1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Implementation of the diskquota system for the LINUX operating system. QUOTA 4 * is implemented using the BSD system call interface as the means of 5 * communication with the user level. This file contains the generic routines 6 * called by the different filesystems on allocation of an inode or block. 7 * These routines take care of the administration needed to have a consistent 8 * diskquota tracking system. The ideas of both user and group quotas are based 9 * on the Melbourne quota system as used on BSD derived systems. The internal 10 * implementation is based on one of the several variants of the LINUX 11 * inode-subsystem with added complexity of the diskquota system. 12 * 13 * Author: Marco van Wieringen <mvw@planets.elm.net> 14 * 15 * Fixes: Dmitry Gorodchanin <pgmdsg@ibi.com>, 11 Feb 96 16 * 17 * Revised list management to avoid races 18 * -- Bill Hawes, <whawes@star.net>, 9/98 19 * 20 * Fixed races in dquot_transfer(), dqget() and dquot_alloc_...(). 21 * As the consequence the locking was moved from dquot_decr_...(), 22 * dquot_incr_...() to calling functions. 23 * invalidate_dquots() now writes modified dquots. 24 * Serialized quota_off() and quota_on() for mount point. 25 * Fixed a few bugs in grow_dquots(). 26 * Fixed deadlock in write_dquot() - we no longer account quotas on 27 * quota files 28 * remove_dquot_ref() moved to inode.c - it now traverses through inodes 29 * add_dquot_ref() restarts after blocking 30 * Added check for bogus uid and fixed check for group in quotactl. 31 * Jan Kara, <jack@suse.cz>, sponsored by SuSE CR, 10-11/99 32 * 33 * Used struct list_head instead of own list struct 34 * Invalidation of referenced dquots is no longer possible 35 * Improved free_dquots list management 36 * Quota and i_blocks are now updated in one place to avoid races 37 * Warnings are now delayed so we won't block in critical section 38 * Write updated not to require dquot lock 39 * Jan Kara, <jack@suse.cz>, 9/2000 40 * 41 * Added dynamic quota structure allocation 42 * Jan Kara <jack@suse.cz> 12/2000 43 * 44 * Rewritten quota interface. Implemented new quota format and 45 * formats registering. 46 * Jan Kara, <jack@suse.cz>, 2001,2002 47 * 48 * New SMP locking. 49 * Jan Kara, <jack@suse.cz>, 10/2002 50 * 51 * Added journalled quota support, fix lock inversion problems 52 * Jan Kara, <jack@suse.cz>, 2003,2004 53 * 54 * (C) Copyright 1994 - 1997 Marco van Wieringen 55 */ 56 57 #include <linux/errno.h> 58 #include <linux/kernel.h> 59 #include <linux/fs.h> 60 #include <linux/mount.h> 61 #include <linux/mm.h> 62 #include <linux/time.h> 63 #include <linux/types.h> 64 #include <linux/string.h> 65 #include <linux/fcntl.h> 66 #include <linux/stat.h> 67 #include <linux/tty.h> 68 #include <linux/file.h> 69 #include <linux/slab.h> 70 #include <linux/sysctl.h> 71 #include <linux/init.h> 72 #include <linux/module.h> 73 #include <linux/proc_fs.h> 74 #include <linux/security.h> 75 #include <linux/sched.h> 76 #include <linux/cred.h> 77 #include <linux/kmod.h> 78 #include <linux/namei.h> 79 #include <linux/capability.h> 80 #include <linux/quotaops.h> 81 #include <linux/blkdev.h> 82 #include <linux/sched/mm.h> 83 #include "../internal.h" /* ugh */ 84 85 #include <linux/uaccess.h> 86 87 /* 88 * There are five quota SMP locks: 89 * * dq_list_lock protects all lists with quotas and quota formats. 90 * * dquot->dq_dqb_lock protects data from dq_dqb 91 * * inode->i_lock protects inode->i_blocks, i_bytes and also guards 92 * consistency of dquot->dq_dqb with inode->i_blocks, i_bytes so that 93 * dquot_transfer() can stabilize amount it transfers 94 * * dq_data_lock protects mem_dqinfo structures and modifications of dquot 95 * pointers in the inode 96 * * dq_state_lock protects modifications of quota state (on quotaon and 97 * quotaoff) and readers who care about latest values take it as well. 98 * 99 * The spinlock ordering is hence: 100 * dq_data_lock > dq_list_lock > i_lock > dquot->dq_dqb_lock, 101 * dq_list_lock > dq_state_lock 102 * 103 * Note that some things (eg. sb pointer, type, id) doesn't change during 104 * the life of the dquot structure and so needn't to be protected by a lock 105 * 106 * Operation accessing dquots via inode pointers are protected by dquot_srcu. 107 * Operation of reading pointer needs srcu_read_lock(&dquot_srcu), and 108 * synchronize_srcu(&dquot_srcu) is called after clearing pointers from 109 * inode and before dropping dquot references to avoid use of dquots after 110 * they are freed. dq_data_lock is used to serialize the pointer setting and 111 * clearing operations. 112 * Special care needs to be taken about S_NOQUOTA inode flag (marking that 113 * inode is a quota file). Functions adding pointers from inode to dquots have 114 * to check this flag under dq_data_lock and then (if S_NOQUOTA is not set) they 115 * have to do all pointer modifications before dropping dq_data_lock. This makes 116 * sure they cannot race with quotaon which first sets S_NOQUOTA flag and 117 * then drops all pointers to dquots from an inode. 118 * 119 * Each dquot has its dq_lock mutex. Dquot is locked when it is being read to 120 * memory (or space for it is being allocated) on the first dqget(), when it is 121 * being written out, and when it is being released on the last dqput(). The 122 * allocation and release operations are serialized by the dq_lock and by 123 * checking the use count in dquot_release(). 124 * 125 * Lock ordering (including related VFS locks) is the following: 126 * s_umount > i_mutex > journal_lock > dquot->dq_lock > dqio_sem 127 */ 128 129 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_list_lock); 130 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_state_lock); 131 __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_data_lock); 132 EXPORT_SYMBOL(dq_data_lock); 133 DEFINE_STATIC_SRCU(dquot_srcu); 134 135 static DECLARE_WAIT_QUEUE_HEAD(dquot_ref_wq); 136 137 void __quota_error(struct super_block *sb, const char *func, 138 const char *fmt, ...) 139 { 140 if (printk_ratelimit()) { 141 va_list args; 142 struct va_format vaf; 143 144 va_start(args, fmt); 145 146 vaf.fmt = fmt; 147 vaf.va = &args; 148 149 printk(KERN_ERR "Quota error (device %s): %s: %pV\n", 150 sb->s_id, func, &vaf); 151 152 va_end(args); 153 } 154 } 155 EXPORT_SYMBOL(__quota_error); 156 157 #if defined(CONFIG_QUOTA_DEBUG) || defined(CONFIG_PRINT_QUOTA_WARNING) 158 static char *quotatypes[] = INITQFNAMES; 159 #endif 160 static struct quota_format_type *quota_formats; /* List of registered formats */ 161 static struct quota_module_name module_names[] = INIT_QUOTA_MODULE_NAMES; 162 163 /* SLAB cache for dquot structures */ 164 static struct kmem_cache *dquot_cachep; 165 166 int register_quota_format(struct quota_format_type *fmt) 167 { 168 spin_lock(&dq_list_lock); 169 fmt->qf_next = quota_formats; 170 quota_formats = fmt; 171 spin_unlock(&dq_list_lock); 172 return 0; 173 } 174 EXPORT_SYMBOL(register_quota_format); 175 176 void unregister_quota_format(struct quota_format_type *fmt) 177 { 178 struct quota_format_type **actqf; 179 180 spin_lock(&dq_list_lock); 181 for (actqf = "a_formats; *actqf && *actqf != fmt; 182 actqf = &(*actqf)->qf_next) 183 ; 184 if (*actqf) 185 *actqf = (*actqf)->qf_next; 186 spin_unlock(&dq_list_lock); 187 } 188 EXPORT_SYMBOL(unregister_quota_format); 189 190 static struct quota_format_type *find_quota_format(int id) 191 { 192 struct quota_format_type *actqf; 193 194 spin_lock(&dq_list_lock); 195 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; 196 actqf = actqf->qf_next) 197 ; 198 if (!actqf || !try_module_get(actqf->qf_owner)) { 199 int qm; 200 201 spin_unlock(&dq_list_lock); 202 203 for (qm = 0; module_names[qm].qm_fmt_id && 204 module_names[qm].qm_fmt_id != id; qm++) 205 ; 206 if (!module_names[qm].qm_fmt_id || 207 request_module(module_names[qm].qm_mod_name)) 208 return NULL; 209 210 spin_lock(&dq_list_lock); 211 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; 212 actqf = actqf->qf_next) 213 ; 214 if (actqf && !try_module_get(actqf->qf_owner)) 215 actqf = NULL; 216 } 217 spin_unlock(&dq_list_lock); 218 return actqf; 219 } 220 221 static void put_quota_format(struct quota_format_type *fmt) 222 { 223 module_put(fmt->qf_owner); 224 } 225 226 /* 227 * Dquot List Management: 228 * The quota code uses five lists for dquot management: the inuse_list, 229 * releasing_dquots, free_dquots, dqi_dirty_list, and dquot_hash[] array. 230 * A single dquot structure may be on some of those lists, depending on 231 * its current state. 232 * 233 * All dquots are placed to the end of inuse_list when first created, and this 234 * list is used for invalidate operation, which must look at every dquot. 235 * 236 * When the last reference of a dquot is dropped, the dquot is added to 237 * releasing_dquots. We'll then queue work item which will call 238 * synchronize_srcu() and after that perform the final cleanup of all the 239 * dquots on the list. Each cleaned up dquot is moved to free_dquots list. 240 * Both releasing_dquots and free_dquots use the dq_free list_head in the dquot 241 * struct. 242 * 243 * Unused and cleaned up dquots are in the free_dquots list and this list is 244 * searched whenever we need an available dquot. Dquots are removed from the 245 * list as soon as they are used again and dqstats.free_dquots gives the number 246 * of dquots on the list. When dquot is invalidated it's completely released 247 * from memory. 248 * 249 * Dirty dquots are added to the dqi_dirty_list of quota_info when mark 250 * dirtied, and this list is searched when writing dirty dquots back to 251 * quota file. Note that some filesystems do dirty dquot tracking on their 252 * own (e.g. in a journal) and thus don't use dqi_dirty_list. 253 * 254 * Dquots with a specific identity (device, type and id) are placed on 255 * one of the dquot_hash[] hash chains. The provides an efficient search 256 * mechanism to locate a specific dquot. 