1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Implementation of the diskquota system for the LINUX operating system. QUOTA
4 * is implemented using the BSD system call interface as the means of
5 * communication with the user level. This file contains the generic routines
6 * called by the different filesystems on allocation of an inode or block.
7 * These routines take care of the administration needed to have a consistent
8 * diskquota tracking system. The ideas of both user and group quotas are based
9 * on the Melbourne quota system as used on BSD derived systems. The internal
10 * implementation is based on one of the several variants of the LINUX
11 * inode-subsystem with added complexity of the diskquota system.
12 *
13 * Author: Marco van Wieringen <mvw@planets.elm.net>
14 *
15 * Fixes: Dmitry Gorodchanin <pgmdsg@ibi.com>, 11 Feb 96
16 *
17 * Revised list management to avoid races
18 * -- Bill Hawes, <whawes@star.net>, 9/98
19 *
20 * Fixed races in dquot_transfer(), dqget() and dquot_alloc_...().
21 * As the consequence the locking was moved from dquot_decr_...(),
22 * dquot_incr_...() to calling functions.
23 * invalidate_dquots() now writes modified dquots.
24 * Serialized quota_off() and quota_on() for mount point.
25 * Fixed a few bugs in grow_dquots().
26 * Fixed deadlock in write_dquot() - we no longer account quotas on
27 * quota files
28 * remove_dquot_ref() moved to inode.c - it now traverses through inodes
29 * add_dquot_ref() restarts after blocking
30 * Added check for bogus uid and fixed check for group in quotactl.
31 * Jan Kara, <jack@suse.cz>, sponsored by SuSE CR, 10-11/99
32 *
33 * Used struct list_head instead of own list struct
34 * Invalidation of referenced dquots is no longer possible
35 * Improved free_dquots list management
36 * Quota and i_blocks are now updated in one place to avoid races
37 * Warnings are now delayed so we won't block in critical section
38 * Write updated not to require dquot lock
39 * Jan Kara, <jack@suse.cz>, 9/2000
40 *
41 * Added dynamic quota structure allocation
42 * Jan Kara <jack@suse.cz> 12/2000
43 *
44 * Rewritten quota interface. Implemented new quota format and
45 * formats registering.
46 * Jan Kara, <jack@suse.cz>, 2001,2002
47 *
48 * New SMP locking.
49 * Jan Kara, <jack@suse.cz>, 10/2002
50 *
51 * Added journalled quota support, fix lock inversion problems
52 * Jan Kara, <jack@suse.cz>, 2003,2004
53 *
54 * (C) Copyright 1994 - 1997 Marco van Wieringen
55 */
56
57 #include <linux/errno.h>
58 #include <linux/kernel.h>
59 #include <linux/fs.h>
60 #include <linux/mount.h>
61 #include <linux/mm.h>
62 #include <linux/time.h>
63 #include <linux/types.h>
64 #include <linux/string.h>
65 #include <linux/fcntl.h>
66 #include <linux/stat.h>
67 #include <linux/tty.h>
68 #include <linux/file.h>
69 #include <linux/slab.h>
70 #include <linux/sysctl.h>
71 #include <linux/init.h>
72 #include <linux/module.h>
73 #include <linux/proc_fs.h>
74 #include <linux/security.h>
75 #include <linux/sched.h>
76 #include <linux/cred.h>
77 #include <linux/kmod.h>
78 #include <linux/namei.h>
79 #include <linux/capability.h>
80 #include <linux/quotaops.h>
81 #include "../internal.h" /* ugh */
82
83 #include <linux/uaccess.h>
84
85 /*
86 * There are five quota SMP locks:
87 * * dq_list_lock protects all lists with quotas and quota formats.
88 * * dquot->dq_dqb_lock protects data from dq_dqb
89 * * inode->i_lock protects inode->i_blocks, i_bytes and also guards
90 * consistency of dquot->dq_dqb with inode->i_blocks, i_bytes so that
91 * dquot_transfer() can stabilize amount it transfers
92 * * dq_data_lock protects mem_dqinfo structures and modifications of dquot
93 * pointers in the inode
94 * * dq_state_lock protects modifications of quota state (on quotaon and
95 * quotaoff) and readers who care about latest values take it as well.
96 *
97 * The spinlock ordering is hence:
98 * dq_data_lock > dq_list_lock > i_lock > dquot->dq_dqb_lock,
99 * dq_list_lock > dq_state_lock
100 *
101 * Note that some things (eg. sb pointer, type, id) doesn't change during
102 * the life of the dquot structure and so needn't to be protected by a lock
103 *
104 * Operation accessing dquots via inode pointers are protected by dquot_srcu.
105 * Operation of reading pointer needs srcu_read_lock(&dquot_srcu), and
106 * synchronize_srcu(&dquot_srcu) is called after clearing pointers from
107 * inode and before dropping dquot references to avoid use of dquots after
108 * they are freed. dq_data_lock is used to serialize the pointer setting and
109 * clearing operations.
110 * Special care needs to be taken about S_NOQUOTA inode flag (marking that
111 * inode is a quota file). Functions adding pointers from inode to dquots have
112 * to check this flag under dq_data_lock and then (if S_NOQUOTA is not set) they
113 * have to do all pointer modifications before dropping dq_data_lock. This makes
114 * sure they cannot race with quotaon which first sets S_NOQUOTA flag and
115 * then drops all pointers to dquots from an inode.
116 *
117 * Each dquot has its dq_lock mutex. Dquot is locked when it is being read to
118 * memory (or space for it is being allocated) on the first dqget(), when it is
119 * being written out, and when it is being released on the last dqput(). The
120 * allocation and release operations are serialized by the dq_lock and by
121 * checking the use count in dquot_release().
122 *
123 * Lock ordering (including related VFS locks) is the following:
124 * s_umount > i_mutex > journal_lock > dquot->dq_lock > dqio_sem
125 */
126
127 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_list_lock);
128 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_state_lock);
129 __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_data_lock);
130 EXPORT_SYMBOL(dq_data_lock);
131 DEFINE_STATIC_SRCU(dquot_srcu);
132
133 static DECLARE_WAIT_QUEUE_HEAD(dquot_ref_wq);
134
__quota_error(struct super_block * sb,const char * func,const char * fmt,...)135 void __quota_error(struct super_block *sb, const char *func,
136 const char *fmt, ...)
137 {
138 if (printk_ratelimit()) {
139 va_list args;
140 struct va_format vaf;
141
142 va_start(args, fmt);
143
144 vaf.fmt = fmt;
145 vaf.va = &args;
146
147 printk(KERN_ERR "Quota error (device %s): %s: %pV\n",
148 sb->s_id, func, &vaf);
149
150 va_end(args);
151 }
152 }
153 EXPORT_SYMBOL(__quota_error);
154
155 #if defined(CONFIG_QUOTA_DEBUG) || defined(CONFIG_PRINT_QUOTA_WARNING)
156 static char *quotatypes[] = INITQFNAMES;
157 #endif
158 static struct quota_format_type *quota_formats; /* List of registered formats */
159 static struct quota_module_name module_names[] = INIT_QUOTA_MODULE_NAMES;
160
161 /* SLAB cache for dquot structures */
162 static struct kmem_cache *dquot_cachep;
163
register_quota_format(struct quota_format_type * fmt)164 int register_quota_format(struct quota_format_type *fmt)
165 {
166 spin_lock(&dq_list_lock);
167 fmt->qf_next = quota_formats;
168 quota_formats = fmt;
169 spin_unlock(&dq_list_lock);
170 return 0;
171 }
172 EXPORT_SYMBOL(register_quota_format);
173
unregister_quota_format(struct quota_format_type * fmt)174 void unregister_quota_format(struct quota_format_type *fmt)
175 {
176 struct quota_format_type **actqf;
177
178 spin_lock(&dq_list_lock);
179 for (actqf = "a_formats; *actqf && *actqf != fmt;
180 actqf = &(*actqf)->qf_next)
181 ;
182 if (*actqf)
183 *actqf = (*actqf)->qf_next;
184 spin_unlock(&dq_list_lock);
185 }
186 EXPORT_SYMBOL(unregister_quota_format);
187
find_quota_format(int id)188 static struct quota_format_type *find_quota_format(int id)
189 {
190 struct quota_format_type *actqf;
191
192 spin_lock(&dq_list_lock);
193 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id;
194 actqf = actqf->qf_next)
195 ;
196 if (!actqf || !try_module_get(actqf->qf_owner)) {
197 int qm;
198
199 spin_unlock(&dq_list_lock);
200
201 for (qm = 0; module_names[qm].qm_fmt_id &&
202 module_names[qm].qm_fmt_id != id; qm++)
203 ;
204 if (!module_names[qm].qm_fmt_id ||
205 request_module(module_names[qm].qm_mod_name))
206 return NULL;
207
208 spin_lock(&dq_list_lock);
209 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id;
210 actqf = actqf->qf_next)
211 ;
212 if (actqf && !try_module_get(actqf->qf_owner))
213 actqf = NULL;
214 }
215 spin_unlock(&dq_list_lock);
216 return actqf;
217 }
218
put_quota_format(struct quota_format_type * fmt)219 static void put_quota_format(struct quota_format_type *fmt)
220 {
221 module_put(fmt->qf_owner);
222 }
223
224 /*
225 * Dquot List Management:
226 * The quota code uses five lists for dquot management: the inuse_list,
227 * releasing_dquots, free_dquots, dqi_dirty_list, and dquot_hash[] array.
228 * A single dquot structure may be on some of those lists, depending on
229 * its current state.
230 *
231 * All dquots are placed to the end of inuse_list when first created, and this
232 * list is used for invalidate operation, which must look at every dquot.
233 *
234 * When the last reference of a dquot is dropped, the dquot is added to
235 * releasing_dquots. We'll then queue work item which will call
236 * synchronize_srcu() and after that perform the final cleanup of all the
237 * dquots on the list. Each cleaned up dquot is moved to free_dquots list.
238 * Both releasing_dquots and free_dquots use the dq_free list_head in the dquot
239 * struct.
240 *
241 * Unused and cleaned up dquots are in the free_dquots list and this list is
242 * searched whenever we need an available dquot. Dquots are removed from the
243 * list as soon as they are used again and dqstats.free_dquots gives the number
244 * of dquots on the list. When dquot is invalidated it's completely released
245 * from memory.
246 *
247 * Dirty dquots are added to the dqi_dirty_list of quota_info when mark
248 * dirtied, and this list is searched when writing dirty dquots back to
249 * quota file. Note that some filesystems do dirty dquot tracking on their
250 * own (e.g. in a journal) and thus don't use dqi_dirty_list.
251 *
252 * Dquots with a specific identity (device, type and id) are placed on
253 * one of the dquot_hash[] hash chains. The provides an efficient search
254 * mechanism to locate a specific dquot.
255 */
256
257 static LIST_HEAD(inuse_list);
258 static LIST_HEAD(free_dquots);
259 static LIST_HEAD(releasing_dquots);
260 static unsigned int dq_hash_bits, dq_hash_mask;
261 static struct hlist_head *dquot_hash;
262
263 struct dqstats dqstats;
264 EXPORT_SYMBOL(dqstats);
265
266 static qsize_t inode_get_rsv_space(struct inode *inode);
267 static qsize_t __inode_get_rsv_space(struct inode *inode);
268 static int __dquot_initialize(struct inode *inode, int type);
269
270 static void quota_release_workfn(struct work_struct *work);
271 static DECLARE_DELAYED_WORK(quota_release_work, quota_release_workfn);
272
273 static inline unsigned int
hashfn(const struct super_block * sb,struct kqid qid)274 hashfn(const struct super_block *sb, struct kqid qid)
275 {
276 unsigned int id = from_kqid(&init_user_ns, qid);
277 int type = qid.type;
278 unsigned long tmp;
279
280 tmp = (((unsigned long)sb>>L1_CACHE_SHIFT) ^ id) * (MAXQUOTAS - type);
281 return (tmp + (tmp >> dq_hash_bits)) & dq_hash_mask;
282 }
283
284 /*
285 * Following list functions expect dq_list_lock to be held
286 */
insert_dquot_hash(struct dquot * dquot)287 static inline void insert_dquot_hash(struct dquot *dquot)
288 {
289 struct hlist_head *head;
290 head = dquot_hash + hashfn(dquot->dq_sb, dquot->dq_id);
291 hlist_add_head(&dquot->dq_hash, head);
292 }
293
remove_dquot_hash(struct dquot * dquot)294 static inline void remove_dquot_hash(struct dquot *dquot)
295 {
296 hlist_del_init(&dquot->dq_hash);
297 }
298
find_dquot(unsigned int hashent,struct super_block * sb,struct kqid qid)299 static struct dquot *find_dquot(unsigned int hashent, struct super_block *sb,
300 struct kqid qid)
301 {
302 struct hlist_node *node;
303 struct dquot *dquot;
304
305 hlist_for_each (node, dquot_hash+hashent) {
306 dquot = hlist_entry(node, struct dquot, dq_hash);
307 if (dquot->dq_sb == sb && qid_eq(dquot->dq_id, qid))
308 return dquot;
309 }
310 return NULL;
311 }
312
313 /* Add a dquot to the tail of the free list */
put_dquot_last(struct dquot * dquot)314 static inline void put_dquot_last(struct dquot *dquot)
315 {
316 list_add_tail(&dquot->dq_free, &free_dquots);
317 dqstats_inc(DQST_FREE_DQUOTS);
318 }
319
put_releasing_dquots(struct dquot * dquot)320 static inline void put_releasing_dquots(struct dquot *dquot)
321 {
322 list_add_tail(&dquot->dq_free, &releasing_dquots);
323 set_bit(DQ_RELEASING_B, &dquot->dq_flags);
324 }
325
remove_free_dquot(struct dquot * dquot)326 static inline void remove_free_dquot(struct dquot *dquot)
327 {
328 if (list_empty(&dquot->dq_free))
329 return;
330 list_del_init(&dquot->dq_free);
331 if (!test_bit(DQ_RELEASING_B, &dquot->dq_flags))
332 dqstats_dec(DQST_FREE_DQUOTS);
333 else
334 clear_bit(DQ_RELEASING_B, &dquot->dq_flags);
335 }
336
put_inuse(struct dquot * dquot)337 static inline void put_inuse(struct dquot *dquot)
338 {
339 /* We add to the back of inuse list so we don't have to restart
340 * when traversing this list and we block */
341 list_add_tail(&dquot->dq_inuse, &inuse_list);
342 dqstats_inc(DQST_ALLOC_DQUOTS);
343 }
344
remove_inuse(struct dquot * dquot)345 static inline void remove_inuse(struct dquot *dquot)
346 {
347 dqstats_dec(DQST_ALLOC_DQUOTS);
348 list_del(&dquot->dq_inuse);
349 }
350 /*
351 * End of list functions needing dq_list_lock
352 */
353
wait_on_dquot(struct dquot * dquot)354 static void wait_on_dquot(struct dquot *dquot)
355 {
356 mutex_lock(&dquot->dq_lock);
357 mutex_unlock(&dquot->dq_lock);
358 }
359
dquot_active(struct dquot * dquot)360 static inline int dquot_active(struct dquot *dquot)
361 {
362 return test_bit(DQ_ACTIVE_B, &dquot->dq_flags);
363 }
364
dquot_dirty(struct dquot * dquot)365 static inline int dquot_dirty(struct dquot *dquot)
366 {
367 return test_bit(DQ_MOD_B, &dquot->dq_flags);
368 }
369
mark_dquot_dirty(struct dquot * dquot)370 static inline int mark_dquot_dirty(struct dquot *dquot)
371 {
372 return dquot->dq_sb->dq_op->mark_dirty(dquot);
373 }
374
375 /* Mark dquot dirty in atomic manner, and return it's old dirty flag state */
dquot_mark_dquot_dirty(struct dquot * dquot)376 int dquot_mark_dquot_dirty(struct dquot *dquot)
377 {
378 int ret = 1;
379
380 if (!dquot_active(dquot))
381 return 0;
382
383 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY)
384 return test_and_set_bit(DQ_MOD_B, &dquot->dq_flags);
385
386 /* If quota is dirty already, we don't have to acquire dq_list_lock */
387 if (dquot_dirty(dquot))
388 return 1;
389
390 spin_lock(&dq_list_lock);
391 if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags)) {
392 list_add(&dquot->dq_dirty, &sb_dqopt(dquot->dq_sb)->
393 info[dquot->dq_id.type].dqi_dirty_list);
394 ret = 0;
395 }
396 spin_unlock(&dq_list_lock);
397 return ret;
398 }
399 EXPORT_SYMBOL(dquot_mark_dquot_dirty);
400
401 /* Dirtify all the dquots - this can block when journalling */
mark_all_dquot_dirty(struct dquot __rcu * const * dquots)402 static inline int mark_all_dquot_dirty(struct dquot __rcu * const *dquots)
403 {
404 int ret, err, cnt;
405 struct dquot *dquot;
406
407 ret = err = 0;
408 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
409 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
410 if (dquot)
411 /* Even in case of error we have to continue */
412 ret = mark_dquot_dirty(dquot);
413 if (!err)
414 err = ret;
415 }
416 return err;
417 }
418
dqput_all(struct dquot ** dquot)419 static inline void dqput_all(struct dquot **dquot)
420 {
421 unsigned int cnt;
422
423 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
424 dqput(dquot[cnt]);
425 }
426
clear_dquot_dirty(struct dquot * dquot)427 static inline int clear_dquot_dirty(struct dquot *dquot)
428 {
429 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY)
430 return test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags);
431
432 spin_lock(&dq_list_lock);
433 if (!test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags)) {
434 spin_unlock(&dq_list_lock);
435 return 0;
436 }
437 list_del_init(&dquot->dq_dirty);
438 spin_unlock(&dq_list_lock);
439 return 1;
440 }
441
mark_info_dirty(struct super_block * sb,int type)442 void mark_info_dirty(struct super_block *sb, int type)
443 {
444 spin_lock(&dq_data_lock);
445 sb_dqopt(sb)->info[type].dqi_flags |= DQF_INFO_DIRTY;
446 spin_unlock(&dq_data_lock);
447 }
448 EXPORT_SYMBOL(mark_info_dirty);
449
450 /*
451 * Read dquot from disk and alloc space for it
452 */
453
dquot_acquire(struct dquot * dquot)454 int dquot_acquire(struct dquot *dquot)
455 {
456 int ret = 0, ret2 = 0;
457 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
458
459 mutex_lock(&dquot->dq_lock);
460 if (!test_bit(DQ_READ_B, &dquot->dq_flags)) {
461 ret = dqopt->ops[dquot->dq_id.type]->read_dqblk(dquot);
462 if (ret < 0)
463 goto out_iolock;
464 }
465 /* Make sure flags update is visible after dquot has been filled */
466 smp_mb__before_atomic();
467 set_bit(DQ_READ_B, &dquot->dq_flags);
468 /* Instantiate dquot if needed */
469 if (!dquot_active(dquot) && !dquot->dq_off) {
470 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot);
471 /* Write the info if needed */
472 if (info_dirty(&dqopt->info[dquot->dq_id.type])) {
473 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info(
474 dquot->dq_sb, dquot->dq_id.type);
475 }
476 if (ret < 0)
477 goto out_iolock;
478 if (ret2 < 0) {
479 ret = ret2;
480 goto out_iolock;
481 }
482 }
483 /*
484 * Make sure flags update is visible after on-disk struct has been
485 * allocated. Paired with smp_rmb() in dqget().
