1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Implementation of the diskquota system for the LINUX operating system. QUOTA
4 * is implemented using the BSD system call interface as the means of
5 * communication with the user level. This file contains the generic routines
6 * called by the different filesystems on allocation of an inode or block.
7 * These routines take care of the administration needed to have a consistent
8 * diskquota tracking system. The ideas of both user and group quotas are based
9 * on the Melbourne quota system as used on BSD derived systems. The internal
10 * implementation is based on one of the several variants of the LINUX
11 * inode-subsystem with added complexity of the diskquota system.
12 *
13 * Author: Marco van Wieringen <mvw@planets.elm.net>
14 *
15 * Fixes: Dmitry Gorodchanin <pgmdsg@ibi.com>, 11 Feb 96
16 *
17 * Revised list management to avoid races
18 * -- Bill Hawes, <whawes@star.net>, 9/98
19 *
20 * Fixed races in dquot_transfer(), dqget() and dquot_alloc_...().
21 * As the consequence the locking was moved from dquot_decr_...(),
22 * dquot_incr_...() to calling functions.
23 * invalidate_dquots() now writes modified dquots.
24 * Serialized quota_off() and quota_on() for mount point.
25 * Fixed a few bugs in grow_dquots().
26 * Fixed deadlock in write_dquot() - we no longer account quotas on
27 * quota files
28 * remove_dquot_ref() moved to inode.c - it now traverses through inodes
29 * add_dquot_ref() restarts after blocking
30 * Added check for bogus uid and fixed check for group in quotactl.
31 * Jan Kara, <jack@suse.cz>, sponsored by SuSE CR, 10-11/99
32 *
33 * Used struct list_head instead of own list struct
34 * Invalidation of referenced dquots is no longer possible
35 * Improved free_dquots list management
36 * Quota and i_blocks are now updated in one place to avoid races
37 * Warnings are now delayed so we won't block in critical section
38 * Write updated not to require dquot lock
39 * Jan Kara, <jack@suse.cz>, 9/2000
40 *
41 * Added dynamic quota structure allocation
42 * Jan Kara <jack@suse.cz> 12/2000
43 *
44 * Rewritten quota interface. Implemented new quota format and
45 * formats registering.
46 * Jan Kara, <jack@suse.cz>, 2001,2002
47 *
48 * New SMP locking.
49 * Jan Kara, <jack@suse.cz>, 10/2002
50 *
51 * Added journalled quota support, fix lock inversion problems
52 * Jan Kara, <jack@suse.cz>, 2003,2004
53 *
54 * (C) Copyright 1994 - 1997 Marco van Wieringen
55 */
56
57 #include <linux/errno.h>
58 #include <linux/kernel.h>
59 #include <linux/fs.h>
60 #include <linux/mount.h>
61 #include <linux/mm.h>
62 #include <linux/time.h>
63 #include <linux/types.h>
64 #include <linux/string.h>
65 #include <linux/fcntl.h>
66 #include <linux/stat.h>
67 #include <linux/tty.h>
68 #include <linux/file.h>
69 #include <linux/slab.h>
70 #include <linux/sysctl.h>
71 #include <linux/init.h>
72 #include <linux/module.h>
73 #include <linux/proc_fs.h>
74 #include <linux/security.h>
75 #include <linux/sched.h>
76 #include <linux/cred.h>
77 #include <linux/kmod.h>
78 #include <linux/namei.h>
79 #include <linux/capability.h>
80 #include <linux/quotaops.h>
81 #include <linux/blkdev.h>
82 #include <linux/sched/mm.h>
83 #include "../internal.h" /* ugh */
84
85 #include <linux/uaccess.h>
86
87 /*
88 * There are five quota SMP locks:
89 * * dq_list_lock protects all lists with quotas and quota formats.
90 * * dquot->dq_dqb_lock protects data from dq_dqb
91 * * inode->i_lock protects inode->i_blocks, i_bytes and also guards
92 * consistency of dquot->dq_dqb with inode->i_blocks, i_bytes so that
93 * dquot_transfer() can stabilize amount it transfers
94 * * dq_data_lock protects mem_dqinfo structures and modifications of dquot
95 * pointers in the inode
96 * * dq_state_lock protects modifications of quota state (on quotaon and
97 * quotaoff) and readers who care about latest values take it as well.
98 *
99 * The spinlock ordering is hence:
100 * dq_data_lock > dq_list_lock > i_lock > dquot->dq_dqb_lock,
101 * dq_list_lock > dq_state_lock
102 *
103 * Note that some things (eg. sb pointer, type, id) doesn't change during
104 * the life of the dquot structure and so needn't to be protected by a lock
105 *
106 * Operation accessing dquots via inode pointers are protected by dquot_srcu.
107 * Operation of reading pointer needs srcu_read_lock(&dquot_srcu), and
108 * synchronize_srcu(&dquot_srcu) is called after clearing pointers from
109 * inode and before dropping dquot references to avoid use of dquots after
110 * they are freed. dq_data_lock is used to serialize the pointer setting and
111 * clearing operations.
112 * Special care needs to be taken about S_NOQUOTA inode flag (marking that
113 * inode is a quota file). Functions adding pointers from inode to dquots have
114 * to check this flag under dq_data_lock and then (if S_NOQUOTA is not set) they
115 * have to do all pointer modifications before dropping dq_data_lock. This makes
116 * sure they cannot race with quotaon which first sets S_NOQUOTA flag and
117 * then drops all pointers to dquots from an inode.
118 *
119 * Each dquot has its dq_lock mutex. Dquot is locked when it is being read to
120 * memory (or space for it is being allocated) on the first dqget(), when it is
121 * being written out, and when it is being released on the last dqput(). The
122 * allocation and release operations are serialized by the dq_lock and by
123 * checking the use count in dquot_release().
124 *
125 * Lock ordering (including related VFS locks) is the following:
126 * s_umount > i_mutex > journal_lock > dquot->dq_lock > dqio_sem
127 */
128
129 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_list_lock);
130 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_state_lock);
131 __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_data_lock);
132 EXPORT_SYMBOL(dq_data_lock);
133 DEFINE_STATIC_SRCU(dquot_srcu);
134
135 static DECLARE_WAIT_QUEUE_HEAD(dquot_ref_wq);
136
__quota_error(struct super_block *sb, const char *func, const char *fmt, ...)137 void __quota_error(struct super_block *sb, const char *func,
138 const char *fmt, ...)
139 {
140 if (printk_ratelimit()) {
141 va_list args;
142 struct va_format vaf;
143
144 va_start(args, fmt);
145
146 vaf.fmt = fmt;
147 vaf.va = &args;
148
149 printk(KERN_ERR "Quota error (device %s): %s: %pV\n",
150 sb->s_id, func, &vaf);
151
152 va_end(args);
153 }
154 }
155 EXPORT_SYMBOL(__quota_error);
156
157 #if defined(CONFIG_QUOTA_DEBUG) || defined(CONFIG_PRINT_QUOTA_WARNING)
158 static char *quotatypes[] = INITQFNAMES;
159 #endif
160 static struct quota_format_type *quota_formats; /* List of registered formats */
161 static struct quota_module_name module_names[] = INIT_QUOTA_MODULE_NAMES;
162
163 /* SLAB cache for dquot structures */
164 static struct kmem_cache *dquot_cachep;
165
register_quota_format(struct quota_format_type *fmt)166 int register_quota_format(struct quota_format_type *fmt)
167 {
168 spin_lock(&dq_list_lock);
169 fmt->qf_next = quota_formats;
170 quota_formats = fmt;
171 spin_unlock(&dq_list_lock);
172 return 0;
173 }
174 EXPORT_SYMBOL(register_quota_format);
175
unregister_quota_format(struct quota_format_type *fmt)176 void unregister_quota_format(struct quota_format_type *fmt)
177 {
178 struct quota_format_type **actqf;
179
180 spin_lock(&dq_list_lock);
181 for (actqf = "a_formats; *actqf && *actqf != fmt;
182 actqf = &(*actqf)->qf_next)
183 ;
184 if (*actqf)
185 *actqf = (*actqf)->qf_next;
186 spin_unlock(&dq_list_lock);
187 }
188 EXPORT_SYMBOL(unregister_quota_format);
189
find_quota_format(int id)190 static struct quota_format_type *find_quota_format(int id)
191 {
192 struct quota_format_type *actqf;
193
194 spin_lock(&dq_list_lock);
195 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id;
196 actqf = actqf->qf_next)
197 ;
198 if (!actqf || !try_module_get(actqf->qf_owner)) {
199 int qm;
200
201 spin_unlock(&dq_list_lock);
202
203 for (qm = 0; module_names[qm].qm_fmt_id &&
204 module_names[qm].qm_fmt_id != id; qm++)
205 ;
206 if (!module_names[qm].qm_fmt_id ||
207 request_module(module_names[qm].qm_mod_name))
208 return NULL;
209
210 spin_lock(&dq_list_lock);
211 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id;
212 actqf = actqf->qf_next)
213 ;
214 if (actqf && !try_module_get(actqf->qf_owner))
215 actqf = NULL;
216 }
217 spin_unlock(&dq_list_lock);
218 return actqf;
219 }
220
put_quota_format(struct quota_format_type *fmt)221 static void put_quota_format(struct quota_format_type *fmt)
222 {
223 module_put(fmt->qf_owner);
224 }
225
226 /*
227 * Dquot List Management:
228 * The quota code uses five lists for dquot management: the inuse_list,
229 * releasing_dquots, free_dquots, dqi_dirty_list, and dquot_hash[] array.
230 * A single dquot structure may be on some of those lists, depending on
231 * its current state.
232 *
233 * All dquots are placed to the end of inuse_list when first created, and this
234 * list is used for invalidate operation, which must look at every dquot.
235 *
236 * When the last reference of a dquot is dropped, the dquot is added to
237 * releasing_dquots. We'll then queue work item which will call
238 * synchronize_srcu() and after that perform the final cleanup of all the
239 * dquots on the list. Each cleaned up dquot is moved to free_dquots list.
240 * Both releasing_dquots and free_dquots use the dq_free list_head in the dquot
241 * struct.
242 *
243 * Unused and cleaned up dquots are in the free_dquots list and this list is
244 * searched whenever we need an available dquot. Dquots are removed from the
245 * list as soon as they are used again and dqstats.free_dquots gives the number
246 * of dquots on the list. When dquot is invalidated it's completely released
247 * from memory.
248 *
249 * Dirty dquots are added to the dqi_dirty_list of quota_info when mark
250 * dirtied, and this list is searched when writing dirty dquots back to
251 * quota file. Note that some filesystems do dirty dquot tracking on their
252 * own (e.g. in a journal) and thus don't use dqi_dirty_list.
253 *
254 * Dquots with a specific identity (device, type and id) are placed on
255 * one of the dquot_hash[] hash chains. The provides an efficient search
256 * mechanism to locate a specific dquot.
257 */
258
259 static LIST_HEAD(inuse_list);
260 static LIST_HEAD(free_dquots);
261 static LIST_HEAD(releasing_dquots);
262 static unsigned int dq_hash_bits, dq_hash_mask;
263 static struct hlist_head *dquot_hash;
264
265 struct dqstats dqstats;
266 EXPORT_SYMBOL(dqstats);
267
268 static qsize_t inode_get_rsv_space(struct inode *inode);
269 static qsize_t __inode_get_rsv_space(struct inode *inode);
270 static int __dquot_initialize(struct inode *inode, int type);
271
272 static void quota_release_workfn(struct work_struct *work);
273 static DECLARE_DELAYED_WORK(quota_release_work, quota_release_workfn);
274
275 static inline unsigned int
hashfn(const struct super_block *sb, struct kqid qid)276 hashfn(const struct super_block *sb, struct kqid qid)
277 {
278 unsigned int id = from_kqid(&init_user_ns, qid);
279 int type = qid.type;
280 unsigned long tmp;
281
282 tmp = (((unsigned long)sb>>L1_CACHE_SHIFT) ^ id) * (MAXQUOTAS - type);
283 return (tmp + (tmp >> dq_hash_bits)) & dq_hash_mask;
284 }
285
286 /*
287 * Following list functions expect dq_list_lock to be held
288 */
insert_dquot_hash(struct dquot *dquot)289 static inline void insert_dquot_hash(struct dquot *dquot)
290 {
291 struct hlist_head *head;
292 head = dquot_hash + hashfn(dquot->dq_sb, dquot->dq_id);
293 hlist_add_head(&dquot->dq_hash, head);
294 }
295
remove_dquot_hash(struct dquot *dquot)296 static inline void remove_dquot_hash(struct dquot *dquot)
297 {
298 hlist_del_init(&dquot->dq_hash);
299 }
300
find_dquot(unsigned int hashent, struct super_block *sb, struct kqid qid)301 static struct dquot *find_dquot(unsigned int hashent, struct super_block *sb,
302 struct kqid qid)
303 {
304 struct hlist_node *node;
305 struct dquot *dquot;
306
307 hlist_for_each (node, dquot_hash+hashent) {
308 dquot = hlist_entry(node, struct dquot, dq_hash);
309 if (dquot->dq_sb == sb && qid_eq(dquot->dq_id, qid))
310 return dquot;
311 }
312 return NULL;
313 }
314
315 /* Add a dquot to the tail of the free list */
put_dquot_last(struct dquot *dquot)316 static inline void put_dquot_last(struct dquot *dquot)
317 {
318 list_add_tail(&dquot->dq_free, &free_dquots);
319 dqstats_inc(DQST_FREE_DQUOTS);
320 }
321
put_releasing_dquots(struct dquot *dquot)322 static inline void put_releasing_dquots(struct dquot *dquot)
323 {
324 list_add_tail(&dquot->dq_free, &releasing_dquots);
325 set_bit(DQ_RELEASING_B, &dquot->dq_flags);
326 }
327
remove_free_dquot(struct dquot *dquot)328 static inline void remove_free_dquot(struct dquot *dquot)
329 {
330 if (list_empty(&dquot->dq_free))
331 return;
332 list_del_init(&dquot->dq_free);
333 if (!test_bit(DQ_RELEASING_B, &dquot->dq_flags))
334 dqstats_dec(DQST_FREE_DQUOTS);
335 else
336 clear_bit(DQ_RELEASING_B, &dquot->dq_flags);
337 }
338
put_inuse(struct dquot *dquot)339 static inline void put_inuse(struct dquot *dquot)
340 {
341 /* We add to the back of inuse list so we don't have to restart
342 * when traversing this list and we block */
343 list_add_tail(&dquot->dq_inuse, &inuse_list);
344 dqstats_inc(DQST_ALLOC_DQUOTS);
345 }
346
remove_inuse(struct dquot *dquot)347 static inline void remove_inuse(struct dquot *dquot)
348 {
349 dqstats_dec(DQST_ALLOC_DQUOTS);
350 list_del(&dquot->dq_inuse);
351 }
352 /*
353 * End of list functions needing dq_list_lock
354 */
355
wait_on_dquot(struct dquot *dquot)356 static void wait_on_dquot(struct dquot *dquot)
357 {
358 mutex_lock(&dquot->dq_lock);
359 mutex_unlock(&dquot->dq_lock);
360 }
361
dquot_active(struct dquot *dquot)362 static inline int dquot_active(struct dquot *dquot)
363 {
364 return test_bit(DQ_ACTIVE_B, &dquot->dq_flags);
365 }
366
dquot_dirty(struct dquot *dquot)367 static inline int dquot_dirty(struct dquot *dquot)
368 {
369 return test_bit(DQ_MOD_B, &dquot->dq_flags);
370 }
371
mark_dquot_dirty(struct dquot *dquot)372 static inline int mark_dquot_dirty(struct dquot *dquot)
373 {
374 return dquot->dq_sb->dq_op->mark_dirty(dquot);
375 }
376
377 /* Mark dquot dirty in atomic manner, and return it's old dirty flag state */
dquot_mark_dquot_dirty(struct dquot *dquot)378 int dquot_mark_dquot_dirty(struct dquot *dquot)
379 {
380 int ret = 1;
381
382 if (!dquot_active(dquot))
383 return 0;
384
385 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY)
386 return test_and_set_bit(DQ_MOD_B, &dquot->dq_flags);
387
388 /* If quota is dirty already, we don't have to acquire dq_list_lock */
389 if (dquot_dirty(dquot))
390 return 1;
391
392 spin_lock(&dq_list_lock);
393 if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags)) {
394 list_add(&dquot->dq_dirty, &sb_dqopt(dquot->dq_sb)->
395 info[dquot->dq_id.type].dqi_dirty_list);
396 ret = 0;
397 }
398 spin_unlock(&dq_list_lock);
399 return ret;
400 }
401 EXPORT_SYMBOL(dquot_mark_dquot_dirty);
402
403 /* Dirtify all the dquots - this can block when journalling */
mark_all_dquot_dirty(struct dquot * const *dquots)404 static inline int mark_all_dquot_dirty(struct dquot * const *dquots)
405 {
406 int ret, err, cnt;
407 struct dquot *dquot;
408
409 ret = err = 0;
410 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
411 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
412 if (dquot)
413 /* Even in case of error we have to continue */
414 ret = mark_dquot_dirty(dquot);
415 if (!err)
416 err = ret;
417 }
418 return err;
419 }
420
dqput_all(struct dquot **dquot)421 static inline void dqput_all(struct dquot **dquot)
422 {
423 unsigned int cnt;
424
425 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
426 dqput(dquot[cnt]);
427 }
428
clear_dquot_dirty(struct dquot *dquot)429 static inline int clear_dquot_dirty(struct dquot *dquot)
430 {
431 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY)
432 return test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags);
433
434 spin_lock(&dq_list_lock);
435 if (!test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags)) {
436 spin_unlock(&dq_list_lock);
437 return 0;
438 }
439 list_del_init(&dquot->dq_dirty);
440 spin_unlock(&dq_list_lock);
441 return 1;
442 }
443
mark_info_dirty(struct super_block *sb, int type)444 void mark_info_dirty(struct super_block *sb, int type)
445 {
446 spin_lock(&dq_data_lock);
447 sb_dqopt(sb)->info[type].dqi_flags |= DQF_INFO_DIRTY;
448 spin_unlock(&dq_data_lock);
449 }
450 EXPORT_SYMBOL(mark_info_dirty);
451
452 /*
453 * Read dquot from disk and alloc space for it
454 */
455
dquot_acquire(struct dquot *dquot)456 int dquot_acquire(struct dquot *dquot)
457 {
458 int ret = 0, ret2 = 0;
459 unsigned int memalloc;
460 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
461
462 mutex_lock(&dquot->dq_lock);
463 memalloc = memalloc_nofs_save();
464 if (!test_bit(DQ_READ_B, &dquot->dq_flags)) {
465 ret = dqopt->ops[dquot->dq_id.type]->read_dqblk(dquot);
466 if (ret < 0)
467 goto out_iolock;
468 }
469 /* Make sure flags update is visible after dquot has been filled */
470 smp_mb__before_atomic();
471 set_bit(DQ_READ_B, &dquot->dq_flags);
472 /* Instantiate dquot if needed */
473 if (!dquot_active(dquot) && !dquot->dq_off) {
474 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot);
475 /* Write the info if needed */
476 if (info_dirty(&dqopt->info[dquot->dq_id.type])) {
477 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info(
478 dquot->dq_sb, dquot->dq_id.type);
479 }
480 if (ret < 0)
481 goto out_iolock;
482 if (ret2 < 0) {
483 ret = ret2;
484 goto out_iolock;
485 }
486 }
487 /*
488 * Make sure flags update is visible after on-disk struct has been
489 * allocated. Paired with smp_rmb() in dqget().
