1 | // SPDX-License-Identifier: GPL-2.0 |
2 | /* |
3 | * Copyright (c) 2000-2005 Silicon Graphics, Inc. |
4 | * All Rights Reserved. |
5 | */ |
6 | #include "xfs.h" |
7 | #include "xfs_fs.h" |
8 | #include "xfs_shared.h" |
9 | #include "xfs_format.h" |
10 | #include "xfs_log_format.h" |
11 | #include "xfs_trans_resv.h" |
12 | #include "xfs_bit.h" |
13 | #include "xfs_sb.h" |
14 | #include "xfs_mount.h" |
15 | #include "xfs_inode.h" |
16 | #include "xfs_iwalk.h" |
17 | #include "xfs_quota.h" |
18 | #include "xfs_bmap.h" |
19 | #include "xfs_bmap_util.h" |
20 | #include "xfs_trans.h" |
21 | #include "xfs_trans_space.h" |
22 | #include "xfs_qm.h" |
23 | #include "xfs_trace.h" |
24 | #include "xfs_icache.h" |
25 | #include "xfs_error.h" |
26 | #include "xfs_ag.h" |
27 | #include "xfs_ialloc.h" |
28 | #include "xfs_log_priv.h" |
29 | #include "xfs_health.h" |
30 | |
31 | /* |
32 | * The global quota manager. There is only one of these for the entire |
33 | * system, _not_ one per file system. XQM keeps track of the overall |
34 | * quota functionality, including maintaining the freelist and hash |
35 | * tables of dquots. |
36 | */ |
37 | STATIC int xfs_qm_init_quotainos(struct xfs_mount *mp); |
38 | STATIC int xfs_qm_init_quotainfo(struct xfs_mount *mp); |
39 | |
40 | STATIC void xfs_qm_destroy_quotainos(struct xfs_quotainfo *qi); |
41 | STATIC void xfs_qm_dqfree_one(struct xfs_dquot *dqp); |
42 | /* |
43 | * We use the batch lookup interface to iterate over the dquots as it |
44 | * currently is the only interface into the radix tree code that allows |
45 | * fuzzy lookups instead of exact matches. Holding the lock over multiple |
46 | * operations is fine as all callers are used either during mount/umount |
47 | * or quotaoff. |
48 | */ |
49 | #define XFS_DQ_LOOKUP_BATCH 32 |
50 | |
51 | STATIC int |
52 | xfs_qm_dquot_walk( |
53 | struct xfs_mount *mp, |
54 | xfs_dqtype_t type, |
55 | int (*execute)(struct xfs_dquot *dqp, void *data), |
56 | void *data) |
57 | { |
58 | struct xfs_quotainfo *qi = mp->m_quotainfo; |
59 | struct radix_tree_root *tree = xfs_dquot_tree(qi, type); |
60 | uint32_t next_index; |
61 | int last_error = 0; |
62 | int skipped; |
63 | int nr_found; |
64 | |
65 | restart: |
66 | skipped = 0; |
67 | next_index = 0; |
68 | nr_found = 0; |
69 | |
70 | while (1) { |
71 | struct xfs_dquot *batch[XFS_DQ_LOOKUP_BATCH]; |
72 | int error; |
73 | int i; |
74 | |
75 | mutex_lock(&qi->qi_tree_lock); |
76 | nr_found = radix_tree_gang_lookup(tree, results: (void **)batch, |
77 | first_index: next_index, XFS_DQ_LOOKUP_BATCH); |
78 | if (!nr_found) { |
79 | mutex_unlock(lock: &qi->qi_tree_lock); |
80 | break; |
81 | } |
82 | |
83 | for (i = 0; i < nr_found; i++) { |
84 | struct xfs_dquot *dqp = batch[i]; |
85 | |
86 | next_index = dqp->q_id + 1; |
87 | |
88 | error = execute(batch[i], data); |
89 | if (error == -EAGAIN) { |
90 | skipped++; |
91 | continue; |
92 | } |
93 | if (error && last_error != -EFSCORRUPTED) |
94 | last_error = error; |
95 | } |
96 | |
97 | mutex_unlock(lock: &qi->qi_tree_lock); |
98 | |
99 | /* bail out if the filesystem is corrupted. */ |
100 | if (last_error == -EFSCORRUPTED) { |
101 | skipped = 0; |
102 | break; |
103 | } |
104 | /* we're done if id overflows back to zero */ |
105 | if (!next_index) |
106 | break; |
107 | } |
108 | |
109 | if (skipped) { |
110 | delay(ticks: 1); |
111 | goto restart; |
112 | } |
113 | |
114 | return last_error; |
115 | } |
116 | |
117 | |
118 | /* |
119 | * Purge a dquot from all tracking data structures and free it. |
120 | */ |
121 | STATIC int |
122 | xfs_qm_dqpurge( |
123 | struct xfs_dquot *dqp, |
124 | void *data) |
125 | { |
126 | struct xfs_quotainfo *qi = dqp->q_mount->m_quotainfo; |
127 | int error = -EAGAIN; |
128 | |
129 | xfs_dqlock(dqp); |
130 | if ((dqp->q_flags & XFS_DQFLAG_FREEING) || dqp->q_nrefs != 0) |
131 | goto out_unlock; |
132 | |
133 | dqp->q_flags |= XFS_DQFLAG_FREEING; |
134 | |
135 | xfs_dqflock(dqp); |
136 | |
137 | /* |
138 | * If we are turning this type of quotas off, we don't care |
139 | * about the dirty metadata sitting in this dquot. OTOH, if |
140 | * we're unmounting, we do care, so we flush it and wait. |
141 | */ |
142 | if (XFS_DQ_IS_DIRTY(dqp)) { |
143 | struct xfs_buf *bp = NULL; |
144 | |
145 | /* |
146 | * We don't care about getting disk errors here. We need |
147 | * to purge this dquot anyway, so we go ahead regardless. |
148 | */ |
149 | error = xfs_qm_dqflush(dqp, bpp: &bp); |
150 | if (!error) { |
151 | error = xfs_bwrite(bp); |
152 | xfs_buf_relse(bp); |
153 | } else if (error == -EAGAIN) { |
154 | dqp->q_flags &= ~XFS_DQFLAG_FREEING; |
155 | goto out_unlock; |
156 | } |
157 | xfs_dqflock(dqp); |
158 | } |
159 | |
160 | ASSERT(atomic_read(&dqp->q_pincount) == 0); |
161 | ASSERT(xlog_is_shutdown(dqp->q_logitem.qli_item.li_log) || |
162 | !test_bit(XFS_LI_IN_AIL, &dqp->q_logitem.qli_item.li_flags)); |
163 | |
164 | xfs_dqfunlock(dqp); |
165 | xfs_dqunlock(dqp); |
166 | |
167 | radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id); |
168 | qi->qi_dquots--; |
169 | |
170 | /* |
171 | * We move dquots to the freelist as soon as their reference count |
172 | * hits zero, so it really should be on the freelist here. |
173 | */ |
174 | ASSERT(!list_empty(&dqp->q_lru)); |
175 | list_lru_del_obj(lru: &qi->qi_lru, item: &dqp->q_lru); |
176 | XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused); |
177 | |
178 | xfs_qm_dqdestroy(dqp); |
179 | return 0; |
180 | |
181 | out_unlock: |
182 | xfs_dqunlock(dqp); |
183 | return error; |
184 | } |
185 | |
186 | /* |
187 | * Purge the dquot cache. |
188 | */ |
189 | static void |
190 | xfs_qm_dqpurge_all( |
191 | struct xfs_mount *mp) |
192 | { |
193 | xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_dqpurge, NULL); |
194 | xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_dqpurge, NULL); |
195 | xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_dqpurge, NULL); |
196 | } |
197 | |
198 | /* |
199 | * Just destroy the quotainfo structure. |
200 | */ |
201 | void |
202 | xfs_qm_unmount( |
203 | struct xfs_mount *mp) |
204 | { |
205 | if (mp->m_quotainfo) { |
206 | xfs_qm_dqpurge_all(mp); |
207 | xfs_qm_destroy_quotainfo(mp); |
208 | } |
209 | } |
210 | |
211 | /* |
212 | * Called from the vfsops layer. |
213 | */ |
214 | void |
215 | xfs_qm_unmount_quotas( |
216 | xfs_mount_t *mp) |
217 | { |
218 | /* |
219 | * Release the dquots that root inode, et al might be holding, |
220 | * before we flush quotas and blow away the quotainfo structure. |
221 | */ |
222 | ASSERT(mp->m_rootip); |
223 | xfs_qm_dqdetach(mp->m_rootip); |
224 | if (mp->m_rbmip) |
225 | xfs_qm_dqdetach(mp->m_rbmip); |
226 | if (mp->m_rsumip) |
227 | xfs_qm_dqdetach(mp->m_rsumip); |
228 | |
229 | /* |
230 | * Release the quota inodes. |
231 | */ |
232 | if (mp->m_quotainfo) { |
233 | if (mp->m_quotainfo->qi_uquotaip) { |
234 | xfs_irele(ip: mp->m_quotainfo->qi_uquotaip); |
235 | mp->m_quotainfo->qi_uquotaip = NULL; |
236 | } |
237 | if (mp->m_quotainfo->qi_gquotaip) { |
238 | xfs_irele(ip: mp->m_quotainfo->qi_gquotaip); |
239 | mp->m_quotainfo->qi_gquotaip = NULL; |
240 | } |
241 | if (mp->m_quotainfo->qi_pquotaip) { |
242 | xfs_irele(ip: mp->m_quotainfo->qi_pquotaip); |
243 | mp->m_quotainfo->qi_pquotaip = NULL; |
244 | } |
245 | } |
246 | } |
247 | |
248 | STATIC int |
249 | xfs_qm_dqattach_one( |
250 | struct xfs_inode *ip, |
251 | xfs_dqtype_t type, |
252 | bool doalloc, |
253 | struct xfs_dquot **IO_idqpp) |
254 | { |
255 | struct xfs_dquot *dqp; |
256 | int error; |
257 | |
258 | xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); |
259 | error = 0; |
260 | |
261 | /* |
262 | * See if we already have it in the inode itself. IO_idqpp is &i_udquot |
263 | * or &i_gdquot. This made the code look weird, but made the logic a lot |