486 */
487 smp_mb__before_atomic();
488 set_bit(DQ_ACTIVE_B, &dquot->dq_flags);
489 out_iolock:
490 mutex_unlock(&dquot->dq_lock);
491 return ret;
492 }
493 EXPORT_SYMBOL(dquot_acquire);
494
495 /*
496 * Write dquot to disk
497 */
dquot_commit(struct dquot * dquot)498 int dquot_commit(struct dquot *dquot)
499 {
500 int ret = 0;
501 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
502
503 mutex_lock(&dquot->dq_lock);
504 if (!clear_dquot_dirty(dquot))
505 goto out_lock;
506 /* Inactive dquot can be only if there was error during read/init
507 * => we have better not writing it */
508 if (dquot_active(dquot))
509 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot);
510 else
511 ret = -EIO;
512 out_lock:
513 mutex_unlock(&dquot->dq_lock);
514 return ret;
515 }
516 EXPORT_SYMBOL(dquot_commit);
517
518 /*
519 * Release dquot
520 */
dquot_release(struct dquot * dquot)521 int dquot_release(struct dquot *dquot)
522 {
523 int ret = 0, ret2 = 0;
524 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
525
526 mutex_lock(&dquot->dq_lock);
527 /* Check whether we are not racing with some other dqget() */
528 if (dquot_is_busy(dquot))
529 goto out_dqlock;
530 if (dqopt->ops[dquot->dq_id.type]->release_dqblk) {
531 ret = dqopt->ops[dquot->dq_id.type]->release_dqblk(dquot);
532 /* Write the info */
533 if (info_dirty(&dqopt->info[dquot->dq_id.type])) {
534 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info(
535 dquot->dq_sb, dquot->dq_id.type);
536 }
537 if (ret >= 0)
538 ret = ret2;
539 }
540 clear_bit(DQ_ACTIVE_B, &dquot->dq_flags);
541 out_dqlock:
542 mutex_unlock(&dquot->dq_lock);
543 return ret;
544 }
545 EXPORT_SYMBOL(dquot_release);
546
dquot_destroy(struct dquot * dquot)547 void dquot_destroy(struct dquot *dquot)
548 {
549 kmem_cache_free(dquot_cachep, dquot);
550 }
551 EXPORT_SYMBOL(dquot_destroy);
552
do_destroy_dquot(struct dquot * dquot)553 static inline void do_destroy_dquot(struct dquot *dquot)
554 {
555 dquot->dq_sb->dq_op->destroy_dquot(dquot);
556 }
557
558 /* Invalidate all dquots on the list. Note that this function is called after
559 * quota is disabled and pointers from inodes removed so there cannot be new
560 * quota users. There can still be some users of quotas due to inodes being
561 * just deleted or pruned by prune_icache() (those are not attached to any
562 * list) or parallel quotactl call. We have to wait for such users.
563 */
invalidate_dquots(struct super_block * sb,int type)564 static void invalidate_dquots(struct super_block *sb, int type)
565 {
566 struct dquot *dquot, *tmp;
567
568 restart:
569 flush_delayed_work("a_release_work);
570
571 spin_lock(&dq_list_lock);
572 list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) {
573 if (dquot->dq_sb != sb)
574 continue;
575 if (dquot->dq_id.type != type)
576 continue;
577 /* Wait for dquot users */
578 if (atomic_read(&dquot->dq_count)) {
579 atomic_inc(&dquot->dq_count);
580 spin_unlock(&dq_list_lock);
581 /*
582 * Once dqput() wakes us up, we know it's time to free
583 * the dquot.
584 * IMPORTANT: we rely on the fact that there is always
585 * at most one process waiting for dquot to free.
586 * Otherwise dq_count would be > 1 and we would never
587 * wake up.
588 */
589 wait_event(dquot_ref_wq,
590 atomic_read(&dquot->dq_count) == 1);
591 dqput(dquot);
592 /* At this moment dquot() need not exist (it could be
593 * reclaimed by prune_dqcache(). Hence we must
594 * restart. */
595 goto restart;
596 }
597 /*
598 * The last user already dropped its reference but dquot didn't
599 * get fully cleaned up yet. Restart the scan which flushes the
600 * work cleaning up released dquots.
601 */
602 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) {
603 spin_unlock(&dq_list_lock);
604 goto restart;
605 }
606 /*
607 * Quota now has no users and it has been written on last
608 * dqput()
609 */
610 remove_dquot_hash(dquot);
611 remove_free_dquot(dquot);
612 remove_inuse(dquot);
613 do_destroy_dquot(dquot);
614 }
615 spin_unlock(&dq_list_lock);
616 }
617
618 /* Call callback for every active dquot on given filesystem */
dquot_scan_active(struct super_block * sb,int (* fn)(struct dquot * dquot,unsigned long priv),unsigned long priv)619 int dquot_scan_active(struct super_block *sb,
620 int (*fn)(struct dquot *dquot, unsigned long priv),
621 unsigned long priv)
622 {
623 struct dquot *dquot, *old_dquot = NULL;
624 int ret = 0;
625
626 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount));
627
628 spin_lock(&dq_list_lock);
629 list_for_each_entry(dquot, &inuse_list, dq_inuse) {
630 if (!dquot_active(dquot))
631 continue;
632 if (dquot->dq_sb != sb)
633 continue;
634 /* Now we have active dquot so we can just increase use count */
635 atomic_inc(&dquot->dq_count);
636 spin_unlock(&dq_list_lock);
637 dqput(old_dquot);
638 old_dquot = dquot;
639 /*
640 * ->release_dquot() can be racing with us. Our reference
641 * protects us from new calls to it so just wait for any
642 * outstanding call and recheck the DQ_ACTIVE_B after that.
643 */
644 wait_on_dquot(dquot);
645 if (dquot_active(dquot)) {
646 ret = fn(dquot, priv);
647 if (ret < 0)
648 goto out;
649 }
650 spin_lock(&dq_list_lock);
651 /* We are safe to continue now because our dquot could not
652 * be moved out of the inuse list while we hold the reference */
653 }
654 spin_unlock(&dq_list_lock);
655 out:
656 dqput(old_dquot);
657 return ret;
658 }
659 EXPORT_SYMBOL(dquot_scan_active);
660
dquot_write_dquot(struct dquot * dquot)661 static inline int dquot_write_dquot(struct dquot *dquot)
662 {
663 int ret = dquot->dq_sb->dq_op->write_dquot(dquot);
664 if (ret < 0) {
665 quota_error(dquot->dq_sb, "Can't write quota structure "
666 "(error %d). Quota may get out of sync!", ret);
667 /* Clear dirty bit anyway to avoid infinite loop. */
668 clear_dquot_dirty(dquot);
669 }
670 return ret;
671 }
672
673 /* Write all dquot structures to quota files */
dquot_writeback_dquots(struct super_block * sb,int type)674 int dquot_writeback_dquots(struct super_block *sb, int type)
675 {
676 struct list_head dirty;
677 struct dquot *dquot;
678 struct quota_info *dqopt = sb_dqopt(sb);
679 int cnt;
680 int err, ret = 0;
681
682 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount));
683
684 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
685 if (type != -1 && cnt != type)
686 continue;
687 if (!sb_has_quota_active(sb, cnt))
688 continue;
689 spin_lock(&dq_list_lock);
690 /* Move list away to avoid livelock. */
691 list_replace_init(&dqopt->info[cnt].dqi_dirty_list, &dirty);
692 while (!list_empty(&dirty)) {
693 dquot = list_first_entry(&dirty, struct dquot,
694 dq_dirty);
695
696 WARN_ON(!dquot_active(dquot));
697 /* If the dquot is releasing we should not touch it */
698 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) {
699 spin_unlock(&dq_list_lock);
700 flush_delayed_work("a_release_work);
701 spin_lock(&dq_list_lock);
702 continue;
703 }
704
705 /* Now we have active dquot from which someone is
706 * holding reference so we can safely just increase
707 * use count */
708 dqgrab(dquot);
709 spin_unlock(&dq_list_lock);
710 err = dquot_write_dquot(dquot);
711 if (err && !ret)
712 ret = err;
713 dqput(dquot);
714 spin_lock(&dq_list_lock);
715 }
716 spin_unlock(&dq_list_lock);
717 }
718
719 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
720 if ((cnt == type || type == -1) && sb_has_quota_active(sb, cnt)
721 && info_dirty(&dqopt->info[cnt]))
722 sb->dq_op->write_info(sb, cnt);
723 dqstats_inc(DQST_SYNCS);
724
725 return ret;
726 }
727 EXPORT_SYMBOL(dquot_writeback_dquots);
728
729 /* Write all dquot structures to disk and make them visible from userspace */
dquot_quota_sync(struct super_block * sb,int type)730 int dquot_quota_sync(struct super_block *sb, int type)
731 {
732 struct quota_info *dqopt = sb_dqopt(sb);
733 int cnt;
734 int ret;
735
736 ret = dquot_writeback_dquots(sb, type);
737 if (ret)
738 return ret;
739 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE)
740 return 0;
741
742 /* This is not very clever (and fast) but currently I don't know about
743 * any other simple way of getting quota data to disk and we must get
744 * them there for userspace to be visible... */
745 if (sb->s_op->sync_fs) {
746 ret = sb->s_op->sync_fs(sb, 1);
747 if (ret)
748 return ret;
749 }
750 ret = sync_blockdev(sb->s_bdev);
751 if (ret)
752 return ret;
753
754 /*
755 * Now when everything is written we can discard the pagecache so
756 * that userspace sees the changes.
757 */
758 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
759 if (type != -1 && cnt != type)
760 continue;
761 if (!sb_has_quota_active(sb, cnt))
762 continue;
763 inode_lock(dqopt->files[cnt]);
764 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0);
765 inode_unlock(dqopt->files[cnt]);
766 }
767
768 return 0;
769 }
770 EXPORT_SYMBOL(dquot_quota_sync);
771
772 static unsigned long
dqcache_shrink_scan(struct shrinker * shrink,struct shrink_control * sc)773 dqcache_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
774 {
775 struct dquot *dquot;
776 unsigned long freed = 0;
777
778 spin_lock(&dq_list_lock);
779 while (!list_empty(&free_dquots) && sc->nr_to_scan) {
780 dquot = list_first_entry(&free_dquots, struct dquot, dq_free);
781 remove_dquot_hash(dquot);
782 remove_free_dquot(dquot);
783 remove_inuse(dquot);
784 do_destroy_dquot(dquot);
785 sc->nr_to_scan--;
786 freed++;
787 }
788 spin_unlock(&dq_list_lock);
789 return freed;
790 }
791
792 static unsigned long
dqcache_shrink_count(struct shrinker * shrink,struct shrink_control * sc)793 dqcache_shrink_count(struct shrinker *shrink, struct shrink_control *sc)
794 {
795 return vfs_pressure_ratio(
796 percpu_counter_read_positive(&dqstats.counter[DQST_FREE_DQUOTS]));
797 }
798
799 static struct shrinker dqcache_shrinker = {
800 .count_objects = dqcache_shrink_count,
801 .scan_objects = dqcache_shrink_scan,
802 .seeks = DEFAULT_SEEKS,
803 };
804
805 /*
806 * Safely release dquot and put reference to dquot.