490 */
491 smp_mb__before_atomic();
492 set_bit(DQ_ACTIVE_B, &dquot->dq_flags);
493 out_iolock:
494 memalloc_nofs_restore(memalloc);
495 mutex_unlock(&dquot->dq_lock);
496 return ret;
497 }
498 EXPORT_SYMBOL(dquot_acquire);
499
500 /*
501 * Write dquot to disk
502 */
dquot_commit(struct dquot *dquot)503 int dquot_commit(struct dquot *dquot)
504 {
505 int ret = 0;
506 unsigned int memalloc;
507 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
508
509 mutex_lock(&dquot->dq_lock);
510 memalloc = memalloc_nofs_save();
511 if (!clear_dquot_dirty(dquot))
512 goto out_lock;
513 /* Inactive dquot can be only if there was error during read/init
514 * => we have better not writing it */
515 if (dquot_active(dquot))
516 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot);
517 else
518 ret = -EIO;
519 out_lock:
520 memalloc_nofs_restore(memalloc);
521 mutex_unlock(&dquot->dq_lock);
522 return ret;
523 }
524 EXPORT_SYMBOL(dquot_commit);
525
526 /*
527 * Release dquot
528 */
dquot_release(struct dquot *dquot)529 int dquot_release(struct dquot *dquot)
530 {
531 int ret = 0, ret2 = 0;
532 unsigned int memalloc;
533 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
534
535 mutex_lock(&dquot->dq_lock);
536 memalloc = memalloc_nofs_save();
537 /* Check whether we are not racing with some other dqget() */
538 if (dquot_is_busy(dquot))
539 goto out_dqlock;
540 if (dqopt->ops[dquot->dq_id.type]->release_dqblk) {
541 ret = dqopt->ops[dquot->dq_id.type]->release_dqblk(dquot);
542 /* Write the info */
543 if (info_dirty(&dqopt->info[dquot->dq_id.type])) {
544 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info(
545 dquot->dq_sb, dquot->dq_id.type);
546 }
547 if (ret >= 0)
548 ret = ret2;
549 }
550 clear_bit(DQ_ACTIVE_B, &dquot->dq_flags);
551 out_dqlock:
552 memalloc_nofs_restore(memalloc);
553 mutex_unlock(&dquot->dq_lock);
554 return ret;
555 }
556 EXPORT_SYMBOL(dquot_release);
557
dquot_destroy(struct dquot *dquot)558 void dquot_destroy(struct dquot *dquot)
559 {
560 kmem_cache_free(dquot_cachep, dquot);
561 }
562 EXPORT_SYMBOL(dquot_destroy);
563
do_destroy_dquot(struct dquot *dquot)564 static inline void do_destroy_dquot(struct dquot *dquot)
565 {
566 dquot->dq_sb->dq_op->destroy_dquot(dquot);
567 }
568
569 /* Invalidate all dquots on the list. Note that this function is called after
570 * quota is disabled and pointers from inodes removed so there cannot be new
571 * quota users. There can still be some users of quotas due to inodes being
572 * just deleted or pruned by prune_icache() (those are not attached to any
573 * list) or parallel quotactl call. We have to wait for such users.
574 */
invalidate_dquots(struct super_block *sb, int type)575 static void invalidate_dquots(struct super_block *sb, int type)
576 {
577 struct dquot *dquot, *tmp;
578
579 restart:
580 flush_delayed_work("a_release_work);
581
582 spin_lock(&dq_list_lock);
583 list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) {
584 if (dquot->dq_sb != sb)
585 continue;
586 if (dquot->dq_id.type != type)
587 continue;
588 /* Wait for dquot users */
589 if (atomic_read(&dquot->dq_count)) {
590 atomic_inc(&dquot->dq_count);
591 spin_unlock(&dq_list_lock);
592 /*
593 * Once dqput() wakes us up, we know it's time to free
594 * the dquot.
595 * IMPORTANT: we rely on the fact that there is always
596 * at most one process waiting for dquot to free.
597 * Otherwise dq_count would be > 1 and we would never
598 * wake up.
599 */
600 wait_event(dquot_ref_wq,
601 atomic_read(&dquot->dq_count) == 1);
602 dqput(dquot);
603 /* At this moment dquot() need not exist (it could be
604 * reclaimed by prune_dqcache(). Hence we must
605 * restart. */
606 goto restart;
607 }
608 /*
609 * The last user already dropped its reference but dquot didn't
610 * get fully cleaned up yet. Restart the scan which flushes the
611 * work cleaning up released dquots.
612 */
613 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) {
614 spin_unlock(&dq_list_lock);
615 goto restart;
616 }
617 /*
618 * Quota now has no users and it has been written on last
619 * dqput()
620 */
621 remove_dquot_hash(dquot);
622 remove_free_dquot(dquot);
623 remove_inuse(dquot);
624 do_destroy_dquot(dquot);
625 }
626 spin_unlock(&dq_list_lock);
627 }
628
629 /* Call callback for every active dquot on given filesystem */
dquot_scan_active(struct super_block *sb, int (*fn)(struct dquot *dquot, unsigned long priv), unsigned long priv)630 int dquot_scan_active(struct super_block *sb,
631 int (*fn)(struct dquot *dquot, unsigned long priv),
632 unsigned long priv)
633 {
634 struct dquot *dquot, *old_dquot = NULL;
635 int ret = 0;
636
637 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount));
638
639 spin_lock(&dq_list_lock);
640 list_for_each_entry(dquot, &inuse_list, dq_inuse) {
641 if (!dquot_active(dquot))
642 continue;
643 if (dquot->dq_sb != sb)
644 continue;
645 /* Now we have active dquot so we can just increase use count */
646 atomic_inc(&dquot->dq_count);
647 spin_unlock(&dq_list_lock);
648 dqput(old_dquot);
649 old_dquot = dquot;
650 /*
651 * ->release_dquot() can be racing with us. Our reference
652 * protects us from new calls to it so just wait for any
653 * outstanding call and recheck the DQ_ACTIVE_B after that.
654 */
655 wait_on_dquot(dquot);
656 if (dquot_active(dquot)) {
657 ret = fn(dquot, priv);
658 if (ret < 0)
659 goto out;
660 }
661 spin_lock(&dq_list_lock);
662 /* We are safe to continue now because our dquot could not
663 * be moved out of the inuse list while we hold the reference */
664 }
665 spin_unlock(&dq_list_lock);
666 out:
667 dqput(old_dquot);
668 return ret;
669 }
670 EXPORT_SYMBOL(dquot_scan_active);
671
dquot_write_dquot(struct dquot *dquot)672 static inline int dquot_write_dquot(struct dquot *dquot)
673 {
674 int ret = dquot->dq_sb->dq_op->write_dquot(dquot);
675 if (ret < 0) {
676 quota_error(dquot->dq_sb, "Can't write quota structure "
677 "(error %d). Quota may get out of sync!", ret);
678 /* Clear dirty bit anyway to avoid infinite loop. */
679 clear_dquot_dirty(dquot);
680 }
681 return ret;
682 }
683
684 /* Write all dquot structures to quota files */
dquot_writeback_dquots(struct super_block *sb, int type)685 int dquot_writeback_dquots(struct super_block *sb, int type)
686 {
687 struct list_head dirty;
688 struct dquot *dquot;
689 struct quota_info *dqopt = sb_dqopt(sb);
690 int cnt;
691 int err, ret = 0;
692
693 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount));
694
695 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
696 if (type != -1 && cnt != type)
697 continue;
698 if (!sb_has_quota_active(sb, cnt))
699 continue;
700 spin_lock(&dq_list_lock);
701 /* Move list away to avoid livelock. */
702 list_replace_init(&dqopt->info[cnt].dqi_dirty_list, &dirty);
703 while (!list_empty(&dirty)) {
704 dquot = list_first_entry(&dirty, struct dquot,
705 dq_dirty);
706
707 WARN_ON(!dquot_active(dquot));
708 /* If the dquot is releasing we should not touch it */
709 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) {
710 spin_unlock(&dq_list_lock);
711 flush_delayed_work("a_release_work);
712 spin_lock(&dq_list_lock);
713 continue;
714 }
715
716 /* Now we have active dquot from which someone is
717 * holding reference so we can safely just increase
718 * use count */
719 dqgrab(dquot);
720 spin_unlock(&dq_list_lock);
721 err = dquot_write_dquot(dquot);
722 if (err && !ret)
723 ret = err;
724 dqput(dquot);
725 spin_lock(&dq_list_lock);
726 }
727 spin_unlock(&dq_list_lock);
728 }
729
730 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
731 if ((cnt == type || type == -1) && sb_has_quota_active(sb, cnt)
732 && info_dirty(&dqopt->info[cnt]))
733 sb->dq_op->write_info(sb, cnt);
734 dqstats_inc(DQST_SYNCS);
735
736 return ret;
737 }
738 EXPORT_SYMBOL(dquot_writeback_dquots);
739
740 /* Write all dquot structures to disk and make them visible from userspace */
dquot_quota_sync(struct super_block *sb, int type)741 int dquot_quota_sync(struct super_block *sb, int type)
742 {
743 struct quota_info *dqopt = sb_dqopt(sb);
744 int cnt;
745 int ret;
746
747 ret = dquot_writeback_dquots(sb, type);
748 if (ret)
749 return ret;
750 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE)
751 return 0;
752
753 /* This is not very clever (and fast) but currently I don't know about
754 * any other simple way of getting quota data to disk and we must get
755 * them there for userspace to be visible... */
756 if (sb->s_op->sync_fs) {
757 ret = sb->s_op->sync_fs(sb, 1);
758 if (ret)
759 return ret;
760 }
761 ret = sync_blockdev(sb->s_bdev);
762 if (ret)
763 return ret;
764
765 /*
766 * Now when everything is written we can discard the pagecache so
767 * that userspace sees the changes.
768 */
769 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
770 if (type != -1 && cnt != type)
771 continue;
772 if (!sb_has_quota_active(sb, cnt))
773 continue;
774 inode_lock(dqopt->files[cnt]);
775 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0);
776 inode_unlock(dqopt->files[cnt]);
777 }
778
779 return 0;
780 }
781 EXPORT_SYMBOL(dquot_quota_sync);
782
783 static unsigned long
dqcache_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)784 dqcache_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
785 {
786 struct dquot *dquot;
787 unsigned long freed = 0;
788
789 spin_lock(&dq_list_lock);
790 while (!list_empty(&free_dquots) && sc->nr_to_scan) {
791 dquot = list_first_entry(&free_dquots, struct dquot, dq_free);
792 remove_dquot_hash(dquot);
793 remove_free_dquot(dquot);
794 remove_inuse(dquot);
795 do_destroy_dquot(dquot);
796 sc->nr_to_scan--;
797 freed++;
798 }
799 spin_unlock(&dq_list_lock);
800 return freed;
801 }
802
803 static unsigned long
dqcache_shrink_count(struct shrinker *shrink, struct shrink_control *sc)804 dqcache_shrink_count(struct shrinker *shrink, struct shrink_control *sc)
805 {
806 return vfs_pressure_ratio(
807 percpu_counter_read_positive(&dqstats.counter[DQST_FREE_DQUOTS]));
808 }
809
810 static struct shrinker dqcache_shrinker = {
811 .count_objects = dqcache_shrink_count,
812 .scan_objects = dqcache_shrink_scan,
813 .seeks = DEFAULT_SEEKS,
814 };
815
816 /*
817 * Safely release dquot and put reference to dquot.
