inode_sub_bytes(inode, number); 1937 spin_unlock(&inode->i_lock); 1938 1939 if (reserve) 1940 goto out_unlock; 1941 mark_all_dquot_dirty(dquots); 1942 out_unlock: 1943 srcu_read_unlock(&dquot_srcu, index); 1944 flush_warnings(warn); 1945 } 1946 EXPORT_SYMBOL(__dquot_free_space); 1947 1948 /* 1949 * This operation can block, but only after everything is updated 1950 */ 1951 void dquot_free_inode(struct inode *inode) 1952 { 1953 unsigned int cnt; 1954 struct dquot_warn warn[MAXQUOTAS]; 1955 struct dquot __rcu * const *dquots; 1956 struct dquot *dquot; 1957 int index; 1958 1959 if (!inode_quota_active(inode)) 1960 return; 1961 1962 dquots = i_dquot(inode); 1963 index = srcu_read_lock(&dquot_srcu); 1964 spin_lock(&inode->i_lock); 1965 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1966 int wtype; 1967 warn[cnt].w_type = QUOTA_NL_NOWARN; 1968 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1969 if (!dquot) 1970 continue; 1971 spin_lock(&dquot->dq_dqb_lock); 1972 wtype = info_idq_free(dquot, 1); 1973 if (wtype != QUOTA_NL_NOWARN) 1974 prepare_warning(&warn[cnt], dquot, wtype); 1975 dquot_decr_inodes(dquot, 1); 1976 spin_unlock(&dquot->dq_dqb_lock); 1977 } 1978 spin_unlock(&inode->i_lock); 1979 mark_all_dquot_dirty(dquots); 1980 srcu_read_unlock(&dquot_srcu, index); 1981 flush_warnings(warn); 1982 } 1983 EXPORT_SYMBOL(dquot_free_inode); 1984 1985 /* 1986 * Transfer the number of inode and blocks from one diskquota to an other. 1987 * On success, dquot references in transfer_to are consumed and references 1988 * to original dquots that need to be released are placed there. On failure, 1989 * references are kept untouched. 1990 * 1991 * This operation can block, but only after everything is updated 1992 * A transaction must be started when entering this function. 1993 * 1994 * We are holding reference on transfer_from & transfer_to, no need to 1995 * protect them by srcu_read_lock(). 1996 */ 1997 int __dquot_transfer(struct inode *inode, struct dquot **transfer_to) 1998 { 1999 qsize_t cur_space; 2000 qsize_t rsv_space = 0; 2001 qsize_t inode_usage = 1; 2002 struct dquot __rcu **dquots; 2003 struct dquot *transfer_from[MAXQUOTAS] = {}; 2004 int cnt, index, ret = 0; 2005 char is_valid[MAXQUOTAS] = {}; 2006 struct dquot_warn warn_to[MAXQUOTAS]; 2007 struct dquot_warn warn_from_inodes[MAXQUOTAS]; 2008 struct dquot_warn warn_from_space[MAXQUOTAS]; 2009 2010 if (IS_NOQUOTA(inode)) 2011 return 0; 2012 2013 if (inode->i_sb->dq_op->get_inode_usage) { 2014 ret = inode->i_sb->dq_op->get_inode_usage(inode, &inode_usage); 2015 if (ret) 2016 return ret; 2017 } 2018 2019 /* Initialize the arrays */ 2020 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2021 warn_to[cnt].w_type = QUOTA_NL_NOWARN; 2022 warn_from_inodes[cnt].w_type = QUOTA_NL_NOWARN; 2023 warn_from_space[cnt].w_type = QUOTA_NL_NOWARN; 2024 } 2025 2026 spin_lock(&dq_data_lock); 2027 spin_lock(&inode->i_lock); 2028 if (IS_NOQUOTA(inode)) { /* File without quota accounting? */ 2029 spin_unlock(&inode->i_lock); 2030 spin_unlock(&dq_data_lock); 2031 return 0; 2032 } 2033 cur_space = __inode_get_bytes(inode); 2034 rsv_space = __inode_get_rsv_space(inode); 2035 dquots = i_dquot(inode); 2036 /* 2037 * Build the transfer_from list, check limits, and update usage in 2038 * the target structures. 2039 */ 2040 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2041 /* 2042 * Skip changes for same uid or gid or for turned off quota-type. 2043 */ 2044 if (!transfer_to[cnt]) 2045 continue; 2046 /* Avoid races with quotaoff() */ 2047 if (!sb_has_quota_active(inode->i_sb, cnt)) 2048 continue; 2049 is_valid[cnt] = 1; 2050 transfer_from[cnt] = srcu_dereference_check(dquots[cnt], 2051 &dquot_srcu, lockdep_is_held(&dq_data_lock)); 2052 ret = dquot_add_inodes(transfer_to[cnt], inode_usage, 2053 &warn_to[cnt]); 2054 if (ret) 2055 goto over_quota; 2056 ret = dquot_add_space(transfer_to[cnt], cur_space, rsv_space, 2057 DQUOT_SPACE_WARN, &warn_to[cnt]); 2058 if (ret) { 2059 spin_lock(&transfer_to[cnt]->dq_dqb_lock); 2060 dquot_decr_inodes(transfer_to[cnt], inode_usage); 2061 spin_unlock(&transfer_to[cnt]->dq_dqb_lock); 2062 goto over_quota; 2063 } 2064 } 2065 2066 /* Decrease usage for source structures and update quota pointers */ 2067 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2068 if (!is_valid[cnt]) 2069 continue; 2070 /* Due to IO error we might not have