1 /* 2 * Copyright (c) 2000-2005 Silicon Graphics, Inc. 3 * All Rights Reserved. 4 * 5 * This program is free software; you can redistribute it and/or 6 * modify it under the terms of the GNU General Public License as 7 * published by the Free Software Foundation. 8 * 9 * This program is distributed in the hope that it would be useful, 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of 11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 * GNU General Public License for more details. 13 * 14 * You should have received a copy of the GNU General Public License 15 * along with this program; if not, write the Free Software Foundation, 16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 17 */ 18 #include "xfs.h" 19 #include "xfs_fs.h" 20 #include "xfs_shared.h" 21 #include "xfs_format.h" 22 #include "xfs_log_format.h" 23 #include "xfs_trans_resv.h" 24 #include "xfs_bit.h" 25 #include "xfs_sb.h" 26 #include "xfs_mount.h" 27 #include "xfs_inode.h" 28 #include "xfs_ialloc.h" 29 #include "xfs_itable.h" 30 #include "xfs_quota.h" 31 #include "xfs_error.h" 32 #include "xfs_bmap.h" 33 #include "xfs_bmap_btree.h" 34 #include "xfs_trans.h" 35 #include "xfs_trans_space.h" 36 #include "xfs_qm.h" 37 #include "xfs_trace.h" 38 #include "xfs_icache.h" 39 #include "xfs_cksum.h" 40 41 /* 42 * The global quota manager. There is only one of these for the entire 43 * system, _not_ one per file system. XQM keeps track of the overall 44 * quota functionality, including maintaining the freelist and hash 45 * tables of dquots. 46 */ 47 STATIC int xfs_qm_init_quotainos(xfs_mount_t *); 48 STATIC int xfs_qm_init_quotainfo(xfs_mount_t *); 49 50 51 STATIC void xfs_qm_dqfree_one(struct xfs_dquot *dqp); 52 /* 53 * We use the batch lookup interface to iterate over the dquots as it 54 * currently is the only interface into the radix tree code that allows 55 * fuzzy lookups instead of exact matches. Holding the lock over multiple 56 * operations is fine as all callers are used either during mount/umount 57 * or quotaoff. 58 */ 59 #define XFS_DQ_LOOKUP_BATCH 32 60 61 STATIC int 62 xfs_qm_dquot_walk( 63 struct xfs_mount *mp, 64 int type, 65 int (*execute)(struct xfs_dquot *dqp, void *data), 66 void *data) 67 { 68 struct xfs_quotainfo *qi = mp->m_quotainfo; 69 struct radix_tree_root *tree = xfs_dquot_tree(qi, type); 70 uint32_t next_index; 71 int last_error = 0; 72 int skipped; 73 int nr_found; 74 75 restart: 76 skipped = 0; 77 next_index = 0; 78 nr_found = 0; 79 80 while (1) { 81 struct xfs_dquot *batch[XFS_DQ_LOOKUP_BATCH]; 82 int error = 0; 83 int i; 84 85 mutex_lock(&qi->qi_tree_lock); 86 nr_found = radix_tree_gang_lookup(tree, (void **)batch, 87 next_index, XFS_DQ_LOOKUP_BATCH); 88 if (!nr_found) { 89 mutex_unlock(&qi->qi_tree_lock); 90 break; 91 } 92 93 for (i = 0; i < nr_found; i++) { 94 struct xfs_dquot *dqp = batch[i]; 95 96 next_index = be32_to_cpu(dqp->q_core.d_id) + 1; 97 98 error = execute(batch[i], data); 99 if (error == -EAGAIN) { 100 skipped++; 101 continue; 102 } 103 if (error && last_error != -EFSCORRUPTED) 104 last_error = error; 105 } 106 107 mutex_unlock(&qi->qi_tree_lock); 108 109 /* bail out if the filesystem is corrupted. */ 110 if (last_error == -EFSCORRUPTED) { 111 skipped = 0; 112 break; 113 } 114 } 115 116 if (skipped) { 117 delay(1); 118 goto restart; 119 } 120 121 return last_error; 122 } 123 124 125 /* 126 * Purge a dquot from all tracking data structures and free it. 127 */ 128 STATIC int 129 xfs_qm_dqpurge( 130 struct xfs_dquot *dqp, 131 void *data) 132 { 133 struct xfs_mount *mp = dqp->q_mount; 134 struct xfs_quotainfo *qi = mp->m_quotainfo; 135 136 xfs_dqlock(dqp); 137 if ((dqp->dq_flags & XFS_DQ_FREEING) || dqp->q_nrefs != 0) { 138 xfs_dqunlock(dqp); 139 return -EAGAIN; 140 } 141 142 dqp->dq_flags |= XFS_DQ_FREEING; 143 144 xfs_dqflock(dqp); 145 146 /* 147 * If we are turning this type of quotas off, we don't care 148 * about the dirty metadata sitting in this dquot. OTOH, if 149 * we're unmounting, we do care, so we flush it and wait. 150 */ 151 if (XFS_DQ_IS_DIRTY(dqp)) { 152 struct xfs_buf *bp = NULL; 153 int error; 154 155 /* 156 * We don't care about getting disk errors here. We need 157 * to purge this dquot anyway, so we go ahead regardless. 158 */ 159 error = xfs_qm_dqflush(dqp, &bp); 160 if (error) { 161 xfs_warn(mp, "%s: dquot %p flush failed", 162 __func__, dqp); 163 } else { 164 error = xfs_bwrite(bp); 165 xfs_buf_relse(bp); 166 } 167 xfs_dqflock(dqp); 168 } 169 170 ASSERT(atomic_read(&dqp->q_pincount) == 0); 171 ASSERT(XFS_FORCED_SHUTDOWN(mp) || 172 !(dqp->q_logitem.qli_item.li_flags & XFS_LI_IN_AIL)); 173 174 xfs_dqfunlock(dqp); 175 xfs_dqunlock(dqp); 176 177 radix_tree_delete(xfs_dquot_tree(qi, dqp->q_core.d_flags), 178 be32_to_cpu(dqp->q_core.d_id)); 179 qi->qi_dquots--; 180 181 /* 182 * We move dquots to the freelist as soon as their reference count 183 * hits zero, so it really should be on the freelist here. 184 */ 185 ASSERT(!list_empty(&dqp->q_lru)); 186 list_lru_del(&qi->qi_lru, &dqp->q_lru); 187 XFS_STATS_DEC(xs_qm_dquot_unused); 188 189 xfs_qm_dqdestroy(dqp); 190 return 0; 191 } 192 193 /* 194 * Purge the dquot cache. 195 */ 196 void 197 xfs_qm_dqpurge_all( 198 struct xfs_mount *mp, 199 uint flags) 200 { 201 if (flags & XFS_QMOPT_UQUOTA) 202 xfs_qm_dquot_walk(mp, XFS_DQ_USER, xfs_qm_dqpurge, NULL); 203 if (flags & XFS_QMOPT_GQUOTA) 204 xfs_qm_dquot_walk(mp, XFS_DQ_GROUP, xfs_qm_dqpurge, NULL); 205 if (flags & XFS_QMOPT_PQUOTA) 206 xfs_qm_dquot_walk(mp, XFS_DQ_PROJ, xfs_qm_dqpurge, NULL); 207 } 208 209 /* 210 * Just destroy the quotainfo structure. 211 */ 212 void 213 xfs_qm_unmount( 214 struct xfs_mount *mp) 215 { 216 if (mp->m_quotainfo) { 217 xfs_qm_dqpurge_all(mp, XFS_QMOPT_QUOTALL); 218 xfs_qm_destroy_quotainfo(mp); 219 } 220 } 221 222 /* 223 * Called from the vfsops layer. 224 */ 225 void 226 xfs_qm_unmount_quotas( 227 xfs_mount_t *mp) 228 { 229 /* 230 * Release the dquots that root inode, et al might be holding, 231 * before we flush quotas and blow away the quotainfo structure. 232 */ 233 ASSERT(mp->m_rootip); 234 xfs_qm_dqdetach(mp->m_rootip); 235 if (mp->m_rbmip) 236 xfs_qm_dqdetach(mp->m_rbmip); 237 if (mp->m_rsumip) 238 xfs_qm_dqdetach(mp->m_rsumip); 239 240 /* 241 * Release the quota inodes. 