818 */
quota_release_workfn(struct work_struct *work)819 static void quota_release_workfn(struct work_struct *work)
820 {
821 struct dquot *dquot;
822 struct list_head rls_head;
823
824 spin_lock(&dq_list_lock);
825 /* Exchange the list head to avoid livelock. */
826 list_replace_init(&releasing_dquots, &rls_head);
827 spin_unlock(&dq_list_lock);
828 synchronize_srcu(&dquot_srcu);
829
830 restart:
831 spin_lock(&dq_list_lock);
832 while (!list_empty(&rls_head)) {
833 dquot = list_first_entry(&rls_head, struct dquot, dq_free);
834 WARN_ON_ONCE(atomic_read(&dquot->dq_count));
835 /*
836 * Note that DQ_RELEASING_B protects us from racing with
837 * invalidate_dquots() calls so we are safe to work with the
838 * dquot even after we drop dq_list_lock.
839 */
840 if (dquot_dirty(dquot)) {
841 spin_unlock(&dq_list_lock);
842 /* Commit dquot before releasing */
843 dquot_write_dquot(dquot);
844 goto restart;
845 }
846 if (dquot_active(dquot)) {
847 spin_unlock(&dq_list_lock);
848 dquot->dq_sb->dq_op->release_dquot(dquot);
849 goto restart;
850 }
851 /* Dquot is inactive and clean, now move it to free list */
852 remove_free_dquot(dquot);
853 put_dquot_last(dquot);
854 }
855 spin_unlock(&dq_list_lock);
856 }
857
858 /*
859 * Put reference to dquot
860 */
dqput(struct dquot *dquot)861 void dqput(struct dquot *dquot)
862 {
863 if (!dquot)
864 return;
865 #ifdef CONFIG_QUOTA_DEBUG
866 if (!atomic_read(&dquot->dq_count)) {
867 quota_error(dquot->dq_sb, "trying to free free dquot of %s %d",
868 quotatypes[dquot->dq_id.type],
869 from_kqid(&init_user_ns, dquot->dq_id));
870 BUG();
871 }
872 #endif
873 dqstats_inc(DQST_DROPS);
874
875 spin_lock(&dq_list_lock);
876 if (atomic_read(&dquot->dq_count) > 1) {
877 /* We have more than one user... nothing to do */
878 atomic_dec(&dquot->dq_count);
879 /* Releasing dquot during quotaoff phase? */
880 if (!sb_has_quota_active(dquot->dq_sb, dquot->dq_id.type) &&
881 atomic_read(&dquot->dq_count) == 1)
882 wake_up(&dquot_ref_wq);
883 spin_unlock(&dq_list_lock);
884 return;
885 }
886
887 /* Need to release dquot? */
888 #ifdef CONFIG_QUOTA_DEBUG
889 /* sanity check */
890 BUG_ON(!list_empty(&dquot->dq_free));
891 #endif
892 put_releasing_dquots(dquot);
893 atomic_dec(&dquot->dq_count);
894 spin_unlock(&dq_list_lock);
895 queue_delayed_work(system_unbound_wq, "a_release_work, 1);
896 }
897 EXPORT_SYMBOL(dqput);
898
dquot_alloc(struct super_block *sb, int type)899 struct dquot *dquot_alloc(struct super_block *sb, int type)
900 {
901 return kmem_cache_zalloc(dquot_cachep, GFP_NOFS);
902 }
903 EXPORT_SYMBOL(dquot_alloc);
904
get_empty_dquot(struct super_block *sb, int type)905 static struct dquot *get_empty_dquot(struct super_block *sb, int type)
906 {
907 struct dquot *dquot;
908
909 dquot = sb->dq_op->alloc_dquot(sb, type);
910 if(!dquot)
911 return NULL;
912
913 mutex_init(&dquot->dq_lock);
914 INIT_LIST_HEAD(&dquot->dq_free);
915 INIT_LIST_HEAD(&dquot->dq_inuse);
916 INIT_HLIST_NODE(&dquot->dq_hash);
917 INIT_LIST_HEAD(&dquot->dq_dirty);
918 dquot->dq_sb = sb;
919 dquot->dq_id = make_kqid_invalid(type);
920 atomic_set(&dquot->dq_count, 1);
921 spin_lock_init(&dquot->dq_dqb_lock);
922
923 return dquot;
924 }
925
926 /*
927 * Get reference to dquot
928 *
929 * Locking is slightly tricky here. We are guarded from parallel quotaoff()
930 * destroying our dquot by:
931 * a) checking for quota flags under dq_list_lock and
932 * b) getting a reference to dquot before we release dq_list_lock
933 */
dqget(struct super_block *sb, struct kqid qid)934 struct dquot *dqget(struct super_block *sb, struct kqid qid)
935 {
936 unsigned int hashent = hashfn(sb, qid);
937 struct dquot *dquot, *empty = NULL;
938
939 if (!qid_has_mapping(sb->s_user_ns, qid))
940 return ERR_PTR(-EINVAL);
941
942 if (!sb_has_quota_active(sb, qid.type))
943 return ERR_PTR(-ESRCH);
944 we_slept:
945 spin_lock(&dq_list_lock);
946 spin_lock(&dq_state_lock);
947 if (!sb_has_quota_active(sb, qid.type)) {
948 spin_unlock(&dq_state_lock);
949 spin_unlock(&dq_list_lock);
950 dquot = ERR_PTR(-ESRCH);
951 goto out;
952 }
953 spin_unlock(&dq_state_lock);
954
955 dquot = find_dquot(hashent, sb, qid);
956 if (!dquot) {
957 if (!empty) {
958 spin_unlock(&dq_list_lock);
959 empty = get_empty_dquot(sb, qid.type);
960 if (!empty)
961 schedule(); /* Try to wait for a moment... */
962 goto we_slept;
963 }
964 dquot = empty;
965 empty = NULL;
966 dquot->dq_id = qid;
967 /* all dquots go on the inuse_list */
968 put_inuse(dquot);
969 /* hash it first so it can be found */
970 insert_dquot_hash(dquot);
971 spin_unlock(&dq_list_lock);
972 dqstats_inc(DQST_LOOKUPS);
973 } else {
974 if (!atomic_read(&dquot->dq_count))
975 remove_free_dquot(dquot);
976 atomic_inc(&dquot->dq_count);
977 spin_unlock(&dq_list_lock);
978 dqstats_inc(DQST_CACHE_HITS);
979 dqstats_inc(DQST_LOOKUPS);
980 }
981 /* Wait for dq_lock - after this we know that either dquot_release() is
982 * already finished or it will be canceled due to dq_count > 0 test */
983 wait_on_dquot(dquot);
984 /* Read the dquot / allocate space in quota file */
985 if (!dquot_active(dquot)) {
986 int err;
987
988 err = sb->dq_op->acquire_dquot(dquot);
989 if (err < 0) {
990 dqput(dquot);
991 dquot = ERR_PTR(err);
992 goto out;
993 }
994 }
995 /*
996 * Make sure following reads see filled structure - paired with
997 * smp_mb__before_atomic() in dquot_acquire().
998 */
999 smp_rmb();
1000 #ifdef CONFIG_QUOTA_DEBUG
1001 BUG_ON(!dquot->dq_sb); /* Has somebody invalidated entry under us? */
1002 #endif
1003 out:
1004 if (empty)
1005 do_destroy_dquot(empty);
1006
1007 return dquot;
1008 }
1009 EXPORT_SYMBOL(dqget);
1010
i_dquot(struct inode *inode)1011 static inline struct dquot **i_dquot(struct inode *inode)
1012 {
1013 return inode->i_sb->s_op->get_dquots(inode);
1014 }
1015
dqinit_needed(struct inode *inode, int type)1016 static int dqinit_needed(struct inode *inode, int type)
1017 {
1018 struct dquot * const *dquots;
1019 int cnt;
1020
1021 if (IS_NOQUOTA(inode))
1022 return 0;
1023
1024 dquots = i_dquot(inode);
1025 if (type != -1)
1026 return !dquots[type];
1027 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1028 if (!dquots[cnt])
1029 return 1;
1030 return 0;
1031 }
1032
1033 /* This routine is guarded by s_umount semaphore */
add_dquot_ref(struct super_block *sb, int type)1034 static int add_dquot_ref(struct super_block *sb, int type)
1035 {
1036 struct inode *inode, *old_inode = NULL;
1037 #ifdef CONFIG_QUOTA_DEBUG
1038 int reserved = 0;
1039 #endif
1040 int err = 0;
1041
1042 spin_lock(&sb->s_inode_list_lock);
1043 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {
1044 spin_lock(&inode->i_lock);
1045 if ((inode->i_state & (I_FREEING|I_WILL_FREE|I_NEW)) ||
1046 !atomic_read(&inode->i_writecount) ||
1047 !dqinit_needed(inode, type)) {
1048 spin_unlock(&inode->i_lock);
1049 continue;
1050 }
1051 __iget(inode);
1052 spin_unlock(&inode->i_lock);
1053 spin_unlock(&sb->s_inode_list_lock);
1054
1055 #ifdef CONFIG_QUOTA_DEBUG
1056 if (unlikely(inode_get_rsv_space(inode) > 0))
1057 reserved = 1;
1058 #endif
1059 iput(old_inode);
1060 err = __dquot_initialize(inode, type);
1061 if (err) {
1062 iput(inode);
1063 goto out;
1064 }
1065
1066 /*
1067 * We hold a reference to 'inode' so it couldn't have been
1068 * removed from s_inodes list while we dropped the
1069 * s_inode_list_lock. We cannot iput the inode now as we can be
1070 * holding the last reference and we cannot iput it under
1071 * s_inode_list_lock. So we keep the reference and iput it
1072 * later.
1073 */
1074 old_inode = inode;
1075 cond_resched();
1076 spin_lock(&sb->s_inode_list_lock);
1077 }
1078 spin_unlock(&sb->s_inode_list_lock);
1079 iput(old_inode);
1080 out:
1081 #ifdef CONFIG_QUOTA_DEBUG
1082 if (reserved) {
1083 quota_error(sb, "Writes happened before quota was turned on "
1084 "thus quota information is probably inconsistent. "
1085 "Please run quotacheck(8)");
1086 }
1087 #endif
1088 return err;
1089 }
1090
1091 /*
1092 * Remove references to dquots from inode and add dquot to list for freeing
1093 * if we have the last reference to dquot
1094 */
remove_inode_dquot_ref(struct inode *inode, int type, struct list_head *tofree_head)1095 static void remove_inode_dquot_ref(struct inode *inode, int type,
1096 struct list_head *tofree_head)
1097 {
1098 struct dquot **dquots = i_dquot(inode);
1099 struct dquot *dquot = dquots[type];
1100
1101 if (!dquot)
1102 return;
1103
1104 dquots[type] = NULL;
1105 if (list_empty(&dquot->dq_free)) {
1106 /*
1107 * The inode still has reference to dquot so it can't be in the
1108 * free list
1109 */
1110 spin_lock(&dq_list_lock);
1111 list_add(&dquot->dq_free, tofree_head);
1112 spin_unlock(&dq_list_lock);
1113 } else {
1114 /*
1115 * Dquot is already in a list to put so we won't drop the last
1116 * reference here.
1117 */
1118 dqput(dquot);
1119 }
1120 }
1121
1122 /*
1123 * Free list of dquots
1124 * Dquots are removed from inodes and no new references can be got so we are
1125 * the only ones holding reference
1126 */
put_dquot_list(struct list_head *tofree_head)1127 static void put_dquot_list(struct list_head *tofree_head)
1128 {
1129 struct list_head *act_head;
1130 struct dquot *dquot;
1131
1132 act_head = tofree_head->next;
1133 while (act_head != tofree_head) {
1134 dquot = list_entry(act_head, struct dquot, dq_free);
1135 act_head = act_head->next;
1136 /* Remove dquot from the list so we won't have problems... */
1137 list_del_init(&dquot->dq_free);
1138 dqput(dquot);
1139 }
1140 }
1141
remove_dquot_ref(struct super_block *sb, int type, struct list_head *tofree_head)1142 static void remove_dquot_ref(struct super_block *sb, int type,
1143 struct list_head *tofree_head)
1144 {
1145 struct inode *inode;
1146 #ifdef CONFIG_QUOTA_DEBUG
1147 int reserved = 0;
1148 #endif
1149
1150 spin_lock(&sb->s_inode_list_lock);
1151 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {
1152 /*
1153 * We have to scan also I_NEW inodes because they can already
1154 * have quota pointer initialized. Luckily, we need to touch
1155 * only quota pointers and these have separate locking
1156 * (dq_data_lock).
