1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Implementation of the diskquota system for the LINUX operating system. QUOTA
4 * is implemented using the BSD system call interface as the means of
5 * communication with the user level. This file contains the generic routines
6 * called by the different filesystems on allocation of an inode or block.
7 * These routines take care of the administration needed to have a consistent
8 * diskquota tracking system. The ideas of both user and group quotas are based
9 * on the Melbourne quota system as used on BSD derived systems. The internal
10 * implementation is based on one of the several variants of the LINUX
11 * inode-subsystem with added complexity of the diskquota system.
12 *
13 * Author: Marco van Wieringen <mvw@planets.elm.net>
14 *
15 * Fixes: Dmitry Gorodchanin <pgmdsg@ibi.com>, 11 Feb 96
16 *
17 * Revised list management to avoid races
18 * -- Bill Hawes, <whawes@star.net>, 9/98
19 *
20 * Fixed races in dquot_transfer(), dqget() and dquot_alloc_...().
21 * As the consequence the locking was moved from dquot_decr_...(),
22 * dquot_incr_...() to calling functions.
23 * invalidate_dquots() now writes modified dquots.
24 * Serialized quota_off() and quota_on() for mount point.
25 * Fixed a few bugs in grow_dquots().
26 * Fixed deadlock in write_dquot() - we no longer account quotas on
27 * quota files
28 * remove_dquot_ref() moved to inode.c - it now traverses through inodes
29 * add_dquot_ref() restarts after blocking
30 * Added check for bogus uid and fixed check for group in quotactl.
31 * Jan Kara, <jack@suse.cz>, sponsored by SuSE CR, 10-11/99
32 *
33 * Used struct list_head instead of own list struct
34 * Invalidation of referenced dquots is no longer possible
35 * Improved free_dquots list management
36 * Quota and i_blocks are now updated in one place to avoid races
37 * Warnings are now delayed so we won't block in critical section
38 * Write updated not to require dquot lock
39 * Jan Kara, <jack@suse.cz>, 9/2000
40 *
41 * Added dynamic quota structure allocation
42 * Jan Kara <jack@suse.cz> 12/2000
43 *
44 * Rewritten quota interface. Implemented new quota format and
45 * formats registering.
46 * Jan Kara, <jack@suse.cz>, 2001,2002
47 *
48 * New SMP locking.
49 * Jan Kara, <jack@suse.cz>, 10/2002
50 *
51 * Added journalled quota support, fix lock inversion problems
52 * Jan Kara, <jack@suse.cz>, 2003,2004
53 *
54 * (C) Copyright 1994 - 1997 Marco van Wieringen
55 */
56
57 #include <linux/errno.h>
58 #include <linux/kernel.h>
59 #include <linux/fs.h>
60 #include <linux/mount.h>
61 #include <linux/mm.h>
62 #include <linux/time.h>
63 #include <linux/types.h>
64 #include <linux/string.h>
65 #include <linux/fcntl.h>
66 #include <linux/stat.h>
67 #include <linux/tty.h>
68 #include <linux/file.h>
69 #include <linux/slab.h>
70 #include <linux/sysctl.h>
71 #include <linux/init.h>
72 #include <linux/module.h>
73 #include <linux/proc_fs.h>
74 #include <linux/security.h>
75 #include <linux/sched.h>
76 #include <linux/cred.h>
77 #include <linux/kmod.h>
78 #include <linux/namei.h>
79 #include <linux/capability.h>
80 #include <linux/quotaops.h>
81 #include <linux/blkdev.h>
82 #include <linux/sched/mm.h>
83 #include "../internal.h" /* ugh */
84
85 #include <linux/uaccess.h>
86
87 /*
88 * There are five quota SMP locks:
89 * * dq_list_lock protects all lists with quotas and quota formats.
90 * * dquot->dq_dqb_lock protects data from dq_dqb
91 * * inode->i_lock protects inode->i_blocks, i_bytes and also guards
92 * consistency of dquot->dq_dqb with inode->i_blocks, i_bytes so that
93 * dquot_transfer() can stabilize amount it transfers
94 * * dq_data_lock protects mem_dqinfo structures and modifications of dquot
95 * pointers in the inode
96 * * dq_state_lock protects modifications of quota state (on quotaon and
97 * quotaoff) and readers who care about latest values take it as well.
98 *
99 * The spinlock ordering is hence:
100 * dq_data_lock > dq_list_lock > i_lock > dquot->dq_dqb_lock,
101 * dq_list_lock > dq_state_lock
102 *
103 * Note that some things (eg. sb pointer, type, id) doesn't change during
104 * the life of the dquot structure and so needn't to be protected by a lock
105 *
106 * Operation accessing dquots via inode pointers are protected by dquot_srcu.
107 * Operation of reading pointer needs srcu_read_lock(&dquot_srcu), and
108 * synchronize_srcu(&dquot_srcu) is called after clearing pointers from
109 * inode and before dropping dquot references to avoid use of dquots after
110 * they are freed. dq_data_lock is used to serialize the pointer setting and
111 * clearing operations.
