1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Implementation of the diskquota system for the LINUX operating system. QUOTA 4 * is implemented using the BSD system call interface as the means of 5 * communication with the user level. This file contains the generic routines 6 * called by the different filesystems on allocation of an inode or block. 7 * These routines take care of the administration needed to have a consistent 8 * diskquota tracking system. The ideas of both user and group quotas are based 9 * on the Melbourne quota system as used on BSD derived systems. The internal 10 * implementation is based on one of the several variants of the LINUX 11 * inode-subsystem with added complexity of the diskquota system. 12 * 13 * Author: Marco van Wieringen <mvw@planets.elm.net> 14 * 15 * Fixes: Dmitry Gorodchanin <pgmdsg@ibi.com>, 11 Feb 96 16 * 17 * Revised list management to avoid races 18 * -- Bill Hawes, <whawes@star.net>, 9/98 19 * 20 * Fixed races in dquot_transfer(), dqget() and dquot_alloc_...(). 21 * As the consequence the locking was moved from dquot_decr_...(), 22 * dquot_incr_...() to calling functions. 23 * invalidate_dquots() now writes modified dquots. 24 * Serialized quota_off() and quota_on() for mount point. 25 * Fixed a few bugs in grow_dquots(). 26 * Fixed deadlock in write_dquot() - we no longer account quotas on 27 * quota files 28 * remove_dquot_ref() moved to inode.c - it now traverses through inodes 29 * add_dquot_ref() restarts after blocking 30 * Added check for bogus uid and fixed check for group in quotactl. 31 * Jan Kara, <jack@suse.cz>, sponsored by SuSE CR, 10-11/99 32 * 33 * Used struct list_head instead of own list struct 34 * Invalidation of referenced dquots is no longer possible 35 * Improved free_dquots list management 36 * Quota and i_blocks are now updated in one place to avoid races 37 * Warnings are now delayed so we won't block in critical section 38 * Write updated not to require dquot lock 39 * Jan Kara, <jack@suse.cz>, 9/2000 40 * 41 * Added dynamic quota structure allocation 42 * Jan Kara <jack@suse.cz> 12/2000 43 * 44 * Rewritten quota interface. Implemented new quota format and 45 * formats registering. 46 * Jan Kara, <jack@suse.cz>, 2001,2002 47 * 48 * New SMP locking. 49 * Jan Kara, <jack@suse.cz>, 10/2002 50 * 51 * Added journalled quota support, fix lock inversion problems 52 * Jan Kara, <jack@suse.cz>, 2003,2004 53 * 54 * (C) Copyright 1994 - 1997 Marco van Wieringen 55 */ 56 57#include <linux/errno.h> 58#include <linux/kernel.h> 59#include <linux/fs.h> 60#include <linux/mount.h> 61#include <linux/mm.h> 62#include <linux/time.h> 63#include <linux/types.h> 64#include <linux/string.h> 65#include <linux/fcntl.h> 66#include <linux/stat.h> 67#include <linux/tty.h> 68#include <linux/file.h> 69#include <linux/slab.h> 70#include <linux/sysctl.h> 71#include <linux/init.h> 72#include <linux/module.h> 73#include <linux/proc_fs.h> 74#include <linux/security.h> 75#include <linux/sched.h> 76#include <linux/cred.h> 77#include <linux/kmod.h> 78#include <linux/namei.h> 79#include <linux/capability.h> 80#include <linux/quotaops.h> 81#include <linux/blkdev.h> 82#include <linux/sched/mm.h> 83#include "../internal.h" /* ugh */ 84 85#include <linux/uaccess.h> 86 87/* 88 * There are five quota SMP locks: 89 * * dq_list_lock protects all lists with quotas and quota formats. 90 * * dquot->dq_dqb_lock protects data from dq_dqb 91 * * inode->i_lock protects inode->i_blocks, i_bytes and also guards 92 * consistency of dquot->dq_dqb with inode->i_blocks, i_bytes so that 93 * dquot_transfer() can stabilize amount it transfers 94 * * dq_data_lock protects mem_dqinfo structures and modifications of dquot 95 * pointers in the inode 96 * * dq_state_lock protects modifications of quota state (on quotaon and 97 * quotaoff) and readers who care about latest values take it as well. 98 * 99 * The spinlock ordering is hence: 100 * dq_data_lock > dq_list_lock > i_lock > dquot->dq_dqb_lock, 101 * dq_list_lock > dq_state_lock 102 * 103 * Note that some things (eg. sb pointer, type, id) doesn't change during 104 * the life of the dquot structure and so needn't to be protected by a lock 105 * 106 * Operation accessing dquots via inode pointers are protected by dquot_srcu. 107 * Operation of reading pointer needs srcu_read_lock(&dquot_srcu), and 108 * synchronize_srcu(&dquot_srcu) is called after clearing pointers from 109 * inode and before dropping dquot references to avoid use of dquots after 110 * they are freed. dq_data_lock is used to serialize the pointer setting and 111 * clearing operations. 112 * Special care needs to be taken about S_NOQUOTA inode flag (marking that 113 * inode is a quota file). Functions adding pointers from inode to dquots have 114 * to check this flag under dq_data_lock and then (if S_NOQUOTA is not set) they 115 * have to do all pointer modifications before dropping dq_data_lock. This makes 116 * sure they cannot race with quotaon which first sets S_NOQUOTA flag and 117 * then drops all pointers to dquots from an inode. 118 * 119 * Each dquot has its dq_lock mutex. Dquot is locked when it is being read to 120 * memory (or space for it is being allocated) on the first dqget(), when it is 121 * being written out, and when it is being released on the last dqput(). The 122 * allocation and release operations are serialized by the dq_lock and by 123 * checking the use count in dquot_release(). 124 * 125 * Lock ordering (including related VFS locks) is the following: 126 * s_umount > i_mutex > journal_lock > dquot->dq_lock > dqio_sem 127 */ 128 129static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_list_lock); 130static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_state_lock); 131__cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_data_lock); 132EXPORT_SYMBOL(dq_data_lock); 133DEFINE_STATIC_SRCU(dquot_srcu); 134 135static DECLARE_WAIT_QUEUE_HEAD(dquot_ref_wq); 136 137void __quota_error(struct super_block *sb, const char *func, 138 const char *fmt, ...) 139{ 140 if (printk_ratelimit()) { 141 va_list args; 142 struct va_format vaf; 143 144 va_start(args, fmt); 145 146 vaf.fmt = fmt; 147 vaf.va = &args; 148 149 printk(KERN_ERR "Quota error (device %s): %s: %pV\n", 150 sb->s_id, func, &vaf); 151 152 va_end(args); 153 } 154} 155EXPORT_SYMBOL(__quota_error); 156 157#if defined(CONFIG_QUOTA_DEBUG) || defined(CONFIG_PRINT_QUOTA_WARNING) 158static char *quotatypes[] = INITQFNAMES; 159#endif 160static struct quota_format_type *quota_formats; /* List of registered formats */ 161static struct quota_module_name module_names[] = INIT_QUOTA_MODULE_NAMES; 162 163/* SLAB cache for dquot structures */ 164static struct kmem_cache *dquot_cachep; 165 166int register_quota_format(struct quota_format_type *fmt) 167{ 168 spin_lock(&dq_list_lock); 169 fmt->qf_next = quota_formats; 170 quota_formats = fmt; 171 spin_unlock(&dq_list_lock); 172 return 0; 173} 174EXPORT_SYMBOL(register_quota_format); 175 176void unregister_quota_format(struct quota_format_type *fmt) 177{ 178 struct quota_format_type **actqf; 179 180 spin_lock(&dq_list_lock); 181 for (actqf = "a_formats; *actqf && *actqf != fmt; 182 actqf = &(*actqf)->qf_next) 183 ; 184 if (*actqf) 185 *actqf = (*actqf)->qf_next; 186 spin_unlock(&dq_list_lock); 187} 188EXPORT_SYMBOL(unregister_quota_format); 189 190static struct quota_format_type *find_quota_format(int id) 191{ 192 struct quota_format_type *actqf; 193 194 spin_lock(&dq_list_lock); 195 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; 196 actqf = actqf->qf_next) 197 ; 198 if (!actqf || !try_module_get(actqf->qf_owner)) { 199 int qm; 200 201 spin_unlock(&dq_list_lock); 202 203 for (qm = 0; module_names[qm].qm_fmt_id && 204 module_names[qm].qm_fmt_id != id; qm++) 205 ; 206 if (!module_names[qm].qm_fmt_id || 207 request_module(module_names[qm].qm_mod_name)) 208 return NULL; 209 210 spin_lock(&dq_list_lock); 211 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id; 212 actqf = actqf->qf_next) 213 ; 214 if (actqf && !try_module_get(actqf->qf_owner)) 215 actqf = NULL; 216 } 217 spin_unlock(&dq_list_lock); 218 return actqf; 219} 220 221static void put_quota_format(struct quota_format_type *fmt) 222{ 223 module_put(fmt->qf_owner); 224} 225 226/* 227 * Dquot List Management: 228 * The quota code uses five lists for dquot management: the inuse_list, 229 * releasing_dquots, free_dquots, dqi_dirty_list, and dquot_hash[] array. 230 * A single dquot structure may be on some of those lists, depending on 231 * its current state. 232 * 233 * All dquots are placed to the end of inuse_list when first created, and this 234 * list is used for invalidate operation, which must look at every dquot. 235 * 236 * When the last reference of a dquot is dropped, the dquot is added to 237 * releasing_dquots. We'll then queue work item which will call 238 * synchronize_srcu() and after that perform the final cleanup of all the 239 * dquots on the list. Each cleaned up dquot is moved to free_dquots list. 240 * Both releasing_dquots and free_dquots use the dq_free list_head in the dquot 241 * struct. 242 * 243 * Unused and cleaned up dquots are in the free_dquots list and this list is 244 * searched whenever we need an available dquot. Dquots are removed from the 245 * list as soon as they are used again and dqstats.free_dquots gives the number 246 * of dquots on the list. When dquot is invalidated it's completely released 247 * from memory. 248 * 249 * Dirty dquots are added to the dqi_dirty_list of quota_info when mark 250 * dirtied, and this list is searched when writing dirty dquots back to 251 * quota file. Note that some filesystems do dirty dquot tracking on their 252 * own (e.g. in a journal) and thus don't use dqi_dirty_list. 253 * 254 * Dquots with a specific identity (device, type and id) are placed on 255 * one of the dquot_hash[] hash chains. The provides an efficient search 256 * mechanism to locate a specific dquot. 257 */ 258 259static LIST_HEAD(inuse_list); 260static LIST_HEAD(free_dquots); 261static LIST_HEAD(releasing_dquots); 262static unsigned int dq_hash_bits, dq_hash_mask; 263static struct hlist_head *dquot_hash; 264 265struct dqstats dqstats; 266EXPORT_SYMBOL(dqstats); 267 268static qsize_t inode_get_rsv_space(struct inode *inode); 269static qsize_t __inode_get_rsv_space(struct inode *inode); 270static int __dquot_initialize(struct inode *inode, int type); 271 272static void quota_release_workfn(struct work_struct *work); 273static DECLARE_DELAYED_WORK(quota_release_work, quota_release_workfn); 274 275static inline unsigned int 276hashfn(const struct super_block *sb, struct kqid qid) 277{ 278 unsigned int id = from_kqid(&init_user_ns, qid); 279 int type = qid.type; 280 unsigned long tmp; 281 282 tmp = (((unsigned long)sb>>L1_CACHE_SHIFT) ^ id) * (MAXQUOTAS - type); 283 return (tmp + (tmp >> dq_hash_bits)) & dq_hash_mask; 284} 285 286/* 287 * Following list functions expect dq_list_lock to be held 288 */ 289static inline void insert_dquot_hash(struct dquot *dquot) 290{ 291 struct hlist_head *head; 292 head = dquot_hash + hashfn(dquot->dq_sb, dquot->dq_id); 293 hlist_add_head(&dquot->dq_hash, head); 294} 295 296static inline void remove_dquot_hash(struct dquot *dquot) 297{ 298 hlist_del_init(&dquot->dq_hash); 299} 300 301static struct dquot *find_dquot(unsigned int hashent, struct super_block *sb, 302 struct kqid qid) 303{ 304 struct hlist_node *node; 305 struct dquot *dquot; 306 307 hlist_for_each (node, dquot_hash+hashent) { 308 dquot = hlist_entry(node, struct dquot, dq_hash); 309 if (dquot->dq_sb == sb && qid_eq(dquot->dq_id, qid)) 310 return dquot; 311 } 312 return NULL; 313} 314 315/* Add a dquot to the tail of the free list */ 316static inline void put_dquot_last(struct dquot *dquot) 317{ 318 list_add_tail(&dquot->dq_free, &free_dquots); 319 dqstats_inc(DQST_FREE_DQUOTS); 