1157 */
1158 spin_lock(&dq_data_lock);
1159 if (!IS_NOQUOTA(inode)) {
1160 #ifdef CONFIG_QUOTA_DEBUG
1161 if (unlikely(inode_get_rsv_space(inode) > 0))
1162 reserved = 1;
1163 #endif
1164 remove_inode_dquot_ref(inode, type, tofree_head);
1165 }
1166 spin_unlock(&dq_data_lock);
1167 }
1168 spin_unlock(&sb->s_inode_list_lock);
1169 #ifdef CONFIG_QUOTA_DEBUG
1170 if (reserved) {
1171 printk(KERN_WARNING "VFS (%s): Writes happened after quota"
1172 " was disabled thus quota information is probably "
1173 "inconsistent. Please run quotacheck(8).\n", sb->s_id);
1174 }
1175 #endif
1176 }
1177
1178 /* Gather all references from inodes and drop them */
drop_dquot_ref(struct super_block *sb, int type)1179 static void drop_dquot_ref(struct super_block *sb, int type)
1180 {
1181 LIST_HEAD(tofree_head);
1182
1183 if (sb->dq_op) {
1184 remove_dquot_ref(sb, type, &tofree_head);
1185 synchronize_srcu(&dquot_srcu);
1186 put_dquot_list(&tofree_head);
1187 }
1188 }
1189
1190 static inline
dquot_free_reserved_space(struct dquot *dquot, qsize_t number)1191 void dquot_free_reserved_space(struct dquot *dquot, qsize_t number)
1192 {
1193 if (dquot->dq_dqb.dqb_rsvspace >= number)
1194 dquot->dq_dqb.dqb_rsvspace -= number;
1195 else {
1196 WARN_ON_ONCE(1);
1197 dquot->dq_dqb.dqb_rsvspace = 0;
1198 }
1199 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <=
1200 dquot->dq_dqb.dqb_bsoftlimit)
1201 dquot->dq_dqb.dqb_btime = (time64_t) 0;
1202 clear_bit(DQ_BLKS_B, &dquot->dq_flags);
1203 }
1204
dquot_decr_inodes(struct dquot *dquot, qsize_t number)1205 static void dquot_decr_inodes(struct dquot *dquot, qsize_t number)
1206 {
1207 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE ||
1208 dquot->dq_dqb.dqb_curinodes >= number)
1209 dquot->dq_dqb.dqb_curinodes -= number;
1210 else
1211 dquot->dq_dqb.dqb_curinodes = 0;
1212 if (dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit)
1213 dquot->dq_dqb.dqb_itime = (time64_t) 0;
1214 clear_bit(DQ_INODES_B, &dquot->dq_flags);
1215 }
1216
dquot_decr_space(struct dquot *dquot, qsize_t number)1217 static void dquot_decr_space(struct dquot *dquot, qsize_t number)
1218 {
1219 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE ||
1220 dquot->dq_dqb.dqb_curspace >= number)
1221 dquot->dq_dqb.dqb_curspace -= number;
1222 else
1223 dquot->dq_dqb.dqb_curspace = 0;
1224 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <=
1225 dquot->dq_dqb.dqb_bsoftlimit)
1226 dquot->dq_dqb.dqb_btime = (time64_t) 0;
1227 clear_bit(DQ_BLKS_B, &dquot->dq_flags);
1228 }
1229
1230 struct dquot_warn {
1231 struct super_block *w_sb;
1232 struct kqid w_dq_id;
1233 short w_type;
1234 };
1235
warning_issued(struct dquot *dquot, const int warntype)1236 static int warning_issued(struct dquot *dquot, const int warntype)
1237 {
1238 int flag = (warntype == QUOTA_NL_BHARDWARN ||
1239 warntype == QUOTA_NL_BSOFTLONGWARN) ? DQ_BLKS_B :
1240 ((warntype == QUOTA_NL_IHARDWARN ||
1241 warntype == QUOTA_NL_ISOFTLONGWARN) ? DQ_INODES_B : 0);
1242
1243 if (!flag)
1244 return 0;
1245 return test_and_set_bit(flag, &dquot->dq_flags);
1246 }
1247
1248 #ifdef CONFIG_PRINT_QUOTA_WARNING
1249 static int flag_print_warnings = 1;
1250
need_print_warning(struct dquot_warn *warn)1251 static int need_print_warning(struct dquot_warn *warn)
1252 {
1253 if (!flag_print_warnings)
1254 return 0;
1255
1256 switch (warn->w_dq_id.type) {
1257 case USRQUOTA:
1258 return uid_eq(current_fsuid(), warn->w_dq_id.uid);
1259 case GRPQUOTA:
1260 return in_group_p(warn->w_dq_id.gid);
1261 case PRJQUOTA:
1262 return 1;
1263 }
1264 return 0;
1265 }
1266
1267 /* Print warning to user which exceeded quota */
print_warning(struct dquot_warn *warn)1268 static void print_warning(struct dquot_warn *warn)
1269 {
1270 char *msg = NULL;
1271 struct tty_struct *tty;
1272 int warntype = warn->w_type;
1273
1274 if (warntype == QUOTA_NL_IHARDBELOW ||
1275 warntype == QUOTA_NL_ISOFTBELOW ||
1276 warntype == QUOTA_NL_BHARDBELOW ||
1277 warntype == QUOTA_NL_BSOFTBELOW || !need_print_warning(warn))
1278 return;
1279
1280 tty = get_current_tty();
1281 if (!tty)
1282 return;
1283 tty_write_message(tty, warn->w_sb->s_id);
1284 if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN)
1285 tty_write_message(tty, ": warning, ");
1286 else
1287 tty_write_message(tty, ": write failed, ");
1288 tty_write_message(tty, quotatypes[warn->w_dq_id.type]);
1289 switch (warntype) {
1290 case QUOTA_NL_IHARDWARN:
1291 msg = " file limit reached.\r\n";
1292 break;
1293 case QUOTA_NL_ISOFTLONGWARN:
1294 msg = " file quota exceeded too long.\r\n";
1295 break;
1296 case QUOTA_NL_ISOFTWARN:
1297 msg = " file quota exceeded.\r\n";
1298 break;
1299 case QUOTA_NL_BHARDWARN:
1300 msg = " block limit reached.\r\n";
1301 break;
1302 case QUOTA_NL_BSOFTLONGWARN:
1303 msg = " block quota exceeded too long.\r\n";
1304 break;
1305 case QUOTA_NL_BSOFTWARN:
1306 msg = " block quota exceeded.\r\n";
1307 break;
1308 }
1309 tty_write_message(tty, msg);
1310 tty_kref_put(tty);
1311 }
1312 #endif
1313
prepare_warning(struct dquot_warn *warn, struct dquot *dquot, int warntype)1314 static void prepare_warning(struct dquot_warn *warn, struct dquot *dquot,
1315 int warntype)
1316 {
1317 if (warning_issued(dquot, warntype))
1318 return;
1319 warn->w_type = warntype;
1320 warn->w_sb = dquot->dq_sb;
1321 warn->w_dq_id = dquot->dq_id;
1322 }
1323
1324 /*
1325 * Write warnings to the console and send warning messages over netlink.
1326 *
1327 * Note that this function can call into tty and networking code.
1328 */
flush_warnings(struct dquot_warn *warn)1329 static void flush_warnings(struct dquot_warn *warn)
1330 {
1331 int i;
1332
1333 for (i = 0; i < MAXQUOTAS; i++) {
1334 if (warn[i].w_type == QUOTA_NL_NOWARN)
1335 continue;
1336 #ifdef CONFIG_PRINT_QUOTA_WARNING
1337 print_warning(&warn[i]);
1338 #endif
1339 quota_send_warning(warn[i].w_dq_id,
1340 warn[i].w_sb->s_dev, warn[i].w_type);
1341 }
1342 }
1343
ignore_hardlimit(struct dquot *dquot)1344 static int ignore_hardlimit(struct dquot *dquot)
1345 {
1346 struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type];
1347
1348 return capable(CAP_SYS_RESOURCE) &&
1349 (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD ||
1350 !(info->dqi_flags & DQF_ROOT_SQUASH));
1351 }
1352
dquot_add_inodes(struct dquot *dquot, qsize_t inodes, struct dquot_warn *warn)1353 static int dquot_add_inodes(struct dquot *dquot, qsize_t inodes,
1354 struct dquot_warn *warn)
1355 {
1356 qsize_t newinodes;
1357 int ret = 0;
1358
1359 spin_lock(&dquot->dq_dqb_lock);
1360 newinodes = dquot->dq_dqb.dqb_curinodes + inodes;
1361 if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type) ||
1362 test_bit(DQ_FAKE_B, &dquot->dq_flags))
1363 goto add;
1364
1365 if (dquot->dq_dqb.dqb_ihardlimit &&
1366 newinodes > dquot->dq_dqb.dqb_ihardlimit &&
1367 !ignore_hardlimit(dquot)) {
1368 prepare_warning(warn, dquot, QUOTA_NL_IHARDWARN);
1369 ret = -EDQUOT;
1370 goto out;
1371 }
1372
1373 if (dquot->dq_dqb.dqb_isoftlimit &&
1374 newinodes > dquot->dq_dqb.dqb_isoftlimit &&
1375 dquot->dq_dqb.dqb_itime &&
1376 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_itime &&
1377 !ignore_hardlimit(dquot)) {
1378 prepare_warning(warn, dquot, QUOTA_NL_ISOFTLONGWARN);
1379 ret = -EDQUOT;
1380 goto out;
1381 }
1382
1383 if (dquot->dq_dqb.dqb_isoftlimit &&
1384 newinodes > dquot->dq_dqb.dqb_isoftlimit &&
1385 dquot->dq_dqb.dqb_itime == 0) {
1386 prepare_warning(warn, dquot, QUOTA_NL_ISOFTWARN);
1387 dquot->dq_dqb.dqb_itime = ktime_get_real_seconds() +
1388 sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type].dqi_igrace;
1389 }
1390 add:
1391 dquot->dq_dqb.dqb_curinodes = newinodes;
1392
1393 out:
1394 spin_unlock(&dquot->dq_dqb_lock);
1395 return ret;
1396 }
1397
dquot_add_space(struct dquot *dquot, qsize_t space, qsize_t rsv_space, unsigned int flags, struct dquot_warn *warn)1398 static int dquot_add_space(struct dquot *dquot, qsize_t space,
1399 qsize_t rsv_space, unsigned int flags,
1400 struct dquot_warn *warn)
1401 {
1402 qsize_t tspace;
1403 struct super_block *sb = dquot->dq_sb;
1404 int ret = 0;
1405
1406 spin_lock(&dquot->dq_dqb_lock);
1407 if (!sb_has_quota_limits_enabled(sb, dquot->dq_id.type) ||
1408 test_bit(DQ_FAKE_B, &dquot->dq_flags))
1409 goto finish;
1410
1411 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace
1412 + space + rsv_space;
1413
1414 if (dquot->dq_dqb.dqb_bhardlimit &&
1415 tspace > dquot->dq_dqb.dqb_bhardlimit &&
1416 !ignore_hardlimit(dquot)) {
1417 if (flags & DQUOT_SPACE_WARN)
1418 prepare_warning(warn, dquot, QUOTA_NL_BHARDWARN);
1419 ret = -EDQUOT;
1420 goto finish;
1421 }
1422
1423 if (dquot->dq_dqb.dqb_bsoftlimit &&
1424 tspace > dquot->dq_dqb.dqb_bsoftlimit &&
1425 dquot->dq_dqb.dqb_btime &&
1426 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_btime &&
1427 !ignore_hardlimit(dquot)) {
1428 if (flags & DQUOT_SPACE_WARN)
1429 prepare_warning(warn, dquot, QUOTA_NL_BSOFTLONGWARN);
1430 ret = -EDQUOT;
1431 goto finish;
1432 }
1433
1434 if (dquot->dq_dqb.dqb_bsoftlimit &&
1435 tspace > dquot->dq_dqb.dqb_bsoftlimit &&
1436 dquot->dq_dqb.dqb_btime == 0) {
1437 if (flags & DQUOT_SPACE_WARN) {
1438 prepare_warning(warn, dquot, QUOTA_NL_BSOFTWARN);
1439 dquot->dq_dqb.dqb_btime = ktime_get_real_seconds() +
1440 sb_dqopt(sb)->info[dquot->dq_id.type].dqi_bgrace;
1441 } else {
1442 /*
1443 * We don't allow preallocation to exceed softlimit so exceeding will
1444 * be always printed
1445 */
1446 ret = -EDQUOT;
1447 goto finish;
1448 }
1449 }
1450 finish:
1451 /*
1452 * We have to be careful and go through warning generation & grace time
1453 * setting even if DQUOT_SPACE_NOFAIL is set. That's why we check it
1454 * only here...
1455 */
1456 if (flags & DQUOT_SPACE_NOFAIL)
1457 ret = 0;
1458 if (!ret) {
1459 dquot->dq_dqb.dqb_rsvspace += rsv_space;
1460 dquot->dq_dqb.dqb_curspace += space;
1461 }
1462 spin_unlock(&dquot->dq_dqb_lock);
1463 return ret;
1464 }
1465
info_idq_free(struct dquot *dquot, qsize_t inodes)1466 static int info_idq_free(struct dquot *dquot, qsize_t inodes)
1467 {
1468 qsize_t newinodes;
1469
1470 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) ||
1471 dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit ||
1472 !sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type))
1473 return QUOTA_NL_NOWARN;
1474
1475 newinodes = dquot->dq_dqb.dqb_curinodes - inodes;
1476 if (newinodes <= dquot->dq_dqb.dqb_isoftlimit)
1477 return QUOTA_NL_ISOFTBELOW;
1478 if (dquot->dq_dqb.dqb_curinodes >= dquot->dq_dqb.dqb_ihardlimit &&
1479 newinodes < dquot->dq_dqb.dqb_ihardlimit)
1480 return QUOTA_NL_IHARDBELOW;
1481 return QUOTA_NL_NOWARN;
1482 }
1483
info_bdq_free(struct dquot *dquot, qsize_t space)1484 static int info_bdq_free(struct dquot *dquot, qsize_t space)
1485 {
1486 qsize_t tspace;
1487
1488 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace;
1489
1490 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) ||
1491 tspace <= dquot->dq_dqb.dqb_bsoftlimit)
1492 return QUOTA_NL_NOWARN;
1493
1494 if (tspace - space <= dquot->dq_dqb.dqb_bsoftlimit)
1495 return QUOTA_NL_BSOFTBELOW;
1496 if (tspace >= dquot->dq_dqb.dqb_bhardlimit &&
1497 tspace - space < dquot->dq_dqb.dqb_bhardlimit)
1498 return QUOTA_NL_BHARDBELOW;
1499 return QUOTA_NL_NOWARN;
1500 }
1501
inode_quota_active(const struct inode *inode)1502 static int inode_quota_active(const struct inode *inode)
1503 {
1504 struct super_block *sb = inode->i_sb;
1505
1506 if (IS_NOQUOTA(inode))
1507 return 0;
1508 return sb_any_quota_loaded(sb) & ~sb_any_quota_suspended(sb);
1509 }
1510
1511 /*
1512 * Initialize quota pointers in inode
1513 *
1514 * It is better to call this function outside of any transaction as it
1515 * might need a lot of space in journal for dquot structure allocation.
1516 */
__dquot_initialize(struct inode *inode, int type)1517 static int __dquot_initialize(struct inode *inode, int type)
1518 {
1519 int cnt, init_needed = 0;
1520 struct dquot **dquots, *got[MAXQUOTAS] = {};
1521 struct super_block *sb = inode->i_sb;
1522 qsize_t rsv;
1523 int ret = 0;
1524
1525 if (!inode_quota_active(inode))
1526 return 0;
1527
1528 dquots = i_dquot(inode);
1529
1530 /* First get references to structures we might need. */
1531 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1532 struct kqid qid;
1533 kprojid_t projid;
1534 int rc;
1535 struct dquot *dquot;
1536
1537 if (type != -1 && cnt != type)
1538 continue;
1539 /*
1540 * The i_dquot should have been initialized in most cases,
1541 * we check it without locking here to avoid unnecessary
1542 * dqget()/dqput() calls.