112 * Special care needs to be taken about S_NOQUOTA inode flag (marking that
113 * inode is a quota file). Functions adding pointers from inode to dquots have
114 * to check this flag under dq_data_lock and then (if S_NOQUOTA is not set) they
115 * have to do all pointer modifications before dropping dq_data_lock. This makes
116 * sure they cannot race with quotaon which first sets S_NOQUOTA flag and
117 * then drops all pointers to dquots from an inode.
118 *
119 * Each dquot has its dq_lock mutex. Dquot is locked when it is being read to
120 * memory (or space for it is being allocated) on the first dqget(), when it is
121 * being written out, and when it is being released on the last dqput(). The
122 * allocation and release operations are serialized by the dq_lock and by
123 * checking the use count in dquot_release().
124 *
125 * Lock ordering (including related VFS locks) is the following:
126 * s_umount > i_mutex > journal_lock > dquot->dq_lock > dqio_sem
127 */
128
129 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_list_lock);
130 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_state_lock);
131 __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_data_lock);
132 EXPORT_SYMBOL(dq_data_lock);
133 DEFINE_STATIC_SRCU(dquot_srcu);
134
135 static DECLARE_WAIT_QUEUE_HEAD(dquot_ref_wq);
136
__quota_error(struct super_block * sb,const char * func,const char * fmt,...)137 void __quota_error(struct super_block *sb, const char *func,
138 const char *fmt, ...)
139 {
140 if (printk_ratelimit()) {
141 va_list args;
142 struct va_format vaf;
143
144 va_start(args, fmt);
145
146 vaf.fmt = fmt;
147 vaf.va = &args;
148
149 printk(KERN_ERR "Quota error (device %s): %s: %pV\n",
150 sb->s_id, func, &vaf);
151
152 va_end(args);
153 }
154 }
155 EXPORT_SYMBOL(__quota_error);
156
157 #if defined(CONFIG_QUOTA_DEBUG) || defined(CONFIG_PRINT_QUOTA_WARNING)
158 static char *quotatypes[] = INITQFNAMES;
159 #endif
160 static struct quota_format_type *quota_formats; /* List of registered formats */
161 static struct quota_module_name module_names[] = INIT_QUOTA_MODULE_NAMES;
162
163 /* SLAB cache for dquot structures */
164 static struct kmem_cache *dquot_cachep;
165
166 /* workqueue for work quota_release_work*/
167 static struct workqueue_struct *quota_unbound_wq;
168
register_quota_format(struct quota_format_type * fmt)169 void register_quota_format(struct quota_format_type *fmt)
170 {
171 spin_lock(&dq_list_lock);
172 fmt->qf_next = quota_formats;
173 quota_formats = fmt;
174 spin_unlock(&dq_list_lock);
175 }
176 EXPORT_SYMBOL(register_quota_format);
177
unregister_quota_format(struct quota_format_type * fmt)178 void unregister_quota_format(struct quota_format_type *fmt)
179 {
180 struct quota_format_type **actqf;
181
182 spin_lock(&dq_list_lock);
183 for (actqf = "a_formats; *actqf && *actqf != fmt;
184 actqf = &(*actqf)->qf_next)
185 ;
186 if (*actqf)
187 *actqf = (*actqf)->qf_next;
188 spin_unlock(&dq_list_lock);
189 }
190 EXPORT_SYMBOL(unregister_quota_format);
191
find_quota_format(int id)192 static struct quota_format_type *find_quota_format(int id)
193 {
194 struct quota_format_type *actqf;
195
196 spin_lock(&dq_list_lock);
197 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id;
198 actqf = actqf->qf_next)
199 ;
200 if (!actqf || !try_module_get(actqf->qf_owner)) {
201 int qm;
202
203 spin_unlock(&dq_list_lock);
204
205 for (qm = 0; module_names[qm].qm_fmt_id &&
206 module_names[qm].qm_fmt_id != id; qm++)
207 ;
208 if (!module_names[qm].qm_fmt_id ||
209 request_module(module_names[qm].qm_mod_name))
210 return NULL;
211
212 spin_lock(&dq_list_lock);
213 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id;
214 actqf = actqf->qf_next)
215 ;
216 if (actqf && !try_module_get(actqf->qf_owner))
217 actqf = NULL;
218 }
219 spin_unlock(&dq_list_lock);
220 return actqf;
221 }
222
put_quota_format(struct quota_format_type * fmt)223 static void put_quota_format(struct quota_format_type *fmt)
224 {
225 module_put(fmt->qf_owner);
226 }
227
228 /*
229 * Dquot List Management:
230 * The quota code uses five lists for dquot management: the inuse_list,
231 * releasing_dquots, free_dquots, dqi_dirty_list, and dquot_hash[] array.
232 * A single dquot structure may be on some of those lists, depending on
233 * its current state.
234 *
235 * All dquots are placed to the end of inuse_list when first created, and this
236 * list is used for invalidate operation, which must look at every dquot.
237 *
238 * When the last reference of a dquot is dropped, the dquot is added to
239 * releasing_dquots. We'll then queue work item which will call
240 * synchronize_srcu() and after that perform the final cleanup of all the
241 * dquots on the list. Each cleaned up dquot is moved to free_dquots list.