257 */ 258 259 static LIST_HEAD(inuse_list); 260 static LIST_HEAD(free_dquots); 261 static LIST_HEAD(releasing_dquots); 262 static unsigned int dq_hash_bits, dq_hash_mask; 263 static struct hlist_head *dquot_hash; 264 265 struct dqstats dqstats; 266 EXPORT_SYMBOL(dqstats); 267 268 static qsize_t inode_get_rsv_space(struct inode *inode); 269 static qsize_t __inode_get_rsv_space(struct inode *inode); 270 static int __dquot_initialize(struct inode *inode, int type); 271 272 static void quota_release_workfn(struct work_struct *work); 273 static DECLARE_DELAYED_WORK(quota_release_work, quota_release_workfn); 274 275 static inline unsigned int 276 hashfn(const struct super_block *sb, struct kqid qid) 277 { 278 unsigned int id = from_kqid(&init_user_ns, qid); 279 int type = qid.type; 280 unsigned long tmp; 281 282 tmp = (((unsigned long)sb>>L1_CACHE_SHIFT) ^ id) * (MAXQUOTAS - type); 283 return (tmp + (tmp >> dq_hash_bits)) & dq_hash_mask; 284 } 285 286 /* 287 * Following list functions expect dq_list_lock to be held 288 */ 289 static inline void insert_dquot_hash(struct dquot *dquot) 290 { 291 struct hlist_head *head; 292 head = dquot_hash + hashfn(dquot->dq_sb, dquot->dq_id); 293 hlist_add_head(&dquot->dq_hash, head); 294 } 295 296 static inline void remove_dquot_hash(struct dquot *dquot) 297 { 298 hlist_del_init(&dquot->dq_hash); 299 } 300 301 static struct dquot *find_dquot(unsigned int hashent, struct super_block *sb, 302 struct kqid qid) 303 { 304 struct dquot *dquot; 305 306 hlist_for_each_entry(dquot, dquot_hash+hashent, dq_hash) 307 if (dquot->dq_sb == sb && qid_eq(dquot->dq_id, qid)) 308 return dquot; 309 310 return NULL; 311 } 312 313 /* Add a dquot to the tail of the free list */ 314 static inline void put_dquot_last(struct dquot *dquot) 315 { 316 list_add_tail(&dquot->dq_free, &free_dquots); 317 dqstats_inc(DQST_FREE_DQUOTS); 318 } 319 320 static inline void put_releasing_dquots(struct dquot *dquot) 321 { 322 list_add_tail(&dquot->dq_free, &releasing_dquots); 323 set_bit(DQ_RELEASING_B, &dquot->dq_flags); 324 } 325 326 static inline void remove_free_dquot(struct dquot *dquot) 327 { 328 if (list_empty(&dquot->dq_free)) 329 return; 330 list_del_init(&dquot->dq_free); 331 if (!test_bit(DQ_RELEASING_B, &dquot->dq_flags)) 332 dqstats_dec(DQST_FREE_DQUOTS); 333 else 334 clear_bit(DQ_RELEASING_B, &dquot->dq_flags); 335 } 336 337 static inline void put_inuse(struct dquot *dquot) 338 { 339 /* We add to the back of inuse list so we don't have to restart 340 * when traversing this list and we block */ 341 list_add_tail(&dquot->dq_inuse, &inuse_list); 342 dqstats_inc(DQST_ALLOC_DQUOTS); 343 } 344 345 static inline void remove_inuse(struct dquot *dquot) 346 { 347 dqstats_dec(DQST_ALLOC_DQUOTS); 348 list_del(&dquot->dq_inuse); 349 } 350 /* 351 * End of list functions needing dq_list_lock 352 */ 353 354 static void wait_on_dquot(struct dquot *dquot) 355 { 356 mutex_lock(&dquot->dq_lock); 357 mutex_unlock(&dquot->dq_lock); 358 } 359 360 static inline int dquot_active(struct dquot *dquot) 361 { 362 return test_bit(DQ_ACTIVE_B, &dquot->dq_flags); 363 } 364 365 static inline int dquot_dirty(struct dquot *dquot) 366 { 367 return test_bit(DQ_MOD_B, &dquot->dq_flags); 368 } 369 370 static inline int mark_dquot_dirty(struct dquot *dquot) 371 { 372 return dquot->dq_sb->dq_op->mark_dirty(dquot); 373 } 374 375 /* Mark dquot dirty in atomic manner, and return it's old dirty flag state */ 376 int dquot_mark_dquot_dirty(struct dquot *dquot) 377 { 378 int ret = 1; 379 380 if (!dquot_active(dquot)) 381 return 0; 382 383 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY) 384 return test_and_set_bit(DQ_MOD_B, &dquot->dq_flags); 385 386 /* If quota is dirty already, we don't have to acquire dq_list_lock */ 387 if (dquot_dirty(dquot)) 388 return 1; 389 390 spin_lock(&dq_list_lock); 391 if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags)) { 392 list_add(&dquot->dq_dirty, &sb_dqopt(dquot->dq_sb)-> 393 info[dquot->dq_id.type].dqi_dirty_list); 394 ret = 0; 395 } 396 spin_unlock(&dq_list_lock); 397 return ret; 398 } 399 EXPORT_SYMBOL(dquot_mark_dquot_dirty); 400 401 /* Dirtify all the dquots - this can block when journalling */ 402 static inline int mark_all_dquot_dirty(struct dquot * const *dquot) 403 { 404 int ret, err, cnt; 405 406 ret = err = 0; 407 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 408 if (dquot[cnt]) 409 /* Even in case of error we have to continue */ 410 ret = mark_dquot_dirty(dquot[cnt]); 411 if (!err) 412 err = ret; 413 } 414 return err; 415 } 416 417 static inline void dqput_all(struct dquot **dquot) 418 { 419 unsigned int cnt; 420 421 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 422 dqput(dquot[cnt]); 423 } 424 425 static inline int clear_dquot_dirty(struct dquot *dquot) 426 { 427 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY) 428 return test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags); 429 430 spin_lock(&dq_list_lock); 431 if (!test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags)) { 432 spin_unlock(&dq_list_lock); 433 return 0; 434 } 435 list_del_init(&dquot->dq_dirty); 436 spin_unlock(&dq_list_lock); 437 return 1; 438 } 439 440 void mark_info_dirty(struct super_block *sb, int type) 441 { 442 spin_lock(&dq_data_lock); 443 sb_dqopt(sb)->info[type].dqi_flags |= DQF_INFO_DIRTY; 444 spin_unlock(&dq_data_lock); 445 } 446 EXPORT_SYMBOL(mark_info_dirty); 447 448 /* 449 * Read dquot from disk and alloc space for it 450 */ 451 452 int dquot_acquire(struct dquot *dquot) 453 { 454 int ret = 0, ret2 = 0; 455 unsigned int memalloc; 456 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 457 458 mutex_lock(&dquot->dq_lock); 459 memalloc = memalloc_nofs_save(); 460 if (!test_bit(DQ_READ_B, &dquot->dq_flags)) { 461 ret = dqopt->ops[dquot->dq_id.type]->read_dqblk(dquot); 462 if (ret < 0) 463 goto out_iolock; 464 } 465 /* Make sure flags update is visible after dquot has been filled */ 466 smp_mb__before_atomic(); 467 set_bit(DQ_READ_B, &dquot->dq_flags); 468 /* Instantiate dquot if needed */ 469 if (!dquot_active(dquot) && !dquot->dq_off) { 470 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot); 471 /* Write the info if needed */ 472 if (info_dirty(&dqopt->info[dquot->dq_id.type])) { 473 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info( 474 dquot->dq_sb, dquot->dq_id.type); 475 } 476 if (ret < 0) 477 goto out_iolock; 478 if (ret2 < 0) { 479 ret = ret2; 480 goto out_iolock; 481 } 482 } 483 /* 484 * Make sure flags update is visible after on-disk struct has been 485 * allocated. Paired with smp_rmb() in dqget(). 486 */ 487 smp_mb__before_atomic(); 488 set_bit(DQ_ACTIVE_B, &dquot->dq_flags); 489 out_iolock: 490 memalloc_nofs_restore(memalloc); 491 mutex_unlock(&dquot->dq_lock); 492 return ret; 493 } 494 EXPORT_SYMBOL(dquot_acquire); 495 496 /* 497 * Write dquot to disk 498 */ 499 int dquot_commit(struct dquot *dquot) 500 { 501 int ret = 0; 502 unsigned int memalloc; 503 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 504 505 mutex_lock(&dquot->dq_lock); 506 memalloc = memalloc_nofs_save(); 507 if (!clear_dquot_dirty(dquot)) 508 goto out_lock; 509 /* Inactive dquot can be only if there was error during read/init 510 * => we have better not writing it */ 511 if (dquot_active(dquot)) 512 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot); 513 else 514 ret = -EIO; 515 out_lock: 516 memalloc_nofs_restore(memalloc); 517 mutex_unlock(&dquot->dq_lock); 518 return ret; 519 } 520 EXPORT_SYMBOL(dquot_commit); 521 522 /* 523 * Release dquot 524 */ 525 int dquot_release(struct dquot *dquot) 526 { 527 int ret = 0, ret2 = 0; 528 unsigned int memalloc; 529 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 530 531 mutex_lock(&dquot->dq_lock); 532 memalloc = memalloc_nofs_save(); 533 /* Check whether we are not racing with some other dqget() */ 534 if (dquot_is_busy(dquot)) 535 goto out_dqlock; 536 if (dqopt->ops[dquot->dq_id.type]->release_dqblk) { 537 ret = dqopt->ops[dquot->dq_id.type]->release_dqblk(dquot); 538 /* Write the info */ 539 if (info_dirty(&dqopt->info[dquot->dq_id.type])) { 540 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info( 541 dquot->dq_sb, dquot->dq_id.type); 542 } 543 if (ret >= 0) 544 ret = ret2; 545 } 546 clear_bit(DQ_ACTIVE_B, &dquot->dq_flags); 547 out_dqlock: 548 memalloc_nofs_restore(memalloc); 549 mutex_unlock(&dquot->dq_lock); 550 return ret; 551 } 552 EXPORT_SYMBOL(dquot_release); 553 554 void dquot_destroy(struct dquot *dquot) 555 { 556 kmem_cache_free(dquot_cachep, dquot); 557 } 558 EXPORT_SYMBOL(dquot_destroy); 559 560 static inline void do_destroy_dquot(struct dquot *dquot) 561 { 562 dquot->dq_sb->dq_op->destroy_dquot(dquot); 563 } 564 565 /* Invalidate all dquots on the list. Note that this function is called after 566 * quota is disabled and pointers from inodes removed so there cannot be new 567 * quota users. There can still be some users of quotas due to inodes being 568 * just deleted or pruned by prune_icache() (those are not attached to any 569 * list) or parallel quotactl call. We have to wait for such users. 570 */ 571 static void invalidate_dquots(struct super_block *sb, int type) 572 { 573 struct dquot *dquot, *tmp; 574 575 restart: 576 flush_delayed_work("a_release_work); 577 578 spin_lock(&dq_list_lock); 579 list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) { 580 if (dquot->dq_sb != sb) 581 continue; 582 if (dquot->dq_id.type != type) 583 continue; 584 /* Wait for dquot users */ 585 if (atomic_read(&dquot->dq_count)) { 586 atomic_inc(&dquot->dq_count); 587 spin_unlock(&dq_list_lock); 588 /* 589 * Once dqput() wakes us up, we know it's time to free 590 * the dquot. 591 * IMPORTANT: we rely on the fact that there is always 592 * at most one process waiting for dquot to free. 593 * Otherwise dq_count would be > 1 and we would never 594 * wake up. 595 */ 596 wait_event(dquot_ref_wq, 597 atomic_read(&dquot->dq_count) == 1); 598 dqput(dquot); 599 /* At this moment dquot() need not exist (it could be 600 * reclaimed by prune_dqcache(). Hence we must 601 * restart. */ 602 goto restart; 603 } 604 /* 605 * The last user already dropped its reference but dquot didn't 606 * get fully cleaned up yet. Restart the scan which flushes the 607 * work cleaning up released dquots. 608 */ 609 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) { 610 spin_unlock(&dq_list_lock); 611 goto restart; 612 } 613 /* 614 * Quota now has no users and it has been written on last 615 * dqput() 616 */ 617 remove_dquot_hash(dquot); 618 remove_free_dquot(dquot); 619 remove_inuse(dquot); 620 do_destroy_dquot(dquot); 621 } 622 spin_unlock(&dq_list_lock); 623 } 624 625 /* Call callback for every active dquot on given filesystem */ 626 int dquot_scan_active(struct super_block *sb, 627 int (*fn)(struct dquot *dquot, unsigned long priv), 628 unsigned long priv) 629 { 630 struct dquot *dquot, *old_dquot = NULL; 631 int ret = 0; 632 633 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount)); 634 635 spin_lock(&dq_list_lock); 636 list_for_each_entry(dquot, &inuse_list, dq_inuse) { 637 if (!dquot_active(dquot)) 638 continue; 639 if (dquot->dq_sb != sb) 640 continue; 641 /* Now we have active dquot so we can just increase use count */ 642 atomic_inc(&dquot->dq_count); 643 spin_unlock(&dq_list_lock); 644 dqput(old_dquot); 645 old_dquot = dquot; 646 /* 647 * ->release_dquot() can be racing with us. Our reference 648 * protects us from new calls to it so just wait for any 649 * outstanding call and recheck the DQ_ACTIVE_B after that. 650 */ 651 wait_on_dquot(dquot); 652 if (dquot_active(dquot)) { 653 ret = fn(dquot, priv); 654 if (ret < 0) 655 goto out; 656 } 657 spin_lock(&dq_list_lock); 658 /* We are safe to continue now because our dquot could not 659 * be moved out of the inuse list while we hold the reference */ 660 } 661 spin_unlock(&dq_list_lock); 662 out: 663 dqput(old_dquot); 664 return ret; 665 } 666 EXPORT_SYMBOL(dquot_scan_active); 667 668 static inline int dquot_write_dquot(struct dquot *dquot) 669 { 670 int ret = dquot->dq_sb->dq_op->write_dquot(dquot); 671 if (ret < 0) { 672 quota_error(dquot->dq_sb, "Can't write quota structure " 673 "(error %d). Quota may get out of sync!", ret); 674 /* Clear dirty bit anyway to avoid infinite loop. */ 675 clear_dquot_dirty(dquot); 676 } 677 return ret; 678 } 679 680 /* Write all dquot structures to quota files */ 681 int dquot_writeback_dquots(struct super_block *sb, int type) 682 { 683 struct list_head dirty; 684 struct dquot *dquot; 685 struct quota_info *dqopt = sb_dqopt(sb); 686 int cnt; 687 int err, ret = 0; 688 689 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount)); 690 691 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 692 if (type != -1 && cnt != type) 693 continue; 694 if (!sb_has_quota_active(sb, cnt)) 695 continue; 696 spin_lock(&dq_list_lock); 697 /* Move list away to avoid livelock. */ 698 list_replace_init(&dqopt->info[cnt].dqi_dirty_list, &dirty); 699 while (!list_empty(&dirty)) { 700 dquot = list_first_entry(&dirty, struct dquot, 701 dq_dirty); 702 703 WARN_ON(!dquot_active(dquot)); 704 /* If the dquot is releasing we should not touch it */ 705 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) { 706 spin_unlock(&dq_list_lock); 707 flush_delayed_work("a_release_work); 708 spin_lock(&dq_list_lock); 709 continue; 710 } 711 712 /* Now we have active dquot from which someone is 713 * holding reference so we can safely just increase 714 * use count */ 715 dqgrab(dquot); 716 spin_unlock(&dq_list_lock); 717 err = dquot_write_dquot(dquot); 718 if (err && !ret) 719 ret = err; 720 dqput(dquot); 721 spin_lock(&dq_list_lock); 722 } 723 spin_unlock(&dq_list_lock); 724 } 725 726 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 727 if ((cnt == type || type == -1) && sb_has_quota_active(sb, cnt) 728 && info_dirty(&dqopt->info[cnt])) 729 sb->dq_op->write_info(sb, cnt); 730 dqstats_inc(DQST_SYNCS); 731 732 return ret; 733 } 734 EXPORT_SYMBOL(dquot_writeback_dquots); 735 736 /* Write all dquot structures to disk and make them visible from userspace */ 737 int dquot_quota_sync(struct super_block *sb, int type) 738 { 739 struct quota_info *dqopt = sb_dqopt(sb); 740 int cnt; 741 int ret; 742 743 ret = dquot_writeback_dquots(sb, type); 744 if (ret) 745 return ret; 746 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) 747 return 0; 748 749 /* This is not very clever (and fast) but currently I don't know about 750 * any other simple way of getting quota data to disk and we must get 751 * them there for userspace to be visible... */ 752 if (sb->s_op->sync_fs) { 753 ret = sb->s_op->sync_fs(sb, 1); 754 if (ret) 755 return ret; 756 } 757 ret = sync_blockdev(sb->s_bdev); 758 if (ret) 759 return ret; 760 761 /* 762 * Now when everything is written we can discard the pagecache so 763 * that userspace sees the changes. 