1 /* 2 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 3 * All Rights Reserved. 4 * 5 * This program is free software; you can redistribute it and/or 6 * modify it under the terms of the GNU General Public License as 7 * published by the Free Software Foundation. 8 * 9 * This program is distributed in the hope that it would be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, write the Free Software Foundation, 16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 */ 18 #include "xfs.h" 19 #include "xfs_fs.h" 20 #include "xfs_shared.h" 21 #include "xfs_format.h" 22 #include "xfs_log_format.h" 23 #include "xfs_trans_resv.h" 24 #include "xfs_bit.h" 25 #include "xfs_sb.h" 26 #include "xfs_mount.h" 27 #include "xfs_inode.h" 28 #include "xfs_ialloc.h" 29 #include "xfs_itable.h" 30 #include "xfs_quota.h" 31 #include "xfs_error.h" 32 #include "xfs_bmap.h" 33 #include "xfs_bmap_btree.h" 34 #include "xfs_trans.h" 35 #include "xfs_trans_space.h" 36 #include "xfs_qm.h" 37 #include "xfs_trace.h" 38 #include "xfs_icache.h" 39 #include "xfs_cksum.h" 40 41 /* 42 * The global quota manager. There is only one of these for the entire 43 * system, _not_ one per file system. XQM keeps track of the overall 44 * quota functionality, including maintaining the freelist and hash 45 * tables of dquots. 46 */ 47 STATIC int xfs_qm_init_quotainos(xfs_mount_t *); 48 STATIC int xfs_qm_init_quotainfo(xfs_mount_t *); 49 50 51 STATIC void xfs_qm_dqfree_one(struct xfs_dquot *dqp); 52 /* 53 * We use the batch lookup interface to iterate over the dquots as it 54 * currently is the only interface into the radix tree code that allows 55 * fuzzy lookups instead of exact matches. Holding the lock over multiple 56 * operations is fine as all callers are used either during mount/umount 57 * or quotaoff. 58 */ 59 #define XFS_DQ_LOOKUP_BATCH 32 60 61 STATIC int 62 xfs_qm_dquot_walk( 63 struct xfs_mount *mp, 64 int type, 65 int (*execute)(struct xfs_dquot *dqp, void *data), 66 void *data) 67 { 68 struct xfs_quotainfo *qi = mp->m_quotainfo; 69 struct radix_tree_root *tree = xfs_dquot_tree(qi, type); 70 uint32_t next_index; 71 int last_error = 0; 72 int skipped; 73 int nr_found; 74 75 restart: 76 skipped = 0; 77 next_index = 0; 78 nr_found = 0; 79 80 while (1) { 81 struct xfs_dquot *batch[XFS_DQ_LOOKUP_BATCH]; 82 int error = 0; 83 int i; 84 85 mutex_lock(&qi->qi_tree_lock); 86 nr_found = radix_tree_gang_lookup(tree, (void **)batch, 87 next_index, XFS_DQ_LOOKUP_BATCH); 88 if (!nr_found) { 89 mutex_unlock(&qi->qi_tree_lock); 90 break; 91 } 92 93 for (i = 0; i < nr_found; i++) { 94 struct xfs_dquot *dqp = batch[i]; 95 96 next_index = be32_to_cpu(dqp->q_core.d_id) + 1; 97 98 error = execute(batch[i], data); 99 if (error == -EAGAIN) { 100 skipped++; 101 continue; 102 } 103 if (error && last_error != -EFSCORRUPTED) 104 last_error = error; 105 } 106 107 mutex_unlock(&qi->qi_tree_lock); 108 109 /* bail out if the filesystem is corrupted. */ 110 if (last_error == -EFSCORRUPTED) { 111 skipped = 0; 112 break; 113 } 114 } 115 116 if (skipped) { 117 delay(1); 118 goto restart; 119 } 120 121 return last_error; 122 } 123 124 125 /* 126 * Purge a dquot from all tracking data structures and free it. 127 */ 128 STATIC int 129 xfs_qm_dqpurge( 130 struct xfs_dquot *dqp, 131 void *data) 132 { 133 struct xfs_mount *mp = dqp->q_mount; 134 struct xfs_quotainfo *qi = mp->m_quotainfo; 135 136 xfs_dqlock(dqp); 137 if ((dqp->dq_flags & XFS_DQ_FREEING) || dqp->q_nrefs != 0) { 138 xfs_dqunlock(dqp); 139 return -EAGAIN; 140 } 141 142 dqp->dq_flags |= XFS_DQ_FREEING; 143 144 xfs_dqflock(dqp); 145 146 /* 147 * If we are turning this type of quotas off, we don't care 148 * about the dirty metadata sitting in this dquot. OTOH, if 149 * we're unmounting, we do care, so we flush it and wait. 150 */ 151 if (XFS_DQ_IS_DIRTY(dqp)) { 152 struct xfs_buf *bp = NULL; 153 int error; 154 155 /* 156 * We don't care about getting disk errors here. We need 157 * to purge this dquot anyway, so we go ahead regardless. 158 */ 159 error = xfs_qm_dqflush(dqp, &bp); 160 if (error) { 161 xfs_warn(mp, "%s: dquot %p flush failed", 162 __func__, dqp); 163 } else { 164 error = xfs_bwrite(bp); 165 xfs_buf_relse(bp); 166 } 167 xfs_dqflock(dqp); 168 } 169 170 ASSERT(atomic_read(&dqp->q_pincount) == 0); 171 ASSERT(XFS_FORCED_SHUTDOWN(mp) || 172 !(dqp->q_logitem.qli_item.li_flags & XFS_LI_IN_AIL)); 173 174 xfs_dqfunlock(dqp); 175 xfs_dqunlock(dqp); 176 177 radix_tree_delete(xfs_dquot_tree(qi, dqp->q_core.d_flags), 178 be32_to_cpu(dqp->q_core.d_id)); 179 qi->qi_dquots--; 180 181 /* 182 * We move dquots to the freelist as soon as their reference count 183 * hits zero, so it really should be on the freelist here. 184 */ 185 ASSERT(!list_empty(&dqp->q_lru)); 186 list_lru_del(&qi->qi_lru, &dqp->q_lru); 187 XFS_STATS_DEC(xs_qm_dquot_unused); 188 189 xfs_qm_dqdestroy(dqp); 190 return 0; 191 } 192 193 /* 194 * Purge the dquot cache. 195 */ 196 void 197 xfs_qm_dqpurge_all( 198 struct xfs_mount *mp, 199 uint flags) 200 { 201 if (flags & XFS_QMOPT_UQUOTA) 202 xfs_qm_dquot_walk(mp, XFS_DQ_USER, xfs_qm_dqpurge, NULL); 203 if (flags & XFS_QMOPT_GQUOTA) 204 xfs_qm_dquot_walk(mp, XFS_DQ_GROUP, xfs_qm_dqpurge, NULL); 205 if (flags & XFS_QMOPT_PQUOTA) 206 xfs_qm_dquot_walk(mp, XFS_DQ_PROJ, xfs_qm_dqpurge, NULL); 207 } 208 209 /* 210 * Just destroy the quotainfo structure. 211 */ 212 void 213 xfs_qm_unmount( 214 struct xfs_mount *mp) 215 { 216 if (mp->m_quotainfo) { 217 xfs_qm_dqpurge_all(mp, XFS_QMOPT_QUOTALL); 218 xfs_qm_destroy_quotainfo(mp); 219 } 220 } 221 222 /* 223 * Called from the vfsops layer. 224 */ 225 void 226 xfs_qm_unmount_quotas( 227 xfs_mount_t *mp) 228 { 229 /* 230 * Release the dquots that root inode, et al might be holding, 231 * before we flush quotas and blow away the quotainfo structure. 232 */ 233 ASSERT(mp->m_rootip); 234 xfs_qm_dqdetach(mp->m_rootip); 235 if (mp->m_rbmip) 236 xfs_qm_dqdetach(mp->m_rbmip); 237 if (mp->m_rsumip) 238 xfs_qm_dqdetach(mp->m_rsumip); 239 240 /* 241 * Release the quota inodes. 242 */ 243 if (mp->m_quotainfo) { 244 if (mp->m_quotainfo->qi_uquotaip) { 245 IRELE(mp->m_quotainfo->qi_uquotaip); 246 mp->m_quotainfo->qi_uquotaip = NULL; 247 } 248 if (mp->m_quotainfo->qi_gquotaip) { 249 IRELE(mp->m_quotainfo->qi_gquotaip); 250 mp->m_quotainfo->qi_gquotaip = NULL; 251 } 252 if (mp->m_quotainfo->qi_pquotaip) { 253 IRELE(mp->m_quotainfo->qi_pquotaip); 254 mp->m_quotainfo->qi_pquotaip = NULL; 255 } 256 } 257 } 258 259 STATIC int 260 xfs_qm_dqattach_one( 261 xfs_inode_t *ip, 262 xfs_dqid_t id, 263 uint type, 264 uint doalloc, 265 xfs_dquot_t **IO_idqpp) 266 { 267 xfs_dquot_t *dqp; 268 int error; 269 270 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 271 error = 0; 272 273 /* 274 * See if we already have it in the inode itself. IO_idqpp is &i_udquot 275 * or &i_gdquot. This made the code look weird, but made the logic a lot 276 * simpler. 