transfer_from[] structure */ 2071 if (transfer_from[cnt]) { 2072 int wtype; 2073 2074 spin_lock(&transfer_from[cnt]->dq_dqb_lock); 2075 wtype = info_idq_free(transfer_from[cnt], inode_usage); 2076 if (wtype != QUOTA_NL_NOWARN) 2077 prepare_warning(&warn_from_inodes[cnt], 2078 transfer_from[cnt], wtype); 2079 wtype = info_bdq_free(transfer_from[cnt], 2080 cur_space + rsv_space); 2081 if (wtype != QUOTA_NL_NOWARN) 2082 prepare_warning(&warn_from_space[cnt], 2083 transfer_from[cnt], wtype); 2084 dquot_decr_inodes(transfer_from[cnt], inode_usage); 2085 dquot_decr_space(transfer_from[cnt], cur_space); 2086 dquot_free_reserved_space(transfer_from[cnt], 2087 rsv_space); 2088 spin_unlock(&transfer_from[cnt]->dq_dqb_lock); 2089 } 2090 rcu_assign_pointer(dquots[cnt], transfer_to[cnt]); 2091 } 2092 spin_unlock(&inode->i_lock); 2093 spin_unlock(&dq_data_lock); 2094 2095 /* 2096 * These arrays are local and we hold dquot references so we don't need 2097 * the srcu protection but still take dquot_srcu to avoid warning in 2098 * mark_all_dquot_dirty(). 2099 */ 2100 index = srcu_read_lock(&dquot_srcu); 2101 mark_all_dquot_dirty((struct dquot __rcu **)transfer_from); 2102 mark_all_dquot_dirty((struct dquot __rcu **)transfer_to); 2103 srcu_read_unlock(&dquot_srcu, index); 2104 2105 flush_warnings(warn_to); 2106 flush_warnings(warn_from_inodes); 2107 flush_warnings(warn_from_space); 2108 /* Pass back references to put */ 2109 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2110 if (is_valid[cnt]) 2111 transfer_to[cnt] = transfer_from[cnt]; 2112 return 0; 2113 over_quota: 2114 /* Back out changes we already did */ 2115 for (cnt--; cnt >= 0; cnt--) { 2116 if (!is_valid[cnt]) 2117 continue; 2118 spin_lock(&transfer_to[cnt]->dq_dqb_lock); 2119 dquot_decr_inodes(transfer_to[cnt], inode_usage); 2120 dquot_decr_space(transfer_to[cnt], cur_space); 2121 dquot_free_reserved_space(transfer_to[cnt], rsv_space); 2122 spin_unlock(&transfer_to[cnt]->dq_dqb_lock); 2123 } 2124 spin_unlock(&inode->i_lock); 2125 spin_unlock(&dq_data_lock); 2126 flush_warnings(warn_to); 2127 return ret; 2128 } 2129 EXPORT_SYMBOL(__dquot_transfer); 2130 2131 /* Wrapper for transferring ownership of an inode for uid/gid only 2132 * Called from FSXXX_setattr() 2133 */ 2134 int dquot_transfer(struct mnt_idmap *idmap, struct inode *inode, 2135 struct iattr *iattr) 2136 { 2137 struct dquot *transfer_to[MAXQUOTAS] = {}; 2138 struct dquot *dquot; 2139 struct super_block *sb = inode->i_sb; 2140 int ret; 2141 2142 if (!inode_quota_active(inode)) 2143 return 0; 2144 2145 if (i_uid_needs_update(idmap, iattr, inode)) { 2146 kuid_t kuid = from_vfsuid(idmap, i_user_ns(inode), 2147 iattr->ia_vfsuid); 2148 2149 dquot = dqget(sb, make_kqid_uid(kuid)); 2150 if (IS_ERR(dquot)) { 2151 if (PTR_ERR(dquot) != -ESRCH) { 2152 ret = PTR_ERR(dquot); 2153 goto out_put; 2154 } 2155 dquot = NULL; 2156 } 2157 transfer_to[USRQUOTA] = dquot; 2158 } 2159 if (i_gid_needs_update(idmap, iattr, inode)) { 2160 kgid_t kgid = from_vfsgid(idmap, i_user_ns(inode), 2161 iattr->ia_vfsgid); 2162 2163 dquot = dqget(sb, make_kqid_gid(kgid)); 2164 if (IS_ERR(dquot)) { 2165 if (PTR_ERR(dquot) != -ESRCH) { 2166 ret = PTR_ERR(dquot); 2167 goto out_put; 2168 } 2169 dquot = NULL; 2170 } 2171 transfer_to[GRPQUOTA] = dquot; 2172 } 2173 ret = __dquot_transfer(inode, transfer_to); 2174 out_put: 2175 dqput_all(transfer_to); 2176 return ret; 2177 } 2178 EXPORT_SYMBOL(dquot_transfer); 2179 2180 /* 2181 * Write info of quota file to disk 2182 */ 2183 int dquot_commit_info(struct super_block *sb, int type) 2184 { 2185 struct quota_info *dqopt = sb_dqopt(sb); 2186 2187 return dqopt->ops[type]->write_file_info(sb, type); 2188 } 2189 EXPORT_SYMBOL(dquot_commit_info); 2190 2191 int dquot_get_next_id(struct super_block *sb, struct kqid *qid) 2192 { 2193 struct quota_info *dqopt = sb_dqopt(sb); 2194 2195 if (!sb_has_quota_active(sb, qid->type)) 2196 return -ESRCH; 2197 if (!dqopt->ops[qid->type]->get_next_id) 2198 return -ENOSYS; 2199 return dqopt->ops[qid->type]->get_next_id(sb, qid); 2200 } 2201 EXPORT_SYMBOL(dquot_get_next_id); 2202 2203 /* 2204 * Definitions of diskquota operations. 2205 */ 2206 const struct dquot_operations dquot_operations = { 2207 .write_dquot = dquot_commit, 2208 .acquire_dquot = dquot_acquire, 2209 .release_dquot = dquot_release, 2210 .mark_dirty = dquot_mark_dquot_dirty, 2211 .write_info = dquot_commit_info, 2212 .alloc_dquot = dquot_alloc, 2213 .destroy_dquot = dquot_destroy, 2214 .get_next_id = dquot_get_next_id, 2215 }; 2216 EXPORT_SYMBOL(dquot_operations); 2217 2218 /* 2219 * Generic helper for ->open on filesystems supporting disk quotas. 