764 */ 765 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 766 if (type != -1 && cnt != type) 767 continue; 768 if (!sb_has_quota_active(sb, cnt)) 769 continue; 770 inode_lock(dqopt->files[cnt]); 771 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0); 772 inode_unlock(dqopt->files[cnt]); 773 } 774 775 return 0; 776 } 777 EXPORT_SYMBOL(dquot_quota_sync); 778 779 static unsigned long 780 dqcache_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) 781 { 782 struct dquot *dquot; 783 unsigned long freed = 0; 784 785 spin_lock(&dq_list_lock); 786 while (!list_empty(&free_dquots) && sc->nr_to_scan) { 787 dquot = list_first_entry(&free_dquots, struct dquot, dq_free); 788 remove_dquot_hash(dquot); 789 remove_free_dquot(dquot); 790 remove_inuse(dquot); 791 do_destroy_dquot(dquot); 792 sc->nr_to_scan--; 793 freed++; 794 } 795 spin_unlock(&dq_list_lock); 796 return freed; 797 } 798 799 static unsigned long 800 dqcache_shrink_count(struct shrinker *shrink, struct shrink_control *sc) 801 { 802 return vfs_pressure_ratio( 803 percpu_counter_read_positive(&dqstats.counter[DQST_FREE_DQUOTS])); 804 } 805 806 static struct shrinker dqcache_shrinker = { 807 .count_objects = dqcache_shrink_count, 808 .scan_objects = dqcache_shrink_scan, 809 .seeks = DEFAULT_SEEKS, 810 }; 811 812 /* 813 * Safely release dquot and put reference to dquot. 814 */ 815 static void quota_release_workfn(struct work_struct *work) 816 { 817 struct dquot *dquot; 818 struct list_head rls_head; 819 820 spin_lock(&dq_list_lock); 821 /* Exchange the list head to avoid livelock. */ 822 list_replace_init(&releasing_dquots, &rls_head); 823 spin_unlock(&dq_list_lock); 824 synchronize_srcu(&dquot_srcu); 825 826 restart: 827 spin_lock(&dq_list_lock); 828 while (!list_empty(&rls_head)) { 829 dquot = list_first_entry(&rls_head, struct dquot, dq_free); 830 WARN_ON_ONCE(atomic_read(&dquot->dq_count)); 831 /* 832 * Note that DQ_RELEASING_B protects us from racing with 833 * invalidate_dquots() calls so we are safe to work with the 834 * dquot even after we drop dq_list_lock. 835 */ 836 if (dquot_dirty(dquot)) { 837 spin_unlock(&dq_list_lock); 838 /* Commit dquot before releasing */ 839 dquot_write_dquot(dquot); 840 goto restart; 841 } 842 if (dquot_active(dquot)) { 843 spin_unlock(&dq_list_lock); 844 dquot->dq_sb->dq_op->release_dquot(dquot); 845 goto restart; 846 } 847 /* Dquot is inactive and clean, now move it to free list */ 848 remove_free_dquot(dquot); 849 put_dquot_last(dquot); 850 } 851 spin_unlock(&dq_list_lock); 852 } 853 854 /* 855 * Put reference to dquot 856 */ 857 void dqput(struct dquot *dquot) 858 { 859 if (!dquot) 860 return; 861 #ifdef CONFIG_QUOTA_DEBUG 862 if (!atomic_read(&dquot->dq_count)) { 863 quota_error(dquot->dq_sb, "trying to free free dquot of %s %d", 864 quotatypes[dquot->dq_id.type], 865 from_kqid(&init_user_ns, dquot->dq_id)); 866 BUG(); 867 } 868 #endif 869 dqstats_inc(DQST_DROPS); 870 871 spin_lock(&dq_list_lock); 872 if (atomic_read(&dquot->dq_count) > 1) { 873 /* We have more than one user... nothing to do */ 874 atomic_dec(&dquot->dq_count); 875 /* Releasing dquot during quotaoff phase? */ 876 if (!sb_has_quota_active(dquot->dq_sb, dquot->dq_id.type) && 877 atomic_read(&dquot->dq_count) == 1) 878 wake_up(&dquot_ref_wq); 879 spin_unlock(&dq_list_lock); 880 return; 881 } 882 883 /* Need to release dquot? */ 884 #ifdef CONFIG_QUOTA_DEBUG 885 /* sanity check */ 886 BUG_ON(!list_empty(&dquot->dq_free)); 887 #endif 888 put_releasing_dquots(dquot); 889 atomic_dec(&dquot->dq_count); 890 spin_unlock(&dq_list_lock); 891 queue_delayed_work(system_unbound_wq, "a_release_work, 1); 892 } 893 EXPORT_SYMBOL(dqput); 894 895 struct dquot *dquot_alloc(struct super_block *sb, int type) 896 { 897 return kmem_cache_zalloc(dquot_cachep, GFP_NOFS); 898 } 899 EXPORT_SYMBOL(dquot_alloc); 900 901 static struct dquot *get_empty_dquot(struct super_block *sb, int type) 902 { 903 struct dquot *dquot; 904 905 dquot = sb->dq_op->alloc_dquot(sb, type); 906 if(!dquot) 907 return NULL; 908 909 mutex_init(&dquot->dq_lock); 910 INIT_LIST_HEAD(&dquot->dq_free); 911 INIT_LIST_HEAD(&dquot->dq_inuse); 912 INIT_HLIST_NODE(&dquot->dq_hash); 913 INIT_LIST_HEAD(&dquot->dq_dirty); 914 dquot->dq_sb = sb; 915 dquot->dq_id = make_kqid_invalid(type); 916 atomic_set(&dquot->dq_count, 1); 917 spin_lock_init(&dquot->dq_dqb_lock); 918 919 return dquot; 920 } 921 922 /* 923 * Get reference to dquot 924 * 925 * Locking is slightly tricky here. We are guarded from parallel quotaoff() 926 * destroying our dquot by: 927 * a) checking for quota flags under dq_list_lock and 928 * b) getting a reference to dquot before we release dq_list_lock 929 */ 930 struct dquot *dqget(struct super_block *sb, struct kqid qid) 931 { 932 unsigned int hashent = hashfn(sb, qid); 933 struct dquot *dquot, *empty = NULL; 934 935 if (!qid_has_mapping(sb->s_user_ns, qid)) 936 return ERR_PTR(-EINVAL); 937 938 if (!sb_has_quota_active(sb, qid.type)) 939 return ERR_PTR(-ESRCH); 940 we_slept: 941 spin_lock(&dq_list_lock); 942 spin_lock(&dq_state_lock); 943 if (!sb_has_quota_active(sb, qid.type)) { 944 spin_unlock(&dq_state_lock); 945 spin_unlock(&dq_list_lock); 946 dquot = ERR_PTR(-ESRCH); 947 goto out; 948 } 949 spin_unlock(&dq_state_lock); 950 951 dquot = find_dquot(hashent, sb, qid); 952 if (!dquot) { 953 if (!empty) { 954 spin_unlock(&dq_list_lock); 955 empty = get_empty_dquot(sb, qid.type); 956 if (!empty) 957 schedule(); /* Try to wait for a moment... */ 958 goto we_slept; 959 } 960 dquot = empty; 961 empty = NULL; 962 dquot->dq_id = qid; 963 /* all dquots go on the inuse_list */ 964 put_inuse(dquot); 965 /* hash it first so it can be found */ 966 insert_dquot_hash(dquot); 967 spin_unlock(&dq_list_lock); 968 dqstats_inc(DQST_LOOKUPS); 969 } else { 970 if (!atomic_read(&dquot->dq_count)) 971 remove_free_dquot(dquot); 972 atomic_inc(&dquot->dq_count); 973 spin_unlock(&dq_list_lock); 974 dqstats_inc(DQST_CACHE_HITS); 975 dqstats_inc(DQST_LOOKUPS); 976 } 977 /* Wait for dq_lock - after this we know that either dquot_release() is 978 * already finished or it will be canceled due to dq_count > 0 test */ 979 wait_on_dquot(dquot); 980 /* Read the dquot / allocate space in quota file */ 981 if (!dquot_active(dquot)) { 982 int err; 983 984 err = sb->dq_op->acquire_dquot(dquot); 985 if (err < 0) { 986 dqput(dquot); 987 dquot = ERR_PTR(err); 988 goto out; 989 } 990 } 991 /* 992 * Make sure following reads see filled structure - paired with 993 * smp_mb__before_atomic() in dquot_acquire(). 994 */ 995 smp_rmb(); 996 #ifdef CONFIG_QUOTA_DEBUG 997 BUG_ON(!dquot->dq_sb); /* Has somebody invalidated entry under us? */ 998 #endif 999 out: 1000 if (empty) 1001 do_destroy_dquot(empty); 1002 1003 return dquot; 1004 } 1005 EXPORT_SYMBOL(dqget); 1006 1007 static inline struct dquot **i_dquot(struct inode *inode) 1008 { 1009 return inode->i_sb->s_op->get_dquots(inode); 1010 } 1011 1012 static int dqinit_needed(struct inode *inode, int type) 1013 { 1014 struct dquot * const *dquots; 1015 int cnt; 1016 1017 if (IS_NOQUOTA(inode)) 1018 return 0; 1019 1020 dquots = i_dquot(inode); 1021 if (type != -1) 1022 return !dquots[type]; 1023 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1024 if (!dquots[cnt]) 1025 return 1; 1026 return 0; 1027 } 1028 1029 /* This routine is guarded by s_umount semaphore */ 1030 static int add_dquot_ref(struct super_block *sb, int type) 1031 { 1032 struct inode *inode, *old_inode = NULL; 1033 #ifdef CONFIG_QUOTA_DEBUG 1034 int reserved = 0; 1035 #endif 1036 int err = 0; 1037 1038 spin_lock(&sb->s_inode_list_lock); 1039 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { 1040 spin_lock(&inode->i_lock); 1041 if ((inode->i_state & (I_FREEING|I_WILL_FREE|I_NEW)) || 1042 !atomic_read(&inode->i_writecount) || 1043 !dqinit_needed(inode, type)) { 1044 spin_unlock(&inode->i_lock); 1045 continue; 1046 } 1047 __iget(inode); 1048 spin_unlock(&inode->i_lock); 1049 spin_unlock(&sb->s_inode_list_lock); 1050 1051 #ifdef CONFIG_QUOTA_DEBUG 1052 if (unlikely(inode_get_rsv_space(inode) > 0)) 1053 reserved = 1; 1054 #endif 1055 iput(old_inode); 1056 err = __dquot_initialize(inode, type); 1057 if (err) { 1058 iput(inode); 1059 goto out; 1060 } 1061 1062 /* 1063 * We hold a reference to 'inode' so it couldn't have been 1064 * removed from s_inodes list while we dropped the 1065 * s_inode_list_lock. We cannot iput the inode now as we can be 1066 * holding the last reference and we cannot iput it under 1067 * s_inode_list_lock. So we keep the reference and iput it 1068 * later. 1069 */ 1070 old_inode = inode; 1071 cond_resched(); 1072 spin_lock(&sb->s_inode_list_lock); 1073 } 1074 spin_unlock(&sb->s_inode_list_lock); 1075 iput(old_inode); 1076 out: 1077 #ifdef CONFIG_QUOTA_DEBUG 1078 if (reserved) { 1079 quota_error(sb, "Writes happened before quota was turned on " 1080 "thus quota information is probably inconsistent. " 1081 "Please run quotacheck(8)"); 1082 } 1083 #endif 1084 return err; 1085 } 1086 1087 static void remove_dquot_ref(struct super_block *sb, int type) 1088 { 1089 struct inode *inode; 1090 #ifdef CONFIG_QUOTA_DEBUG 1091 int reserved = 0; 1092 #endif 1093 1094 spin_lock(&sb->s_inode_list_lock); 1095 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { 1096 /* 1097 * We have to scan also I_NEW inodes because they can already 1098 * have quota pointer initialized. Luckily, we need to touch 1099 * only quota pointers and these have separate locking 1100 * (dq_data_lock). 1101 */ 1102 spin_lock(&dq_data_lock); 1103 if (!IS_NOQUOTA(inode)) { 1104 struct dquot **dquots = i_dquot(inode); 1105 struct dquot *dquot = dquots[type]; 1106 1107 #ifdef CONFIG_QUOTA_DEBUG 1108 if (unlikely(inode_get_rsv_space(inode) > 0)) 1109 reserved = 1; 1110 #endif 1111 dquots[type] = NULL; 1112 if (dquot) 1113 dqput(dquot); 1114 } 1115 spin_unlock(&dq_data_lock); 1116 } 1117 spin_unlock(&sb->s_inode_list_lock); 1118 #ifdef CONFIG_QUOTA_DEBUG 1119 if (reserved) { 1120 printk(KERN_WARNING "VFS (%s): Writes happened after quota" 1121 " was disabled thus quota information is probably " 1122 "inconsistent. Please run quotacheck(8).