320} 321 322static inline void put_releasing_dquots(struct dquot *dquot) 323{ 324 list_add_tail(&dquot->dq_free, &releasing_dquots); 325 set_bit(DQ_RELEASING_B, &dquot->dq_flags); 326} 327 328static inline void remove_free_dquot(struct dquot *dquot) 329{ 330 if (list_empty(&dquot->dq_free)) 331 return; 332 list_del_init(&dquot->dq_free); 333 if (!test_bit(DQ_RELEASING_B, &dquot->dq_flags)) 334 dqstats_dec(DQST_FREE_DQUOTS); 335 else 336 clear_bit(DQ_RELEASING_B, &dquot->dq_flags); 337} 338 339static inline void put_inuse(struct dquot *dquot) 340{ 341 /* We add to the back of inuse list so we don't have to restart 342 * when traversing this list and we block */ 343 list_add_tail(&dquot->dq_inuse, &inuse_list); 344 dqstats_inc(DQST_ALLOC_DQUOTS); 345} 346 347static inline void remove_inuse(struct dquot *dquot) 348{ 349 dqstats_dec(DQST_ALLOC_DQUOTS); 350 list_del(&dquot->dq_inuse); 351} 352/* 353 * End of list functions needing dq_list_lock 354 */ 355 356static void wait_on_dquot(struct dquot *dquot) 357{ 358 mutex_lock(&dquot->dq_lock); 359 mutex_unlock(&dquot->dq_lock); 360} 361 362static inline int dquot_active(struct dquot *dquot) 363{ 364 return test_bit(DQ_ACTIVE_B, &dquot->dq_flags); 365} 366 367static inline int dquot_dirty(struct dquot *dquot) 368{ 369 return test_bit(DQ_MOD_B, &dquot->dq_flags); 370} 371 372static inline int mark_dquot_dirty(struct dquot *dquot) 373{ 374 return dquot->dq_sb->dq_op->mark_dirty(dquot); 375} 376 377/* Mark dquot dirty in atomic manner, and return it's old dirty flag state */ 378int dquot_mark_dquot_dirty(struct dquot *dquot) 379{ 380 int ret = 1; 381 382 if (!dquot_active(dquot)) 383 return 0; 384 385 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY) 386 return test_and_set_bit(DQ_MOD_B, &dquot->dq_flags); 387 388 /* If quota is dirty already, we don't have to acquire dq_list_lock */ 389 if (dquot_dirty(dquot)) 390 return 1; 391 392 spin_lock(&dq_list_lock); 393 if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags)) { 394 list_add(&dquot->dq_dirty, &sb_dqopt(dquot->dq_sb)-> 395 info[dquot->dq_id.type].dqi_dirty_list); 396 ret = 0; 397 } 398 spin_unlock(&dq_list_lock); 399 return ret; 400} 401EXPORT_SYMBOL(dquot_mark_dquot_dirty); 402 403/* Dirtify all the dquots - this can block when journalling */ 404static inline int mark_all_dquot_dirty(struct dquot * const *dquots) 405{ 406 int ret, err, cnt; 407 struct dquot *dquot; 408 409 ret = err = 0; 410 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 411 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 412 if (dquot) 413 /* Even in case of error we have to continue */ 414 ret = mark_dquot_dirty(dquot); 415 if (!err) 416 err = ret; 417 } 418 return err; 419} 420 421static inline void dqput_all(struct dquot **dquot) 422{ 423 unsigned int cnt; 424 425 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 426 dqput(dquot[cnt]); 427} 428 429static inline int clear_dquot_dirty(struct dquot *dquot) 430{ 431 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY) 432 return test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags); 433 434 spin_lock(&dq_list_lock); 435 if (!test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags)) { 436 spin_unlock(&dq_list_lock); 437 return 0; 438 } 439 list_del_init(&dquot->dq_dirty); 440 spin_unlock(&dq_list_lock); 441 return 1; 442} 443 444void mark_info_dirty(struct super_block *sb, int type) 445{ 446 spin_lock(&dq_data_lock); 447 sb_dqopt(sb)->info[type].dqi_flags |= DQF_INFO_DIRTY; 448 spin_unlock(&dq_data_lock); 449} 450EXPORT_SYMBOL(mark_info_dirty); 451 452/* 453 * Read dquot from disk and alloc space for it 454 */ 455 456int dquot_acquire(struct dquot *dquot) 457{ 458 int ret = 0, ret2 = 0; 459 unsigned int memalloc; 460 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 461 462 mutex_lock(&dquot->dq_lock); 463 memalloc = memalloc_nofs_save(); 464 if (!test_bit(DQ_READ_B, &dquot->dq_flags)) { 465 ret = dqopt->ops[dquot->dq_id.type]->read_dqblk(dquot); 466 if (ret < 0) 467 goto out_iolock; 468 } 469 /* Make sure flags update is visible after dquot has been filled */ 470 smp_mb__before_atomic(); 471 set_bit(DQ_READ_B, &dquot->dq_flags); 472 /* Instantiate dquot if needed */ 473 if (!dquot_active(dquot) && !dquot->dq_off) { 474 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot); 475 /* Write the info if needed */ 476 if (info_dirty(&dqopt->info[dquot->dq_id.type])) { 477 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info( 478 dquot->dq_sb, dquot->dq_id.type); 479 } 480 if (ret < 0) 481 goto out_iolock; 482 if (ret2 < 0) { 483 ret = ret2; 484 goto out_iolock; 485 } 486 } 487 /* 488 * Make sure flags update is visible after on-disk struct has been 489 * allocated. Paired with smp_rmb() in dqget(). 490 */ 491 smp_mb__before_atomic(); 492 set_bit(DQ_ACTIVE_B, &dquot->dq_flags); 493out_iolock: 494 memalloc_nofs_restore(memalloc); 495 mutex_unlock(&dquot->dq_lock); 496 return ret; 497} 498EXPORT_SYMBOL(dquot_acquire); 499 500/* 501 * Write dquot to disk 502 */ 503int dquot_commit(struct dquot *dquot) 504{ 505 int ret = 0; 506 unsigned int memalloc; 507 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 508 509 mutex_lock(&dquot->dq_lock); 510 memalloc = memalloc_nofs_save(); 511 if (!clear_dquot_dirty(dquot)) 512 goto out_lock; 513 /* Inactive dquot can be only if there was error during read/init 514 * => we have better not writing it */ 515 if (dquot_active(dquot)) 516 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot); 517 else 518 ret = -EIO; 519out_lock: 520 memalloc_nofs_restore(memalloc); 521 mutex_unlock(&dquot->dq_lock); 522 return ret; 523} 524EXPORT_SYMBOL(dquot_commit); 525 526/* 527 * Release dquot 528 */ 529int dquot_release(struct dquot *dquot) 530{ 531 int ret = 0, ret2 = 0; 532 unsigned int memalloc; 533 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb); 534 535 mutex_lock(&dquot->dq_lock); 536 memalloc = memalloc_nofs_save(); 537 /* Check whether we are not racing with some other dqget() */ 538 if (dquot_is_busy(dquot)) 539 goto out_dqlock; 540 if (dqopt->ops[dquot->dq_id.type]->release_dqblk) { 541 ret = dqopt->ops[dquot->dq_id.type]->release_dqblk(dquot); 542 /* Write the info */ 543 if (info_dirty(&dqopt->info[dquot->dq_id.type])) { 544 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info( 545 dquot->dq_sb, dquot->dq_id.type); 546 } 547 if (ret >= 0) 548 ret = ret2; 549 } 550 clear_bit(DQ_ACTIVE_B, &dquot->dq_flags); 551out_dqlock: 552 memalloc_nofs_restore(memalloc); 553 mutex_unlock(&dquot->dq_lock); 554 return ret; 555} 556EXPORT_SYMBOL(dquot_release); 557 558void dquot_destroy(struct dquot *dquot) 559{ 560 kmem_cache_free(dquot_cachep, dquot); 561} 562EXPORT_SYMBOL(dquot_destroy); 563 564static inline void do_destroy_dquot(struct dquot *dquot) 565{ 566 dquot->dq_sb->dq_op->destroy_dquot(dquot); 567} 568 569/* Invalidate all dquots on the list. Note that this function is called after 570 * quota is disabled and pointers from inodes removed so there cannot be new 571 * quota users. There can still be some users of quotas due to inodes being 572 * just deleted or pruned by prune_icache() (those are not attached to any 573 * list) or parallel quotactl call. We have to wait for such users. 574 */ 575static void invalidate_dquots(struct super_block *sb, int type) 576{ 577 struct dquot *dquot, *tmp; 578 579restart: 580 flush_delayed_work("a_release_work); 581 582 spin_lock(&dq_list_lock); 583 list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) { 584 if (dquot->dq_sb != sb) 585 continue; 586 if (dquot->dq_id.type != type) 587 continue; 588 /* Wait for dquot users */ 589 if (atomic_read(&dquot->dq_count)) { 590 atomic_inc(&dquot->dq_count); 591 spin_unlock(&dq_list_lock); 592 /* 593 * Once dqput() wakes us up, we know it's time to free 594 * the dquot. 595 * IMPORTANT: we rely on the fact that there is always 596 * at most one process waiting for dquot to free. 597 * Otherwise dq_count would be > 1 and we would never 598 * wake up. 599 */ 600 wait_event(dquot_ref_wq, 601 atomic_read(&dquot->dq_count) == 1); 602 dqput(dquot); 603 /* At this moment dquot() need not exist (it could be 604 * reclaimed by prune_dqcache(). Hence we must 605 * restart. */ 606 goto restart; 607 } 608 /* 609 * The last user already dropped its reference but dquot didn't 610 * get fully cleaned up yet. Restart the scan which flushes the 611 * work cleaning up released dquots. 612 */ 613 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) { 614 spin_unlock(&dq_list_lock); 615 goto restart; 616 } 617 /* 618 * Quota now has no users and it has been written on last 619 * dqput() 620 */ 621 remove_dquot_hash(dquot); 622 remove_free_dquot(dquot); 623 remove_inuse(dquot); 624 do_destroy_dquot(dquot); 625 } 626 spin_unlock(&dq_list_lock); 627} 628 629/* Call callback for every active dquot on given filesystem */ 630int dquot_scan_active(struct super_block *sb, 631 int (*fn)(struct dquot *dquot, unsigned long priv), 632 unsigned long priv) 633{ 634 struct dquot *dquot, *old_dquot = NULL; 635 int ret = 0; 636 637 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount)); 638 639 spin_lock(&dq_list_lock); 640 list_for_each_entry(dquot, &inuse_list, dq_inuse) { 641 if (!dquot_active(dquot)) 642 continue; 643 if (dquot->dq_sb != sb) 644 continue; 645 /* Now we have active dquot so we can just increase use count */ 646 atomic_inc(&dquot->dq_count); 647 spin_unlock(&dq_list_lock); 648 dqput(old_dquot); 649 old_dquot = dquot; 650 /* 651 * ->release_dquot() can be racing with us. Our reference 652 * protects us from new calls to it so just wait for any 653 * outstanding call and recheck the DQ_ACTIVE_B after that. 654 */ 655 wait_on_dquot(dquot); 656 if (dquot_active(dquot)) { 657 ret = fn(dquot, priv); 658 if (ret < 0) 659 goto out; 660 } 661 spin_lock(&dq_list_lock); 662 /* We are safe to continue now because our dquot could not 663 * be moved out of the inuse list while we hold the reference */ 664 } 665 spin_unlock(&dq_list_lock); 666out: 667 dqput(old_dquot); 668 return ret; 669} 670EXPORT_SYMBOL(dquot_scan_active); 671 672static inline int dquot_write_dquot(struct dquot *dquot) 673{ 674 int ret = dquot->dq_sb->dq_op->write_dquot(dquot); 675 if (ret < 0) { 676 quota_error(dquot->dq_sb, "Can't write quota structure " 677 "(error %d). Quota may get out of sync!", ret); 678 /* Clear dirty bit anyway to avoid infinite loop. */ 679 clear_dquot_dirty(dquot); 680 } 681 return ret; 682} 683 684/* Write all dquot structures to quota files */ 685int dquot_writeback_dquots(struct super_block *sb, int type) 686{ 687 struct list_head dirty; 688 struct dquot *dquot; 689 struct quota_info *dqopt = sb_dqopt(sb); 690 int cnt; 691 int err, ret = 0; 692 693 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount)); 694 695 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 696 if (type != -1 && cnt != type) 697 continue; 698 if (!sb_has_quota_active(sb, cnt)) 699 continue; 700 spin_lock(&dq_list_lock); 701 /* Move list away to avoid livelock. */ 702 list_replace_init(&dqopt->info[cnt].dqi_dirty_list, &dirty); 703 while (!list_empty(&dirty)) { 704 dquot = list_first_entry(&dirty, struct dquot, 705 dq_dirty); 706 707 WARN_ON(!dquot_active(dquot)); 708 /* If the dquot is releasing we should not touch it */ 709 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) { 710 spin_unlock(&dq_list_lock); 711 flush_delayed_work("a_release_work); 712 spin_lock(&dq_list_lock); 713 continue; 714 } 715 716 /* Now we have active dquot from which someone is 717 * holding reference so we can safely just increase 718 * use count */ 719 dqgrab(dquot); 720 spin_unlock(&dq_list_lock); 721 err = dquot_write_dquot(dquot); 722 if (err && !ret) 723 ret = err; 724 dqput(dquot); 725 spin_lock(&dq_list_lock); 726 } 727 spin_unlock(&dq_list_lock); 728 } 729 730 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 731 if ((cnt == type || type == -1) && sb_has_quota_active(sb, cnt) 732 && info_dirty(&dqopt->info[cnt])) 733 sb->dq_op->write_info(sb, cnt); 734 dqstats_inc(DQST_SYNCS); 735 736 return ret; 737} 738EXPORT_SYMBOL(dquot_writeback_dquots); 739 740/* Write all dquot structures to disk and make them visible from userspace */ 741int dquot_quota_sync(struct super_block *sb, int type) 742{ 743 struct quota_info *dqopt = sb_dqopt(sb); 744 int cnt; 745 int ret; 746 747 ret = dquot_writeback_dquots(sb, type); 748 if (ret) 749 return ret; 750 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) 751 return 0; 752 753 /* This is not very clever (and fast) but currently I don't know about 754 * any other simple way of getting quota data to disk and we must get 755 * them there for userspace to be visible... */ 756 if (sb->s_op->sync_fs) { 757 ret = sb->s_op->sync_fs(sb, 1); 758 if (ret) 759 return ret; 760 } 761 ret = sync_blockdev(sb->s_bdev); 762 if (ret) 763 return ret; 764 765 /* 766 * Now when everything is written we can discard the pagecache so 767 * that userspace sees the changes. 