264 | * simpler. |
265 | */ |
266 | dqp = *IO_idqpp; |
267 | if (dqp) { |
268 | trace_xfs_dqattach_found(dqp); |
269 | return 0; |
270 | } |
271 | |
272 | /* |
273 | * Find the dquot from somewhere. This bumps the reference count of |
274 | * dquot and returns it locked. This can return ENOENT if dquot didn't |
275 | * exist on disk and we didn't ask it to allocate; ESRCH if quotas got |
276 | * turned off suddenly. |
277 | */ |
278 | error = xfs_qm_dqget_inode(ip, type, doalloc, &dqp); |
279 | if (error) |
280 | return error; |
281 | |
282 | trace_xfs_dqattach_get(dqp); |
283 | |
284 | /* |
285 | * dqget may have dropped and re-acquired the ilock, but it guarantees |
286 | * that the dquot returned is the one that should go in the inode. |
287 | */ |
288 | *IO_idqpp = dqp; |
289 | xfs_dqunlock(dqp); |
290 | return 0; |
291 | } |
292 | |
293 | static bool |
294 | xfs_qm_need_dqattach( |
295 | struct xfs_inode *ip) |
296 | { |
297 | struct xfs_mount *mp = ip->i_mount; |
298 | |
299 | if (!XFS_IS_QUOTA_ON(mp)) |
300 | return false; |
301 | if (!XFS_NOT_DQATTACHED(mp, ip)) |
302 | return false; |
303 | if (xfs_is_quota_inode(&mp->m_sb, ip->i_ino)) |
304 | return false; |
305 | return true; |
306 | } |
307 | |
308 | /* |
309 | * Given a locked inode, attach dquot(s) to it, taking U/G/P-QUOTAON |
310 | * into account. |
311 | * If @doalloc is true, the dquot(s) will be allocated if needed. |
312 | * Inode may get unlocked and relocked in here, and the caller must deal with |
313 | * the consequences. |
314 | */ |
315 | int |
316 | xfs_qm_dqattach_locked( |
317 | xfs_inode_t *ip, |
318 | bool doalloc) |
319 | { |
320 | xfs_mount_t *mp = ip->i_mount; |
321 | int error = 0; |
322 | |
323 | if (!xfs_qm_need_dqattach(ip)) |
324 | return 0; |
325 | |
326 | xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); |
327 | |
328 | if (XFS_IS_UQUOTA_ON(mp) && !ip->i_udquot) { |
329 | error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_USER, |
330 | doalloc, &ip->i_udquot); |
331 | if (error) |
332 | goto done; |
333 | ASSERT(ip->i_udquot); |
334 | } |
335 | |
336 | if (XFS_IS_GQUOTA_ON(mp) && !ip->i_gdquot) { |
337 | error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_GROUP, |
338 | doalloc, &ip->i_gdquot); |
339 | if (error) |
340 | goto done; |
341 | ASSERT(ip->i_gdquot); |
342 | } |
343 | |
344 | if (XFS_IS_PQUOTA_ON(mp) && !ip->i_pdquot) { |
345 | error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_PROJ, |
346 | doalloc, &ip->i_pdquot); |
347 | if (error) |
348 | goto done; |
349 | ASSERT(ip->i_pdquot); |
350 | } |
351 | |
352 | done: |
353 | /* |
354 | * Don't worry about the dquots that we may have attached before any |
355 | * error - they'll get detached later if it has not already been done. |
356 | */ |
357 | xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); |
358 | return error; |
359 | } |
360 | |
361 | int |
362 | xfs_qm_dqattach( |
363 | struct xfs_inode *ip) |
364 | { |
365 | int error; |
366 | |
367 | if (!xfs_qm_need_dqattach(ip)) |
368 | return 0; |
369 | |
370 | xfs_ilock(ip, XFS_ILOCK_EXCL); |
371 | error = xfs_qm_dqattach_locked(ip, doalloc: false); |
372 | xfs_iunlock(ip, XFS_ILOCK_EXCL); |
373 | |
374 | return error; |
375 | } |
376 | |
377 | /* |
378 | * Release dquots (and their references) if any. |
379 | * The inode should be locked EXCL except when this's called by |
380 | * xfs_ireclaim. |
381 | */ |
382 | void |
383 | xfs_qm_dqdetach( |
384 | xfs_inode_t *ip) |
385 | { |
386 | if (!(ip->i_udquot || ip->i_gdquot || ip->i_pdquot)) |
387 | return; |
388 | |
389 | trace_xfs_dquot_dqdetach(ip); |
390 | |
391 | ASSERT(!xfs_is_quota_inode(&ip->i_mount->m_sb, ip->i_ino)); |
392 | if (ip->i_udquot) { |
393 | xfs_qm_dqrele(ip->i_udquot); |
394 | ip->i_udquot = NULL; |
395 | } |
396 | if (ip->i_gdquot) { |
397 | xfs_qm_dqrele(ip->i_gdquot); |
398 | ip->i_gdquot = NULL; |
399 | } |
400 | if (ip->i_pdquot) { |
401 | xfs_qm_dqrele(ip->i_pdquot); |
402 | ip->i_pdquot = NULL; |
403 | } |
404 | } |
405 | |
406 | struct xfs_qm_isolate { |
407 | struct list_head buffers; |
408 | struct list_head dispose; |
409 | }; |
410 | |
411 | static enum lru_status |
412 | xfs_qm_dquot_isolate( |
413 | struct list_head *item, |
414 | struct list_lru_one *lru, |
415 | spinlock_t *lru_lock, |
416 | void *arg) |
417 | __releases(lru_lock) __acquires(lru_lock) |
418 | { |
419 | struct xfs_dquot *dqp = container_of(item, |
420 | struct xfs_dquot, q_lru); |
421 | struct xfs_qm_isolate *isol = arg; |
422 | |
423 | if (!xfs_dqlock_nowait(dqp)) |
424 | goto out_miss_busy; |
425 | |
426 | /* |
427 | * If something else is freeing this dquot and hasn't yet removed it |
428 | * from the LRU, leave it for the freeing task to complete the freeing |
429 | * process rather than risk it being free from under us here. |
430 | */ |
431 | if (dqp->q_flags & XFS_DQFLAG_FREEING) |
432 | goto out_miss_unlock; |
433 | |
434 | /* |
435 | * This dquot has acquired a reference in the meantime remove it from |
436 | * the freelist and try again. |
437 | */ |
438 | if (dqp->q_nrefs) { |
439 | xfs_dqunlock(dqp); |
440 | XFS_STATS_INC(dqp->q_mount, xs_qm_dqwants); |
441 | |
442 | trace_xfs_dqreclaim_want(dqp); |
443 | list_lru_isolate(list: lru, item: &dqp->q_lru); |
444 | XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused); |
445 | return LRU_REMOVED; |
446 | } |
447 | |
448 | /* |
449 | * If the dquot is dirty, flush it. If it's already being flushed, just |
450 | * skip it so there is time for the IO to complete before we try to |
451 | * reclaim it again on the next LRU pass. |
452 | */ |
453 | if (!xfs_dqflock_nowait(dqp)) |
454 | goto out_miss_unlock; |
455 | |
456 | if (XFS_DQ_IS_DIRTY(dqp)) { |
457 | struct xfs_buf *bp = NULL; |
458 | int error; |
459 | |
460 | trace_xfs_dqreclaim_dirty(dqp); |
461 | |
462 | /* we have to drop the LRU lock to flush the dquot */ |
463 | spin_unlock(lock: lru_lock); |
464 | |
465 | error = xfs_qm_dqflush(dqp, bpp: &bp); |
466 | if (error) |
467 | goto out_unlock_dirty; |
468 | |
469 | xfs_buf_delwri_queue(bp, &isol->buffers); |
470 | xfs_buf_relse(bp); |
471 | goto out_unlock_dirty; |
472 | } |
473 | xfs_dqfunlock(dqp); |
474 | |
475 | /* |
476 | * Prevent lookups now that we are past the point of no return. |
477 | */ |
478 | dqp->q_flags |= XFS_DQFLAG_FREEING; |
479 | xfs_dqunlock(dqp); |
480 | |
481 | ASSERT(dqp->q_nrefs == 0); |
482 | list_lru_isolate_move(list: lru, item: &dqp->q_lru, head: &isol->dispose); |
483 | XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused); |
484 | trace_xfs_dqreclaim_done(dqp); |
485 | XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaims); |
486 | return LRU_REMOVED; |
487 | |
488 | out_miss_unlock: |
489 | xfs_dqunlock(dqp); |
490 | out_miss_busy: |
491 | trace_xfs_dqreclaim_busy(dqp); |
492 | XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses); |
493 | return LRU_SKIP; |
494 | |
495 | out_unlock_dirty: |
496 | trace_xfs_dqreclaim_busy(dqp); |
497 | XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses); |
498 | xfs_dqunlock(dqp); |
499 | spin_lock(lock: lru_lock); |
500 | return LRU_RETRY; |
501 | } |
502 | |
503 | static unsigned long |
504 | xfs_qm_shrink_scan( |
505 | struct shrinker *shrink, |
506 | struct shrink_control *sc) |
507 | { |
508 | struct xfs_quotainfo *qi = shrink->private_data; |
509 | struct xfs_qm_isolate isol; |
510 | unsigned long freed; |
511 | int error; |
512 | |
513 | if ((sc->gfp_mask & (__GFP_FS|__GFP_DIRECT_RECLAIM)) != (__GFP_FS|__GFP_DIRECT_RECLAIM)) |
514 | return 0; |
515 | |
516 | INIT_LIST_HEAD(list: &isol.buffers); |
517 | INIT_LIST_HEAD(list: &isol.dispose); |
518 | |
519 | freed = list_lru_shrink_walk(lru: &qi->qi_lru, sc, |
520 | isolate: xfs_qm_dquot_isolate, cb_arg: &isol); |
521 | |
522 | error = xfs_buf_delwri_submit(&isol.buffers); |