\n", sb->s_id); 1123 } 1124 #endif 1125 } 1126 1127 /* Gather all references from inodes and drop them */ 1128 static void drop_dquot_ref(struct super_block *sb, int type) 1129 { 1130 if (sb->dq_op) 1131 remove_dquot_ref(sb, type); 1132 } 1133 1134 static inline 1135 void dquot_free_reserved_space(struct dquot *dquot, qsize_t number) 1136 { 1137 if (dquot->dq_dqb.dqb_rsvspace >= number) 1138 dquot->dq_dqb.dqb_rsvspace -= number; 1139 else { 1140 WARN_ON_ONCE(1); 1141 dquot->dq_dqb.dqb_rsvspace = 0; 1142 } 1143 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <= 1144 dquot->dq_dqb.dqb_bsoftlimit) 1145 dquot->dq_dqb.dqb_btime = (time64_t) 0; 1146 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1147 } 1148 1149 static void dquot_decr_inodes(struct dquot *dquot, qsize_t number) 1150 { 1151 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE || 1152 dquot->dq_dqb.dqb_curinodes >= number) 1153 dquot->dq_dqb.dqb_curinodes -= number; 1154 else 1155 dquot->dq_dqb.dqb_curinodes = 0; 1156 if (dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit) 1157 dquot->dq_dqb.dqb_itime = (time64_t) 0; 1158 clear_bit(DQ_INODES_B, &dquot->dq_flags); 1159 } 1160 1161 static void dquot_decr_space(struct dquot *dquot, qsize_t number) 1162 { 1163 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE || 1164 dquot->dq_dqb.dqb_curspace >= number) 1165 dquot->dq_dqb.dqb_curspace -= number; 1166 else 1167 dquot->dq_dqb.dqb_curspace = 0; 1168 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <= 1169 dquot->dq_dqb.dqb_bsoftlimit) 1170 dquot->dq_dqb.dqb_btime = (time64_t) 0; 1171 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1172 } 1173 1174 struct dquot_warn { 1175 struct super_block *w_sb; 1176 struct kqid w_dq_id; 1177 short w_type; 1178 }; 1179 1180 static int warning_issued(struct dquot *dquot, const int warntype) 1181 { 1182 int flag = (warntype == QUOTA_NL_BHARDWARN || 1183 warntype == QUOTA_NL_BSOFTLONGWARN) ? DQ_BLKS_B : 1184 ((warntype == QUOTA_NL_IHARDWARN || 1185 warntype == QUOTA_NL_ISOFTLONGWARN) ? DQ_INODES_B : 0); 1186 1187 if (!flag) 1188 return 0; 1189 return test_and_set_bit(flag, &dquot->dq_flags); 1190 } 1191 1192 #ifdef CONFIG_PRINT_QUOTA_WARNING 1193 static int flag_print_warnings = 1; 1194 1195 static int need_print_warning(struct dquot_warn *warn) 1196 { 1197 if (!flag_print_warnings) 1198 return 0; 1199 1200 switch (warn->w_dq_id.type) { 1201 case USRQUOTA: 1202 return uid_eq(current_fsuid(), warn->w_dq_id.uid); 1203 case GRPQUOTA: 1204 return in_group_p(warn->w_dq_id.gid); 1205 case PRJQUOTA: 1206 return 1; 1207 } 1208 return 0; 1209 } 1210 1211 /* Print warning to user which exceeded quota */ 1212 static void print_warning(struct dquot_warn *warn) 1213 { 1214 char *msg = NULL; 1215 struct tty_struct *tty; 1216 int warntype = warn->w_type; 1217 1218 if (warntype == QUOTA_NL_IHARDBELOW || 1219 warntype == QUOTA_NL_ISOFTBELOW || 1220 warntype == QUOTA_NL_BHARDBELOW || 1221 warntype == QUOTA_NL_BSOFTBELOW || !need_print_warning(warn)) 1222 return; 1223 1224 tty = get_current_tty(); 1225 if (!tty) 1226 return; 1227 tty_write_message(tty, warn->w_sb->s_id); 1228 if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN) 1229 tty_write_message(tty, ": warning, "); 1230 else 1231 tty_write_message(tty, ": write failed, "); 1232 tty_write_message(tty, quotatypes[warn->w_dq_id.type]); 1233 switch (warntype) { 1234 case QUOTA_NL_IHARDWARN: 1235 msg = " file limit reached.\r\n"; 1236 break; 1237 case QUOTA_NL_ISOFTLONGWARN: 1238 msg = " file quota exceeded too long.\r\n"; 1239 break; 1240 case QUOTA_NL_ISOFTWARN: 1241 msg = " file quota exceeded.\r\n"; 1242 break; 1243 case QUOTA_NL_BHARDWARN: 1244 msg = " block limit reached.\r\n"; 1245 break; 1246 case QUOTA_NL_BSOFTLONGWARN: 1247 msg = " block quota exceeded too long.\r\n"; 1248 break; 1249 case QUOTA_NL_BSOFTWARN: 1250 msg = " block quota exceeded.\r\n"; 1251 break; 1252 } 1253 tty_write_message(tty, msg); 1254 tty_kref_put(tty); 1255 } 1256 #endif 1257 1258 static void prepare_warning(struct dquot_warn *warn, struct dquot *dquot, 1259 int warntype) 1260 { 1261 if (warning_issued(dquot, warntype)) 1262 return; 1263 warn->w_type = warntype; 1264 warn->w_sb = dquot->dq_sb; 1265 warn->w_dq_id = dquot->dq_id; 1266 } 1267 1268 /* 1269 * Write warnings to the console and send warning messages over netlink. 1270 * 1271 * Note that this function can call into tty and networking code. 1272 */ 1273 static void flush_warnings(struct dquot_warn *warn) 1274 { 1275 int i; 1276 1277 for (i = 0; i < MAXQUOTAS; i++) { 1278 if (warn[i].w_type == QUOTA_NL_NOWARN) 1279 continue; 1280 #ifdef CONFIG_PRINT_QUOTA_WARNING 1281 print_warning(&warn[i]); 1282 #endif 1283 quota_send_warning(warn[i].w_dq_id, 1284 warn[i].w_sb->s_dev, warn[i].w_type); 1285 } 1286 } 1287 1288 static int ignore_hardlimit(struct dquot *dquot) 1289 { 1290 struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type]; 1291 1292 return capable(CAP_SYS_RESOURCE) && 1293 (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD || 1294 !(info->dqi_flags & DQF_ROOT_SQUASH)); 1295 } 1296 1297 static int dquot_add_inodes(struct dquot *dquot, qsize_t inodes, 1298 struct dquot_warn *warn) 1299 { 1300 qsize_t newinodes; 1301 int ret = 0; 1302 1303 spin_lock(&dquot->dq_dqb_lock); 1304 newinodes = dquot->dq_dqb.dqb_curinodes + inodes; 1305 if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type) || 1306 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1307 goto add; 1308 1309 if (dquot->dq_dqb.dqb_ihardlimit && 1310 newinodes > dquot->dq_dqb.dqb_ihardlimit && 1311 !ignore_hardlimit(dquot)) { 1312 prepare_warning(warn, dquot, QUOTA_NL_IHARDWARN); 1313 ret = -EDQUOT; 1314 goto out; 1315 } 1316 1317 if (dquot->dq_dqb.dqb_isoftlimit && 1318 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1319 dquot->dq_dqb.dqb_itime && 1320 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_itime && 1321 !ignore_hardlimit(dquot)) { 1322 prepare_warning(warn, dquot, QUOTA_NL_ISOFTLONGWARN); 1323 ret = -EDQUOT; 1324 goto out; 1325 } 1326 1327 if (dquot->dq_dqb.dqb_isoftlimit && 1328 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1329 dquot->dq_dqb.dqb_itime == 0) { 1330 prepare_warning(warn, dquot, QUOTA_NL_ISOFTWARN); 1331 dquot->dq_dqb.dqb_itime = ktime_get_real_seconds() + 1332 sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type].dqi_igrace; 1333 } 1334 add: 1335 dquot->dq_dqb.dqb_curinodes = newinodes; 1336 1337 out: 1338 spin_unlock(&dquot->dq_dqb_lock); 1339 return ret; 1340 } 1341 1342 static int dquot_add_space(struct dquot *dquot, qsize_t space, 1343 qsize_t rsv_space, unsigned int flags, 1344 struct dquot_warn *warn) 1345 { 1346 qsize_t tspace; 1347 struct super_block *sb = dquot->dq_sb; 1348 int ret = 0; 1349 1350 spin_lock(&dquot->dq_dqb_lock); 1351 if (!sb_has_quota_limits_enabled(sb, dquot->dq_id.type) || 1352 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1353 goto finish; 1354 1355 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace 1356 + space + rsv_space; 1357 1358 if (dquot->dq_dqb.dqb_bhardlimit && 1359 tspace > dquot->dq_dqb.dqb_bhardlimit && 1360 !ignore_hardlimit(dquot)) { 1361 if (flags & DQUOT_SPACE_WARN) 1362 prepare_warning(warn, dquot, QUOTA_NL_BHARDWARN); 1363 ret = -EDQUOT; 1364 goto finish; 1365 } 1366 1367 if (dquot->dq_dqb.dqb_bsoftlimit && 1368 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1369 dquot->dq_dqb.dqb_btime && 1370 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_btime && 1371 !ignore_hardlimit(dquot)) { 1372 if (flags & DQUOT_SPACE_WARN) 1373 prepare_warning(warn, dquot, QUOTA_NL_BSOFTLONGWARN); 1374 ret = -EDQUOT; 1375 goto finish; 1376 } 1377 1378 if (dquot->dq_dqb.dqb_bsoftlimit && 1379 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1380 dquot->dq_dqb.dqb_btime == 0) { 1381 if (flags & DQUOT_SPACE_WARN) { 1382 prepare_warning(warn, dquot, QUOTA_NL_BSOFTWARN); 1383 dquot->dq_dqb.dqb_btime = ktime_get_real_seconds() + 1384 sb_dqopt(sb)->info[dquot->dq_id.type].dqi_bgrace; 1385 } else { 1386 /* 1387 * We don't allow preallocation to exceed softlimit so exceeding will 1388 * be always printed 1389 */ 1390 ret = -EDQUOT; 1391 goto finish; 1392 } 1393 } 1394 finish: 1395 /* 1396 * We have to be careful and go through warning generation & grace time 1397 * setting even if DQUOT_SPACE_NOFAIL is set. That's why we check it 1398 * only here... 1399 */ 1400 if (flags & DQUOT_SPACE_NOFAIL) 1401 ret = 0; 1402 if (!ret) { 1403 dquot->dq_dqb.dqb_rsvspace += rsv_space; 1404 dquot->dq_dqb.dqb_curspace += space; 1405 } 1406 spin_unlock(&dquot->dq_dqb_lock); 1407 return ret; 1408 } 1409 1410 static int info_idq_free(struct dquot *dquot, qsize_t inodes) 1411 { 1412 qsize_t newinodes; 1413 1414 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1415 dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit || 1416 !sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type)) 1417 return QUOTA_NL_NOWARN; 1418 1419 newinodes = dquot->dq_dqb.dqb_curinodes - inodes; 1420 if (newinodes <= dquot->dq_dqb.dqb_isoftlimit) 1421 return QUOTA_NL_ISOFTBELOW; 1422 if (dquot->dq_dqb.dqb_curinodes >= dquot->dq_dqb.dqb_ihardlimit && 1423 newinodes < dquot->dq_dqb.dqb_ihardlimit) 1424 return QUOTA_NL_IHARDBELOW; 1425 return QUOTA_NL_NOWARN; 1426 } 1427 1428 static int info_bdq_free(struct dquot *dquot, qsize_t space) 1429 { 1430 qsize_t tspace; 1431 1432 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace; 1433 1434 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1435 tspace <= dquot->dq_dqb.dqb_bsoftlimit) 1436 return QUOTA_NL_NOWARN; 1437 1438 if (tspace - space <= dquot->dq_dqb.dqb_bsoftlimit) 1439 return QUOTA_NL_BSOFTBELOW; 1440 if (tspace >= dquot->dq_dqb.dqb_bhardlimit && 1441 tspace - space < dquot->dq_dqb.dqb_bhardlimit) 1442 return QUOTA_NL_BHARDBELOW; 1443 return QUOTA_NL_NOWARN; 1444 } 1445 1446 static int inode_quota_active(const struct inode *inode) 1447 { 1448 struct super_block *sb = inode->i_sb; 1449 1450 if (IS_NOQUOTA(inode)) 1451 return 0; 1452 return sb_any_quota_loaded(sb) & ~sb_any_quota_suspended(sb); 1453 } 1454 1455 /* 1456 * Initialize quota pointers in inode 1457 * 1458 * It is better to call this function outside of any transaction as it 1459 * might need a lot of space in journal for dquot structure allocation. 1460 */ 1461 static int __dquot_initialize(struct inode *inode, int type) 1462 { 1463 int cnt, init_needed = 0; 1464 struct dquot **dquots, *got[MAXQUOTAS] = {}; 1465 struct super_block *sb = inode->i_sb; 1466 qsize_t rsv; 1467 int ret = 0; 1468 1469 if (!inode_quota_active(inode)) 1470 return 0; 1471 1472 dquots = i_dquot(inode); 1473 1474 /* First get references to structures we might need. */ 1475 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1476 struct kqid qid; 1477 kprojid_t projid; 1478 int rc; 1479 struct dquot *dquot; 1480 1481 if (type != -1 && cnt != type) 1482 continue; 1483 /* 1484 * The i_dquot should have been initialized in most cases, 1485 * we check it without locking here to avoid unnecessary 1486 * dqget()/dqput() calls. 