768 */ 769 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 770 if (type != -1 && cnt != type) 771 continue; 772 if (!sb_has_quota_active(sb, cnt)) 773 continue; 774 inode_lock(dqopt->files[cnt]); 775 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0); 776 inode_unlock(dqopt->files[cnt]); 777 } 778 779 return 0; 780} 781EXPORT_SYMBOL(dquot_quota_sync); 782 783static unsigned long 784dqcache_shrink_scan(struct shrinker *shrink, struct shrink_control *sc) 785{ 786 struct dquot *dquot; 787 unsigned long freed = 0; 788 789 spin_lock(&dq_list_lock); 790 while (!list_empty(&free_dquots) && sc->nr_to_scan) { 791 dquot = list_first_entry(&free_dquots, struct dquot, dq_free); 792 remove_dquot_hash(dquot); 793 remove_free_dquot(dquot); 794 remove_inuse(dquot); 795 do_destroy_dquot(dquot); 796 sc->nr_to_scan--; 797 freed++; 798 } 799 spin_unlock(&dq_list_lock); 800 return freed; 801} 802 803static unsigned long 804dqcache_shrink_count(struct shrinker *shrink, struct shrink_control *sc) 805{ 806 return vfs_pressure_ratio( 807 percpu_counter_read_positive(&dqstats.counter[DQST_FREE_DQUOTS])); 808} 809 810static struct shrinker dqcache_shrinker = { 811 .count_objects = dqcache_shrink_count, 812 .scan_objects = dqcache_shrink_scan, 813 .seeks = DEFAULT_SEEKS, 814}; 815 816/* 817 * Safely release dquot and put reference to dquot. 818 */ 819static void quota_release_workfn(struct work_struct *work) 820{ 821 struct dquot *dquot; 822 struct list_head rls_head; 823 824 spin_lock(&dq_list_lock); 825 /* Exchange the list head to avoid livelock. */ 826 list_replace_init(&releasing_dquots, &rls_head); 827 spin_unlock(&dq_list_lock); 828 synchronize_srcu(&dquot_srcu); 829 830restart: 831 spin_lock(&dq_list_lock); 832 while (!list_empty(&rls_head)) { 833 dquot = list_first_entry(&rls_head, struct dquot, dq_free); 834 WARN_ON_ONCE(atomic_read(&dquot->dq_count)); 835 /* 836 * Note that DQ_RELEASING_B protects us from racing with 837 * invalidate_dquots() calls so we are safe to work with the 838 * dquot even after we drop dq_list_lock. 839 */ 840 if (dquot_dirty(dquot)) { 841 spin_unlock(&dq_list_lock); 842 /* Commit dquot before releasing */ 843 dquot_write_dquot(dquot); 844 goto restart; 845 } 846 if (dquot_active(dquot)) { 847 spin_unlock(&dq_list_lock); 848 dquot->dq_sb->dq_op->release_dquot(dquot); 849 goto restart; 850 } 851 /* Dquot is inactive and clean, now move it to free list */ 852 remove_free_dquot(dquot); 853 put_dquot_last(dquot); 854 } 855 spin_unlock(&dq_list_lock); 856} 857 858/* 859 * Put reference to dquot 860 */ 861void dqput(struct dquot *dquot) 862{ 863 if (!dquot) 864 return; 865#ifdef CONFIG_QUOTA_DEBUG 866 if (!atomic_read(&dquot->dq_count)) { 867 quota_error(dquot->dq_sb, "trying to free free dquot of %s %d", 868 quotatypes[dquot->dq_id.type], 869 from_kqid(&init_user_ns, dquot->dq_id)); 870 BUG(); 871 } 872#endif 873 dqstats_inc(DQST_DROPS); 874 875 spin_lock(&dq_list_lock); 876 if (atomic_read(&dquot->dq_count) > 1) { 877 /* We have more than one user... nothing to do */ 878 atomic_dec(&dquot->dq_count); 879 /* Releasing dquot during quotaoff phase? */ 880 if (!sb_has_quota_active(dquot->dq_sb, dquot->dq_id.type) && 881 atomic_read(&dquot->dq_count) == 1) 882 wake_up(&dquot_ref_wq); 883 spin_unlock(&dq_list_lock); 884 return; 885 } 886 887 /* Need to release dquot? */ 888#ifdef CONFIG_QUOTA_DEBUG 889 /* sanity check */ 890 BUG_ON(!list_empty(&dquot->dq_free)); 891#endif 892 put_releasing_dquots(dquot); 893 atomic_dec(&dquot->dq_count); 894 spin_unlock(&dq_list_lock); 895 queue_delayed_work(system_unbound_wq, "a_release_work, 1); 896} 897EXPORT_SYMBOL(dqput); 898 899struct dquot *dquot_alloc(struct super_block *sb, int type) 900{ 901 return kmem_cache_zalloc(dquot_cachep, GFP_NOFS); 902} 903EXPORT_SYMBOL(dquot_alloc); 904 905static struct dquot *get_empty_dquot(struct super_block *sb, int type) 906{ 907 struct dquot *dquot; 908 909 dquot = sb->dq_op->alloc_dquot(sb, type); 910 if(!dquot) 911 return NULL; 912 913 mutex_init(&dquot->dq_lock); 914 INIT_LIST_HEAD(&dquot->dq_free); 915 INIT_LIST_HEAD(&dquot->dq_inuse); 916 INIT_HLIST_NODE(&dquot->dq_hash); 917 INIT_LIST_HEAD(&dquot->dq_dirty); 918 dquot->dq_sb = sb; 919 dquot->dq_id = make_kqid_invalid(type); 920 atomic_set(&dquot->dq_count, 1); 921 spin_lock_init(&dquot->dq_dqb_lock); 922 923 return dquot; 924} 925 926/* 927 * Get reference to dquot 928 * 929 * Locking is slightly tricky here. We are guarded from parallel quotaoff() 930 * destroying our dquot by: 931 * a) checking for quota flags under dq_list_lock and 932 * b) getting a reference to dquot before we release dq_list_lock 933 */ 934struct dquot *dqget(struct super_block *sb, struct kqid qid) 935{ 936 unsigned int hashent = hashfn(sb, qid); 937 struct dquot *dquot, *empty = NULL; 938 939 if (!qid_has_mapping(sb->s_user_ns, qid)) 940 return ERR_PTR(-EINVAL); 941 942 if (!sb_has_quota_active(sb, qid.type)) 943 return ERR_PTR(-ESRCH); 944we_slept: 945 spin_lock(&dq_list_lock); 946 spin_lock(&dq_state_lock); 947 if (!sb_has_quota_active(sb, qid.type)) { 948 spin_unlock(&dq_state_lock); 949 spin_unlock(&dq_list_lock); 950 dquot = ERR_PTR(-ESRCH); 951 goto out; 952 } 953 spin_unlock(&dq_state_lock); 954 955 dquot = find_dquot(hashent, sb, qid); 956 if (!dquot) { 957 if (!empty) { 958 spin_unlock(&dq_list_lock); 959 empty = get_empty_dquot(sb, qid.type); 960 if (!empty) 961 schedule(); /* Try to wait for a moment... */ 962 goto we_slept; 963 } 964 dquot = empty; 965 empty = NULL; 966 dquot->dq_id = qid; 967 /* all dquots go on the inuse_list */ 968 put_inuse(dquot); 969 /* hash it first so it can be found */ 970 insert_dquot_hash(dquot); 971 spin_unlock(&dq_list_lock); 972 dqstats_inc(DQST_LOOKUPS); 973 } else { 974 if (!atomic_read(&dquot->dq_count)) 975 remove_free_dquot(dquot); 976 atomic_inc(&dquot->dq_count); 977 spin_unlock(&dq_list_lock); 978 dqstats_inc(DQST_CACHE_HITS); 979 dqstats_inc(DQST_LOOKUPS); 980 } 981 /* Wait for dq_lock - after this we know that either dquot_release() is 982 * already finished or it will be canceled due to dq_count > 0 test */ 983 wait_on_dquot(dquot); 984 /* Read the dquot / allocate space in quota file */ 985 if (!dquot_active(dquot)) { 986 int err; 987 988 err = sb->dq_op->acquire_dquot(dquot); 989 if (err < 0) { 990 dqput(dquot); 991 dquot = ERR_PTR(err); 992 goto out; 993 } 994 } 995 /* 996 * Make sure following reads see filled structure - paired with 997 * smp_mb__before_atomic() in dquot_acquire(). 998 */ 999 smp_rmb(); 1000#ifdef CONFIG_QUOTA_DEBUG 1001 BUG_ON(!dquot->dq_sb); /* Has somebody invalidated entry under us? */ 1002#endif 1003out: 1004 if (empty) 1005 do_destroy_dquot(empty); 1006 1007 return dquot; 1008} 1009EXPORT_SYMBOL(dqget); 1010 1011static inline struct dquot **i_dquot(struct inode *inode) 1012{ 1013 return inode->i_sb->s_op->get_dquots(inode); 1014} 1015 1016static int dqinit_needed(struct inode *inode, int type) 1017{ 1018 struct dquot * const *dquots; 1019 int cnt; 1020 1021 if (IS_NOQUOTA(inode)) 1022 return 0; 1023 1024 dquots = i_dquot(inode); 1025 if (type != -1) 1026 return !dquots[type]; 1027 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1028 if (!dquots[cnt]) 1029 return 1; 1030 return 0; 1031} 1032 1033/* This routine is guarded by s_umount semaphore */ 1034static int add_dquot_ref(struct super_block *sb, int type) 1035{ 1036 struct inode *inode, *old_inode = NULL; 1037#ifdef CONFIG_QUOTA_DEBUG 1038 int reserved = 0; 1039#endif 1040 int err = 0; 1041 1042 spin_lock(&sb->s_inode_list_lock); 1043 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { 1044 spin_lock(&inode->i_lock); 1045 if ((inode->i_state & (I_FREEING|I_WILL_FREE|I_NEW)) || 1046 !atomic_read(&inode->i_writecount) || 1047 !dqinit_needed(inode, type)) { 1048 spin_unlock(&inode->i_lock); 1049 continue; 1050 } 1051 __iget(inode); 1052 spin_unlock(&inode->i_lock); 1053 spin_unlock(&sb->s_inode_list_lock); 1054 1055#ifdef CONFIG_QUOTA_DEBUG 1056 if (unlikely(inode_get_rsv_space(inode) > 0)) 1057 reserved = 1; 1058#endif 1059 iput(old_inode); 1060 err = __dquot_initialize(inode, type); 1061 if (err) { 1062 iput(inode); 1063 goto out; 1064 } 1065 1066 /* 1067 * We hold a reference to 'inode' so it couldn't have been 1068 * removed from s_inodes list while we dropped the 1069 * s_inode_list_lock. We cannot iput the inode now as we can be 1070 * holding the last reference and we cannot iput it under 1071 * s_inode_list_lock. So we keep the reference and iput it 1072 * later. 1073 */ 1074 old_inode = inode; 1075 cond_resched(); 1076 spin_lock(&sb->s_inode_list_lock); 1077 } 1078 spin_unlock(&sb->s_inode_list_lock); 1079 iput(old_inode); 1080out: 1081#ifdef CONFIG_QUOTA_DEBUG 1082 if (reserved) { 1083 quota_error(sb, "Writes happened before quota was turned on " 1084 "thus quota information is probably inconsistent. " 1085 "Please run quotacheck(8)"); 1086 } 1087#endif 1088 return err; 1089} 1090 1091/* 1092 * Remove references to dquots from inode and add dquot to list for freeing 1093 * if we have the last reference to dquot 1094 */ 1095static void remove_inode_dquot_ref(struct inode *inode, int type, 1096 struct list_head *tofree_head) 1097{ 1098 struct dquot **dquots = i_dquot(inode); 1099 struct dquot *dquot = dquots[type]; 1100 1101 if (!dquot) 1102 return; 1103 1104 dquots[type] = NULL; 1105 if (list_empty(&dquot->dq_free)) { 1106 /* 1107 * The inode still has reference to dquot so it can't be in the 1108 * free list 1109 */ 1110 spin_lock(&dq_list_lock); 1111 list_add(&dquot->dq_free, tofree_head); 1112 spin_unlock(&dq_list_lock); 1113 } else { 1114 /* 1115 * Dquot is already in a list to put so we won't drop the last 1116 * reference here. 1117 */ 1118 dqput(dquot); 1119 } 1120} 1121 1122/* 1123 * Free list of dquots 1124 * Dquots are removed from inodes and no new references can be got so we are 1125 * the only ones holding reference 1126 */ 1127static void put_dquot_list(struct list_head *tofree_head) 1128{ 1129 struct list_head *act_head; 1130 struct dquot *dquot; 1131 1132 act_head = tofree_head->next; 1133 while (act_head != tofree_head) { 1134 dquot = list_entry(act_head, struct dquot, dq_free); 1135 act_head = act_head->next; 1136 /* Remove dquot from the list so we won't have problems... */ 1137 list_del_init(&dquot->dq_free); 1138 dqput(dquot); 1139 } 1140} 1141 1142static void remove_dquot_ref(struct super_block *sb, int type, 1143 struct list_head *tofree_head) 1144{ 1145 struct inode *inode; 1146#ifdef CONFIG_QUOTA_DEBUG 1147 int reserved = 0; 1148#endif 1149 1150 spin_lock(&sb->s_inode_list_lock); 1151 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) { 1152 /* 1153 * We have to scan also I_NEW inodes because they can already 1154 * have quota pointer initialized. Luckily, we need to touch 1155 * only quota pointers and these have separate locking 1156 * (dq_data_lock). 