523 | if (error) |
524 | xfs_warn(NULL, "%s: dquot reclaim failed" , __func__); |
525 | |
526 | while (!list_empty(head: &isol.dispose)) { |
527 | struct xfs_dquot *dqp; |
528 | |
529 | dqp = list_first_entry(&isol.dispose, struct xfs_dquot, q_lru); |
530 | list_del_init(entry: &dqp->q_lru); |
531 | xfs_qm_dqfree_one(dqp); |
532 | } |
533 | |
534 | return freed; |
535 | } |
536 | |
537 | static unsigned long |
538 | xfs_qm_shrink_count( |
539 | struct shrinker *shrink, |
540 | struct shrink_control *sc) |
541 | { |
542 | struct xfs_quotainfo *qi = shrink->private_data; |
543 | |
544 | return list_lru_shrink_count(lru: &qi->qi_lru, sc); |
545 | } |
546 | |
547 | STATIC void |
548 | xfs_qm_set_defquota( |
549 | struct xfs_mount *mp, |
550 | xfs_dqtype_t type, |
551 | struct xfs_quotainfo *qinf) |
552 | { |
553 | struct xfs_dquot *dqp; |
554 | struct xfs_def_quota *defq; |
555 | int error; |
556 | |
557 | error = xfs_qm_dqget_uncached(mp, 0, type, &dqp); |
558 | if (error) |
559 | return; |
560 | |
561 | defq = xfs_get_defquota(qinf, xfs_dquot_type(dqp)); |
562 | |
563 | /* |
564 | * Timers and warnings have been already set, let's just set the |
565 | * default limits for this quota type |
566 | */ |
567 | defq->blk.hard = dqp->q_blk.hardlimit; |
568 | defq->blk.soft = dqp->q_blk.softlimit; |
569 | defq->ino.hard = dqp->q_ino.hardlimit; |
570 | defq->ino.soft = dqp->q_ino.softlimit; |
571 | defq->rtb.hard = dqp->q_rtb.hardlimit; |
572 | defq->rtb.soft = dqp->q_rtb.softlimit; |
573 | xfs_qm_dqdestroy(dqp); |
574 | } |
575 | |
576 | /* Initialize quota time limits from the root dquot. */ |
577 | static void |
578 | xfs_qm_init_timelimits( |
579 | struct xfs_mount *mp, |
580 | xfs_dqtype_t type) |
581 | { |
582 | struct xfs_quotainfo *qinf = mp->m_quotainfo; |
583 | struct xfs_def_quota *defq; |
584 | struct xfs_dquot *dqp; |
585 | int error; |
586 | |
587 | defq = xfs_get_defquota(qinf, type); |
588 | |
589 | defq->blk.time = XFS_QM_BTIMELIMIT; |
590 | defq->ino.time = XFS_QM_ITIMELIMIT; |
591 | defq->rtb.time = XFS_QM_RTBTIMELIMIT; |
592 | |
593 | /* |
594 | * We try to get the limits from the superuser's limits fields. |
595 | * This is quite hacky, but it is standard quota practice. |
596 | * |
597 | * Since we may not have done a quotacheck by this point, just read |
598 | * the dquot without attaching it to any hashtables or lists. |
599 | */ |
600 | error = xfs_qm_dqget_uncached(mp, 0, type, &dqp); |
601 | if (error) |
602 | return; |
603 | |
604 | /* |
605 | * The warnings and timers set the grace period given to |
606 | * a user or group before he or she can not perform any |
607 | * more writing. If it is zero, a default is used. |
608 | */ |
609 | if (dqp->q_blk.timer) |
610 | defq->blk.time = dqp->q_blk.timer; |
611 | if (dqp->q_ino.timer) |
612 | defq->ino.time = dqp->q_ino.timer; |
613 | if (dqp->q_rtb.timer) |
614 | defq->rtb.time = dqp->q_rtb.timer; |
615 | |
616 | xfs_qm_dqdestroy(dqp); |
617 | } |
618 | |
619 | /* |
620 | * This initializes all the quota information that's kept in the |
621 | * mount structure |
622 | */ |
623 | STATIC int |
624 | xfs_qm_init_quotainfo( |
625 | struct xfs_mount *mp) |
626 | { |
627 | struct xfs_quotainfo *qinf; |
628 | int error; |
629 | |
630 | ASSERT(XFS_IS_QUOTA_ON(mp)); |
631 | |
632 | qinf = mp->m_quotainfo = kzalloc(size: sizeof(struct xfs_quotainfo), |
633 | GFP_KERNEL | __GFP_NOFAIL); |
634 | |
635 | error = list_lru_init(&qinf->qi_lru); |
636 | if (error) |
637 | goto out_free_qinf; |
638 | |
639 | /* |
640 | * See if quotainodes are setup, and if not, allocate them, |
641 | * and change the superblock accordingly. |
642 | */ |
643 | error = xfs_qm_init_quotainos(mp); |
644 | if (error) |
645 | goto out_free_lru; |
646 | |
647 | INIT_RADIX_TREE(&qinf->qi_uquota_tree, GFP_KERNEL); |
648 | INIT_RADIX_TREE(&qinf->qi_gquota_tree, GFP_KERNEL); |
649 | INIT_RADIX_TREE(&qinf->qi_pquota_tree, GFP_KERNEL); |
650 | mutex_init(&qinf->qi_tree_lock); |
651 | |
652 | /* mutex used to serialize quotaoffs */ |
653 | mutex_init(&qinf->qi_quotaofflock); |
654 | |
655 | /* Precalc some constants */ |
656 | qinf->qi_dqchunklen = XFS_FSB_TO_BB(mp, XFS_DQUOT_CLUSTER_SIZE_FSB); |
657 | qinf->qi_dqperchunk = xfs_calc_dquots_per_chunk(qinf->qi_dqchunklen); |
658 | if (xfs_has_bigtime(mp)) { |
659 | qinf->qi_expiry_min = |
660 | xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MIN); |
661 | qinf->qi_expiry_max = |
662 | xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MAX); |
663 | } else { |
664 | qinf->qi_expiry_min = XFS_DQ_LEGACY_EXPIRY_MIN; |
665 | qinf->qi_expiry_max = XFS_DQ_LEGACY_EXPIRY_MAX; |
666 | } |
667 | trace_xfs_quota_expiry_range(mp, min: qinf->qi_expiry_min, |
668 | max: qinf->qi_expiry_max); |
669 | |
670 | mp->m_qflags |= (mp->m_sb.sb_qflags & XFS_ALL_QUOTA_CHKD); |
671 | |
672 | xfs_qm_init_timelimits(mp, XFS_DQTYPE_USER); |
673 | xfs_qm_init_timelimits(mp, XFS_DQTYPE_GROUP); |
674 | xfs_qm_init_timelimits(mp, XFS_DQTYPE_PROJ); |
675 | |
676 | if (XFS_IS_UQUOTA_ON(mp)) |
677 | xfs_qm_set_defquota(mp, XFS_DQTYPE_USER, qinf); |
678 | if (XFS_IS_GQUOTA_ON(mp)) |
679 | xfs_qm_set_defquota(mp, XFS_DQTYPE_GROUP, qinf); |
680 | if (XFS_IS_PQUOTA_ON(mp)) |
681 | xfs_qm_set_defquota(mp, XFS_DQTYPE_PROJ, qinf); |
682 | |
683 | qinf->qi_shrinker = shrinker_alloc(SHRINKER_NUMA_AWARE, fmt: "xfs-qm:%s" , |
684 | mp->m_super->s_id); |
685 | if (!qinf->qi_shrinker) { |
686 | error = -ENOMEM; |
687 | goto out_free_inos; |
688 | } |
689 | |
690 | qinf->qi_shrinker->count_objects = xfs_qm_shrink_count; |
691 | qinf->qi_shrinker->scan_objects = xfs_qm_shrink_scan; |
692 | qinf->qi_shrinker->private_data = qinf; |
693 | |
694 | shrinker_register(shrinker: qinf->qi_shrinker); |
695 | |
696 | xfs_hooks_init(chain: &qinf->qi_mod_ino_dqtrx_hooks); |
697 | xfs_hooks_init(chain: &qinf->qi_apply_dqtrx_hooks); |
698 | |
699 | return 0; |
700 | |
701 | out_free_inos: |
702 | mutex_destroy(lock: &qinf->qi_quotaofflock); |
703 | mutex_destroy(lock: &qinf->qi_tree_lock); |
704 | xfs_qm_destroy_quotainos(qi: qinf); |
705 | out_free_lru: |
706 | list_lru_destroy(lru: &qinf->qi_lru); |
707 | out_free_qinf: |
708 | kfree(objp: qinf); |
709 | mp->m_quotainfo = NULL; |
710 | return error; |
711 | } |
712 | |
713 | /* |
714 | * Gets called when unmounting a filesystem or when all quotas get |
715 | * turned off. |
716 | * This purges the quota inodes, destroys locks and frees itself. |
717 | */ |
718 | void |
719 | xfs_qm_destroy_quotainfo( |
720 | struct xfs_mount *mp) |
721 | { |
722 | struct xfs_quotainfo *qi; |
723 | |
724 | qi = mp->m_quotainfo; |
725 | ASSERT(qi != NULL); |
726 | |
727 | shrinker_free(shrinker: qi->qi_shrinker); |
728 | list_lru_destroy(lru: &qi->qi_lru); |
729 | xfs_qm_destroy_quotainos(qi); |
730 | mutex_destroy(lock: &qi->qi_tree_lock); |
731 | mutex_destroy(lock: &qi->qi_quotaofflock); |
732 | kfree(objp: qi); |
733 | mp->m_quotainfo = NULL; |
734 | } |
735 | |
736 | /* |
737 | * Create an inode and return with a reference already taken, but unlocked |
738 | * This is how we create quota inodes |
739 | */ |
740 | STATIC int |
741 | xfs_qm_qino_alloc( |
742 | struct xfs_mount *mp, |
743 | struct xfs_inode **ipp, |
744 | unsigned int flags) |
745 | { |
746 | struct xfs_trans *tp; |
747 | int error; |
748 | bool need_alloc = true; |
749 | |
750 | *ipp = NULL; |
751 | /* |
752 | * With superblock that doesn't have separate pquotino, we |
753 | * share an inode between gquota and pquota. If the on-disk |
754 | * superblock has GQUOTA and the filesystem is now mounted |
755 | * with PQUOTA, just use sb_gquotino for sb_pquotino and |
756 | * vice-versa. |
757 | */ |
758 | if (!xfs_has_pquotino(mp) && |
759 | (flags & (XFS_QMOPT_PQUOTA|XFS_QMOPT_GQUOTA))) { |
760 | xfs_ino_t ino = NULLFSINO; |
761 | |