2220 */ 2221 int dquot_file_open(struct inode *inode, struct file *file) 2222 { 2223 int error; 2224 2225 error = generic_file_open(inode, file); 2226 if (!error && (file->f_mode & FMODE_WRITE)) 2227 error = dquot_initialize(inode); 2228 return error; 2229 } 2230 EXPORT_SYMBOL(dquot_file_open); 2231 2232 static void vfs_cleanup_quota_inode(struct super_block *sb, int type) 2233 { 2234 struct quota_info *dqopt = sb_dqopt(sb); 2235 struct inode *inode = dqopt->files[type]; 2236 2237 if (!inode) 2238 return; 2239 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2240 inode_lock(inode); 2241 inode->i_flags &= ~S_NOQUOTA; 2242 inode_unlock(inode); 2243 } 2244 dqopt->files[type] = NULL; 2245 iput(inode); 2246 } 2247 2248 /* 2249 * Turn quota off on a device. type == -1 ==> quotaoff for all types (umount) 2250 */ 2251 int dquot_disable(struct super_block *sb, int type, unsigned int flags) 2252 { 2253 int cnt; 2254 struct quota_info *dqopt = sb_dqopt(sb); 2255 2256 /* s_umount should be held in exclusive mode */ 2257 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount))) 2258 up_read(&sb->s_umount); 2259 2260 /* Cannot turn off usage accounting without turning off limits, or 2261 * suspend quotas and simultaneously turn quotas off. */ 2262 if ((flags & DQUOT_USAGE_ENABLED && !(flags & DQUOT_LIMITS_ENABLED)) 2263 || (flags & DQUOT_SUSPENDED && flags & (DQUOT_LIMITS_ENABLED | 2264 DQUOT_USAGE_ENABLED))) 2265 return -EINVAL; 2266 2267 /* 2268 * Skip everything if there's nothing to do. We have to do this because 2269 * sometimes we are called when fill_super() failed and calling 2270 * sync_fs() in such cases does no good. 2271 */ 2272 if (!sb_any_quota_loaded(sb)) 2273 return 0; 2274 2275 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2276 if (type != -1 && cnt != type) 2277 continue; 2278 if (!sb_has_quota_loaded(sb, cnt)) 2279 continue; 2280 2281 if (flags & DQUOT_SUSPENDED) { 2282 spin_lock(&dq_state_lock); 2283 dqopt->flags |= 2284 dquot_state_flag(DQUOT_SUSPENDED, cnt); 2285 spin_unlock(&dq_state_lock); 2286 } else { 2287 spin_lock(&dq_state_lock); 2288 dqopt->flags &= ~dquot_state_flag(flags, cnt); 2289 /* Turning off suspended quotas? */ 2290 if (!sb_has_quota_loaded(sb, cnt) && 2291 sb_has_quota_suspended(sb, cnt)) { 2292 dqopt->flags &= ~dquot_state_flag( 2293 DQUOT_SUSPENDED, cnt); 2294 spin_unlock(&dq_state_lock); 2295 vfs_cleanup_quota_inode(sb, cnt); 2296 continue; 2297 } 2298 spin_unlock(&dq_state_lock); 2299 } 2300 2301 /* We still have to keep quota loaded? */ 2302 if (sb_has_quota_loaded(sb, cnt) && !(flags & DQUOT_SUSPENDED)) 2303 continue; 2304 2305 /* Note: these are blocking operations */ 2306 drop_dquot_ref(sb, cnt); 2307 invalidate_dquots(sb, cnt); 2308 /* 2309 * Now all dquots should be invalidated, all writes done so we 2310 * should be only users of the info. No locks needed. 2311 */ 2312 if (info_dirty(&dqopt->info[cnt])) 2313 sb->dq_op->write_info(sb, cnt); 2314 if (dqopt->ops[cnt]->free_file_info) 2315 dqopt->ops[cnt]->free_file_info(sb, cnt); 2316 put_quota_format(dqopt->info[cnt].dqi_format); 2317 dqopt->info[cnt].dqi_flags = 0; 2318 dqopt->info[cnt].dqi_igrace = 0; 2319 dqopt->info[cnt].dqi_bgrace = 0; 2320 dqopt->ops[cnt] = NULL; 2321 } 2322 2323 /* Skip syncing and setting flags if quota files are hidden */ 2324 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) 2325 goto put_inodes; 2326 2327 /* Sync the superblock so that buffers with quota data are written to 2328 * disk (and so userspace sees correct data afterwards). */ 2329 if (sb->s_op->sync_fs) 2330 sb->s_op->sync_fs(sb, 1); 2331 sync_blockdev(sb->s_bdev); 2332 /* Now the quota files are just ordinary files and we can set the 2333 * inode flags back. Moreover we discard the pagecache so that 2334 * userspace sees the writes we did bypassing the pagecache. We 2335 * must also discard the blockdev buffers so that we see the 2336 * changes done by userspace on the next quotaon() */ 2337 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2338 if (!sb_has_quota_loaded(sb, cnt) && dqopt->files[cnt]) { 2339 inode_lock(dqopt->files[cnt]); 2340 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0); 