242 */ 243 if (mp->m_quotainfo) { 244 if (mp->m_quotainfo->qi_uquotaip) { 245 IRELE(mp->m_quotainfo->qi_uquotaip); 246 mp->m_quotainfo->qi_uquotaip = NULL; 247 } 248 if (mp->m_quotainfo->qi_gquotaip) { 249 IRELE(mp->m_quotainfo->qi_gquotaip); 250 mp->m_quotainfo->qi_gquotaip = NULL; 251 } 252 if (mp->m_quotainfo->qi_pquotaip) { 253 IRELE(mp->m_quotainfo->qi_pquotaip); 254 mp->m_quotainfo->qi_pquotaip = NULL; 255 } 256 } 257 } 258 259 STATIC int 260 xfs_qm_dqattach_one( 261 xfs_inode_t *ip, 262 xfs_dqid_t id, 263 uint type, 264 uint doalloc, 265 xfs_dquot_t **IO_idqpp) 266 { 267 xfs_dquot_t *dqp; 268 int error; 269 270 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 271 error = 0; 272 273 /* 274 * See if we already have it in the inode itself. IO_idqpp is &i_udquot 275 * or &i_gdquot. This made the code look weird, but made the logic a lot 276 * simpler. 277 */ 278 dqp = *IO_idqpp; 279 if (dqp) { 280 trace_xfs_dqattach_found(dqp); 281 return 0; 282 } 283 284 /* 285 * Find the dquot from somewhere. This bumps the reference count of 286 * dquot and returns it locked. This can return ENOENT if dquot didn't 287 * exist on disk and we didn't ask it to allocate; ESRCH if quotas got 288 * turned off suddenly. 289 */ 290 error = xfs_qm_dqget(ip->i_mount, ip, id, type, 291 doalloc | XFS_QMOPT_DOWARN, &dqp); 292 if (error) 293 return error; 294 295 trace_xfs_dqattach_get(dqp); 296 297 /* 298 * dqget may have dropped and re-acquired the ilock, but it guarantees 299 * that the dquot returned is the one that should go in the inode. 300 */ 301 *IO_idqpp = dqp; 302 xfs_dqunlock(dqp); 303 return 0; 304 } 305 306 static bool 307 xfs_qm_need_dqattach( 308 struct xfs_inode *ip) 309 { 310 struct xfs_mount *mp = ip->i_mount; 311 312 if (!XFS_IS_QUOTA_RUNNING(mp)) 313 return false; 314 if (!XFS_IS_QUOTA_ON(mp)) 315 return false; 316 if (!XFS_NOT_DQATTACHED(mp, ip)) 317 return false; 318 if (xfs_is_quota_inode(&mp->m_sb, ip->i_ino)) 319 return false; 320 return true; 321 } 322 323 /* 324 * Given a locked inode, attach dquot(s) to it, taking U/G/P-QUOTAON 325 * into account. 326 * If XFS_QMOPT_DQALLOC, the dquot(s) will be allocated if needed. 327 * Inode may get unlocked and relocked in here, and the caller must deal with 328 * the consequences. 329 */ 330 int 331 xfs_qm_dqattach_locked( 332 xfs_inode_t *ip, 333 uint flags) 334 { 335 xfs_mount_t *mp = ip->i_mount; 336 int error = 0; 337 338 if (!xfs_qm_need_dqattach(ip)) 339 return 0; 340 341 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 342 343 if (XFS_IS_UQUOTA_ON(mp) && !ip->i_udquot) { 344 error = xfs_qm_dqattach_one(ip, ip->i_d.di_uid, XFS_DQ_USER, 345 flags & XFS_QMOPT_DQALLOC, 346 &ip->i_udquot); 347 if (error) 348 goto done; 349 ASSERT(ip->i_udquot); 350 } 351 352 if (XFS_IS_GQUOTA_ON(mp) && !ip->i_gdquot) { 353 error = xfs_qm_dqattach_one(ip, ip->i_d.di_gid, XFS_DQ_GROUP, 354 flags & XFS_QMOPT_DQALLOC, 355 &ip->i_gdquot); 356 if (error) 357 goto done; 358 ASSERT(ip->i_gdquot); 359 } 360 361 if (XFS_IS_PQUOTA_ON(mp) && !ip->i_pdquot) { 362 error = xfs_qm_dqattach_one(ip, xfs_get_projid(ip), XFS_DQ_PROJ, 363 flags & XFS_QMOPT_DQALLOC, 364 &ip->i_pdquot); 365 if (error) 366 goto done; 367 ASSERT(ip->i_pdquot); 368 } 369 370 done: 371 /* 372 * Don't worry about the dquots that we may have attached before any 373 * error - they'll get detached later if it has not already been done. 374 */ 375 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 376 return error; 377 } 378 379 int 380 xfs_qm_dqattach( 381 struct xfs_inode *ip, 382 uint flags) 383 { 384 int error; 385 386 if (!xfs_qm_need_dqattach(ip)) 387 return 0; 388 389 xfs_ilock(ip, XFS_ILOCK_EXCL); 390 error = xfs_qm_dqattach_locked(ip, flags); 391 xfs_iunlock(ip, XFS_ILOCK_EXCL); 392 393 return error; 394 } 395 396 /* 397 * Release dquots (and their references) if any. 398 * The inode should be locked EXCL except when this's called by 399 * xfs_ireclaim. 400 */ 401 void 402 xfs_qm_dqdetach( 403 xfs_inode_t *ip) 404 { 405 if (!(ip->i_udquot || ip->i_gdquot || ip->i_pdquot)) 406 return; 407 408 trace_xfs_dquot_dqdetach(ip); 409 410 ASSERT(!xfs_is_quota_inode(&ip->i_mount->m_sb, ip->i_ino)); 411 if (ip->i_udquot) { 412 xfs_qm_dqrele(ip->i_udquot); 413 ip->i_udquot = NULL; 414 } 415 if (ip->i_gdquot) { 416 xfs_qm_dqrele(ip->i_gdquot); 417 ip->i_gdquot = NULL; 418 } 419 if (ip->i_pdquot) { 420 xfs_qm_dqrele(ip->i_pdquot); 421 ip->i_pdquot = NULL; 422 } 423 } 424 425 struct xfs_qm_isolate { 426 struct list_head buffers; 427 struct list_head dispose; 428 }; 429 430 static enum lru_status 431 xfs_qm_dquot_isolate( 432 struct list_head *item, 433 struct list_lru_one *lru, 434 spinlock_t *lru_lock, 435 void *arg) 436 __releases(lru_lock) __acquires(lru_lock) 437 { 438 struct xfs_dquot *dqp = container_of(item, 439 struct xfs_dquot, q_lru); 440 struct xfs_qm_isolate *isol = arg; 441 442 if (!xfs_dqlock_nowait(dqp)) 443 goto out_miss_busy; 444 445 /* 446 * This dquot has acquired a reference in the meantime remove it from 447 * the freelist and try again. 448 */ 449 if (dqp->q_nrefs) { 450 xfs_dqunlock(dqp); 451 XFS_STATS_INC(xs_qm_dqwants); 452 453 trace_xfs_dqreclaim_want(dqp); 454 list_lru_isolate(lru, &dqp->q_lru); 455 XFS_STATS_DEC(xs_qm_dquot_unused); 456 return LRU_REMOVED; 457 } 458 459 /* 460 * If the dquot is dirty, flush it. If it's already being flushed, just 461 * skip it so there is time for the IO to complete before we try to 462 * reclaim it again on the next LRU pass. 463 */ 464 if (!xfs_dqflock_nowait(dqp)) { 465 xfs_dqunlock(dqp); 466 goto out_miss_busy; 467 } 468 469 if (XFS_DQ_IS_DIRTY(dqp)) { 470 struct xfs_buf *bp = NULL; 471 int error; 472 473 trace_xfs_dqreclaim_dirty(dqp); 474 475 /* we have to drop the LRU lock to flush the dquot */ 476 spin_unlock(lru_lock); 477 478 error = xfs_qm_dqflush(dqp, &bp); 479 if (error) { 480 xfs_warn(dqp->q_mount, "%s: dquot %p flush failed", 481 __func__, dqp); 482 goto out_unlock_dirty; 483 } 484 485 xfs_buf_delwri_queue(bp, &isol->buffers); 486 xfs_buf_relse(bp); 487 goto out_unlock_dirty; 488 } 489 xfs_dqfunlock(dqp); 490 491 /* 492 * Prevent lookups now that we are past the point of no return. 