1543 */
1544 if (dquots[cnt])
1545 continue;
1546
1547 if (!sb_has_quota_active(sb, cnt))
1548 continue;
1549
1550 init_needed = 1;
1551
1552 switch (cnt) {
1553 case USRQUOTA:
1554 qid = make_kqid_uid(inode->i_uid);
1555 break;
1556 case GRPQUOTA:
1557 qid = make_kqid_gid(inode->i_gid);
1558 break;
1559 case PRJQUOTA:
1560 rc = inode->i_sb->dq_op->get_projid(inode, &projid);
1561 if (rc)
1562 continue;
1563 qid = make_kqid_projid(projid);
1564 break;
1565 }
1566 dquot = dqget(sb, qid);
1567 if (IS_ERR(dquot)) {
1568 /* We raced with somebody turning quotas off... */
1569 if (PTR_ERR(dquot) != -ESRCH) {
1570 ret = PTR_ERR(dquot);
1571 goto out_put;
1572 }
1573 dquot = NULL;
1574 }
1575 got[cnt] = dquot;
1576 }
1577
1578 /* All required i_dquot has been initialized */
1579 if (!init_needed)
1580 return 0;
1581
1582 spin_lock(&dq_data_lock);
1583 if (IS_NOQUOTA(inode))
1584 goto out_lock;
1585 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1586 if (type != -1 && cnt != type)
1587 continue;
1588 /* Avoid races with quotaoff() */
1589 if (!sb_has_quota_active(sb, cnt))
1590 continue;
1591 /* We could race with quotaon or dqget() could have failed */
1592 if (!got[cnt])
1593 continue;
1594 if (!dquots[cnt]) {
1595 dquots[cnt] = got[cnt];
1596 got[cnt] = NULL;
1597 /*
1598 * Make quota reservation system happy if someone
1599 * did a write before quota was turned on
1600 */
1601 rsv = inode_get_rsv_space(inode);
1602 if (unlikely(rsv)) {
1603 spin_lock(&inode->i_lock);
1604 /* Get reservation again under proper lock */
1605 rsv = __inode_get_rsv_space(inode);
1606 spin_lock(&dquots[cnt]->dq_dqb_lock);
1607 dquots[cnt]->dq_dqb.dqb_rsvspace += rsv;
1608 spin_unlock(&dquots[cnt]->dq_dqb_lock);
1609 spin_unlock(&inode->i_lock);
1610 }
1611 }
1612 }
1613 out_lock:
1614 spin_unlock(&dq_data_lock);
1615 out_put:
1616 /* Drop unused references */
1617 dqput_all(got);
1618
1619 return ret;
1620 }
1621
dquot_initialize(struct inode *inode)1622 int dquot_initialize(struct inode *inode)
1623 {
1624 return __dquot_initialize(inode, -1);
1625 }
1626 EXPORT_SYMBOL(dquot_initialize);
1627
dquot_initialize_needed(struct inode *inode)1628 bool dquot_initialize_needed(struct inode *inode)
1629 {
1630 struct dquot **dquots;
1631 int i;
1632
1633 if (!inode_quota_active(inode))
1634 return false;
1635
1636 dquots = i_dquot(inode);
1637 for (i = 0; i < MAXQUOTAS; i++)
1638 if (!dquots[i] && sb_has_quota_active(inode->i_sb, i))
1639 return true;
1640 return false;
1641 }
1642 EXPORT_SYMBOL(dquot_initialize_needed);
1643
1644 /*
1645 * Release all quotas referenced by inode.
1646 *
1647 * This function only be called on inode free or converting
1648 * a file to quota file, no other users for the i_dquot in
1649 * both cases, so we needn't call synchronize_srcu() after
1650 * clearing i_dquot.
1651 */
__dquot_drop(struct inode *inode)1652 static void __dquot_drop(struct inode *inode)
1653 {
1654 int cnt;
1655 struct dquot **dquots = i_dquot(inode);
1656 struct dquot *put[MAXQUOTAS];
1657
1658 spin_lock(&dq_data_lock);
1659 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1660 put[cnt] = dquots[cnt];
1661 dquots[cnt] = NULL;
1662 }
1663 spin_unlock(&dq_data_lock);
1664 dqput_all(put);
1665 }
1666
dquot_drop(struct inode *inode)1667 void dquot_drop(struct inode *inode)
1668 {
1669 struct dquot * const *dquots;
1670 int cnt;
1671
1672 if (IS_NOQUOTA(inode))
1673 return;
1674
1675 /*
1676 * Test before calling to rule out calls from proc and such
1677 * where we are not allowed to block. Note that this is
1678 * actually reliable test even without the lock - the caller
1679 * must assure that nobody can come after the DQUOT_DROP and
1680 * add quota pointers back anyway.
1681 */
1682 dquots = i_dquot(inode);
1683 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1684 if (dquots[cnt])
1685 break;
1686 }
1687
1688 if (cnt < MAXQUOTAS)
1689 __dquot_drop(inode);
1690 }
1691 EXPORT_SYMBOL(dquot_drop);
1692
1693 /*
1694 * inode_reserved_space is managed internally by quota, and protected by
1695 * i_lock similar to i_blocks+i_bytes.
1696 */
inode_reserved_space(struct inode * inode)1697 static qsize_t *inode_reserved_space(struct inode * inode)
1698 {
1699 /* Filesystem must explicitly define it's own method in order to use
1700 * quota reservation interface */
1701 BUG_ON(!inode->i_sb->dq_op->get_reserved_space);
1702 return inode->i_sb->dq_op->get_reserved_space(inode);
1703 }
1704
__inode_get_rsv_space(struct inode *inode)1705 static qsize_t __inode_get_rsv_space(struct inode *inode)
1706 {
1707 if (!inode->i_sb->dq_op->get_reserved_space)
1708 return 0;
1709 return *inode_reserved_space(inode);
1710 }
1711
inode_get_rsv_space(struct inode *inode)1712 static qsize_t inode_get_rsv_space(struct inode *inode)
1713 {
1714 qsize_t ret;
1715
1716 if (!inode->i_sb->dq_op->get_reserved_space)
1717 return 0;
1718 spin_lock(&inode->i_lock);
1719 ret = __inode_get_rsv_space(inode);
1720 spin_unlock(&inode->i_lock);
1721 return ret;
1722 }
1723
1724 /*
1725 * This functions updates i_blocks+i_bytes fields and quota information
1726 * (together with appropriate checks).
1727 *
1728 * NOTE: We absolutely rely on the fact that caller dirties the inode
1729 * (usually helpers in quotaops.h care about this) and holds a handle for
1730 * the current transaction so that dquot write and inode write go into the
1731 * same transaction.
1732 */
1733
1734 /*
1735 * This operation can block, but only after everything is updated
1736 */
__dquot_alloc_space(struct inode *inode, qsize_t number, int flags)1737 int __dquot_alloc_space(struct inode *inode, qsize_t number, int flags)
1738 {
1739 int cnt, ret = 0, index;
1740 struct dquot_warn warn[MAXQUOTAS];
1741 int reserve = flags & DQUOT_SPACE_RESERVE;
1742 struct dquot **dquots;
1743 struct dquot *dquot;
1744
1745 if (!inode_quota_active(inode)) {
1746 if (reserve) {
1747 spin_lock(&inode->i_lock);
1748 *inode_reserved_space(inode) += number;
1749 spin_unlock(&inode->i_lock);
1750 } else {
1751 inode_add_bytes(inode, number);
1752 }
1753 goto out;
1754 }
1755
1756 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1757 warn[cnt].w_type = QUOTA_NL_NOWARN;
1758
1759 dquots = i_dquot(inode);
1760 index = srcu_read_lock(&dquot_srcu);
1761 spin_lock(&inode->i_lock);
1762 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1763 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1764 if (!dquot)
1765 continue;
1766 if (reserve) {
1767 ret = dquot_add_space(dquot, 0, number, flags, &warn[cnt]);
1768 } else {
1769 ret = dquot_add_space(dquot, number, 0, flags, &warn[cnt]);
1770 }
1771 if (ret) {
1772 /* Back out changes we already did */
1773 for (cnt--; cnt >= 0; cnt--) {
1774 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1775 if (!dquot)
1776 continue;
1777 spin_lock(&dquot->dq_dqb_lock);
1778 if (reserve)
1779 dquot_free_reserved_space(dquot, number);
1780 else
1781 dquot_decr_space(dquot, number);
1782 spin_unlock(&dquot->dq_dqb_lock);
1783 }
1784 spin_unlock(&inode->i_lock);
1785 goto out_flush_warn;
1786 }
1787 }
1788 if (reserve)
1789 *inode_reserved_space(inode) += number;
1790 else
1791 __inode_add_bytes(inode, number);
1792 spin_unlock(&inode->i_lock);
1793
1794 if (reserve)
1795 goto out_flush_warn;
1796 mark_all_dquot_dirty(dquots);
1797 out_flush_warn:
1798 srcu_read_unlock(&dquot_srcu, index);
1799 flush_warnings(warn);
1800 out:
1801 return ret;
1802 }
1803 EXPORT_SYMBOL(__dquot_alloc_space);
1804
1805 /*
1806 * This operation can block, but only after everything is updated
1807 */
dquot_alloc_inode(struct inode *inode)1808 int dquot_alloc_inode(struct inode *inode)
1809 {
1810 int cnt, ret = 0, index;
1811 struct dquot_warn warn[MAXQUOTAS];
1812 struct dquot * const *dquots;
1813 struct dquot *dquot;
1814
1815 if (!inode_quota_active(inode))
1816 return 0;
1817 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1818 warn[cnt].w_type = QUOTA_NL_NOWARN;
1819
1820 dquots = i_dquot(inode);
1821 index = srcu_read_lock(&dquot_srcu);
1822 spin_lock(&inode->i_lock);
1823 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1824 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1825 if (!dquot)
1826 continue;
1827 ret = dquot_add_inodes(dquot, 1, &warn[cnt]);
1828 if (ret) {
1829 for (cnt--; cnt >= 0; cnt--) {
1830 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1831 if (!dquot)
1832 continue;
1833 /* Back out changes we already did */
1834 spin_lock(&dquot->dq_dqb_lock);
1835 dquot_decr_inodes(dquot, 1);
1836 spin_unlock(&dquot->dq_dqb_lock);
1837 }
1838 goto warn_put_all;
1839 }
1840 }
1841
1842 warn_put_all:
1843 spin_unlock(&inode->i_lock);
1844 if (ret == 0)
1845 mark_all_dquot_dirty(dquots);
1846 srcu_read_unlock(&dquot_srcu, index);
1847 flush_warnings(warn);
1848 return ret;
1849 }
1850 EXPORT_SYMBOL(dquot_alloc_inode);
1851
1852 /*
1853 * Convert in-memory reserved quotas to real consumed quotas
1854 */
dquot_claim_space_nodirty(struct inode *inode, qsize_t number)1855 int dquot_claim_space_nodirty(struct inode *inode, qsize_t number)
1856 {
1857 struct dquot **dquots;
1858 struct dquot *dquot;
1859 int cnt, index;
1860
1861 if (!inode_quota_active(inode)) {
1862 spin_lock(&inode->i_lock);
1863 *inode_reserved_space(inode) -= number;
1864 __inode_add_bytes(inode, number);
1865 spin_unlock(&inode->i_lock);
1866 return 0;
1867 }
1868
1869 dquots = i_dquot(inode);
1870 index = srcu_read_lock(&dquot_srcu);
1871 spin_lock(&inode->i_lock);
1872 /* Claim reserved quotas to allocated quotas */
1873 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1874 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1875 if (dquot) {
1876 spin_lock(&dquot->dq_dqb_lock);
1877 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_rsvspace < number))
1878 number = dquot->dq_dqb.dqb_rsvspace;
1879 dquot->dq_dqb.dqb_curspace += number;
1880 dquot->dq_dqb.dqb_rsvspace -= number;
1881 spin_unlock(&dquot->dq_dqb_lock);
1882 }
1883 }
1884 /* Update inode bytes */
1885 *inode_reserved_space(inode) -= number;
1886 __inode_add_bytes(inode, number);
1887 spin_unlock(&inode->i_lock);
1888 mark_all_dquot_dirty(dquots);
1889 srcu_read_unlock(&dquot_srcu, index);
1890 return 0;
1891 }
1892 EXPORT_SYMBOL(dquot_claim_space_nodirty);
1893
1894 /*
1895 * Convert allocated space back to in-memory reserved quotas
1896 */
dquot_reclaim_space_nodirty(struct inode *inode, qsize_t number)1897 void dquot_reclaim_space_nodirty(struct inode *inode, qsize_t number)
1898 {
1899 struct dquot **dquots;
1900 struct dquot *dquot;
1901 int cnt, index;
1902
1903 if (!inode_quota_active(inode)) {
1904 spin_lock(&inode->i_lock);
1905 *inode_reserved_space(inode) += number;
1906 __inode_sub_bytes(inode, number);
1907 spin_unlock(&inode->i_lock);
1908 return;
1909 }
1910
1911 dquots = i_dquot(inode);
1912 index = srcu_read_lock(&dquot_srcu);
1913 spin_lock(&inode->i_lock);
1914 /* Claim reserved quotas to allocated quotas */
1915 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1916 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1917 if (dquot) {
1918 spin_lock(&dquot->dq_dqb_lock);
1919 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_curspace < number))
1920 number = dquot->dq_dqb.dqb_curspace;
1921 dquot->dq_dqb.dqb_rsvspace += number;
1922 dquot->dq_dqb.dqb_curspace -= number;
1923 spin_unlock(&dquot->dq_dqb_lock);
1924 }
1925 }
1926 /* Update inode bytes */
1927 *inode_reserved_space(inode) += number;
1928 __inode_sub_bytes(inode, number);
1929 spin_unlock(&inode->i_lock);
1930 mark_all_dquot_dirty(dquots);
1931 srcu_read_unlock(&dquot_srcu, index);
1932 return;
1933 }
1934 EXPORT_SYMBOL(dquot_reclaim_space_nodirty);
1935
1936 /*
1937 * This operation can block, but only after everything is updated
1938 */
__dquot_free_space(struct inode *inode, qsize_t number, int flags)1939 void __dquot_free_space(struct inode *inode, qsize_t number, int flags)
1940 {
1941 unsigned int cnt;
1942 struct dquot_warn warn[MAXQUOTAS];
1943 struct dquot **dquots;
1944 struct dquot *dquot;
1945 int reserve = flags & DQUOT_SPACE_RESERVE, index;
1946
1947 if (!inode_quota_active(inode)) {
1948 if (reserve) {
1949 spin_lock(&inode->i_lock);
1950 *inode_reserved_space(inode) -= number;
1951 spin_unlock(&inode->i_lock);
1952 } else {
1953 inode_sub_bytes(inode, number);
1954 }
1955 return;
1956 }
1957
1958 dquots = i_dquot(inode);
1959 index = srcu_read_lock(&dquot_srcu);
1960 spin_lock(&inode->i_lock);
1961 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1962 int wtype;
1963
1964 warn[cnt].w_type = QUOTA_NL_NOWARN;
1965 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1966 if (!dquot)
1967 continue;
1968 spin_lock(&dquot->dq_dqb_lock);
1969 wtype = info_bdq_free(dquot, number);
1970 if (wtype != QUOTA_NL_NOWARN)
1971 prepare_warning(&warn[cnt], dquot, wtype);
1972 if (reserve)
1973 dquot_free_reserved_space(dquot, number);
1974 else
1975 dquot_decr_space(dquot, number);
1976 spin_unlock(&dquot->dq_dqb_lock);
1977 }
1978 if (reserve)
1979 *inode_reserved_space(inode) -= number;
1980 else
1981 __inode_sub_bytes(inode, number);
1982 spin_unlock(&inode->i_lock);
1983
1984 if (reserve)
1985 goto out_unlock;
1986 mark_all_dquot_dirty(dquots);
1987 out_unlock:
1988 srcu_read_unlock(&dquot_srcu, index);
1989 flush_warnings(warn);
1990 }
1991 EXPORT_SYMBOL(__dquot_free_space);
1992
1993 /*
1994 * This operation can block, but only after everything is updated
1995 */
dquot_free_inode(struct inode *inode)1996 void dquot_free_inode(struct inode *inode)
1997 {
1998 unsigned int cnt;
1999 struct dquot_warn warn[MAXQUOTAS];
2000 struct dquot * const *dquots;
2001 struct dquot *dquot;
2002 int index;
2003
2004 if (!inode_quota_active(inode))
2005 return;
2006
2007 dquots = i_dquot(inode);
2008 index = srcu_read_lock(&dquot_srcu);
2009 spin_lock(&inode->i_lock);
2010 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2011 int wtype;
2012 warn[cnt].w_type = QUOTA_NL_NOWARN;
2013 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
2014 if (!dquot)
2015 continue;
2016 spin_lock(&dquot->dq_dqb_lock);
2017 wtype = info_idq_free(dquot, 1);
2018 if (wtype != QUOTA_NL_NOWARN)
2019 prepare_warning(&warn[cnt], dquot, wtype);
2020 dquot_decr_inodes(dquot, 1);
2021 spin_unlock(&dquot->dq_dqb_lock);
2022 }
2023 spin_unlock(&inode->i_lock);
2024 mark_all_dquot_dirty(dquots);
2025 srcu_read_unlock(&dquot_srcu, index);
2026 flush_warnings(warn);
2027 }
2028 EXPORT_SYMBOL(dquot_free_inode);
2029
2030 /*
2031 * Transfer the number of inode and blocks from one diskquota to an other.