1487 */ 1488 if (dquots[cnt]) 1489 continue; 1490 1491 if (!sb_has_quota_active(sb, cnt)) 1492 continue; 1493 1494 init_needed = 1; 1495 1496 switch (cnt) { 1497 case USRQUOTA: 1498 qid = make_kqid_uid(inode->i_uid); 1499 break; 1500 case GRPQUOTA: 1501 qid = make_kqid_gid(inode->i_gid); 1502 break; 1503 case PRJQUOTA: 1504 rc = inode->i_sb->dq_op->get_projid(inode, &projid); 1505 if (rc) 1506 continue; 1507 qid = make_kqid_projid(projid); 1508 break; 1509 } 1510 dquot = dqget(sb, qid); 1511 if (IS_ERR(dquot)) { 1512 /* We raced with somebody turning quotas off... */ 1513 if (PTR_ERR(dquot) != -ESRCH) { 1514 ret = PTR_ERR(dquot); 1515 goto out_put; 1516 } 1517 dquot = NULL; 1518 } 1519 got[cnt] = dquot; 1520 } 1521 1522 /* All required i_dquot has been initialized */ 1523 if (!init_needed) 1524 return 0; 1525 1526 spin_lock(&dq_data_lock); 1527 if (IS_NOQUOTA(inode)) 1528 goto out_lock; 1529 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1530 if (type != -1 && cnt != type) 1531 continue; 1532 /* Avoid races with quotaoff() */ 1533 if (!sb_has_quota_active(sb, cnt)) 1534 continue; 1535 /* We could race with quotaon or dqget() could have failed */ 1536 if (!got[cnt]) 1537 continue; 1538 if (!dquots[cnt]) { 1539 dquots[cnt] = got[cnt]; 1540 got[cnt] = NULL; 1541 /* 1542 * Make quota reservation system happy if someone 1543 * did a write before quota was turned on 1544 */ 1545 rsv = inode_get_rsv_space(inode); 1546 if (unlikely(rsv)) { 1547 spin_lock(&inode->i_lock); 1548 /* Get reservation again under proper lock */ 1549 rsv = __inode_get_rsv_space(inode); 1550 spin_lock(&dquots[cnt]->dq_dqb_lock); 1551 dquots[cnt]->dq_dqb.dqb_rsvspace += rsv; 1552 spin_unlock(&dquots[cnt]->dq_dqb_lock); 1553 spin_unlock(&inode->i_lock); 1554 } 1555 } 1556 } 1557 out_lock: 1558 spin_unlock(&dq_data_lock); 1559 out_put: 1560 /* Drop unused references */ 1561 dqput_all(got); 1562 1563 return ret; 1564 } 1565 1566 int dquot_initialize(struct inode *inode) 1567 { 1568 return __dquot_initialize(inode, -1); 1569 } 1570 EXPORT_SYMBOL(dquot_initialize); 1571 1572 bool dquot_initialize_needed(struct inode *inode) 1573 { 1574 struct dquot **dquots; 1575 int i; 1576 1577 if (!inode_quota_active(inode)) 1578 return false; 1579 1580 dquots = i_dquot(inode); 1581 for (i = 0; i < MAXQUOTAS; i++) 1582 if (!dquots[i] && sb_has_quota_active(inode->i_sb, i)) 1583 return true; 1584 return false; 1585 } 1586 EXPORT_SYMBOL(dquot_initialize_needed); 1587 1588 /* 1589 * Release all quotas referenced by inode. 1590 * 1591 * This function only be called on inode free or converting 1592 * a file to quota file, no other users for the i_dquot in 1593 * both cases, so we needn't call synchronize_srcu() after 1594 * clearing i_dquot. 1595 */ 1596 static void __dquot_drop(struct inode *inode) 1597 { 1598 int cnt; 1599 struct dquot **dquots = i_dquot(inode); 1600 struct dquot *put[MAXQUOTAS]; 1601 1602 spin_lock(&dq_data_lock); 1603 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1604 put[cnt] = dquots[cnt]; 1605 dquots[cnt] = NULL; 1606 } 1607 spin_unlock(&dq_data_lock); 1608 dqput_all(put); 1609 } 1610 1611 void dquot_drop(struct inode *inode) 1612 { 1613 struct dquot * const *dquots; 1614 int cnt; 1615 1616 if (IS_NOQUOTA(inode)) 1617 return; 1618 1619 /* 1620 * Test before calling to rule out calls from proc and such 1621 * where we are not allowed to block. Note that this is 1622 * actually reliable test even without the lock - the caller 1623 * must assure that nobody can come after the DQUOT_DROP and 1624 * add quota pointers back anyway. 1625 */ 1626 dquots = i_dquot(inode); 1627 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1628 if (dquots[cnt]) 1629 break; 1630 } 1631 1632 if (cnt < MAXQUOTAS) 1633 __dquot_drop(inode); 1634 } 1635 EXPORT_SYMBOL(dquot_drop); 1636 1637 /* 1638 * inode_reserved_space is managed internally by quota, and protected by 1639 * i_lock similar to i_blocks+i_bytes. 1640 */ 1641 static qsize_t *inode_reserved_space(struct inode * inode) 1642 { 1643 /* Filesystem must explicitly define it's own method in order to use 1644 * quota reservation interface */ 1645 BUG_ON(!inode->i_sb->dq_op->get_reserved_space); 1646 return inode->i_sb->dq_op->get_reserved_space(inode); 1647 } 1648 1649 static qsize_t __inode_get_rsv_space(struct inode *inode) 1650 { 1651 if (!inode->i_sb->dq_op->get_reserved_space) 1652 return 0; 1653 return *inode_reserved_space(inode); 1654 } 1655 1656 static qsize_t inode_get_rsv_space(struct inode *inode) 1657 { 1658 qsize_t ret; 1659 1660 if (!inode->i_sb->dq_op->get_reserved_space) 1661 return 0; 1662 spin_lock(&inode->i_lock); 1663 ret = __inode_get_rsv_space(inode); 1664 spin_unlock(&inode->i_lock); 1665 return ret; 1666 } 1667 1668 /* 1669 * This functions updates i_blocks+i_bytes fields and quota information 1670 * (together with appropriate checks). 1671 * 1672 * NOTE: We absolutely rely on the fact that caller dirties the inode 1673 * (usually helpers in quotaops.h care about this) and holds a handle for 1674 * the current transaction so that dquot write and inode write go into the 1675 * same transaction. 1676 */ 1677 1678 /* 1679 * This operation can block, but only after everything is updated 1680 */ 1681 int __dquot_alloc_space(struct inode *inode, qsize_t number, int flags) 1682 { 1683 int cnt, ret = 0, index; 1684 struct dquot_warn warn[MAXQUOTAS]; 1685 int reserve = flags & DQUOT_SPACE_RESERVE; 1686 struct dquot **dquots; 1687 1688 if (!inode_quota_active(inode)) { 1689 if (reserve) { 1690 spin_lock(&inode->i_lock); 1691 *inode_reserved_space(inode) += number; 1692 spin_unlock(&inode->i_lock); 1693 } else { 1694 inode_add_bytes(inode, number); 1695 } 1696 goto out; 1697 } 1698 1699 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1700 warn[cnt].w_type = QUOTA_NL_NOWARN; 1701 1702 dquots = i_dquot(inode); 1703 index = srcu_read_lock(&dquot_srcu); 1704 spin_lock(&inode->i_lock); 1705 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1706 if (!dquots[cnt]) 1707 continue; 1708 if (reserve) { 1709 ret = dquot_add_space(dquots[cnt], 0, number, flags, 1710 &warn[cnt]); 1711 } else { 1712 ret = dquot_add_space(dquots[cnt], number, 0, flags, 1713 &warn[cnt]); 1714 } 1715 if (ret) { 1716 /* Back out changes we already did */ 1717 for (cnt--; cnt >= 0; cnt--) { 1718 if (!dquots[cnt]) 1719 continue; 1720 spin_lock(&dquots[cnt]->dq_dqb_lock); 1721 if (reserve) 1722 dquot_free_reserved_space(dquots[cnt], 1723 number); 1724 else 1725 dquot_decr_space(dquots[cnt], number); 1726 spin_unlock(&dquots[cnt]->dq_dqb_lock); 1727 } 1728 spin_unlock(&inode->i_lock); 1729 goto out_flush_warn; 1730 } 1731 } 1732 if (reserve) 1733 *inode_reserved_space(inode) += number; 1734 else 1735 __inode_add_bytes(inode, number); 1736 spin_unlock(&inode->i_lock); 1737 1738 if (reserve) 1739 goto out_flush_warn; 1740 mark_all_dquot_dirty(dquots); 1741 out_flush_warn: 1742 srcu_read_unlock(&dquot_srcu, index); 1743 flush_warnings(warn); 1744 out: 1745 return ret; 1746 } 1747 EXPORT_SYMBOL(__dquot_alloc_space); 1748 1749 /* 1750 * This operation can block, but only after everything is updated 1751 */ 1752 int dquot_alloc_inode(struct inode *inode) 1753 { 1754 int cnt, ret = 0, index; 1755 struct dquot_warn warn[MAXQUOTAS]; 1756 struct dquot * const *dquots; 1757 1758 if (!inode_quota_active(inode)) 1759 return 0; 1760 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1761 warn[cnt].w_type = QUOTA_NL_NOWARN; 1762 1763 dquots = i_dquot(inode); 1764 index = srcu_read_lock(&dquot_srcu); 1765 spin_lock(&inode->i_lock); 1766 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1767 if (!dquots[cnt]) 1768 continue; 1769 ret = dquot_add_inodes(dquots[cnt], 1, &warn[cnt]); 1770 if (ret) { 1771 for (cnt--; cnt >= 0; cnt--) { 1772 if (!dquots[cnt]) 1773 continue; 1774 /* Back out changes we already did */ 1775 spin_lock(&dquots[cnt]->dq_dqb_lock); 1776 dquot_decr_inodes(dquots[cnt], 1); 1777 spin_unlock(&dquots[cnt]->dq_dqb_lock); 1778 } 1779 goto warn_put_all; 1780 } 1781 } 1782 1783 warn_put_all: 1784 spin_unlock(&inode->i_lock); 1785 if (ret == 0) 1786 mark_all_dquot_dirty(dquots); 1787 srcu_read_unlock(&dquot_srcu, index); 1788 flush_warnings(warn); 1789 return ret; 1790 } 1791 EXPORT_SYMBOL(dquot_alloc_inode); 1792 1793 /* 1794 * Convert in-memory reserved quotas to real consumed quotas 1795 */ 1796 int dquot_claim_space_nodirty(struct inode *inode, qsize_t number) 1797 { 1798 struct dquot **dquots; 1799 int cnt, index; 1800 1801 if (!inode_quota_active(inode)) { 1802 spin_lock(&inode->i_lock); 1803 *inode_reserved_space(inode) -= number; 1804 __inode_add_bytes(inode, number); 1805 spin_unlock(&inode->i_lock); 1806 return 0; 1807 } 1808 1809 dquots = i_dquot(inode); 1810 index = srcu_read_lock(&dquot_srcu); 1811 spin_lock(&inode->i_lock); 1812 /* Claim reserved quotas to allocated quotas */ 1813 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1814 if (dquots[cnt]) { 1815 struct dquot *dquot = dquots[cnt]; 1816 1817 spin_lock(&dquot->dq_dqb_lock); 1818 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_rsvspace < number)) 1819 number = dquot->dq_dqb.dqb_rsvspace; 1820 dquot->dq_dqb.dqb_curspace += number; 1821 dquot->dq_dqb.dqb_rsvspace -= number; 1822 spin_unlock(&dquot->dq_dqb_lock); 1823 } 1824 } 1825 /* Update inode bytes */ 1826 *inode_reserved_space(inode) -= number; 1827 __inode_add_bytes(inode, number); 1828 spin_unlock(&inode->i_lock); 1829 mark_all_dquot_dirty(dquots); 1830 srcu_read_unlock(&dquot_srcu, index); 1831 return 0; 1832 } 1833 EXPORT_SYMBOL(dquot_claim_space_nodirty); 1834 1835 /* 1836 * Convert allocated space back to in-memory reserved quotas 1837 */ 1838 void dquot_reclaim_space_nodirty(struct inode *inode, qsize_t number) 1839 { 1840 struct dquot **dquots; 1841 int cnt, index; 1842 1843 if (!inode_quota_active(inode)) { 1844 spin_lock(&inode->i_lock); 1845 *inode_reserved_space(inode) += number; 1846 __inode_sub_bytes(inode, number); 1847 spin_unlock(&inode->i_lock); 1848 return; 1849 } 1850 1851 dquots = i_dquot(inode); 1852 index = srcu_read_lock(&dquot_srcu); 1853 spin_lock(&inode->i_lock); 1854 /* Claim reserved quotas to allocated quotas */ 1855 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1856 if (dquots[cnt]) { 1857 struct dquot *dquot = dquots[cnt]; 1858 1859 spin_lock(&dquot->dq_dqb_lock); 1860 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_curspace < number)) 1861 number = dquot->dq_dqb.dqb_curspace; 1862 dquot->dq_dqb.dqb_rsvspace += number; 1863 dquot->dq_dqb.dqb_curspace -= number; 1864 spin_unlock(&dquot->dq_dqb_lock); 1865 } 1866 } 1867 /* Update inode bytes */ 1868 *inode_reserved_space(inode) += number; 1869 __inode_sub_bytes(inode, number); 1870 spin_unlock(&inode->i_lock); 1871 mark_all_dquot_dirty(dquots); 1872 srcu_read_unlock(&dquot_srcu, index); 1873 return; 1874 } 1875 EXPORT_SYMBOL(dquot_reclaim_space_nodirty); 1876 1877 /* 1878 * This operation can block, but only after everything is updated 1879 */ 1880 void __dquot_free_space(struct inode *inode, qsize_t number, int flags) 1881 { 1882 unsigned int cnt; 1883 struct dquot_warn warn[MAXQUOTAS]; 1884 struct dquot **dquots; 1885 int reserve = flags & DQUOT_SPACE_RESERVE, index; 1886 1887 if (!inode_quota_active(inode)) { 1888 if (reserve) { 1889 spin_lock(&inode->i_lock); 1890 *inode_reserved_space(inode) -= number; 1891 spin_unlock(&inode->i_lock); 1892 } else { 1893 inode_sub_bytes(inode, number); 1894 } 1895 return; 1896 } 1897 1898 dquots = i_dquot(inode); 1899 index = srcu_read_lock(&dquot_srcu); 1900 spin_lock(&inode->i_lock); 1901 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1902 int wtype; 1903 1904 warn[cnt].w_type = QUOTA_NL_NOWARN; 1905 if (!dquots[cnt]) 1906 continue; 1907 spin_lock(&dquots[cnt]->dq_dqb_lock); 1908 wtype = info_bdq_free(dquots[cnt], number); 1909 if (wtype != QUOTA_NL_NOWARN) 1910 prepare_warning(&warn[cnt], dquots[cnt], wtype); 1911 if (reserve) 1912 dquot_free_reserved_space(dquots[cnt], number); 1913 else 1914 dquot_decr_space(dquots[cnt], number); 1915 spin_unlock(&dquots[cnt]->dq_dqb_lock); 1916 } 1917 if (reserve) 1918 *inode_reserved_space(inode) -= number; 1919 else 1920 __inode_sub_bytes(inode, number); 1921 spin_unlock(&inode->i_lock); 1922 1923 if (reserve) 1924 goto out_unlock; 1925 mark_all_dquot_dirty(dquots); 1926 out_unlock: 1927 srcu_read_unlock(&dquot_srcu, index); 1928 flush_warnings(warn); 1929 } 1930 EXPORT_SYMBOL(__dquot_free_space); 1931 1932 /* 1933 * This operation can block, but only after everything is updated 1934 */ 1935 void dquot_free_inode(struct inode *inode) 1936 { 1937 unsigned int cnt; 1938 struct dquot_warn warn[MAXQUOTAS]; 1939 struct dquot * const *dquots; 1940 int index; 1941 1942 if (!inode_quota_active(inode)) 1943 return; 1944 1945 dquots = i_dquot(inode); 1946 index = srcu_read_lock(&dquot_srcu); 1947 spin_lock(&inode->i_lock); 1948 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1949 int wtype; 1950 1951 warn[cnt].w_type = QUOTA_NL_NOWARN; 1952 if (!dquots[cnt]) 1953 continue; 1954 spin_lock(&dquots[cnt]->dq_dqb_lock); 1955 wtype = info_idq_free(dquots[cnt], 1); 1956 if (wtype != QUOTA_NL_NOWARN) 1957 prepare_warning(&warn[cnt], dquots[cnt], wtype); 1958 dquot_decr_inodes(dquots[cnt], 1); 1959 spin_unlock(&dquots[cnt]->dq_dqb_lock); 1960 } 1961 spin_unlock(&inode->i_lock); 1962 mark_all_dquot_dirty(dquots); 1963 srcu_read_unlock(&dquot_srcu, index); 1964 flush_warnings(warn); 1965 } 1966 EXPORT_SYMBOL(dquot_free_inode); 1967 1968 /* 1969 * Transfer the number of inode and blocks from one diskquota to an other. 