807 */
quota_release_workfn(struct work_struct * work)808 static void quota_release_workfn(struct work_struct *work)
809 {
810 struct dquot *dquot;
811 struct list_head rls_head;
812
813 spin_lock(&dq_list_lock);
814 /* Exchange the list head to avoid livelock. */
815 list_replace_init(&releasing_dquots, &rls_head);
816 spin_unlock(&dq_list_lock);
817 synchronize_srcu(&dquot_srcu);
818
819 restart:
820 spin_lock(&dq_list_lock);
821 while (!list_empty(&rls_head)) {
822 dquot = list_first_entry(&rls_head, struct dquot, dq_free);
823 WARN_ON_ONCE(atomic_read(&dquot->dq_count));
824 /*
825 * Note that DQ_RELEASING_B protects us from racing with
826 * invalidate_dquots() calls so we are safe to work with the
827 * dquot even after we drop dq_list_lock.
828 */
829 if (dquot_dirty(dquot)) {
830 spin_unlock(&dq_list_lock);
831 /* Commit dquot before releasing */
832 dquot_write_dquot(dquot);
833 goto restart;
834 }
835 if (dquot_active(dquot)) {
836 spin_unlock(&dq_list_lock);
837 dquot->dq_sb->dq_op->release_dquot(dquot);
838 goto restart;
839 }
840 /* Dquot is inactive and clean, now move it to free list */
841 remove_free_dquot(dquot);
842 put_dquot_last(dquot);
843 }
844 spin_unlock(&dq_list_lock);
845 }
846
847 /*
848 * Put reference to dquot
849 */
dqput(struct dquot * dquot)850 void dqput(struct dquot *dquot)
851 {
852 if (!dquot)
853 return;
854 #ifdef CONFIG_QUOTA_DEBUG
855 if (!atomic_read(&dquot->dq_count)) {
856 quota_error(dquot->dq_sb, "trying to free free dquot of %s %d",
857 quotatypes[dquot->dq_id.type],
858 from_kqid(&init_user_ns, dquot->dq_id));
859 BUG();
860 }
861 #endif
862 dqstats_inc(DQST_DROPS);
863
864 spin_lock(&dq_list_lock);
865 if (atomic_read(&dquot->dq_count) > 1) {
866 /* We have more than one user... nothing to do */
867 atomic_dec(&dquot->dq_count);
868 /* Releasing dquot during quotaoff phase? */
869 if (!sb_has_quota_active(dquot->dq_sb, dquot->dq_id.type) &&
870 atomic_read(&dquot->dq_count) == 1)
871 wake_up(&dquot_ref_wq);
872 spin_unlock(&dq_list_lock);
873 return;
874 }
875
876 /* Need to release dquot? */
877 #ifdef CONFIG_QUOTA_DEBUG
878 /* sanity check */
879 BUG_ON(!list_empty(&dquot->dq_free));
880 #endif
881 put_releasing_dquots(dquot);
882 atomic_dec(&dquot->dq_count);
883 spin_unlock(&dq_list_lock);
884 queue_delayed_work(system_unbound_wq, "a_release_work, 1);
885 }
886 EXPORT_SYMBOL(dqput);
887
dquot_alloc(struct super_block * sb,int type)888 struct dquot *dquot_alloc(struct super_block *sb, int type)
889 {
890 return kmem_cache_zalloc(dquot_cachep, GFP_NOFS);
891 }
892 EXPORT_SYMBOL(dquot_alloc);
893
get_empty_dquot(struct super_block * sb,int type)894 static struct dquot *get_empty_dquot(struct super_block *sb, int type)
895 {
896 struct dquot *dquot;
897
898 dquot = sb->dq_op->alloc_dquot(sb, type);
899 if(!dquot)
900 return NULL;
901
902 mutex_init(&dquot->dq_lock);
903 INIT_LIST_HEAD(&dquot->dq_free);
904 INIT_LIST_HEAD(&dquot->dq_inuse);
905 INIT_HLIST_NODE(&dquot->dq_hash);
906 INIT_LIST_HEAD(&dquot->dq_dirty);
907 dquot->dq_sb = sb;
908 dquot->dq_id = make_kqid_invalid(type);
909 atomic_set(&dquot->dq_count, 1);
910 spin_lock_init(&dquot->dq_dqb_lock);
911
912 return dquot;
913 }
914
915 /*
916 * Get reference to dquot
917 *
918 * Locking is slightly tricky here. We are guarded from parallel quotaoff()
919 * destroying our dquot by:
920 * a) checking for quota flags under dq_list_lock and
921 * b) getting a reference to dquot before we release dq_list_lock
922 */
dqget(struct super_block * sb,struct kqid qid)923 struct dquot *dqget(struct super_block *sb, struct kqid qid)
924 {
925 unsigned int hashent = hashfn(sb, qid);
926 struct dquot *dquot, *empty = NULL;
927
928 if (!qid_has_mapping(sb->s_user_ns, qid))
929 return ERR_PTR(-EINVAL);
930
931 if (!sb_has_quota_active(sb, qid.type))
932 return ERR_PTR(-ESRCH);
933 we_slept:
934 spin_lock(&dq_list_lock);
935 spin_lock(&dq_state_lock);
936 if (!sb_has_quota_active(sb, qid.type)) {
937 spin_unlock(&dq_state_lock);
938 spin_unlock(&dq_list_lock);
939 dquot = ERR_PTR(-ESRCH);
940 goto out;
941 }
942 spin_unlock(&dq_state_lock);
943
944 dquot = find_dquot(hashent, sb, qid);
945 if (!dquot) {
946 if (!empty) {
947 spin_unlock(&dq_list_lock);
948 empty = get_empty_dquot(sb, qid.type);
949 if (!empty)
950 schedule(); /* Try to wait for a moment... */
951 goto we_slept;
952 }
953 dquot = empty;
954 empty = NULL;
955 dquot->dq_id = qid;
956 /* all dquots go on the inuse_list */
957 put_inuse(dquot);
958 /* hash it first so it can be found */
959 insert_dquot_hash(dquot);
960 spin_unlock(&dq_list_lock);
961 dqstats_inc(DQST_LOOKUPS);
962 } else {
963 if (!atomic_read(&dquot->dq_count))
964 remove_free_dquot(dquot);
965 atomic_inc(&dquot->dq_count);
966 spin_unlock(&dq_list_lock);
967 dqstats_inc(DQST_CACHE_HITS);
968 dqstats_inc(DQST_LOOKUPS);
969 }
970 /* Wait for dq_lock - after this we know that either dquot_release() is
971 * already finished or it will be canceled due to dq_count > 0 test */
972 wait_on_dquot(dquot);
973 /* Read the dquot / allocate space in quota file */
974 if (!dquot_active(dquot)) {
975 int err;
976
977 err = sb->dq_op->acquire_dquot(dquot);
978 if (err < 0) {
979 dqput(dquot);
980 dquot = ERR_PTR(err);
981 goto out;
982 }
983 }
984 /*
985 * Make sure following reads see filled structure - paired with
986 * smp_mb__before_atomic() in dquot_acquire().
987 */
988 smp_rmb();
989 #ifdef CONFIG_QUOTA_DEBUG
990 BUG_ON(!dquot->dq_sb); /* Has somebody invalidated entry under us? */
991 #endif
992 out:
993 if (empty)
994 do_destroy_dquot(empty);
995
996 return dquot;
997 }
998 EXPORT_SYMBOL(dqget);
999
i_dquot(struct inode * inode)1000 static inline struct dquot __rcu **i_dquot(struct inode *inode)
1001 {
1002 /* Force __rcu for now until filesystems are fixed */
1003 return (struct dquot __rcu **)inode->i_sb->s_op->get_dquots(inode);
1004 }
1005
dqinit_needed(struct inode * inode,int type)1006 static int dqinit_needed(struct inode *inode, int type)
1007 {
1008 struct dquot __rcu * const *dquots;
1009 int cnt;
1010
1011 if (IS_NOQUOTA(inode))
1012 return 0;
1013
1014 dquots = i_dquot(inode);
1015 if (type != -1)
1016 return !dquots[type];
1017 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1018 if (!dquots[cnt])
1019 return 1;
1020 return 0;
1021 }
1022
1023 /* This routine is guarded by s_umount semaphore */
add_dquot_ref(struct super_block * sb,int type)1024 static int add_dquot_ref(struct super_block *sb, int type)
1025 {
1026 struct inode *inode, *old_inode = NULL;
1027 #ifdef CONFIG_QUOTA_DEBUG
1028 int reserved = 0;
1029 #endif
1030 int err = 0;
1031
1032 spin_lock(&sb->s_inode_list_lock);
1033 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {
1034 spin_lock(&inode->i_lock);
1035 if ((inode->i_state & (I_FREEING|I_WILL_FREE|I_NEW)) ||
1036 !atomic_read(&inode->i_writecount) ||
1037 !dqinit_needed(inode, type)) {
1038 spin_unlock(&inode->i_lock);
1039 continue;
1040 }
1041 __iget(inode);
1042 spin_unlock(&inode->i_lock);
1043 spin_unlock(&sb->s_inode_list_lock);
1044
1045 #ifdef CONFIG_QUOTA_DEBUG
1046 if (unlikely(inode_get_rsv_space(inode) > 0))
1047 reserved = 1;
1048 #endif
1049 iput(old_inode);
1050 err = __dquot_initialize(inode, type);
1051 if (err) {
1052 iput(inode);
1053 goto out;
1054 }
1055
1056 /*
1057 * We hold a reference to 'inode' so it couldn't have been
1058 * removed from s_inodes list while we dropped the
1059 * s_inode_list_lock. We cannot iput the inode now as we can be
1060 * holding the last reference and we cannot iput it under
1061 * s_inode_list_lock. So we keep the reference and iput it
1062 * later.
1063 */
1064 old_inode = inode;
1065 cond_resched();
1066 spin_lock(&sb->s_inode_list_lock);
1067 }
1068 spin_unlock(&sb->s_inode_list_lock);
1069 iput(old_inode);
1070 out:
1071 #ifdef CONFIG_QUOTA_DEBUG
1072 if (reserved) {
1073 quota_error(sb, "Writes happened before quota was turned on "
1074 "thus quota information is probably inconsistent. "
1075 "Please run quotacheck(8)");
1076 }
1077 #endif
1078 return err;
1079 }
1080
remove_dquot_ref(struct super_block * sb,int type)1081 static void remove_dquot_ref(struct super_block *sb, int type)
1082 {
1083 struct inode *inode;
1084 #ifdef CONFIG_QUOTA_DEBUG
1085 int reserved = 0;
1086 #endif
1087
1088 spin_lock(&sb->s_inode_list_lock);
1089 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {
1090 /*
1091 * We have to scan also I_NEW inodes because they can already
1092 * have quota pointer initialized. Luckily, we need to touch
1093 * only quota pointers and these have separate locking
1094 * (dq_data_lock).
1095 */
1096 spin_lock(&dq_data_lock);
1097 if (!IS_NOQUOTA(inode)) {
1098 struct dquot __rcu **dquots = i_dquot(inode);
1099 struct dquot *dquot = srcu_dereference_check(
1100 dquots[type], &dquot_srcu,
1101 lockdep_is_held(&dq_data_lock));
1102
1103 #ifdef CONFIG_QUOTA_DEBUG
1104 if (unlikely(inode_get_rsv_space(inode) > 0))
1105 reserved = 1;
1106 #endif
1107 rcu_assign_pointer(dquots[type], NULL);
1108 if (dquot)
1109 dqput(dquot);
1110 }
1111 spin_unlock(&dq_data_lock);
1112 }
1113 spin_unlock(&sb->s_inode_list_lock);
1114 #ifdef CONFIG_QUOTA_DEBUG
1115 if (reserved) {
1116 printk(KERN_WARNING "VFS (%s): Writes happened after quota"
1117 " was disabled thus quota information is probably "
1118 "inconsistent. Please run quotacheck(8).\n", sb->s_id);
1119 }
1120 #endif
1121 }
1122
1123 /* Gather all references from inodes and drop them */
drop_dquot_ref(struct super_block * sb,int type)1124 static void drop_dquot_ref(struct super_block *sb, int type)
1125 {
1126 if (sb->dq_op)
1127 remove_dquot_ref(sb, type);
1128 }
1129
1130 static inline
dquot_free_reserved_space(struct dquot * dquot,qsize_t number)1131 void dquot_free_reserved_space(struct dquot *dquot, qsize_t number)
1132 {
1133 if (dquot->dq_dqb.dqb_rsvspace >= number)
1134 dquot->dq_dqb.dqb_rsvspace -= number;
1135 else {
1136 WARN_ON_ONCE(1);
1137 dquot->dq_dqb.dqb_rsvspace = 0;
1138 }
1139 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <=
1140 dquot->dq_dqb.dqb_bsoftlimit)
1141 dquot->dq_dqb.dqb_btime = (time64_t) 0;
1142 clear_bit(DQ_BLKS_B, &dquot->dq_flags);
1143 }
1144
dquot_decr_inodes(struct dquot * dquot,qsize_t number)1145 static void dquot_decr_inodes(struct dquot *dquot, qsize_t number)
1146 {
1147 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE ||
1148 dquot->dq_dqb.dqb_curinodes >= number)
1149 dquot->dq_dqb.dqb_curinodes -= number;
1150 else
1151 dquot->dq_dqb.dqb_curinodes = 0;
1152 if (dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit)
1153 dquot->dq_dqb.dqb_itime = (time64_t) 0;
1154 clear_bit(DQ_INODES_B, &dquot->dq_flags);
1155 }
1156
dquot_decr_space(struct dquot * dquot,qsize_t number)1157 static void dquot_decr_space(struct dquot *dquot, qsize_t number)
1158 {
1159 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE ||
1160 dquot->dq_dqb.dqb_curspace >= number)
1161 dquot->dq_dqb.dqb_curspace -= number;
1162 else
1163 dquot->dq_dqb.dqb_curspace = 0;
1164 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <=
1165 dquot->dq_dqb.dqb_bsoftlimit)
1166 dquot->dq_dqb.dqb_btime = (time64_t) 0;
1167 clear_bit(DQ_BLKS_B, &dquot->dq_flags);
1168 }
1169
1170 struct dquot_warn {
1171 struct super_block *w_sb;
1172 struct kqid w_dq_id;
1173 short w_type;
1174 };
1175
warning_issued(struct dquot * dquot,const int warntype)1176 static int warning_issued(struct dquot *dquot, const int warntype)
1177 {
1178 int flag = (warntype == QUOTA_NL_BHARDWARN ||
1179 warntype == QUOTA_NL_BSOFTLONGWARN) ? DQ_BLKS_B :
1180 ((warntype == QUOTA_NL_IHARDWARN ||
1181 warntype == QUOTA_NL_ISOFTLONGWARN) ? DQ_INODES_B : 0);
1182
1183 if (!flag)
1184 return 0;
1185 return test_and_set_bit(flag, &dquot->dq_flags);
1186 }
1187
1188 #ifdef CONFIG_PRINT_QUOTA_WARNING
1189 static int flag_print_warnings = 1;
1190
need_print_warning(struct dquot_warn * warn)1191 static int need_print_warning(struct dquot_warn *warn)
1192 {
1193 if (!flag_print_warnings)
1194 return 0;
1195
1196 switch (warn->w_dq_id.type) {
1197 case USRQUOTA:
1198 return uid_eq(current_fsuid(), warn->w_dq_id.uid);
1199 case GRPQUOTA:
1200 return in_group_p(warn->w_dq_id.gid);
1201 case PRJQUOTA:
1202 return 1;
1203 }
1204 return 0;
1205 }
1206
1207 /* Print warning to user which exceeded quota */
print_warning(struct dquot_warn * warn)1208 static void print_warning(struct dquot_warn *warn)
1209 {
1210 char *msg = NULL;
1211 struct tty_struct *tty;
1212 int warntype = warn->w_type;
1213
1214 if (warntype == QUOTA_NL_IHARDBELOW ||
1215 warntype == QUOTA_NL_ISOFTBELOW ||
1216 warntype == QUOTA_NL_BHARDBELOW ||
1217 warntype == QUOTA_NL_BSOFTBELOW || !need_print_warning(warn))
1218 return;
1219
1220 tty = get_current_tty();
1221 if (!tty)
1222 return;
1223 tty_write_message(tty, warn->w_sb->s_id);
1224 if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN)
1225 tty_write_message(tty, ": warning, ");
1226 else
1227 tty_write_message(tty, ": write failed, ");
1228 tty_write_message(tty, quotatypes[warn->w_dq_id.type]);
1229 switch (warntype) {
1230 case QUOTA_NL_IHARDWARN:
1231 msg = " file limit reached.\r\n";
1232 break;
1233 case QUOTA_NL_ISOFTLONGWARN:
1234 msg = " file quota exceeded too long.\r\n";
1235 break;
1236 case QUOTA_NL_ISOFTWARN:
1237 msg = " file quota exceeded.\r\n";
1238 break;
1239 case QUOTA_NL_BHARDWARN:
1240 msg = " block limit reached.\r\n";
1241 break;
1242 case QUOTA_NL_BSOFTLONGWARN:
1243 msg = " block quota exceeded too long.\r\n";
1244 break;
1245 case QUOTA_NL_BSOFTWARN:
1246 msg = " block quota exceeded.\r\n";
1247 break;
1248 }
1249 tty_write_message(tty, msg);
1250 tty_kref_put(tty);
1251 }
1252 #endif
1253
prepare_warning(struct dquot_warn * warn,struct dquot * dquot,int warntype)1254 static void prepare_warning(struct dquot_warn *warn, struct dquot *dquot,
1255 int warntype)
1256 {
1257 if (warning_issued(dquot, warntype))
1258 return;
1259 warn->w_type = warntype;
1260 warn->w_sb = dquot->dq_sb;
1261 warn->w_dq_id = dquot->dq_id;
1262 }
1263
1264 /*
1265 * Write warnings to the console and send warning messages over netlink.