2341 inode_unlock(dqopt->files[cnt]); 2342 } 2343 if (sb->s_bdev) 2344 invalidate_bdev(sb->s_bdev); 2345 put_inodes: 2346 /* We are done when suspending quotas */ 2347 if (flags & DQUOT_SUSPENDED) 2348 return 0; 2349 2350 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2351 if (!sb_has_quota_loaded(sb, cnt)) 2352 vfs_cleanup_quota_inode(sb, cnt); 2353 return 0; 2354 } 2355 EXPORT_SYMBOL(dquot_disable); 2356 2357 int dquot_quota_off(struct super_block *sb, int type) 2358 { 2359 return dquot_disable(sb, type, 2360 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2361 } 2362 EXPORT_SYMBOL(dquot_quota_off); 2363 2364 /* 2365 * Turn quotas on on a device 2366 */ 2367 2368 static int vfs_setup_quota_inode(struct inode *inode, int type) 2369 { 2370 struct super_block *sb = inode->i_sb; 2371 struct quota_info *dqopt = sb_dqopt(sb); 2372 2373 if (is_bad_inode(inode)) 2374 return -EUCLEAN; 2375 if (!S_ISREG(inode->i_mode)) 2376 return -EACCES; 2377 if (IS_RDONLY(inode)) 2378 return -EROFS; 2379 if (sb_has_quota_loaded(sb, type)) 2380 return -EBUSY; 2381 2382 /* 2383 * Quota files should never be encrypted. They should be thought of as 2384 * filesystem metadata, not user data. New-style internal quota files 2385 * cannot be encrypted by users anyway, but old-style external quota 2386 * files could potentially be incorrectly created in an encrypted 2387 * directory, hence this explicit check. Some reasons why encrypted 2388 * quota files don't work include: (1) some filesystems that support 2389 * encryption don't handle it in their quota_read and quota_write, and 2390 * (2) cleaning up encrypted quota files at unmount would need special 2391 * consideration, as quota files are cleaned up later than user files. 2392 */ 2393 if (IS_ENCRYPTED(inode)) 2394 return -EINVAL; 2395 2396 dqopt->files[type] = igrab(inode); 2397 if (!dqopt->files[type]) 2398 return -EIO; 2399 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2400 /* We don't want quota and atime on quota files (deadlocks 2401 * possible) Also nobody should write to the file - we use 2402 * special IO operations which ignore the immutable bit. */ 2403 inode_lock(inode); 2404 inode->i_flags |= S_NOQUOTA; 2405 inode_unlock(inode); 2406 /* 2407 * When S_NOQUOTA is set, remove dquot references as no more 2408 * references can be added 2409 */ 2410 __dquot_drop(inode); 2411 } 2412 return 0; 2413 } 2414 2415 int dquot_load_quota_sb(struct super_block *sb, int type, int format_id, 2416 unsigned int flags) 2417 { 2418 struct quota_format_type *fmt = find_quota_format(format_id); 2419 struct quota_info *dqopt = sb_dqopt(sb); 2420 int error; 2421 2422 lockdep_assert_held_write(&sb->s_umount); 2423 2424 /* Just unsuspend quotas? */ 2425 BUG_ON(flags & DQUOT_SUSPENDED); 2426 2427 if (!fmt) 2428 return -ESRCH; 2429 if (!sb->dq_op || !sb->s_qcop || 2430 (type == PRJQUOTA && sb->dq_op->get_projid == NULL)) { 2431 error = -EINVAL; 2432 goto out_fmt; 2433 } 2434 /* Filesystems outside of init_user_ns not yet supported */ 2435 if (sb->s_user_ns != &init_user_ns) { 2436 error = -EINVAL; 2437 goto out_fmt; 2438 } 2439 /* Usage always has to be set... */ 2440 if (!(flags & DQUOT_USAGE_ENABLED)) { 2441 error = -EINVAL; 2442 goto out_fmt; 2443 } 2444 if (sb_has_quota_loaded(sb, type)) { 2445 error = -EBUSY; 2446 goto out_fmt; 2447 } 2448 2449 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2450 /* As we bypass the pagecache we must now flush all the 2451 * dirty data and invalidate caches so that kernel sees 2452 * changes from userspace. It is not enough to just flush 2453 * the quota file since if blocksize < pagesize, invalidation 2454 * of the cache could fail because of other unrelated dirty 2455 * data */ 2456 sync_filesystem(sb); 2457 invalidate_bdev(sb->s_bdev); 2458 } 2459 2460 error = -EINVAL; 2461 if (!fmt->qf_ops->check_quota_file(sb, type)) 2462 goto out_fmt; 2463 2464 dqopt->ops[type] = fmt->qf_ops; 2465 dqopt->info[type].dqi_format = fmt; 2466 dqopt->info[type].dqi_fmt_id = format_id; 2467 INIT_LIST_HEAD(&dqopt->info[type].dqi_dirty_list); 2468 error = dqopt->ops[type]->read_file_info(sb, type); 2469 if (error < 0) 2470 goto out_fmt; 2471 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) { 2472 spin_lock(&dq_data_lock); 2473 dqopt->info[type].dqi_flags |= DQF_SYS_FILE; 2474 spin_unlock(&dq_data_lock); 2475 } 2476 spin_lock(&dq_state_lock); 2477 