277 */ 278 dqp = *IO_idqpp; 279 if (dqp) { 280 trace_xfs_dqattach_found(dqp); 281 return 0; 282 } 283 284 /* 285 * Find the dquot from somewhere. This bumps the reference count of 286 * dquot and returns it locked. This can return ENOENT if dquot didn't 287 * exist on disk and we didn't ask it to allocate; ESRCH if quotas got 288 * turned off suddenly. 289 */ 290 error = xfs_qm_dqget(ip->i_mount, ip, id, type, 291 doalloc | XFS_QMOPT_DOWARN, &dqp); 292 if (error) 293 return error; 294 295 trace_xfs_dqattach_get(dqp); 296 297 /* 298 * dqget may have dropped and re-acquired the ilock, but it guarantees 299 * that the dquot returned is the one that should go in the inode. 300 */ 301 *IO_idqpp = dqp; 302 xfs_dqunlock(dqp); 303 return 0; 304 } 305 306 static bool 307 xfs_qm_need_dqattach( 308 struct xfs_inode *ip) 309 { 310 struct xfs_mount *mp = ip->i_mount; 311 312 if (!XFS_IS_QUOTA_RUNNING(mp)) 313 return false; 314 if (!XFS_IS_QUOTA_ON(mp)) 315 return false; 316 if (!XFS_NOT_DQATTACHED(mp, ip)) 317 return false; 318 if (xfs_is_quota_inode(&mp->m_sb, ip->i_ino)) 319 return false; 320 return true; 321 } 322 323 /* 324 * Given a locked inode, attach dquot(s) to it, taking U/G/P-QUOTAON 325 * into account. 326 * If XFS_QMOPT_DQALLOC, the dquot(s) will be allocated if needed. 327 * Inode may get unlocked and relocked in here, and the caller must deal with 328 * the consequences. 329 */ 330 int 331 xfs_qm_dqattach_locked( 332 xfs_inode_t *ip, 333 uint flags) 334 { 335 xfs_mount_t *mp = ip->i_mount; 336 int error = 0; 337 338 if (!xfs_qm_need_dqattach(ip)) 339 return 0; 340 341 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 342 343 if (XFS_IS_UQUOTA_ON(mp) && !ip->i_udquot) { 344 error = xfs_qm_dqattach_one(ip, ip->i_d.di_uid, XFS_DQ_USER, 345 flags & XFS_QMOPT_DQALLOC, 346 &ip->i_udquot); 347 if (error) 348 goto done; 349 ASSERT(ip->i_udquot); 350 } 351 352 if (XFS_IS_GQUOTA_ON(mp) && !ip->i_gdquot) { 353 error = xfs_qm_dqattach_one(ip, ip->i_d.di_gid, XFS_DQ_GROUP, 354 flags & XFS_QMOPT_DQALLOC, 355 &ip->i_gdquot); 356 if (error) 357 goto done; 358 ASSERT(ip->i_gdquot); 359 } 360 361 if (XFS_IS_PQUOTA_ON(mp) && !ip->i_pdquot) { 362 error = xfs_qm_dqattach_one(ip, xfs_get_projid(ip), XFS_DQ_PROJ, 363 flags & XFS_QMOPT_DQALLOC, 364 &ip->i_pdquot); 365 if (error) 366 goto done; 367 ASSERT(ip->i_pdquot); 368 } 369 370 done: 371 /* 372 * Don't worry about the dquots that we may have attached before any 373 * error - they'll get detached later if it has not already been done. 374 */ 375 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 376 return error; 377 } 378 379 int 380 xfs_qm_dqattach( 381 struct xfs_inode *ip, 382 uint flags) 383 { 384 int error; 385 386 if (!xfs_qm_need_dqattach(ip)) 387 return 0; 388 389 xfs_ilock(ip, XFS_ILOCK_EXCL); 390 error = xfs_qm_dqattach_locked(ip, flags); 391 xfs_iunlock(ip, XFS_ILOCK_EXCL); 392 393 return error; 394 } 395 396 /* 397 * Release dquots (and their references) if any. 398 * The inode should be locked EXCL except when this's called by 399 * xfs_ireclaim. 400 */ 401 void 402 xfs_qm_dqdetach( 403 xfs_inode_t *ip) 404 { 405 if (!(ip->i_udquot || ip->i_gdquot || ip->i_pdquot)) 406 return; 407 408 trace_xfs_dquot_dqdetach(ip); 409 410 ASSERT(!xfs_is_quota_inode(&ip->i_mount->m_sb, ip->i_ino)); 411 if (ip->i_udquot) { 412 xfs_qm_dqrele(ip->i_udquot); 413 ip->i_udquot = NULL; 414 } 415 if (ip->i_gdquot) { 416 xfs_qm_dqrele(ip->i_gdquot); 417 ip->i_gdquot = NULL; 418 } 419 if (ip->i_pdquot) { 420 xfs_qm_dqrele(ip->i_pdquot); 421 ip->i_pdquot = NULL; 422 } 423 } 424 425 struct xfs_qm_isolate { 426 struct list_head buffers; 427 struct list_head dispose; 428 }; 429 430 static enum lru_status 431 xfs_qm_dquot_isolate( 432 struct list_head *item, 433 struct list_lru_one *lru, 434 spinlock_t *lru_lock, 435 void *arg) 436 __releases(lru_lock) __acquires(lru_lock) 437 { 438 struct xfs_dquot *dqp = container_of(item, 439 struct xfs_dquot, q_lru); 440 struct xfs_qm_isolate *isol = arg; 441 442 if (!xfs_dqlock_nowait(dqp)) 443 goto out_miss_busy; 444 445 /* 446 * This dquot has acquired a reference in the meantime remove it from 447 * the freelist and try again. 448 */ 449 if (dqp->q_nrefs) { 450 xfs_dqunlock(dqp); 451 XFS_STATS_INC(xs_qm_dqwants); 452 453 trace_xfs_dqreclaim_want(dqp); 454 list_lru_isolate(lru, &dqp->q_lru); 455 XFS_STATS_DEC(xs_qm_dquot_unused); 456 return LRU_REMOVED; 457 } 458 459 /* 460 * If the dquot is dirty, flush it. If it's already being flushed, just 461 * skip it so there is time for the IO to complete before we try to 462 * reclaim it again on the next LRU pass. 463 */ 464 if (!xfs_dqflock_nowait(dqp)) { 465 xfs_dqunlock(dqp); 466 goto out_miss_busy; 467 } 468 469 if (XFS_DQ_IS_DIRTY(dqp)) { 470 struct xfs_buf *bp = NULL; 471 int error; 472 473 trace_xfs_dqreclaim_dirty(dqp); 474 475 /* we have to drop the LRU lock to flush the dquot */ 476 spin_unlock(lru_lock); 477 478 error = xfs_qm_dqflush(dqp, &bp); 479 if (error) { 480 xfs_warn(dqp->q_mount, "%s: dquot %p flush failed", 481 __func__, dqp); 482 goto out_unlock_dirty; 483 } 484 485 xfs_buf_delwri_queue(bp, &isol->buffers); 486 xfs_buf_relse(bp); 487 goto out_unlock_dirty; 488 } 489 xfs_dqfunlock(dqp); 490 491 /* 492 * Prevent lookups now that we are past the point of no return. 