1266 *
1267 * Note that this function can call into tty and networking code.
1268 */
flush_warnings(struct dquot_warn * warn)1269 static void flush_warnings(struct dquot_warn *warn)
1270 {
1271 int i;
1272
1273 for (i = 0; i < MAXQUOTAS; i++) {
1274 if (warn[i].w_type == QUOTA_NL_NOWARN)
1275 continue;
1276 #ifdef CONFIG_PRINT_QUOTA_WARNING
1277 print_warning(&warn[i]);
1278 #endif
1279 quota_send_warning(warn[i].w_dq_id,
1280 warn[i].w_sb->s_dev, warn[i].w_type);
1281 }
1282 }
1283
ignore_hardlimit(struct dquot * dquot)1284 static int ignore_hardlimit(struct dquot *dquot)
1285 {
1286 struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type];
1287
1288 return capable(CAP_SYS_RESOURCE) &&
1289 (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD ||
1290 !(info->dqi_flags & DQF_ROOT_SQUASH));
1291 }
1292
dquot_add_inodes(struct dquot * dquot,qsize_t inodes,struct dquot_warn * warn)1293 static int dquot_add_inodes(struct dquot *dquot, qsize_t inodes,
1294 struct dquot_warn *warn)
1295 {
1296 qsize_t newinodes;
1297 int ret = 0;
1298
1299 spin_lock(&dquot->dq_dqb_lock);
1300 newinodes = dquot->dq_dqb.dqb_curinodes + inodes;
1301 if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type) ||
1302 test_bit(DQ_FAKE_B, &dquot->dq_flags))
1303 goto add;
1304
1305 if (dquot->dq_dqb.dqb_ihardlimit &&
1306 newinodes > dquot->dq_dqb.dqb_ihardlimit &&
1307 !ignore_hardlimit(dquot)) {
1308 prepare_warning(warn, dquot, QUOTA_NL_IHARDWARN);
1309 ret = -EDQUOT;
1310 goto out;
1311 }
1312
1313 if (dquot->dq_dqb.dqb_isoftlimit &&
1314 newinodes > dquot->dq_dqb.dqb_isoftlimit &&
1315 dquot->dq_dqb.dqb_itime &&
1316 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_itime &&
1317 !ignore_hardlimit(dquot)) {
1318 prepare_warning(warn, dquot, QUOTA_NL_ISOFTLONGWARN);
1319 ret = -EDQUOT;
1320 goto out;
1321 }
1322
1323 if (dquot->dq_dqb.dqb_isoftlimit &&
1324 newinodes > dquot->dq_dqb.dqb_isoftlimit &&
1325 dquot->dq_dqb.dqb_itime == 0) {
1326 prepare_warning(warn, dquot, QUOTA_NL_ISOFTWARN);
1327 dquot->dq_dqb.dqb_itime = ktime_get_real_seconds() +
1328 sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type].dqi_igrace;
1329 }
1330 add:
1331 dquot->dq_dqb.dqb_curinodes = newinodes;
1332
1333 out:
1334 spin_unlock(&dquot->dq_dqb_lock);
1335 return ret;
1336 }
1337
dquot_add_space(struct dquot * dquot,qsize_t space,qsize_t rsv_space,unsigned int flags,struct dquot_warn * warn)1338 static int dquot_add_space(struct dquot *dquot, qsize_t space,
1339 qsize_t rsv_space, unsigned int flags,
1340 struct dquot_warn *warn)
1341 {
1342 qsize_t tspace;
1343 struct super_block *sb = dquot->dq_sb;
1344 int ret = 0;
1345
1346 spin_lock(&dquot->dq_dqb_lock);
1347 if (!sb_has_quota_limits_enabled(sb, dquot->dq_id.type) ||
1348 test_bit(DQ_FAKE_B, &dquot->dq_flags))
1349 goto finish;
1350
1351 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace
1352 + space + rsv_space;
1353
1354 if (dquot->dq_dqb.dqb_bhardlimit &&
1355 tspace > dquot->dq_dqb.dqb_bhardlimit &&
1356 !ignore_hardlimit(dquot)) {
1357 if (flags & DQUOT_SPACE_WARN)
1358 prepare_warning(warn, dquot, QUOTA_NL_BHARDWARN);
1359 ret = -EDQUOT;
1360 goto finish;
1361 }
1362
1363 if (dquot->dq_dqb.dqb_bsoftlimit &&
1364 tspace > dquot->dq_dqb.dqb_bsoftlimit &&
1365 dquot->dq_dqb.dqb_btime &&
1366 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_btime &&
1367 !ignore_hardlimit(dquot)) {
1368 if (flags & DQUOT_SPACE_WARN)
1369 prepare_warning(warn, dquot, QUOTA_NL_BSOFTLONGWARN);
1370 ret = -EDQUOT;
1371 goto finish;
1372 }
1373
1374 if (dquot->dq_dqb.dqb_bsoftlimit &&
1375 tspace > dquot->dq_dqb.dqb_bsoftlimit &&
1376 dquot->dq_dqb.dqb_btime == 0) {
1377 if (flags & DQUOT_SPACE_WARN) {
1378 prepare_warning(warn, dquot, QUOTA_NL_BSOFTWARN);
1379 dquot->dq_dqb.dqb_btime = ktime_get_real_seconds() +
1380 sb_dqopt(sb)->info[dquot->dq_id.type].dqi_bgrace;
1381 } else {
1382 /*
1383 * We don't allow preallocation to exceed softlimit so exceeding will
1384 * be always printed
1385 */
1386 ret = -EDQUOT;
1387 goto finish;
1388 }
1389 }
1390 finish:
1391 /*
1392 * We have to be careful and go through warning generation & grace time
1393 * setting even if DQUOT_SPACE_NOFAIL is set. That's why we check it
1394 * only here...
1395 */
1396 if (flags & DQUOT_SPACE_NOFAIL)
1397 ret = 0;
1398 if (!ret) {
1399 dquot->dq_dqb.dqb_rsvspace += rsv_space;
1400 dquot->dq_dqb.dqb_curspace += space;
1401 }
1402 spin_unlock(&dquot->dq_dqb_lock);
1403 return ret;
1404 }
1405
info_idq_free(struct dquot * dquot,qsize_t inodes)1406 static int info_idq_free(struct dquot *dquot, qsize_t inodes)
1407 {
1408 qsize_t newinodes;
1409
1410 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) ||
1411 dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit ||
1412 !sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type))
1413 return QUOTA_NL_NOWARN;
1414
1415 newinodes = dquot->dq_dqb.dqb_curinodes - inodes;
1416 if (newinodes <= dquot->dq_dqb.dqb_isoftlimit)
1417 return QUOTA_NL_ISOFTBELOW;
1418 if (dquot->dq_dqb.dqb_curinodes >= dquot->dq_dqb.dqb_ihardlimit &&
1419 newinodes < dquot->dq_dqb.dqb_ihardlimit)
1420 return QUOTA_NL_IHARDBELOW;
1421 return QUOTA_NL_NOWARN;
1422 }
1423
info_bdq_free(struct dquot * dquot,qsize_t space)1424 static int info_bdq_free(struct dquot *dquot, qsize_t space)
1425 {
1426 qsize_t tspace;
1427
1428 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace;
1429
1430 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) ||
1431 tspace <= dquot->dq_dqb.dqb_bsoftlimit)
1432 return QUOTA_NL_NOWARN;
1433
1434 if (tspace - space <= dquot->dq_dqb.dqb_bsoftlimit)
1435 return QUOTA_NL_BSOFTBELOW;
1436 if (tspace >= dquot->dq_dqb.dqb_bhardlimit &&
1437 tspace - space < dquot->dq_dqb.dqb_bhardlimit)
1438 return QUOTA_NL_BHARDBELOW;
1439 return QUOTA_NL_NOWARN;
1440 }
1441
inode_quota_active(const struct inode * inode)1442 static int inode_quota_active(const struct inode *inode)
1443 {
1444 struct super_block *sb = inode->i_sb;
1445
1446 if (IS_NOQUOTA(inode))
1447 return 0;
1448 return sb_any_quota_loaded(sb) & ~sb_any_quota_suspended(sb);
1449 }
1450
1451 /*
1452 * Initialize quota pointers in inode
1453 *
1454 * It is better to call this function outside of any transaction as it
1455 * might need a lot of space in journal for dquot structure allocation.
1456 */
__dquot_initialize(struct inode * inode,int type)1457 static int __dquot_initialize(struct inode *inode, int type)
1458 {
1459 int cnt, init_needed = 0;
1460 struct dquot __rcu **dquots;
1461 struct dquot *got[MAXQUOTAS] = {};
1462 struct super_block *sb = inode->i_sb;
1463 qsize_t rsv;
1464 int ret = 0;
1465
1466 if (!inode_quota_active(inode))
1467 return 0;
1468
1469 dquots = i_dquot(inode);
1470
1471 /* First get references to structures we might need. */
1472 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1473 struct kqid qid;
1474 kprojid_t projid;
1475 int rc;
1476 struct dquot *dquot;
1477
1478 if (type != -1 && cnt != type)
1479 continue;
1480 /*
1481 * The i_dquot should have been initialized in most cases,
1482 * we check it without locking here to avoid unnecessary
1483 * dqget()/dqput() calls.
1484 */
1485 if (dquots[cnt])
1486 continue;
1487
1488 if (!sb_has_quota_active(sb, cnt))
1489 continue;
1490
1491 init_needed = 1;
1492
1493 switch (cnt) {
1494 case USRQUOTA:
1495 qid = make_kqid_uid(inode->i_uid);
1496 break;
1497 case GRPQUOTA:
1498 qid = make_kqid_gid(inode->i_gid);
1499 break;
1500 case PRJQUOTA:
1501 rc = inode->i_sb->dq_op->get_projid(inode, &projid);
1502 if (rc)
1503 continue;
1504 qid = make_kqid_projid(projid);
1505 break;
1506 }
1507 dquot = dqget(sb, qid);
1508 if (IS_ERR(dquot)) {
1509 /* We raced with somebody turning quotas off... */
1510 if (PTR_ERR(dquot) != -ESRCH) {
1511 ret = PTR_ERR(dquot);
1512 goto out_put;
1513 }
1514 dquot = NULL;
1515 }
1516 got[cnt] = dquot;
1517 }
1518
1519 /* All required i_dquot has been initialized */
1520 if (!init_needed)
1521 return 0;
1522
1523 spin_lock(&dq_data_lock);
1524 if (IS_NOQUOTA(inode))
1525 goto out_lock;
1526 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1527 if (type != -1 && cnt != type)
1528 continue;
1529 /* Avoid races with quotaoff() */
1530 if (!sb_has_quota_active(sb, cnt))
1531 continue;
1532 /* We could race with quotaon or dqget() could have failed */
1533 if (!got[cnt])
1534 continue;
1535 if (!dquots[cnt]) {
1536 rcu_assign_pointer(dquots[cnt], got[cnt]);
1537 got[cnt] = NULL;
1538 /*
1539 * Make quota reservation system happy if someone
1540 * did a write before quota was turned on
1541 */
1542 rsv = inode_get_rsv_space(inode);
1543 if (unlikely(rsv)) {
1544 struct dquot *dquot = srcu_dereference_check(
1545 dquots[cnt], &dquot_srcu,
1546 lockdep_is_held(&dq_data_lock));
1547
1548 spin_lock(&inode->i_lock);
1549 /* Get reservation again under proper lock */
1550 rsv = __inode_get_rsv_space(inode);
1551 spin_lock(&dquot->dq_dqb_lock);
1552 dquot->dq_dqb.dqb_rsvspace += rsv;
1553 spin_unlock(&dquot->dq_dqb_lock);
1554 spin_unlock(&inode->i_lock);
1555 }
1556 }
1557 }
1558 out_lock:
1559 spin_unlock(&dq_data_lock);
1560 out_put:
1561 /* Drop unused references */
1562 dqput_all(got);
1563
1564 return ret;
1565 }
1566
dquot_initialize(struct inode * inode)1567 int dquot_initialize(struct inode *inode)
1568 {
1569 return __dquot_initialize(inode, -1);
1570 }
1571 EXPORT_SYMBOL(dquot_initialize);
1572
dquot_initialize_needed(struct inode * inode)1573 bool dquot_initialize_needed(struct inode *inode)
1574 {
1575 struct dquot __rcu **dquots;
1576 int i;
1577
1578 if (!inode_quota_active(inode))
1579 return false;
1580
1581 dquots = i_dquot(inode);
1582 for (i = 0; i < MAXQUOTAS; i++)
1583 if (!dquots[i] && sb_has_quota_active(inode->i_sb, i))
1584 return true;
1585 return false;
1586 }
1587 EXPORT_SYMBOL(dquot_initialize_needed);
1588
1589 /*
1590 * Release all quotas referenced by inode.
1591 *
1592 * This function only be called on inode free or converting
1593 * a file to quota file, no other users for the i_dquot in
1594 * both cases, so we needn't call synchronize_srcu() after
1595 * clearing i_dquot.