dqopt->flags |= dquot_state_flag(flags, type); 2478 spin_unlock(&dq_state_lock); 2479 2480 error = add_dquot_ref(sb, type); 2481 if (error) 2482 dquot_disable(sb, type, 2483 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2484 2485 return error; 2486 out_fmt: 2487 put_quota_format(fmt); 2488 2489 return error; 2490 } 2491 EXPORT_SYMBOL(dquot_load_quota_sb); 2492 2493 /* 2494 * More powerful function for turning on quotas on given quota inode allowing 2495 * setting of individual quota flags 2496 */ 2497 int dquot_load_quota_inode(struct inode *inode, int type, int format_id, 2498 unsigned int flags) 2499 { 2500 int err; 2501 2502 err = vfs_setup_quota_inode(inode, type); 2503 if (err < 0) 2504 return err; 2505 err = dquot_load_quota_sb(inode->i_sb, type, format_id, flags); 2506 if (err < 0) 2507 vfs_cleanup_quota_inode(inode->i_sb, type); 2508 return err; 2509 } 2510 EXPORT_SYMBOL(dquot_load_quota_inode); 2511 2512 /* Reenable quotas on remount RW */ 2513 int dquot_resume(struct super_block *sb, int type) 2514 { 2515 struct quota_info *dqopt = sb_dqopt(sb); 2516 int ret = 0, cnt; 2517 unsigned int flags; 2518 2519 /* s_umount should be held in exclusive mode */ 2520 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount))) 2521 up_read(&sb->s_umount); 2522 2523 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2524 if (type != -1 && cnt != type) 2525 continue; 2526 if (!sb_has_quota_suspended(sb, cnt)) 2527 continue; 2528 2529 spin_lock(&dq_state_lock); 2530 flags = dqopt->flags & dquot_state_flag(DQUOT_USAGE_ENABLED | 2531 DQUOT_LIMITS_ENABLED, 2532 cnt); 2533 dqopt->flags &= ~dquot_state_flag(DQUOT_STATE_FLAGS, cnt); 2534 spin_unlock(&dq_state_lock); 2535 2536 flags = dquot_generic_flag(flags, cnt); 2537 ret = dquot_load_quota_sb(sb, cnt, dqopt->info[cnt].dqi_fmt_id, 2538 flags); 2539 if (ret < 0) 2540 vfs_cleanup_quota_inode(sb, cnt); 2541 } 2542 2543 return ret; 2544 } 2545 EXPORT_SYMBOL(dquot_resume); 2546 2547 int dquot_quota_on(struct super_block *sb, int type, int format_id, 2548 const struct path *path) 2549 { 2550 int error = security_quota_on(path->dentry); 2551 if (error) 2552 return error; 2553 /* Quota file not on the same filesystem? */ 2554 if (path->dentry->d_sb != sb) 2555 error = -EXDEV; 2556 else 2557 error = dquot_load_quota_inode(d_inode(path->dentry), type, 2558 format_id, DQUOT_USAGE_ENABLED | 2559 DQUOT_LIMITS_ENABLED); 2560 return error; 2561 } 2562 EXPORT_SYMBOL(dquot_quota_on); 2563 2564 /* 2565 * This function is used when filesystem needs to initialize quotas 2566 * during mount time. 2567 */ 2568 int dquot_quota_on_mount(struct super_block *sb, char *qf_name, 2569 int format_id, int type) 2570 { 2571 struct dentry *dentry; 2572 int error; 2573 2574 dentry = lookup_positive_unlocked(qf_name, sb->s_root, strlen(qf_name)); 2575 if (IS_ERR(dentry)) 2576 return PTR_ERR(dentry); 2577 2578 error = security_quota_on(dentry); 2579 if (!error) 2580 error = dquot_load_quota_inode(d_inode(dentry), type, format_id, 2581 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2582 2583 dput(dentry); 2584 return error; 2585 } 2586 EXPORT_SYMBOL(dquot_quota_on_mount); 2587 2588 static int dquot_quota_enable(struct super_block *sb, unsigned int flags) 2589 { 2590 int ret; 2591 int type; 2592 struct quota_info *dqopt = sb_dqopt(sb); 2593 2594 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) 2595 return -ENOSYS; 2596 /* Accounting cannot be turned on while fs is mounted */ 2597 flags &= ~(FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT); 2598 if (!flags) 2599 return -EINVAL; 2600 for (type = 0; type < MAXQUOTAS; type++) { 2601 if (!(flags & qtype_enforce_flag(type))) 2602 continue; 2603 /* Can't enforce without accounting */ 2604 if (!sb_has_quota_usage_enabled(sb, type)) { 2605 ret = -EINVAL; 2606 goto out_err; 2607 } 2608 if (sb_has_quota_limits_enabled(sb, type)) { 2609 ret = -EBUSY; 2610 goto out_err; 2611 } 2612 spin_lock(&dq_state_lock); 2613 dqopt->flags |= dquot_state_flag(DQUOT_LIMITS_ENABLED, type); 2614 spin_unlock(&dq_state_lock); 2615 } 2616 return 0; 2617 out_err: 2618 /* Backout enforcement enablement we already did */ 2619 for (type--; type >= 0; type--) { 2620 if (flags & qtype_enforce_flag(type)) 2621 dquot_disable(sb, type, DQUOT_LIMITS_ENABLED); 2622 } 2623 /* Error code translation for better compatibility with XFS */ 2624 if (ret == -EBUSY) 2625 ret = -EEXIST; 