493 */ 494 dqp->dq_flags |= XFS_DQ_FREEING; 495 xfs_dqunlock(dqp); 496 497 ASSERT(dqp->q_nrefs == 0); 498 list_lru_isolate_move(lru, &dqp->q_lru, &isol->dispose); 499 XFS_STATS_DEC(xs_qm_dquot_unused); 500 trace_xfs_dqreclaim_done(dqp); 501 XFS_STATS_INC(xs_qm_dqreclaims); 502 return LRU_REMOVED; 503 504 out_miss_busy: 505 trace_xfs_dqreclaim_busy(dqp); 506 XFS_STATS_INC(xs_qm_dqreclaim_misses); 507 return LRU_SKIP; 508 509 out_unlock_dirty: 510 trace_xfs_dqreclaim_busy(dqp); 511 XFS_STATS_INC(xs_qm_dqreclaim_misses); 512 xfs_dqunlock(dqp); 513 spin_lock(lru_lock); 514 return LRU_RETRY; 515 } 516 517 static unsigned long 518 xfs_qm_shrink_scan( 519 struct shrinker *shrink, 520 struct shrink_control *sc) 521 { 522 struct xfs_quotainfo *qi = container_of(shrink, 523 struct xfs_quotainfo, qi_shrinker); 524 struct xfs_qm_isolate isol; 525 unsigned long freed; 526 int error; 527 528 if ((sc->gfp_mask & (__GFP_FS|__GFP_WAIT)) != (__GFP_FS|__GFP_WAIT)) 529 return 0; 530 531 INIT_LIST_HEAD(&isol.buffers); 532 INIT_LIST_HEAD(&isol.dispose); 533 534 freed = list_lru_shrink_walk(&qi->qi_lru, sc, 535 xfs_qm_dquot_isolate, &isol); 536 537 error = xfs_buf_delwri_submit(&isol.buffers); 538 if (error) 539 xfs_warn(NULL, "%s: dquot reclaim failed", __func__); 540 541 while (!list_empty(&isol.dispose)) { 542 struct xfs_dquot *dqp; 543 544 dqp = list_first_entry(&isol.dispose, struct xfs_dquot, q_lru); 545 list_del_init(&dqp->q_lru); 546 xfs_qm_dqfree_one(dqp); 547 } 548 549 return freed; 550 } 551 552 static unsigned long 553 xfs_qm_shrink_count( 554 struct shrinker *shrink, 555 struct shrink_control *sc) 556 { 557 struct xfs_quotainfo *qi = container_of(shrink, 558 struct xfs_quotainfo, qi_shrinker); 559 560 return list_lru_shrink_count(&qi->qi_lru, sc); 561 } 562 563 /* 564 * This initializes all the quota information that's kept in the 565 * mount structure 566 */ 567 STATIC int 568 xfs_qm_init_quotainfo( 569 xfs_mount_t *mp) 570 { 571 xfs_quotainfo_t *qinf; 572 int error; 573 xfs_dquot_t *dqp; 574 575 ASSERT(XFS_IS_QUOTA_RUNNING(mp)); 576 577 qinf = mp->m_quotainfo = kmem_zalloc(sizeof(xfs_quotainfo_t), KM_SLEEP); 578 579 error = list_lru_init(&qinf->qi_lru); 580 if (error) 581 goto out_free_qinf; 582 583 /* 584 * See if quotainodes are setup, and if not, allocate them, 585 * and change the superblock accordingly. 586 */ 587 error = xfs_qm_init_quotainos(mp); 588 if (error) 589 goto out_free_lru; 590 591 INIT_RADIX_TREE(&qinf->qi_uquota_tree, GFP_NOFS); 592 INIT_RADIX_TREE(&qinf->qi_gquota_tree, GFP_NOFS); 593 INIT_RADIX_TREE(&qinf->qi_pquota_tree, GFP_NOFS); 594 mutex_init(&qinf->qi_tree_lock); 595 596 /* mutex used to serialize quotaoffs */ 597 mutex_init(&qinf->qi_quotaofflock); 598 599 /* Precalc some constants */ 600 qinf->qi_dqchunklen = XFS_FSB_TO_BB(mp, XFS_DQUOT_CLUSTER_SIZE_FSB); 601 qinf->qi_dqperchunk = xfs_calc_dquots_per_chunk(qinf->qi_dqchunklen); 602 603 mp->m_qflags |= (mp->m_sb.sb_qflags & XFS_ALL_QUOTA_CHKD); 604 605 /* 606 * We try to get the limits from the superuser's limits fields. 607 * This is quite hacky, but it is standard quota practice. 608 * 609 * We look at the USR dquot with id == 0 first, but if user quotas 610 * are not enabled we goto the GRP dquot with id == 0. 611 * We don't really care to keep separate default limits for user 612 * and group quotas, at least not at this point. 613 * 614 * Since we may not have done a quotacheck by this point, just read 615 * the dquot without attaching it to any hashtables or lists. 616 */ 617 error = xfs_qm_dqread(mp, 0, 618 XFS_IS_UQUOTA_RUNNING(mp) ? XFS_DQ_USER : 619 (XFS_IS_GQUOTA_RUNNING(mp) ? XFS_DQ_GROUP : 620 XFS_DQ_PROJ), 621 XFS_QMOPT_DOWARN, &dqp); 622 if (!error) { 623 xfs_disk_dquot_t *ddqp = &dqp->q_core; 624 625 /* 626 * The warnings and timers set the grace period given to 627 * a user or group before he or she can not perform any 628 * more writing. If it is zero, a default is used. 629 */ 630 qinf->qi_btimelimit = ddqp->d_btimer ? 631 be32_to_cpu(ddqp->d_btimer) : XFS_QM_BTIMELIMIT; 632 qinf->qi_itimelimit = ddqp->d_itimer ? 633 be32_to_cpu(ddqp->d_itimer) : XFS_QM_ITIMELIMIT; 634 qinf->qi_rtbtimelimit = ddqp->d_rtbtimer ? 635 be32_to_cpu(ddqp->d_rtbtimer) : XFS_QM_RTBTIMELIMIT; 636 qinf->qi_bwarnlimit = ddqp->d_bwarns ? 637 be16_to_cpu(ddqp->d_bwarns) : XFS_QM_BWARNLIMIT; 638 qinf->qi_iwarnlimit = ddqp->d_iwarns ? 639 be16_to_cpu(ddqp->d_iwarns) : XFS_QM_IWARNLIMIT; 640 qinf->qi_rtbwarnlimit = ddqp->d_rtbwarns ? 641 be16_to_cpu(ddqp->d_rtbwarns) : XFS_QM_RTBWARNLIMIT; 642 qinf->qi_bhardlimit = be64_to_cpu(ddqp->d_blk_hardlimit); 643 qinf->qi_bsoftlimit = be64_to_cpu(ddqp->d_blk_softlimit); 644 qinf->qi_ihardlimit = be64_to_cpu(ddqp->d_ino_hardlimit); 645 qinf->qi_isoftlimit = be64_to_cpu(ddqp->d_ino_softlimit); 646 qinf->qi_rtbhardlimit = be64_to_cpu(ddqp->d_rtb_hardlimit); 647 qinf->qi_rtbsoftlimit = be64_to_cpu(ddqp->d_rtb_softlimit); 648 649 xfs_qm_dqdestroy(dqp); 650 } else { 651 qinf->qi_btimelimit = XFS_QM_BTIMELIMIT; 652 qinf->qi_itimelimit = XFS_QM_ITIMELIMIT; 653 qinf->qi_rtbtimelimit = XFS_QM_RTBTIMELIMIT; 654 qinf->qi_bwarnlimit = XFS_QM_BWARNLIMIT; 655 qinf->qi_iwarnlimit = XFS_QM_IWARNLIMIT; 656 qinf->qi_rtbwarnlimit = XFS_QM_RTBWARNLIMIT; 657 } 658 659 qinf->qi_shrinker.count_objects = xfs_qm_shrink_count; 660 qinf->qi_shrinker.scan_objects = xfs_qm_shrink_scan; 661 qinf->qi_shrinker.seeks = DEFAULT_SEEKS; 662 qinf->qi_shrinker.flags = SHRINKER_NUMA_AWARE; 663 register_shrinker(&qinf->qi_shrinker); 664 return 0; 665 666 out_free_lru: 667 list_lru_destroy(&qinf->qi_lru); 668 out_free_qinf: 669 kmem_free(qinf); 670 mp->m_quotainfo = NULL; 671 return error; 672 } 673 674 675 /* 676 * Gets called when unmounting a filesystem or when all quotas get 677 * turned off. 678 * This purges the quota inodes, destroys locks and frees itself. 679 */ 680 void 681 xfs_qm_destroy_quotainfo( 682 xfs_mount_t *mp) 683 { 684 xfs_quotainfo_t *qi; 685 686 qi = mp->m_quotainfo; 687 ASSERT(qi != NULL); 688 689 unregister_shrinker(&qi->qi_shrinker); 690 list_lru_destroy(&qi->qi_lru); 691 692 if (qi->qi_uquotaip) { 693 IRELE(qi->qi_uquotaip); 694 qi->qi_uquotaip = NULL; /* paranoia */ 695 } 696 if (qi->qi_gquotaip) { 697 IRELE(qi->qi_gquotaip); 698 qi->qi_gquotaip = NULL; 699 } 700 if (qi->qi_pquotaip) { 701 IRELE(qi->qi_pquotaip); 702 qi->qi_pquotaip = NULL; 703 } 704 mutex_destroy(&qi->qi_quotaofflock); 705 kmem_free(qi); 706 mp->m_quotainfo = NULL; 707 } 708 709 /* 710 * Create an inode and return with a reference already taken, but unlocked 711 * This is how we create quota inodes 712 */ 713 STATIC int 714 xfs_qm_qino_alloc( 715 xfs_mount_t *mp, 716 xfs_inode_t **ip, 717 uint flags) 718 { 719 xfs_trans_t *tp; 720 int error; 721 int committed; 722 723 *ip = NULL; 724 /* 725 * With superblock that doesn't have separate pquotino, we 726 * share an inode between gquota and pquota. If the on-disk 727 * superblock has GQUOTA and the filesystem is now mounted 728 * with PQUOTA, just use sb_gquotino for sb_pquotino and 729 * vice-versa. 