1596 */
__dquot_drop(struct inode * inode)1597 static void __dquot_drop(struct inode *inode)
1598 {
1599 int cnt;
1600 struct dquot __rcu **dquots = i_dquot(inode);
1601 struct dquot *put[MAXQUOTAS];
1602
1603 spin_lock(&dq_data_lock);
1604 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1605 put[cnt] = srcu_dereference_check(dquots[cnt], &dquot_srcu,
1606 lockdep_is_held(&dq_data_lock));
1607 rcu_assign_pointer(dquots[cnt], NULL);
1608 }
1609 spin_unlock(&dq_data_lock);
1610 dqput_all(put);
1611 }
1612
dquot_drop(struct inode * inode)1613 void dquot_drop(struct inode *inode)
1614 {
1615 struct dquot __rcu * const *dquots;
1616 int cnt;
1617
1618 if (IS_NOQUOTA(inode))
1619 return;
1620
1621 /*
1622 * Test before calling to rule out calls from proc and such
1623 * where we are not allowed to block. Note that this is
1624 * actually reliable test even without the lock - the caller
1625 * must assure that nobody can come after the DQUOT_DROP and
1626 * add quota pointers back anyway.
1627 */
1628 dquots = i_dquot(inode);
1629 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1630 if (dquots[cnt])
1631 break;
1632 }
1633
1634 if (cnt < MAXQUOTAS)
1635 __dquot_drop(inode);
1636 }
1637 EXPORT_SYMBOL(dquot_drop);
1638
1639 /*
1640 * inode_reserved_space is managed internally by quota, and protected by
1641 * i_lock similar to i_blocks+i_bytes.
1642 */
inode_reserved_space(struct inode * inode)1643 static qsize_t *inode_reserved_space(struct inode * inode)
1644 {
1645 /* Filesystem must explicitly define it's own method in order to use
1646 * quota reservation interface */
1647 BUG_ON(!inode->i_sb->dq_op->get_reserved_space);
1648 return inode->i_sb->dq_op->get_reserved_space(inode);
1649 }
1650
__inode_get_rsv_space(struct inode * inode)1651 static qsize_t __inode_get_rsv_space(struct inode *inode)
1652 {
1653 if (!inode->i_sb->dq_op->get_reserved_space)
1654 return 0;
1655 return *inode_reserved_space(inode);
1656 }
1657
inode_get_rsv_space(struct inode * inode)1658 static qsize_t inode_get_rsv_space(struct inode *inode)
1659 {
1660 qsize_t ret;
1661
1662 if (!inode->i_sb->dq_op->get_reserved_space)
1663 return 0;
1664 spin_lock(&inode->i_lock);
1665 ret = __inode_get_rsv_space(inode);
1666 spin_unlock(&inode->i_lock);
1667 return ret;
1668 }
1669
1670 /*
1671 * This functions updates i_blocks+i_bytes fields and quota information
1672 * (together with appropriate checks).
1673 *
1674 * NOTE: We absolutely rely on the fact that caller dirties the inode
1675 * (usually helpers in quotaops.h care about this) and holds a handle for
1676 * the current transaction so that dquot write and inode write go into the
1677 * same transaction.
1678 */
1679
1680 /*
1681 * This operation can block, but only after everything is updated
1682 */
__dquot_alloc_space(struct inode * inode,qsize_t number,int flags)1683 int __dquot_alloc_space(struct inode *inode, qsize_t number, int flags)
1684 {
1685 int cnt, ret = 0, index;
1686 struct dquot_warn warn[MAXQUOTAS];
1687 int reserve = flags & DQUOT_SPACE_RESERVE;
1688 struct dquot __rcu **dquots;
1689 struct dquot *dquot;
1690
1691 if (!inode_quota_active(inode)) {
1692 if (reserve) {
1693 spin_lock(&inode->i_lock);
1694 *inode_reserved_space(inode) += number;
1695 spin_unlock(&inode->i_lock);
1696 } else {
1697 inode_add_bytes(inode, number);
1698 }
1699 goto out;
1700 }
1701
1702 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1703 warn[cnt].w_type = QUOTA_NL_NOWARN;
1704
1705 dquots = i_dquot(inode);
1706 index = srcu_read_lock(&dquot_srcu);
1707 spin_lock(&inode->i_lock);
1708 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1709 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1710 if (!dquot)
1711 continue;
1712 if (reserve) {
1713 ret = dquot_add_space(dquot, 0, number, flags, &warn[cnt]);
1714 } else {
1715 ret = dquot_add_space(dquot, number, 0, flags, &warn[cnt]);
1716 }
1717 if (ret) {
1718 /* Back out changes we already did */
1719 for (cnt--; cnt >= 0; cnt--) {
1720 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1721 if (!dquot)
1722 continue;
1723 spin_lock(&dquot->dq_dqb_lock);
1724 if (reserve)
1725 dquot_free_reserved_space(dquot, number);
1726 else
1727 dquot_decr_space(dquot, number);
1728 spin_unlock(&dquot->dq_dqb_lock);
1729 }
1730 spin_unlock(&inode->i_lock);
1731 goto out_flush_warn;
1732 }
1733 }
1734 if (reserve)
1735 *inode_reserved_space(inode) += number;
1736 else
1737 __inode_add_bytes(inode, number);
1738 spin_unlock(&inode->i_lock);
1739
1740 if (reserve)
1741 goto out_flush_warn;
1742 mark_all_dquot_dirty(dquots);
1743 out_flush_warn:
1744 srcu_read_unlock(&dquot_srcu, index);
1745 flush_warnings(warn);
1746 out:
1747 return ret;
1748 }
1749 EXPORT_SYMBOL(__dquot_alloc_space);
1750
1751 /*
1752 * This operation can block, but only after everything is updated
1753 */
dquot_alloc_inode(struct inode * inode)1754 int dquot_alloc_inode(struct inode *inode)
1755 {
1756 int cnt, ret = 0, index;
1757 struct dquot_warn warn[MAXQUOTAS];
1758 struct dquot __rcu * const *dquots;
1759 struct dquot *dquot;
1760
1761 if (!inode_quota_active(inode))
1762 return 0;
1763 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1764 warn[cnt].w_type = QUOTA_NL_NOWARN;
1765
1766 dquots = i_dquot(inode);
1767 index = srcu_read_lock(&dquot_srcu);
1768 spin_lock(&inode->i_lock);
1769 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1770 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1771 if (!dquot)
1772 continue;
1773 ret = dquot_add_inodes(dquot, 1, &warn[cnt]);
1774 if (ret) {
1775 for (cnt--; cnt >= 0; cnt--) {
1776 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1777 if (!dquot)
1778 continue;
1779 /* Back out changes we already did */
1780 spin_lock(&dquot->dq_dqb_lock);
1781 dquot_decr_inodes(dquot, 1);
1782 spin_unlock(&dquot->dq_dqb_lock);
1783 }
1784 goto warn_put_all;
1785 }
1786 }
1787
1788 warn_put_all:
1789 spin_unlock(&inode->i_lock);
1790 if (ret == 0)
1791 mark_all_dquot_dirty(dquots);
1792 srcu_read_unlock(&dquot_srcu, index);
1793 flush_warnings(warn);
1794 return ret;
1795 }
1796 EXPORT_SYMBOL(dquot_alloc_inode);
1797
1798 /*
1799 * Convert in-memory reserved quotas to real consumed quotas
1800 */
dquot_claim_space_nodirty(struct inode * inode,qsize_t number)1801 int dquot_claim_space_nodirty(struct inode *inode, qsize_t number)
1802 {
1803 struct dquot __rcu **dquots;
1804 struct dquot *dquot;
1805 int cnt, index;
1806
1807 if (!inode_quota_active(inode)) {
1808 spin_lock(&inode->i_lock);
1809 *inode_reserved_space(inode) -= number;
1810 __inode_add_bytes(inode, number);
1811 spin_unlock(&inode->i_lock);
1812 return 0;
1813 }
1814
1815 dquots = i_dquot(inode);
1816 index = srcu_read_lock(&dquot_srcu);
1817 spin_lock(&inode->i_lock);
1818 /* Claim reserved quotas to allocated quotas */
1819 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1820 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1821 if (dquot) {
1822 spin_lock(&dquot->dq_dqb_lock);
1823 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_rsvspace < number))
1824 number = dquot->dq_dqb.dqb_rsvspace;
1825 dquot->dq_dqb.dqb_curspace += number;
1826 dquot->dq_dqb.dqb_rsvspace -= number;
1827 spin_unlock(&dquot->dq_dqb_lock);
1828 }
1829 }
1830 /* Update inode bytes */
1831 *inode_reserved_space(inode) -= number;
1832 __inode_add_bytes(inode, number);
1833 spin_unlock(&inode->i_lock);
1834 mark_all_dquot_dirty(dquots);
1835 srcu_read_unlock(&dquot_srcu, index);
1836 return 0;
1837 }
1838 EXPORT_SYMBOL(dquot_claim_space_nodirty);
1839
1840 /*
1841 * Convert allocated space back to in-memory reserved quotas
1842 */
dquot_reclaim_space_nodirty(struct inode * inode,qsize_t number)1843 void dquot_reclaim_space_nodirty(struct inode *inode, qsize_t number)
1844 {
1845 struct dquot __rcu **dquots;
1846 struct dquot *dquot;
1847 int cnt, index;
1848
1849 if (!inode_quota_active(inode)) {
1850 spin_lock(&inode->i_lock);
1851 *inode_reserved_space(inode) += number;
1852 __inode_sub_bytes(inode, number);
1853 spin_unlock(&inode->i_lock);
1854 return;
1855 }
1856
1857 dquots = i_dquot(inode);
1858 index = srcu_read_lock(&dquot_srcu);
1859 spin_lock(&inode->i_lock);
1860 /* Claim reserved quotas to allocated quotas */
1861 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1862 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1863 if (dquot) {
1864 spin_lock(&dquot->dq_dqb_lock);
1865 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_curspace < number))
1866 number = dquot->dq_dqb.dqb_curspace;
1867 dquot->dq_dqb.dqb_rsvspace += number;
1868 dquot->dq_dqb.dqb_curspace -= number;
1869 spin_unlock(&dquot->dq_dqb_lock);
1870 }
1871 }
1872 /* Update inode bytes */
1873 *inode_reserved_space(inode) += number;
1874 __inode_sub_bytes(inode, number);
1875 spin_unlock(&inode->i_lock);
1876 mark_all_dquot_dirty(dquots);
1877 srcu_read_unlock(&dquot_srcu, index);
1878 return;
1879 }
1880 EXPORT_SYMBOL(dquot_reclaim_space_nodirty);
1881
1882 /*
1883 * This operation can block, but only after everything is updated
1884 */
__dquot_free_space(struct inode * inode,qsize_t number,int flags)1885 void __dquot_free_space(struct inode *inode, qsize_t number, int flags)
1886 {
1887 unsigned int cnt;
1888 struct dquot_warn warn[MAXQUOTAS];
1889 struct dquot __rcu **dquots;
1890 struct dquot *dquot;
1891 int reserve = flags & DQUOT_SPACE_RESERVE, index;
1892
1893 if (!inode_quota_active(inode)) {
1894 if (reserve) {
1895 spin_lock(&inode->i_lock);
1896 *inode_reserved_space(inode) -= number;
1897 spin_unlock(&inode->i_lock);
1898 } else {
1899 inode_sub_bytes(inode, number);
1900 }
1901 return;
1902 }
1903
1904 dquots = i_dquot(inode);
1905 index = srcu_read_lock(&dquot_srcu);
1906 spin_lock(&inode->i_lock);
1907 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1908 int wtype;
1909
1910 warn[cnt].w_type = QUOTA_NL_NOWARN;
1911 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1912 if (!dquot)
1913 continue;
1914 spin_lock(&dquot->dq_dqb_lock);
1915 wtype = info_bdq_free(dquot, number);
1916 if (wtype != QUOTA_NL_NOWARN)
1917 prepare_warning(&warn[cnt], dquot, wtype);
1918 if (reserve)
1919 dquot_free_reserved_space(dquot, number);
1920 else
1921 dquot_decr_space(dquot, number);
1922 spin_unlock(&dquot->dq_dqb_lock);
1923 }
1924 if (reserve)
1925 *inode_reserved_space(inode) -= number;
1926 else
1927 __inode_sub_bytes(inode, number);
1928 spin_unlock(&inode->i_lock);
1929
1930 if (reserve)
1931 goto out_unlock;
1932 mark_all_dquot_dirty(dquots);
1933 out_unlock:
1934 srcu_read_unlock(&dquot_srcu, index);
1935 flush_warnings(warn);
1936 }
1937 EXPORT_SYMBOL(__dquot_free_space);
1938
1939 /*
1940 * This operation can block, but only after everything is updated
1941 */
dquot_free_inode(struct inode * inode)1942 void dquot_free_inode(struct inode *inode)
1943 {
1944 unsigned int cnt;
1945 struct dquot_warn warn[MAXQUOTAS];
1946 struct dquot __rcu * const *dquots;
1947 struct dquot *dquot;
1948 int index;
1949
1950 if (!inode_quota_active(inode))
1951 return;
1952
1953 dquots = i_dquot(inode);
1954 index = srcu_read_lock(&dquot_srcu);
1955 spin_lock(&inode->i_lock);
1956 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1957 int wtype;
1958 warn[cnt].w_type = QUOTA_NL_NOWARN;
1959 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1960 if (!dquot)
1961 continue;
1962 spin_lock(&dquot->dq_dqb_lock);
1963 wtype = info_idq_free(dquot, 1);
1964 if (wtype != QUOTA_NL_NOWARN)
1965 prepare_warning(&warn[cnt], dquot, wtype);
1966 dquot_decr_inodes(dquot, 1);
1967 spin_unlock(&dquot->dq_dqb_lock);
1968 }
1969 spin_unlock(&inode->i_lock);
1970 mark_all_dquot_dirty(dquots);
1971 srcu_read_unlock(&dquot_srcu, index);
1972 flush_warnings(warn);
1973 }
1974 EXPORT_SYMBOL(dquot_free_inode);
1975
1976 /*
1977 * Transfer the number of inode and blocks from one diskquota to an other.
1978 * On success, dquot references in transfer_to are consumed and references
1979 * to original dquots that need to be released are placed there. On failure,
1980 * references are kept untouched.
1981 *
1982 * This operation can block, but only after everything is updated
1983 * A transaction must be started when entering this function.
1984 *
1985 * We are holding reference on transfer_from & transfer_to, no need to
1986 * protect them by srcu_read_lock().
1987 */
__dquot_transfer(struct inode * inode,struct dquot ** transfer_to)1988 int __dquot_transfer(struct inode *inode, struct dquot **transfer_to)
1989 {
1990 qsize_t cur_space;
1991 qsize_t rsv_space = 0;
1992 qsize_t inode_usage = 1;
1993 struct dquot __rcu **dquots;
1994 struct dquot *transfer_from[MAXQUOTAS] = {};
1995 int cnt, index, ret = 0;
1996 char is_valid[MAXQUOTAS] = {};
1997 struct dquot_warn warn_to[MAXQUOTAS];
1998 struct dquot_warn warn_from_inodes[MAXQUOTAS];
1999 struct dquot_warn warn_from_space[MAXQUOTAS];
2000
2001 if (IS_NOQUOTA(inode))
2002 return 0;
2003
2004 if (inode->i_sb->dq_op->get_inode_usage) {
2005 ret = inode->i_sb->dq_op->get_inode_usage(inode, &inode_usage);
2006 if (ret)
2007 return ret;
2008 }
2009
2010 /* Initialize the arrays */
2011 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2012 warn_to[cnt].w_type = QUOTA_NL_NOWARN;
2013 warn_from_inodes[cnt].w_type = QUOTA_NL_NOWARN;
2014 warn_from_space[cnt].w_type = QUOTA_NL_NOWARN;
2015 }
2016
2017 spin_lock(&dq_data_lock);
2018 spin_lock(&inode->i_lock);
2019 if (IS_NOQUOTA(inode)) { /* File without quota accounting? */
2020 spin_unlock(&inode->i_lock);
2021 spin_unlock(&dq_data_lock);
2022 return 0;
2023 }
2024 cur_space = __inode_get_bytes(inode);
2025 rsv_space = __inode_get_rsv_space(inode);
2026 dquots = i_dquot(inode);
2027 /*
2028 * Build the transfer_from list, check limits, and update usage in
2029 * the target structures.