762 | if ((flags & XFS_QMOPT_PQUOTA) && |
763 | (mp->m_sb.sb_gquotino != NULLFSINO)) { |
764 | ino = mp->m_sb.sb_gquotino; |
765 | if (XFS_IS_CORRUPT(mp, |
766 | mp->m_sb.sb_pquotino != NULLFSINO)) { |
767 | xfs_fs_mark_sick(mp, XFS_SICK_FS_PQUOTA); |
768 | return -EFSCORRUPTED; |
769 | } |
770 | } else if ((flags & XFS_QMOPT_GQUOTA) && |
771 | (mp->m_sb.sb_pquotino != NULLFSINO)) { |
772 | ino = mp->m_sb.sb_pquotino; |
773 | if (XFS_IS_CORRUPT(mp, |
774 | mp->m_sb.sb_gquotino != NULLFSINO)) { |
775 | xfs_fs_mark_sick(mp, XFS_SICK_FS_GQUOTA); |
776 | return -EFSCORRUPTED; |
777 | } |
778 | } |
779 | if (ino != NULLFSINO) { |
780 | error = xfs_iget(mp, NULL, ino, flags: 0, lock_flags: 0, ipp); |
781 | if (error) |
782 | return error; |
783 | mp->m_sb.sb_gquotino = NULLFSINO; |
784 | mp->m_sb.sb_pquotino = NULLFSINO; |
785 | need_alloc = false; |
786 | } |
787 | } |
788 | |
789 | error = xfs_trans_alloc(mp, resp: &M_RES(mp)->tr_create, |
790 | blocks: need_alloc ? XFS_QM_QINOCREATE_SPACE_RES(mp) : 0, |
791 | rtextents: 0, flags: 0, tpp: &tp); |
792 | if (error) |
793 | return error; |
794 | |
795 | if (need_alloc) { |
796 | xfs_ino_t ino; |
797 | |
798 | error = xfs_dialloc(&tp, 0, S_IFREG, &ino); |
799 | if (!error) |
800 | error = xfs_init_new_inode(idmap: &nop_mnt_idmap, tp, NULL, ino, |
801 | S_IFREG, nlink: 1, rdev: 0, prid: 0, init_xattrs: false, ipp); |
802 | if (error) { |
803 | xfs_trans_cancel(tp); |
804 | return error; |
805 | } |
806 | } |
807 | |
808 | /* |
809 | * Make the changes in the superblock, and log those too. |
810 | * sbfields arg may contain fields other than *QUOTINO; |
811 | * VERSIONNUM for example. |
812 | */ |
813 | spin_lock(lock: &mp->m_sb_lock); |
814 | if (flags & XFS_QMOPT_SBVERSION) { |
815 | ASSERT(!xfs_has_quota(mp)); |
816 | |
817 | xfs_add_quota(mp); |
818 | mp->m_sb.sb_uquotino = NULLFSINO; |
819 | mp->m_sb.sb_gquotino = NULLFSINO; |
820 | mp->m_sb.sb_pquotino = NULLFSINO; |
821 | |
822 | /* qflags will get updated fully _after_ quotacheck */ |
823 | mp->m_sb.sb_qflags = mp->m_qflags & XFS_ALL_QUOTA_ACCT; |
824 | } |
825 | if (flags & XFS_QMOPT_UQUOTA) |
826 | mp->m_sb.sb_uquotino = (*ipp)->i_ino; |
827 | else if (flags & XFS_QMOPT_GQUOTA) |
828 | mp->m_sb.sb_gquotino = (*ipp)->i_ino; |
829 | else |
830 | mp->m_sb.sb_pquotino = (*ipp)->i_ino; |
831 | spin_unlock(lock: &mp->m_sb_lock); |
832 | xfs_log_sb(tp); |
833 | |
834 | error = xfs_trans_commit(tp); |
835 | if (error) { |
836 | ASSERT(xfs_is_shutdown(mp)); |
837 | xfs_alert(mp, "%s failed (error %d)!" , __func__, error); |
838 | } |
839 | if (need_alloc) |
840 | xfs_finish_inode_setup(ip: *ipp); |
841 | return error; |
842 | } |
843 | |
844 | |
845 | STATIC void |
846 | xfs_qm_reset_dqcounts( |
847 | struct xfs_mount *mp, |
848 | struct xfs_buf *bp, |
849 | xfs_dqid_t id, |
850 | xfs_dqtype_t type) |
851 | { |
852 | struct xfs_dqblk *dqb; |
853 | int j; |
854 | |
855 | trace_xfs_reset_dqcounts(bp, _RET_IP_); |
856 | |
857 | /* |
858 | * Reset all counters and timers. They'll be |
859 | * started afresh by xfs_qm_quotacheck. |
860 | */ |
861 | #ifdef DEBUG |
862 | j = (int)XFS_FSB_TO_B(mp, XFS_DQUOT_CLUSTER_SIZE_FSB) / |
863 | sizeof(struct xfs_dqblk); |
864 | ASSERT(mp->m_quotainfo->qi_dqperchunk == j); |
865 | #endif |
866 | dqb = bp->b_addr; |
867 | for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) { |
868 | struct xfs_disk_dquot *ddq; |
869 | |
870 | ddq = (struct xfs_disk_dquot *)&dqb[j]; |
871 | |
872 | /* |
873 | * Do a sanity check, and if needed, repair the dqblk. Don't |
874 | * output any warnings because it's perfectly possible to |
875 | * find uninitialised dquot blks. See comment in |
876 | * xfs_dquot_verify. |
877 | */ |
878 | if (xfs_dqblk_verify(mp, &dqb[j], id + j) || |
879 | (dqb[j].dd_diskdq.d_type & XFS_DQTYPE_REC_MASK) != type) |
880 | xfs_dqblk_repair(mp, &dqb[j], id + j, type); |
881 | |
882 | /* |
883 | * Reset type in case we are reusing group quota file for |
884 | * project quotas or vice versa |
885 | */ |
886 | ddq->d_type = type; |
887 | ddq->d_bcount = 0; |
888 | ddq->d_icount = 0; |
889 | ddq->d_rtbcount = 0; |
890 | |
891 | /* |
892 | * dquot id 0 stores the default grace period and the maximum |
893 | * warning limit that were set by the administrator, so we |
894 | * should not reset them. |
895 | */ |
896 | if (ddq->d_id != 0) { |
897 | ddq->d_btimer = 0; |
898 | ddq->d_itimer = 0; |
899 | ddq->d_rtbtimer = 0; |
900 | ddq->d_bwarns = 0; |
901 | ddq->d_iwarns = 0; |
902 | ddq->d_rtbwarns = 0; |
903 | if (xfs_has_bigtime(mp)) |
904 | ddq->d_type |= XFS_DQTYPE_BIGTIME; |
905 | } |
906 | |
907 | if (xfs_has_crc(mp)) { |
908 | xfs_update_cksum((char *)&dqb[j], |
909 | sizeof(struct xfs_dqblk), |
910 | XFS_DQUOT_CRC_OFF); |
911 | } |
912 | } |
913 | } |
914 | |
915 | STATIC int |
916 | xfs_qm_reset_dqcounts_all( |
917 | struct xfs_mount *mp, |
918 | xfs_dqid_t firstid, |
919 | xfs_fsblock_t bno, |
920 | xfs_filblks_t blkcnt, |
921 | xfs_dqtype_t type, |
922 | struct list_head *buffer_list) |
923 | { |
924 | struct xfs_buf *bp; |
925 | int error = 0; |
926 | |
927 | ASSERT(blkcnt > 0); |
928 | |
929 | /* |
930 | * Blkcnt arg can be a very big number, and might even be |
931 | * larger than the log itself. So, we have to break it up into |
932 | * manageable-sized transactions. |
933 | * Note that we don't start a permanent transaction here; we might |
934 | * not be able to get a log reservation for the whole thing up front, |
935 | * and we don't really care to either, because we just discard |
936 | * everything if we were to crash in the middle of this loop. |
937 | */ |
938 | while (blkcnt--) { |
939 | error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, |
940 | XFS_FSB_TO_DADDR(mp, bno), |
941 | mp->m_quotainfo->qi_dqchunklen, 0, &bp, |
942 | &xfs_dquot_buf_ops); |
943 | |
944 | /* |
945 | * CRC and validation errors will return a EFSCORRUPTED here. If |
946 | * this occurs, re-read without CRC validation so that we can |
947 | * repair the damage via xfs_qm_reset_dqcounts(). This process |
948 | * will leave a trace in the log indicating corruption has |
949 | * been detected. |
950 | */ |
951 | if (error == -EFSCORRUPTED) { |
952 | error = xfs_trans_read_buf(mp, NULL, target: mp->m_ddev_targp, |
953 | blkno: XFS_FSB_TO_DADDR(mp, bno), |
954 | numblks: mp->m_quotainfo->qi_dqchunklen, flags: 0, bpp: &bp, |
955 | NULL); |
956 | } |
957 | |
958 | if (error) |
959 | break; |
960 | |
961 | /* |
962 | * A corrupt buffer might not have a verifier attached, so |
963 | * make sure we have the correct one attached before writeback |
964 | * occurs. |
965 | */ |
966 | bp->b_ops = &xfs_dquot_buf_ops; |
967 | xfs_qm_reset_dqcounts(mp, bp, firstid, type); |
968 | xfs_buf_delwri_queue(bp, buffer_list); |
969 | xfs_buf_relse(bp); |
970 | |
971 | /* goto the next block. */ |
972 | bno++; |
973 | firstid += mp->m_quotainfo->qi_dqperchunk; |
974 | } |
975 | |
976 | return error; |
977 | } |
978 | |
979 | /* |
980 | * Iterate over all allocated dquot blocks in this quota inode, zeroing all |
981 | * counters for every chunk of dquots that we find. |
982 | */ |
983 | STATIC int |
984 | xfs_qm_reset_dqcounts_buf( |
985 | struct xfs_mount *mp, |
986 | struct xfs_inode *qip, |
987 | xfs_dqtype_t type, |
988 | struct list_head *buffer_list) |
989 | { |
990 | struct xfs_bmbt_irec *map; |
991 | int i, nmaps; /* number of map entries */ |
992 | int error; /* return value */ |
993 | xfs_fileoff_t lblkno; |
994 | xfs_filblks_t maxlblkcnt; |
995 | xfs_dqid_t firstid; |
996 | xfs_fsblock_t rablkno; |
997 | xfs_filblks_t rablkcnt; |
998 | |
999 | error = 0; |
1000 | /* |
1001 | * This looks racy, but we can't keep an inode lock across a |
1002 | * trans_reserve. But, this gets called during quotacheck, and that |
1003 | * happens only at mount time which is single threaded. |