730 */ 731 if (!xfs_sb_version_has_pquotino(&mp->m_sb) && 732 (flags & (XFS_QMOPT_PQUOTA|XFS_QMOPT_GQUOTA))) { 733 xfs_ino_t ino = NULLFSINO; 734 735 if ((flags & XFS_QMOPT_PQUOTA) && 736 (mp->m_sb.sb_gquotino != NULLFSINO)) { 737 ino = mp->m_sb.sb_gquotino; 738 ASSERT(mp->m_sb.sb_pquotino == NULLFSINO); 739 } else if ((flags & XFS_QMOPT_GQUOTA) && 740 (mp->m_sb.sb_pquotino != NULLFSINO)) { 741 ino = mp->m_sb.sb_pquotino; 742 ASSERT(mp->m_sb.sb_gquotino == NULLFSINO); 743 } 744 if (ino != NULLFSINO) { 745 error = xfs_iget(mp, NULL, ino, 0, 0, ip); 746 if (error) 747 return error; 748 mp->m_sb.sb_gquotino = NULLFSINO; 749 mp->m_sb.sb_pquotino = NULLFSINO; 750 } 751 } 752 753 tp = xfs_trans_alloc(mp, XFS_TRANS_QM_QINOCREATE); 754 error = xfs_trans_reserve(tp, &M_RES(mp)->tr_create, 755 XFS_QM_QINOCREATE_SPACE_RES(mp), 0); 756 if (error) { 757 xfs_trans_cancel(tp, 0); 758 return error; 759 } 760 761 if (!*ip) { 762 error = xfs_dir_ialloc(&tp, NULL, S_IFREG, 1, 0, 0, 1, ip, 763 &committed); 764 if (error) { 765 xfs_trans_cancel(tp, XFS_TRANS_RELEASE_LOG_RES | 766 XFS_TRANS_ABORT); 767 return error; 768 } 769 } 770 771 /* 772 * Make the changes in the superblock, and log those too. 773 * sbfields arg may contain fields other than *QUOTINO; 774 * VERSIONNUM for example. 775 */ 776 spin_lock(&mp->m_sb_lock); 777 if (flags & XFS_QMOPT_SBVERSION) { 778 ASSERT(!xfs_sb_version_hasquota(&mp->m_sb)); 779 780 xfs_sb_version_addquota(&mp->m_sb); 781 mp->m_sb.sb_uquotino = NULLFSINO; 782 mp->m_sb.sb_gquotino = NULLFSINO; 783 mp->m_sb.sb_pquotino = NULLFSINO; 784 785 /* qflags will get updated fully _after_ quotacheck */ 786 mp->m_sb.sb_qflags = mp->m_qflags & XFS_ALL_QUOTA_ACCT; 787 } 788 if (flags & XFS_QMOPT_UQUOTA) 789 mp->m_sb.sb_uquotino = (*ip)->i_ino; 790 else if (flags & XFS_QMOPT_GQUOTA) 791 mp->m_sb.sb_gquotino = (*ip)->i_ino; 792 else 793 mp->m_sb.sb_pquotino = (*ip)->i_ino; 794 spin_unlock(&mp->m_sb_lock); 795 xfs_log_sb(tp); 796 797 if ((error = xfs_trans_commit(tp, XFS_TRANS_RELEASE_LOG_RES))) { 798 xfs_alert(mp, "%s failed (error %d)!", __func__, error); 799 return error; 800 } 801 return 0; 802 } 803 804 805 STATIC void 806 xfs_qm_reset_dqcounts( 807 xfs_mount_t *mp, 808 xfs_buf_t *bp, 809 xfs_dqid_t id, 810 uint type) 811 { 812 struct xfs_dqblk *dqb; 813 int j; 814 815 trace_xfs_reset_dqcounts(bp, _RET_IP_); 816 817 /* 818 * Reset all counters and timers. They'll be 819 * started afresh by xfs_qm_quotacheck. 820 */ 821 #ifdef DEBUG 822 j = XFS_FSB_TO_B(mp, XFS_DQUOT_CLUSTER_SIZE_FSB); 823 do_div(j, sizeof(xfs_dqblk_t)); 824 ASSERT(mp->m_quotainfo->qi_dqperchunk == j); 825 #endif 826 dqb = bp->b_addr; 827 for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) { 828 struct xfs_disk_dquot *ddq; 829 830 ddq = (struct xfs_disk_dquot *)&dqb[j]; 831 832 /* 833 * Do a sanity check, and if needed, repair the dqblk. Don't 834 * output any warnings because it's perfectly possible to 835 * find uninitialised dquot blks. See comment in xfs_dqcheck. 836 */ 837 xfs_dqcheck(mp, ddq, id+j, type, XFS_QMOPT_DQREPAIR, 838 "xfs_quotacheck"); 839 ddq->d_bcount = 0; 840 ddq->d_icount = 0; 841 ddq->d_rtbcount = 0; 842 ddq->d_btimer = 0; 843 ddq->d_itimer = 0; 844 ddq->d_rtbtimer = 0; 845 ddq->d_bwarns = 0; 846 ddq->d_iwarns = 0; 847 ddq->d_rtbwarns = 0; 848 849 if (xfs_sb_version_hascrc(&mp->m_sb)) { 850 xfs_update_cksum((char *)&dqb[j], 851 sizeof(struct xfs_dqblk), 852 XFS_DQUOT_CRC_OFF); 853 } 854 } 855 } 856 857 STATIC int 858 xfs_qm_dqiter_bufs( 859 struct xfs_mount *mp, 860 xfs_dqid_t firstid, 861 xfs_fsblock_t bno, 862 xfs_filblks_t blkcnt, 863 uint flags, 864 struct list_head *buffer_list) 865 { 866 struct xfs_buf *bp; 867 int error; 868 int type; 869 870 ASSERT(blkcnt > 0); 871 type = flags & XFS_QMOPT_UQUOTA ? XFS_DQ_USER : 872 (flags & XFS_QMOPT_PQUOTA ? XFS_DQ_PROJ : XFS_DQ_GROUP); 873 error = 0; 874 875 /* 876 * Blkcnt arg can be a very big number, and might even be 877 * larger than the log itself. So, we have to break it up into 878 * manageable-sized transactions. 879 * Note that we don't start a permanent transaction here; we might 880 * not be able to get a log reservation for the whole thing up front, 881 * and we don't really care to either, because we just discard 882 * everything if we were to crash in the middle of this loop. 883 */ 884 while (blkcnt--) { 885 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, 886 XFS_FSB_TO_DADDR(mp, bno), 887 mp->m_quotainfo->qi_dqchunklen, 0, &bp, 888 &xfs_dquot_buf_ops); 889 890 /* 891 * CRC and validation errors will return a EFSCORRUPTED here. If 892 * this occurs, re-read without CRC validation so that we can 893 * repair the damage via xfs_qm_reset_dqcounts(). This process 894 * will leave a trace in the log indicating corruption has 895 * been detected. 896 */ 897 if (error == -EFSCORRUPTED) { 898 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, 899 XFS_FSB_TO_DADDR(mp, bno), 900 mp->m_quotainfo->qi_dqchunklen, 0, &bp, 901 NULL); 902 } 903 904 if (error) 905 break; 906 907 /* 908 * A corrupt buffer might not have a verifier attached, so 909 * make sure we have the correct one attached before writeback 910 * occurs. 911 */ 912 bp->b_ops = &xfs_dquot_buf_ops; 913 xfs_qm_reset_dqcounts(mp, bp, firstid, type); 914 xfs_buf_delwri_queue(bp, buffer_list); 915 xfs_buf_relse(bp); 916 917 /* goto the next block. */ 918 bno++; 919 firstid += mp->m_quotainfo->qi_dqperchunk; 920 } 921 922 return error; 923 } 924 925 /* 926 * Iterate over all allocated USR/GRP/PRJ dquots in the system, calling a 927 * caller supplied function for every chunk of dquots that we find. 928 */ 929 STATIC int 930 xfs_qm_dqiterate( 931 struct xfs_mount *mp, 932 struct xfs_inode *qip, 933 uint flags, 934 struct list_head *buffer_list) 935 { 936 struct xfs_bmbt_irec *map; 937 int i, nmaps; /* number of map entries */ 938 int error; /* return value */ 939 xfs_fileoff_t lblkno; 940 xfs_filblks_t maxlblkcnt; 941 xfs_dqid_t firstid; 942 xfs_fsblock_t rablkno; 943 xfs_filblks_t rablkcnt; 944 945 error = 0; 946 /* 947 * This looks racy, but we can't keep an inode lock across a 948 * trans_reserve. But, this gets called during quotacheck, and that 949 * happens only at mount time which is single threaded. 950 */ 951 if (qip->i_d.di_nblocks == 0) 952 return 0; 953 954 map = kmem_alloc(XFS_DQITER_MAP_SIZE * sizeof(*map), KM_SLEEP); 955 956 lblkno = 0; 957 maxlblkcnt = XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes); 958 do { 959 uint lock_mode; 960 961 nmaps = XFS_DQITER_MAP_SIZE; 962 /* 963 * We aren't changing the inode itself. Just changing 964 * some of its data. No new blocks are added here, and 965 * the inode is never added to the transaction. 