2030 */
2031 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2032 /*
2033 * Skip changes for same uid or gid or for turned off quota-type.
2034 */
2035 if (!transfer_to[cnt])
2036 continue;
2037 /* Avoid races with quotaoff() */
2038 if (!sb_has_quota_active(inode->i_sb, cnt))
2039 continue;
2040 is_valid[cnt] = 1;
2041 transfer_from[cnt] = srcu_dereference_check(dquots[cnt],
2042 &dquot_srcu, lockdep_is_held(&dq_data_lock));
2043 ret = dquot_add_inodes(transfer_to[cnt], inode_usage,
2044 &warn_to[cnt]);
2045 if (ret)
2046 goto over_quota;
2047 ret = dquot_add_space(transfer_to[cnt], cur_space, rsv_space,
2048 DQUOT_SPACE_WARN, &warn_to[cnt]);
2049 if (ret) {
2050 spin_lock(&transfer_to[cnt]->dq_dqb_lock);
2051 dquot_decr_inodes(transfer_to[cnt], inode_usage);
2052 spin_unlock(&transfer_to[cnt]->dq_dqb_lock);
2053 goto over_quota;
2054 }
2055 }
2056
2057 /* Decrease usage for source structures and update quota pointers */
2058 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2059 if (!is_valid[cnt])
2060 continue;
2061 /* Due to IO error we might not have transfer_from[] structure */
2062 if (transfer_from[cnt]) {
2063 int wtype;
2064
2065 spin_lock(&transfer_from[cnt]->dq_dqb_lock);
2066 wtype = info_idq_free(transfer_from[cnt], inode_usage);
2067 if (wtype != QUOTA_NL_NOWARN)
2068 prepare_warning(&warn_from_inodes[cnt],
2069 transfer_from[cnt], wtype);
2070 wtype = info_bdq_free(transfer_from[cnt],
2071 cur_space + rsv_space);
2072 if (wtype != QUOTA_NL_NOWARN)
2073 prepare_warning(&warn_from_space[cnt],
2074 transfer_from[cnt], wtype);
2075 dquot_decr_inodes(transfer_from[cnt], inode_usage);
2076 dquot_decr_space(transfer_from[cnt], cur_space);
2077 dquot_free_reserved_space(transfer_from[cnt],
2078 rsv_space);
2079 spin_unlock(&transfer_from[cnt]->dq_dqb_lock);
2080 }
2081 rcu_assign_pointer(dquots[cnt], transfer_to[cnt]);
2082 }
2083 spin_unlock(&inode->i_lock);
2084 spin_unlock(&dq_data_lock);
2085
2086 /*
2087 * These arrays are local and we hold dquot references so we don't need
2088 * the srcu protection but still take dquot_srcu to avoid warning in
2089 * mark_all_dquot_dirty().
2090 */
2091 index = srcu_read_lock(&dquot_srcu);
2092 mark_all_dquot_dirty((struct dquot __rcu **)transfer_from);
2093 mark_all_dquot_dirty((struct dquot __rcu **)transfer_to);
2094 srcu_read_unlock(&dquot_srcu, index);
2095
2096 flush_warnings(warn_to);
2097 flush_warnings(warn_from_inodes);
2098 flush_warnings(warn_from_space);
2099 /* Pass back references to put */
2100 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
2101 if (is_valid[cnt])
2102 transfer_to[cnt] = transfer_from[cnt];
2103 return 0;
2104 over_quota:
2105 /* Back out changes we already did */
2106 for (cnt--; cnt >= 0; cnt--) {
2107 if (!is_valid[cnt])
2108 continue;
2109 spin_lock(&transfer_to[cnt]->dq_dqb_lock);
2110 dquot_decr_inodes(transfer_to[cnt], inode_usage);
2111 dquot_decr_space(transfer_to[cnt], cur_space);
2112 dquot_free_reserved_space(transfer_to[cnt], rsv_space);
2113 spin_unlock(&transfer_to[cnt]->dq_dqb_lock);
2114 }
2115 spin_unlock(&inode->i_lock);
2116 spin_unlock(&dq_data_lock);
2117 flush_warnings(warn_to);
2118 return ret;
2119 }
2120 EXPORT_SYMBOL(__dquot_transfer);
2121
2122 /* Wrapper for transferring ownership of an inode for uid/gid only
2123 * Called from FSXXX_setattr()
2124 */
dquot_transfer(struct inode * inode,struct iattr * iattr)2125 int dquot_transfer(struct inode *inode, struct iattr *iattr)
2126 {
2127 struct dquot *transfer_to[MAXQUOTAS] = {};
2128 struct dquot *dquot;
2129 struct super_block *sb = inode->i_sb;
2130 int ret;
2131
2132 if (!inode_quota_active(inode))
2133 return 0;
2134
2135 if (iattr->ia_valid & ATTR_UID && !uid_eq(iattr->ia_uid, inode->i_uid)){
2136 dquot = dqget(sb, make_kqid_uid(iattr->ia_uid));
2137 if (IS_ERR(dquot)) {
2138 if (PTR_ERR(dquot) != -ESRCH) {
2139 ret = PTR_ERR(dquot);
2140 goto out_put;
2141 }
2142 dquot = NULL;
2143 }
2144 transfer_to[USRQUOTA] = dquot;
2145 }
2146 if (iattr->ia_valid & ATTR_GID && !gid_eq(iattr->ia_gid, inode->i_gid)){
2147 dquot = dqget(sb, make_kqid_gid(iattr->ia_gid));
2148 if (IS_ERR(dquot)) {
2149 if (PTR_ERR(dquot) != -ESRCH) {
2150 ret = PTR_ERR(dquot);
2151 goto out_put;
2152 }
2153 dquot = NULL;
2154 }
2155 transfer_to[GRPQUOTA] = dquot;
2156 }
2157 ret = __dquot_transfer(inode, transfer_to);
2158 out_put:
2159 dqput_all(transfer_to);
2160 return ret;
2161 }
2162 EXPORT_SYMBOL(dquot_transfer);
2163
2164 /*
2165 * Write info of quota file to disk
2166 */
dquot_commit_info(struct super_block * sb,int type)2167 int dquot_commit_info(struct super_block *sb, int type)
2168 {
2169 struct quota_info *dqopt = sb_dqopt(sb);
2170
2171 return dqopt->ops[type]->write_file_info(sb, type);
2172 }
2173 EXPORT_SYMBOL(dquot_commit_info);
2174
dquot_get_next_id(struct super_block * sb,struct kqid * qid)2175 int dquot_get_next_id(struct super_block *sb, struct kqid *qid)
2176 {
2177 struct quota_info *dqopt = sb_dqopt(sb);
2178
2179 if (!sb_has_quota_active(sb, qid->type))
2180 return -ESRCH;
2181 if (!dqopt->ops[qid->type]->get_next_id)
2182 return -ENOSYS;
2183 return dqopt->ops[qid->type]->get_next_id(sb, qid);
2184 }
2185 EXPORT_SYMBOL(dquot_get_next_id);
2186
2187 /*
2188 * Definitions of diskquota operations.
2189 */
2190 const struct dquot_operations dquot_operations = {
2191 .write_dquot = dquot_commit,
2192 .acquire_dquot = dquot_acquire,
2193 .release_dquot = dquot_release,
2194 .mark_dirty = dquot_mark_dquot_dirty,
2195 .write_info = dquot_commit_info,
2196 .alloc_dquot = dquot_alloc,
2197 .destroy_dquot = dquot_destroy,
2198 .get_next_id = dquot_get_next_id,
2199 };
2200 EXPORT_SYMBOL(dquot_operations);
2201
2202 /*
2203 * Generic helper for ->open on filesystems supporting disk quotas.
2204 */
dquot_file_open(struct inode * inode,struct file * file)2205 int dquot_file_open(struct inode *inode, struct file *file)
2206 {
2207 int error;
2208
2209 error = generic_file_open(inode, file);
2210 if (!error && (file->f_mode & FMODE_WRITE))
2211 error = dquot_initialize(inode);
2212 return error;
2213 }
2214 EXPORT_SYMBOL(dquot_file_open);
2215
2216 /*
2217 * Turn quota off on a device. type == -1 ==> quotaoff for all types (umount)
2218 */
dquot_disable(struct super_block * sb,int type,unsigned int flags)2219 int dquot_disable(struct super_block *sb, int type, unsigned int flags)
2220 {
2221 int cnt, ret = 0;
2222 struct quota_info *dqopt = sb_dqopt(sb);
2223 struct inode *toputinode[MAXQUOTAS];
2224
2225 /* s_umount should be held in exclusive mode */
2226 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount)))
2227 up_read(&sb->s_umount);
2228
2229 /* Cannot turn off usage accounting without turning off limits, or
2230 * suspend quotas and simultaneously turn quotas off. */
2231 if ((flags & DQUOT_USAGE_ENABLED && !(flags & DQUOT_LIMITS_ENABLED))
2232 || (flags & DQUOT_SUSPENDED && flags & (DQUOT_LIMITS_ENABLED |
2233 DQUOT_USAGE_ENABLED)))
2234 return -EINVAL;
2235
2236 /*
2237 * Skip everything if there's nothing to do. We have to do this because
2238 * sometimes we are called when fill_super() failed and calling
2239 * sync_fs() in such cases does no good.
2240 */
2241 if (!sb_any_quota_loaded(sb))
2242 return 0;
2243
2244 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2245 toputinode[cnt] = NULL;
2246 if (type != -1 && cnt != type)
2247 continue;
2248 if (!sb_has_quota_loaded(sb, cnt))
2249 continue;
2250
2251 if (flags & DQUOT_SUSPENDED) {
2252 spin_lock(&dq_state_lock);
2253 dqopt->flags |=
2254 dquot_state_flag(DQUOT_SUSPENDED, cnt);
2255 spin_unlock(&dq_state_lock);
2256 } else {
2257 spin_lock(&dq_state_lock);
2258 dqopt->flags &= ~dquot_state_flag(flags, cnt);
2259 /* Turning off suspended quotas? */
2260 if (!sb_has_quota_loaded(sb, cnt) &&
2261 sb_has_quota_suspended(sb, cnt)) {
2262 dqopt->flags &= ~dquot_state_flag(
2263 DQUOT_SUSPENDED, cnt);
2264 spin_unlock(&dq_state_lock);
2265 iput(dqopt->files[cnt]);
2266 dqopt->files[cnt] = NULL;
2267 continue;
2268 }
2269 spin_unlock(&dq_state_lock);
2270 }
2271
2272 /* We still have to keep quota loaded? */
2273 if (sb_has_quota_loaded(sb, cnt) && !(flags & DQUOT_SUSPENDED))
2274 continue;
2275
2276 /* Note: these are blocking operations */
2277 drop_dquot_ref(sb, cnt);
2278 invalidate_dquots(sb, cnt);
2279 /*
2280 * Now all dquots should be invalidated, all writes done so we
2281 * should be only users of the info. No locks needed.
2282 */
2283 if (info_dirty(&dqopt->info[cnt]))
2284 sb->dq_op->write_info(sb, cnt);
2285 if (dqopt->ops[cnt]->free_file_info)
2286 dqopt->ops[cnt]->free_file_info(sb, cnt);
2287 put_quota_format(dqopt->info[cnt].dqi_format);
2288
2289 toputinode[cnt] = dqopt->files[cnt];
2290 if (!sb_has_quota_loaded(sb, cnt))
2291 dqopt->files[cnt] = NULL;
2292 dqopt->info[cnt].dqi_flags = 0;
2293 dqopt->info[cnt].dqi_igrace = 0;
2294 dqopt->info[cnt].dqi_bgrace = 0;
2295 dqopt->ops[cnt] = NULL;
2296 }
2297
2298 /* Skip syncing and setting flags if quota files are hidden */
2299 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE)
2300 goto put_inodes;
2301
2302 /* Sync the superblock so that buffers with quota data are written to
2303 * disk (and so userspace sees correct data afterwards). */
2304 if (sb->s_op->sync_fs)
2305 sb->s_op->sync_fs(sb, 1);
2306 sync_blockdev(sb->s_bdev);
2307 /* Now the quota files are just ordinary files and we can set the
2308 * inode flags back. Moreover we discard the pagecache so that
2309 * userspace sees the writes we did bypassing the pagecache. We
2310 * must also discard the blockdev buffers so that we see the
2311 * changes done by userspace on the next quotaon() */
2312 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
2313 /* This can happen when suspending quotas on remount-ro... */
2314 if (toputinode[cnt] && !sb_has_quota_loaded(sb, cnt)) {
2315 inode_lock(toputinode[cnt]);
2316 toputinode[cnt]->i_flags &= ~S_NOQUOTA;
2317 truncate_inode_pages(&toputinode[cnt]->i_data, 0);
2318 inode_unlock(toputinode[cnt]);
2319 mark_inode_dirty_sync(toputinode[cnt]);
2320 }
2321 if (sb->s_bdev)
2322 invalidate_bdev(sb->s_bdev);
2323 put_inodes:
2324 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
2325 if (toputinode[cnt]) {
2326 /* On remount RO, we keep the inode pointer so that we
2327 * can reenable quota on the subsequent remount RW. We
2328 * have to check 'flags' variable and not use sb_has_
2329 * function because another quotaon / quotaoff could
2330 * change global state before we got here. We refuse
2331 * to suspend quotas when there is pending delete on
2332 * the quota file... */
2333 if (!(flags & DQUOT_SUSPENDED))
2334 iput(toputinode[cnt]);
2335 else if (!toputinode[cnt]->i_nlink)
2336 ret = -EBUSY;
2337 }
2338 return ret;
2339 }
2340 EXPORT_SYMBOL(dquot_disable);
2341
dquot_quota_off(struct super_block * sb,int type)2342 int dquot_quota_off(struct super_block *sb, int type)
2343 {
2344 return dquot_disable(sb, type,
2345 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED);
2346 }
2347 EXPORT_SYMBOL(dquot_quota_off);
2348
2349 /*
2350 * Turn quotas on on a device
2351 */
2352
vfs_setup_quota_inode(struct inode * inode,int type)2353 static int vfs_setup_quota_inode(struct inode *inode, int type)
2354 {
2355 struct super_block *sb = inode->i_sb;
2356 struct quota_info *dqopt = sb_dqopt(sb);
2357
2358 if (is_bad_inode(inode))
2359 return -EUCLEAN;
2360 if (!S_ISREG(inode->i_mode))
2361 return -EACCES;
2362 if (IS_RDONLY(inode))
2363 return -EROFS;
2364 if (sb_has_quota_loaded(sb, type))
2365 return -EBUSY;
2366
2367 /*
2368 * Quota files should never be encrypted. They should be thought of as
2369 * filesystem metadata, not user data. New-style internal quota files
2370 * cannot be encrypted by users anyway, but old-style external quota
2371 * files could potentially be incorrectly created in an encrypted
2372 * directory, hence this explicit check. Some reasons why encrypted
2373 * quota files don't work include: (1) some filesystems that support
2374 * encryption don't handle it in their quota_read and quota_write, and
2375 * (2) cleaning up encrypted quota files at unmount would need special
2376 * consideration, as quota files are cleaned up later than user files.