493 */ 494 dqp->dq_flags |= XFS_DQ_FREEING; 495 xfs_dqunlock(dqp); 496 497 ASSERT(dqp->q_nrefs == 0); 498 list_lru_isolate_move(lru, &dqp->q_lru, &isol->dispose); 499 XFS_STATS_DEC(xs_qm_dquot_unused); 500 trace_xfs_dqreclaim_done(dqp); 501 XFS_STATS_INC(xs_qm_dqreclaims); 502 return LRU_REMOVED; 503 504 out_miss_busy: 505 trace_xfs_dqreclaim_busy(dqp); 506 XFS_STATS_INC(xs_qm_dqreclaim_misses); 507 return LRU_SKIP; 508 509 out_unlock_dirty: 510 trace_xfs_dqreclaim_busy(dqp); 511 XFS_STATS_INC(xs_qm_dqreclaim_misses); 512 xfs_dqunlock(dqp); 513 spin_lock(lru_lock); 514 return LRU_RETRY; 515 } 516 517 static unsigned long 518 xfs_qm_shrink_scan( 519 struct shrinker *shrink, 520 struct shrink_control *sc) 521 { 522 struct xfs_quotainfo *qi = container_of(shrink, 523 struct xfs_quotainfo, qi_shrinker); 524 struct xfs_qm_isolate isol; 525 unsigned long freed; 526 int error; 527 528 if ((sc->gfp_mask & (__GFP_FS|__GFP_WAIT)) != (__GFP_FS|__GFP_WAIT)) 529 return 0; 530 531 INIT_LIST_HEAD(&isol.buffers); 532 INIT_LIST_HEAD(&isol.dispose); 533 534 freed = list_lru_shrink_walk(&qi->qi_lru, sc, 535 xfs_qm_dquot_isolate, &isol); 536 537 error = xfs_buf_delwri_submit(&isol.buffers); 538 if (error) 539 xfs_warn(NULL, "%s: dquot reclaim failed", __func__); 540 541 while (!list_empty(&isol.dispose)) { 542 struct xfs_dquot *dqp; 543 544 dqp = list_first_entry(&isol.dispose, struct xfs_dquot, q_lru); 545 list_del_init(&dqp->q_lru); 546 xfs_qm_dqfree_one(dqp); 547 } 548 549 return freed; 550 } 551 552 static unsigned long 553 xfs_qm_shrink_count( 554 struct shrinker *shrink, 555 struct shrink_control *sc) 556 { 557 struct xfs_quotainfo *qi = container_of(shrink, 558 struct xfs_quotainfo, qi_shrinker); 559 560 return list_lru_shrink_count(&qi->qi_lru, sc); 561 } 562 563 /* 564 * This initializes all the quota information that's kept in the 565 * mount structure 566 */ 567 STATIC int 568 xfs_qm_init_quotainfo( 569 xfs_mount_t *mp) 570 { 571 xfs_quotainfo_t *qinf; 572 int error; 573 xfs_dquot_t *dqp; 574 575 ASSERT(XFS_IS_QUOTA_RUNNING(mp)); 576 577 qinf = mp->m_quotainfo = kmem_zalloc(sizeof(xfs_quotainfo_t), KM_SLEEP); 578 579 error = list_lru_init(&qinf->qi_lru); 580 if (error) 581 goto out_free_qinf; 582 583 /* 584 * See if quotainodes are setup, and if not, allocate them, 585 * and change the superblock accordingly. 586 */ 587 error = xfs_qm_init_quotainos(mp); 588 if (error) 589 goto out_free_lru; 590 591 INIT_RADIX_TREE(&qinf->qi_uquota_tree, GFP_NOFS); 592 INIT_RADIX_TREE(&qinf->qi_gquota_tree, GFP_NOFS); 593 INIT_RADIX_TREE(&qinf->qi_pquota_tree, GFP_NOFS); 594 mutex_init(&qinf->qi_tree_lock); 595 596 /* mutex used to serialize quotaoffs */ 597 mutex_init(&qinf->qi_quotaofflock); 598 599 /* Precalc some constants */ 600 qinf->qi_dqchunklen = XFS_FSB_TO_BB(mp, XFS_DQUOT_CLUSTER_SIZE_FSB); 601 qinf->qi_dqperchunk = xfs_calc_dquots_per_chunk(qinf->qi_dqchunklen); 602 603 mp->m_qflags |= (mp->m_sb.sb_qflags & XFS_ALL_QUOTA_CHKD); 604 605 /* 606 * We try to get the limits from the superuser's limits fields. 607 * This is quite hacky, but it is standard quota practice. 608 * 609 * We look at the USR dquot with id == 0 first, but if user quotas 610 * are not enabled we goto the GRP dquot with id == 0. 611 * We don't really care to keep separate default limits for user 612 * and group quotas, at least not at this point. 613 * 614 * Since we may not have done a quotacheck by this point, just read 615 * the dquot without attaching it to any hashtables or lists. 616 */ 617 error = xfs_qm_dqread(mp, 0, 618 XFS_IS_UQUOTA_RUNNING(mp) ? XFS_DQ_USER : 619 (XFS_IS_GQUOTA_RUNNING(mp) ? XFS_DQ_GROUP : 620 XFS_DQ_PROJ), 621 XFS_QMOPT_DOWARN, &dqp); 622 if (!error) { 623 xfs_disk_dquot_t *ddqp = &dqp->q_core; 624 625 /* 626 * The warnings and timers set the grace period given to 627 * a user or group before he or she can not perform any 628 * more writing. If it is zero, a default is used. 629 */ 630 qinf->qi_btimelimit = ddqp->d_btimer ? 631 be32_to_cpu(ddqp->d_btimer) : XFS_QM_BTIMELIMIT; 632 qinf->qi_itimelimit = ddqp->d_itimer ? 633 be32_to_cpu(ddqp->d_itimer) : XFS_QM_ITIMELIMIT; 634 qinf->qi_rtbtimelimit = ddqp->d_rtbtimer ? 635 be32_to_cpu(ddqp->d_rtbtimer) : XFS_QM_RTBTIMELIMIT; 636 qinf->qi_bwarnlimit = ddqp->d_bwarns ? 637 be16_to_cpu(ddqp->d_bwarns) : XFS_QM_BWARNLIMIT; 638 qinf->qi_iwarnlimit = ddqp->d_iwarns ? 639 be16_to_cpu(ddqp->d_iwarns) : XFS_QM_IWARNLIMIT; 640 qinf->qi_rtbwarnlimit = ddqp->d_rtbwarns ? 641 be16_to_cpu(ddqp->d_rtbwarns) : XFS_QM_RTBWARNLIMIT; 642 qinf->qi_bhardlimit = be64_to_cpu(ddqp->d_blk_hardlimit); 643 qinf->qi_bsoftlimit = be64_to_cpu(ddqp->d_blk_softlimit); 644 qinf->qi_ihardlimit = be64_to_cpu(ddqp->d_ino_hardlimit); 645 qinf->qi_isoftlimit = be64_to_cpu(ddqp->d_ino_softlimit); 646 qinf->qi_rtbhardlimit = be64_to_cpu(ddqp->d_rtb_hardlimit); 647 qinf->qi_rtbsoftlimit = be64_to_cpu(ddqp->d_rtb_softlimit); 648 649 xfs_qm_dqdestroy(dqp); 650 } else { 651 qinf->qi_btimelimit = XFS_QM_BTIMELIMIT; 652 qinf->qi_itimelimit = XFS_QM_ITIMELIMIT; 653 qinf->qi_rtbtimelimit = XFS_QM_RTBTIMELIMIT; 654 qinf->qi_bwarnlimit = XFS_QM_BWARNLIMIT; 655 qinf->qi_iwarnlimit = XFS_QM_IWARNLIMIT; 656 qinf->qi_rtbwarnlimit = XFS_QM_RTBWARNLIMIT; 657 } 658 659 qinf->qi_shrinker.count_objects = xfs_qm_shrink_count; 660 qinf->qi_shrinker.scan_objects = xfs_qm_shrink_scan; 661 qinf->qi_shrinker.seeks = DEFAULT_SEEKS; 662 qinf->qi_shrinker.flags = SHRINKER_NUMA_AWARE; 663 register_shrinker(&qinf->qi_shrinker); 664 return 0; 665 666 out_free_lru: 667 list_lru_destroy(&qinf->qi_lru); 668 out_free_qinf: 669 kmem_free(qinf); 670 mp->m_quotainfo = NULL; 671 return error; 672 } 673 674 675 /* 676 * Gets called when unmounting a filesystem or when all quotas get 677 * turned off. 678 * This purges the quota inodes, destroys locks and frees itself. 679 */ 680 void 681 xfs_qm_destroy_quotainfo( 682 xfs_mount_t *mp) 683 { 684 xfs_quotainfo_t *qi; 685 686 qi = mp->m_quotainfo; 687 ASSERT(qi != NULL); 688 689 unregister_shrinker(&qi->qi_shrinker); 690 list_lru_destroy(&qi->qi_lru); 691 692 if (qi->qi_uquotaip) { 693 IRELE(qi->qi_uquotaip); 694 qi->qi_uquotaip = NULL; /* paranoia */ 695 } 696 if (qi->qi_gquotaip) { 697 IRELE(qi->qi_gquotaip); 698 qi->qi_gquotaip = NULL; 699 } 700 if (qi->qi_pquotaip) { 701 IRELE(qi->qi_pquotaip); 702 qi->qi_pquotaip = NULL; 703 } 704 mutex_destroy(&qi->qi_quotaofflock); 705 kmem_free(qi); 706 mp->m_quotainfo = NULL; 707 } 708 709 /* 710 * Create an inode and return with a reference already taken, but unlocked 711 * This is how we create quota inodes 712 */ 713 STATIC int 714 xfs_qm_qino_alloc( 715 xfs_mount_t *mp, 716 xfs_inode_t **ip, 717 uint flags) 718 { 719 xfs_trans_t *tp; 720 int error; 721 int committed; 722 723 *ip = NULL; 724 /* 725 * With superblock that doesn't have separate pquotino, we 726 * share an inode between gquota and pquota. If the on-disk 727 * superblock has GQUOTA and the filesystem is now mounted 728 * with PQUOTA, just use sb_gquotino for sb_pquotino and 729 * vice-versa. 730 */ 731 if (!xfs_sb_version_has_pquotino(&mp->m_sb) && 732 (flags & (XFS_QMOPT_PQUOTA|XFS_QMOPT_GQUOTA))) { 733 xfs_ino_t ino = NULLFSINO; 734 735 if ((flags & XFS_QMOPT_PQUOTA) && 736 (mp->m_sb.sb_gquotino != NULLFSINO)) { 737 ino = mp->m_sb.sb_gquotino; 738 ASSERT(mp->m_sb.sb_pquotino == NULLFSINO); 739 } else if ((flags & XFS_QMOPT_GQUOTA) && 740 (mp->m_sb.sb_pquotino != NULLFSINO)) { 741 ino = mp->m_sb.sb_pquotino; 742 ASSERT(mp->m_sb.sb_gquotino == NULLFSINO); 743 } 744 if (ino != NULLFSINO) { 745 error = xfs_iget(mp, NULL, ino, 0, 0, ip); 746 if (error) 747 return error; 748 mp->m_sb.sb_gquotino = NULLFSINO; 749 mp->m_sb.sb_pquotino = NULLFSINO; 750 } 751 } 752 753 tp = xfs_trans_alloc(mp, XFS_TRANS_QM_QINOCREATE); 754 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_create, 755 XFS_QM_QINOCREATE_SPACE_RES(mp), 0); 756 if (error) { 757 xfs_trans_cancel(tp, 0); 758 return error; 759 } 760 761 if (!