966 */ 967 lock_mode = xfs_ilock_data_map_shared(qip); 968 error = xfs_bmapi_read(qip, lblkno, maxlblkcnt - lblkno, 969 map, &nmaps, 0); 970 xfs_iunlock(qip, lock_mode); 971 if (error) 972 break; 973 974 ASSERT(nmaps <= XFS_DQITER_MAP_SIZE); 975 for (i = 0; i < nmaps; i++) { 976 ASSERT(map[i].br_startblock != DELAYSTARTBLOCK); 977 ASSERT(map[i].br_blockcount); 978 979 980 lblkno += map[i].br_blockcount; 981 982 if (map[i].br_startblock == HOLESTARTBLOCK) 983 continue; 984 985 firstid = (xfs_dqid_t) map[i].br_startoff * 986 mp->m_quotainfo->qi_dqperchunk; 987 /* 988 * Do a read-ahead on the next extent. 989 */ 990 if ((i+1 < nmaps) && 991 (map[i+1].br_startblock != HOLESTARTBLOCK)) { 992 rablkcnt = map[i+1].br_blockcount; 993 rablkno = map[i+1].br_startblock; 994 while (rablkcnt--) { 995 xfs_buf_readahead(mp->m_ddev_targp, 996 XFS_FSB_TO_DADDR(mp, rablkno), 997 mp->m_quotainfo->qi_dqchunklen, 998 &xfs_dquot_buf_ops); 999 rablkno++; 1000 } 1001 } 1002 /* 1003 * Iterate thru all the blks in the extent and 1004 * reset the counters of all the dquots inside them. 1005 */ 1006 error = xfs_qm_dqiter_bufs(mp, firstid, 1007 map[i].br_startblock, 1008 map[i].br_blockcount, 1009 flags, buffer_list); 1010 if (error) 1011 goto out; 1012 } 1013 } while (nmaps > 0); 1014 1015 out: 1016 kmem_free(map); 1017 return error; 1018 } 1019 1020 /* 1021 * Called by dqusage_adjust in doing a quotacheck. 1022 * 1023 * Given the inode, and a dquot id this updates both the incore dqout as well 1024 * as the buffer copy. This is so that once the quotacheck is done, we can 1025 * just log all the buffers, as opposed to logging numerous updates to 1026 * individual dquots. 1027 */ 1028 STATIC int 1029 xfs_qm_quotacheck_dqadjust( 1030 struct xfs_inode *ip, 1031 xfs_dqid_t id, 1032 uint type, 1033 xfs_qcnt_t nblks, 1034 xfs_qcnt_t rtblks) 1035 { 1036 struct xfs_mount *mp = ip->i_mount; 1037 struct xfs_dquot *dqp; 1038 int error; 1039 1040 error = xfs_qm_dqget(mp, ip, id, type, 1041 XFS_QMOPT_DQALLOC | XFS_QMOPT_DOWARN, &dqp); 1042 if (error) { 1043 /* 1044 * Shouldn't be able to turn off quotas here. 1045 */ 1046 ASSERT(error != -ESRCH); 1047 ASSERT(error != -ENOENT); 1048 return error; 1049 } 1050 1051 trace_xfs_dqadjust(dqp); 1052 1053 /* 1054 * Adjust the inode count and the block count to reflect this inode's 1055 * resource usage. 1056 */ 1057 be64_add_cpu(&dqp->q_core.d_icount, 1); 1058 dqp->q_res_icount++; 1059 if (nblks) { 1060 be64_add_cpu(&dqp->q_core.d_bcount, nblks); 1061 dqp->q_res_bcount += nblks; 1062 } 1063 if (rtblks) { 1064 be64_add_cpu(&dqp->q_core.d_rtbcount, rtblks); 1065 dqp->q_res_rtbcount += rtblks; 1066 } 1067 1068 /* 1069 * Set default limits, adjust timers (since we changed usages) 1070 * 1071 * There are no timers for the default values set in the root dquot. 1072 */ 1073 if (dqp->q_core.d_id) { 1074 xfs_qm_adjust_dqlimits(mp, dqp); 1075 xfs_qm_adjust_dqtimers(mp, &dqp->q_core); 1076 } 1077 1078 dqp->dq_flags |= XFS_DQ_DIRTY; 1079 xfs_qm_dqput(dqp); 1080 return 0; 1081 } 1082 1083 STATIC int 1084 xfs_qm_get_rtblks( 1085 xfs_inode_t *ip, 1086 xfs_qcnt_t *O_rtblks) 1087 { 1088 xfs_filblks_t rtblks; /* total rt blks */ 1089 xfs_extnum_t idx; /* extent record index */ 1090 xfs_ifork_t *ifp; /* inode fork pointer */ 1091 xfs_extnum_t nextents; /* number of extent entries */ 1092 int error; 1093 1094 ASSERT(XFS_IS_REALTIME_INODE(ip)); 1095 ifp = XFS_IFORK_PTR(ip, XFS_DATA_FORK); 1096 if (!(ifp->if_flags & XFS_IFEXTENTS)) { 1097 if ((error = xfs_iread_extents(NULL, ip, XFS_DATA_FORK))) 1098 return error; 1099 } 1100 rtblks = 0; 1101 nextents = ifp->if_bytes / (uint)sizeof(xfs_bmbt_rec_t); 1102 for (idx = 0; idx < nextents; idx++) 1103 rtblks += xfs_bmbt_get_blockcount(xfs_iext_get_ext(ifp, idx)); 1104 *O_rtblks = (xfs_qcnt_t)rtblks; 1105 return 0; 1106 } 1107 1108 /* 1109 * callback routine supplied to bulkstat(). Given an inumber, find its 1110 * dquots and update them to account for resources taken by that inode. 1111 */ 1112 /* ARGSUSED */ 1113 STATIC int 1114 xfs_qm_dqusage_adjust( 1115 xfs_mount_t *mp, /* mount point for filesystem */ 1116 xfs_ino_t ino, /* inode number to get data for */ 1117 void __user *buffer, /* not used */ 1118 int ubsize, /* not used */ 1119 int *ubused, /* not used */ 1120 int *res) /* result code value */ 1121 { 1122 xfs_inode_t *ip; 1123 xfs_qcnt_t nblks, rtblks = 0; 1124 int error; 1125 1126 ASSERT(XFS_IS_QUOTA_RUNNING(mp)); 1127 1128 /* 1129 * rootino must have its resources accounted for, not so with the quota 1130 * inodes. 1131 */ 1132 if (xfs_is_quota_inode(&mp->m_sb, ino)) { 1133 *res = BULKSTAT_RV_NOTHING; 1134 return -EINVAL; 1135 } 1136 1137 /* 1138 * We don't _need_ to take the ilock EXCL. However, the xfs_qm_dqget 1139 * interface expects the inode to be exclusively locked because that's 1140 * the case in all other instances. It's OK that we do this because 1141 * quotacheck is done only at mount time. 1142 */ 1143 error = xfs_iget(mp, NULL, ino, 0, XFS_ILOCK_EXCL, &ip); 1144 if (error) { 1145 *res = BULKSTAT_RV_NOTHING; 1146 return error; 1147 } 1148 1149 ASSERT(ip->i_delayed_blks == 0); 1150 1151 if (XFS_IS_REALTIME_INODE(ip)) { 1152 /* 1153 * Walk thru the extent list and count the realtime blocks. 1154 */ 1155 error = xfs_qm_get_rtblks(ip, &rtblks); 1156 if (error) 1157 goto error0; 1158 } 1159 1160 nblks = (xfs_qcnt_t)ip->i_d.di_nblocks - rtblks; 1161 1162 /* 1163 * Add the (disk blocks and inode) resources occupied by this 1164 * inode to its dquots. We do this adjustment in the incore dquot, 1165 * and also copy the changes to its buffer. 1166 * We don't care about putting these changes in a transaction 1167 * envelope because if we crash in the middle of a 'quotacheck' 1168 * we have to start from the beginning anyway. 1169 * Once we're done, we'll log all the dquot bufs. 1170 * 1171 * The *QUOTA_ON checks below may look pretty racy, but quotachecks 1172 * and quotaoffs don't race. (Quotachecks happen at mount time only). 1173 */ 1174 if (XFS_IS_UQUOTA_ON(mp)) { 1175 error = xfs_qm_quotacheck_dqadjust(ip, ip->i_d.di_uid, 1176 XFS_DQ_USER, nblks, rtblks); 1177 if (error) 1178 goto error0; 1179 } 1180 1181 if (XFS_IS_GQUOTA_ON(mp)) { 1182 error = xfs_qm_quotacheck_dqadjust(ip, ip->i_d.di_gid, 1183 XFS_DQ_GROUP, nblks, rtblks); 1184 if (error) 1185 goto error0; 1186 } 1187 1188 if (XFS_IS_PQUOTA_ON(mp)) { 1189 error = xfs_qm_quotacheck_dqadjust(ip, xfs_get_projid(ip), 1190 XFS_DQ_PROJ, nblks, rtblks); 1191 if (error) 1192 goto error0; 1193 } 1194 1195 xfs_iunlock(ip, XFS_ILOCK_EXCL); 1196 IRELE(ip); 1197 *res = BULKSTAT_RV_DIDONE; 1198 return 0; 1199 1200 error0: 1201 xfs_iunlock(ip, XFS_ILOCK_EXCL); 1202 IRELE(ip); 1203 *res = BULKSTAT_RV_GIVEUP; 1204 return error; 1205 } 1206 1207 STATIC int 1208 xfs_qm_flush_one( 1209 struct xfs_dquot *dqp, 1210 void *data) 1211 { 1212 struct list_head *buffer_list = data; 1213 struct xfs_buf *bp = NULL; 1214 int error = 0; 1215 1216 xfs_dqlock(dqp); 1217 if (dqp->dq_flags & XFS_DQ_FREEING) 1218 goto out_unlock; 1219 if (!XFS_DQ_IS_DIRTY(dqp)) 1220 goto out_unlock; 1221 1222 xfs_dqflock(dqp); 1223 error = xfs_qm_dqflush(dqp, &bp); 1224 if (error) 1225 goto out_unlock; 1226 1227 xfs_buf_delwri_queue(bp, buffer_list); 1228 xfs_buf_relse(bp); 1229 out_unlock: 1230 xfs_dqunlock(dqp); 1231 return error; 1232 } 1233 1234 /* 1235 * Walk thru all the filesystem inodes and construct a consistent view 1236 * of the disk quota world. If the quotacheck fails, disable quotas. 