2032 * On success, dquot references in transfer_to are consumed and references
2033 * to original dquots that need to be released are placed there. On failure,
2034 * references are kept untouched.
2035 *
2036 * This operation can block, but only after everything is updated
2037 * A transaction must be started when entering this function.
2038 *
2039 * We are holding reference on transfer_from & transfer_to, no need to
2040 * protect them by srcu_read_lock().
2041 */
__dquot_transfer(struct inode *inode, struct dquot **transfer_to)2042 int __dquot_transfer(struct inode *inode, struct dquot **transfer_to)
2043 {
2044 qsize_t cur_space;
2045 qsize_t rsv_space = 0;
2046 qsize_t inode_usage = 1;
2047 struct dquot *transfer_from[MAXQUOTAS] = {};
2048 int cnt, index, ret = 0;
2049 char is_valid[MAXQUOTAS] = {};
2050 struct dquot_warn warn_to[MAXQUOTAS];
2051 struct dquot_warn warn_from_inodes[MAXQUOTAS];
2052 struct dquot_warn warn_from_space[MAXQUOTAS];
2053
2054 if (IS_NOQUOTA(inode))
2055 return 0;
2056
2057 if (inode->i_sb->dq_op->get_inode_usage) {
2058 ret = inode->i_sb->dq_op->get_inode_usage(inode, &inode_usage);
2059 if (ret)
2060 return ret;
2061 }
2062
2063 /* Initialize the arrays */
2064 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2065 warn_to[cnt].w_type = QUOTA_NL_NOWARN;
2066 warn_from_inodes[cnt].w_type = QUOTA_NL_NOWARN;
2067 warn_from_space[cnt].w_type = QUOTA_NL_NOWARN;
2068 }
2069
2070 spin_lock(&dq_data_lock);
2071 spin_lock(&inode->i_lock);
2072 if (IS_NOQUOTA(inode)) { /* File without quota accounting? */
2073 spin_unlock(&inode->i_lock);
2074 spin_unlock(&dq_data_lock);
2075 return 0;
2076 }
2077 cur_space = __inode_get_bytes(inode);
2078 rsv_space = __inode_get_rsv_space(inode);
2079 /*
2080 * Build the transfer_from list, check limits, and update usage in
2081 * the target structures.
2082 */
2083 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2084 /*
2085 * Skip changes for same uid or gid or for turned off quota-type.
2086 */
2087 if (!transfer_to[cnt])
2088 continue;
2089 /* Avoid races with quotaoff() */
2090 if (!sb_has_quota_active(inode->i_sb, cnt))
2091 continue;
2092 is_valid[cnt] = 1;
2093 transfer_from[cnt] = i_dquot(inode)[cnt];
2094 ret = dquot_add_inodes(transfer_to[cnt], inode_usage,
2095 &warn_to[cnt]);
2096 if (ret)
2097 goto over_quota;
2098 ret = dquot_add_space(transfer_to[cnt], cur_space, rsv_space,
2099 DQUOT_SPACE_WARN, &warn_to[cnt]);
2100 if (ret) {
2101 spin_lock(&transfer_to[cnt]->dq_dqb_lock);
2102 dquot_decr_inodes(transfer_to[cnt], inode_usage);
2103 spin_unlock(&transfer_to[cnt]->dq_dqb_lock);
2104 goto over_quota;
2105 }
2106 }
2107
2108 /* Decrease usage for source structures and update quota pointers */
2109 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2110 if (!is_valid[cnt])
2111 continue;
2112 /* Due to IO error we might not have transfer_from[] structure */
2113 if (transfer_from[cnt]) {
2114 int wtype;
2115
2116 spin_lock(&transfer_from[cnt]->dq_dqb_lock);
2117 wtype = info_idq_free(transfer_from[cnt], inode_usage);
2118 if (wtype != QUOTA_NL_NOWARN)
2119 prepare_warning(&warn_from_inodes[cnt],
2120 transfer_from[cnt], wtype);
2121 wtype = info_bdq_free(transfer_from[cnt],
2122 cur_space + rsv_space);
2123 if (wtype != QUOTA_NL_NOWARN)
2124 prepare_warning(&warn_from_space[cnt],
2125 transfer_from[cnt], wtype);
2126 dquot_decr_inodes(transfer_from[cnt], inode_usage);
2127 dquot_decr_space(transfer_from[cnt], cur_space);
2128 dquot_free_reserved_space(transfer_from[cnt],
2129 rsv_space);
2130 spin_unlock(&transfer_from[cnt]->dq_dqb_lock);
2131 }
2132 i_dquot(inode)[cnt] = transfer_to[cnt];
2133 }
2134 spin_unlock(&inode->i_lock);
2135 spin_unlock(&dq_data_lock);
2136
2137 /*
2138 * These arrays are local and we hold dquot references so we don't need
2139 * the srcu protection but still take dquot_srcu to avoid warning in
2140 * mark_all_dquot_dirty().
2141 */
2142 index = srcu_read_lock(&dquot_srcu);
2143 mark_all_dquot_dirty(transfer_from);
2144 mark_all_dquot_dirty(transfer_to);
2145 srcu_read_unlock(&dquot_srcu, index);
2146
2147 flush_warnings(warn_to);
2148 flush_warnings(warn_from_inodes);
2149 flush_warnings(warn_from_space);
2150 /* Pass back references to put */
2151 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
2152 if (is_valid[cnt])
2153 transfer_to[cnt] = transfer_from[cnt];
2154 return 0;
2155 over_quota:
2156 /* Back out changes we already did */
2157 for (cnt--; cnt >= 0; cnt--) {
2158 if (!is_valid[cnt])
2159 continue;
2160 spin_lock(&transfer_to[cnt]->dq_dqb_lock);
2161 dquot_decr_inodes(transfer_to[cnt], inode_usage);
2162 dquot_decr_space(transfer_to[cnt], cur_space);
2163 dquot_free_reserved_space(transfer_to[cnt], rsv_space);
2164 spin_unlock(&transfer_to[cnt]->dq_dqb_lock);
2165 }
2166 spin_unlock(&inode->i_lock);
2167 spin_unlock(&dq_data_lock);
2168 flush_warnings(warn_to);
2169 return ret;
2170 }
2171 EXPORT_SYMBOL(__dquot_transfer);
2172
2173 /* Wrapper for transferring ownership of an inode for uid/gid only
2174 * Called from FSXXX_setattr()
2175 */
dquot_transfer(struct inode *inode, struct iattr *iattr)2176 int dquot_transfer(struct inode *inode, struct iattr *iattr)
2177 {
2178 struct dquot *transfer_to[MAXQUOTAS] = {};
2179 struct dquot *dquot;
2180 struct super_block *sb = inode->i_sb;
2181 int ret;
2182
2183 if (!inode_quota_active(inode))
2184 return 0;
2185
2186 if (iattr->ia_valid & ATTR_UID && !uid_eq(iattr->ia_uid, inode->i_uid)){
2187 dquot = dqget(sb, make_kqid_uid(iattr->ia_uid));
2188 if (IS_ERR(dquot)) {
2189 if (PTR_ERR(dquot) != -ESRCH) {
2190 ret = PTR_ERR(dquot);
2191 goto out_put;
2192 }
2193 dquot = NULL;
2194 }
2195 transfer_to[USRQUOTA] = dquot;
2196 }
2197 if (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid)){
2198 dquot = dqget(sb, make_kqid_gid(iattr->ia_gid));
2199 if (IS_ERR(dquot)) {
2200 if (PTR_ERR(dquot) != -ESRCH) {
2201 ret = PTR_ERR(dquot);
2202 goto out_put;
2203 }
2204 dquot = NULL;
2205 }
2206 transfer_to[GRPQUOTA] = dquot;
2207 }
2208 ret = __dquot_transfer(inode, transfer_to);
2209 out_put:
2210 dqput_all(transfer_to);
2211 return ret;
2212 }
2213 EXPORT_SYMBOL(dquot_transfer);
2214
2215 /*
2216 * Write info of quota file to disk
2217 */
dquot_commit_info(struct super_block *sb, int type)2218 int dquot_commit_info(struct super_block *sb, int type)
2219 {
2220 struct quota_info *dqopt = sb_dqopt(sb);
2221
2222 return dqopt->ops[type]->write_file_info(sb, type);
2223 }
2224 EXPORT_SYMBOL(dquot_commit_info);
2225
dquot_get_next_id(struct super_block *sb, struct kqid *qid)2226 int dquot_get_next_id(struct super_block *sb, struct kqid *qid)
2227 {
2228 struct quota_info *dqopt = sb_dqopt(sb);
2229
2230 if (!sb_has_quota_active(sb, qid->type))
2231 return -ESRCH;
2232 if (!dqopt->ops[qid->type]->get_next_id)
2233 return -ENOSYS;
2234 return dqopt->ops[qid->type]->get_next_id(sb, qid);
2235 }
2236 EXPORT_SYMBOL(dquot_get_next_id);
2237
2238 /*
2239 * Definitions of diskquota operations.
2240 */
2241 const struct dquot_operations dquot_operations = {
2242 .write_dquot = dquot_commit,
2243 .acquire_dquot = dquot_acquire,
2244 .release_dquot = dquot_release,
2245 .mark_dirty = dquot_mark_dquot_dirty,
2246 .write_info = dquot_commit_info,
2247 .alloc_dquot = dquot_alloc,
2248 .destroy_dquot = dquot_destroy,
2249 .get_next_id = dquot_get_next_id,
2250 };
2251 EXPORT_SYMBOL(dquot_operations);
2252
2253 /*
2254 * Generic helper for ->open on filesystems supporting disk quotas.
2255 */
dquot_file_open(struct inode *inode, struct file *file)2256 int dquot_file_open(struct inode *inode, struct file *file)
2257 {
2258 int error;
2259
2260 error = generic_file_open(inode, file);
2261 if (!error && (file->f_mode & FMODE_WRITE))
2262 error = dquot_initialize(inode);
2263 return error;
2264 }
2265 EXPORT_SYMBOL(dquot_file_open);
2266
vfs_cleanup_quota_inode(struct super_block *sb, int type)2267 static void vfs_cleanup_quota_inode(struct super_block *sb, int type)
2268 {
2269 struct quota_info *dqopt = sb_dqopt(sb);
2270 struct inode *inode = dqopt->files[type];
2271
2272 if (!inode)
2273 return;
2274 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
2275 inode_lock(inode);
2276 inode->i_flags &= ~S_NOQUOTA;
2277 inode_unlock(inode);
2278 }
2279 dqopt->files[type] = NULL;
2280 iput(inode);
2281 }
2282
2283 /*
2284 * Turn quota off on a device. type == -1 ==> quotaoff for all types (umount)
2285 */
dquot_disable(struct super_block *sb, int type, unsigned int flags)2286 int dquot_disable(struct super_block *sb, int type, unsigned int flags)
2287 {
2288 int cnt;
2289 struct quota_info *dqopt = sb_dqopt(sb);
2290
2291 /* s_umount should be held in exclusive mode */
2292 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount)))
2293 up_read(&sb->s_umount);
2294
2295 /* Cannot turn off usage accounting without turning off limits, or
2296 * suspend quotas and simultaneously turn quotas off. */
2297 if ((flags & DQUOT_USAGE_ENABLED && !(flags & DQUOT_LIMITS_ENABLED))
2298 || (flags & DQUOT_SUSPENDED && flags & (DQUOT_LIMITS_ENABLED |
2299 DQUOT_USAGE_ENABLED)))
2300 return -EINVAL;
2301
2302 /*
2303 * Skip everything if there's nothing to do. We have to do this because
2304 * sometimes we are called when fill_super() failed and calling
2305 * sync_fs() in such cases does no good.
2306 */
2307 if (!sb_any_quota_loaded(sb))
2308 return 0;
2309
2310 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2311 if (type != -1 && cnt != type)
2312 continue;
2313 if (!sb_has_quota_loaded(sb, cnt))
2314 continue;
2315
2316 if (flags & DQUOT_SUSPENDED) {
2317 spin_lock(&dq_state_lock);
2318 dqopt->flags |=
2319 dquot_state_flag(DQUOT_SUSPENDED, cnt);
2320 spin_unlock(&dq_state_lock);
2321 } else {
2322 spin_lock(&dq_state_lock);
2323 dqopt->flags &= ~dquot_state_flag(flags, cnt);
2324 /* Turning off suspended quotas? */
2325 if (!sb_has_quota_loaded(sb, cnt) &&
2326 sb_has_quota_suspended(sb, cnt)) {
2327 dqopt->flags &= ~dquot_state_flag(
2328 DQUOT_SUSPENDED, cnt);
2329 spin_unlock(&dq_state_lock);
2330 vfs_cleanup_quota_inode(sb, cnt);
2331 continue;
2332 }
2333 spin_unlock(&dq_state_lock);
2334 }
2335
2336 /* We still have to keep quota loaded? */
2337 if (sb_has_quota_loaded(sb, cnt) && !(flags & DQUOT_SUSPENDED))
2338 continue;
2339
2340 /* Note: these are blocking operations */
2341 drop_dquot_ref(sb, cnt);
2342 invalidate_dquots(sb, cnt);
2343 /*
2344 * Now all dquots should be invalidated, all writes done so we
2345 * should be only users of the info. No locks needed.