1157 */ 1158 spin_lock(&dq_data_lock); 1159 if (!IS_NOQUOTA(inode)) { 1160#ifdef CONFIG_QUOTA_DEBUG 1161 if (unlikely(inode_get_rsv_space(inode) > 0)) 1162 reserved = 1; 1163#endif 1164 remove_inode_dquot_ref(inode, type, tofree_head); 1165 } 1166 spin_unlock(&dq_data_lock); 1167 } 1168 spin_unlock(&sb->s_inode_list_lock); 1169#ifdef CONFIG_QUOTA_DEBUG 1170 if (reserved) { 1171 printk(KERN_WARNING "VFS (%s): Writes happened after quota" 1172 " was disabled thus quota information is probably " 1173 "inconsistent. Please run quotacheck(8).\n", sb->s_id); 1174 } 1175#endif 1176} 1177 1178/* Gather all references from inodes and drop them */ 1179static void drop_dquot_ref(struct super_block *sb, int type) 1180{ 1181 LIST_HEAD(tofree_head); 1182 1183 if (sb->dq_op) { 1184 remove_dquot_ref(sb, type, &tofree_head); 1185 synchronize_srcu(&dquot_srcu); 1186 put_dquot_list(&tofree_head); 1187 } 1188} 1189 1190static inline 1191void dquot_free_reserved_space(struct dquot *dquot, qsize_t number) 1192{ 1193 if (dquot->dq_dqb.dqb_rsvspace >= number) 1194 dquot->dq_dqb.dqb_rsvspace -= number; 1195 else { 1196 WARN_ON_ONCE(1); 1197 dquot->dq_dqb.dqb_rsvspace = 0; 1198 } 1199 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <= 1200 dquot->dq_dqb.dqb_bsoftlimit) 1201 dquot->dq_dqb.dqb_btime = (time64_t) 0; 1202 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1203} 1204 1205static void dquot_decr_inodes(struct dquot *dquot, qsize_t number) 1206{ 1207 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE || 1208 dquot->dq_dqb.dqb_curinodes >= number) 1209 dquot->dq_dqb.dqb_curinodes -= number; 1210 else 1211 dquot->dq_dqb.dqb_curinodes = 0; 1212 if (dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit) 1213 dquot->dq_dqb.dqb_itime = (time64_t) 0; 1214 clear_bit(DQ_INODES_B, &dquot->dq_flags); 1215} 1216 1217static void dquot_decr_space(struct dquot *dquot, qsize_t number) 1218{ 1219 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE || 1220 dquot->dq_dqb.dqb_curspace >= number) 1221 dquot->dq_dqb.dqb_curspace -= number; 1222 else 1223 dquot->dq_dqb.dqb_curspace = 0; 1224 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <= 1225 dquot->dq_dqb.dqb_bsoftlimit) 1226 dquot->dq_dqb.dqb_btime = (time64_t) 0; 1227 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 1228} 1229 1230struct dquot_warn { 1231 struct super_block *w_sb; 1232 struct kqid w_dq_id; 1233 short w_type; 1234}; 1235 1236static int warning_issued(struct dquot *dquot, const int warntype) 1237{ 1238 int flag = (warntype == QUOTA_NL_BHARDWARN || 1239 warntype == QUOTA_NL_BSOFTLONGWARN) ? DQ_BLKS_B : 1240 ((warntype == QUOTA_NL_IHARDWARN || 1241 warntype == QUOTA_NL_ISOFTLONGWARN) ? DQ_INODES_B : 0); 1242 1243 if (!flag) 1244 return 0; 1245 return test_and_set_bit(flag, &dquot->dq_flags); 1246} 1247 1248#ifdef CONFIG_PRINT_QUOTA_WARNING 1249static int flag_print_warnings = 1; 1250 1251static int need_print_warning(struct dquot_warn *warn) 1252{ 1253 if (!flag_print_warnings) 1254 return 0; 1255 1256 switch (warn->w_dq_id.type) { 1257 case USRQUOTA: 1258 return uid_eq(current_fsuid(), warn->w_dq_id.uid); 1259 case GRPQUOTA: 1260 return in_group_p(warn->w_dq_id.gid); 1261 case PRJQUOTA: 1262 return 1; 1263 } 1264 return 0; 1265} 1266 1267/* Print warning to user which exceeded quota */ 1268static void print_warning(struct dquot_warn *warn) 1269{ 1270 char *msg = NULL; 1271 struct tty_struct *tty; 1272 int warntype = warn->w_type; 1273 1274 if (warntype == QUOTA_NL_IHARDBELOW || 1275 warntype == QUOTA_NL_ISOFTBELOW || 1276 warntype == QUOTA_NL_BHARDBELOW || 1277 warntype == QUOTA_NL_BSOFTBELOW || !need_print_warning(warn)) 1278 return; 1279 1280 tty = get_current_tty(); 1281 if (!tty) 1282 return; 1283 tty_write_message(tty, warn->w_sb->s_id); 1284 if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN) 1285 tty_write_message(tty, ": warning, "); 1286 else 1287 tty_write_message(tty, ": write failed, "); 1288 tty_write_message(tty, quotatypes[warn->w_dq_id.type]); 1289 switch (warntype) { 1290 case QUOTA_NL_IHARDWARN: 1291 msg = " file limit reached.\r\n"; 1292 break; 1293 case QUOTA_NL_ISOFTLONGWARN: 1294 msg = " file quota exceeded too long.\r\n"; 1295 break; 1296 case QUOTA_NL_ISOFTWARN: 1297 msg = " file quota exceeded.\r\n"; 1298 break; 1299 case QUOTA_NL_BHARDWARN: 1300 msg = " block limit reached.\r\n"; 1301 break; 1302 case QUOTA_NL_BSOFTLONGWARN: 1303 msg = " block quota exceeded too long.\r\n"; 1304 break; 1305 case QUOTA_NL_BSOFTWARN: 1306 msg = " block quota exceeded.\r\n"; 1307 break; 1308 } 1309 tty_write_message(tty, msg); 1310 tty_kref_put(tty); 1311} 1312#endif 1313 1314static void prepare_warning(struct dquot_warn *warn, struct dquot *dquot, 1315 int warntype) 1316{ 1317 if (warning_issued(dquot, warntype)) 1318 return; 1319 warn->w_type = warntype; 1320 warn->w_sb = dquot->dq_sb; 1321 warn->w_dq_id = dquot->dq_id; 1322} 1323 1324/* 1325 * Write warnings to the console and send warning messages over netlink. 1326 * 1327 * Note that this function can call into tty and networking code. 1328 */ 1329static void flush_warnings(struct dquot_warn *warn) 1330{ 1331 int i; 1332 1333 for (i = 0; i < MAXQUOTAS; i++) { 1334 if (warn[i].w_type == QUOTA_NL_NOWARN) 1335 continue; 1336#ifdef CONFIG_PRINT_QUOTA_WARNING 1337 print_warning(&warn[i]); 1338#endif 1339 quota_send_warning(warn[i].w_dq_id, 1340 warn[i].w_sb->s_dev, warn[i].w_type); 1341 } 1342} 1343 1344static int ignore_hardlimit(struct dquot *dquot) 1345{ 1346 struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type]; 1347 1348 return capable(CAP_SYS_RESOURCE) && 1349 (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD || 1350 !(info->dqi_flags & DQF_ROOT_SQUASH)); 1351} 1352 1353static int dquot_add_inodes(struct dquot *dquot, qsize_t inodes, 1354 struct dquot_warn *warn) 1355{ 1356 qsize_t newinodes; 1357 int ret = 0; 1358 1359 spin_lock(&dquot->dq_dqb_lock); 1360 newinodes = dquot->dq_dqb.dqb_curinodes + inodes; 1361 if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type) || 1362 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1363 goto add; 1364 1365 if (dquot->dq_dqb.dqb_ihardlimit && 1366 newinodes > dquot->dq_dqb.dqb_ihardlimit && 1367 !ignore_hardlimit(dquot)) { 1368 prepare_warning(warn, dquot, QUOTA_NL_IHARDWARN); 1369 ret = -EDQUOT; 1370 goto out; 1371 } 1372 1373 if (dquot->dq_dqb.dqb_isoftlimit && 1374 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1375 dquot->dq_dqb.dqb_itime && 1376 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_itime && 1377 !ignore_hardlimit(dquot)) { 1378 prepare_warning(warn, dquot, QUOTA_NL_ISOFTLONGWARN); 1379 ret = -EDQUOT; 1380 goto out; 1381 } 1382 1383 if (dquot->dq_dqb.dqb_isoftlimit && 1384 newinodes > dquot->dq_dqb.dqb_isoftlimit && 1385 dquot->dq_dqb.dqb_itime == 0) { 1386 prepare_warning(warn, dquot, QUOTA_NL_ISOFTWARN); 1387 dquot->dq_dqb.dqb_itime = ktime_get_real_seconds() + 1388 sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type].dqi_igrace; 1389 } 1390add: 1391 dquot->dq_dqb.dqb_curinodes = newinodes; 1392 1393out: 1394 spin_unlock(&dquot->dq_dqb_lock); 1395 return ret; 1396} 1397 1398static int dquot_add_space(struct dquot *dquot, qsize_t space, 1399 qsize_t rsv_space, unsigned int flags, 1400 struct dquot_warn *warn) 1401{ 1402 qsize_t tspace; 1403 struct super_block *sb = dquot->dq_sb; 1404 int ret = 0; 1405 1406 spin_lock(&dquot->dq_dqb_lock); 1407 if (!sb_has_quota_limits_enabled(sb, dquot->dq_id.type) || 1408 test_bit(DQ_FAKE_B, &dquot->dq_flags)) 1409 goto finish; 1410 1411 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace 1412 + space + rsv_space; 1413 1414 if (dquot->dq_dqb.dqb_bhardlimit && 1415 tspace > dquot->dq_dqb.dqb_bhardlimit && 1416 !ignore_hardlimit(dquot)) { 1417 if (flags & DQUOT_SPACE_WARN) 1418 prepare_warning(warn, dquot, QUOTA_NL_BHARDWARN); 1419 ret = -EDQUOT; 1420 goto finish; 1421 } 1422 1423 if (dquot->dq_dqb.dqb_bsoftlimit && 1424 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1425 dquot->dq_dqb.dqb_btime && 1426 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_btime && 1427 !ignore_hardlimit(dquot)) { 1428 if (flags & DQUOT_SPACE_WARN) 1429 prepare_warning(warn, dquot, QUOTA_NL_BSOFTLONGWARN); 1430 ret = -EDQUOT; 1431 goto finish; 1432 } 1433 1434 if (dquot->dq_dqb.dqb_bsoftlimit && 1435 tspace > dquot->dq_dqb.dqb_bsoftlimit && 1436 dquot->dq_dqb.dqb_btime == 0) { 1437 if (flags & DQUOT_SPACE_WARN) { 1438 prepare_warning(warn, dquot, QUOTA_NL_BSOFTWARN); 1439 dquot->dq_dqb.dqb_btime = ktime_get_real_seconds() + 1440 sb_dqopt(sb)->info[dquot->dq_id.type].dqi_bgrace; 1441 } else { 1442 /* 1443 * We don't allow preallocation to exceed softlimit so exceeding will 1444 * be always printed 1445 */ 1446 ret = -EDQUOT; 1447 goto finish; 1448 } 1449 } 1450finish: 1451 /* 1452 * We have to be careful and go through warning generation & grace time 1453 * setting even if DQUOT_SPACE_NOFAIL is set. That's why we check it 1454 * only here... 1455 */ 1456 if (flags & DQUOT_SPACE_NOFAIL) 1457 ret = 0; 1458 if (!ret) { 1459 dquot->dq_dqb.dqb_rsvspace += rsv_space; 1460 dquot->dq_dqb.dqb_curspace += space; 1461 } 1462 spin_unlock(&dquot->dq_dqb_lock); 1463 return ret; 1464} 1465 1466static int info_idq_free(struct dquot *dquot, qsize_t inodes) 1467{ 1468 qsize_t newinodes; 1469 1470 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1471 dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit || 1472 !sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type)) 1473 return QUOTA_NL_NOWARN; 1474 1475 newinodes = dquot->dq_dqb.dqb_curinodes - inodes; 1476 if (newinodes <= dquot->dq_dqb.dqb_isoftlimit) 1477 return QUOTA_NL_ISOFTBELOW; 1478 if (dquot->dq_dqb.dqb_curinodes >= dquot->dq_dqb.dqb_ihardlimit && 1479 newinodes < dquot->dq_dqb.dqb_ihardlimit) 1480 return QUOTA_NL_IHARDBELOW; 1481 return QUOTA_NL_NOWARN; 1482} 1483 1484static int info_bdq_free(struct dquot *dquot, qsize_t space) 1485{ 1486 qsize_t tspace; 1487 1488 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace; 1489 1490 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) || 1491 tspace <= dquot->dq_dqb.dqb_bsoftlimit) 1492 return QUOTA_NL_NOWARN; 1493 1494 if (tspace - space <= dquot->dq_dqb.dqb_bsoftlimit) 1495 return QUOTA_NL_BSOFTBELOW; 1496 if (tspace >= dquot->dq_dqb.dqb_bhardlimit && 1497 tspace - space < dquot->dq_dqb.dqb_bhardlimit) 1498 return QUOTA_NL_BHARDBELOW; 1499 return QUOTA_NL_NOWARN; 1500} 1501 1502static int inode_quota_active(const struct inode *inode) 1503{ 1504 struct super_block *sb = inode->i_sb; 1505 1506 if (IS_NOQUOTA(inode)) 1507 return 0; 1508 return sb_any_quota_loaded(sb) & ~sb_any_quota_suspended(sb); 1509} 1510 1511/* 1512 * Initialize quota pointers in inode 1513 * 1514 * It is better to call this function outside of any transaction as it 1515 * might need a lot of space in journal for dquot structure allocation. 1516 */ 1517static int __dquot_initialize(struct inode *inode, int type) 1518{ 1519 int cnt, init_needed = 0; 1520 struct dquot **dquots, *got[MAXQUOTAS] = {}; 1521 struct super_block *sb = inode->i_sb; 1522 qsize_t rsv; 1523 int ret = 0; 1524 1525 if (!inode_quota_active(inode)) 1526 return 0; 1527 1528 dquots = i_dquot(inode); 1529 1530 /* First get references to structures we might need. */ 1531 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1532 struct kqid qid; 1533 kprojid_t projid; 1534 int rc; 1535 struct dquot *dquot; 1536 1537 if (type != -1 && cnt != type) 1538 continue; 1539 /* 1540 * The i_dquot should have been initialized in most cases, 1541 * we check it without locking here to avoid unnecessary 1542 * dqget()/dqput() calls. 