1237 */ 1238 STATIC int 1239 xfs_qm_quotacheck( 1240 xfs_mount_t *mp) 1241 { 1242 int done, count, error, error2; 1243 xfs_ino_t lastino; 1244 size_t structsz; 1245 uint flags; 1246 LIST_HEAD (buffer_list); 1247 struct xfs_inode *uip = mp->m_quotainfo->qi_uquotaip; 1248 struct xfs_inode *gip = mp->m_quotainfo->qi_gquotaip; 1249 struct xfs_inode *pip = mp->m_quotainfo->qi_pquotaip; 1250 1251 count = INT_MAX; 1252 structsz = 1; 1253 lastino = 0; 1254 flags = 0; 1255 1256 ASSERT(uip || gip || pip); 1257 ASSERT(XFS_IS_QUOTA_RUNNING(mp)); 1258 1259 xfs_notice(mp, "Quotacheck needed: Please wait."); 1260 1261 /* 1262 * First we go thru all the dquots on disk, USR and GRP/PRJ, and reset 1263 * their counters to zero. We need a clean slate. 1264 * We don't log our changes till later. 1265 */ 1266 if (uip) { 1267 error = xfs_qm_dqiterate(mp, uip, XFS_QMOPT_UQUOTA, 1268 &buffer_list); 1269 if (error) 1270 goto error_return; 1271 flags |= XFS_UQUOTA_CHKD; 1272 } 1273 1274 if (gip) { 1275 error = xfs_qm_dqiterate(mp, gip, XFS_QMOPT_GQUOTA, 1276 &buffer_list); 1277 if (error) 1278 goto error_return; 1279 flags |= XFS_GQUOTA_CHKD; 1280 } 1281 1282 if (pip) { 1283 error = xfs_qm_dqiterate(mp, pip, XFS_QMOPT_PQUOTA, 1284 &buffer_list); 1285 if (error) 1286 goto error_return; 1287 flags |= XFS_PQUOTA_CHKD; 1288 } 1289 1290 do { 1291 /* 1292 * Iterate thru all the inodes in the file system, 1293 * adjusting the corresponding dquot counters in core. 1294 */ 1295 error = xfs_bulkstat(mp, &lastino, &count, 1296 xfs_qm_dqusage_adjust, 1297 structsz, NULL, &done); 1298 if (error) 1299 break; 1300 1301 } while (!done); 1302 1303 /* 1304 * We've made all the changes that we need to make incore. Flush them 1305 * down to disk buffers if everything was updated successfully. 1306 */ 1307 if (XFS_IS_UQUOTA_ON(mp)) { 1308 error = xfs_qm_dquot_walk(mp, XFS_DQ_USER, xfs_qm_flush_one, 1309 &buffer_list); 1310 } 1311 if (XFS_IS_GQUOTA_ON(mp)) { 1312 error2 = xfs_qm_dquot_walk(mp, XFS_DQ_GROUP, xfs_qm_flush_one, 1313 &buffer_list); 1314 if (!error) 1315 error = error2; 1316 } 1317 if (XFS_IS_PQUOTA_ON(mp)) { 1318 error2 = xfs_qm_dquot_walk(mp, XFS_DQ_PROJ, xfs_qm_flush_one, 1319 &buffer_list); 1320 if (!error) 1321 error = error2; 1322 } 1323 1324 error2 = xfs_buf_delwri_submit(&buffer_list); 1325 if (!error) 1326 error = error2; 1327 1328 /* 1329 * We can get this error if we couldn't do a dquot allocation inside 1330 * xfs_qm_dqusage_adjust (via bulkstat). We don't care about the 1331 * dirty dquots that might be cached, we just want to get rid of them 1332 * and turn quotaoff. The dquots won't be attached to any of the inodes 1333 * at this point (because we intentionally didn't in dqget_noattach). 1334 */ 1335 if (error) { 1336 xfs_qm_dqpurge_all(mp, XFS_QMOPT_QUOTALL); 1337 goto error_return; 1338 } 1339 1340 /* 1341 * If one type of quotas is off, then it will lose its 1342 * quotachecked status, since we won't be doing accounting for 1343 * that type anymore. 1344 */ 1345 mp->m_qflags &= ~XFS_ALL_QUOTA_CHKD; 1346 mp->m_qflags |= flags; 1347 1348 error_return: 1349 while (!list_empty(&buffer_list)) { 1350 struct xfs_buf *bp = 1351 list_first_entry(&buffer_list, struct xfs_buf, b_list); 1352 list_del_init(&bp->b_list); 1353 xfs_buf_relse(bp); 1354 } 1355 1356 if (error) { 1357 xfs_warn(mp, 1358 "Quotacheck: Unsuccessful (Error %d): Disabling quotas.", 1359 error); 1360 /* 1361 * We must turn off quotas. 1362 */ 1363 ASSERT(mp->m_quotainfo != NULL); 1364 xfs_qm_destroy_quotainfo(mp); 1365 if (xfs_mount_reset_sbqflags(mp)) { 1366 xfs_warn(mp, 1367 "Quotacheck: Failed to reset quota flags."); 1368 } 1369 } else 1370 xfs_notice(mp, "Quotacheck: Done."); 1371 return error; 1372 } 1373 1374 /* 1375 * This is called from xfs_mountfs to start quotas and initialize all 1376 * necessary data structures like quotainfo. This is also responsible for 1377 * running a quotacheck as necessary. We are guaranteed that the superblock 1378 * is consistently read in at this point. 1379 * 1380 * If we fail here, the mount will continue with quota turned off. We don't 1381 * need to inidicate success or failure at all. 1382 */ 1383 void 1384 xfs_qm_mount_quotas( 1385 struct xfs_mount *mp) 1386 { 1387 int error = 0; 1388 uint sbf; 1389 1390 /* 1391 * If quotas on realtime volumes is not supported, we disable 1392 * quotas immediately. 1393 */ 1394 if (mp->m_sb.sb_rextents) { 1395 xfs_notice(mp, "Cannot turn on quotas for realtime filesystem"); 1396 mp->m_qflags = 0; 1397 goto write_changes; 1398 } 1399 1400 ASSERT(XFS_IS_QUOTA_RUNNING(mp)); 1401 1402 /* 1403 * Allocate the quotainfo structure inside the mount struct, and 1404 * create quotainode(s), and change/rev superblock if necessary. 1405 */ 1406 error = xfs_qm_init_quotainfo(mp); 1407 if (error) { 1408 /* 1409 * We must turn off quotas. 1410 */ 1411 ASSERT(mp->m_quotainfo == NULL); 1412 mp->m_qflags = 0; 1413 goto write_changes; 1414 } 1415 /* 1416 * If any of the quotas are not consistent, do a quotacheck. 1417 */ 1418 if (XFS_QM_NEED_QUOTACHECK(mp)) { 1419 error = xfs_qm_quotacheck(mp); 1420 if (error) { 1421 /* Quotacheck failed and disabled quotas. */ 1422 return; 1423 } 1424 } 1425 /* 1426 * If one type of quotas is off, then it will lose its 1427 * quotachecked status, since we won't be doing accounting for 1428 * that type anymore. 1429 */ 1430 if (!XFS_IS_UQUOTA_ON(mp)) 1431 mp->m_qflags &= ~XFS_UQUOTA_CHKD; 1432 if (!XFS_IS_GQUOTA_ON(mp)) 1433 mp->m_qflags &= ~XFS_GQUOTA_CHKD; 1434 if (!XFS_IS_PQUOTA_ON(mp)) 1435 mp->m_qflags &= ~XFS_PQUOTA_CHKD; 1436 1437 write_changes: 1438 /* 1439 * We actually don't have to acquire the m_sb_lock at all. 1440 * This can only be called from mount, and that's single threaded. XXX 1441 */ 1442 spin_lock(&mp->m_sb_lock); 1443 sbf = mp->m_sb.sb_qflags; 1444 mp->m_sb.sb_qflags = mp->m_qflags & XFS_MOUNT_QUOTA_ALL; 1445 spin_unlock(&mp->m_sb_lock); 1446 1447 if (sbf != (mp->m_qflags & XFS_MOUNT_QUOTA_ALL)) { 1448 if (xfs_sync_sb(mp, false)) { 1449 /* 1450 * We could only have been turning quotas off. 1451 * We aren't in very good shape actually because 1452 * the incore structures are convinced that quotas are 1453 * off, but the on disk superblock doesn't know that ! 