2626 return ret; 2627 } 2628 2629 static int dquot_quota_disable(struct super_block *sb, unsigned int flags) 2630 { 2631 int ret; 2632 int type; 2633 struct quota_info *dqopt = sb_dqopt(sb); 2634 2635 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) 2636 return -ENOSYS; 2637 /* 2638 * We don't support turning off accounting via quotactl. In principle 2639 * quota infrastructure can do this but filesystems don't expect 2640 * userspace to be able to do it. 2641 */ 2642 if (flags & 2643 (FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT)) 2644 return -EOPNOTSUPP; 2645 2646 /* Filter out limits not enabled */ 2647 for (type = 0; type < MAXQUOTAS; type++) 2648 if (!sb_has_quota_limits_enabled(sb, type)) 2649 flags &= ~qtype_enforce_flag(type); 2650 /* Nothing left? */ 2651 if (!flags) 2652 return -EEXIST; 2653 for (type = 0; type < MAXQUOTAS; type++) { 2654 if (flags & qtype_enforce_flag(type)) { 2655 ret = dquot_disable(sb, type, DQUOT_LIMITS_ENABLED); 2656 if (ret < 0) 2657 goto out_err; 2658 } 2659 } 2660 return 0; 2661 out_err: 2662 /* Backout enforcement disabling we already did */ 2663 for (type--; type >= 0; type--) { 2664 if (flags & qtype_enforce_flag(type)) { 2665 spin_lock(&dq_state_lock); 2666 dqopt->flags |= 2667 dquot_state_flag(DQUOT_LIMITS_ENABLED, type); 2668 spin_unlock(&dq_state_lock); 2669 } 2670 } 2671 return ret; 2672 } 2673 2674 /* Generic routine for getting common part of quota structure */ 2675 static void do_get_dqblk(struct dquot *dquot, struct qc_dqblk *di) 2676 { 2677 struct mem_dqblk *dm = &dquot->dq_dqb; 2678 2679 memset(di, 0, sizeof(*di)); 2680 spin_lock(&dquot->dq_dqb_lock); 2681 di->d_spc_hardlimit = dm->dqb_bhardlimit; 2682 di->d_spc_softlimit = dm->dqb_bsoftlimit; 2683 di->d_ino_hardlimit = dm->dqb_ihardlimit; 2684 di->d_ino_softlimit = dm->dqb_isoftlimit; 2685 di->d_space = dm->dqb_curspace + dm->dqb_rsvspace; 2686 di->d_ino_count = dm->dqb_curinodes; 2687 di->d_spc_timer = dm->dqb_btime; 2688 di->d_ino_timer = dm->dqb_itime; 2689 spin_unlock(&dquot->dq_dqb_lock); 2690 } 2691 2692 int dquot_get_dqblk(struct super_block *sb, struct kqid qid, 2693 struct qc_dqblk *di) 2694 { 2695 struct dquot *dquot; 2696 2697 dquot = dqget(sb, qid); 2698 if (IS_ERR(dquot)) 2699 return PTR_ERR(dquot); 2700 do_get_dqblk(dquot, di); 2701 dqput(dquot); 2702 2703 return 0; 2704 } 2705 EXPORT_SYMBOL(dquot_get_dqblk); 2706 2707 int dquot_get_next_dqblk(struct super_block *sb, struct kqid *qid, 2708 struct qc_dqblk *di) 2709 { 2710 struct dquot *dquot; 2711 int err; 2712 2713 if (!sb->dq_op->get_next_id) 2714 return -ENOSYS; 2715 err = sb->dq_op->get_next_id(sb, qid); 2716 if (err < 0) 2717 return err; 2718 dquot = dqget(sb, *qid); 2719 if (IS_ERR(dquot)) 2720 return PTR_ERR(dquot); 2721 do_get_dqblk(dquot, di); 2722 dqput(dquot); 2723 2724 return 0; 2725 } 2726 EXPORT_SYMBOL(dquot_get_next_dqblk); 2727 2728 #define VFS_QC_MASK \ 2729 (QC_SPACE | QC_SPC_SOFT | QC_SPC_HARD | \ 2730 QC_INO_COUNT | QC_INO_SOFT | QC_INO_HARD | \ 2731 QC_SPC_TIMER | QC_INO_TIMER) 2732 2733 /* Generic routine for setting common part of quota structure */ 2734 static int do_set_dqblk(struct dquot *dquot, struct qc_dqblk *di) 2735 { 2736 struct mem_dqblk *dm = &dquot->dq_dqb; 2737 int check_blim = 0, check_ilim = 0; 2738 struct mem_dqinfo *dqi = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type]; 2739 2740 if (di->d_fieldmask & ~VFS_QC_MASK) 2741 return -EINVAL; 2742 2743 if (((di->d_fieldmask & QC_SPC_SOFT) && 2744 di->d_spc_softlimit > dqi->dqi_max_spc_limit) || 2745 ((di->d_fieldmask & QC_SPC_HARD) && 2746 di->d_spc_hardlimit > dqi->dqi_max_spc_limit) || 2747 ((di->d_fieldmask & QC_INO_SOFT) && 2748 (di->d_ino_softlimit > dqi->dqi_max_ino_limit)) || 2749 ((di->d_fieldmask & QC_INO_HARD) && 2750 (di->d_ino_hardlimit > dqi->dqi_max_ino_limit))) 2751 return -ERANGE; 2752 2753 spin_lock(&dquot->dq_dqb_lock); 2754 if (di->d_fieldmask & QC_SPACE) { 2755 dm->dqb_curspace = di->d_space - dm->dqb_rsvspace; 2756 check_blim = 1; 2757 set_bit(DQ_LASTSET_B + QIF_SPACE_B, &dquot->dq_flags); 2758 } 2759 2760 if (di->d_fieldmask & QC_SPC_SOFT) 2761 dm->dqb_bsoftlimit = di->d_spc_softlimit; 2762 if (di->d_fieldmask & QC_SPC_HARD) 2763 dm->dqb_bhardlimit = di->d_spc_hardlimit; 2764 if (di->d_fieldmask & (QC_SPC_SOFT | QC_SPC_HARD)) { 2765 check_blim = 1; 2766 set_bit(DQ_LASTSET_B + QIF_BLIMITS_B, &dquot->dq_flags); 2767 } 