2346 */
2347 if (info_dirty(&dqopt->info[cnt]))
2348 sb->dq_op->write_info(sb, cnt);
2349 if (dqopt->ops[cnt]->free_file_info)
2350 dqopt->ops[cnt]->free_file_info(sb, cnt);
2351 put_quota_format(dqopt->info[cnt].dqi_format);
2352 dqopt->info[cnt].dqi_flags = 0;
2353 dqopt->info[cnt].dqi_igrace = 0;
2354 dqopt->info[cnt].dqi_bgrace = 0;
2355 dqopt->ops[cnt] = NULL;
2356 }
2357
2358 /* Skip syncing and setting flags if quota files are hidden */
2359 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE)
2360 goto put_inodes;
2361
2362 /* Sync the superblock so that buffers with quota data are written to
2363 * disk (and so userspace sees correct data afterwards). */
2364 if (sb->s_op->sync_fs)
2365 sb->s_op->sync_fs(sb, 1);
2366 sync_blockdev(sb->s_bdev);
2367 /* Now the quota files are just ordinary files and we can set the
2368 * inode flags back. Moreover we discard the pagecache so that
2369 * userspace sees the writes we did bypassing the pagecache. We
2370 * must also discard the blockdev buffers so that we see the
2371 * changes done by userspace on the next quotaon() */
2372 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
2373 if (!sb_has_quota_loaded(sb, cnt) && dqopt->files[cnt]) {
2374 inode_lock(dqopt->files[cnt]);
2375 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0);
2376 inode_unlock(dqopt->files[cnt]);
2377 }
2378 if (sb->s_bdev)
2379 invalidate_bdev(sb->s_bdev);
2380 put_inodes:
2381 /* We are done when suspending quotas */
2382 if (flags & DQUOT_SUSPENDED)
2383 return 0;
2384
2385 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
2386 if (!sb_has_quota_loaded(sb, cnt))
2387 vfs_cleanup_quota_inode(sb, cnt);
2388 return 0;
2389 }
2390 EXPORT_SYMBOL(dquot_disable);
2391
dquot_quota_off(struct super_block *sb, int type)2392 int dquot_quota_off(struct super_block *sb, int type)
2393 {
2394 return dquot_disable(sb, type,
2395 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED);
2396 }
2397 EXPORT_SYMBOL(dquot_quota_off);
2398
2399 /*
2400 * Turn quotas on on a device
2401 */
2402
vfs_setup_quota_inode(struct inode *inode, int type)2403 static int vfs_setup_quota_inode(struct inode *inode, int type)
2404 {
2405 struct super_block *sb = inode->i_sb;
2406 struct quota_info *dqopt = sb_dqopt(sb);
2407
2408 if (is_bad_inode(inode))
2409 return -EUCLEAN;
2410 if (!S_ISREG(inode->i_mode))
2411 return -EACCES;
2412 if (IS_RDONLY(inode))
2413 return -EROFS;
2414 if (sb_has_quota_loaded(sb, type))
2415 return -EBUSY;
2416
2417 /*
2418 * Quota files should never be encrypted. They should be thought of as
2419 * filesystem metadata, not user data. New-style internal quota files
2420 * cannot be encrypted by users anyway, but old-style external quota
2421 * files could potentially be incorrectly created in an encrypted
2422 * directory, hence this explicit check. Some reasons why encrypted
2423 * quota files don't work include: (1) some filesystems that support
2424 * encryption don't handle it in their quota_read and quota_write, and
2425 * (2) cleaning up encrypted quota files at unmount would need special
2426 * consideration, as quota files are cleaned up later than user files.
2427 */
2428 if (IS_ENCRYPTED(inode))
2429 return -EINVAL;
2430
2431 dqopt->files[type] = igrab(inode);
2432 if (!dqopt->files[type])
2433 return -EIO;
2434 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
2435 /* We don't want quota and atime on quota files (deadlocks
2436 * possible) Also nobody should write to the file - we use
2437 * special IO operations which ignore the immutable bit. */
2438 inode_lock(inode);
2439 inode->i_flags |= S_NOQUOTA;
2440 inode_unlock(inode);
2441 /*
2442 * When S_NOQUOTA is set, remove dquot references as no more
2443 * references can be added
2444 */
2445 __dquot_drop(inode);
2446 }
2447 return 0;
2448 }
2449
dquot_load_quota_sb(struct super_block *sb, int type, int format_id, unsigned int flags)2450 int dquot_load_quota_sb(struct super_block *sb, int type, int format_id,
2451 unsigned int flags)
2452 {
2453 struct quota_format_type *fmt = find_quota_format(format_id);
2454 struct quota_info *dqopt = sb_dqopt(sb);
2455 int error;
2456
2457 /* Just unsuspend quotas? */
2458 BUG_ON(flags & DQUOT_SUSPENDED);
2459 /* s_umount should be held in exclusive mode */
2460 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount)))
2461 up_read(&sb->s_umount);
2462
2463 if (!fmt)
2464 return -ESRCH;
2465 if (!sb->s_op->quota_write || !sb->s_op->quota_read ||
2466 (type == PRJQUOTA && sb->dq_op->get_projid == NULL)) {
2467 error = -EINVAL;
2468 goto out_fmt;
2469 }
2470 /* Filesystems outside of init_user_ns not yet supported */
2471 if (sb->s_user_ns != &init_user_ns) {
2472 error = -EINVAL;
2473 goto out_fmt;
2474 }
2475 /* Usage always has to be set... */
2476 if (!(flags & DQUOT_USAGE_ENABLED)) {
2477 error = -EINVAL;
2478 goto out_fmt;
2479 }
2480 if (sb_has_quota_loaded(sb, type)) {
2481 error = -EBUSY;
2482 goto out_fmt;
2483 }
2484
2485 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
2486 /* As we bypass the pagecache we must now flush all the
2487 * dirty data and invalidate caches so that kernel sees
2488 * changes from userspace. It is not enough to just flush
2489 * the quota file since if blocksize < pagesize, invalidation
2490 * of the cache could fail because of other unrelated dirty
2491 * data */
2492 sync_filesystem(sb);
2493 invalidate_bdev(sb->s_bdev);
2494 }
2495
2496 error = -EINVAL;
2497 if (!fmt->qf_ops->check_quota_file(sb, type))
2498 goto out_fmt;
2499
2500 dqopt->ops[type] = fmt->qf_ops;
2501 dqopt->info[type].dqi_format = fmt;
2502 dqopt->info[type].dqi_fmt_id = format_id;
2503 INIT_LIST_HEAD(&dqopt->info[type].dqi_dirty_list);
2504 error = dqopt->ops[type]->read_file_info(sb, type);
2505 if (error < 0)
2506 goto out_fmt;
2507 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) {
2508 spin_lock(&dq_data_lock);
2509 dqopt->info[type].dqi_flags |= DQF_SYS_FILE;
2510 spin_unlock(&dq_data_lock);
2511 }
2512 spin_lock(&dq_state_lock);
2513 dqopt->flags |= dquot_state_flag(flags, type);
2514 spin_unlock(&dq_state_lock);
2515
2516 error = add_dquot_ref(sb, type);
2517 if (error)
2518 dquot_disable(sb, type,
2519 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED);
2520
2521 return error;
2522 out_fmt:
2523 put_quota_format(fmt);
2524
2525 return error;
2526 }
2527 EXPORT_SYMBOL(dquot_load_quota_sb);
2528
2529 /*
2530 * More powerful function for turning on quotas on given quota inode allowing
2531 * setting of individual quota flags
2532 */
dquot_load_quota_inode(struct inode *inode, int type, int format_id, unsigned int flags)2533 int dquot_load_quota_inode(struct inode *inode, int type, int format_id,
2534 unsigned int flags)
2535 {
2536 int err;
2537
2538 err = vfs_setup_quota_inode(inode, type);
2539 if (err < 0)
2540 return err;
2541 err = dquot_load_quota_sb(inode->i_sb, type, format_id, flags);
2542 if (err < 0)
2543 vfs_cleanup_quota_inode(inode->i_sb, type);
2544 return err;
2545 }
2546 EXPORT_SYMBOL(dquot_load_quota_inode);
2547
2548 /* Reenable quotas on remount RW */
dquot_resume(struct super_block *sb, int type)2549 int dquot_resume(struct super_block *sb, int type)
2550 {
2551 struct quota_info *dqopt = sb_dqopt(sb);
2552 int ret = 0, cnt;
2553 unsigned int flags;
2554
2555 /* s_umount should be held in exclusive mode */
2556 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount)))
2557 up_read(&sb->s_umount);
2558
2559 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2560 if (type != -1 && cnt != type)
2561 continue;
2562 if (!sb_has_quota_suspended(sb, cnt))
2563 continue;
2564
2565 spin_lock(&dq_state_lock);
2566 flags = dqopt->flags & dquot_state_flag(DQUOT_USAGE_ENABLED |
2567 DQUOT_LIMITS_ENABLED,
2568 cnt);
2569 dqopt->flags &= ~dquot_state_flag(DQUOT_STATE_FLAGS, cnt);
2570 spin_unlock(&dq_state_lock);
2571
2572 flags = dquot_generic_flag(flags, cnt);
2573 ret = dquot_load_quota_sb(sb, cnt, dqopt->info[cnt].dqi_fmt_id,
2574 flags);
2575 if (ret < 0)
2576 vfs_cleanup_quota_inode(sb, cnt);
2577 }
2578
2579 return ret;
2580 }
2581 EXPORT_SYMBOL(dquot_resume);
2582
dquot_quota_on(struct super_block *sb, int type, int format_id, const struct path *path)2583 int dquot_quota_on(struct super_block *sb, int type, int format_id,
2584 const struct path *path)
2585 {
2586 int error = security_quota_on(path->dentry);
2587 if (error)
2588 return error;
2589 /* Quota file not on the same filesystem? */
2590 if (path->dentry->d_sb != sb)
2591 error = -EXDEV;
2592 else
2593 error = dquot_load_quota_inode(d_inode(path->dentry), type,
2594 format_id, DQUOT_USAGE_ENABLED |
2595 DQUOT_LIMITS_ENABLED);
2596 return error;
2597 }
2598 EXPORT_SYMBOL(dquot_quota_on);
2599
2600 /*
2601 * This function is used when filesystem needs to initialize quotas
2602 * during mount time.
2603 */
dquot_quota_on_mount(struct super_block *sb, char *qf_name, int format_id, int type)2604 int dquot_quota_on_mount(struct super_block *sb, char *qf_name,
2605 int format_id, int type)
2606 {
2607 struct dentry *dentry;
2608 int error;
2609
2610 dentry = lookup_positive_unlocked(qf_name, sb->s_root, strlen(qf_name));
2611 if (IS_ERR(dentry))
2612 return PTR_ERR(dentry);
2613
2614 error = security_quota_on(dentry);
2615 if (!error)
2616 error = dquot_load_quota_inode(d_inode(dentry), type, format_id,
2617 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED);
2618
2619 dput(dentry);
2620 return error;
2621 }
2622 EXPORT_SYMBOL(dquot_quota_on_mount);
2623
dquot_quota_enable(struct super_block *sb, unsigned int flags)2624 static int dquot_quota_enable(struct super_block *sb, unsigned int flags)
2625 {
2626 int ret;
2627 int type;
2628 struct quota_info *dqopt = sb_dqopt(sb);
2629
2630 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE))
2631 return -ENOSYS;
2632 /* Accounting cannot be turned on while fs is mounted */
2633 flags &= ~(FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT);
2634 if (!flags)
2635 return -EINVAL;
2636 for (type = 0; type < MAXQUOTAS; type++) {
2637 if (!(flags & qtype_enforce_flag(type)))
2638 continue;
2639 /* Can't enforce without accounting */
2640 if (!sb_has_quota_usage_enabled(sb, type)) {
2641 ret = -EINVAL;
2642 goto out_err;
2643 }
2644 if (sb_has_quota_limits_enabled(sb, type)) {
2645 ret = -EBUSY;
2646 goto out_err;
2647 }
2648 spin_lock(&dq_state_lock);
2649 dqopt->flags |= dquot_state_flag(DQUOT_LIMITS_ENABLED, type);
2650 spin_unlock(&dq_state_lock);
2651 }
2652 return 0;
2653 out_err:
2654 /* Backout enforcement enablement we already did */
2655 for (type--; type >= 0; type--) {
2656 if (flags & qtype_enforce_flag(type))
2657 dquot_disable(sb, type, DQUOT_LIMITS_ENABLED);
2658 }
2659 /* Error code translation for better compatibility with XFS */
2660 if (ret == -EBUSY)
2661 ret = -EEXIST;
2662 return ret;
2663 }
2664
dquot_quota_disable(struct super_block *sb, unsigned int flags)2665 static int dquot_quota_disable(struct super_block *sb, unsigned int flags)
2666 {
2667 int ret;
2668 int type;
2669 struct quota_info *dqopt = sb_dqopt(sb);
2670
2671 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE))
2672 return -ENOSYS;
2673 /*
2674 * We don't support turning off accounting via quotactl. In principle
2675 * quota infrastructure can do this but filesystems don't expect
2676 * userspace to be able to do it.