1454 */ 1455 ASSERT(!(XFS_IS_QUOTA_RUNNING(mp))); 1456 xfs_alert(mp, "%s: Superblock update failed!", 1457 __func__); 1458 } 1459 } 1460 1461 if (error) { 1462 xfs_warn(mp, "Failed to initialize disk quotas."); 1463 return; 1464 } 1465 } 1466 1467 /* 1468 * This is called after the superblock has been read in and we're ready to 1469 * iget the quota inodes. 1470 */ 1471 STATIC int 1472 xfs_qm_init_quotainos( 1473 xfs_mount_t *mp) 1474 { 1475 struct xfs_inode *uip = NULL; 1476 struct xfs_inode *gip = NULL; 1477 struct xfs_inode *pip = NULL; 1478 int error; 1479 uint flags = 0; 1480 1481 ASSERT(mp->m_quotainfo); 1482 1483 /* 1484 * Get the uquota and gquota inodes 1485 */ 1486 if (xfs_sb_version_hasquota(&mp->m_sb)) { 1487 if (XFS_IS_UQUOTA_ON(mp) && 1488 mp->m_sb.sb_uquotino != NULLFSINO) { 1489 ASSERT(mp->m_sb.sb_uquotino > 0); 1490 error = xfs_iget(mp, NULL, mp->m_sb.sb_uquotino, 1491 0, 0, &uip); 1492 if (error) 1493 return error; 1494 } 1495 if (XFS_IS_GQUOTA_ON(mp) && 1496 mp->m_sb.sb_gquotino != NULLFSINO) { 1497 ASSERT(mp->m_sb.sb_gquotino > 0); 1498 error = xfs_iget(mp, NULL, mp->m_sb.sb_gquotino, 1499 0, 0, &gip); 1500 if (error) 1501 goto error_rele; 1502 } 1503 if (XFS_IS_PQUOTA_ON(mp) && 1504 mp->m_sb.sb_pquotino != NULLFSINO) { 1505 ASSERT(mp->m_sb.sb_pquotino > 0); 1506 error = xfs_iget(mp, NULL, mp->m_sb.sb_pquotino, 1507 0, 0, &pip); 1508 if (error) 1509 goto error_rele; 1510 } 1511 } else { 1512 flags |= XFS_QMOPT_SBVERSION; 1513 } 1514 1515 /* 1516 * Create the three inodes, if they don't exist already. The changes 1517 * made above will get added to a transaction and logged in one of 1518 * the qino_alloc calls below. If the device is readonly, 1519 * temporarily switch to read-write to do this. 1520 */ 1521 if (XFS_IS_UQUOTA_ON(mp) && uip == NULL) { 1522 error = xfs_qm_qino_alloc(mp, &uip, 1523 flags | XFS_QMOPT_UQUOTA); 1524 if (error) 1525 goto error_rele; 1526 1527 flags &= ~XFS_QMOPT_SBVERSION; 1528 } 1529 if (XFS_IS_GQUOTA_ON(mp) && gip == NULL) { 1530 error = xfs_qm_qino_alloc(mp, &gip, 1531 flags | XFS_QMOPT_GQUOTA); 1532 if (error) 1533 goto error_rele; 1534 1535 flags &= ~XFS_QMOPT_SBVERSION; 1536 } 1537 if (XFS_IS_PQUOTA_ON(mp) && pip == NULL) { 1538 error = xfs_qm_qino_alloc(mp, &pip, 1539 flags | XFS_QMOPT_PQUOTA); 1540 if (error) 1541 goto error_rele; 1542 } 1543 1544 mp->m_quotainfo->qi_uquotaip = uip; 1545 mp->m_quotainfo->qi_gquotaip = gip; 1546 mp->m_quotainfo->qi_pquotaip = pip; 1547 1548 return 0; 1549 1550 error_rele: 1551 if (uip) 1552 IRELE(uip); 1553 if (gip) 1554 IRELE(gip); 1555 if (pip) 1556 IRELE(pip); 1557 return error; 1558 } 1559 1560 STATIC void 1561 xfs_qm_dqfree_one( 1562 struct xfs_dquot *dqp) 1563 { 1564 struct xfs_mount *mp = dqp->q_mount; 1565 struct xfs_quotainfo *qi = mp->m_quotainfo; 1566 1567 mutex_lock(&qi->qi_tree_lock); 1568 radix_tree_delete(xfs_dquot_tree(qi, dqp->q_core.d_flags), 1569 be32_to_cpu(dqp->q_core.d_id)); 1570 1571 qi->qi_dquots--; 1572 mutex_unlock(&qi->qi_tree_lock); 1573 1574 xfs_qm_dqdestroy(dqp); 1575 } 1576 1577 /* --------------- utility functions for vnodeops ---------------- */ 1578 1579 1580 /* 1581 * Given an inode, a uid, gid and prid make sure that we have 1582 * allocated relevant dquot(s) on disk, and that we won't exceed inode 1583 * quotas by creating this file. 1584 * This also attaches dquot(s) to the given inode after locking it, 1585 * and returns the dquots corresponding to the uid and/or gid. 1586 * 1587 * in : inode (unlocked) 1588 * out : udquot, gdquot with references taken and unlocked 1589 */ 1590 int 1591 xfs_qm_vop_dqalloc( 1592 struct xfs_inode *ip, 1593 xfs_dqid_t uid, 1594 xfs_dqid_t gid, 1595 prid_t prid, 1596 uint flags, 1597 struct xfs_dquot **O_udqpp, 1598 struct xfs_dquot **O_gdqpp, 1599 struct xfs_dquot **O_pdqpp) 1600 { 1601 struct xfs_mount *mp = ip->i_mount; 1602 struct xfs_dquot *uq = NULL; 1603 struct xfs_dquot *gq = NULL; 1604 struct xfs_dquot *pq = NULL; 1605 int error; 1606 uint lockflags; 1607 1608 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp)) 1609 return 0; 1610 1611 lockflags = XFS_ILOCK_EXCL; 1612 xfs_ilock(ip, lockflags); 1613 1614 if ((flags & XFS_QMOPT_INHERIT) && XFS_INHERIT_GID(ip)) 1615 gid = ip->i_d.di_gid; 1616 1617 /* 1618 * Attach the dquot(s) to this inode, doing a dquot allocation 1619 * if necessary. The dquot(s) will not be locked. 1620 */ 1621 if (XFS_NOT_DQATTACHED(mp, ip)) { 1622 error = xfs_qm_dqattach_locked(ip, XFS_QMOPT_DQALLOC); 1623 if (error) { 1624 xfs_iunlock(ip, lockflags); 1625 return error; 1626 } 1627 } 1628 1629 if ((flags & XFS_QMOPT_UQUOTA) && XFS_IS_UQUOTA_ON(mp)) { 1630 if (ip->i_d.di_uid != uid) { 1631 /* 1632 * What we need is the dquot that has this uid, and 1633 * if we send the inode to dqget, the uid of the inode 1634 * takes priority over what's sent in the uid argument. 1635 * We must unlock inode here before calling dqget if 1636 * we're not sending the inode, because otherwise 1637 * we'll deadlock by doing trans_reserve while 1638 * holding ilock. 1639 */ 1640 xfs_iunlock(ip, lockflags); 1641 error = xfs_qm_dqget(mp, NULL, uid, 1642 XFS_DQ_USER, 1643 XFS_QMOPT_DQALLOC | 1644 XFS_QMOPT_DOWARN, 1645 &uq); 1646 if (error) { 1647 ASSERT(error != -ENOENT); 1648 return error; 1649 } 1650 /* 1651 * Get the ilock in the right order. 1652 */ 1653 xfs_dqunlock(uq); 1654 lockflags = XFS_ILOCK_SHARED; 1655 xfs_ilock(ip, lockflags); 1656 } else { 1657 /* 1658 * Take an extra reference, because we'll return 1659 * this to caller 1660 */ 1661 ASSERT(ip->i_udquot); 1662 uq = xfs_qm_dqhold(ip->i_udquot); 1663 } 1664 } 1665 if ((flags & XFS_QMOPT_GQUOTA) && XFS_IS_GQUOTA_ON(mp)) { 1666 if (ip->i_d.di_gid != gid) { 1667 xfs_iunlock(ip, lockflags); 1668 error = xfs_qm_dqget(mp, NULL, gid, 1669 XFS_DQ_GROUP, 1670 XFS_QMOPT_DQALLOC | 1671 XFS_QMOPT_DOWARN, 1672 &gq); 1673 if (error) { 1674 ASSERT(error != -ENOENT); 1675 goto error_rele; 1676 } 1677 xfs_dqunlock(gq); 1678 lockflags = XFS_ILOCK_SHARED; 1679 xfs_ilock(ip, lockflags); 1680 } else { 1681 ASSERT(ip->i_gdquot); 1682 gq = xfs_qm_dqhold(ip->i_gdquot); 1683 } 1684 } 1685 if ((flags & XFS_QMOPT_PQUOTA) && XFS_IS_PQUOTA_ON(mp)) { 1686 if (xfs_get_projid(ip) != prid) { 1687 xfs_iunlock(ip, lockflags); 1688 error = xfs_qm_dqget(mp, NULL, (xfs_dqid_t)prid, 1689 XFS_DQ_PROJ, 1690 XFS_QMOPT_DQALLOC | 1691 XFS_QMOPT_DOWARN, 1692 &pq); 1693 if (error) { 1694 ASSERT(error != -ENOENT); 1695 goto error_rele; 1696 } 1697 xfs_dqunlock(pq); 1698 lockflags = XFS_ILOCK_SHARED; 1699 xfs_ilock(ip, lockflags); 1700 } else { 1701 ASSERT(ip->i_pdquot); 1702 pq = xfs_qm_dqhold(ip->i_pdquot); 1703 } 1704 } 1705 if (uq) 1706 trace_xfs_dquot_dqalloc(ip); 1707 1708 xfs_iunlock(ip, lockflags); 1709 if (O_udqpp) 1710 *O_udqpp = uq; 1711 else 1712 xfs_qm_dqrele(uq); 1713 if (O_gdqpp) 1714 *O_gdqpp = gq; 1715 else 1716 xfs_qm_dqrele(gq); 1717 if (O_pdqpp) 1718 *O_pdqpp = pq; 1719 else 1720 xfs_qm_dqrele(pq); 1721 return 0; 1722 1723 error_rele: 1724 xfs_qm_dqrele(gq); 1725 xfs_qm_dqrele(uq); 1726 return error; 1727 } 1728 1729 /* 1730 * Actually transfer ownership, and do dquot modifications. 