2768 2769 if (di->d_fieldmask & QC_INO_COUNT) { 2770 dm->dqb_curinodes = di->d_ino_count; 2771 check_ilim = 1; 2772 set_bit(DQ_LASTSET_B + QIF_INODES_B, &dquot->dq_flags); 2773 } 2774 2775 if (di->d_fieldmask & QC_INO_SOFT) 2776 dm->dqb_isoftlimit = di->d_ino_softlimit; 2777 if (di->d_fieldmask & QC_INO_HARD) 2778 dm->dqb_ihardlimit = di->d_ino_hardlimit; 2779 if (di->d_fieldmask & (QC_INO_SOFT | QC_INO_HARD)) { 2780 check_ilim = 1; 2781 set_bit(DQ_LASTSET_B + QIF_ILIMITS_B, &dquot->dq_flags); 2782 } 2783 2784 if (di->d_fieldmask & QC_SPC_TIMER) { 2785 dm->dqb_btime = di->d_spc_timer; 2786 check_blim = 1; 2787 set_bit(DQ_LASTSET_B + QIF_BTIME_B, &dquot->dq_flags); 2788 } 2789 2790 if (di->d_fieldmask & QC_INO_TIMER) { 2791 dm->dqb_itime = di->d_ino_timer; 2792 check_ilim = 1; 2793 set_bit(DQ_LASTSET_B + QIF_ITIME_B, &dquot->dq_flags); 2794 } 2795 2796 if (check_blim) { 2797 if (!dm->dqb_bsoftlimit || 2798 dm->dqb_curspace + dm->dqb_rsvspace <= dm->dqb_bsoftlimit) { 2799 dm->dqb_btime = 0; 2800 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 2801 } else if (!(di->d_fieldmask & QC_SPC_TIMER)) 2802 /* Set grace only if user hasn't provided his own... */ 2803 dm->dqb_btime = ktime_get_real_seconds() + dqi->dqi_bgrace; 2804 } 2805 if (check_ilim) { 2806 if (!dm->dqb_isoftlimit || 2807 dm->dqb_curinodes <= dm->dqb_isoftlimit) { 2808 dm->dqb_itime = 0; 2809 clear_bit(DQ_INODES_B, &dquot->dq_flags); 2810 } else if (!(di->d_fieldmask & QC_INO_TIMER)) 2811 /* Set grace only if user hasn't provided his own... */ 2812 dm->dqb_itime = ktime_get_real_seconds() + dqi->dqi_igrace; 2813 } 2814 if (dm->dqb_bhardlimit || dm->dqb_bsoftlimit || dm->dqb_ihardlimit || 2815 dm->dqb_isoftlimit) 2816 clear_bit(DQ_FAKE_B, &dquot->dq_flags); 2817 else 2818 set_bit(DQ_FAKE_B, &dquot->dq_flags); 2819 spin_unlock(&dquot->dq_dqb_lock); 2820 mark_dquot_dirty(dquot); 2821 2822 return 0; 2823 } 2824 2825 int dquot_set_dqblk(struct super_block *sb, struct kqid qid, 2826 struct qc_dqblk *di) 2827 { 2828 struct dquot *dquot; 2829 int rc; 2830 2831 dquot = dqget(sb, qid); 2832 if (IS_ERR(dquot)) { 2833 rc = PTR_ERR(dquot); 2834 goto out; 2835 } 2836 rc = do_set_dqblk(dquot, di); 2837 dqput(dquot); 2838 out: 2839 return rc; 2840 } 2841 EXPORT_SYMBOL(dquot_set_dqblk); 2842 2843 /* Generic routine for getting common part of quota file information */ 2844 int dquot_get_state(struct super_block *sb, struct qc_state *state) 2845 { 2846 struct mem_dqinfo *mi; 2847 struct qc_type_state *tstate; 2848 struct quota_info *dqopt = sb_dqopt(sb); 2849 int type; 2850 2851 memset(state, 0, sizeof(*state)); 2852 for (type = 0; type < MAXQUOTAS; type++) { 2853 if (!sb_has_quota_active(sb, type)) 2854 continue; 2855 tstate = state->s_state + type; 2856 mi = sb_dqopt(sb)->info + type; 2857 tstate->flags = QCI_ACCT_ENABLED; 2858 spin_lock(&dq_data_lock); 2859 if (mi->dqi_flags & DQF_SYS_FILE) 2860 tstate->flags |= QCI_SYSFILE; 2861 if (mi->dqi_flags & DQF_ROOT_SQUASH) 2862 tstate->flags |= QCI_ROOT_SQUASH; 2863 if (sb_has_quota_limits_enabled(sb, type)) 2864 tstate->flags |= QCI_LIMITS_ENFORCED; 2865 tstate->spc_timelimit = mi->dqi_bgrace; 2866 tstate->ino_timelimit = mi->dqi_igrace; 2867 if (dqopt->files[type]) { 2868 tstate->ino = dqopt->files[type]->i_ino; 2869 tstate->blocks = dqopt->files[type]->i_blocks; 2870 } 2871 tstate->nextents = 1; /* We don't know... */ 2872 spin_unlock(&dq_data_lock); 2873 } 2874 return 0; 2875 } 2876 EXPORT_SYMBOL(dquot_get_state); 2877 2878 /* Generic routine for setting common part of quota file information */ 2879 int dquot_set_dqinfo(struct super_block *sb, int type, struct qc_info *ii) 2880 { 2881 struct mem_dqinfo *mi; 2882 2883 if ((ii->i_fieldmask & QC_WARNS_MASK) || 2884 (ii->i_fieldmask & QC_RT_SPC_TIMER)) 2885 return -EINVAL; 2886 if (!sb_has_quota_active(sb, type)) 2887 return -ESRCH; 2888 mi = sb_dqopt(sb)->info + type; 2889 if (ii->i_fieldmask & QC_FLAGS) { 2890 if ((ii->i_flags & QCI_ROOT_SQUASH && 2891 mi->dqi_format->qf_fmt_id != QFMT_VFS_OLD)) 2892 return -EINVAL; 2893 } 2894 spin_lock(&dq_data_lock); 2895 if (ii->i_fieldmask & QC_SPC_TIMER) 2896 mi->dqi_bgrace = ii->i_spc_timelimit; 2897 if (ii->i_fieldmask & QC_INO_TIMER) 2898 mi->dqi_igrace = ii->i_ino_timelimit; 2899 if (ii->i_fieldmask & QC_FLAGS) { 2900 if (ii->i_flags & QCI_ROOT_SQUASH) 2901 mi->dqi_flags |= DQF_ROOT_SQUASH; 2902 else 2903 mi->dqi_flags &= ~DQF_ROOT_SQUASH; 2904 } 2905 spin_unlock(&dq_data_lock); 2906 mark_info_dirty(sb, type); 2907 /* Force write to disk */ 2908 return sb->dq_op->write_info(sb, type); 2909 } 2910 EXPORT_SYMBOL(dquot_set_dqinfo); 2911 2912 const struct quotactl_ops dquot_quotactl_sysfile_ops = { 2913 .quota_enable = dquot_quota_enable, 2914 .quota_disable = dquot_quota_disable, 2915 .quota_sync = dquot_quota_sync, 2916 .get_state = dquot_get_state, 2917 .set_info = dquot_set_dqinfo, 2918 .get_dqblk = dquot_get_dqblk, 2919 .get_nextdqblk = dquot_get_next_dqblk, 2920 .set_dqblk = dquot_set_dqblk 2921 }; 2922 EXPORT_SYMBOL(dquot_quotactl_sysfile_ops); 2923 2924 static int do_proc_dqstats(struct ctl_table *table, int write, 2925 void *buffer, size_t *lenp, loff_t *ppos) 2926 { 2927 unsigned int type = (unsigned long *)table->data - dqstats.stat; 2928 s64 value = percpu_counter_sum(&dqstats.counter[type]); 2929 2930 /* Filter negative values for non-monotonic counters */ 2931 if (value < 0 && (type == DQST_ALLOC_DQUOTS || 2932 type == DQST_FREE_DQUOTS)) 2933 value = 0; 2934 2935 /* Update global table */ 2936 dqstats.stat[type] = value; 2937 return proc_doulongvec_minmax(table, write, buffer, lenp, ppos); 2938 } 2939 2940 static struct ctl_table fs_dqstats_table[] = { 2941 { 2942 .procname = "lookups", 2943 .data = &dqstats.stat[DQST_LOOKUPS], 2944 .maxlen = sizeof(unsigned long), 2945 .mode = 0444, 2946 .proc_handler = do_proc_dqstats, 2947 }, 2948 { 2949 .procname = "drops", 2950 .data = &dqstats.stat[DQST_DROPS], 2951 .maxlen = sizeof(unsigned long), 2952 .mode = 0444, 2953 .proc_handler = do_proc_dqstats, 2954 }, 2955 { 2956 .procname = "reads", 2957 .data = &dqstats.stat[DQST_READS], 2958 .maxlen = sizeof(unsigned long), 2959 .mode = 0444, 2960 .proc_handler = do_proc_dqstats, 2961 }, 2962 { 2963 .procname = "writes", 2964 .data = &dqstats.stat[DQST_WRITES], 2965 .maxlen = sizeof(unsigned long), 2966 .mode = 0444, 2967 .proc_handler = do_proc_dqstats, 2968 }, 2969 { 2970 .procname = "cache_hits", 2971 .data = &dqstats.stat[DQST_CACHE_HITS], 2972 .maxlen = sizeof(unsigned long), 2973 .mode = 0444, 2974 .proc_handler = do_proc_dqstats, 2975 }, 2976 { 2977 .procname = "allocated_dquots", 2978 .data = &dqstats.stat[DQST_ALLOC_DQUOTS], 2979 .maxlen = sizeof(unsigned long), 2980 .mode = 0444, 2981 .proc_handler = do_proc_dqstats, 2982 }, 2983 { 2984 .procname = "free_dquots", 2985 .data = &dqstats.stat[DQST_FREE_DQUOTS], 2986 .maxlen = sizeof(unsigned long), 2987 .mode = 0444, 2988 .proc_handler = do_proc_dqstats, 2989 }, 2990 { 2991 .procname = "syncs", 2992 .data = &dqstats.stat[DQST_SYNCS], 2993 .maxlen = sizeof(unsigned long), 2994 .mode = 0444, 2995 .proc_handler = do_proc_dqstats, 2996 }, 2997 #ifdef CONFIG_PRINT_QUOTA_WARNING 2998 { 2999 .procname = "warnings", 3000 .data = &flag_print_warnings, 3001 .maxlen = sizeof(int), 3002 .mode = 0644, 3003 .proc_handler = proc_dointvec, 3004 }, 3005 #endif 3006 { }, 3007 }; 3008 3009 static int __init dquot_init(void) 3010 { 3011 int i, ret; 3012 unsigned long nr_hash, order; 3013 3014 printk(KERN_NOTICE "VFS: Disk quotas %s\n", __DQUOT_VERSION__); 3015 3016 register_sysctl_init("fs/quota", fs_dqstats_table); 3017 3018 dquot_cachep = kmem_cache_create("dquot", 3019 sizeof(struct dquot), sizeof(unsigned long) * 4, 3020 (SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT| 3021 SLAB_MEM_SPREAD|SLAB_PANIC), 3022 NULL); 3023 3024 order = 0; 3025 dquot_hash = (struct hlist_head *)__get_free_pages(GFP_KERNEL, order); 3026 if (!dquot_hash) 3027 panic("Cannot create dquot hash table"); 3028 3029 for (i = 0; i < _DQST_DQSTAT_LAST; i++) { 3030 ret = percpu_counter_init(&dqstats.counter[i], 0, GFP_KERNEL); 3031 if (ret) 3032 panic("Cannot create dquot stat counters"); 3033 } 3034 3035 /* Find power-of-two hlist_heads which can fit into allocation */ 3036 nr_hash = (1UL << order) * PAGE_SIZE / sizeof(struct hlist_head); 3037 dq_hash_bits = ilog2(nr_hash); 3038 3039 nr_hash = 1UL << dq_hash_bits; 3040 dq_hash_mask = nr_hash - 1; 3041 for (i = 0; i < nr_hash; i++) 3042 INIT_HLIST_HEAD(dquot_hash + i); 3043 3044 pr_info("VFS: Dquot-cache hash table entries: %ld (order %ld," 3045 " %ld bytes)\n", nr_hash, order, (PAGE_SIZE << order)); 3046 3047 if (register_shrinker(&dqcache_shrinker, "dquota-cache")) 3048 panic("Cannot register dquot shrinker"); 3049 3050 return 0; 3051 } 3052 fs_initcall(dquot_init); 3053