1004 | */ |
1005 | if (qip->i_nblocks == 0) |
1006 | return 0; |
1007 | |
1008 | map = kmalloc(XFS_DQITER_MAP_SIZE * sizeof(*map), |
1009 | GFP_KERNEL | __GFP_NOFAIL); |
1010 | |
1011 | lblkno = 0; |
1012 | maxlblkcnt = XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes); |
1013 | do { |
1014 | uint lock_mode; |
1015 | |
1016 | nmaps = XFS_DQITER_MAP_SIZE; |
1017 | /* |
1018 | * We aren't changing the inode itself. Just changing |
1019 | * some of its data. No new blocks are added here, and |
1020 | * the inode is never added to the transaction. |
1021 | */ |
1022 | lock_mode = xfs_ilock_data_map_shared(qip); |
1023 | error = xfs_bmapi_read(qip, lblkno, maxlblkcnt - lblkno, |
1024 | map, &nmaps, 0); |
1025 | xfs_iunlock(qip, lock_mode); |
1026 | if (error) |
1027 | break; |
1028 | |
1029 | ASSERT(nmaps <= XFS_DQITER_MAP_SIZE); |
1030 | for (i = 0; i < nmaps; i++) { |
1031 | ASSERT(map[i].br_startblock != DELAYSTARTBLOCK); |
1032 | ASSERT(map[i].br_blockcount); |
1033 | |
1034 | |
1035 | lblkno += map[i].br_blockcount; |
1036 | |
1037 | if (map[i].br_startblock == HOLESTARTBLOCK) |
1038 | continue; |
1039 | |
1040 | firstid = (xfs_dqid_t) map[i].br_startoff * |
1041 | mp->m_quotainfo->qi_dqperchunk; |
1042 | /* |
1043 | * Do a read-ahead on the next extent. |
1044 | */ |
1045 | if ((i+1 < nmaps) && |
1046 | (map[i+1].br_startblock != HOLESTARTBLOCK)) { |
1047 | rablkcnt = map[i+1].br_blockcount; |
1048 | rablkno = map[i+1].br_startblock; |
1049 | while (rablkcnt--) { |
1050 | xfs_buf_readahead(mp->m_ddev_targp, |
1051 | XFS_FSB_TO_DADDR(mp, rablkno), |
1052 | mp->m_quotainfo->qi_dqchunklen, |
1053 | &xfs_dquot_buf_ops); |
1054 | rablkno++; |
1055 | } |
1056 | } |
1057 | /* |
1058 | * Iterate thru all the blks in the extent and |
1059 | * reset the counters of all the dquots inside them. |
1060 | */ |
1061 | error = xfs_qm_reset_dqcounts_all(mp, firstid, |
1062 | map[i].br_startblock, |
1063 | map[i].br_blockcount, |
1064 | type, buffer_list); |
1065 | if (error) |
1066 | goto out; |
1067 | } |
1068 | } while (nmaps > 0); |
1069 | |
1070 | out: |
1071 | kfree(objp: map); |
1072 | return error; |
1073 | } |
1074 | |
1075 | /* |
1076 | * Called by dqusage_adjust in doing a quotacheck. |
1077 | * |
1078 | * Given the inode, and a dquot id this updates both the incore dqout as well |
1079 | * as the buffer copy. This is so that once the quotacheck is done, we can |
1080 | * just log all the buffers, as opposed to logging numerous updates to |
1081 | * individual dquots. |
1082 | */ |
1083 | STATIC int |
1084 | xfs_qm_quotacheck_dqadjust( |
1085 | struct xfs_inode *ip, |
1086 | xfs_dqtype_t type, |
1087 | xfs_qcnt_t nblks, |
1088 | xfs_qcnt_t rtblks) |
1089 | { |
1090 | struct xfs_mount *mp = ip->i_mount; |
1091 | struct xfs_dquot *dqp; |
1092 | xfs_dqid_t id; |
1093 | int error; |
1094 | |
1095 | id = xfs_qm_id_for_quotatype(ip, type); |
1096 | error = xfs_qm_dqget(mp, id, type, true, &dqp); |
1097 | if (error) { |
1098 | /* |
1099 | * Shouldn't be able to turn off quotas here. |
1100 | */ |
1101 | ASSERT(error != -ESRCH); |
1102 | ASSERT(error != -ENOENT); |
1103 | return error; |
1104 | } |
1105 | |
1106 | trace_xfs_dqadjust(dqp); |
1107 | |
1108 | /* |
1109 | * Adjust the inode count and the block count to reflect this inode's |
1110 | * resource usage. |
1111 | */ |
1112 | dqp->q_ino.count++; |
1113 | dqp->q_ino.reserved++; |
1114 | if (nblks) { |
1115 | dqp->q_blk.count += nblks; |
1116 | dqp->q_blk.reserved += nblks; |
1117 | } |
1118 | if (rtblks) { |
1119 | dqp->q_rtb.count += rtblks; |
1120 | dqp->q_rtb.reserved += rtblks; |
1121 | } |
1122 | |
1123 | /* |
1124 | * Set default limits, adjust timers (since we changed usages) |
1125 | * |
1126 | * There are no timers for the default values set in the root dquot. |
1127 | */ |
1128 | if (dqp->q_id) { |
1129 | xfs_qm_adjust_dqlimits(d: dqp); |
1130 | xfs_qm_adjust_dqtimers(d: dqp); |
1131 | } |
1132 | |
1133 | dqp->q_flags |= XFS_DQFLAG_DIRTY; |
1134 | xfs_qm_dqput(dqp); |
1135 | return 0; |
1136 | } |
1137 | |
1138 | /* |
1139 | * callback routine supplied to bulkstat(). Given an inumber, find its |
1140 | * dquots and update them to account for resources taken by that inode. |
1141 | */ |
1142 | /* ARGSUSED */ |
1143 | STATIC int |
1144 | xfs_qm_dqusage_adjust( |
1145 | struct xfs_mount *mp, |
1146 | struct xfs_trans *tp, |
1147 | xfs_ino_t ino, |
1148 | void *data) |
1149 | { |
1150 | struct xfs_inode *ip; |
1151 | xfs_qcnt_t nblks; |
1152 | xfs_filblks_t rtblks = 0; /* total rt blks */ |
1153 | int error; |
1154 | |
1155 | ASSERT(XFS_IS_QUOTA_ON(mp)); |
1156 | |
1157 | /* |
1158 | * rootino must have its resources accounted for, not so with the quota |
1159 | * inodes. |
1160 | */ |
1161 | if (xfs_is_quota_inode(&mp->m_sb, ino)) |
1162 | return 0; |
1163 | |
1164 | /* |
1165 | * We don't _need_ to take the ilock EXCL here because quotacheck runs |
1166 | * at mount time and therefore nobody will be racing chown/chproj. |
1167 | */ |
1168 | error = xfs_iget(mp, tp, ino, XFS_IGET_DONTCACHE, lock_flags: 0, ipp: &ip); |
1169 | if (error == -EINVAL || error == -ENOENT) |
1170 | return 0; |
1171 | if (error) |
1172 | return error; |
1173 | |
1174 | /* |
1175 | * Reload the incore unlinked list to avoid failure in inodegc. |
1176 | * Use an unlocked check here because unrecovered unlinked inodes |
1177 | * should be somewhat rare. |
1178 | */ |
1179 | if (xfs_inode_unlinked_incomplete(ip)) { |
1180 | error = xfs_inode_reload_unlinked(ip); |
1181 | if (error) { |
1182 | xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE); |
1183 | goto error0; |
1184 | } |
1185 | } |
1186 | |
1187 | ASSERT(ip->i_delayed_blks == 0); |
1188 | |
1189 | if (XFS_IS_REALTIME_INODE(ip)) { |
1190 | struct xfs_ifork *ifp = xfs_ifork_ptr(ip, XFS_DATA_FORK); |
1191 | |
1192 | error = xfs_iread_extents(tp, ip, XFS_DATA_FORK); |
1193 | if (error) |
1194 | goto error0; |
1195 | |
1196 | xfs_bmap_count_leaves(ifp, &rtblks); |
1197 | } |
1198 | |
1199 | nblks = (xfs_qcnt_t)ip->i_nblocks - rtblks; |
1200 | xfs_iflags_clear(ip, XFS_IQUOTAUNCHECKED); |
1201 | |
1202 | /* |
1203 | * Add the (disk blocks and inode) resources occupied by this |
1204 | * inode to its dquots. We do this adjustment in the incore dquot, |
1205 | * and also copy the changes to its buffer. |
1206 | * We don't care about putting these changes in a transaction |
1207 | * envelope because if we crash in the middle of a 'quotacheck' |
1208 | * we have to start from the beginning anyway. |
1209 | * Once we're done, we'll log all the dquot bufs. |
1210 | * |
1211 | * The *QUOTA_ON checks below may look pretty racy, but quotachecks |
1212 | * and quotaoffs don't race. (Quotachecks happen at mount time only). |
1213 | */ |
1214 | if (XFS_IS_UQUOTA_ON(mp)) { |
1215 | error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_USER, nblks, |
1216 | rtblks); |
1217 | if (error) |
1218 | goto error0; |
1219 | } |
1220 | |
1221 | if (XFS_IS_GQUOTA_ON(mp)) { |
1222 | error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_GROUP, nblks, |
1223 | rtblks); |
1224 | if (error) |
1225 | goto error0; |
1226 | } |
1227 | |
1228 | if (XFS_IS_PQUOTA_ON(mp)) { |
1229 | error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_PROJ, nblks, |
1230 | rtblks); |
1231 | if (error) |
1232 | goto error0; |
1233 | } |
1234 | |
1235 | error0: |
1236 | xfs_irele(ip); |
1237 | return error; |
1238 | } |
1239 | |
1240 | STATIC int |
1241 | xfs_qm_flush_one( |
1242 | struct xfs_dquot *dqp, |
1243 | void *data) |
1244 | { |
1245 | struct xfs_mount *mp = dqp->q_mount; |
1246 | struct list_head *buffer_list = data; |
1247 | struct xfs_buf *bp = NULL; |
1248 | int error = 0; |
1249 | |
1250 | xfs_dqlock(dqp); |
1251 | if (dqp->q_flags & XFS_DQFLAG_FREEING) |
1252 | goto out_unlock; |