1731 * These were already reserved. 1732 */ 1733 xfs_dquot_t * 1734 xfs_qm_vop_chown( 1735 xfs_trans_t *tp, 1736 xfs_inode_t *ip, 1737 xfs_dquot_t **IO_olddq, 1738 xfs_dquot_t *newdq) 1739 { 1740 xfs_dquot_t *prevdq; 1741 uint bfield = XFS_IS_REALTIME_INODE(ip) ? 1742 XFS_TRANS_DQ_RTBCOUNT : XFS_TRANS_DQ_BCOUNT; 1743 1744 1745 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 1746 ASSERT(XFS_IS_QUOTA_RUNNING(ip->i_mount)); 1747 1748 /* old dquot */ 1749 prevdq = *IO_olddq; 1750 ASSERT(prevdq); 1751 ASSERT(prevdq != newdq); 1752 1753 xfs_trans_mod_dquot(tp, prevdq, bfield, -(ip->i_d.di_nblocks)); 1754 xfs_trans_mod_dquot(tp, prevdq, XFS_TRANS_DQ_ICOUNT, -1); 1755 1756 /* the sparkling new dquot */ 1757 xfs_trans_mod_dquot(tp, newdq, bfield, ip->i_d.di_nblocks); 1758 xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_ICOUNT, 1); 1759 1760 /* 1761 * Take an extra reference, because the inode is going to keep 1762 * this dquot pointer even after the trans_commit. 1763 */ 1764 *IO_olddq = xfs_qm_dqhold(newdq); 1765 1766 return prevdq; 1767 } 1768 1769 /* 1770 * Quota reservations for setattr(AT_UID|AT_GID|AT_PROJID). 1771 */ 1772 int 1773 xfs_qm_vop_chown_reserve( 1774 struct xfs_trans *tp, 1775 struct xfs_inode *ip, 1776 struct xfs_dquot *udqp, 1777 struct xfs_dquot *gdqp, 1778 struct xfs_dquot *pdqp, 1779 uint flags) 1780 { 1781 struct xfs_mount *mp = ip->i_mount; 1782 uint delblks, blkflags, prjflags = 0; 1783 struct xfs_dquot *udq_unres = NULL; 1784 struct xfs_dquot *gdq_unres = NULL; 1785 struct xfs_dquot *pdq_unres = NULL; 1786 struct xfs_dquot *udq_delblks = NULL; 1787 struct xfs_dquot *gdq_delblks = NULL; 1788 struct xfs_dquot *pdq_delblks = NULL; 1789 int error; 1790 1791 1792 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL|XFS_ILOCK_SHARED)); 1793 ASSERT(XFS_IS_QUOTA_RUNNING(mp)); 1794 1795 delblks = ip->i_delayed_blks; 1796 blkflags = XFS_IS_REALTIME_INODE(ip) ? 1797 XFS_QMOPT_RES_RTBLKS : XFS_QMOPT_RES_REGBLKS; 1798 1799 if (XFS_IS_UQUOTA_ON(mp) && udqp && 1800 ip->i_d.di_uid != be32_to_cpu(udqp->q_core.d_id)) { 1801 udq_delblks = udqp; 1802 /* 1803 * If there are delayed allocation blocks, then we have to 1804 * unreserve those from the old dquot, and add them to the 1805 * new dquot. 1806 */ 1807 if (delblks) { 1808 ASSERT(ip->i_udquot); 1809 udq_unres = ip->i_udquot; 1810 } 1811 } 1812 if (XFS_IS_GQUOTA_ON(ip->i_mount) && gdqp && 1813 ip->i_d.di_gid != be32_to_cpu(gdqp->q_core.d_id)) { 1814 gdq_delblks = gdqp; 1815 if (delblks) { 1816 ASSERT(ip->i_gdquot); 1817 gdq_unres = ip->i_gdquot; 1818 } 1819 } 1820 1821 if (XFS_IS_PQUOTA_ON(ip->i_mount) && pdqp && 1822 xfs_get_projid(ip) != be32_to_cpu(pdqp->q_core.d_id)) { 1823 prjflags = XFS_QMOPT_ENOSPC; 1824 pdq_delblks = pdqp; 1825 if (delblks) { 1826 ASSERT(ip->i_pdquot); 1827 pdq_unres = ip->i_pdquot; 1828 } 1829 } 1830 1831 error = xfs_trans_reserve_quota_bydquots(tp, ip->i_mount, 1832 udq_delblks, gdq_delblks, pdq_delblks, 1833 ip->i_d.di_nblocks, 1, 1834 flags | blkflags | prjflags); 1835 if (error) 1836 return error; 1837 1838 /* 1839 * Do the delayed blks reservations/unreservations now. Since, these 1840 * are done without the help of a transaction, if a reservation fails 1841 * its previous reservations won't be automatically undone by trans 1842 * code. So, we have to do it manually here. 1843 */ 1844 if (delblks) { 1845 /* 1846 * Do the reservations first. Unreservation can't fail. 1847 */ 1848 ASSERT(udq_delblks || gdq_delblks || pdq_delblks); 1849 ASSERT(udq_unres || gdq_unres || pdq_unres); 1850 error = xfs_trans_reserve_quota_bydquots(NULL, ip->i_mount, 1851 udq_delblks, gdq_delblks, pdq_delblks, 1852 (xfs_qcnt_t)delblks, 0, 1853 flags | blkflags | prjflags); 1854 if (error) 1855 return error; 1856 xfs_trans_reserve_quota_bydquots(NULL, ip->i_mount, 1857 udq_unres, gdq_unres, pdq_unres, 1858 -((xfs_qcnt_t)delblks), 0, blkflags); 1859 } 1860 1861 return 0; 1862 } 1863 1864 int 1865 xfs_qm_vop_rename_dqattach( 1866 struct xfs_inode **i_tab) 1867 { 1868 struct xfs_mount *mp = i_tab[0]->i_mount; 1869 int i; 1870 1871 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp)) 1872 return 0; 1873 1874 for (i = 0; (i < 4 && i_tab[i]); i++) { 1875 struct xfs_inode *ip = i_tab[i]; 1876 int error; 1877 1878 /* 1879 * Watch out for duplicate entries in the table. 1880 */ 1881 if (i == 0 || ip != i_tab[i-1]) { 1882 if (XFS_NOT_DQATTACHED(mp, ip)) { 1883 error = xfs_qm_dqattach(ip, 0); 1884 if (error) 1885 return error; 1886 } 1887 } 1888 } 1889 return 0; 1890 } 1891 1892 void 1893 xfs_qm_vop_create_dqattach( 1894 struct xfs_trans *tp, 1895 struct xfs_inode *ip, 1896 struct xfs_dquot *udqp, 1897 struct xfs_dquot *gdqp, 1898 struct xfs_dquot *pdqp) 1899 { 1900 struct xfs_mount *mp = tp->t_mountp; 1901 1902 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp)) 1903 return; 1904 1905 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL)); 1906 ASSERT(XFS_IS_QUOTA_RUNNING(mp)); 1907 1908 if (udqp && XFS_IS_UQUOTA_ON(mp)) { 1909 ASSERT(ip->i_udquot == NULL); 1910 ASSERT(ip->i_d.di_uid == be32_to_cpu(udqp->q_core.d_id)); 1911 1912 ip->i_udquot = xfs_qm_dqhold(udqp); 1913 xfs_trans_mod_dquot(tp, udqp, XFS_TRANS_DQ_ICOUNT, 1); 1914 } 1915 if (gdqp && XFS_IS_GQUOTA_ON(mp)) { 1916 ASSERT(ip->i_gdquot == NULL); 1917 ASSERT(ip->i_d.di_gid == be32_to_cpu(gdqp->q_core.d_id)); 1918 ip->i_gdquot = xfs_qm_dqhold(gdqp); 1919 xfs_trans_mod_dquot(tp, gdqp, XFS_TRANS_DQ_ICOUNT, 1); 1920 } 1921 if (pdqp && XFS_IS_PQUOTA_ON(mp)) { 1922 ASSERT(ip->i_pdquot == NULL); 1923 ASSERT(xfs_get_projid(ip) == be32_to_cpu(pdqp->q_core.d_id)); 1924 1925 ip->i_pdquot = xfs_qm_dqhold(pdqp); 1926 xfs_trans_mod_dquot(tp, pdqp, XFS_TRANS_DQ_ICOUNT, 1); 1927 } 1928 } 1929 1930