*ip) { 762 error = xfs_dir_ialloc(&tp, NULL, S_IFREG, 1, 0, 0, 1, ip, 763 &committed); 764 if (error) { 765 xfs_trans_cancel(tp, XFS_TRANS_RELEASE_LOG_RES | 766 XFS_TRANS_ABORT); 767 return error; 768 } 769 } 770 771 /* 772 * Make the changes in the superblock, and log those too. 773 * sbfields arg may contain fields other than *QUOTINO; 774 * VERSIONNUM for example. 775 */ 776 spin_lock(&mp->m_sb_lock); 777 if (flags & XFS_QMOPT_SBVERSION) { 778 ASSERT(!xfs_sb_version_hasquota(&mp->m_sb)); 779 780 xfs_sb_version_addquota(&mp->m_sb); 781 mp->m_sb.sb_uquotino = NULLFSINO; 782 mp->m_sb.sb_gquotino = NULLFSINO; 783 mp->m_sb.sb_pquotino = NULLFSINO; 784 785 /* qflags will get updated fully _after_ quotacheck */ 786 mp->m_sb.sb_qflags = mp->m_qflags & XFS_ALL_QUOTA_ACCT; 787 } 788 if (flags & XFS_QMOPT_UQUOTA) 789 mp->m_sb.sb_uquotino = (*ip)->i_ino; 790 else if (flags & XFS_QMOPT_GQUOTA) 791 mp->m_sb.sb_gquotino = (*ip)->i_ino; 792 else 793 mp->m_sb.sb_pquotino = (*ip)->i_ino; 794 spin_unlock(&mp->m_sb_lock); 795 xfs_log_sb(tp); 796 797 if ((error = xfs_trans_commit(tp, XFS_TRANS_RELEASE_LOG_RES))) { 798 xfs_alert(mp, "%s failed (error %d)!", __func__, error); 799 return error; 800 } 801 return 0; 802 } 803 804 805 STATIC void 806 xfs_qm_reset_dqcounts( 807 xfs_mount_t *mp, 808 xfs_buf_t *bp, 809 xfs_dqid_t id, 810 uint type) 811 { 812 struct xfs_dqblk *dqb; 813 int j; 814 815 trace_xfs_reset_dqcounts(bp, _RET_IP_); 816 817 /* 818 * Reset all counters and timers. They'll be 819 * started afresh by xfs_qm_quotacheck. 820 */ 821 #ifdef DEBUG 822 j = XFS_FSB_TO_B(mp, XFS_DQUOT_CLUSTER_SIZE_FSB); 823 do_div(j, sizeof(xfs_dqblk_t)); 824 ASSERT(mp->m_quotainfo->qi_dqperchunk == j); 825 #endif 826 dqb = bp->b_addr; 827 for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) { 828 struct xfs_disk_dquot *ddq; 829 830 ddq = (struct xfs_disk_dquot *)&dqb[j]; 831 832 /* 833 * Do a sanity check, and if needed, repair the dqblk. Don't 834 * output any warnings because it's perfectly possible to 835 * find uninitialised dquot blks. See comment in xfs_dqcheck. 836 */ 837 xfs_dqcheck(mp, ddq, id+j, type, XFS_QMOPT_DQREPAIR, 838 "xfs_quotacheck"); 839 /* 840 * Reset type in case we are reusing group quota file for 841 * project quotas or vice versa 842 */ 843 ddq->d_flags = type; 844 ddq->d_bcount = 0; 845 ddq->d_icount = 0; 846 ddq->d_rtbcount = 0; 847 ddq->d_btimer = 0; 848 ddq->d_itimer = 0; 849 ddq->d_rtbtimer = 0; 850 ddq->d_bwarns = 0; 851 ddq->d_iwarns = 0; 852 ddq->d_rtbwarns = 0; 853 854 if (xfs_sb_version_hascrc(&mp->m_sb)) { 855 xfs_update_cksum((char *)&dqb[j], 856 sizeof(struct xfs_dqblk), 857 XFS_DQUOT_CRC_OFF); 858 } 859 } 860 } 861 862 STATIC int 863 xfs_qm_dqiter_bufs( 864 struct xfs_mount *mp, 865 xfs_dqid_t firstid, 866 xfs_fsblock_t bno, 867 xfs_filblks_t blkcnt, 868 uint flags, 869 struct list_head *buffer_list) 870 { 871 struct xfs_buf *bp; 872 int error; 873 int type; 874 875 ASSERT(blkcnt > 0); 876 type = flags & XFS_QMOPT_UQUOTA ? XFS_DQ_USER : 877 (flags & XFS_QMOPT_PQUOTA ? XFS_DQ_PROJ : XFS_DQ_GROUP); 878 error = 0; 879 880 /* 881 * Blkcnt arg can be a very big number, and might even be 882 * larger than the log itself. So, we have to break it up into 883 * manageable-sized transactions. 884 * Note that we don't start a permanent transaction here; we might 885 * not be able to get a log reservation for the whole thing up front, 886 * and we don't really care to either, because we just discard 887 * everything if we were to crash in the middle of this loop. 888 */ 889 while (blkcnt--) { 890 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, 891 XFS_FSB_TO_DADDR(mp, bno), 892 mp->m_quotainfo->qi_dqchunklen, 0, &bp, 893 &xfs_dquot_buf_ops); 894 895 /* 896 * CRC and validation errors will return a EFSCORRUPTED here. If 897 * this occurs, re-read without CRC validation so that we can 898 * repair the damage via xfs_qm_reset_dqcounts(). This process 899 * will leave a trace in the log indicating corruption has 900 * been detected. 901 */ 902 if (error == -EFSCORRUPTED) { 903 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, 904 XFS_FSB_TO_DADDR(mp, bno), 905 mp->m_quotainfo->qi_dqchunklen, 0, &bp, 906 NULL); 907 } 908 909 if (error) 910 break; 911 912 /* 913 * A corrupt buffer might not have a verifier attached, so 914 * make sure we have the correct one attached before writeback 915 * occurs. 916 */ 917 bp->b_ops = &xfs_dquot_buf_ops; 918 xfs_qm_reset_dqcounts(mp, bp, firstid, type); 919 xfs_buf_delwri_queue(bp, buffer_list); 920 xfs_buf_relse(bp); 921 922 /* goto the next block. */ 923 bno++; 924 firstid += mp->m_quotainfo->qi_dqperchunk; 925 } 926 927 return error; 928 } 929 930 /* 931 * Iterate over all allocated USR/GRP/PRJ dquots in the system, calling a 932 * caller supplied function for every chunk of dquots that we find. 933 */ 934 STATIC int 935 xfs_qm_dqiterate( 936 struct xfs_mount *mp, 937 struct xfs_inode *qip, 938 uint flags, 939 struct list_head *buffer_list) 940 { 941 struct xfs_bmbt_irec *map; 942 int i, nmaps; /* number of map entries */ 943 int error; /* return value */ 944 xfs_fileoff_t lblkno; 945 xfs_filblks_t maxlblkcnt; 946 xfs_dqid_t firstid; 947 xfs_fsblock_t rablkno; 948 xfs_filblks_t rablkcnt; 949 950 error = 0; 951 /* 952 * This looks racy, but we can't keep an inode lock across a 953 * trans_reserve. But, this gets called during quotacheck, and that 954 * happens only at mount time which is single threaded. 955 */ 956 if (qip->i_d.di_nblocks == 0) 957 return 0; 958 959 map = kmem_alloc(XFS_DQITER_MAP_SIZE * sizeof(*map), KM_SLEEP); 960 961 lblkno = 0; 962 maxlblkcnt = XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes); 963 do { 964 uint lock_mode; 965 966 nmaps = XFS_DQITER_MAP_SIZE; 967 /* 968 * We aren't changing the inode itself. Just changing 969 * some of its data. No new blocks are added here, and 970 * the inode is never added to the transaction. 