1543 */ 1544 if (dquots[cnt]) 1545 continue; 1546 1547 if (!sb_has_quota_active(sb, cnt)) 1548 continue; 1549 1550 init_needed = 1; 1551 1552 switch (cnt) { 1553 case USRQUOTA: 1554 qid = make_kqid_uid(inode->i_uid); 1555 break; 1556 case GRPQUOTA: 1557 qid = make_kqid_gid(inode->i_gid); 1558 break; 1559 case PRJQUOTA: 1560 rc = inode->i_sb->dq_op->get_projid(inode, &projid); 1561 if (rc) 1562 continue; 1563 qid = make_kqid_projid(projid); 1564 break; 1565 } 1566 dquot = dqget(sb, qid); 1567 if (IS_ERR(dquot)) { 1568 /* We raced with somebody turning quotas off... */ 1569 if (PTR_ERR(dquot) != -ESRCH) { 1570 ret = PTR_ERR(dquot); 1571 goto out_put; 1572 } 1573 dquot = NULL; 1574 } 1575 got[cnt] = dquot; 1576 } 1577 1578 /* All required i_dquot has been initialized */ 1579 if (!init_needed) 1580 return 0; 1581 1582 spin_lock(&dq_data_lock); 1583 if (IS_NOQUOTA(inode)) 1584 goto out_lock; 1585 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1586 if (type != -1 && cnt != type) 1587 continue; 1588 /* Avoid races with quotaoff() */ 1589 if (!sb_has_quota_active(sb, cnt)) 1590 continue; 1591 /* We could race with quotaon or dqget() could have failed */ 1592 if (!got[cnt]) 1593 continue; 1594 if (!dquots[cnt]) { 1595 dquots[cnt] = got[cnt]; 1596 got[cnt] = NULL; 1597 /* 1598 * Make quota reservation system happy if someone 1599 * did a write before quota was turned on 1600 */ 1601 rsv = inode_get_rsv_space(inode); 1602 if (unlikely(rsv)) { 1603 spin_lock(&inode->i_lock); 1604 /* Get reservation again under proper lock */ 1605 rsv = __inode_get_rsv_space(inode); 1606 spin_lock(&dquots[cnt]->dq_dqb_lock); 1607 dquots[cnt]->dq_dqb.dqb_rsvspace += rsv; 1608 spin_unlock(&dquots[cnt]->dq_dqb_lock); 1609 spin_unlock(&inode->i_lock); 1610 } 1611 } 1612 } 1613out_lock: 1614 spin_unlock(&dq_data_lock); 1615out_put: 1616 /* Drop unused references */ 1617 dqput_all(got); 1618 1619 return ret; 1620} 1621 1622int dquot_initialize(struct inode *inode) 1623{ 1624 return __dquot_initialize(inode, -1); 1625} 1626EXPORT_SYMBOL(dquot_initialize); 1627 1628bool dquot_initialize_needed(struct inode *inode) 1629{ 1630 struct dquot **dquots; 1631 int i; 1632 1633 if (!inode_quota_active(inode)) 1634 return false; 1635 1636 dquots = i_dquot(inode); 1637 for (i = 0; i < MAXQUOTAS; i++) 1638 if (!dquots[i] && sb_has_quota_active(inode->i_sb, i)) 1639 return true; 1640 return false; 1641} 1642EXPORT_SYMBOL(dquot_initialize_needed); 1643 1644/* 1645 * Release all quotas referenced by inode. 1646 * 1647 * This function only be called on inode free or converting 1648 * a file to quota file, no other users for the i_dquot in 1649 * both cases, so we needn't call synchronize_srcu() after 1650 * clearing i_dquot. 1651 */ 1652static void __dquot_drop(struct inode *inode) 1653{ 1654 int cnt; 1655 struct dquot **dquots = i_dquot(inode); 1656 struct dquot *put[MAXQUOTAS]; 1657 1658 spin_lock(&dq_data_lock); 1659 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1660 put[cnt] = dquots[cnt]; 1661 dquots[cnt] = NULL; 1662 } 1663 spin_unlock(&dq_data_lock); 1664 dqput_all(put); 1665} 1666 1667void dquot_drop(struct inode *inode) 1668{ 1669 struct dquot * const *dquots; 1670 int cnt; 1671 1672 if (IS_NOQUOTA(inode)) 1673 return; 1674 1675 /* 1676 * Test before calling to rule out calls from proc and such 1677 * where we are not allowed to block. Note that this is 1678 * actually reliable test even without the lock - the caller 1679 * must assure that nobody can come after the DQUOT_DROP and 1680 * add quota pointers back anyway. 1681 */ 1682 dquots = i_dquot(inode); 1683 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1684 if (dquots[cnt]) 1685 break; 1686 } 1687 1688 if (cnt < MAXQUOTAS) 1689 __dquot_drop(inode); 1690} 1691EXPORT_SYMBOL(dquot_drop); 1692 1693/* 1694 * inode_reserved_space is managed internally by quota, and protected by 1695 * i_lock similar to i_blocks+i_bytes. 1696 */ 1697static qsize_t *inode_reserved_space(struct inode * inode) 1698{ 1699 /* Filesystem must explicitly define it's own method in order to use 1700 * quota reservation interface */ 1701 BUG_ON(!inode->i_sb->dq_op->get_reserved_space); 1702 return inode->i_sb->dq_op->get_reserved_space(inode); 1703} 1704 1705static qsize_t __inode_get_rsv_space(struct inode *inode) 1706{ 1707 if (!inode->i_sb->dq_op->get_reserved_space) 1708 return 0; 1709 return *inode_reserved_space(inode); 1710} 1711 1712static qsize_t inode_get_rsv_space(struct inode *inode) 1713{ 1714 qsize_t ret; 1715 1716 if (!inode->i_sb->dq_op->get_reserved_space) 1717 return 0; 1718 spin_lock(&inode->i_lock); 1719 ret = __inode_get_rsv_space(inode); 1720 spin_unlock(&inode->i_lock); 1721 return ret; 1722} 1723 1724/* 1725 * This functions updates i_blocks+i_bytes fields and quota information 1726 * (together with appropriate checks). 1727 * 1728 * NOTE: We absolutely rely on the fact that caller dirties the inode 1729 * (usually helpers in quotaops.h care about this) and holds a handle for 1730 * the current transaction so that dquot write and inode write go into the 1731 * same transaction. 1732 */ 1733 1734/* 1735 * This operation can block, but only after everything is updated 1736 */ 1737int __dquot_alloc_space(struct inode *inode, qsize_t number, int flags) 1738{ 1739 int cnt, ret = 0, index; 1740 struct dquot_warn warn[MAXQUOTAS]; 1741 int reserve = flags & DQUOT_SPACE_RESERVE; 1742 struct dquot **dquots; 1743 struct dquot *dquot; 1744 1745 if (!inode_quota_active(inode)) { 1746 if (reserve) { 1747 spin_lock(&inode->i_lock); 1748 *inode_reserved_space(inode) += number; 1749 spin_unlock(&inode->i_lock); 1750 } else { 1751 inode_add_bytes(inode, number); 1752 } 1753 goto out; 1754 } 1755 1756 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1757 warn[cnt].w_type = QUOTA_NL_NOWARN; 1758 1759 dquots = i_dquot(inode); 1760 index = srcu_read_lock(&dquot_srcu); 1761 spin_lock(&inode->i_lock); 1762 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1763 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1764 if (!dquot) 1765 continue; 1766 if (reserve) { 1767 ret = dquot_add_space(dquot, 0, number, flags, &warn[cnt]); 1768 } else { 1769 ret = dquot_add_space(dquot, number, 0, flags, &warn[cnt]); 1770 } 1771 if (ret) { 1772 /* Back out changes we already did */ 1773 for (cnt--; cnt >= 0; cnt--) { 1774 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1775 if (!dquot) 1776 continue; 1777 spin_lock(&dquot->dq_dqb_lock); 1778 if (reserve) 1779 dquot_free_reserved_space(dquot, number); 1780 else 1781 dquot_decr_space(dquot, number); 1782 spin_unlock(&dquot->dq_dqb_lock); 1783 } 1784 spin_unlock(&inode->i_lock); 1785 goto out_flush_warn; 1786 } 1787 } 1788 if (reserve) 1789 *inode_reserved_space(inode) += number; 1790 else 1791 __inode_add_bytes(inode, number); 1792 spin_unlock(&inode->i_lock); 1793 1794 if (reserve) 1795 goto out_flush_warn; 1796 mark_all_dquot_dirty(dquots); 1797out_flush_warn: 1798 srcu_read_unlock(&dquot_srcu, index); 1799 flush_warnings(warn); 1800out: 1801 return ret; 1802} 1803EXPORT_SYMBOL(__dquot_alloc_space); 1804 1805/* 1806 * This operation can block, but only after everything is updated 1807 */ 1808int dquot_alloc_inode(struct inode *inode) 1809{ 1810 int cnt, ret = 0, index; 1811 struct dquot_warn warn[MAXQUOTAS]; 1812 struct dquot * const *dquots; 1813 struct dquot *dquot; 1814 1815 if (!inode_quota_active(inode)) 1816 return 0; 1817 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 1818 warn[cnt].w_type = QUOTA_NL_NOWARN; 1819 1820 dquots = i_dquot(inode); 1821 index = srcu_read_lock(&dquot_srcu); 1822 spin_lock(&inode->i_lock); 1823 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1824 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1825 if (!dquot) 1826 continue; 1827 ret = dquot_add_inodes(dquot, 1, &warn[cnt]); 1828 if (ret) { 1829 for (cnt--; cnt >= 0; cnt--) { 1830 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1831 if (!dquot) 1832 continue; 1833 /* Back out changes we already did */ 1834 spin_lock(&dquot->dq_dqb_lock); 1835 dquot_decr_inodes(dquot, 1); 1836 spin_unlock(&dquot->dq_dqb_lock); 1837 } 1838 goto warn_put_all; 1839 } 1840 } 1841 1842warn_put_all: 1843 spin_unlock(&inode->i_lock); 1844 if (ret == 0) 1845 mark_all_dquot_dirty(dquots); 1846 srcu_read_unlock(&dquot_srcu, index); 1847 flush_warnings(warn); 1848 return ret; 1849} 1850EXPORT_SYMBOL(dquot_alloc_inode); 1851 1852/* 1853 * Convert in-memory reserved quotas to real consumed quotas 1854 */ 1855int dquot_claim_space_nodirty(struct inode *inode, qsize_t number) 1856{ 1857 struct dquot **dquots; 1858 struct dquot *dquot; 1859 int cnt, index; 1860 1861 if (!inode_quota_active(inode)) { 1862 spin_lock(&inode->i_lock); 1863 *inode_reserved_space(inode) -= number; 1864 __inode_add_bytes(inode, number); 1865 spin_unlock(&inode->i_lock); 1866 return 0; 1867 } 1868 1869 dquots = i_dquot(inode); 1870 index = srcu_read_lock(&dquot_srcu); 1871 spin_lock(&inode->i_lock); 1872 /* Claim reserved quotas to allocated quotas */ 1873 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1874 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1875 if (dquot) { 1876 spin_lock(&dquot->dq_dqb_lock); 1877 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_rsvspace < number)) 1878 number = dquot->dq_dqb.dqb_rsvspace; 1879 dquot->dq_dqb.dqb_curspace += number; 1880 dquot->dq_dqb.dqb_rsvspace -= number; 1881 spin_unlock(&dquot->dq_dqb_lock); 1882 } 1883 } 1884 /* Update inode bytes */ 1885 *inode_reserved_space(inode) -= number; 1886 __inode_add_bytes(inode, number); 1887 spin_unlock(&inode->i_lock); 1888 mark_all_dquot_dirty(dquots); 1889 srcu_read_unlock(&dquot_srcu, index); 1890 return 0; 1891} 1892EXPORT_SYMBOL(dquot_claim_space_nodirty); 1893 1894/* 1895 * Convert allocated space back to in-memory reserved quotas 1896 */ 1897void dquot_reclaim_space_nodirty(struct inode *inode, qsize_t number) 1898{ 1899 struct dquot **dquots; 1900 struct dquot *dquot; 1901 int cnt, index; 1902 1903 if (!inode_quota_active(inode)) { 1904 spin_lock(&inode->i_lock); 1905 *inode_reserved_space(inode) += number; 1906 __inode_sub_bytes(inode, number); 1907 spin_unlock(&inode->i_lock); 1908 return; 1909 } 1910 1911 dquots = i_dquot(inode); 1912 index = srcu_read_lock(&dquot_srcu); 1913 spin_lock(&inode->i_lock); 1914 /* Claim reserved quotas to allocated quotas */ 1915 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1916 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1917 if (dquot) { 1918 spin_lock(&dquot->dq_dqb_lock); 1919 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_curspace < number)) 1920 number = dquot->dq_dqb.dqb_curspace; 1921 dquot->dq_dqb.dqb_rsvspace += number; 1922 dquot->dq_dqb.dqb_curspace -= number; 1923 spin_unlock(&dquot->dq_dqb_lock); 1924 } 1925 } 1926 /* Update inode bytes */ 1927 *inode_reserved_space(inode) += number; 1928 __inode_sub_bytes(inode, number); 1929 spin_unlock(&inode->i_lock); 1930 mark_all_dquot_dirty(dquots); 1931 srcu_read_unlock(&dquot_srcu, index); 1932 return; 1933} 1934EXPORT_SYMBOL(dquot_reclaim_space_nodirty); 1935 1936/* 1937 * This operation can block, but only after everything is updated 1938 */ 1939void __dquot_free_space(struct inode *inode, qsize_t number, int flags) 1940{ 1941 unsigned int cnt; 1942 struct dquot_warn warn[MAXQUOTAS]; 1943 struct dquot **dquots; 1944 struct dquot *dquot; 1945 int reserve = flags & DQUOT_SPACE_RESERVE, index; 1946 1947 if (!inode_quota_active(inode)) { 1948 if (reserve) { 1949 spin_lock(&inode->i_lock); 1950 *inode_reserved_space(inode) -= number; 1951 spin_unlock(&inode->i_lock); 1952 } else { 1953 inode_sub_bytes(inode, number); 1954 } 1955 return; 1956 } 1957 1958 dquots = i_dquot(inode); 1959 index = srcu_read_lock(&dquot_srcu); 1960 spin_lock(&inode->i_lock); 1961 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 1962 int wtype; 1963 1964 warn[cnt].w_type = QUOTA_NL_NOWARN; 1965 