1253 | if (!XFS_DQ_IS_DIRTY(dqp)) |
1254 | goto out_unlock; |
1255 | |
1256 | /* |
1257 | * The only way the dquot is already flush locked by the time quotacheck |
1258 | * gets here is if reclaim flushed it before the dqadjust walk dirtied |
1259 | * it for the final time. Quotacheck collects all dquot bufs in the |
1260 | * local delwri queue before dquots are dirtied, so reclaim can't have |
1261 | * possibly queued it for I/O. The only way out is to push the buffer to |
1262 | * cycle the flush lock. |
1263 | */ |
1264 | if (!xfs_dqflock_nowait(dqp)) { |
1265 | /* buf is pinned in-core by delwri list */ |
1266 | error = xfs_buf_incore(target: mp->m_ddev_targp, blkno: dqp->q_blkno, |
1267 | numblks: mp->m_quotainfo->qi_dqchunklen, flags: 0, bpp: &bp); |
1268 | if (error) |
1269 | goto out_unlock; |
1270 | |
1271 | if (!(bp->b_flags & _XBF_DELWRI_Q)) { |
1272 | error = -EAGAIN; |
1273 | xfs_buf_relse(bp); |
1274 | goto out_unlock; |
1275 | } |
1276 | xfs_buf_unlock(bp); |
1277 | |
1278 | xfs_buf_delwri_pushbuf(bp, buffer_list); |
1279 | xfs_buf_rele(bp); |
1280 | |
1281 | error = -EAGAIN; |
1282 | goto out_unlock; |
1283 | } |
1284 | |
1285 | error = xfs_qm_dqflush(dqp, bpp: &bp); |
1286 | if (error) |
1287 | goto out_unlock; |
1288 | |
1289 | xfs_buf_delwri_queue(bp, buffer_list); |
1290 | xfs_buf_relse(bp); |
1291 | out_unlock: |
1292 | xfs_dqunlock(dqp); |
1293 | return error; |
1294 | } |
1295 | |
1296 | /* |
1297 | * Walk thru all the filesystem inodes and construct a consistent view |
1298 | * of the disk quota world. If the quotacheck fails, disable quotas. |
1299 | */ |
1300 | STATIC int |
1301 | xfs_qm_quotacheck( |
1302 | xfs_mount_t *mp) |
1303 | { |
1304 | int error, error2; |
1305 | uint flags; |
1306 | LIST_HEAD (buffer_list); |
1307 | struct xfs_inode *uip = mp->m_quotainfo->qi_uquotaip; |
1308 | struct xfs_inode *gip = mp->m_quotainfo->qi_gquotaip; |
1309 | struct xfs_inode *pip = mp->m_quotainfo->qi_pquotaip; |
1310 | |
1311 | flags = 0; |
1312 | |
1313 | ASSERT(uip || gip || pip); |
1314 | ASSERT(XFS_IS_QUOTA_ON(mp)); |
1315 | |
1316 | xfs_notice(mp, "Quotacheck needed: Please wait." ); |
1317 | |
1318 | /* |
1319 | * First we go thru all the dquots on disk, USR and GRP/PRJ, and reset |
1320 | * their counters to zero. We need a clean slate. |
1321 | * We don't log our changes till later. |
1322 | */ |
1323 | if (uip) { |
1324 | error = xfs_qm_reset_dqcounts_buf(mp, uip, XFS_DQTYPE_USER, |
1325 | &buffer_list); |
1326 | if (error) |
1327 | goto error_return; |
1328 | flags |= XFS_UQUOTA_CHKD; |
1329 | } |
1330 | |
1331 | if (gip) { |
1332 | error = xfs_qm_reset_dqcounts_buf(mp, gip, XFS_DQTYPE_GROUP, |
1333 | &buffer_list); |
1334 | if (error) |
1335 | goto error_return; |
1336 | flags |= XFS_GQUOTA_CHKD; |
1337 | } |
1338 | |
1339 | if (pip) { |
1340 | error = xfs_qm_reset_dqcounts_buf(mp, pip, XFS_DQTYPE_PROJ, |
1341 | &buffer_list); |
1342 | if (error) |
1343 | goto error_return; |
1344 | flags |= XFS_PQUOTA_CHKD; |
1345 | } |
1346 | |
1347 | xfs_set_quotacheck_running(mp); |
1348 | error = xfs_iwalk_threaded(mp, startino: 0, flags: 0, iwalk_fn: xfs_qm_dqusage_adjust, inode_records: 0, poll: true, |
1349 | NULL); |
1350 | xfs_clear_quotacheck_running(mp); |
1351 | |
1352 | /* |
1353 | * On error, the inode walk may have partially populated the dquot |
1354 | * caches. We must purge them before disabling quota and tearing down |
1355 | * the quotainfo, or else the dquots will leak. |
1356 | */ |
1357 | if (error) |
1358 | goto error_purge; |
1359 | |
1360 | /* |
1361 | * We've made all the changes that we need to make incore. Flush them |
1362 | * down to disk buffers if everything was updated successfully. |
1363 | */ |
1364 | if (XFS_IS_UQUOTA_ON(mp)) { |
1365 | error = xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_flush_one, |
1366 | &buffer_list); |
1367 | } |
1368 | if (XFS_IS_GQUOTA_ON(mp)) { |
1369 | error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_flush_one, |
1370 | &buffer_list); |
1371 | if (!error) |
1372 | error = error2; |
1373 | } |
1374 | if (XFS_IS_PQUOTA_ON(mp)) { |
1375 | error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_flush_one, |
1376 | &buffer_list); |
1377 | if (!error) |
1378 | error = error2; |
1379 | } |
1380 | |
1381 | error2 = xfs_buf_delwri_submit(&buffer_list); |
1382 | if (!error) |
1383 | error = error2; |
1384 | |
1385 | /* |
1386 | * We can get this error if we couldn't do a dquot allocation inside |
1387 | * xfs_qm_dqusage_adjust (via bulkstat). We don't care about the |
1388 | * dirty dquots that might be cached, we just want to get rid of them |
1389 | * and turn quotaoff. The dquots won't be attached to any of the inodes |
1390 | * at this point (because we intentionally didn't in dqget_noattach). |
1391 | */ |
1392 | if (error) |
1393 | goto error_purge; |
1394 | |
1395 | /* |
1396 | * If one type of quotas is off, then it will lose its |
1397 | * quotachecked status, since we won't be doing accounting for |
1398 | * that type anymore. |
1399 | */ |
1400 | mp->m_qflags &= ~XFS_ALL_QUOTA_CHKD; |
1401 | mp->m_qflags |= flags; |
1402 | |
1403 | error_return: |
1404 | xfs_buf_delwri_cancel(&buffer_list); |
1405 | |
1406 | if (error) { |
1407 | xfs_warn(mp, |
1408 | "Quotacheck: Unsuccessful (Error %d): Disabling quotas." , |
1409 | error); |
1410 | /* |
1411 | * We must turn off quotas. |
1412 | */ |
1413 | ASSERT(mp->m_quotainfo != NULL); |
1414 | xfs_qm_destroy_quotainfo(mp); |
1415 | if (xfs_mount_reset_sbqflags(mp)) { |
1416 | xfs_warn(mp, |
1417 | "Quotacheck: Failed to reset quota flags." ); |
1418 | } |
1419 | xfs_fs_mark_sick(mp, XFS_SICK_FS_QUOTACHECK); |
1420 | } else { |
1421 | xfs_notice(mp, "Quotacheck: Done." ); |
1422 | xfs_fs_mark_healthy(mp, XFS_SICK_FS_QUOTACHECK); |
1423 | } |
1424 | |
1425 | return error; |
1426 | |
1427 | error_purge: |
1428 | /* |
1429 | * On error, we may have inodes queued for inactivation. This may try |
1430 | * to attach dquots to the inode before running cleanup operations on |
1431 | * the inode and this can race with the xfs_qm_destroy_quotainfo() call |
1432 | * below that frees mp->m_quotainfo. To avoid this race, flush all the |
1433 | * pending inodegc operations before we purge the dquots from memory, |
1434 | * ensuring that background inactivation is idle whilst we turn off |
1435 | * quotas. |
1436 | */ |
1437 | xfs_inodegc_flush(mp); |
1438 | xfs_qm_dqpurge_all(mp); |
1439 | goto error_return; |
1440 | |
1441 | } |
1442 | |
1443 | /* |
1444 | * This is called from xfs_mountfs to start quotas and initialize all |
1445 | * necessary data structures like quotainfo. This is also responsible for |
1446 | * running a quotacheck as necessary. We are guaranteed that the superblock |
1447 | * is consistently read in at this point. |
1448 | * |
1449 | * If we fail here, the mount will continue with quota turned off. We don't |
1450 | * need to inidicate success or failure at all. |
1451 | */ |
1452 | void |
1453 | xfs_qm_mount_quotas( |
1454 | struct xfs_mount *mp) |
1455 | { |
1456 | int error = 0; |
1457 | uint sbf; |
1458 | |
1459 | /* |
1460 | * If quotas on realtime volumes is not supported, we disable |
1461 | * quotas immediately. |
1462 | */ |
1463 | if (mp->m_sb.sb_rextents) { |
1464 | xfs_notice(mp, "Cannot turn on quotas for realtime filesystem" ); |
1465 | mp->m_qflags = 0; |
1466 | goto write_changes; |
1467 | } |
1468 | |
1469 | ASSERT(XFS_IS_QUOTA_ON(mp)); |
1470 | |
1471 | /* |
1472 | * Allocate the quotainfo structure inside the mount struct, and |
1473 | * create quotainode(s), and change/rev superblock if necessary. |
1474 | */ |
1475 | error = xfs_qm_init_quotainfo(mp); |
1476 | if (error) { |
1477 | /* |
1478 | * We must turn off quotas. |
1479 | */ |
1480 | ASSERT(mp->m_quotainfo == NULL); |
1481 | mp->m_qflags = 0; |