2677 */
2678 if (flags &
2679 (FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT))
2680 return -EOPNOTSUPP;
2681
2682 /* Filter out limits not enabled */
2683 for (type = 0; type < MAXQUOTAS; type++)
2684 if (!sb_has_quota_limits_enabled(sb, type))
2685 flags &= ~qtype_enforce_flag(type);
2686 /* Nothing left? */
2687 if (!flags)
2688 return -EEXIST;
2689 for (type = 0; type < MAXQUOTAS; type++) {
2690 if (flags & qtype_enforce_flag(type)) {
2691 ret = dquot_disable(sb, type, DQUOT_LIMITS_ENABLED);
2692 if (ret < 0)
2693 goto out_err;
2694 }
2695 }
2696 return 0;
2697 out_err:
2698 /* Backout enforcement disabling we already did */
2699 for (type--; type >= 0; type--) {
2700 if (flags & qtype_enforce_flag(type)) {
2701 spin_lock(&dq_state_lock);
2702 dqopt->flags |=
2703 dquot_state_flag(DQUOT_LIMITS_ENABLED, type);
2704 spin_unlock(&dq_state_lock);
2705 }
2706 }
2707 return ret;
2708 }
2709
2710 /* Generic routine for getting common part of quota structure */
do_get_dqblk(struct dquot *dquot, struct qc_dqblk *di)2711 static void do_get_dqblk(struct dquot *dquot, struct qc_dqblk *di)
2712 {
2713 struct mem_dqblk *dm = &dquot->dq_dqb;
2714
2715 memset(di, 0, sizeof(*di));
2716 spin_lock(&dquot->dq_dqb_lock);
2717 di->d_spc_hardlimit = dm->dqb_bhardlimit;
2718 di->d_spc_softlimit = dm->dqb_bsoftlimit;
2719 di->d_ino_hardlimit = dm->dqb_ihardlimit;
2720 di->d_ino_softlimit = dm->dqb_isoftlimit;
2721 di->d_space = dm->dqb_curspace + dm->dqb_rsvspace;
2722 di->d_ino_count = dm->dqb_curinodes;
2723 di->d_spc_timer = dm->dqb_btime;
2724 di->d_ino_timer = dm->dqb_itime;
2725 spin_unlock(&dquot->dq_dqb_lock);
2726 }
2727
dquot_get_dqblk(struct super_block *sb, struct kqid qid, struct qc_dqblk *di)2728 int dquot_get_dqblk(struct super_block *sb, struct kqid qid,
2729 struct qc_dqblk *di)
2730 {
2731 struct dquot *dquot;
2732
2733 dquot = dqget(sb, qid);
2734 if (IS_ERR(dquot))
2735 return PTR_ERR(dquot);
2736 do_get_dqblk(dquot, di);
2737 dqput(dquot);
2738
2739 return 0;
2740 }
2741 EXPORT_SYMBOL(dquot_get_dqblk);
2742
dquot_get_next_dqblk(struct super_block *sb, struct kqid *qid, struct qc_dqblk *di)2743 int dquot_get_next_dqblk(struct super_block *sb, struct kqid *qid,
2744 struct qc_dqblk *di)
2745 {
2746 struct dquot *dquot;
2747 int err;
2748
2749 if (!sb->dq_op->get_next_id)
2750 return -ENOSYS;
2751 err = sb->dq_op->get_next_id(sb, qid);
2752 if (err < 0)
2753 return err;
2754 dquot = dqget(sb, *qid);
2755 if (IS_ERR(dquot))
2756 return PTR_ERR(dquot);
2757 do_get_dqblk(dquot, di);
2758 dqput(dquot);
2759
2760 return 0;
2761 }
2762 EXPORT_SYMBOL(dquot_get_next_dqblk);
2763
2764 #define VFS_QC_MASK \
2765 (QC_SPACE | QC_SPC_SOFT | QC_SPC_HARD | \
2766 QC_INO_COUNT | QC_INO_SOFT | QC_INO_HARD | \
2767 QC_SPC_TIMER | QC_INO_TIMER)
2768
2769 /* Generic routine for setting common part of quota structure */
do_set_dqblk(struct dquot *dquot, struct qc_dqblk *di)2770 static int do_set_dqblk(struct dquot *dquot, struct qc_dqblk *di)
2771 {
2772 struct mem_dqblk *dm = &dquot->dq_dqb;
2773 int check_blim = 0, check_ilim = 0;
2774 struct mem_dqinfo *dqi = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type];
2775
2776 if (di->d_fieldmask & ~VFS_QC_MASK)
2777 return -EINVAL;
2778
2779 if (((di->d_fieldmask & QC_SPC_SOFT) &&
2780 di->d_spc_softlimit > dqi->dqi_max_spc_limit) ||
2781 ((di->d_fieldmask & QC_SPC_HARD) &&
2782 di->d_spc_hardlimit > dqi->dqi_max_spc_limit) ||
2783 ((di->d_fieldmask & QC_INO_SOFT) &&
2784 (di->d_ino_softlimit > dqi->dqi_max_ino_limit)) ||
2785 ((di->d_fieldmask & QC_INO_HARD) &&
2786 (di->d_ino_hardlimit > dqi->dqi_max_ino_limit)))
2787 return -ERANGE;
2788
2789 spin_lock(&dquot->dq_dqb_lock);
2790 if (di->d_fieldmask & QC_SPACE) {
2791 dm->dqb_curspace = di->d_space - dm->dqb_rsvspace;
2792 check_blim = 1;
2793 set_bit(DQ_LASTSET_B + QIF_SPACE_B, &dquot->dq_flags);
2794 }
2795
2796 if (di->d_fieldmask & QC_SPC_SOFT)
2797 dm->dqb_bsoftlimit = di->d_spc_softlimit;
2798 if (di->d_fieldmask & QC_SPC_HARD)
2799 dm->dqb_bhardlimit = di->d_spc_hardlimit;
2800 if (di->d_fieldmask & (QC_SPC_SOFT | QC_SPC_HARD)) {
2801 check_blim = 1;
2802 set_bit(DQ_LASTSET_B + QIF_BLIMITS_B, &dquot->dq_flags);
2803 }
2804
2805 if (di->d_fieldmask & QC_INO_COUNT) {
2806 dm->dqb_curinodes = di->d_ino_count;
2807 check_ilim = 1;
2808 set_bit(DQ_LASTSET_B + QIF_INODES_B, &dquot->dq_flags);
2809 }
2810
2811 if (di->d_fieldmask & QC_INO_SOFT)
2812 dm->dqb_isoftlimit = di->d_ino_softlimit;
2813 if (di->d_fieldmask & QC_INO_HARD)
2814 dm->dqb_ihardlimit = di->d_ino_hardlimit;
2815 if (di->d_fieldmask & (QC_INO_SOFT | QC_INO_HARD)) {
2816 check_ilim = 1;
2817 set_bit(DQ_LASTSET_B + QIF_ILIMITS_B, &dquot->dq_flags);
2818 }
2819
2820 if (di->d_fieldmask & QC_SPC_TIMER) {
2821 dm->dqb_btime = di->d_spc_timer;
2822 check_blim = 1;
2823 set_bit(DQ_LASTSET_B + QIF_BTIME_B, &dquot->dq_flags);
2824 }
2825
2826 if (di->d_fieldmask & QC_INO_TIMER) {
2827 dm->dqb_itime = di->d_ino_timer;
2828 check_ilim = 1;
2829 set_bit(DQ_LASTSET_B + QIF_ITIME_B, &dquot->dq_flags);
2830 }
2831
2832 if (check_blim) {
2833 if (!dm->dqb_bsoftlimit ||
2834 dm->dqb_curspace + dm->dqb_rsvspace <= dm->dqb_bsoftlimit) {
2835 dm->dqb_btime = 0;
2836 clear_bit(DQ_BLKS_B, &dquot->dq_flags);
2837 } else if (!(di->d_fieldmask & QC_SPC_TIMER))
2838 /* Set grace only if user hasn't provided his own... */
2839 dm->dqb_btime = ktime_get_real_seconds() + dqi->dqi_bgrace;
2840 }
2841 if (check_ilim) {
2842 if (!dm->dqb_isoftlimit ||
2843 dm->dqb_curinodes <= dm->dqb_isoftlimit) {
2844 dm->dqb_itime = 0;
2845 clear_bit(DQ_INODES_B, &dquot->dq_flags);
2846 } else if (!(di->d_fieldmask & QC_INO_TIMER))
2847 /* Set grace only if user hasn't provided his own... */
2848 dm->dqb_itime = ktime_get_real_seconds() + dqi->dqi_igrace;
2849 }
2850 if (dm->dqb_bhardlimit || dm->dqb_bsoftlimit || dm->dqb_ihardlimit ||
2851 dm->dqb_isoftlimit)
2852 clear_bit(DQ_FAKE_B, &dquot->dq_flags);
2853 else
2854 set_bit(DQ_FAKE_B, &dquot->dq_flags);
2855 spin_unlock(&dquot->dq_dqb_lock);
2856 mark_dquot_dirty(dquot);
2857
2858 return 0;
2859 }
2860
dquot_set_dqblk(struct super_block *sb, struct kqid qid, struct qc_dqblk *di)2861 int dquot_set_dqblk(struct super_block *sb, struct kqid qid,
2862 struct qc_dqblk *di)
2863 {
2864 struct dquot *dquot;
2865 int rc;
2866
2867 dquot = dqget(sb, qid);
2868 if (IS_ERR(dquot)) {
2869 rc = PTR_ERR(dquot);
2870 goto out;
2871 }
2872 rc = do_set_dqblk(dquot, di);
2873 dqput(dquot);
2874 out:
2875 return rc;
2876 }
2877 EXPORT_SYMBOL(dquot_set_dqblk);
2878
2879 /* Generic routine for getting common part of quota file information */
dquot_get_state(struct super_block *sb, struct qc_state *state)2880 int dquot_get_state(struct super_block *sb, struct qc_state *state)
2881 {
2882 struct mem_dqinfo *mi;
2883 struct qc_type_state *tstate;
2884 struct quota_info *dqopt = sb_dqopt(sb);
2885 int type;
2886
2887 memset(state, 0, sizeof(*state));
2888 for (type = 0; type < MAXQUOTAS; type++) {
2889 if (!sb_has_quota_active(sb, type))
2890 continue;
2891 tstate = state->s_state + type;
2892 mi = sb_dqopt(sb)->info + type;
2893 tstate->flags = QCI_ACCT_ENABLED;
2894 spin_lock(&dq_data_lock);
2895 if (mi->dqi_flags & DQF_SYS_FILE)
2896 tstate->flags |= QCI_SYSFILE;
2897 if (mi->dqi_flags & DQF_ROOT_SQUASH)
2898 tstate->flags |= QCI_ROOT_SQUASH;
2899 if (sb_has_quota_limits_enabled(sb, type))
2900 tstate->flags |= QCI_LIMITS_ENFORCED;
2901 tstate->spc_timelimit = mi->dqi_bgrace;
2902 tstate->ino_timelimit = mi->dqi_igrace;
2903 if (dqopt->files[type]) {
2904 tstate->ino = dqopt->files[type]->i_ino;
2905 tstate->blocks = dqopt->files[type]->i_blocks;
2906 }
2907 tstate->nextents = 1; /* We don't know... */
2908 spin_unlock(&dq_data_lock);
2909 }
2910 return 0;
2911 }
2912 EXPORT_SYMBOL(dquot_get_state);
2913
2914 /* Generic routine for setting common part of quota file information */
dquot_set_dqinfo(struct super_block *sb, int type, struct qc_info *ii)2915 int dquot_set_dqinfo(struct super_block *sb, int type, struct qc_info *ii)
2916 {
2917 struct mem_dqinfo *mi;
2918 int err = 0;
2919
2920 if ((ii->i_fieldmask & QC_WARNS_MASK) ||
2921 (ii->i_fieldmask & QC_RT_SPC_TIMER))
2922 return -EINVAL;
2923 if (!sb_has_quota_active(sb, type))
2924 return -ESRCH;
2925 mi = sb_dqopt(sb)->info + type;
2926 if (ii->i_fieldmask & QC_FLAGS) {
2927 if ((ii->i_flags & QCI_ROOT_SQUASH &&
2928 mi->dqi_format->qf_fmt_id != QFMT_VFS_OLD))
2929 return -EINVAL;
2930 }
2931 spin_lock(&dq_data_lock);
2932 if (ii->i_fieldmask & QC_SPC_TIMER)
2933 mi->dqi_bgrace = ii->i_spc_timelimit;
2934 if (ii->i_fieldmask & QC_INO_TIMER)
2935 mi->dqi_igrace = ii->i_ino_timelimit;
2936 if (ii->i_fieldmask & QC_FLAGS) {
2937 if (ii->i_flags & QCI_ROOT_SQUASH)
2938 mi->dqi_flags |= DQF_ROOT_SQUASH;
2939 else
2940 mi->dqi_flags &= ~DQF_ROOT_SQUASH;
2941 }
2942 spin_unlock(&dq_data_lock);
2943 mark_info_dirty(sb, type);
2944 /* Force write to disk */
2945 sb->dq_op->write_info(sb, type);
2946 return err;
2947 }
2948 EXPORT_SYMBOL(dquot_set_dqinfo);
2949
2950 const struct quotactl_ops dquot_quotactl_sysfile_ops = {
2951 .quota_enable = dquot_quota_enable,
2952 .quota_disable = dquot_quota_disable,
2953 .quota_sync = dquot_quota_sync,
2954 .get_state = dquot_get_state,
2955 .set_info = dquot_set_dqinfo,
2956 .get_dqblk = dquot_get_dqblk,
2957 .get_nextdqblk = dquot_get_next_dqblk,
2958 .set_dqblk = dquot_set_dqblk
2959 };
2960 EXPORT_SYMBOL(dquot_quotactl_sysfile_ops);
2961
do_proc_dqstats(struct ctl_table *table, int write, void *buffer, size_t *lenp, loff_t *ppos)2962 static int do_proc_dqstats(struct ctl_table *table, int write,
2963 void *buffer, size_t *lenp, loff_t *ppos)
2964 {
2965 unsigned int type = (unsigned long *)table->data - dqstats.stat;
2966 s64 value = percpu_counter_sum(&dqstats.counter[type]);
2967
2968 /* Filter negative values for non-monotonic counters */
2969 if (value < 0 && (type == DQST_ALLOC_DQUOTS ||
2970 type == DQST_FREE_DQUOTS))
2971 value = 0;
2972
2973 /* Update global table */
2974 dqstats.stat[type] = value;
2975 return proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
2976 }
2977
2978 static struct ctl_table fs_dqstats_table[] = {
2979 {
2980 .procname = "lookups",
2981 .data = &dqstats.stat[DQST_LOOKUPS],
2982 .maxlen = sizeof(unsigned long),
2983 .mode = 0444,
2984 .proc_handler = do_proc_dqstats,
2985 },
2986 {
2987 .procname = "drops",
2988 .data = &dqstats.stat[DQST_DROPS],
2989 .maxlen = sizeof(unsigned long),
2990 .mode = 0444,
2991 .proc_handler = do_proc_dqstats,
2992 },
2993 {
2994 .procname = "reads",
2995 .data = &dqstats.stat[DQST_READS],
2996 .maxlen = sizeof(unsigned long),
2997 .mode = 0444,
2998 .proc_handler = do_proc_dqstats,
2999 },
3000 {
3001 .procname = "writes",
3002 .data = &dqstats.stat[DQST_WRITES],
3003 .maxlen = sizeof(unsigned long),
3004 .mode = 0444,
3005 .proc_handler = do_proc_dqstats,
3006 },
3007 {
3008 .procname = "cache_hits",
3009 .data = &dqstats.stat[DQST_CACHE_HITS],
3010 .maxlen = sizeof(unsigned long),
3011 .mode = 0444,
3012 .proc_handler = do_proc_dqstats,
3013 },
3014 {
3015 .procname = "allocated_dquots",
3016 .data = &dqstats.stat[DQST_ALLOC_DQUOTS],
3017 .maxlen = sizeof(unsigned long),
3018 .mode = 0444,
3019 .proc_handler = do_proc_dqstats,
3020 },
3021 {
3022 .procname = "free_dquots",
3023 .data = &dqstats.stat[DQST_FREE_DQUOTS],
3024 .maxlen = sizeof(unsigned long),
3025 .mode = 0444,
3026 .proc_handler = do_proc_dqstats,
3027 },
3028 {
3029 .procname = "syncs",
3030 .data = &dqstats.stat[DQST_SYNCS],
3031 .maxlen = sizeof(unsigned long),
3032 .mode = 0444,
3033 .proc_handler = do_proc_dqstats,
3034 },
3035 #ifdef CONFIG_PRINT_QUOTA_WARNING
3036 {
3037 .procname = "warnings",
3038 .data = &flag_print_warnings,
3039 .maxlen = sizeof(int),
3040 .mode = 0644,
3041 .proc_handler = proc_dointvec,
3042 },
3043 #endif
3044 { },
3045 };
3046
3047 static struct ctl_table fs_table[] = {
3048 {
3049 .procname = "quota",
3050 .mode = 0555,
3051 .child = fs_dqstats_table,
3052 },
3053 { },
3054 };
3055
3056 static struct ctl_table sys_table[] = {
3057 {
3058 .procname = "fs",
3059 .mode = 0555,
3060 .child = fs_table,
3061 },
3062 { },
3063 };
3064
dquot_init(void)3065 static int __init dquot_init(void)
3066 {
3067 int i, ret;
3068 unsigned long nr_hash, order;
3069
3070 printk(KERN_NOTICE "VFS: Disk quotas %s\n", __DQUOT_VERSION__);
3071
3072 register_sysctl_table(sys_table);
3073
3074 dquot_cachep = kmem_cache_create("dquot",
3075 sizeof(struct dquot), sizeof(unsigned long) * 4,
3076 (SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT|
3077 SLAB_MEM_SPREAD|SLAB_PANIC),
3078 NULL);
3079
3080 order = 0;
3081 dquot_hash = (struct hlist_head *)__get_free_pages(GFP_KERNEL, order);
3082 if (!dquot_hash)
3083 panic("Cannot create dquot hash table");
3084
3085 for (i = 0; i < _DQST_DQSTAT_LAST; i++) {
3086 ret = percpu_counter_init(&dqstats.counter[i], 0, GFP_KERNEL);
3087 if (ret)
3088 panic("Cannot create dquot stat counters");
3089 }
3090
3091 /* Find power-of-two hlist_heads which can fit into allocation */
3092 nr_hash = (1UL << order) * PAGE_SIZE / sizeof(struct hlist_head);
3093 dq_hash_bits = ilog2(nr_hash);
3094
3095 nr_hash = 1UL << dq_hash_bits;
3096 dq_hash_mask = nr_hash - 1;
3097 for (i = 0; i < nr_hash; i++)
3098 INIT_HLIST_HEAD(dquot_hash + i);
3099
3100 pr_info("VFS: Dquot-cache hash table entries: %ld (order %ld,"
3101 " %ld bytes)\n", nr_hash, order, (PAGE_SIZE << order));
3102
3103 if (register_shrinker(&dqcache_shrinker))
3104 panic("Cannot register dquot shrinker");
3105
3106 return 0;
3107 }
3108 fs_initcall(dquot_init);
3109