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 1966 if (!dquot) 1967 continue; 1968 spin_lock(&dquot->dq_dqb_lock); 1969 wtype = info_bdq_free(dquot, number); 1970 if (wtype != QUOTA_NL_NOWARN) 1971 prepare_warning(&warn[cnt], dquot, wtype); 1972 if (reserve) 1973 dquot_free_reserved_space(dquot, number); 1974 else 1975 dquot_decr_space(dquot, number); 1976 spin_unlock(&dquot->dq_dqb_lock); 1977 } 1978 if (reserve) 1979 *inode_reserved_space(inode) -= number; 1980 else 1981 __inode_sub_bytes(inode, number); 1982 spin_unlock(&inode->i_lock); 1983 1984 if (reserve) 1985 goto out_unlock; 1986 mark_all_dquot_dirty(dquots); 1987out_unlock: 1988 srcu_read_unlock(&dquot_srcu, index); 1989 flush_warnings(warn); 1990} 1991EXPORT_SYMBOL(__dquot_free_space); 1992 1993/* 1994 * This operation can block, but only after everything is updated 1995 */ 1996void dquot_free_inode(struct inode *inode) 1997{ 1998 unsigned int cnt; 1999 struct dquot_warn warn[MAXQUOTAS]; 2000 struct dquot * const *dquots; 2001 struct dquot *dquot; 2002 int index; 2003 2004 if (!inode_quota_active(inode)) 2005 return; 2006 2007 dquots = i_dquot(inode); 2008 index = srcu_read_lock(&dquot_srcu); 2009 spin_lock(&inode->i_lock); 2010 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2011 int wtype; 2012 warn[cnt].w_type = QUOTA_NL_NOWARN; 2013 dquot = srcu_dereference(dquots[cnt], &dquot_srcu); 2014 if (!dquot) 2015 continue; 2016 spin_lock(&dquot->dq_dqb_lock); 2017 wtype = info_idq_free(dquot, 1); 2018 if (wtype != QUOTA_NL_NOWARN) 2019 prepare_warning(&warn[cnt], dquot, wtype); 2020 dquot_decr_inodes(dquot, 1); 2021 spin_unlock(&dquot->dq_dqb_lock); 2022 } 2023 spin_unlock(&inode->i_lock); 2024 mark_all_dquot_dirty(dquots); 2025 srcu_read_unlock(&dquot_srcu, index); 2026 flush_warnings(warn); 2027} 2028EXPORT_SYMBOL(dquot_free_inode); 2029 2030/* 2031 * Transfer the number of inode and blocks from one diskquota to an other. 2032 * On success, dquot references in transfer_to are consumed and references 2033 * to original dquots that need to be released are placed there. On failure, 2034 * references are kept untouched. 2035 * 2036 * This operation can block, but only after everything is updated 2037 * A transaction must be started when entering this function. 2038 * 2039 * We are holding reference on transfer_from & transfer_to, no need to 2040 * protect them by srcu_read_lock(). 2041 */ 2042int __dquot_transfer(struct inode *inode, struct dquot **transfer_to) 2043{ 2044 qsize_t cur_space; 2045 qsize_t rsv_space = 0; 2046 qsize_t inode_usage = 1; 2047 struct dquot *transfer_from[MAXQUOTAS] = {}; 2048 int cnt, index, ret = 0; 2049 char is_valid[MAXQUOTAS] = {}; 2050 struct dquot_warn warn_to[MAXQUOTAS]; 2051 struct dquot_warn warn_from_inodes[MAXQUOTAS]; 2052 struct dquot_warn warn_from_space[MAXQUOTAS]; 2053 2054 if (IS_NOQUOTA(inode)) 2055 return 0; 2056 2057 if (inode->i_sb->dq_op->get_inode_usage) { 2058 ret = inode->i_sb->dq_op->get_inode_usage(inode, &inode_usage); 2059 if (ret) 2060 return ret; 2061 } 2062 2063 /* Initialize the arrays */ 2064 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2065 warn_to[cnt].w_type = QUOTA_NL_NOWARN; 2066 warn_from_inodes[cnt].w_type = QUOTA_NL_NOWARN; 2067 warn_from_space[cnt].w_type = QUOTA_NL_NOWARN; 2068 } 2069 2070 spin_lock(&dq_data_lock); 2071 spin_lock(&inode->i_lock); 2072 if (IS_NOQUOTA(inode)) { /* File without quota accounting? */ 2073 spin_unlock(&inode->i_lock); 2074 spin_unlock(&dq_data_lock); 2075 return 0; 2076 } 2077 cur_space = __inode_get_bytes(inode); 2078 rsv_space = __inode_get_rsv_space(inode); 2079 /* 2080 * Build the transfer_from list, check limits, and update usage in 2081 * the target structures. 2082 */ 2083 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2084 /* 2085 * Skip changes for same uid or gid or for turned off quota-type. 2086 */ 2087 if (!transfer_to[cnt]) 2088 continue; 2089 /* Avoid races with quotaoff() */ 2090 if (!sb_has_quota_active(inode->i_sb, cnt)) 2091 continue; 2092 is_valid[cnt] = 1; 2093 transfer_from[cnt] = i_dquot(inode)[cnt]; 2094 ret = dquot_add_inodes(transfer_to[cnt], inode_usage, 2095 &warn_to[cnt]); 2096 if (ret) 2097 goto over_quota; 2098 ret = dquot_add_space(transfer_to[cnt], cur_space, rsv_space, 2099 DQUOT_SPACE_WARN, &warn_to[cnt]); 2100 if (ret) { 2101 spin_lock(&transfer_to[cnt]->dq_dqb_lock); 2102 dquot_decr_inodes(transfer_to[cnt], inode_usage); 2103 spin_unlock(&transfer_to[cnt]->dq_dqb_lock); 2104 goto over_quota; 2105 } 2106 } 2107 2108 /* Decrease usage for source structures and update quota pointers */ 2109 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2110 if (!is_valid[cnt]) 2111 continue; 2112 /* Due to IO error we might not have transfer_from[] structure */ 2113 if (transfer_from[cnt]) { 2114 int wtype; 2115 2116 spin_lock(&transfer_from[cnt]->dq_dqb_lock); 2117 wtype = info_idq_free(transfer_from[cnt], inode_usage); 2118 if (wtype != QUOTA_NL_NOWARN) 2119 prepare_warning(&warn_from_inodes[cnt], 2120 transfer_from[cnt], wtype); 2121 wtype = info_bdq_free(transfer_from[cnt], 2122 cur_space + rsv_space); 2123 if (wtype != QUOTA_NL_NOWARN) 2124 prepare_warning(&warn_from_space[cnt], 2125 transfer_from[cnt], wtype); 2126 dquot_decr_inodes(transfer_from[cnt], inode_usage); 2127 dquot_decr_space(transfer_from[cnt], cur_space); 2128 dquot_free_reserved_space(transfer_from[cnt], 2129 rsv_space); 2130 spin_unlock(&transfer_from[cnt]->dq_dqb_lock); 2131 } 2132 i_dquot(inode)[cnt] = transfer_to[cnt]; 2133 } 2134 spin_unlock(&inode->i_lock); 2135 spin_unlock(&dq_data_lock); 2136 2137 /* 2138 * These arrays are local and we hold dquot references so we don't need 2139 * the srcu protection but still take dquot_srcu to avoid warning in 2140 * mark_all_dquot_dirty(). 2141 */ 2142 index = srcu_read_lock(&dquot_srcu); 2143 mark_all_dquot_dirty(transfer_from); 2144 mark_all_dquot_dirty(transfer_to); 2145 srcu_read_unlock(&dquot_srcu, index); 2146 2147 flush_warnings(warn_to); 2148 flush_warnings(warn_from_inodes); 2149 flush_warnings(warn_from_space); 2150 /* Pass back references to put */ 2151 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2152 if (is_valid[cnt]) 2153 transfer_to[cnt] = transfer_from[cnt]; 2154 return 0; 2155over_quota: 2156 /* Back out changes we already did */ 2157 for (cnt--; cnt >= 0; cnt--) { 2158 if (!is_valid[cnt]) 2159 continue; 2160 spin_lock(&transfer_to[cnt]->dq_dqb_lock); 2161 dquot_decr_inodes(transfer_to[cnt], inode_usage); 2162 dquot_decr_space(transfer_to[cnt], cur_space); 2163 dquot_free_reserved_space(transfer_to[cnt], rsv_space); 2164 spin_unlock(&transfer_to[cnt]->dq_dqb_lock); 2165 } 2166 spin_unlock(&inode->i_lock); 2167 spin_unlock(&dq_data_lock); 2168 flush_warnings(warn_to); 2169 return ret; 2170} 2171EXPORT_SYMBOL(__dquot_transfer); 2172 2173/* Wrapper for transferring ownership of an inode for uid/gid only 2174 * Called from FSXXX_setattr() 2175 */ 2176int dquot_transfer(struct inode *inode, struct iattr *iattr) 2177{ 2178 struct dquot *transfer_to[MAXQUOTAS] = {}; 2179 struct dquot *dquot; 2180 struct super_block *sb = inode->i_sb; 2181 int ret; 2182 2183 if (!inode_quota_active(inode)) 2184 return 0; 2185 2186 if (iattr->ia_valid & ATTR_UID && !uid_eq(iattr->ia_uid, inode->i_uid)){ 2187 dquot = dqget(sb, make_kqid_uid(iattr->ia_uid)); 2188 if (IS_ERR(dquot)) { 2189 if (PTR_ERR(dquot) != -ESRCH) { 2190 ret = PTR_ERR(dquot); 2191 goto out_put; 2192 } 2193 dquot = NULL; 2194 } 2195 transfer_to[USRQUOTA] = dquot; 2196 } 2197 if (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid)){ 2198 dquot = dqget(sb, make_kqid_gid(iattr->ia_gid)); 2199 if (IS_ERR(dquot)) { 2200 if (PTR_ERR(dquot) != -ESRCH) { 2201 ret = PTR_ERR(dquot); 2202 goto out_put; 2203 } 2204 dquot = NULL; 2205 } 2206 transfer_to[GRPQUOTA] = dquot; 2207 } 2208 ret = __dquot_transfer(inode, transfer_to); 2209out_put: 2210 dqput_all(transfer_to); 2211 return ret; 2212} 2213EXPORT_SYMBOL(dquot_transfer); 2214 2215/* 2216 * Write info of quota file to disk 2217 */ 2218int dquot_commit_info(struct super_block *sb, int type) 2219{ 2220 struct quota_info *dqopt = sb_dqopt(sb); 2221 2222 return dqopt->ops[type]->write_file_info(sb, type); 2223} 2224EXPORT_SYMBOL(dquot_commit_info); 2225 2226int dquot_get_next_id(struct super_block *sb, struct kqid *qid) 2227{ 2228 struct quota_info *dqopt = sb_dqopt(sb); 2229 2230 if (!sb_has_quota_active(sb, qid->type)) 2231 return -ESRCH; 2232 if (!dqopt->ops[qid->type]->get_next_id) 2233 return -ENOSYS; 2234 return dqopt->ops[qid->type]->get_next_id(sb, qid); 2235} 2236EXPORT_SYMBOL(dquot_get_next_id); 2237 2238/* 2239 * Definitions of diskquota operations. 2240 */ 2241const struct dquot_operations dquot_operations = { 2242 .write_dquot = dquot_commit, 2243 .acquire_dquot = dquot_acquire, 2244 .release_dquot = dquot_release, 2245 .mark_dirty = dquot_mark_dquot_dirty, 2246 .write_info = dquot_commit_info, 2247 .alloc_dquot = dquot_alloc, 2248 .destroy_dquot = dquot_destroy, 2249 .get_next_id = dquot_get_next_id, 2250}; 2251EXPORT_SYMBOL(dquot_operations); 2252 2253/* 2254 * Generic helper for ->open on filesystems supporting disk quotas. 2255 */ 2256int dquot_file_open(struct inode *inode, struct file *file) 2257{ 2258 int error; 2259 2260 error = generic_file_open(inode, file); 2261 if (!error && (file->f_mode & FMODE_WRITE)) 2262 error = dquot_initialize(inode); 2263 return error; 2264} 2265EXPORT_SYMBOL(dquot_file_open); 2266 2267static void vfs_cleanup_quota_inode(struct super_block *sb, int type) 2268{ 2269 struct quota_info *dqopt = sb_dqopt(sb); 2270 struct inode *inode = dqopt->files[type]; 2271 2272 if (!inode) 2273 return; 2274 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2275 inode_lock(inode); 2276 inode->i_flags &= ~S_NOQUOTA; 2277 inode_unlock(inode); 2278 } 2279 dqopt->files[type] = NULL; 2280 iput(inode); 2281} 2282 2283/* 2284 * Turn quota off on a device. type == -1 ==> quotaoff for all types (umount) 2285 */ 2286int dquot_disable(struct super_block *sb, int type, unsigned int flags) 2287{ 2288 int cnt; 2289 struct quota_info *dqopt = sb_dqopt(sb); 2290 2291 /* s_umount should be held in exclusive mode */ 2292 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount))) 2293 up_read(&sb->s_umount); 2294 2295 /* Cannot turn off usage accounting without turning off limits, or 2296 * suspend quotas and simultaneously turn quotas off. */ 2297 if ((flags & DQUOT_USAGE_ENABLED && !(flags & DQUOT_LIMITS_ENABLED)) 2298 || (flags & DQUOT_SUSPENDED && flags & (DQUOT_LIMITS_ENABLED | 2299 DQUOT_USAGE_ENABLED))) 2300 return -EINVAL; 2301 2302 /* 2303 * Skip everything if there's nothing to do. We have to do this because 2304 * sometimes we are called when fill_super() failed and calling 2305 * sync_fs() in such cases does no good. 2306 */ 2307 if (!sb_any_quota_loaded(sb)) 2308 return 0; 2309 2310 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2311 if (type != -1 && cnt != type) 2312 continue; 2313 if (!sb_has_quota_loaded(sb, cnt)) 2314 continue; 2315 2316 if (flags & DQUOT_SUSPENDED) { 2317 spin_lock(&dq_state_lock); 2318 dqopt->flags |= 2319 dquot_state_flag(DQUOT_SUSPENDED, cnt); 2320 spin_unlock(&dq_state_lock); 2321 } else { 2322 spin_lock(&dq_state_lock); 2323 dqopt->flags &= ~dquot_state_flag(flags, cnt); 2324 /* Turning off suspended quotas? */ 2325 if (!sb_has_quota_loaded(sb, cnt) && 2326 sb_has_quota_suspended(sb, cnt)) { 2327 dqopt->flags &= ~dquot_state_flag( 2328 DQUOT_SUSPENDED, cnt); 2329 spin_unlock(&dq_state_lock); 2330 vfs_cleanup_quota_inode(sb, cnt); 2331 continue; 2332 } 2333 spin_unlock(&dq_state_lock); 2334 } 2335 2336 /* We still have to keep quota loaded? */ 2337 if (sb_has_quota_loaded(sb, cnt) && !(flags & DQUOT_SUSPENDED)) 2338 continue; 2339 2340 /* Note: these are blocking operations */ 2341 drop_dquot_ref(sb, cnt); 2342 invalidate_dquots(sb, cnt); 2343 /* 2344 * Now all dquots should be invalidated, all writes done so we 2345 * should be only users of the info. No locks needed. 