1482 | goto write_changes; |
1483 | } |
1484 | /* |
1485 | * If any of the quotas are not consistent, do a quotacheck. |
1486 | */ |
1487 | if (XFS_QM_NEED_QUOTACHECK(mp)) { |
1488 | error = xfs_qm_quotacheck(mp); |
1489 | if (error) { |
1490 | /* Quotacheck failed and disabled quotas. */ |
1491 | return; |
1492 | } |
1493 | } |
1494 | /* |
1495 | * If one type of quotas is off, then it will lose its |
1496 | * quotachecked status, since we won't be doing accounting for |
1497 | * that type anymore. |
1498 | */ |
1499 | if (!XFS_IS_UQUOTA_ON(mp)) |
1500 | mp->m_qflags &= ~XFS_UQUOTA_CHKD; |
1501 | if (!XFS_IS_GQUOTA_ON(mp)) |
1502 | mp->m_qflags &= ~XFS_GQUOTA_CHKD; |
1503 | if (!XFS_IS_PQUOTA_ON(mp)) |
1504 | mp->m_qflags &= ~XFS_PQUOTA_CHKD; |
1505 | |
1506 | write_changes: |
1507 | /* |
1508 | * We actually don't have to acquire the m_sb_lock at all. |
1509 | * This can only be called from mount, and that's single threaded. XXX |
1510 | */ |
1511 | spin_lock(lock: &mp->m_sb_lock); |
1512 | sbf = mp->m_sb.sb_qflags; |
1513 | mp->m_sb.sb_qflags = mp->m_qflags & XFS_MOUNT_QUOTA_ALL; |
1514 | spin_unlock(lock: &mp->m_sb_lock); |
1515 | |
1516 | if (sbf != (mp->m_qflags & XFS_MOUNT_QUOTA_ALL)) { |
1517 | if (xfs_sync_sb(mp, false)) { |
1518 | /* |
1519 | * We could only have been turning quotas off. |
1520 | * We aren't in very good shape actually because |
1521 | * the incore structures are convinced that quotas are |
1522 | * off, but the on disk superblock doesn't know that ! |
1523 | */ |
1524 | ASSERT(!(XFS_IS_QUOTA_ON(mp))); |
1525 | xfs_alert(mp, "%s: Superblock update failed!" , |
1526 | __func__); |
1527 | } |
1528 | } |
1529 | |
1530 | if (error) { |
1531 | xfs_warn(mp, "Failed to initialize disk quotas." ); |
1532 | return; |
1533 | } |
1534 | } |
1535 | |
1536 | /* |
1537 | * This is called after the superblock has been read in and we're ready to |
1538 | * iget the quota inodes. |
1539 | */ |
1540 | STATIC int |
1541 | xfs_qm_init_quotainos( |
1542 | xfs_mount_t *mp) |
1543 | { |
1544 | struct xfs_inode *uip = NULL; |
1545 | struct xfs_inode *gip = NULL; |
1546 | struct xfs_inode *pip = NULL; |
1547 | int error; |
1548 | uint flags = 0; |
1549 | |
1550 | ASSERT(mp->m_quotainfo); |
1551 | |
1552 | /* |
1553 | * Get the uquota and gquota inodes |
1554 | */ |
1555 | if (xfs_has_quota(mp)) { |
1556 | if (XFS_IS_UQUOTA_ON(mp) && |
1557 | mp->m_sb.sb_uquotino != NULLFSINO) { |
1558 | ASSERT(mp->m_sb.sb_uquotino > 0); |
1559 | error = xfs_iget(mp, NULL, ino: mp->m_sb.sb_uquotino, |
1560 | flags: 0, lock_flags: 0, ipp: &uip); |
1561 | if (error) |
1562 | return error; |
1563 | } |
1564 | if (XFS_IS_GQUOTA_ON(mp) && |
1565 | mp->m_sb.sb_gquotino != NULLFSINO) { |
1566 | ASSERT(mp->m_sb.sb_gquotino > 0); |
1567 | error = xfs_iget(mp, NULL, ino: mp->m_sb.sb_gquotino, |
1568 | flags: 0, lock_flags: 0, ipp: &gip); |
1569 | if (error) |
1570 | goto error_rele; |
1571 | } |
1572 | if (XFS_IS_PQUOTA_ON(mp) && |
1573 | mp->m_sb.sb_pquotino != NULLFSINO) { |
1574 | ASSERT(mp->m_sb.sb_pquotino > 0); |
1575 | error = xfs_iget(mp, NULL, ino: mp->m_sb.sb_pquotino, |
1576 | flags: 0, lock_flags: 0, ipp: &pip); |
1577 | if (error) |
1578 | goto error_rele; |
1579 | } |
1580 | } else { |
1581 | flags |= XFS_QMOPT_SBVERSION; |
1582 | } |
1583 | |
1584 | /* |
1585 | * Create the three inodes, if they don't exist already. The changes |
1586 | * made above will get added to a transaction and logged in one of |
1587 | * the qino_alloc calls below. If the device is readonly, |
1588 | * temporarily switch to read-write to do this. |
1589 | */ |
1590 | if (XFS_IS_UQUOTA_ON(mp) && uip == NULL) { |
1591 | error = xfs_qm_qino_alloc(mp, &uip, |
1592 | flags | XFS_QMOPT_UQUOTA); |
1593 | if (error) |
1594 | goto error_rele; |
1595 | |
1596 | flags &= ~XFS_QMOPT_SBVERSION; |
1597 | } |
1598 | if (XFS_IS_GQUOTA_ON(mp) && gip == NULL) { |
1599 | error = xfs_qm_qino_alloc(mp, &gip, |
1600 | flags | XFS_QMOPT_GQUOTA); |
1601 | if (error) |
1602 | goto error_rele; |
1603 | |
1604 | flags &= ~XFS_QMOPT_SBVERSION; |
1605 | } |
1606 | if (XFS_IS_PQUOTA_ON(mp) && pip == NULL) { |
1607 | error = xfs_qm_qino_alloc(mp, &pip, |
1608 | flags | XFS_QMOPT_PQUOTA); |
1609 | if (error) |
1610 | goto error_rele; |
1611 | } |
1612 | |
1613 | mp->m_quotainfo->qi_uquotaip = uip; |
1614 | mp->m_quotainfo->qi_gquotaip = gip; |
1615 | mp->m_quotainfo->qi_pquotaip = pip; |
1616 | |
1617 | return 0; |
1618 | |
1619 | error_rele: |
1620 | if (uip) |
1621 | xfs_irele(ip: uip); |
1622 | if (gip) |
1623 | xfs_irele(ip: gip); |
1624 | if (pip) |
1625 | xfs_irele(ip: pip); |
1626 | return error; |
1627 | } |
1628 | |
1629 | STATIC void |
1630 | xfs_qm_destroy_quotainos( |
1631 | struct xfs_quotainfo *qi) |
1632 | { |
1633 | if (qi->qi_uquotaip) { |
1634 | xfs_irele(ip: qi->qi_uquotaip); |
1635 | qi->qi_uquotaip = NULL; /* paranoia */ |
1636 | } |
1637 | if (qi->qi_gquotaip) { |
1638 | xfs_irele(ip: qi->qi_gquotaip); |
1639 | qi->qi_gquotaip = NULL; |
1640 | } |
1641 | if (qi->qi_pquotaip) { |
1642 | xfs_irele(ip: qi->qi_pquotaip); |
1643 | qi->qi_pquotaip = NULL; |
1644 | } |
1645 | } |
1646 | |
1647 | STATIC void |
1648 | xfs_qm_dqfree_one( |
1649 | struct xfs_dquot *dqp) |
1650 | { |
1651 | struct xfs_mount *mp = dqp->q_mount; |
1652 | struct xfs_quotainfo *qi = mp->m_quotainfo; |
1653 | |
1654 | mutex_lock(&qi->qi_tree_lock); |
1655 | radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id); |
1656 | |
1657 | qi->qi_dquots--; |
1658 | mutex_unlock(lock: &qi->qi_tree_lock); |
1659 | |
1660 | xfs_qm_dqdestroy(dqp); |
1661 | } |
1662 | |
1663 | /* --------------- utility functions for vnodeops ---------------- */ |
1664 | |
1665 | |
1666 | /* |
1667 | * Given an inode, a uid, gid and prid make sure that we have |
1668 | * allocated relevant dquot(s) on disk, and that we won't exceed inode |
1669 | * quotas by creating this file. |
1670 | * This also attaches dquot(s) to the given inode after locking it, |
1671 | * and returns the dquots corresponding to the uid and/or gid. |
1672 | * |
1673 | * in : inode (unlocked) |
1674 | * out : udquot, gdquot with references taken and unlocked |
1675 | */ |
1676 | int |
1677 | xfs_qm_vop_dqalloc( |
1678 | struct xfs_inode *ip, |
1679 | kuid_t uid, |
1680 | kgid_t gid, |
1681 | prid_t prid, |
1682 | uint flags, |
1683 | struct xfs_dquot **O_udqpp, |
1684 | struct xfs_dquot **O_gdqpp, |
1685 | struct xfs_dquot **O_pdqpp) |
1686 | { |
1687 | struct xfs_mount *mp = ip->i_mount; |
1688 | struct inode *inode = VFS_I(ip); |
1689 | struct user_namespace *user_ns = inode->i_sb->s_user_ns; |
1690 | struct xfs_dquot *uq = NULL; |
1691 | struct xfs_dquot *gq = NULL; |
1692 | struct xfs_dquot *pq = NULL; |
1693 | int error; |
1694 | uint lockflags; |
1695 | |
1696 | if (!XFS_IS_QUOTA_ON(mp)) |
1697 | return 0; |
1698 | |
1699 | lockflags = XFS_ILOCK_EXCL; |
1700 | xfs_ilock(ip, lockflags); |
1701 | |
1702 | if ((flags & XFS_QMOPT_INHERIT) && XFS_INHERIT_GID(ip)) |
1703 | gid = inode->i_gid; |
1704 | |
1705 | /* |
1706 | * Attach the dquot(s) to this inode, doing a dquot allocation |
1707 | * if necessary. The dquot(s) will not be locked. |
1708 | */ |
1709 | if (XFS_NOT_DQATTACHED(mp, ip)) { |
1710 | error = xfs_qm_dqattach_locked(ip, doalloc: true); |
1711 | if (error) { |
1712 | xfs_iunlock(ip, lockflags); |
1713 | return error; |
1714 | } |
1715 | } |
1716 | |
1717 | if ((flags & XFS_QMOPT_UQUOTA) && XFS_IS_UQUOTA_ON(mp)) { |
1718 | ASSERT(O_udqpp); |
1719 | if (!uid_eq(left: inode->i_uid, right: uid)) { |
1720 | /* |
1721 | * What we need is the dquot that has this uid, and |
1722 | * if we send the inode to dqget, the uid of the inode |
1723 | * takes priority over what's sent in the uid argument. |
1724 | * We must unlock inode here before calling dqget if |