2377 */
2378 if (IS_ENCRYPTED(inode))
2379 return -EINVAL;
2380
2381 dqopt->files[type] = igrab(inode);
2382 if (!dqopt->files[type])
2383 return -EIO;
2384 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
2385 /* We don't want quota and atime on quota files (deadlocks
2386 * possible) Also nobody should write to the file - we use
2387 * special IO operations which ignore the immutable bit. */
2388 inode_lock(inode);
2389 inode->i_flags |= S_NOQUOTA;
2390 inode_unlock(inode);
2391 /*
2392 * When S_NOQUOTA is set, remove dquot references as no more
2393 * references can be added
2394 */
2395 __dquot_drop(inode);
2396 }
2397 return 0;
2398 }
2399
vfs_cleanup_quota_inode(struct super_block * sb,int type)2400 static void vfs_cleanup_quota_inode(struct super_block *sb, int type)
2401 {
2402 struct quota_info *dqopt = sb_dqopt(sb);
2403 struct inode *inode = dqopt->files[type];
2404
2405 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
2406 inode_lock(inode);
2407 inode->i_flags &= ~S_NOQUOTA;
2408 inode_unlock(inode);
2409 }
2410 dqopt->files[type] = NULL;
2411 iput(inode);
2412 }
2413
dquot_load_quota_sb(struct super_block * sb,int type,int format_id,unsigned int flags)2414 int dquot_load_quota_sb(struct super_block *sb, int type, int format_id,
2415 unsigned int flags)
2416 {
2417 struct quota_format_type *fmt = find_quota_format(format_id);
2418 struct quota_info *dqopt = sb_dqopt(sb);
2419 int error;
2420
2421 if (!fmt)
2422 return -ESRCH;
2423 if (!sb->s_op->quota_write || !sb->s_op->quota_read ||
2424 (type == PRJQUOTA && sb->dq_op->get_projid == NULL)) {
2425 error = -EINVAL;
2426 goto out_fmt;
2427 }
2428 /* Filesystems outside of init_user_ns not yet supported */
2429 if (sb->s_user_ns != &init_user_ns) {
2430 error = -EINVAL;
2431 goto out_fmt;
2432 }
2433 /* Usage always has to be set... */
2434 if (!(flags & DQUOT_USAGE_ENABLED)) {
2435 error = -EINVAL;
2436 goto out_fmt;
2437 }
2438 if (sb_has_quota_loaded(sb, type)) {
2439 error = -EBUSY;
2440 goto out_fmt;
2441 }
2442
2443 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
2444 /* As we bypass the pagecache we must now flush all the
2445 * dirty data and invalidate caches so that kernel sees
2446 * changes from userspace. It is not enough to just flush
2447 * the quota file since if blocksize < pagesize, invalidation
2448 * of the cache could fail because of other unrelated dirty
2449 * data */
2450 sync_filesystem(sb);
2451 invalidate_bdev(sb->s_bdev);
2452 }
2453
2454 error = -EINVAL;
2455 if (!fmt->qf_ops->check_quota_file(sb, type))
2456 goto out_fmt;
2457
2458 dqopt->ops[type] = fmt->qf_ops;
2459 dqopt->info[type].dqi_format = fmt;
2460 dqopt->info[type].dqi_fmt_id = format_id;
2461 INIT_LIST_HEAD(&dqopt->info[type].dqi_dirty_list);
2462 error = dqopt->ops[type]->read_file_info(sb, type);
2463 if (error < 0)
2464 goto out_fmt;
2465 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) {
2466 spin_lock(&dq_data_lock);
2467 dqopt->info[type].dqi_flags |= DQF_SYS_FILE;
2468 spin_unlock(&dq_data_lock);
2469 }
2470 spin_lock(&dq_state_lock);
2471 dqopt->flags |= dquot_state_flag(flags, type);
2472 spin_unlock(&dq_state_lock);
2473
2474 error = add_dquot_ref(sb, type);
2475 if (error)
2476 dquot_disable(sb, type,
2477 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED);
2478
2479 return error;
2480 out_fmt:
2481 put_quota_format(fmt);
2482
2483 return error;
2484 }
2485 EXPORT_SYMBOL(dquot_load_quota_sb);
2486
2487 /*
2488 * Helper function to turn quotas on when we already have the inode of
2489 * quota file and no quota information is loaded.
2490 */
vfs_load_quota_inode(struct inode * inode,int type,int format_id,unsigned int flags)2491 static int vfs_load_quota_inode(struct inode *inode, int type, int format_id,
2492 unsigned int flags)
2493 {
2494 int err;
2495
2496 err = vfs_setup_quota_inode(inode, type);
2497 if (err < 0)
2498 return err;
2499 err = dquot_load_quota_sb(inode->i_sb, type, format_id, flags);
2500 if (err < 0)
2501 vfs_cleanup_quota_inode(inode->i_sb, type);
2502 return err;
2503 }
2504
2505 /* Reenable quotas on remount RW */
dquot_resume(struct super_block * sb,int type)2506 int dquot_resume(struct super_block *sb, int type)
2507 {
2508 struct quota_info *dqopt = sb_dqopt(sb);
2509 struct inode *inode;
2510 int ret = 0, cnt;
2511 unsigned int flags;
2512
2513 /* s_umount should be held in exclusive mode */
2514 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount)))
2515 up_read(&sb->s_umount);
2516
2517 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2518 if (type != -1 && cnt != type)
2519 continue;
2520 if (!sb_has_quota_suspended(sb, cnt))
2521 continue;
2522
2523 inode = dqopt->files[cnt];
2524 dqopt->files[cnt] = NULL;
2525 spin_lock(&dq_state_lock);
2526 flags = dqopt->flags & dquot_state_flag(DQUOT_USAGE_ENABLED |
2527 DQUOT_LIMITS_ENABLED,
2528 cnt);
2529 dqopt->flags &= ~dquot_state_flag(DQUOT_STATE_FLAGS, cnt);
2530 spin_unlock(&dq_state_lock);
2531
2532 flags = dquot_generic_flag(flags, cnt);
2533 ret = vfs_load_quota_inode(inode, cnt,
2534 dqopt->info[cnt].dqi_fmt_id, flags);
2535 iput(inode);
2536 }
2537
2538 return ret;
2539 }
2540 EXPORT_SYMBOL(dquot_resume);
2541
dquot_quota_on(struct super_block * sb,int type,int format_id,const struct path * path)2542 int dquot_quota_on(struct super_block *sb, int type, int format_id,
2543 const struct path *path)
2544 {
2545 int error = security_quota_on(path->dentry);
2546 if (error)
2547 return error;
2548 /* Quota file not on the same filesystem? */
2549 if (path->dentry->d_sb != sb)
2550 error = -EXDEV;
2551 else
2552 error = vfs_load_quota_inode(d_inode(path->dentry), type,
2553 format_id, DQUOT_USAGE_ENABLED |
2554 DQUOT_LIMITS_ENABLED);
2555 return error;
2556 }
2557 EXPORT_SYMBOL(dquot_quota_on);
2558
2559 /*
2560 * More powerful function for turning on quotas allowing setting
2561 * of individual quota flags
2562 */
dquot_enable(struct inode * inode,int type,int format_id,unsigned int flags)2563 int dquot_enable(struct inode *inode, int type, int format_id,
2564 unsigned int flags)
2565 {
2566 struct super_block *sb = inode->i_sb;
2567
2568 /* Just unsuspend quotas? */
2569 BUG_ON(flags & DQUOT_SUSPENDED);
2570 /* s_umount should be held in exclusive mode */
2571 if (WARN_ON_ONCE(down_read_trylock(&sb->s_umount)))
2572 up_read(&sb->s_umount);
2573
2574 if (!flags)
2575 return 0;
2576 /* Just updating flags needed? */
2577 if (sb_has_quota_loaded(sb, type)) {
2578 if (flags & DQUOT_USAGE_ENABLED &&
2579 sb_has_quota_usage_enabled(sb, type))
2580 return -EBUSY;
2581 if (flags & DQUOT_LIMITS_ENABLED &&
2582 sb_has_quota_limits_enabled(sb, type))
2583 return -EBUSY;
2584 spin_lock(&dq_state_lock);
2585 sb_dqopt(sb)->flags |= dquot_state_flag(flags, type);
2586 spin_unlock(&dq_state_lock);
2587 return 0;
2588 }
2589
2590 return vfs_load_quota_inode(inode, type, format_id, flags);
2591 }
2592 EXPORT_SYMBOL(dquot_enable);
2593
2594 /*
2595 * This function is used when filesystem needs to initialize quotas
2596 * during mount time.
2597 */
dquot_quota_on_mount(struct super_block * sb,char * qf_name,int format_id,int type)2598 int dquot_quota_on_mount(struct super_block *sb, char *qf_name,
2599 int format_id, int type)
2600 {
2601 struct dentry *dentry;
2602 int error;
2603
2604 dentry = lookup_positive_unlocked(qf_name, sb->s_root, strlen(qf_name));
2605 if (IS_ERR(dentry))
2606 return PTR_ERR(dentry);
2607
2608 error = security_quota_on(dentry);
2609 if (!error)
2610 error = vfs_load_quota_inode(d_inode(dentry), type, format_id,
2611 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED);
2612
2613 dput(dentry);
2614 return error;
2615 }
2616 EXPORT_SYMBOL(dquot_quota_on_mount);
2617
dquot_quota_enable(struct super_block * sb,unsigned int flags)2618 static int dquot_quota_enable(struct super_block *sb, unsigned int flags)
2619 {
2620 int ret;
2621 int type;
2622 struct quota_info *dqopt = sb_dqopt(sb);
2623
2624 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE))
2625 return -ENOSYS;
2626 /* Accounting cannot be turned on while fs is mounted */
2627 flags &= ~(FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT);
2628 if (!flags)
2629 return -EINVAL;
2630 for (type = 0; type < MAXQUOTAS; type++) {
2631 if (!(flags & qtype_enforce_flag(type)))
2632 continue;
2633 /* Can't enforce without accounting */
2634 if (!sb_has_quota_usage_enabled(sb, type))
2635 return -EINVAL;
2636 ret = dquot_enable(dqopt->files[type], type,
2637 dqopt->info[type].dqi_fmt_id,
2638 DQUOT_LIMITS_ENABLED);
2639 if (ret < 0)
2640 goto out_err;
2641 }
2642 return 0;
2643 out_err:
2644 /* Backout enforcement enablement we already did */
2645 for (type--; type >= 0; type--) {
2646 if (flags & qtype_enforce_flag(type))
2647 dquot_disable(sb, type, DQUOT_LIMITS_ENABLED);
2648 }
2649 /* Error code translation for better compatibility with XFS */
2650 if (ret == -EBUSY)
2651 ret = -EEXIST;
2652 return ret;
2653 }
2654
dquot_quota_disable(struct super_block * sb,unsigned int flags)2655 static int dquot_quota_disable(struct super_block *sb, unsigned int flags)
2656 {
2657 int ret;
2658 int type;
2659 struct quota_info *dqopt = sb_dqopt(sb);
2660
2661 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE))
2662 return -ENOSYS;
2663 /*
2664 * We don't support turning off accounting via quotactl. In principle
2665 * quota infrastructure can do this but filesystems don't expect
2666 * userspace to be able to do it.