1970 * On success, dquot references in transfer_to are consumed and references 1971 * to original dquots that need to be released are placed there. On failure, 1972 * references are kept untouched. 1973 * 1974 * This operation can block, but only after everything is updated 1975 * A transaction must be started when entering this function. 1976 * 1977 * We are holding reference on transfer_from & transfer_to, no need to 1978 * protect them by srcu_read_lock(). 1979 */ 1980 int __dquot_transfer(struct inode *inode, struct dquot **transfer_to) 1981 { 1982 qsize_t cur_space; 1983 qsize_t rsv_space = 0; 1984 qsize_t inode_usage = 1; 1985 struct dquot *transfer_from[MAXQUOTAS] = {}; 1986 int cnt, ret = 0; 1987 char is_valid[MAXQUOTAS] = {}; 1988 struct dquot_warn warn_to[MAXQUOTAS]; 1989 struct dquot_warn warn_from_inodes[MAXQUOTAS]; 1990 struct dquot_warn warn_from_space[MAXQUOTAS]; 1991 1992 if (IS_NOQUOTA(inode)) 1993 return 0; 1994 1995 if (inode->i_sb->dq_op->get_inode_usage) { 1996 ret = inode->i_sb->dq_op->get_inode_usage(inode, &inode_usage); 1997 if (ret) 1998 return ret; 1999 } 2000 2001 /* Initialize the arrays */ 2002 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2003 warn_to[cnt].w_type = QUOTA_NL_NOWARN; 2004 warn_from_inodes[cnt].w_type = QUOTA_NL_NOWARN; 2005 warn_from_space[cnt].w_type = QUOTA_NL_NOWARN; 2006 } 2007 2008 spin_lock(&dq_data_lock); 2009 spin_lock(&inode->i_lock); 2010 if (IS_NOQUOTA(inode)) { /* File without quota accounting? */ 2011 spin_unlock(&inode->i_lock); 2012 spin_unlock(&dq_data_lock); 2013 return 0; 2014 } 2015 cur_space = __inode_get_bytes(inode); 2016 rsv_space = __inode_get_rsv_space(inode); 2017 /* 2018 * Build the transfer_from list, check limits, and update usage in 2019 * the target structures. 2020 */ 2021 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2022 /* 2023 * Skip changes for same uid or gid or for turned off quota-type. 2024 */ 2025 if (!transfer_to[cnt]) 2026 continue; 2027 /* Avoid races with quotaoff() */ 2028 if (!sb_has_quota_active(inode->i_sb, cnt)) 2029 continue; 2030 is_valid[cnt] = 1; 2031 transfer_from[cnt] = i_dquot(inode)[cnt]; 2032 ret = dquot_add_inodes(transfer_to[cnt], inode_usage, 2033 &warn_to[cnt]); 2034 if (ret) 2035 goto over_quota; 2036 ret = dquot_add_space(transfer_to[cnt], cur_space, rsv_space, 2037 DQUOT_SPACE_WARN, &warn_to[cnt]); 2038 if (ret) { 2039 spin_lock(&transfer_to[cnt]->dq_dqb_lock); 2040 dquot_decr_inodes(transfer_to[cnt], inode_usage); 2041 spin_unlock(&transfer_to[cnt]->dq_dqb_lock); 2042 goto over_quota; 2043 } 2044 } 2045 2046 /* Decrease usage for source structures and update quota pointers */ 2047 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2048 if (!is_valid[cnt]) 2049 continue; 2050 /* Due to IO error we might not have transfer_from[] structure */ 2051 if (transfer_from[cnt]) { 2052 int wtype; 2053 2054 spin_lock(&transfer_from[cnt]->dq_dqb_lock); 2055 wtype = info_idq_free(transfer_from[cnt], inode_usage); 2056 if (wtype != QUOTA_NL_NOWARN) 2057 prepare_warning(&warn_from_inodes[cnt], 2058 transfer_from[cnt], wtype); 2059 wtype = info_bdq_free(transfer_from[cnt], 2060 cur_space + rsv_space); 2061 if (wtype != QUOTA_NL_NOWARN) 2062 prepare_warning(&warn_from_space[cnt], 2063 transfer_from[cnt], wtype); 2064 dquot_decr_inodes(transfer_from[cnt], inode_usage); 2065 dquot_decr_space(transfer_from[cnt], cur_space); 2066 dquot_free_reserved_space(transfer_from[cnt], 2067 rsv_space); 2068 spin_unlock(&transfer_from[cnt]->dq_dqb_lock); 2069 } 2070 i_dquot(inode)[cnt] = transfer_to[cnt]; 2071 } 2072 spin_unlock(&inode->i_lock); 2073 spin_unlock(&dq_data_lock); 2074 2075 mark_all_dquot_dirty(transfer_from); 2076 mark_all_dquot_dirty(transfer_to); 2077 flush_warnings(warn_to); 2078 flush_warnings(warn_from_inodes); 2079 flush_warnings(warn_from_space); 2080 /* Pass back references to put */ 2081 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2082 if (is_valid[cnt]) 2083 transfer_to[cnt] = transfer_from[cnt]; 2084 return 0; 2085 over_quota: 2086 /* Back out changes we already did */ 2087 for (cnt--; cnt >= 0; cnt--) { 2088 if (!is_valid[cnt]) 2089 continue; 2090 spin_lock(&transfer_to[cnt]->dq_dqb_lock); 2091 dquot_decr_inodes(transfer_to[cnt], inode_usage); 2092 dquot_decr_space(transfer_to[cnt], cur_space); 2093 dquot_free_reserved_space(transfer_to[cnt], rsv_space); 2094 spin_unlock(&transfer_to[cnt]->dq_dqb_lock); 2095 } 2096 spin_unlock(&inode->i_lock); 2097 spin_unlock(&dq_data_lock); 2098 flush_warnings(warn_to); 2099 return ret; 2100 } 2101 EXPORT_SYMBOL(__dquot_transfer); 2102 2103 /* Wrapper for transferring ownership of an inode for uid/gid only 2104 * Called from FSXXX_setattr() 2105 */ 2106 int dquot_transfer(struct mnt_idmap *idmap, struct inode *inode, 2107 struct iattr *iattr) 2108 { 2109 struct dquot *transfer_to[MAXQUOTAS] = {}; 2110 struct dquot *dquot; 2111 struct super_block *sb = inode->i_sb; 2112 int ret; 2113 2114 if (!inode_quota_active(inode)) 2115 return 0; 2116 2117 if (i_uid_needs_update(idmap, iattr, inode)) { 2118 kuid_t kuid = from_vfsuid(idmap, i_user_ns(inode), 2119 iattr->ia_vfsuid); 2120 2121 dquot = dqget(sb, make_kqid_uid(kuid)); 2122 if (IS_ERR(dquot)) { 2123 if (PTR_ERR(dquot) != -ESRCH) { 2124 ret = PTR_ERR(dquot); 2125 goto out_put; 2126 } 2127 dquot = NULL; 2128 } 2129 transfer_to[USRQUOTA] = dquot; 2130 } 2131 if (i_gid_needs_update(idmap, iattr, inode)) { 2132 kgid_t kgid = from_vfsgid(idmap, i_user_ns(inode), 2133 iattr->ia_vfsgid); 2134 2135 dquot = dqget(sb, make_kqid_gid(kgid)); 2136 if (IS_ERR(dquot)) { 2137 if (PTR_ERR(dquot) != -ESRCH) { 2138 ret = PTR_ERR(dquot); 2139 goto out_put; 2140 } 2141 dquot = NULL; 2142 } 2143 transfer_to[GRPQUOTA] = dquot; 2144 } 2145 ret = __dquot_transfer(inode, transfer_to); 2146 out_put: 2147 dqput_all(transfer_to); 2148 return ret; 2149 } 2150 EXPORT_SYMBOL(dquot_transfer); 2151 2152 /* 2153 * Write info of quota file to disk 2154 */ 2155 int dquot_commit_info(struct super_block *sb, int type) 2156 { 2157 struct quota_info *dqopt = sb_dqopt(sb); 2158 2159 return dqopt->ops[type]->write_file_info(sb, type); 2160 } 2161 EXPORT_SYMBOL(dquot_commit_info); 2162 2163 int dquot_get_next_id(struct super_block *sb, struct kqid *qid) 2164 { 2165 struct quota_info *dqopt = sb_dqopt(sb); 2166 2167 if (!sb_has_quota_active(sb, qid->type)) 2168 return -ESRCH; 2169 if (!dqopt->ops[qid->type]->get_next_id) 2170 return -ENOSYS; 2171 return dqopt->ops[qid->type]->get_next_id(sb, qid); 2172 } 2173 EXPORT_SYMBOL(dquot_get_next_id); 2174 2175 /* 2176 * Definitions of diskquota operations. 2177 */ 2178 const struct dquot_operations dquot_operations = { 2179 .write_dquot = dquot_commit, 2180 .acquire_dquot = dquot_acquire, 2181 .release_dquot = dquot_release, 2182 .mark_dirty = dquot_mark_dquot_dirty, 2183 .write_info = dquot_commit_info, 2184 .alloc_dquot = dquot_alloc, 2185 .destroy_dquot = dquot_destroy, 2186 .get_next_id = dquot_get_next_id, 2187 }; 2188 EXPORT_SYMBOL(dquot_operations); 2189 2190 /* 2191 * Generic helper for ->open on filesystems supporting disk quotas. 2192 */ 2193 int dquot_file_open(struct inode *inode, struct file *file) 2194 { 2195 int error; 2196 2197 error = generic_file_open(inode, file); 2198 if (!error && (file->f_mode & FMODE_WRITE)) 2199 error = dquot_initialize(inode); 2200 return error; 2201 } 2202 EXPORT_SYMBOL(dquot_file_open); 2203 2204 static void vfs_cleanup_quota_inode(struct super_block *sb, int type) 2205 { 2206 struct quota_info *dqopt = sb_dqopt(sb); 2207 struct inode *inode = dqopt->files[type]; 2208 2209 if (!inode) 2210 return; 2211 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2212 inode_lock(inode); 2213 inode->i_flags &= ~S_NOQUOTA; 2214 inode_unlock(inode); 2215 } 2216 dqopt->files[type] = NULL; 2217 iput(inode); 2218 } 2219 2220 /* 2221 * Turn quota off on a device. type == -1 ==> quotaoff for all types (umount) 2222 */ 2223 int dquot_disable(struct super_block *sb, int type, unsigned int flags) 2224 { 2225 int cnt; 2226 struct quota_info *dqopt = sb_dqopt(sb); 2227 2228 /* s_umount should be held in exclusive mode */ 2229 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount))) 2230 up_read(&sb->s_umount); 2231 2232 /* Cannot turn off usage accounting without turning off limits, or 2233 * suspend quotas and simultaneously turn quotas off. */ 2234 if ((flags & DQUOT_USAGE_ENABLED && !(flags & DQUOT_LIMITS_ENABLED)) 2235 || (flags & DQUOT_SUSPENDED && flags & (DQUOT_LIMITS_ENABLED | 2236 DQUOT_USAGE_ENABLED))) 2237 return -EINVAL; 2238 2239 /* 2240 * Skip everything if there's nothing to do. We have to do this because 2241 * sometimes we are called when fill_super() failed and calling 2242 * sync_fs() in such cases does no good. 2243 */ 2244 if (!sb_any_quota_loaded(sb)) 2245 return 0; 2246 2247 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2248 if (type != -1 && cnt != type) 2249 continue; 2250 if (!sb_has_quota_loaded(sb, cnt)) 2251 continue; 2252 2253 if (flags & DQUOT_SUSPENDED) { 2254 spin_lock(&dq_state_lock); 2255 dqopt->flags |= 2256 dquot_state_flag(DQUOT_SUSPENDED, cnt); 2257 spin_unlock(&dq_state_lock); 2258 } else { 2259 spin_lock(&dq_state_lock); 2260 dqopt->flags &= ~dquot_state_flag(flags, cnt); 2261 /* Turning off suspended quotas? */ 2262 if (!sb_has_quota_loaded(sb, cnt) && 2263 sb_has_quota_suspended(sb, cnt)) { 2264 dqopt->flags &= ~dquot_state_flag( 2265 DQUOT_SUSPENDED, cnt); 2266 spin_unlock(&dq_state_lock); 2267 vfs_cleanup_quota_inode(sb, cnt); 2268 continue; 2269 } 2270 spin_unlock(&dq_state_lock); 2271 } 2272 2273 /* We still have to keep quota loaded? */ 2274 if (sb_has_quota_loaded(sb, cnt) && !(flags & DQUOT_SUSPENDED)) 2275 continue; 2276 2277 /* Note: these are blocking operations */ 2278 drop_dquot_ref(sb, cnt); 2279 invalidate_dquots(sb, cnt); 2280 /* 2281 * Now all dquots should be invalidated, all writes done so we 2282 * should be only users of the info. No locks needed. 