1725 | * we're not sending the inode, because otherwise |
1726 | * we'll deadlock by doing trans_reserve while |
1727 | * holding ilock. |
1728 | */ |
1729 | xfs_iunlock(ip, lockflags); |
1730 | error = xfs_qm_dqget(mp, from_kuid(user_ns, uid), |
1731 | XFS_DQTYPE_USER, true, &uq); |
1732 | if (error) { |
1733 | ASSERT(error != -ENOENT); |
1734 | return error; |
1735 | } |
1736 | /* |
1737 | * Get the ilock in the right order. |
1738 | */ |
1739 | xfs_dqunlock(dqp: uq); |
1740 | lockflags = XFS_ILOCK_SHARED; |
1741 | xfs_ilock(ip, lockflags); |
1742 | } else { |
1743 | /* |
1744 | * Take an extra reference, because we'll return |
1745 | * this to caller |
1746 | */ |
1747 | ASSERT(ip->i_udquot); |
1748 | uq = xfs_qm_dqhold(dqp: ip->i_udquot); |
1749 | } |
1750 | } |
1751 | if ((flags & XFS_QMOPT_GQUOTA) && XFS_IS_GQUOTA_ON(mp)) { |
1752 | ASSERT(O_gdqpp); |
1753 | if (!gid_eq(left: inode->i_gid, right: gid)) { |
1754 | xfs_iunlock(ip, lockflags); |
1755 | error = xfs_qm_dqget(mp, from_kgid(user_ns, gid), |
1756 | XFS_DQTYPE_GROUP, true, &gq); |
1757 | if (error) { |
1758 | ASSERT(error != -ENOENT); |
1759 | goto error_rele; |
1760 | } |
1761 | xfs_dqunlock(dqp: gq); |
1762 | lockflags = XFS_ILOCK_SHARED; |
1763 | xfs_ilock(ip, lockflags); |
1764 | } else { |
1765 | ASSERT(ip->i_gdquot); |
1766 | gq = xfs_qm_dqhold(dqp: ip->i_gdquot); |
1767 | } |
1768 | } |
1769 | if ((flags & XFS_QMOPT_PQUOTA) && XFS_IS_PQUOTA_ON(mp)) { |
1770 | ASSERT(O_pdqpp); |
1771 | if (ip->i_projid != prid) { |
1772 | xfs_iunlock(ip, lockflags); |
1773 | error = xfs_qm_dqget(mp, prid, |
1774 | XFS_DQTYPE_PROJ, true, &pq); |
1775 | if (error) { |
1776 | ASSERT(error != -ENOENT); |
1777 | goto error_rele; |
1778 | } |
1779 | xfs_dqunlock(dqp: pq); |
1780 | lockflags = XFS_ILOCK_SHARED; |
1781 | xfs_ilock(ip, lockflags); |
1782 | } else { |
1783 | ASSERT(ip->i_pdquot); |
1784 | pq = xfs_qm_dqhold(dqp: ip->i_pdquot); |
1785 | } |
1786 | } |
1787 | trace_xfs_dquot_dqalloc(ip); |
1788 | |
1789 | xfs_iunlock(ip, lockflags); |
1790 | if (O_udqpp) |
1791 | *O_udqpp = uq; |
1792 | else |
1793 | xfs_qm_dqrele(uq); |
1794 | if (O_gdqpp) |
1795 | *O_gdqpp = gq; |
1796 | else |
1797 | xfs_qm_dqrele(gq); |
1798 | if (O_pdqpp) |
1799 | *O_pdqpp = pq; |
1800 | else |
1801 | xfs_qm_dqrele(pq); |
1802 | return 0; |
1803 | |
1804 | error_rele: |
1805 | xfs_qm_dqrele(gq); |
1806 | xfs_qm_dqrele(uq); |
1807 | return error; |
1808 | } |
1809 | |
1810 | /* |
1811 | * Actually transfer ownership, and do dquot modifications. |
1812 | * These were already reserved. |
1813 | */ |
1814 | struct xfs_dquot * |
1815 | xfs_qm_vop_chown( |
1816 | struct xfs_trans *tp, |
1817 | struct xfs_inode *ip, |
1818 | struct xfs_dquot **IO_olddq, |
1819 | struct xfs_dquot *newdq) |
1820 | { |
1821 | struct xfs_dquot *prevdq; |
1822 | uint bfield = XFS_IS_REALTIME_INODE(ip) ? |
1823 | XFS_TRANS_DQ_RTBCOUNT : XFS_TRANS_DQ_BCOUNT; |
1824 | |
1825 | |
1826 | xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); |
1827 | ASSERT(XFS_IS_QUOTA_ON(ip->i_mount)); |
1828 | |
1829 | /* old dquot */ |
1830 | prevdq = *IO_olddq; |
1831 | ASSERT(prevdq); |
1832 | ASSERT(prevdq != newdq); |
1833 | |
1834 | xfs_trans_mod_ino_dquot(tp, ip, dqp: prevdq, field: bfield, delta: -(ip->i_nblocks)); |
1835 | xfs_trans_mod_ino_dquot(tp, ip, prevdq, XFS_TRANS_DQ_ICOUNT, -1); |
1836 | |
1837 | /* the sparkling new dquot */ |
1838 | xfs_trans_mod_ino_dquot(tp, ip, dqp: newdq, field: bfield, delta: ip->i_nblocks); |
1839 | xfs_trans_mod_ino_dquot(tp, ip, newdq, XFS_TRANS_DQ_ICOUNT, 1); |
1840 | |
1841 | /* |
1842 | * Back when we made quota reservations for the chown, we reserved the |
1843 | * ondisk blocks + delalloc blocks with the new dquot. Now that we've |
1844 | * switched the dquots, decrease the new dquot's block reservation |
1845 | * (having already bumped up the real counter) so that we don't have |
1846 | * any reservation to give back when we commit. |
1847 | */ |
1848 | xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_RES_BLKS, |
1849 | -ip->i_delayed_blks); |
1850 | |
1851 | /* |
1852 | * Give the incore reservation for delalloc blocks back to the old |
1853 | * dquot. We don't normally handle delalloc quota reservations |
1854 | * transactionally, so just lock the dquot and subtract from the |
1855 | * reservation. Dirty the transaction because it's too late to turn |
1856 | * back now. |
1857 | */ |
1858 | tp->t_flags |= XFS_TRANS_DIRTY; |
1859 | xfs_dqlock(dqp: prevdq); |
1860 | ASSERT(prevdq->q_blk.reserved >= ip->i_delayed_blks); |
1861 | prevdq->q_blk.reserved -= ip->i_delayed_blks; |
1862 | xfs_dqunlock(dqp: prevdq); |
1863 | |
1864 | /* |
1865 | * Take an extra reference, because the inode is going to keep |
1866 | * this dquot pointer even after the trans_commit. |
1867 | */ |
1868 | *IO_olddq = xfs_qm_dqhold(dqp: newdq); |
1869 | |
1870 | return prevdq; |
1871 | } |
1872 | |
1873 | int |
1874 | xfs_qm_vop_rename_dqattach( |
1875 | struct xfs_inode **i_tab) |
1876 | { |
1877 | struct xfs_mount *mp = i_tab[0]->i_mount; |
1878 | int i; |
1879 | |
1880 | if (!XFS_IS_QUOTA_ON(mp)) |
1881 | return 0; |
1882 | |
1883 | for (i = 0; (i < 4 && i_tab[i]); i++) { |
1884 | struct xfs_inode *ip = i_tab[i]; |
1885 | int error; |
1886 | |
1887 | /* |
1888 | * Watch out for duplicate entries in the table. |
1889 | */ |
1890 | if (i == 0 || ip != i_tab[i-1]) { |
1891 | if (XFS_NOT_DQATTACHED(mp, ip)) { |
1892 | error = xfs_qm_dqattach(ip); |
1893 | if (error) |
1894 | return error; |
1895 | } |
1896 | } |
1897 | } |
1898 | return 0; |
1899 | } |
1900 | |
1901 | void |
1902 | xfs_qm_vop_create_dqattach( |
1903 | struct xfs_trans *tp, |
1904 | struct xfs_inode *ip, |
1905 | struct xfs_dquot *udqp, |
1906 | struct xfs_dquot *gdqp, |
1907 | struct xfs_dquot *pdqp) |
1908 | { |
1909 | struct xfs_mount *mp = tp->t_mountp; |
1910 | |
1911 | if (!XFS_IS_QUOTA_ON(mp)) |
1912 | return; |
1913 | |
1914 | xfs_assert_ilocked(ip, XFS_ILOCK_EXCL); |
1915 | |
1916 | if (udqp && XFS_IS_UQUOTA_ON(mp)) { |
1917 | ASSERT(ip->i_udquot == NULL); |
1918 | ASSERT(i_uid_read(VFS_I(ip)) == udqp->q_id); |
1919 | |
1920 | ip->i_udquot = xfs_qm_dqhold(dqp: udqp); |
1921 | } |
1922 | if (gdqp && XFS_IS_GQUOTA_ON(mp)) { |
1923 | ASSERT(ip->i_gdquot == NULL); |
1924 | ASSERT(i_gid_read(VFS_I(ip)) == gdqp->q_id); |
1925 | |
1926 | ip->i_gdquot = xfs_qm_dqhold(dqp: gdqp); |
1927 | } |
1928 | if (pdqp && XFS_IS_PQUOTA_ON(mp)) { |
1929 | ASSERT(ip->i_pdquot == NULL); |
1930 | ASSERT(ip->i_projid == pdqp->q_id); |
1931 | |
1932 | ip->i_pdquot = xfs_qm_dqhold(dqp: pdqp); |
1933 | } |
1934 | |
1935 | xfs_trans_mod_dquot_byino(tp, ip, XFS_TRANS_DQ_ICOUNT, 1); |
1936 | } |
1937 | |
1938 | /* Decide if this inode's dquot is near an enforcement boundary. */ |
1939 | bool |
1940 | xfs_inode_near_dquot_enforcement( |
1941 | struct xfs_inode *ip, |
1942 | xfs_dqtype_t type) |
1943 | { |
1944 | struct xfs_dquot *dqp; |
1945 | int64_t freesp; |
1946 | |
1947 | /* We only care for quotas that are enabled and enforced. */ |
1948 | dqp = xfs_inode_dquot(ip, type); |
1949 | if (!dqp || !xfs_dquot_is_enforced(dqp)) |
1950 | return false; |
1951 | |
1952 | if (xfs_dquot_res_over_limits(qres: &dqp->q_ino) || |
1953 | xfs_dquot_res_over_limits(qres: &dqp->q_rtb)) |
1954 | return true; |
1955 | |
1956 | /* For space on the data device, check the various thresholds. */ |
1957 | if (!dqp->q_prealloc_hi_wmark) |
1958 | return false; |
1959 | |
1960 | if (dqp->q_blk.reserved < dqp->q_prealloc_lo_wmark) |
1961 | return false; |
1962 | |
1963 | if (dqp->q_blk.reserved >= dqp->q_prealloc_hi_wmark) |
1964 | return true; |
1965 | |
1966 | freesp = dqp->q_prealloc_hi_wmark - dqp->q_blk.reserved; |
1967 | if (freesp < dqp->q_low_space[XFS_QLOWSP_5_PCNT]) |
1968 | return true; |
1969 | |
1970 | return false; |
1971 | } |
1972 | |