2346 */ 2347 if (info_dirty(&dqopt->info[cnt])) 2348 sb->dq_op->write_info(sb, cnt); 2349 if (dqopt->ops[cnt]->free_file_info) 2350 dqopt->ops[cnt]->free_file_info(sb, cnt); 2351 put_quota_format(dqopt->info[cnt].dqi_format); 2352 dqopt->info[cnt].dqi_flags = 0; 2353 dqopt->info[cnt].dqi_igrace = 0; 2354 dqopt->info[cnt].dqi_bgrace = 0; 2355 dqopt->ops[cnt] = NULL; 2356 } 2357 2358 /* Skip syncing and setting flags if quota files are hidden */ 2359 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) 2360 goto put_inodes; 2361 2362 /* Sync the superblock so that buffers with quota data are written to 2363 * disk (and so userspace sees correct data afterwards). */ 2364 if (sb->s_op->sync_fs) 2365 sb->s_op->sync_fs(sb, 1); 2366 sync_blockdev(sb->s_bdev); 2367 /* Now the quota files are just ordinary files and we can set the 2368 * inode flags back. Moreover we discard the pagecache so that 2369 * userspace sees the writes we did bypassing the pagecache. We 2370 * must also discard the blockdev buffers so that we see the 2371 * changes done by userspace on the next quotaon() */ 2372 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2373 if (!sb_has_quota_loaded(sb, cnt) && dqopt->files[cnt]) { 2374 inode_lock(dqopt->files[cnt]); 2375 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0); 2376 inode_unlock(dqopt->files[cnt]); 2377 } 2378 if (sb->s_bdev) 2379 invalidate_bdev(sb->s_bdev); 2380put_inodes: 2381 /* We are done when suspending quotas */ 2382 if (flags & DQUOT_SUSPENDED) 2383 return 0; 2384 2385 for (cnt = 0; cnt < MAXQUOTAS; cnt++) 2386 if (!sb_has_quota_loaded(sb, cnt)) 2387 vfs_cleanup_quota_inode(sb, cnt); 2388 return 0; 2389} 2390EXPORT_SYMBOL(dquot_disable); 2391 2392int dquot_quota_off(struct super_block *sb, int type) 2393{ 2394 return dquot_disable(sb, type, 2395 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2396} 2397EXPORT_SYMBOL(dquot_quota_off); 2398 2399/* 2400 * Turn quotas on on a device 2401 */ 2402 2403static int vfs_setup_quota_inode(struct inode *inode, int type) 2404{ 2405 struct super_block *sb = inode->i_sb; 2406 struct quota_info *dqopt = sb_dqopt(sb); 2407 2408 if (is_bad_inode(inode)) 2409 return -EUCLEAN; 2410 if (!S_ISREG(inode->i_mode)) 2411 return -EACCES; 2412 if (IS_RDONLY(inode)) 2413 return -EROFS; 2414 if (sb_has_quota_loaded(sb, type)) 2415 return -EBUSY; 2416 2417 /* 2418 * Quota files should never be encrypted. They should be thought of as 2419 * filesystem metadata, not user data. New-style internal quota files 2420 * cannot be encrypted by users anyway, but old-style external quota 2421 * files could potentially be incorrectly created in an encrypted 2422 * directory, hence this explicit check. Some reasons why encrypted 2423 * quota files don't work include: (1) some filesystems that support 2424 * encryption don't handle it in their quota_read and quota_write, and 2425 * (2) cleaning up encrypted quota files at unmount would need special 2426 * consideration, as quota files are cleaned up later than user files. 2427 */ 2428 if (IS_ENCRYPTED(inode)) 2429 return -EINVAL; 2430 2431 dqopt->files[type] = igrab(inode); 2432 if (!dqopt->files[type]) 2433 return -EIO; 2434 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2435 /* We don't want quota and atime on quota files (deadlocks 2436 * possible) Also nobody should write to the file - we use 2437 * special IO operations which ignore the immutable bit. */ 2438 inode_lock(inode); 2439 inode->i_flags |= S_NOQUOTA; 2440 inode_unlock(inode); 2441 /* 2442 * When S_NOQUOTA is set, remove dquot references as no more 2443 * references can be added 2444 */ 2445 __dquot_drop(inode); 2446 } 2447 return 0; 2448} 2449 2450int dquot_load_quota_sb(struct super_block *sb, int type, int format_id, 2451 unsigned int flags) 2452{ 2453 struct quota_format_type *fmt = find_quota_format(format_id); 2454 struct quota_info *dqopt = sb_dqopt(sb); 2455 int error; 2456 2457 /* Just unsuspend quotas? */ 2458 BUG_ON(flags & DQUOT_SUSPENDED); 2459 /* s_umount should be held in exclusive mode */ 2460 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount))) 2461 up_read(&sb->s_umount); 2462 2463 if (!fmt) 2464 return -ESRCH; 2465 if (!sb->s_op->quota_write || !sb->s_op->quota_read || 2466 (type == PRJQUOTA && sb->dq_op->get_projid == NULL)) { 2467 error = -EINVAL; 2468 goto out_fmt; 2469 } 2470 /* Filesystems outside of init_user_ns not yet supported */ 2471 if (sb->s_user_ns != &init_user_ns) { 2472 error = -EINVAL; 2473 goto out_fmt; 2474 } 2475 /* Usage always has to be set... */ 2476 if (!(flags & DQUOT_USAGE_ENABLED)) { 2477 error = -EINVAL; 2478 goto out_fmt; 2479 } 2480 if (sb_has_quota_loaded(sb, type)) { 2481 error = -EBUSY; 2482 goto out_fmt; 2483 } 2484 2485 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) { 2486 /* As we bypass the pagecache we must now flush all the 2487 * dirty data and invalidate caches so that kernel sees 2488 * changes from userspace. It is not enough to just flush 2489 * the quota file since if blocksize < pagesize, invalidation 2490 * of the cache could fail because of other unrelated dirty 2491 * data */ 2492 sync_filesystem(sb); 2493 invalidate_bdev(sb->s_bdev); 2494 } 2495 2496 error = -EINVAL; 2497 if (!fmt->qf_ops->check_quota_file(sb, type)) 2498 goto out_fmt; 2499 2500 dqopt->ops[type] = fmt->qf_ops; 2501 dqopt->info[type].dqi_format = fmt; 2502 dqopt->info[type].dqi_fmt_id = format_id; 2503 INIT_LIST_HEAD(&dqopt->info[type].dqi_dirty_list); 2504 error = dqopt->ops[type]->read_file_info(sb, type); 2505 if (error < 0) 2506 goto out_fmt; 2507 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) { 2508 spin_lock(&dq_data_lock); 2509 dqopt->info[type].dqi_flags |= DQF_SYS_FILE; 2510 spin_unlock(&dq_data_lock); 2511 } 2512 spin_lock(&dq_state_lock); 2513 dqopt->flags |= dquot_state_flag(flags, type); 2514 spin_unlock(&dq_state_lock); 2515 2516 error = add_dquot_ref(sb, type); 2517 if (error) 2518 dquot_disable(sb, type, 2519 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2520 2521 return error; 2522out_fmt: 2523 put_quota_format(fmt); 2524 2525 return error; 2526} 2527EXPORT_SYMBOL(dquot_load_quota_sb); 2528 2529/* 2530 * More powerful function for turning on quotas on given quota inode allowing 2531 * setting of individual quota flags 2532 */ 2533int dquot_load_quota_inode(struct inode *inode, int type, int format_id, 2534 unsigned int flags) 2535{ 2536 int err; 2537 2538 err = vfs_setup_quota_inode(inode, type); 2539 if (err < 0) 2540 return err; 2541 err = dquot_load_quota_sb(inode->i_sb, type, format_id, flags); 2542 if (err < 0) 2543 vfs_cleanup_quota_inode(inode->i_sb, type); 2544 return err; 2545} 2546EXPORT_SYMBOL(dquot_load_quota_inode); 2547 2548/* Reenable quotas on remount RW */ 2549int dquot_resume(struct super_block *sb, int type) 2550{ 2551 struct quota_info *dqopt = sb_dqopt(sb); 2552 int ret = 0, cnt; 2553 unsigned int flags; 2554 2555 /* s_umount should be held in exclusive mode */ 2556 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount))) 2557 up_read(&sb->s_umount); 2558 2559 for (cnt = 0; cnt < MAXQUOTAS; cnt++) { 2560 if (type != -1 && cnt != type) 2561 continue; 2562 if (!sb_has_quota_suspended(sb, cnt)) 2563 continue; 2564 2565 spin_lock(&dq_state_lock); 2566 flags = dqopt->flags & dquot_state_flag(DQUOT_USAGE_ENABLED | 2567 DQUOT_LIMITS_ENABLED, 2568 cnt); 2569 dqopt->flags &= ~dquot_state_flag(DQUOT_STATE_FLAGS, cnt); 2570 spin_unlock(&dq_state_lock); 2571 2572 flags = dquot_generic_flag(flags, cnt); 2573 ret = dquot_load_quota_sb(sb, cnt, dqopt->info[cnt].dqi_fmt_id, 2574 flags); 2575 if (ret < 0) 2576 vfs_cleanup_quota_inode(sb, cnt); 2577 } 2578 2579 return ret; 2580} 2581EXPORT_SYMBOL(dquot_resume); 2582 2583int dquot_quota_on(struct super_block *sb, int type, int format_id, 2584 const struct path *path) 2585{ 2586 int error = security_quota_on(path->dentry); 2587 if (error) 2588 return error; 2589 /* Quota file not on the same filesystem? */ 2590 if (path->dentry->d_sb != sb) 2591 error = -EXDEV; 2592 else 2593 error = dquot_load_quota_inode(d_inode(path->dentry), type, 2594 format_id, DQUOT_USAGE_ENABLED | 2595 DQUOT_LIMITS_ENABLED); 2596 return error; 2597} 2598EXPORT_SYMBOL(dquot_quota_on); 2599 2600/* 2601 * This function is used when filesystem needs to initialize quotas 2602 * during mount time. 2603 */ 2604int dquot_quota_on_mount(struct super_block *sb, char *qf_name, 2605 int format_id, int type) 2606{ 2607 struct dentry *dentry; 2608 int error; 2609 2610 dentry = lookup_positive_unlocked(qf_name, sb->s_root, strlen(qf_name)); 2611 if (IS_ERR(dentry)) 2612 return PTR_ERR(dentry); 2613 2614 error = security_quota_on(dentry); 2615 if (!error) 2616 error = dquot_load_quota_inode(d_inode(dentry), type, format_id, 2617 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED); 2618 2619 dput(dentry); 2620 return error; 2621} 2622EXPORT_SYMBOL(dquot_quota_on_mount); 2623 2624static int dquot_quota_enable(struct super_block *sb, unsigned int flags) 2625{ 2626 int ret; 2627 int type; 2628 struct quota_info *dqopt = sb_dqopt(sb); 2629 2630 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) 2631 return -ENOSYS; 2632 /* Accounting cannot be turned on while fs is mounted */ 2633 flags &= ~(FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT); 2634 if (!flags) 2635 return -EINVAL; 2636 for (type = 0; type < MAXQUOTAS; type++) { 2637 if (!(flags & qtype_enforce_flag(type))) 2638 continue; 2639 /* Can't enforce without accounting */ 2640 if (!sb_has_quota_usage_enabled(sb, type)) { 2641 ret = -EINVAL; 2642 goto out_err; 2643 } 2644 if (sb_has_quota_limits_enabled(sb, type)) { 2645 ret = -EBUSY; 2646 goto out_err; 2647 } 2648 spin_lock(&dq_state_lock); 2649 dqopt->flags |= dquot_state_flag(DQUOT_LIMITS_ENABLED, type); 2650 spin_unlock(&dq_state_lock); 2651 } 2652 return 0; 2653out_err: 2654 /* Backout enforcement enablement we already did */ 2655 for (type--; type >= 0; type--) { 2656 if (flags & qtype_enforce_flag(type)) 2657 dquot_disable(sb, type, DQUOT_LIMITS_ENABLED); 2658 } 2659 /* Error code translation for better compatibility with XFS */ 2660 if (ret == -EBUSY) 2661 ret = -EEXIST; 2662 return ret; 2663} 2664 2665static int dquot_quota_disable(struct super_block *sb, unsigned int flags) 2666{ 2667 int ret; 2668 int type; 2669 struct quota_info *dqopt = sb_dqopt(sb); 2670 2671 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) 2672 return -ENOSYS; 2673 /* 2674 * We don't support turning off accounting via quotactl. In principle 2675 * quota infrastructure can do this but filesystems don't expect 2676 * userspace to be able to do it. 2677 */ 2678 if (flags & 2679 (FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT)) 2680 return -EOPNOTSUPP; 2681 2682 /* Filter out limits not enabled */ 2683 for (type = 0; type < MAXQUOTAS; type++) 2684 if (!sb_has_quota_limits_enabled(sb, type)) 2685 flags &= ~qtype_enforce_flag(type); 2686 /* Nothing left? */ 2687 if (!flags) 2688 return -EEXIST; 2689 for (type = 0; type < MAXQUOTAS; type++) { 2690 if (flags & qtype_enforce_flag(type)) { 2691 ret = dquot_disable(sb, type, DQUOT_LIMITS_ENABLED); 2692 if (ret < 0) 2693 goto out_err; 2694 } 2695 } 2696 return 0; 2697out_err: 2698 /* Backout enforcement disabling we already did */ 2699 for (type--; type >= 0; type--) { 2700 if (flags & qtype_enforce_flag(type)) { 2701 spin_lock(&dq_state_lock); 2702 dqopt->flags |= 2703 dquot_state_flag(DQUOT_LIMITS_ENABLED, type); 2704 spin_unlock(&dq_state_lock); 2705 } 2706 } 2707 return ret; 2708} 2709 2710/* Generic routine for getting common part of quota structure */ 2711static void do_get_dqblk(struct dquot *dquot, struct qc_dqblk *di) 2712{ 2713 struct mem_dqblk *dm = &dquot->dq_dqb; 2714 2715 