971 */ 972 lock_mode = xfs_ilock_data_map_shared(qip); 973 error = xfs_bmapi_read(qip, lblkno, maxlblkcnt - lblkno, 974 map, &nmaps, 0); 975 xfs_iunlock(qip, lock_mode); 976 if (error) 977 break; 978 979 ASSERT(nmaps <= XFS_DQITER_MAP_SIZE); 980 for (i = 0; i < nmaps; i++) { 981 ASSERT(map[i].br_startblock != DELAYSTARTBLOCK); 982 ASSERT(map[i].br_blockcount); 983 984 985 lblkno += map[i].br_blockcount; 986 987 if (map[i].br_startblock == HOLESTARTBLOCK) 988 continue; 989 990 firstid = (xfs_dqid_t) map[i].br_startoff * 991 mp->m_quotainfo->qi_dqperchunk; 992 /* 993 * Do a read-ahead on the next extent. 994 */ 995 if ((i+1 < nmaps) && 996 (map[i+1].br_startblock != HOLESTARTBLOCK)) { 997 rablkcnt = map[i+1].br_blockcount; 998 rablkno = map[i+1].br_startblock; 999 while (rablkcnt--) { 1000 xfs_buf_readahead(mp->m_ddev_targp, 1001 XFS_FSB_TO_DADDR(mp, rablkno), 1002 mp->m_quotainfo->qi_dqchunklen, 1003 &xfs_dquot_buf_ops); 1004 rablkno++; 1005 } 1006 } 1007 /* 1008 * Iterate thru all the blks in the extent and 1009 * reset the counters of all the dquots inside them. 1010 */ 1011 error = xfs_qm_dqiter_bufs(mp, firstid, 1012 map[i].br_startblock, 1013 map[i].br_blockcount, 1014 flags, buffer_list); 1015 if (error) 1016 goto out; 1017 } 1018 } while (nmaps > 0); 1019 1020 out: 1021 kmem_free(map); 1022 return error; 1023 } 1024 1025 /* 1026 * Called by dqusage_adjust in doing a quotacheck. 1027 * 1028 * Given the inode, and a dquot id this updates both the incore dqout as well 1029 * as the buffer copy. This is so that once the quotacheck is done, we can 1030 * just log all the buffers, as opposed to logging numerous updates to 1031 * individual dquots. 1032 */ 1033 STATIC int 1034 xfs_qm_quotacheck_dqadjust( 1035 struct xfs_inode *ip, 1036 xfs_dqid_t id, 1037 uint type, 1038 xfs_qcnt_t nblks, 1039 xfs_qcnt_t rtblks) 1040 { 1041 struct xfs_mount *mp = ip->i_mount; 1042 struct xfs_dquot *dqp; 1043 int error; 1044 1045 error = xfs_qm_dqget(mp, ip, id, type, 1046 XFS_QMOPT_DQALLOC | XFS_QMOPT_DOWARN, &dqp); 1047 if (error) { 1048 /* 1049 * Shouldn't be able to turn off quotas here. 1050 */ 1051 ASSERT(error != -ESRCH); 1052 ASSERT(error != -ENOENT); 1053 return error; 1054 } 1055 1056 trace_xfs_dqadjust(dqp); 1057 1058 /* 1059 * Adjust the inode count and the block count to reflect this inode's 1060 * resource usage. 1061 */ 1062 be64_add_cpu(&dqp->q_core.d_icount, 1); 1063 dqp->q_res_icount++; 1064 if (nblks) { 1065 be64_add_cpu(&dqp->q_core.d_bcount, nblks); 1066 dqp->q_res_bcount += nblks; 1067 } 1068 if (rtblks) { 1069 be64_add_cpu(&dqp->q_core.d_rtbcount, rtblks); 1070 dqp->q_res_rtbcount += rtblks; 1071 } 1072 1073 /* 1074 * Set default limits, adjust timers (since we changed usages) 1075 * 1076 * There are no timers for the default values set in the root dquot. 1077 */ 1078 if (dqp->q_core.d_id) { 1079 xfs_qm_adjust_dqlimits(mp, dqp); 1080 xfs_qm_adjust_dqtimers(mp, &dqp->q_core); 1081 } 1082 1083 dqp->dq_flags |= XFS_DQ_DIRTY; 1084 xfs_qm_dqput(dqp); 1085 return 0; 1086 } 1087 1088 STATIC int 1089 xfs_qm_get_rtblks( 1090 xfs_inode_t *ip, 1091 xfs_qcnt_t *O_rtblks) 1092 { 1093 xfs_filblks_t rtblks; /* total rt blks */ 1094 xfs_extnum_t idx; /* extent record index */ 1095 xfs_ifork_t *ifp; /* inode fork pointer */ 1096 xfs_extnum_t nextents; /* number of extent entries */ 1097 int error; 1098 1099 ASSERT(XFS_IS_REALTIME_INODE(ip)); 1100 ifp = XFS_IFORK_PTR(ip, XFS_DATA_FORK); 1101 if (!(ifp->if_flags & XFS_IFEXTENTS)) { 1102 if ((error = xfs_iread_extents(NULL, ip, XFS_DATA_FORK))) 1103 return error; 1104 } 1105 rtblks = 0; 1106 nextents = ifp->if_bytes / (uint)sizeof(xfs_bmbt_rec_t); 1107 for (idx = 0; idx < nextents; idx++) 1108 rtblks += xfs_bmbt_get_blockcount(xfs_iext_get_ext(ifp, idx)); 1109 *O_rtblks = (xfs_qcnt_t)rtblks; 1110 return 0; 1111 } 1112 1113 /* 1114 * callback routine supplied to bulkstat(). Given an inumber, find its 1115 * dquots and update them to account for resources taken by that inode. 1116 */ 1117 /* ARGSUSED */ 1118 STATIC int 1119 xfs_qm_dqusage_adjust( 1120 xfs_mount_t *mp, /* mount point for filesystem */ 1121 xfs_ino_t ino, /* inode number to get data for */ 1122 void __user *buffer, /* not used */ 1123 int ubsize, /* not used */ 1124 int *ubused, /* not used */ 1125 int *res) /* result code value */ 1126 { 1127 xfs_inode_t *ip; 1128 xfs_qcnt_t nblks, rtblks = 0; 1129 int error; 1130 1131 ASSERT(XFS_IS_QUOTA_RUNNING(mp)); 1132 1133 /* 1134 * rootino must have its resources accounted for, not so with the quota 1135 * inodes. 1136 */ 1137 if (xfs_is_quota_inode(&mp->m_sb, ino)) { 1138 *res = BULKSTAT_RV_NOTHING; 1139 return -EINVAL; 1140 } 1141 1142 /* 1143 * We don't _need_ to take the ilock EXCL. However, the xfs_qm_dqget 1144 * interface expects the inode to be exclusively locked because that's 1145 * the case in all other instances. It's OK that we do this because 1146 * quotacheck is done only at mount time. 1147 */ 1148 error = xfs_iget(mp, NULL, ino, 0, XFS_ILOCK_EXCL, &ip); 1149 if (error) { 1150 *res = BULKSTAT_RV_NOTHING; 1151 return error; 1152 } 1153 1154 ASSERT(ip->i_delayed_blks == 0); 1155 1156 if (XFS_IS_REALTIME_INODE(ip)) { 1157 /* 1158 * Walk thru the extent list and count the realtime blocks. 1159 */ 1160 error = xfs_qm_get_rtblks(ip, &rtblks); 1161 if (error) 1162 goto error0; 1163 } 1164 1165 nblks = (xfs_qcnt_t)ip->i_d.di_nblocks - rtblks; 1166 1167 /* 1168 * Add the (disk blocks and inode) resources occupied by this 1169 * inode to its dquots. We do this adjustment in the incore dquot, 1170 * and also copy the changes to its buffer. 1171 * We don't care about putting these changes in a transaction 1172 * envelope because if we crash in the middle of a 'quotacheck' 1173 * we have to start from the beginning anyway. 1174 * Once we're done, we'll log all the dquot bufs. 1175 * 1176 * The *QUOTA_ON checks below may look pretty racy, but quotachecks 1177 * and quotaoffs don't race. (Quotachecks happen at mount time only). 1178 */ 1179 if (XFS_IS_UQUOTA_ON(mp)) { 1180 error = xfs_qm_quotacheck_dqadjust(ip, ip->i_d.di_uid, 1181 XFS_DQ_USER, nblks, rtblks); 1182 if (error) 1183 goto error0; 1184 } 1185 1186 if (XFS_IS_GQUOTA_ON(mp)) { 1187 error = xfs_qm_quotacheck_dqadjust(ip, ip->i_d.di_gid, 1188 XFS_DQ_GROUP, nblks, rtblks); 1189 if (error) 1190 goto error0; 1191 } 1192 1193 if (XFS_IS_PQUOTA_ON(mp)) { 1194 error = xfs_qm_quotacheck_dqadjust(ip, xfs_get_projid(ip), 1195 XFS_DQ_PROJ, nblks, rtblks); 1196 if (error) 1197 goto error0; 1198 } 1199 1200 xfs_iunlock(ip, XFS_ILOCK_EXCL); 1201 IRELE(ip); 1202 *res = BULKSTAT_RV_DIDONE; 1203 return 0; 1204 1205 error0: 1206 xfs_iunlock(ip, XFS_ILOCK_EXCL); 1207 IRELE(ip); 1208 *res = BULKSTAT_RV_GIVEUP; 1209 return error; 1210 } 1211 1212 STATIC int 1213 xfs_qm_flush_one( 1214 struct xfs_dquot *dqp, 1215 void *data) 1216 { 1217 struct list_head *buffer_list = data; 1218 struct xfs_buf *bp = NULL; 1219 int error = 0; 1220 1221 xfs_dqlock(dqp); 1222 if (dqp->dq_flags & XFS_DQ_FREEING) 1223 goto out_unlock; 1224 if (!XFS_DQ_IS_DIRTY(dqp)) 1225 goto out_unlock; 1226 1227 xfs_dqflock(dqp); 1228 error = xfs_qm_dqflush(dqp, &bp); 1229 if (error) 1230 goto out_unlock; 1231 1232 xfs_buf_delwri_queue(bp, buffer_list); 1233 xfs_buf_relse(bp); 1234 out_unlock: 1235 xfs_dqunlock(dqp); 1236 return error; 1237 } 1238 1239 /* 1240 * Walk thru all the filesystem inodes and construct a consistent view 1241 * of the disk quota world. If the quotacheck fails, disable quotas. 