2283 */ 2284 if (info_dirty(&dqopt->info[cnt])) 2285 sb->dq_op->write_info(sb, cnt); 2286 if (dqopt->ops[cnt]->free_file_info) 2287 dqopt->ops[cnt]->free_file_info(sb, cnt); 2288 put_quota_format(dqopt->info[cnt].dqi_format); 2289 dqopt->info[cnt].dqi_flags = 0; 2290 dqopt->info[cnt].dqi_igrace = 0; 2291 dqopt->info[cnt].dqi_bgrace = 0; 2292 dqopt->ops[cnt] = NULL; 2293 } 2294 2295 /* Skip syncing and setting flags if quota files are hidden */ 2296 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) 2297 goto put_inodes; 2298 2299 /* Sync the superblock so that buffers with quota data are written to 2300 * disk (and so userspace sees correct data afterwards). */ 2301 if (sb->s_op->sync_fs) 2302 sb->s_op->sync_fs(sb, 1); 2303 sync_blockdev(sb->s_bdev); 2304 /* Now the quota files are just ordinary files and we can set the 2305 * inode flags back. Moreover we discard the pagecache so that 2306 * userspace sees the writes we did bypassing the pagecache. We 2307 * must also discard the blockdev buffers so that we see the 2308 * changes done by userspace on the next quotaon() */ 2309 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2310 if (!sb_has_quota_loaded(sb, cnt) && dqopt->files[cnt]) { 2311 inode_lock(dqopt->files[cnt]); 2312 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0); 2313 inode_unlock(dqopt->files[cnt]); 2314 } 2315 if (sb->s_bdev) 2316 invalidate_bdev(sb->s_bdev); 2317 put_inodes: 2318 /* We are done when suspending quotas */ 2319 if (flags & DQUOT_SUSPENDED) 2320 return 0; 2321 2322 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2323 if (!sb_has_quota_loaded(sb, cnt)) 2324 vfs_cleanup_quota_inode(sb, cnt); 2325 return 0; 2326 } 2327 EXPORT_SYMBOL(dquot_disable); 2328 2329 int dquot_quota_off(struct super_block *sb, int type) 2330 { 2331 return dquot_disable(sb, type, 2332 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2333 } 2334 EXPORT_SYMBOL(dquot_quota_off); 2335 2336 /* 2337 * Turn quotas on on a device 2338 */ 2339 2340 static int vfs_setup_quota_inode(struct inode *inode, int type) 2341 { 2342 struct super_block *sb = inode->i_sb; 2343 struct quota_info *dqopt = sb_dqopt(sb); 2344 2345 if (is_bad_inode(inode)) 2346 return -EUCLEAN; 2347 if (!S_ISREG(inode->i_mode)) 2348 return -EACCES; 2349 if (IS_RDONLY(inode)) 2350 return -EROFS; 2351 if (sb_has_quota_loaded(sb, type)) 2352 return -EBUSY; 2353 2354 /* 2355 * Quota files should never be encrypted. They should be thought of as 2356 * filesystem metadata, not user data. New-style internal quota files 2357 * cannot be encrypted by users anyway, but old-style external quota 2358 * files could potentially be incorrectly created in an encrypted 2359 * directory, hence this explicit check. Some reasons why encrypted 2360 * quota files don't work include: (1) some filesystems that support 2361 * encryption don't handle it in their quota_read and quota_write, and 2362 * (2) cleaning up encrypted quota files at unmount would need special 2363 * consideration, as quota files are cleaned up later than user files. 2364 */ 2365 if (IS_ENCRYPTED(inode)) 2366 return -EINVAL; 2367 2368 dqopt->files[type] = igrab(inode); 2369 if (!dqopt->files[type]) 2370 return -EIO; 2371 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2372 /* We don't want quota and atime on quota files (deadlocks 2373 * possible) Also nobody should write to the file - we use 2374 * special IO operations which ignore the immutable bit. */ 2375 inode_lock(inode); 2376 inode->i_flags |= S_NOQUOTA; 2377 inode_unlock(inode); 2378 /* 2379 * When S_NOQUOTA is set, remove dquot references as no more 2380 * references can be added 2381 */ 2382 __dquot_drop(inode); 2383 } 2384 return 0; 2385 } 2386 2387 int dquot_load_quota_sb(struct super_block *sb, int type, int format_id, 2388 unsigned int flags) 2389 { 2390 struct quota_format_type *fmt = find_quota_format(format_id); 2391 struct quota_info *dqopt = sb_dqopt(sb); 2392 int error; 2393 2394 lockdep_assert_held_write(&sb->s_umount); 2395 2396 /* Just unsuspend quotas? */ 2397 BUG_ON(flags & DQUOT_SUSPENDED); 2398 2399 if (!fmt) 2400 return -ESRCH; 2401 if (!sb->dq_op || !sb->s_qcop || 2402 (type == PRJQUOTA && sb->dq_op->get_projid == NULL)) { 2403 error = -EINVAL; 2404 goto out_fmt; 2405 } 2406 /* Filesystems outside of init_user_ns not yet supported */ 2407 if (sb->s_user_ns != &init_user_ns) { 2408 error = -EINVAL; 2409 goto out_fmt; 2410 } 2411 /* Usage always has to be set... */ 2412 if (!(flags & DQUOT_USAGE_ENABLED)) { 2413 error = -EINVAL; 2414 goto out_fmt; 2415 } 2416 if (sb_has_quota_loaded(sb, type)) { 2417 error = -EBUSY; 2418 goto out_fmt; 2419 } 2420 2421 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2422 /* As we bypass the pagecache we must now flush all the 2423 * dirty data and invalidate caches so that kernel sees 2424 * changes from userspace. It is not enough to just flush 2425 * the quota file since if blocksize < pagesize, invalidation 2426 * of the cache could fail because of other unrelated dirty 2427 * data */ 2428 sync_filesystem(sb); 2429 invalidate_bdev(sb->s_bdev); 2430 } 2431 2432 error = -EINVAL; 2433 if (!fmt->qf_ops->check_quota_file(sb, type)) 2434 goto out_fmt; 2435 2436 dqopt->ops[type] = fmt->qf_ops; 2437 dqopt->info[type].dqi_format = fmt; 2438 dqopt->info[type].dqi_fmt_id = format_id; 2439 INIT_LIST_HEAD(&dqopt->info[type].dqi_dirty_list); 2440 error = dqopt->ops[type]->read_file_info(sb, type); 2441 if (error < 0) 2442 goto out_fmt; 2443 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) { 2444 spin_lock(&dq_data_lock); 2445 dqopt->info[type].dqi_flags |= DQF_SYS_FILE; 2446 spin_unlock(&dq_data_lock); 2447 } 2448 spin_lock(&dq_state_lock); 2449 dqopt->flags |= dquot_state_flag(flags, type); 2450 spin_unlock(&dq_state_lock); 2451 2452 error = add_dquot_ref(sb, type); 2453 if (error) 2454 dquot_disable(sb, type, 2455 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2456 2457 return error; 2458 out_fmt: 2459 put_quota_format(fmt); 2460 2461 return error; 2462 } 2463 EXPORT_SYMBOL(dquot_load_quota_sb); 2464 2465 /* 2466 * More powerful function for turning on quotas on given quota inode allowing 2467 * setting of individual quota flags 2468 */ 2469 int dquot_load_quota_inode(struct inode *inode, int type, int format_id, 2470 unsigned int flags) 2471 { 2472 int err; 2473 2474 err = vfs_setup_quota_inode(inode, type); 2475 if (err < 0) 2476 return err; 2477 err = dquot_load_quota_sb(inode->i_sb, type, format_id, flags); 2478 if (err < 0) 2479 vfs_cleanup_quota_inode(inode->i_sb, type); 2480 return err; 2481 } 2482 EXPORT_SYMBOL(dquot_load_quota_inode); 2483 2484 /* Reenable quotas on remount RW */ 2485 int dquot_resume(struct super_block *sb, int type) 2486 { 2487 struct quota_info *dqopt = sb_dqopt(sb); 2488 int ret = 0, cnt; 2489 unsigned int flags; 2490 2491 /* s_umount should be held in exclusive mode */ 2492 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount))) 2493 up_read(&sb->s_umount); 2494 2495 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2496 if (type != -1 && cnt != type) 2497 continue; 2498 if (!sb_has_quota_suspended(sb, cnt)) 2499 continue; 2500 2501 spin_lock(&dq_state_lock); 2502 flags = dqopt->flags & dquot_state_flag(DQUOT_USAGE_ENABLED | 2503 DQUOT_LIMITS_ENABLED, 2504 cnt); 2505 dqopt->flags &= ~dquot_state_flag(DQUOT_STATE_FLAGS, cnt); 2506 spin_unlock(&dq_state_lock); 2507 2508 flags = dquot_generic_flag(flags, cnt); 2509 ret = dquot_load_quota_sb(sb, cnt, dqopt->info[cnt].dqi_fmt_id, 2510 flags); 2511 if (ret < 0) 2512 vfs_cleanup_quota_inode(sb, cnt); 2513 } 2514 2515 return ret; 2516 } 2517 EXPORT_SYMBOL(dquot_resume); 2518 2519 int dquot_quota_on(struct super_block *sb, int type, int format_id, 2520 const struct path *path) 2521 { 2522 int error = security_quota_on(path->dentry); 2523 if (error) 2524 return error; 2525 /* Quota file not on the same filesystem? */ 2526 if (path->dentry->d_sb != sb) 2527 error = -EXDEV; 2528 else 2529 error = dquot_load_quota_inode(d_inode(path->dentry), type, 2530 format_id, DQUOT_USAGE_ENABLED | 2531 DQUOT_LIMITS_ENABLED); 2532 return error; 2533 } 2534 EXPORT_SYMBOL(dquot_quota_on); 2535 2536 /* 2537 * This function is used when filesystem needs to initialize quotas 2538 * during mount time. 2539 */ 2540 int dquot_quota_on_mount(struct super_block *sb, char *qf_name, 2541 int format_id, int type) 2542 { 2543 struct dentry *dentry; 2544 int error; 2545 2546 dentry = lookup_positive_unlocked(qf_name, sb->s_root, strlen(qf_name)); 2547 if (IS_ERR(dentry)) 2548 return PTR_ERR(dentry); 2549 2550 error = security_quota_on(dentry); 2551 if (!error) 2552 error = dquot_load_quota_inode(d_inode(dentry), type, format_id, 2553 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2554 2555 dput(dentry); 2556 return error; 2557 } 2558 EXPORT_SYMBOL(dquot_quota_on_mount); 2559 2560 static int dquot_quota_enable(struct super_block *sb, unsigned int flags) 2561 { 2562 int ret; 2563 int type; 2564 struct quota_info *dqopt = sb_dqopt(sb); 2565 2566 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) 2567 return -ENOSYS; 2568 /* Accounting cannot be turned on while fs is mounted */ 2569 flags &= ~(FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT); 2570 if (!flags) 2571 return -EINVAL; 2572 for (type = 0; type < MAXQUOTAS; type++) { 2573 if (!(flags & qtype_enforce_flag(type))) 2574 continue; 2575 /* Can't enforce without accounting */ 2576 if (!sb_has_quota_usage_enabled(sb, type)) { 2577 ret = -EINVAL; 2578 goto out_err; 2579 } 2580 if (sb_has_quota_limits_enabled(sb, type)) { 2581 ret = -EBUSY; 2582 goto out_err; 2583 } 2584 spin_lock(&dq_state_lock); 2585 dqopt->flags |= dquot_state_flag(DQUOT_LIMITS_ENABLED, type); 2586 spin_unlock(&dq_state_lock); 2587 } 2588 return 0; 2589 out_err: 2590 /* Backout enforcement enablement we already did */ 2591 for (type--; type >= 0; type--) { 2592 if (flags & qtype_enforce_flag(type)) 2593 dquot_disable(sb, type, DQUOT_LIMITS_ENABLED); 2594 } 2595 /* Error code translation for better compatibility with XFS */ 2596 if (ret == -EBUSY) 2597 ret = -EEXIST; 2598 return ret; 2599 } 2600 2601 static int dquot_quota_disable(struct super_block *sb, unsigned int flags) 2602 { 2603 int ret; 2604 int type; 2605 struct quota_info *dqopt = sb_dqopt(sb); 2606 2607 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) 2608 return -ENOSYS; 2609 /* 2610 * We don't support turning off accounting via quotactl. In principle 2611 * quota infrastructure can do this but filesystems don't expect 2612 * userspace to be able to do it. 2613 */ 2614 if (flags & 2615 (FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT)) 2616 return -EOPNOTSUPP; 2617 2618 /* Filter out limits not enabled */ 2619 for (type = 0; type < MAXQUOTAS; type++) 2620 if (!sb_has_quota_limits_enabled(sb, type)) 2621 flags &= ~qtype_enforce_flag(type); 2622 /* Nothing left? */ 2623 if (!flags) 2624 return -EEXIST; 2625 for (type = 0; type < MAXQUOTAS; type++) { 2626 if (flags & qtype_enforce_flag(type)) { 2627 ret = dquot_disable(sb, type, DQUOT_LIMITS_ENABLED); 2628 if (ret < 0) 2629 goto out_err; 2630 } 2631 } 2632 return 0; 2633 out_err: 2634 /* Backout enforcement disabling we already did */ 2635 for (type--; type >= 0; type--) { 2636 if (flags & qtype_enforce_flag(type)) { 2637 spin_lock(&dq_state_lock); 2638 dqopt->flags |= 2639 dquot_state_flag(DQUOT_LIMITS_ENABLED, type); 2640 spin_unlock(&dq_state_lock); 2641 } 2642 } 2643 return ret; 2644 } 2645 2646 /* Generic routine for getting common part of quota structure */ 2647 static void do_get_dqblk(struct dquot *dquot, struct qc_dqblk *di) 2648 { 2649 struct mem_dqblk *dm = &dquot->dq_dqb; 2650 2651 memset(di, 