memset(di, 0, sizeof(*di)); 2716 spin_lock(&dquot->dq_dqb_lock); 2717 di->d_spc_hardlimit = dm->dqb_bhardlimit; 2718 di->d_spc_softlimit = dm->dqb_bsoftlimit; 2719 di->d_ino_hardlimit = dm->dqb_ihardlimit; 2720 di->d_ino_softlimit = dm->dqb_isoftlimit; 2721 di->d_space = dm->dqb_curspace + dm->dqb_rsvspace; 2722 di->d_ino_count = dm->dqb_curinodes; 2723 di->d_spc_timer = dm->dqb_btime; 2724 di->d_ino_timer = dm->dqb_itime; 2725 spin_unlock(&dquot->dq_dqb_lock); 2726} 2727 2728int dquot_get_dqblk(struct super_block *sb, struct kqid qid, 2729 struct qc_dqblk *di) 2730{ 2731 struct dquot *dquot; 2732 2733 dquot = dqget(sb, qid); 2734 if (IS_ERR(dquot)) 2735 return PTR_ERR(dquot); 2736 do_get_dqblk(dquot, di); 2737 dqput(dquot); 2738 2739 return 0; 2740} 2741EXPORT_SYMBOL(dquot_get_dqblk); 2742 2743int dquot_get_next_dqblk(struct super_block *sb, struct kqid *qid, 2744 struct qc_dqblk *di) 2745{ 2746 struct dquot *dquot; 2747 int err; 2748 2749 if (!sb->dq_op->get_next_id) 2750 return -ENOSYS; 2751 err = sb->dq_op->get_next_id(sb, qid); 2752 if (err < 0) 2753 return err; 2754 dquot = dqget(sb, *qid); 2755 if (IS_ERR(dquot)) 2756 return PTR_ERR(dquot); 2757 do_get_dqblk(dquot, di); 2758 dqput(dquot); 2759 2760 return 0; 2761} 2762EXPORT_SYMBOL(dquot_get_next_dqblk); 2763 2764#define VFS_QC_MASK \ 2765 (QC_SPACE | QC_SPC_SOFT | QC_SPC_HARD | \ 2766 QC_INO_COUNT | QC_INO_SOFT | QC_INO_HARD | \ 2767 QC_SPC_TIMER | QC_INO_TIMER) 2768 2769/* Generic routine for setting common part of quota structure */ 2770static int do_set_dqblk(struct dquot *dquot, struct qc_dqblk *di) 2771{ 2772 struct mem_dqblk *dm = &dquot->dq_dqb; 2773 int check_blim = 0, check_ilim = 0; 2774 struct mem_dqinfo *dqi = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type]; 2775 2776 if (di->d_fieldmask & ~VFS_QC_MASK) 2777 return -EINVAL; 2778 2779 if (((di->d_fieldmask & QC_SPC_SOFT) && 2780 di->d_spc_softlimit > dqi->dqi_max_spc_limit) || 2781 ((di->d_fieldmask & QC_SPC_HARD) && 2782 di->d_spc_hardlimit > dqi->dqi_max_spc_limit) || 2783 ((di->d_fieldmask & QC_INO_SOFT) && 2784 (di->d_ino_softlimit > dqi->dqi_max_ino_limit)) || 2785 ((di->d_fieldmask & QC_INO_HARD) && 2786 (di->d_ino_hardlimit > dqi->dqi_max_ino_limit))) 2787 return -ERANGE; 2788 2789 spin_lock(&dquot->dq_dqb_lock); 2790 if (di->d_fieldmask & QC_SPACE) { 2791 dm->dqb_curspace = di->d_space - dm->dqb_rsvspace; 2792 check_blim = 1; 2793 set_bit(DQ_LASTSET_B + QIF_SPACE_B, &dquot->dq_flags); 2794 } 2795 2796 if (di->d_fieldmask & QC_SPC_SOFT) 2797 dm->dqb_bsoftlimit = di->d_spc_softlimit; 2798 if (di->d_fieldmask & QC_SPC_HARD) 2799 dm->dqb_bhardlimit = di->d_spc_hardlimit; 2800 if (di->d_fieldmask & (QC_SPC_SOFT | QC_SPC_HARD)) { 2801 check_blim = 1; 2802 set_bit(DQ_LASTSET_B + QIF_BLIMITS_B, &dquot->dq_flags); 2803 } 2804 2805 if (di->d_fieldmask & QC_INO_COUNT) { 2806 dm->dqb_curinodes = di->d_ino_count; 2807 check_ilim = 1; 2808 set_bit(DQ_LASTSET_B + QIF_INODES_B, &dquot->dq_flags); 2809 } 2810 2811 if (di->d_fieldmask & QC_INO_SOFT) 2812 dm->dqb_isoftlimit = di->d_ino_softlimit; 2813 if (di->d_fieldmask & QC_INO_HARD) 2814 dm->dqb_ihardlimit = di->d_ino_hardlimit; 2815 if (di->d_fieldmask & (QC_INO_SOFT | QC_INO_HARD)) { 2816 check_ilim = 1; 2817 set_bit(DQ_LASTSET_B + QIF_ILIMITS_B, &dquot->dq_flags); 2818 } 2819 2820 if (di->d_fieldmask & QC_SPC_TIMER) { 2821 dm->dqb_btime = di->d_spc_timer; 2822 check_blim = 1; 2823 set_bit(DQ_LASTSET_B + QIF_BTIME_B, &dquot->dq_flags); 2824 } 2825 2826 if (di->d_fieldmask & QC_INO_TIMER) { 2827 dm->dqb_itime = di->d_ino_timer; 2828 check_ilim = 1; 2829 set_bit(DQ_LASTSET_B + QIF_ITIME_B, &dquot->dq_flags); 2830 } 2831 2832 if (check_blim) { 2833 if (!dm->dqb_bsoftlimit || 2834 dm->dqb_curspace + dm->dqb_rsvspace <= dm->dqb_bsoftlimit) { 2835 dm->dqb_btime = 0; 2836 clear_bit(DQ_BLKS_B, &dquot->dq_flags); 2837 } else if (!(di->d_fieldmask & QC_SPC_TIMER)) 2838 /* Set grace only if user hasn't provided his own... */ 2839 dm->dqb_btime = ktime_get_real_seconds() + dqi->dqi_bgrace; 2840 } 2841 if (check_ilim) { 2842 if (!dm->dqb_isoftlimit || 2843 dm->dqb_curinodes <= dm->dqb_isoftlimit) { 2844 dm->dqb_itime = 0; 2845 clear_bit(DQ_INODES_B, &dquot->dq_flags); 2846 } else if (!(di->d_fieldmask & QC_INO_TIMER)) 2847 /* Set grace only if user hasn't provided his own... */ 2848 dm->dqb_itime = ktime_get_real_seconds() + dqi->dqi_igrace; 2849 } 2850 if (dm->dqb_bhardlimit || dm->dqb_bsoftlimit || dm->dqb_ihardlimit || 2851 dm->dqb_isoftlimit) 2852 clear_bit(DQ_FAKE_B, &dquot->dq_flags); 2853 else 2854 set_bit(DQ_FAKE_B, &dquot->dq_flags); 2855 spin_unlock(&dquot->dq_dqb_lock); 2856 mark_dquot_dirty(dquot); 2857 2858 return 0; 2859} 2860 2861int dquot_set_dqblk(struct super_block *sb, struct kqid qid, 2862 struct qc_dqblk *di) 2863{ 2864 struct dquot *dquot; 2865 int rc; 2866 2867 dquot = dqget(sb, qid); 2868 if (IS_ERR(dquot)) { 2869 rc = PTR_ERR(dquot); 2870 goto out; 2871 } 2872 rc = do_set_dqblk(dquot, di); 2873 dqput(dquot); 2874out: 2875 return rc; 2876} 2877EXPORT_SYMBOL(dquot_set_dqblk); 2878 2879/* Generic routine for getting common part of quota file information */ 2880int dquot_get_state(struct super_block *sb, struct qc_state *state) 2881{ 2882 struct mem_dqinfo *mi; 2883 struct qc_type_state *tstate; 2884 struct quota_info *dqopt = sb_dqopt(sb); 2885 int type; 2886 2887 memset(state, 0, sizeof(*state)); 2888 for (type = 0; type < MAXQUOTAS; type++) { 2889 if (!sb_has_quota_active(sb, type)) 2890 continue; 2891 tstate = state->s_state + type; 2892 mi = sb_dqopt(sb)->info + type; 2893 tstate->flags = QCI_ACCT_ENABLED; 2894 spin_lock(&dq_data_lock); 2895 if (mi->dqi_flags & DQF_SYS_FILE) 2896 tstate->flags |= QCI_SYSFILE; 2897 if (mi->dqi_flags & DQF_ROOT_SQUASH) 2898 tstate->flags |= QCI_ROOT_SQUASH; 2899 if (sb_has_quota_limits_enabled(sb, type)) 2900 tstate->flags |= QCI_LIMITS_ENFORCED; 2901 tstate->spc_timelimit = mi->dqi_bgrace; 2902 tstate->ino_timelimit = mi->dqi_igrace; 2903 if (dqopt->files[type]) { 2904 tstate->ino = dqopt->files[type]->i_ino; 2905 tstate->blocks = dqopt->files[type]->i_blocks; 2906 } 2907 tstate->nextents = 1; /* We don't know... */ 2908 spin_unlock(&dq_data_lock); 2909 } 2910 return 0; 2911} 2912EXPORT_SYMBOL(dquot_get_state); 2913 2914/* Generic routine for setting common part of quota file information */ 2915int dquot_set_dqinfo(struct super_block *sb, int type, struct qc_info *ii) 2916{ 2917 struct mem_dqinfo *mi; 2918 int err = 0; 2919 2920 if ((ii->i_fieldmask & QC_WARNS_MASK) || 2921 (ii->i_fieldmask & QC_RT_SPC_TIMER)) 2922 return -EINVAL; 2923 if (!sb_has_quota_active(sb, type)) 2924 return -ESRCH; 2925 mi = sb_dqopt(sb)->info + type; 2926 if (ii->i_fieldmask & QC_FLAGS) { 2927 if ((ii->i_flags & QCI_ROOT_SQUASH && 2928 mi->dqi_format->qf_fmt_id != QFMT_VFS_OLD)) 2929 return -EINVAL; 2930 } 2931 spin_lock(&dq_data_lock); 2932 if (ii->i_fieldmask & QC_SPC_TIMER) 2933 mi->dqi_bgrace = ii->i_spc_timelimit; 2934 if (ii->i_fieldmask & QC_INO_TIMER) 2935 mi->dqi_igrace = ii->i_ino_timelimit; 2936 if (ii->i_fieldmask & QC_FLAGS) { 2937 if (ii->i_flags & QCI_ROOT_SQUASH) 2938 mi->dqi_flags |= DQF_ROOT_SQUASH; 2939 else 2940 mi->dqi_flags &= ~DQF_ROOT_SQUASH; 2941 } 2942 spin_unlock(&dq_data_lock); 2943 mark_info_dirty(sb, type); 2944 /* Force write to disk */ 2945 sb->dq_op->write_info(sb, type); 2946 return err; 2947} 2948EXPORT_SYMBOL(dquot_set_dqinfo); 2949 2950const struct quotactl_ops dquot_quotactl_sysfile_ops = { 2951 .quota_enable = dquot_quota_enable, 2952 .quota_disable = dquot_quota_disable, 2953 .quota_sync = dquot_quota_sync, 2954 .get_state = dquot_get_state, 2955 .set_info = dquot_set_dqinfo, 2956 .get_dqblk = dquot_get_dqblk, 2957 .get_nextdqblk = dquot_get_next_dqblk, 2958 .set_dqblk = dquot_set_dqblk 2959}; 2960EXPORT_SYMBOL(dquot_quotactl_sysfile_ops); 2961 2962static int do_proc_dqstats(struct ctl_table *table, int write, 2963 void *buffer, size_t *lenp, loff_t *ppos) 2964{ 2965 unsigned int type = (unsigned long *)table->data - dqstats.stat; 2966 s64 value = percpu_counter_sum(&dqstats.counter[type]); 2967 2968 /* Filter negative values for non-monotonic counters */ 2969 if (value < 0 && (type == DQST_ALLOC_DQUOTS || 2970 type == DQST_FREE_DQUOTS)) 2971 value = 0; 2972 2973 /* Update global table */ 2974 dqstats.stat[type] = value; 2975 return proc_doulongvec_minmax(table, write, buffer, lenp, ppos); 2976} 2977 2978static struct ctl_table fs_dqstats_table[] = { 2979 { 2980 .procname = "lookups", 2981 .data = &dqstats.stat[DQST_LOOKUPS], 2982 .maxlen = sizeof(unsigned long), 2983 .mode = 0444, 2984 .proc_handler = do_proc_dqstats, 2985 }, 2986 { 2987 .procname = "drops", 2988 .data = &dqstats.stat[DQST_DROPS], 2989 .maxlen = sizeof(unsigned long), 2990 .mode = 0444, 2991 .proc_handler = do_proc_dqstats, 2992 }, 2993 { 2994 .procname = "reads", 2995 .data = &dqstats.stat[DQST_READS], 2996 .maxlen = sizeof(unsigned long), 2997 .mode = 0444, 2998 .proc_handler = do_proc_dqstats, 2999 }, 3000 { 3001 .procname = "writes", 3002 .data = &dqstats.stat[DQST_WRITES], 3003 .maxlen = sizeof(unsigned long), 3004 .mode = 0444, 3005 .proc_handler = do_proc_dqstats, 3006 }, 3007 { 3008 .procname = "cache_hits", 3009 .data = &dqstats.stat[DQST_CACHE_HITS], 3010 .maxlen = sizeof(unsigned long), 3011 .mode = 0444, 3012 .proc_handler = do_proc_dqstats, 3013 }, 3014 { 3015 .procname = "allocated_dquots", 3016 .data = &dqstats.stat[DQST_ALLOC_DQUOTS], 3017 .maxlen = sizeof(unsigned long), 3018 .mode = 0444, 3019 .proc_handler = do_proc_dqstats, 3020 }, 3021 { 3022 .procname = "free_dquots", 3023 .data = &dqstats.stat[DQST_FREE_DQUOTS], 3024 .maxlen = sizeof(unsigned long), 3025 .mode = 0444, 3026 .proc_handler = do_proc_dqstats, 3027 }, 3028 { 3029 .procname = "syncs", 3030 .data = &dqstats.stat[DQST_SYNCS], 3031 .maxlen = sizeof(unsigned long), 3032 .mode = 0444, 3033 .proc_handler = do_proc_dqstats, 3034 }, 3035#ifdef CONFIG_PRINT_QUOTA_WARNING 3036 { 3037 .procname = "warnings", 3038 .data = &flag_print_warnings, 3039 .maxlen = sizeof(int), 3040 .mode = 0644, 3041 .proc_handler = proc_dointvec, 3042 }, 3043#endif 3044 { }, 3045}; 3046 3047static struct ctl_table fs_table[] = { 3048 { 3049 .procname = "quota", 3050 .mode = 0555, 3051 .child = fs_dqstats_table, 3052 }, 3053 { }, 3054}; 3055 3056static struct ctl_table sys_table[] = { 3057 { 3058 .procname = "fs", 3059 .mode = 0555, 3060 .child = fs_table, 3061 }, 3062 { }, 3063}; 3064 3065static int __init dquot_init(void) 3066{ 3067 int i, ret; 3068 unsigned long nr_hash, order; 3069 3070 printk(KERN_NOTICE "VFS: Disk quotas %s\n", __DQUOT_VERSION__); 3071 3072 register_sysctl_table(sys_table); 3073 3074 dquot_cachep = kmem_cache_create("dquot", 3075 sizeof(struct dquot), sizeof(unsigned long) * 4, 3076 (SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT| 3077 SLAB_MEM_SPREAD|SLAB_PANIC), 3078 NULL); 3079 3080 order = 0; 3081 dquot_hash = (struct hlist_head *)__get_free_pages(GFP_KERNEL, order); 3082 if (!dquot_hash) 3083 panic("Cannot create dquot hash table"); 3084 3085 for (i = 0; i < _DQST_DQSTAT_LAST; i++) { 3086 ret = percpu_counter_init(&dqstats.counter[i], 0, GFP_KERNEL); 3087 if (ret) 3088 panic("Cannot create dquot stat counters"); 3089 } 3090 3091 /* Find power-of-two hlist_heads which can fit into allocation */ 3092 nr_hash = (1UL << order) * PAGE_SIZE / sizeof(struct hlist_head); 3093 dq_hash_bits = ilog2(nr_hash); 3094 3095 nr_hash = 1UL << dq_hash_bits; 3096 dq_hash_mask = nr_hash - 1; 3097 for (i = 0; i < nr_hash; i++) 3098 INIT_HLIST_HEAD(dquot_hash + i); 3099 3100 pr_info("VFS: Dquot-cache hash table entries: %ld (order %ld," 3101 " %ld bytes)\n", nr_hash, order, (PAGE_SIZE << order)); 3102 3103 if (register_shrinker(&dqcache_shrinker)) 3104 panic("Cannot register dquot shrinker"); 3105 3106 return 0; 3107} 3108fs_initcall(dquot_init); 3109