1242 */ 1243 STATIC int 1244 xfs_qm_quotacheck( 1245 xfs_mount_t *mp) 1246 { 1247 int done, count, error, error2; 1248 xfs_ino_t lastino; 1249 size_t structsz; 1250 uint flags; 1251 LIST_HEAD (buffer_list); 1252 struct xfs_inode *uip = mp->m_quotainfo->qi_uquotaip; 1253 struct xfs_inode *gip = mp->m_quotainfo->qi_gquotaip; 1254 struct xfs_inode *pip = mp->m_quotainfo->qi_pquotaip; 1255 1256 count = INT_MAX; 1257 structsz = 1; 1258 lastino = 0; 1259 flags = 0; 1260 1261 ASSERT(uip || gip || pip); 1262 ASSERT(XFS_IS_QUOTA_RUNNING(mp)); 1263 1264 xfs_notice(mp, "Quotacheck needed: Please wait."); 1265 1266 /* 1267 * First we go thru all the dquots on disk, USR and GRP/PRJ, and reset 1268 * their counters to zero. We need a clean slate. 1269 * We don't log our changes till later. 1270 */ 1271 if (uip) { 1272 error = xfs_qm_dqiterate(mp, uip, XFS_QMOPT_UQUOTA, 1273 &buffer_list); 1274 if (error) 1275 goto error_return; 1276 flags |= XFS_UQUOTA_CHKD; 1277 } 1278 1279 if (gip) { 1280 error = xfs_qm_dqiterate(mp, gip, XFS_QMOPT_GQUOTA, 1281 &buffer_list); 1282 if (error) 1283 goto error_return; 1284 flags |= XFS_GQUOTA_CHKD; 1285 } 1286 1287 if (pip) { 1288 error = xfs_qm_dqiterate(mp, pip, XFS_QMOPT_PQUOTA, 1289 &buffer_list); 1290 if (error) 1291 goto error_return; 1292 flags |= XFS_PQUOTA_CHKD; 1293 } 1294 1295 do { 1296 /* 1297 * Iterate thru all the inodes in the file system, 1298 * adjusting the corresponding dquot counters in core. 1299 */ 1300 error = xfs_bulkstat(mp, &lastino, &count, 1301 xfs_qm_dqusage_adjust, 1302 structsz, NULL, &done); 1303 if (error) 1304 break; 1305 1306 } while (!done); 1307 1308 /* 1309 * We've made all the changes that we need to make incore. Flush them 1310 * down to disk buffers if everything was updated successfully. 1311 */ 1312 if (XFS_IS_UQUOTA_ON(mp)) { 1313 error = xfs_qm_dquot_walk(mp, XFS_DQ_USER, xfs_qm_flush_one, 1314 &buffer_list); 1315 } 1316 if (XFS_IS_GQUOTA_ON(mp)) { 1317 error2 = xfs_qm_dquot_walk(mp, XFS_DQ_GROUP, xfs_qm_flush_one, 1318 &buffer_list); 1319 if (!error) 1320 error = error2; 1321 } 1322 if (XFS_IS_PQUOTA_ON(mp)) { 1323 error2 = xfs_qm_dquot_walk(mp, XFS_DQ_PROJ, xfs_qm_flush_one, 1324 &buffer_list); 1325 if (!error) 1326 error = error2; 1327 } 1328 1329 error2 = xfs_buf_delwri_submit(&buffer_list); 1330 if (!error) 1331 error = error2; 1332 1333 /* 1334 * We can get this error if we couldn't do a dquot allocation inside 1335 * xfs_qm_dqusage_adjust (via bulkstat). We don't care about the 1336 * dirty dquots that might be cached, we just want to get rid of them 1337 * and turn quotaoff. The dquots won't be attached to any of the inodes 1338 * at this point (because we intentionally didn't in dqget_noattach). 1339 */ 1340 if (error) { 1341 xfs_qm_dqpurge_all(mp, XFS_QMOPT_QUOTALL); 1342 goto error_return; 1343 } 1344 1345 /* 1346 * If one type of quotas is off, then it will lose its 1347 * quotachecked status, since we won't be doing accounting for 1348 * that type anymore. 1349 */ 1350 mp->m_qflags &= ~XFS_ALL_QUOTA_CHKD; 1351 mp->m_qflags |= flags; 1352 1353 error_return: 1354 while (!list_empty(&buffer_list)) { 1355 struct xfs_buf *bp = 1356 list_first_entry(&buffer_list, struct xfs_buf, b_list); 1357 list_del_init(&bp->b_list); 1358 xfs_buf_relse(bp); 1359 } 1360 1361 if (error) { 1362 xfs_warn(mp, 1363 "Quotacheck: Unsuccessful (Error %d): Disabling quotas.", 1364 error); 1365 /* 1366 * We must turn off quotas. 1367 */ 1368 ASSERT(mp->m_quotainfo != NULL); 1369 xfs_qm_destroy_quotainfo(mp); 1370 if (xfs_mount_reset_sbqflags(mp)) { 1371 xfs_warn(mp, 1372 "Quotacheck: Failed to reset quota flags."); 1373 } 1374 } else 1375 xfs_notice(mp, "Quotacheck: Done."); 1376 return error; 1377 } 1378 1379 /* 1380 * This is called from xfs_mountfs to start quotas and initialize all 1381 * necessary data structures like quotainfo. This is also responsible for 1382 * running a quotacheck as necessary. We are guaranteed that the superblock 1383 * is consistently read in at this point. 1384 * 1385 * If we fail here, the mount will continue with quota turned off. We don't 1386 * need to inidicate success or failure at all. 1387 */ 1388 void 1389 xfs_qm_mount_quotas( 1390 struct xfs_mount *mp) 1391 { 1392 int error = 0; 1393 uint sbf; 1394 1395 /* 1396 * If quotas on realtime volumes is not supported, we disable 1397 * quotas immediately. 1398 */ 1399 if (mp->m_sb.sb_rextents) { 1400 xfs_notice(mp, "Cannot turn on quotas for realtime filesystem"); 1401 mp->m_qflags = 0; 1402 goto write_changes; 1403 } 1404 1405 ASSERT(XFS_IS_QUOTA_RUNNING(mp)); 1406 1407 /* 1408 * Allocate the quotainfo structure inside the mount struct, and 1409 * create quotainode(s), and change/rev superblock if necessary. 1410 */ 1411 error = xfs_qm_init_quotainfo(mp); 1412 if (error) { 1413 /* 1414 * We must turn off quotas. 1415 */ 1416 ASSERT(mp->m_quotainfo == NULL); 1417 mp->m_qflags = 0; 1418 goto write_changes; 1419 } 1420 /* 1421 * If any of the quotas are not consistent, do a quotacheck. 1422 */ 1423 if (XFS_QM_NEED_QUOTACHECK(mp)) { 1424 error = xfs_qm_quotacheck(mp); 1425 if (error) { 1426 /* Quotacheck failed and disabled quotas. */ 1427 return; 1428 } 1429 } 1430 /* 1431 * If one type of quotas is off, then it will lose its 1432 * quotachecked status, since we won't be doing accounting for 1433 * that type anymore. 1434 */ 1435 if (!XFS_IS_UQUOTA_ON(mp)) 1436 mp->m_qflags &= ~XFS_UQUOTA_CHKD; 1437 if (!XFS_IS_GQUOTA_ON(mp)) 1438 mp->m_qflags &= ~XFS_GQUOTA_CHKD; 1439 if (!XFS_IS_PQUOTA_ON(mp)) 1440 mp->m_qflags &= ~XFS_PQUOTA_CHKD; 1441 1442 write_changes: 1443 /* 1444 * We actually don't have to acquire the m_sb_lock at all. 1445 * This can only be called from mount, and that's single threaded. XXX 1446 */ 1447 spin_lock(&mp->m_sb_lock); 1448 sbf = mp->m_sb.sb_qflags; 1449 mp->m_sb.sb_qflags = mp->m_qflags & XFS_MOUNT_QUOTA_ALL; 1450 spin_unlock(&mp->m_sb_lock); 1451 1452 if (sbf != (mp->m_qflags & XFS_MOUNT_QUOTA_ALL)) { 1453 if (xfs_sync_sb(mp, false)) { 1454 /* 1455 * We could only have been turning quotas off. 1456 * We aren't in very good shape actually because 1457 * the incore structures are convinced that quotas are 1458 * off, but the on disk superblock doesn't know that ! 