0, sizeof(*di)); 2652 spin_lock(&dquot->dq_dqb_lock); 2653 di->d_spc_hardlimit = dm->dqb_bhardlimit; 2654 di->d_spc_softlimit = dm->dqb_bsoftlimit; 2655 di->d_ino_hardlimit = dm->dqb_ihardlimit; 2656 di->d_ino_softlimit = dm->dqb_isoftlimit; 2657 di->d_space = dm->dqb_curspace + dm->dqb_rsvspace; 2658 di->d_ino_count = dm->dqb_curinodes; 2659 di->d_spc_timer = dm->dqb_btime; 2660 di->d_ino_timer = dm->dqb_itime; 2661 spin_unlock(&dquot->dq_dqb_lock); 2662 } 2663 2664 int dquot_get_dqblk(struct super_block *sb, struct kqid qid, 2665 struct qc_dqblk *di) 2666 { 2667 struct dquot *dquot; 2668 2669 dquot = dqget(sb, qid); 2670 if (IS_ERR(dquot)) 2671 return PTR_ERR(dquot); 2672 do_get_dqblk(dquot, di); 2673 dqput(dquot); 2674 2675 return 0; 2676 } 2677 EXPORT_SYMBOL(dquot_get_dqblk); 2678 2679 int dquot_get_next_dqblk(struct super_block *sb, struct kqid *qid, 2680 struct qc_dqblk *di) 2681 { 2682 struct dquot *dquot; 2683 int err; 2684 2685 if (!sb->dq_op->get_next_id) 2686 return -ENOSYS; 2687 err = sb->dq_op->get_next_id(sb, qid); 2688 if (err < 0) 2689 return err; 2690 dquot = dqget(sb, *qid); 2691 if (IS_ERR(dquot)) 2692 return PTR_ERR(dquot); 2693 do_get_dqblk(dquot, di); 2694 dqput(dquot); 2695 2696 return 0; 2697 } 2698 EXPORT_SYMBOL(dquot_get_next_dqblk); 2699 2700 #define VFS_QC_MASK \ 2701 (QC_SPACE | QC_SPC_SOFT | QC_SPC_HARD | \ 2702 QC_INO_COUNT | QC_INO_SOFT | QC_INO_HARD | \ 2703 QC_SPC_TIMER | QC_INO_TIMER) 2704 2705 /* Generic routine for setting common part of quota structure */ 2706 static int do_set_dqblk(struct dquot *dquot, struct qc_dqblk *di) 2707 { 2708 struct mem_dqblk *dm = &dquot->dq_dqb; 2709 int check_blim = 0, check_ilim = 0; 2710 struct mem_dqinfo *dqi = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type]; 2711 2712 if (di->d_fieldmask & ~VFS_QC_MASK) 2713 return -EINVAL; 2714 2715 if (((di->d_fieldmask & QC_SPC_SOFT) && 2716 di->d_spc_softlimit > dqi->dqi_max_spc_limit) || 2717 ((di->d_fieldmask & QC_SPC_HARD) && 2718 di->d_spc_hardlimit > dqi->dqi_max_spc_limit) || 2719 ((di->d_fieldmask & QC_INO_SOFT) && 2720 (di->d_ino_softlimit > dqi->dqi_max_ino_limit)) || 2721 ((di->d_fieldmask & QC_INO_HARD) && 2722 (di->d_ino_hardlimit > dqi->dqi_max_ino_limit))) 2723 return -ERANGE; 2724 2725 spin_lock(&dquot->dq_dqb_lock); 2726 if (di->d_fieldmask & QC_SPACE) { 2727 dm->dqb_curspace = di->d_space - dm->dqb_rsvspace; 2728 check_blim = 1; 2729 set_bit(DQ_LASTSET_B + QIF_SPACE_B, &dquot->dq_flags); 2730 } 2731 2732 if (di->d_fieldmask & QC_SPC_SOFT) 2733 dm->dqb_bsoftlimit = di->d_spc_softlimit; 2734 if (di->d_fieldmask & QC_SPC_HARD) 2735 dm->dqb_bhardlimit = di->d_spc_hardlimit; 2736 if (di->d_fieldmask & (QC_SPC_SOFT | QC_SPC_HARD)) { 2737 check_blim = 1; 2738 set_bit(DQ_LASTSET_B + QIF_BLIMITS_B, &dquot->dq_flags); 2739 } 2740 2741 if (di->d_fieldmask & QC_INO_COUNT) { 2742 dm->dqb_curinodes = di->d_ino_count; 2743 check_ilim = 1; 2744 set_bit(DQ_LASTSET_B + QIF_INODES_B, &dquot->dq_flags); 2745 } 2746 2747 if (di->d_fieldmask & QC_INO_SOFT) 2748 dm->dqb_isoftlimit = di->d_ino_softlimit; 2749 if (di->d_fieldmask & QC_INO_HARD) 2750 dm->dqb_ihardlimit = di->d_ino_hardlimit; 2751 if (di->d_fieldmask & (QC_INO_SOFT | QC_INO_HARD)) { 2752 check_ilim = 1; 2753 set_bit(DQ_LASTSET_B + QIF_ILIMITS_B, &dquot->dq_flags); 2754 } 2755 2756 if (di->d_fieldmask & QC_SPC_TIMER) { 2757 dm->dqb_btime = di->d_spc_timer; 2758 check_blim = 1; 2759 set_bit(DQ_LASTSET_B + QIF_BTIME_B, &dquot->dq_flags); 2760 } 2761 2762 if (di->d_fieldmask & QC_INO_TIMER) { 2763 dm->dqb_itime = di->d_ino_timer; 2764 check_ilim = 1; 2765 set_bit(DQ_LASTSET_B + QIF_ITIME_B, &dquot->dq_flags); 2766 } 2767 2768 if (check_blim) { 2769 if (!dm->dqb_bsoftlimit || 2770 dm->dqb_curspace + dm->dqb_rsvspace <= dm->dqb_bsoftlimit) { 2771 dm->dqb_btime = 0; 2772 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 2773 } else if (!(di->d_fieldmask & QC_SPC_TIMER)) 2774 /* Set grace only if user hasn't provided his own... */ 2775 dm->dqb_btime = ktime_get_real_seconds() + dqi->dqi_bgrace; 2776 } 2777 if (check_ilim) { 2778 if (!dm->dqb_isoftlimit || 2779 dm->dqb_curinodes <= dm->dqb_isoftlimit) { 2780 dm->dqb_itime = 0; 2781 clear_bit(DQ_INODES_B, &dquot->dq_flags); 2782 } else if (!(di->d_fieldmask & QC_INO_TIMER)) 2783 /* Set grace only if user hasn't provided his own... */ 2784 dm->dqb_itime = ktime_get_real_seconds() + dqi->dqi_igrace; 2785 } 2786 if (dm->dqb_bhardlimit || dm->dqb_bsoftlimit || dm->dqb_ihardlimit || 2787 dm->dqb_isoftlimit) 2788 clear_bit(DQ_FAKE_B, &dquot->dq_flags); 2789 else 2790 set_bit(DQ_FAKE_B, &dquot->dq_flags); 2791 spin_unlock(&dquot->dq_dqb_lock); 2792 mark_dquot_dirty(dquot); 2793 2794 return 0; 2795 } 2796 2797 int dquot_set_dqblk(struct super_block *sb, struct kqid qid, 2798 struct qc_dqblk *di) 2799 { 2800 struct dquot *dquot; 2801 int rc; 2802 2803 dquot = dqget(sb, qid); 2804 if (IS_ERR(dquot)) { 2805 rc = PTR_ERR(dquot); 2806 goto out; 2807 } 2808 rc = do_set_dqblk(dquot, di); 2809 dqput(dquot); 2810 out: 2811 return rc; 2812 } 2813 EXPORT_SYMBOL(dquot_set_dqblk); 2814 2815 /* Generic routine for getting common part of quota file information */ 2816 int dquot_get_state(struct super_block *sb, struct qc_state *state) 2817 { 2818 struct mem_dqinfo *mi; 2819 struct qc_type_state *tstate; 2820 struct quota_info *dqopt = sb_dqopt(sb); 2821 int type; 2822 2823 memset(state, 0, sizeof(*state)); 2824 for (type = 0; type < MAXQUOTAS; type++) { 2825 if (!sb_has_quota_active(sb, type)) 2826 continue; 2827 tstate = state->s_state + type; 2828 mi = sb_dqopt(sb)->info + type; 2829 tstate->flags = QCI_ACCT_ENABLED; 2830 spin_lock(&dq_data_lock); 2831 if (mi->dqi_flags & DQF_SYS_FILE) 2832 tstate->flags |= QCI_SYSFILE; 2833 if (mi->dqi_flags & DQF_ROOT_SQUASH) 2834 tstate->flags |= QCI_ROOT_SQUASH; 2835 if (sb_has_quota_limits_enabled(sb, type)) 2836 tstate->flags |= QCI_LIMITS_ENFORCED; 2837 tstate->spc_timelimit = mi->dqi_bgrace; 2838 tstate->ino_timelimit = mi->dqi_igrace; 2839 if (dqopt->files[type]) { 2840 tstate->ino = dqopt->files[type]->i_ino; 2841 tstate->blocks = dqopt->files[type]->i_blocks; 2842 } 2843 tstate->nextents = 1; /* We don't know... */ 2844 spin_unlock(&dq_data_lock); 2845 } 2846 return 0; 2847 } 2848 EXPORT_SYMBOL(dquot_get_state); 2849 2850 /* Generic routine for setting common part of quota file information */ 2851 int dquot_set_dqinfo(struct super_block *sb, int type, struct qc_info *ii) 2852 { 2853 struct mem_dqinfo *mi; 2854 2855 if ((ii->i_fieldmask & QC_WARNS_MASK) || 2856 (ii->i_fieldmask & QC_RT_SPC_TIMER)) 2857 return -EINVAL; 2858 if (!sb_has_quota_active(sb, type)) 2859 return -ESRCH; 2860 mi = sb_dqopt(sb)->info + type; 2861 if (ii->i_fieldmask & QC_FLAGS) { 2862 if ((ii->i_flags & QCI_ROOT_SQUASH && 2863 mi->dqi_format->qf_fmt_id != QFMT_VFS_OLD)) 2864 return -EINVAL; 2865 } 2866 spin_lock(&dq_data_lock); 2867 if (ii->i_fieldmask & QC_SPC_TIMER) 2868 mi->dqi_bgrace = ii->i_spc_timelimit; 2869 if (ii->i_fieldmask & QC_INO_TIMER) 2870 mi->dqi_igrace = ii->i_ino_timelimit; 2871 if (ii->i_fieldmask & QC_FLAGS) { 2872 if (ii->i_flags & QCI_ROOT_SQUASH) 2873 mi->dqi_flags |= DQF_ROOT_SQUASH; 2874 else 2875 mi->dqi_flags &= ~DQF_ROOT_SQUASH; 2876 } 2877 spin_unlock(&dq_data_lock); 2878 mark_info_dirty(sb, type); 2879 /* Force write to disk */ 2880 return sb->dq_op->write_info(sb, type); 2881 } 2882 EXPORT_SYMBOL(dquot_set_dqinfo); 2883 2884 const struct quotactl_ops dquot_quotactl_sysfile_ops = { 2885 .quota_enable = dquot_quota_enable, 2886 .quota_disable = dquot_quota_disable, 2887 .quota_sync = dquot_quota_sync, 2888 .get_state = dquot_get_state, 2889 .set_info = dquot_set_dqinfo, 2890 .get_dqblk = dquot_get_dqblk, 2891 .get_nextdqblk = dquot_get_next_dqblk, 2892 .set_dqblk = dquot_set_dqblk 2893 }; 2894 EXPORT_SYMBOL(dquot_quotactl_sysfile_ops); 2895 2896 static int do_proc_dqstats(struct ctl_table *table, int write, 2897 void *buffer, size_t *lenp, loff_t *ppos) 2898 { 2899 unsigned int type = (unsigned long *)table->data - dqstats.stat; 2900 s64 value = percpu_counter_sum(&dqstats.counter[type]); 2901 2902 /* Filter negative values for non-monotonic counters */ 2903 if (value < 0 && (type == DQST_ALLOC_DQUOTS || 2904 type == DQST_FREE_DQUOTS)) 2905 value = 0; 2906 2907 /* Update global table */ 2908 dqstats.stat[type] = value; 2909 return proc_doulongvec_minmax(table, write, buffer, lenp, ppos); 2910 } 2911 2912 static struct ctl_table fs_dqstats_table[] = { 2913 { 2914 .procname = "lookups", 2915 .data = &dqstats.stat[DQST_LOOKUPS], 2916 .maxlen = sizeof(unsigned long), 2917 .mode = 0444, 2918 .proc_handler = do_proc_dqstats, 2919 }, 2920 { 2921 .procname = "drops", 2922 .data = &dqstats.stat[DQST_DROPS], 2923 .maxlen = sizeof(unsigned long), 2924 .mode = 0444, 2925 .proc_handler = do_proc_dqstats, 2926 }, 2927 { 2928 .procname = "reads", 2929 .data = &dqstats.stat[DQST_READS], 2930 .maxlen = sizeof(unsigned long), 2931 .mode = 0444, 2932 .proc_handler = do_proc_dqstats, 2933 }, 2934 { 2935 .procname = "writes", 2936 .data = &dqstats.stat[DQST_WRITES], 2937 .maxlen = sizeof(unsigned long), 2938 .mode = 0444, 2939 .proc_handler = do_proc_dqstats, 2940 }, 2941 { 2942 .procname = "cache_hits", 2943 .data = &dqstats.stat[DQST_CACHE_HITS], 2944 .maxlen = sizeof(unsigned long), 2945 .mode = 0444, 2946 .proc_handler = do_proc_dqstats, 2947 }, 2948 { 2949 .procname = "allocated_dquots", 2950 .data = &dqstats.stat[DQST_ALLOC_DQUOTS], 2951 .maxlen = sizeof(unsigned long), 2952 .mode = 0444, 2953 .proc_handler = do_proc_dqstats, 2954 }, 2955 { 2956 .procname = "free_dquots", 2957 .data = &dqstats.stat[DQST_FREE_DQUOTS], 2958 .maxlen = sizeof(unsigned long), 2959 .mode = 0444, 2960 .proc_handler = do_proc_dqstats, 2961 }, 2962 { 2963 .procname = "syncs", 2964 .data = &dqstats.stat[DQST_SYNCS], 2965 .maxlen = sizeof(unsigned long), 2966 .mode = 0444, 2967 .proc_handler = do_proc_dqstats, 2968 }, 2969 #ifdef CONFIG_PRINT_QUOTA_WARNING 2970 { 2971 .procname = "warnings", 2972 .data = &flag_print_warnings, 2973 .maxlen = sizeof(int), 2974 .mode = 0644, 2975 .proc_handler = proc_dointvec, 2976 }, 2977 #endif 2978 { }, 2979 }; 2980 2981 static int __init dquot_init(void) 2982 { 2983 int i, ret; 2984 unsigned long nr_hash, order; 2985 2986 printk(KERN_NOTICE "VFS: Disk quotas %s\n", __DQUOT_VERSION__); 2987 2988 register_sysctl_init("fs/quota", fs_dqstats_table); 2989 2990 dquot_cachep = kmem_cache_create("dquot", 2991 sizeof(struct dquot), sizeof(unsigned long) * 4, 2992 (SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT| 2993 SLAB_MEM_SPREAD|SLAB_PANIC), 2994 NULL); 2995 2996 order = 0; 2997 dquot_hash = (struct hlist_head *)__get_free_pages(GFP_KERNEL, order); 2998 if (!dquot_hash) 2999 panic("Cannot create dquot hash table"); 3000 3001 for (i = 0; i < _DQST_DQSTAT_LAST; i++) { 3002 ret = percpu_counter_init(&dqstats.counter[i], 0, GFP_KERNEL); 3003 if (ret) 3004 panic("Cannot create dquot stat counters"); 3005 } 3006 3007 /* Find power-of-two hlist_heads which can fit into allocation */ 3008 nr_hash = (1UL << order) * PAGE_SIZE / sizeof(struct hlist_head); 3009 dq_hash_bits = ilog2(nr_hash); 3010 3011 nr_hash = 1UL << dq_hash_bits; 3012 dq_hash_mask = nr_hash - 1; 3013 for (i = 0; i < nr_hash; i++) 3014 INIT_HLIST_HEAD(dquot_hash + i); 3015 3016 pr_info("VFS: Dquot-cache hash table entries: %ld (order %ld," 3017 " %ld bytes)\n", nr_hash, order, (PAGE_SIZE << order)); 3018 3019 if (register_shrinker(&dqcache_shrinker, "dquota-cache")) 3020 panic("Cannot register dquot shrinker"); 3021 3022 return 0; 3023 } 3024 fs_initcall(dquot_init); 3025