2667 */
2668 if (flags &
2669 (FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT))
2670 return -EOPNOTSUPP;
2671
2672 /* Filter out limits not enabled */
2673 for (type = 0; type < MAXQUOTAS; type++)
2674 if (!sb_has_quota_limits_enabled(sb, type))
2675 flags &= ~qtype_enforce_flag(type);
2676 /* Nothing left? */
2677 if (!flags)
2678 return -EEXIST;
2679 for (type = 0; type < MAXQUOTAS; type++) {
2680 if (flags & qtype_enforce_flag(type)) {
2681 ret = dquot_disable(sb, type, DQUOT_LIMITS_ENABLED);
2682 if (ret < 0)
2683 goto out_err;
2684 }
2685 }
2686 return 0;
2687 out_err:
2688 /* Backout enforcement disabling we already did */
2689 for (type--; type >= 0; type--) {
2690 if (flags & qtype_enforce_flag(type))
2691 dquot_enable(dqopt->files[type], type,
2692 dqopt->info[type].dqi_fmt_id,
2693 DQUOT_LIMITS_ENABLED);
2694 }
2695 return ret;
2696 }
2697
2698 /* Generic routine for getting common part of quota structure */
do_get_dqblk(struct dquot * dquot,struct qc_dqblk * di)2699 static void do_get_dqblk(struct dquot *dquot, struct qc_dqblk *di)
2700 {
2701 struct mem_dqblk *dm = &dquot->dq_dqb;
2702
2703 memset(di, 0, sizeof(*di));
2704 spin_lock(&dquot->dq_dqb_lock);
2705 di->d_spc_hardlimit = dm->dqb_bhardlimit;
2706 di->d_spc_softlimit = dm->dqb_bsoftlimit;
2707 di->d_ino_hardlimit = dm->dqb_ihardlimit;
2708 di->d_ino_softlimit = dm->dqb_isoftlimit;
2709 di->d_space = dm->dqb_curspace + dm->dqb_rsvspace;
2710 di->d_ino_count = dm->dqb_curinodes;
2711 di->d_spc_timer = dm->dqb_btime;
2712 di->d_ino_timer = dm->dqb_itime;
2713 spin_unlock(&dquot->dq_dqb_lock);
2714 }
2715
dquot_get_dqblk(struct super_block * sb,struct kqid qid,struct qc_dqblk * di)2716 int dquot_get_dqblk(struct super_block *sb, struct kqid qid,
2717 struct qc_dqblk *di)
2718 {
2719 struct dquot *dquot;
2720
2721 dquot = dqget(sb, qid);
2722 if (IS_ERR(dquot))
2723 return PTR_ERR(dquot);
2724 do_get_dqblk(dquot, di);
2725 dqput(dquot);
2726
2727 return 0;
2728 }
2729 EXPORT_SYMBOL(dquot_get_dqblk);
2730
dquot_get_next_dqblk(struct super_block * sb,struct kqid * qid,struct qc_dqblk * di)2731 int dquot_get_next_dqblk(struct super_block *sb, struct kqid *qid,
2732 struct qc_dqblk *di)
2733 {
2734 struct dquot *dquot;
2735 int err;
2736
2737 if (!sb->dq_op->get_next_id)
2738 return -ENOSYS;
2739 err = sb->dq_op->get_next_id(sb, qid);
2740 if (err < 0)
2741 return err;
2742 dquot = dqget(sb, *qid);
2743 if (IS_ERR(dquot))
2744 return PTR_ERR(dquot);
2745 do_get_dqblk(dquot, di);
2746 dqput(dquot);
2747
2748 return 0;
2749 }
2750 EXPORT_SYMBOL(dquot_get_next_dqblk);
2751
2752 #define VFS_QC_MASK \
2753 (QC_SPACE | QC_SPC_SOFT | QC_SPC_HARD | \
2754 QC_INO_COUNT | QC_INO_SOFT | QC_INO_HARD | \
2755 QC_SPC_TIMER | QC_INO_TIMER)
2756
2757 /* Generic routine for setting common part of quota structure */
do_set_dqblk(struct dquot * dquot,struct qc_dqblk * di)2758 static int do_set_dqblk(struct dquot *dquot, struct qc_dqblk *di)
2759 {
2760 struct mem_dqblk *dm = &dquot->dq_dqb;
2761 int check_blim = 0, check_ilim = 0;
2762 struct mem_dqinfo *dqi = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type];
2763
2764 if (di->d_fieldmask & ~VFS_QC_MASK)
2765 return -EINVAL;
2766
2767 if (((di->d_fieldmask & QC_SPC_SOFT) &&
2768 di->d_spc_softlimit > dqi->dqi_max_spc_limit) ||
2769 ((di->d_fieldmask & QC_SPC_HARD) &&
2770 di->d_spc_hardlimit > dqi->dqi_max_spc_limit) ||
2771 ((di->d_fieldmask & QC_INO_SOFT) &&
2772 (di->d_ino_softlimit > dqi->dqi_max_ino_limit)) ||
2773 ((di->d_fieldmask & QC_INO_HARD) &&
2774 (di->d_ino_hardlimit > dqi->dqi_max_ino_limit)))
2775 return -ERANGE;
2776
2777 spin_lock(&dquot->dq_dqb_lock);
2778 if (di->d_fieldmask & QC_SPACE) {
2779 dm->dqb_curspace = di->d_space - dm->dqb_rsvspace;
2780 check_blim = 1;
2781 set_bit(DQ_LASTSET_B + QIF_SPACE_B, &dquot->dq_flags);
2782 }
2783
2784 if (di->d_fieldmask & QC_SPC_SOFT)
2785 dm->dqb_bsoftlimit = di->d_spc_softlimit;
2786 if (di->d_fieldmask & QC_SPC_HARD)
2787 dm->dqb_bhardlimit = di->d_spc_hardlimit;
2788 if (di->d_fieldmask & (QC_SPC_SOFT | QC_SPC_HARD)) {
2789 check_blim = 1;
2790 set_bit(DQ_LASTSET_B + QIF_BLIMITS_B, &dquot->dq_flags);
2791 }
2792
2793 if (di->d_fieldmask & QC_INO_COUNT) {
2794 dm->dqb_curinodes = di->d_ino_count;
2795 check_ilim = 1;
2796 set_bit(DQ_LASTSET_B + QIF_INODES_B, &dquot->dq_flags);
2797 }
2798
2799 if (di->d_fieldmask & QC_INO_SOFT)
2800 dm->dqb_isoftlimit = di->d_ino_softlimit;
2801 if (di->d_fieldmask & QC_INO_HARD)
2802 dm->dqb_ihardlimit = di->d_ino_hardlimit;
2803 if (di->d_fieldmask & (QC_INO_SOFT | QC_INO_HARD)) {
2804 check_ilim = 1;
2805 set_bit(DQ_LASTSET_B + QIF_ILIMITS_B, &dquot->dq_flags);
2806 }
2807
2808 if (di->d_fieldmask & QC_SPC_TIMER) {
2809 dm->dqb_btime = di->d_spc_timer;
2810 check_blim = 1;
2811 set_bit(DQ_LASTSET_B + QIF_BTIME_B, &dquot->dq_flags);
2812 }
2813
2814 if (di->d_fieldmask & QC_INO_TIMER) {
2815 dm->dqb_itime = di->d_ino_timer;
2816 check_ilim = 1;
2817 set_bit(DQ_LASTSET_B + QIF_ITIME_B, &dquot->dq_flags);
2818 }
2819
2820 if (check_blim) {
2821 if (!dm->dqb_bsoftlimit ||
2822 dm->dqb_curspace + dm->dqb_rsvspace <= dm->dqb_bsoftlimit) {
2823 dm->dqb_btime = 0;
2824 clear_bit(DQ_BLKS_B, &dquot->dq_flags);
2825 } else if (!(di->d_fieldmask & QC_SPC_TIMER))
2826 /* Set grace only if user hasn't provided his own... */
2827 dm->dqb_btime = ktime_get_real_seconds() + dqi->dqi_bgrace;
2828 }
2829 if (check_ilim) {
2830 if (!dm->dqb_isoftlimit ||
2831 dm->dqb_curinodes <= dm->dqb_isoftlimit) {
2832 dm->dqb_itime = 0;
2833 clear_bit(DQ_INODES_B, &dquot->dq_flags);
2834 } else if (!(di->d_fieldmask & QC_INO_TIMER))
2835 /* Set grace only if user hasn't provided his own... */
2836 dm->dqb_itime = ktime_get_real_seconds() + dqi->dqi_igrace;
2837 }
2838 if (dm->dqb_bhardlimit || dm->dqb_bsoftlimit || dm->dqb_ihardlimit ||
2839 dm->dqb_isoftlimit)
2840 clear_bit(DQ_FAKE_B, &dquot->dq_flags);
2841 else
2842 set_bit(DQ_FAKE_B, &dquot->dq_flags);
2843 spin_unlock(&dquot->dq_dqb_lock);
2844 mark_dquot_dirty(dquot);
2845
2846 return 0;
2847 }
2848
dquot_set_dqblk(struct super_block * sb,struct kqid qid,struct qc_dqblk * di)2849 int dquot_set_dqblk(struct super_block *sb, struct kqid qid,
2850 struct qc_dqblk *di)
2851 {
2852 struct dquot *dquot;
2853 int rc;
2854
2855 dquot = dqget(sb, qid);
2856 if (IS_ERR(dquot)) {
2857 rc = PTR_ERR(dquot);
2858 goto out;
2859 }
2860 rc = do_set_dqblk(dquot, di);
2861 dqput(dquot);
2862 out:
2863 return rc;
2864 }
2865 EXPORT_SYMBOL(dquot_set_dqblk);
2866
2867 /* Generic routine for getting common part of quota file information */
dquot_get_state(struct super_block * sb,struct qc_state * state)2868 int dquot_get_state(struct super_block *sb, struct qc_state *state)
2869 {
2870 struct mem_dqinfo *mi;
2871 struct qc_type_state *tstate;
2872 struct quota_info *dqopt = sb_dqopt(sb);
2873 int type;
2874
2875 memset(state, 0, sizeof(*state));
2876 for (type = 0; type < MAXQUOTAS; type++) {
2877 if (!sb_has_quota_active(sb, type))
2878 continue;
2879 tstate = state->s_state + type;
2880 mi = sb_dqopt(sb)->info + type;
2881 tstate->flags = QCI_ACCT_ENABLED;
2882 spin_lock(&dq_data_lock);
2883 if (mi->dqi_flags & DQF_SYS_FILE)
2884 tstate->flags |= QCI_SYSFILE;
2885 if (mi->dqi_flags & DQF_ROOT_SQUASH)
2886 tstate->flags |= QCI_ROOT_SQUASH;
2887 if (sb_has_quota_limits_enabled(sb, type))
2888 tstate->flags |= QCI_LIMITS_ENFORCED;
2889 tstate->spc_timelimit = mi->dqi_bgrace;
2890 tstate->ino_timelimit = mi->dqi_igrace;
2891 tstate->ino = dqopt->files[type]->i_ino;
2892 tstate->blocks = dqopt->files[type]->i_blocks;
2893 tstate->nextents = 1; /* We don't know... */
2894 spin_unlock(&dq_data_lock);
2895 }
2896 return 0;
2897 }
2898 EXPORT_SYMBOL(dquot_get_state);
2899
2900 /* Generic routine for setting common part of quota file information */
dquot_set_dqinfo(struct super_block * sb,int type,struct qc_info * ii)2901 int dquot_set_dqinfo(struct super_block *sb, int type, struct qc_info *ii)
2902 {
2903 struct mem_dqinfo *mi;
2904 int err = 0;
2905
2906 if ((ii->i_fieldmask & QC_WARNS_MASK) ||
2907 (ii->i_fieldmask & QC_RT_SPC_TIMER))
2908 return -EINVAL;
2909 if (!sb_has_quota_active(sb, type))
2910 return -ESRCH;
2911 mi = sb_dqopt(sb)->info + type;
2912 if (ii->i_fieldmask & QC_FLAGS) {
2913 if ((ii->i_flags & QCI_ROOT_SQUASH &&
2914 mi->dqi_format->qf_fmt_id != QFMT_VFS_OLD))
2915 return -EINVAL;
2916 }
2917 spin_lock(&dq_data_lock);
2918 if (ii->i_fieldmask & QC_SPC_TIMER)
2919 mi->dqi_bgrace = ii->i_spc_timelimit;
2920 if (ii->i_fieldmask & QC_INO_TIMER)
2921 mi->dqi_igrace = ii->i_ino_timelimit;
2922 if (ii->i_fieldmask & QC_FLAGS) {
2923 if (ii->i_flags & QCI_ROOT_SQUASH)
2924 mi->dqi_flags |= DQF_ROOT_SQUASH;
2925 else
2926 mi->dqi_flags &= ~DQF_ROOT_SQUASH;
2927 }
2928 spin_unlock(&dq_data_lock);
2929 mark_info_dirty(sb, type);
2930 /* Force write to disk */
2931 sb->dq_op->write_info(sb, type);
2932 return err;
2933 }
2934 EXPORT_SYMBOL(dquot_set_dqinfo);
2935
2936 const struct quotactl_ops dquot_quotactl_sysfile_ops = {
2937 .quota_enable = dquot_quota_enable,
2938 .quota_disable = dquot_quota_disable,
2939 .quota_sync = dquot_quota_sync,
2940 .get_state = dquot_get_state,
2941 .set_info = dquot_set_dqinfo,
2942 .get_dqblk = dquot_get_dqblk,
2943 .get_nextdqblk = dquot_get_next_dqblk,
2944 .set_dqblk = dquot_set_dqblk
2945 };
2946 EXPORT_SYMBOL(dquot_quotactl_sysfile_ops);
2947
do_proc_dqstats(struct ctl_table * table,int write,void __user * buffer,size_t * lenp,loff_t * ppos)2948 static int do_proc_dqstats(struct ctl_table *table, int write,
2949 void __user *buffer, size_t *lenp, loff_t *ppos)
2950 {
2951 unsigned int type = (unsigned long *)table->data - dqstats.stat;
2952 s64 value = percpu_counter_sum(&dqstats.counter[type]);
2953
2954 /* Filter negative values for non-monotonic counters */
2955 if (value < 0 && (type == DQST_ALLOC_DQUOTS ||
2956 type == DQST_FREE_DQUOTS))
2957 value = 0;
2958
2959 /* Update global table */
2960 dqstats.stat[type] = value;
2961 return proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
2962 }
2963
2964 static struct ctl_table fs_dqstats_table[] = {
2965 {
2966 .procname = "lookups",
2967 .data = &dqstats.stat[DQST_LOOKUPS],
2968 .maxlen = sizeof(unsigned long),
2969 .mode = 0444,
2970 .proc_handler = do_proc_dqstats,
2971 },
2972 {
2973 .procname = "drops",
2974 .data = &dqstats.stat[DQST_DROPS],
2975 .maxlen = sizeof(unsigned long),
2976 .mode = 0444,
2977 .proc_handler = do_proc_dqstats,
2978 },
2979 {
2980 .procname = "reads",
2981 .data = &dqstats.stat[DQST_READS],
2982 .maxlen = sizeof(unsigned long),
2983 .mode = 0444,
2984 .proc_handler = do_proc_dqstats,
2985 },
2986 {
2987 .procname = "writes",
2988 .data = &dqstats.stat[DQST_WRITES],
2989 .maxlen = sizeof(unsigned long),
2990 .mode = 0444,
2991 .proc_handler = do_proc_dqstats,
2992 },
2993 {
2994 .procname = "cache_hits",
2995 .data = &dqstats.stat[DQST_CACHE_HITS],
2996 .maxlen = sizeof(unsigned long),
2997 .mode = 0444,
2998 .proc_handler = do_proc_dqstats,
2999 },
3000 {
3001 .procname = "allocated_dquots",
3002 .data = &dqstats.stat[DQST_ALLOC_DQUOTS],
3003 .maxlen = sizeof(unsigned long),
3004 .mode = 0444,
3005 .proc_handler = do_proc_dqstats,
3006 },
3007 {
3008 .procname = "free_dquots",
3009 .data = &dqstats.stat[DQST_FREE_DQUOTS],
3010 .maxlen = sizeof(unsigned long),
3011 .mode = 0444,
3012 .proc_handler = do_proc_dqstats,
3013 },
3014 {
3015 .procname = "syncs",
3016 .data = &dqstats.stat[DQST_SYNCS],
3017 .maxlen = sizeof(unsigned long),
3018 .mode = 0444,
3019 .proc_handler = do_proc_dqstats,
3020 },
3021 #ifdef CONFIG_PRINT_QUOTA_WARNING
3022 {
3023 .procname = "warnings",
3024 .data = &flag_print_warnings,
3025 .maxlen = sizeof(int),
3026 .mode = 0644,
3027 .proc_handler = proc_dointvec,
3028 },
3029 #endif
3030 { },
3031 };
3032
3033 static struct ctl_table fs_table[] = {
3034 {
3035 .procname = "quota",
3036 .mode = 0555,
3037 .child = fs_dqstats_table,
3038 },
3039 { },
3040 };
3041
3042 static struct ctl_table sys_table[] = {
3043 {
3044 .procname = "fs",
3045 .mode = 0555,
3046 .child = fs_table,
3047 },
3048 { },
3049 };
3050
dquot_init(void)3051 static int __init dquot_init(void)
3052 {
3053 int i, ret;
3054 unsigned long nr_hash, order;
3055
3056 printk(KERN_NOTICE "VFS: Disk quotas %s\n", __DQUOT_VERSION__);
3057
3058 register_sysctl_table(sys_table);
3059
3060 dquot_cachep = kmem_cache_create("dquot",
3061 sizeof(struct dquot), sizeof(unsigned long) * 4,
3062 (SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT|
3063 SLAB_MEM_SPREAD|SLAB_PANIC),
3064 NULL);
3065
3066 order = 0;
3067 dquot_hash = (struct hlist_head *)__get_free_pages(GFP_KERNEL, order);
3068 if (!dquot_hash)
3069 panic("Cannot create dquot hash table");
3070
3071 for (i = 0; i < _DQST_DQSTAT_LAST; i++) {
3072 ret = percpu_counter_init(&dqstats.counter[i], 0, GFP_KERNEL);
3073 if (ret)
3074 panic("Cannot create dquot stat counters");
3075 }
3076
3077 /* Find power-of-two hlist_heads which can fit into allocation */
3078 nr_hash = (1UL << order) * PAGE_SIZE / sizeof(struct hlist_head);
3079 dq_hash_bits = 0;
3080 do {
3081 dq_hash_bits++;
3082 } while (nr_hash >> dq_hash_bits);
3083 dq_hash_bits--;
3084
3085 nr_hash = 1UL << dq_hash_bits;
3086 dq_hash_mask = nr_hash - 1;
3087 for (i = 0; i < nr_hash; i++)
3088 INIT_HLIST_HEAD(dquot_hash + i);
3089
3090 pr_info("VFS: Dquot-cache hash table entries: %ld (order %ld,"
3091 " %ld bytes)\n", nr_hash, order, (PAGE_SIZE << order));
3092
3093 if (register_shrinker(&dqcache_shrinker))
3094 panic("Cannot register dquot shrinker");
3095
3096 return 0;
3097 }
3098 fs_initcall(dquot_init);
3099