1459 */ 1460 ASSERT(!(XFS_IS_QUOTA_RUNNING(mp))); 1461 xfs_alert(mp, "%s: Superblock update failed!", 1462 __func__); 1463 } 1464 } 1465 1466 if (error) { 1467 xfs_warn(mp, "Failed to initialize disk quotas."); 1468 return; 1469 } 1470 } 1471 1472 /* 1473 * This is called after the superblock has been read in and we're ready to 1474 * iget the quota inodes. 1475 */ 1476 STATIC int 1477 xfs_qm_init_quotainos( 1478 xfs_mount_t *mp) 1479 { 1480 struct xfs_inode *uip = NULL; 1481 struct xfs_inode *gip = NULL; 1482 struct xfs_inode *pip = NULL; 1483 int error; 1484 uint flags = 0; 1485 1486 ASSERT(mp->m_quotainfo); 1487 1488 /* 1489 * Get the uquota and gquota inodes 1490 */ 1491 if (xfs_sb_version_hasquota(&mp->m_sb)) { 1492 if (XFS_IS_UQUOTA_ON(mp) && 1493 mp->m_sb.sb_uquotino != NULLFSINO) { 1494 ASSERT(mp->m_sb.sb_uquotino > 0); 1495 error = xfs_iget(mp, NULL, mp->m_sb.sb_uquotino, 1496 0, 0, &uip); 1497 if (error) 1498 return error; 1499 } 1500 if (XFS_IS_GQUOTA_ON(mp) && 1501 mp->m_sb.sb_gquotino != NULLFSINO) { 1502 ASSERT(mp->m_sb.sb_gquotino > 0); 1503 error = xfs_iget(mp, NULL, mp->m_sb.sb_gquotino, 1504 0, 0, &gip); 1505 if (error) 1506 goto error_rele; 1507 } 1508 if (XFS_IS_PQUOTA_ON(mp) && 1509 mp->m_sb.sb_pquotino != NULLFSINO) { 1510 ASSERT(mp->m_sb.sb_pquotino > 0); 1511 error = xfs_iget(mp, NULL, mp->m_sb.sb_pquotino, 1512 0, 0, &pip); 1513 if (error) 1514 goto error_rele; 1515 } 1516 } else { 1517 flags |= XFS_QMOPT_SBVERSION; 1518 } 1519 1520 /* 1521 * Create the three inodes, if they don't exist already. The changes 1522 * made above will get added to a transaction and logged in one of 1523 * the qino_alloc calls below. If the device is readonly, 1524 * temporarily switch to read-write to do this. 1525 */ 1526 if (XFS_IS_UQUOTA_ON(mp) && uip == NULL) { 1527 error = xfs_qm_qino_alloc(mp, &uip, 1528 flags | XFS_QMOPT_UQUOTA); 1529 if (error) 1530 goto error_rele; 1531 1532 flags &= ~XFS_QMOPT_SBVERSION; 1533 } 1534 if (XFS_IS_GQUOTA_ON(mp) && gip == NULL) { 1535 error = xfs_qm_qino_alloc(mp, &gip, 1536 flags | XFS_QMOPT_GQUOTA); 1537 if (error) 1538 goto error_rele; 1539 1540 flags &= ~XFS_QMOPT_SBVERSION; 1541 } 1542 if (XFS_IS_PQUOTA_ON(mp) && pip == NULL) { 1543 error = xfs_qm_qino_alloc(mp, &pip, 1544 flags | XFS_QMOPT_PQUOTA); 1545 if (error) 1546 goto error_rele; 1547 } 1548 1549 mp->m_quotainfo->qi_uquotaip = uip; 1550 mp->m_quotainfo->qi_gquotaip = gip; 1551 mp->m_quotainfo->qi_pquotaip = pip; 1552 1553 return 0; 1554 1555 error_rele: 1556 if (uip) 1557 IRELE(uip); 1558 if (gip) 1559 IRELE(gip); 1560 if (pip) 1561 IRELE(pip); 1562 return error; 1563 } 1564 1565 STATIC void 1566 xfs_qm_dqfree_one( 1567 struct xfs_dquot *dqp) 1568 { 1569 struct xfs_mount *mp = dqp->q_mount; 1570 struct xfs_quotainfo *qi = mp->m_quotainfo; 1571 1572 mutex_lock(&qi->qi_tree_lock); 1573 radix_tree_delete(xfs_dquot_tree(qi, dqp->q_core.d_flags), 1574 be32_to_cpu(dqp->q_core.d_id)); 1575 1576 qi->qi_dquots--; 1577 mutex_unlock(&qi->qi_tree_lock); 1578 1579 xfs_qm_dqdestroy(dqp); 1580 } 1581 1582 /* --------------- utility functions for vnodeops ---------------- */ 1583 1584 1585 /* 1586 * Given an inode, a uid, gid and prid make sure that we have 1587 * allocated relevant dquot(s) on disk, and that we won't exceed inode 1588 * quotas by creating this file. 1589 * This also attaches dquot(s) to the given inode after locking it, 1590 * and returns the dquots corresponding to the uid and/or gid. 1591 * 1592 * in : inode (unlocked) 1593 * out : udquot, gdquot with references taken and unlocked 1594 */ 1595 int 1596 xfs_qm_vop_dqalloc( 1597 struct xfs_inode *ip, 1598 xfs_dqid_t uid, 1599 xfs_dqid_t gid, 1600 prid_t prid, 1601 uint flags, 1602 struct xfs_dquot **O_udqpp, 1603 struct xfs_dquot **O_gdqpp, 1604 struct xfs_dquot **O_pdqpp) 1605 { 1606 struct xfs_mount *mp = ip->i_mount; 1607 struct xfs_dquot *uq = NULL; 1608 struct xfs_dquot *gq = NULL; 1609 struct xfs_dquot *pq = NULL; 1610 int error; 1611 uint lockflags; 1612 1613 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp)) 1614 return 0; 1615 1616 lockflags = XFS_ILOCK_EXCL; 1617 xfs_ilock(ip, lockflags); 1618 1619 if ((flags & XFS_QMOPT_INHERIT) && XFS_INHERIT_GID(ip)) 1620 gid = ip->i_d.di_gid; 1621 1622 /* 1623 * Attach the dquot(s) to this inode, doing a dquot allocation 1624 * if necessary. The dquot(s) will not be locked. 1625 */ 1626 if (XFS_NOT_DQATTACHED(mp, ip)) { 1627 error = xfs_qm_dqattach_locked(ip, XFS_QMOPT_DQALLOC); 1628 if (error) { 1629 xfs_iunlock(ip, lockflags); 1630 return error; 1631 } 1632 } 1633 1634 if ((flags & XFS_QMOPT_UQUOTA) && XFS_IS_UQUOTA_ON(mp)) { 1635 if (ip->i_d.di_uid != uid) { 1636 /* 1637 * What we need is the dquot that has this uid, and 1638 * if we send the inode to dqget, the uid of the inode 1639 * takes priority over what's sent in the uid argument. 1640 * We must unlock inode here before calling dqget if 1641 * we're not sending the inode, because otherwise 1642 * we'll deadlock by doing trans_reserve while 1643 * holding ilock. 1644 */ 1645 xfs_iunlock(ip, lockflags); 1646 error = xfs_qm_dqget(mp, NULL, uid, 1647 XFS_DQ_USER, 1648 XFS_QMOPT_DQALLOC | 1649 XFS_QMOPT_DOWARN, 1650 &uq); 1651 if (error) { 1652 ASSERT(error != -ENOENT); 1653 return error; 1654 } 1655 /* 1656 * Get the ilock in the right order. 1657 */ 1658 xfs_dqunlock(uq); 1659 lockflags = XFS_ILOCK_SHARED; 1660 xfs_ilock(ip, lockflags); 1661 } else { 1662 /* 1663 * Take an extra reference, because we'll return 1664 * this to caller 1665 */ 1666 ASSERT(ip->i_udquot); 1667 uq = xfs_qm_dqhold(ip->i_udquot); 1668 } 1669 } 1670 if ((flags & XFS_QMOPT_GQUOTA) && XFS_IS_GQUOTA_ON(mp)) { 1671 if (ip->i_d.di_gid != gid) { 1672 xfs_iunlock(ip, lockflags); 1673 error = xfs_qm_dqget(mp, NULL, gid, 1674 XFS_DQ_GROUP, 1675 XFS_QMOPT_DQALLOC | 1676 XFS_QMOPT_DOWARN, 1677 &gq); 1678 if (error) { 1679 ASSERT(error != -ENOENT); 1680 goto error_rele; 1681 } 1682 xfs_dqunlock(gq); 1683 lockflags = XFS_ILOCK_SHARED; 1684 xfs_ilock(ip, lockflags); 1685 } else { 1686 ASSERT(ip->i_gdquot); 1687 gq = xfs_qm_dqhold(ip->i_gdquot); 1688 } 1689 } 1690 if ((flags & XFS_QMOPT_PQUOTA) && XFS_IS_PQUOTA_ON(mp)) { 1691 if (xfs_get_projid(ip) != prid) { 1692 xfs_iunlock(ip, lockflags); 1693 error = xfs_qm_dqget(mp, NULL, (xfs_dqid_t)prid, 1694 XFS_DQ_PROJ, 1695 XFS_QMOPT_DQALLOC | 1696 XFS_QMOPT_DOWARN, 1697 &pq); 1698 if (error) { 1699 ASSERT(error != -ENOENT); 1700 goto error_rele; 1701 } 1702 xfs_dqunlock(pq); 1703 lockflags = XFS_ILOCK_SHARED; 1704 xfs_ilock(ip, lockflags); 1705 } else { 1706 ASSERT(ip->i_pdquot); 1707 pq = xfs_qm_dqhold(ip->i_pdquot); 1708 } 1709 } 1710 if (uq) 1711 trace_xfs_dquot_dqalloc(ip); 1712 1713 xfs_iunlock(ip, lockflags); 1714 if (O_udqpp) 1715 *O_udqpp = uq; 1716 else 1717 xfs_qm_dqrele(uq); 1718 if (O_gdqpp) 1719 *O_gdqpp = gq; 1720 else 1721 xfs_qm_dqrele(gq); 1722 if (O_pdqpp) 1723 *O_pdqpp = pq; 1724 else 1725 xfs_qm_dqrele(pq); 1726 return 0; 1727 1728 error_rele: 1729 xfs_qm_dqrele(gq); 1730 xfs_qm_dqrele(uq); 1731 return error; 1732 } 1733 1734 /* 1735 * Actually transfer ownership, and do dquot modifications. 1736 * These were already reserved. 1737 */ 1738 xfs_dquot_t * 1739 xfs_qm_vop_chown( 1740 xfs_trans_t *tp, 1741 xfs_inode_t *ip, 1742 xfs_dquot_t **IO_olddq, 1743 xfs_dquot_t *newdq) 1744 { 1745 xfs_dquot_t *prevdq; 1746 uint bfield = XFS_IS_REALTIME_INODE(ip) ? 1747 XFS_TRANS_DQ_RTBCOUNT : XFS_TRANS_DQ_BCOUNT; 1748 1749 1750 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 1751 ASSERT(XFS_IS_QUOTA_RUNNING(ip->i_mount)); 1752 1753 /* old dquot */ 1754 prevdq = *IO_olddq; 1755 ASSERT(prevdq); 1756 ASSERT(prevdq != newdq); 1757 1758 xfs_trans_mod_dquot(tp, prevdq, bfield, -(ip->i_d.di_nblocks)); 1759 xfs_trans_mod_dquot(tp, prevdq, XFS_TRANS_DQ_ICOUNT, -1); 1760 1761 /* the sparkling new dquot */ 1762 xfs_trans_mod_dquot(tp, newdq, bfield, ip->i_d.di_nblocks); 1763 xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_ICOUNT, 1); 1764 1765 /* 1766 * Take an extra reference, because the inode is going to keep 1767 * this dquot pointer even after the trans_commit. 1768 */ 1769 *IO_olddq = xfs_qm_dqhold(newdq); 1770 1771 return prevdq; 1772 } 1773 1774 /* 1775 * Quota reservations for setattr(AT_UID|AT_GID|AT_PROJID). 1776 */ 1777 int 1778 xfs_qm_vop_chown_reserve( 1779 struct xfs_trans *tp, 1780 struct xfs_inode *ip, 1781 struct xfs_dquot *udqp, 1782 struct xfs_dquot *gdqp, 1783 struct xfs_dquot *pdqp, 1784 uint flags) 1785 { 1786 struct xfs_mount *mp = ip->i_mount; 1787 uint delblks, blkflags, prjflags = 0; 1788 struct xfs_dquot *udq_unres = NULL; 1789 struct xfs_dquot *gdq_unres = NULL; 1790 struct xfs_dquot *pdq_unres = NULL; 1791 struct xfs_dquot *udq_delblks = NULL; 1792 struct xfs_dquot *gdq_delblks = NULL; 1793 struct xfs_dquot *pdq_delblks = NULL; 1794 int error; 1795 1796 1797 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL|XFS_ILOCK_SHARED)); 1798 ASSERT(XFS_IS_QUOTA_RUNNING(mp)); 1799 1800 delblks = ip->i_delayed_blks; 1801 blkflags = XFS_IS_REALTIME_INODE(ip) ? 1802 XFS_QMOPT_RES_RTBLKS : XFS_QMOPT_RES_REGBLKS; 1803 1804 if (XFS_IS_UQUOTA_ON(mp) && udqp && 1805 ip->i_d.di_uid != be32_to_cpu(udqp->q_core.d_id)) { 1806 udq_delblks = udqp; 1807 /* 1808 * If there are delayed allocation blocks, then we have to 1809 * unreserve those from the old dquot, and add them to the 1810 * new dquot. 1811 */ 1812 if (delblks) { 1813 ASSERT(ip->i_udquot); 1814 udq_unres = ip->i_udquot; 1815 } 1816 } 1817 if (XFS_IS_GQUOTA_ON(ip->i_mount) && gdqp && 1818 ip->i_d.di_gid != be32_to_cpu(gdqp->q_core.d_id)) { 1819 gdq_delblks = gdqp; 1820 if (delblks) { 1821 ASSERT(ip->i_gdquot); 1822 gdq_unres = ip->i_gdquot; 1823 } 1824 } 1825 1826 if (XFS_IS_PQUOTA_ON(ip->i_mount) && pdqp && 1827 xfs_get_projid(ip) != be32_to_cpu(pdqp->q_core.d_id)) { 1828 prjflags = XFS_QMOPT_ENOSPC; 1829 pdq_delblks = pdqp; 1830 if (delblks) { 1831 ASSERT(ip->i_pdquot); 1832 pdq_unres = ip->i_pdquot; 1833 } 1834 } 1835 1836 error = xfs_trans_reserve_quota_bydquots(tp, ip->i_mount, 1837 udq_delblks, gdq_delblks, pdq_delblks, 1838 ip->i_d.di_nblocks, 1, 1839 flags | blkflags | prjflags); 1840 if (error) 1841 return error; 1842 1843 /* 1844 * Do the delayed blks reservations/unreservations now. Since, these 1845 * are done without the help of a transaction, if a reservation fails 1846 * its previous reservations won't be automatically undone by trans 1847 * code. So, we have to do it manually here. 1848 */ 1849 if (delblks) { 1850 /* 1851 * Do the reservations first. Unreservation can't fail. 1852 */ 1853 ASSERT(udq_delblks || gdq_delblks || pdq_delblks); 1854 ASSERT(udq_unres || gdq_unres || pdq_unres); 1855 error = xfs_trans_reserve_quota_bydquots(NULL, ip->i_mount, 1856 udq_delblks, gdq_delblks, pdq_delblks, 1857 (xfs_qcnt_t)delblks, 0, 1858 flags | blkflags | prjflags); 1859 if (error) 1860 return error; 1861 xfs_trans_reserve_quota_bydquots(NULL, ip->i_mount, 1862 udq_unres, gdq_unres, pdq_unres, 1863 -((xfs_qcnt_t)delblks), 0, blkflags); 1864 } 1865 1866 return 0; 1867 } 1868 1869 int 1870 xfs_qm_vop_rename_dqattach( 1871 struct xfs_inode **i_tab) 1872 { 1873 struct xfs_mount *mp = i_tab[0]->i_mount; 1874 int i; 1875 1876 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp)) 1877 return 0; 1878 1879 for (i = 0; (i < 4 && i_tab[i]); i++) { 1880 struct xfs_inode *ip = i_tab[i]; 1881 int error; 1882 1883 /* 1884 * Watch out for duplicate entries in the table. 1885 */ 1886 if (i == 0 || ip != i_tab[i-1]) { 1887 if (XFS_NOT_DQATTACHED(mp, ip)) { 1888 error = xfs_qm_dqattach(ip, 0); 1889 if (error) 1890 return error; 1891 } 1892 } 1893 } 1894 return 0; 1895 } 1896 1897 void 1898 xfs_qm_vop_create_dqattach( 1899 struct xfs_trans *tp, 1900 struct xfs_inode *ip, 1901 struct xfs_dquot *udqp, 1902 struct xfs_dquot *gdqp, 1903 struct xfs_dquot *pdqp) 1904 { 1905 struct xfs_mount *mp = tp->t_mountp; 1906 1907 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp)) 1908 return; 1909 1910 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 1911 ASSERT(XFS_IS_QUOTA_RUNNING(mp)); 1912 1913 if (udqp && XFS_IS_UQUOTA_ON(mp)) { 1914 ASSERT(ip->i_udquot == NULL); 1915 ASSERT(ip->i_d.di_uid == be32_to_cpu(udqp->q_core.d_id)); 1916 1917 ip->i_udquot = xfs_qm_dqhold(udqp); 1918 xfs_trans_mod_dquot(tp, udqp, XFS_TRANS_DQ_ICOUNT, 1); 1919 } 1920 if (gdqp && XFS_IS_GQUOTA_ON(mp)) { 1921 ASSERT(ip->i_gdquot == NULL); 1922 ASSERT(ip->i_d.di_gid == be32_to_cpu(gdqp->q_core.d_id)); 1923 ip->i_gdquot = xfs_qm_dqhold(gdqp); 1924 xfs_trans_mod_dquot(tp, gdqp, XFS_TRANS_DQ_ICOUNT, 1); 1925 } 1926 if (pdqp && XFS_IS_PQUOTA_ON(mp)) { 1927 ASSERT(ip->i_pdquot == NULL); 1928 ASSERT(xfs_get_projid(ip) == be32_to_cpu(pdqp->q_core.d_id)); 1929 1930 ip->i_pdquot = xfs_qm_dqhold(pdqp); 1931 xfs_trans_mod_dquot(tp, pdqp, XFS_TRANS_DQ_ICOUNT, 1); 1932 } 1933 } 1934 1935