242 * Both releasing_dquots and free_dquots use the dq_free list_head in the dquot
243 * struct.
244 *
245 * Unused and cleaned up dquots are in the free_dquots list and this list is
246 * searched whenever we need an available dquot. Dquots are removed from the
247 * list as soon as they are used again and dqstats.free_dquots gives the number
248 * of dquots on the list. When dquot is invalidated it's completely released
249 * from memory.
250 *
251 * Dirty dquots are added to the dqi_dirty_list of quota_info when mark
252 * dirtied, and this list is searched when writing dirty dquots back to
253 * quota file. Note that some filesystems do dirty dquot tracking on their
254 * own (e.g. in a journal) and thus don't use dqi_dirty_list.
255 *
256 * Dquots with a specific identity (device, type and id) are placed on
257 * one of the dquot_hash[] hash chains. The provides an efficient search
258 * mechanism to locate a specific dquot.
259 */
260
261 static LIST_HEAD(inuse_list);
262 static LIST_HEAD(free_dquots);
263 static LIST_HEAD(releasing_dquots);
264 static unsigned int dq_hash_bits, dq_hash_mask;
265 static struct hlist_head *dquot_hash;
266
267 struct dqstats dqstats;
268 EXPORT_SYMBOL(dqstats);
269
270 static qsize_t inode_get_rsv_space(struct inode *inode);
271 static qsize_t __inode_get_rsv_space(struct inode *inode);
272 static int __dquot_initialize(struct inode *inode, int type);
273
274 static void quota_release_workfn(struct work_struct *work);
275 static DECLARE_DELAYED_WORK(quota_release_work, quota_release_workfn);
276
277 static inline unsigned int
hashfn(const struct super_block * sb,struct kqid qid)278 hashfn(const struct super_block *sb, struct kqid qid)
279 {
280 unsigned int id = from_kqid(&init_user_ns, qid);
281 int type = qid.type;
282 unsigned long tmp;
283
284 tmp = (((unsigned long)sb>>L1_CACHE_SHIFT) ^ id) * (MAXQUOTAS - type);
285 return (tmp + (tmp >> dq_hash_bits)) & dq_hash_mask;
286 }
287
288 /*
289 * Following list functions expect dq_list_lock to be held
290 */
insert_dquot_hash(struct dquot * dquot)291 static inline void insert_dquot_hash(struct dquot *dquot)
292 {
293 struct hlist_head *head;
294 head = dquot_hash + hashfn(dquot->dq_sb, dquot->dq_id);
295 hlist_add_head(&dquot->dq_hash, head);
296 }
297
remove_dquot_hash(struct dquot * dquot)298 static inline void remove_dquot_hash(struct dquot *dquot)
299 {
300 hlist_del_init(&dquot->dq_hash);
301 }
302
find_dquot(unsigned int hashent,struct super_block * sb,struct kqid qid)303 static struct dquot *find_dquot(unsigned int hashent, struct super_block *sb,
304 struct kqid qid)
305 {
306 struct dquot *dquot;
307
308 hlist_for_each_entry(dquot, dquot_hash+hashent, dq_hash)
309 if (dquot->dq_sb == sb && qid_eq(dquot->dq_id, qid))
310 return dquot;
311
312 return NULL;
313 }
314
315 /* Add a dquot to the tail of the free list */
put_dquot_last(struct dquot * dquot)316 static inline void put_dquot_last(struct dquot *dquot)
317 {
318 list_add_tail(&dquot->dq_free, &free_dquots);
319 dqstats_inc(DQST_FREE_DQUOTS);
320 }
321
put_releasing_dquots(struct dquot * dquot)322 static inline void put_releasing_dquots(struct dquot *dquot)
323 {
324 list_add_tail(&dquot->dq_free, &releasing_dquots);
325 set_bit(DQ_RELEASING_B, &dquot->dq_flags);
326 }
327
remove_free_dquot(struct dquot * dquot)328 static inline void remove_free_dquot(struct dquot *dquot)
329 {
330 if (list_empty(&dquot->dq_free))
331 return;
332 list_del_init(&dquot->dq_free);
333 if (!test_bit(DQ_RELEASING_B, &dquot->dq_flags))
334 dqstats_dec(DQST_FREE_DQUOTS);
335 else
336 clear_bit(DQ_RELEASING_B, &dquot->dq_flags);
337 }
338
put_inuse(struct dquot * dquot)339 static inline void put_inuse(struct dquot *dquot)
340 {
341 /* We add to the back of inuse list so we don't have to restart
342 * when traversing this list and we block */
343 list_add_tail(&dquot->dq_inuse, &inuse_list);
344 dqstats_inc(DQST_ALLOC_DQUOTS);
345 }
346
remove_inuse(struct dquot * dquot)347 static inline void remove_inuse(struct dquot *dquot)
348 {
349 dqstats_dec(DQST_ALLOC_DQUOTS);
350 list_del(&dquot->dq_inuse);
351 }
352 /*
353 * End of list functions needing dq_list_lock
354 */
355
wait_on_dquot(struct dquot * dquot)356 static void wait_on_dquot(struct dquot *dquot)
357 {
358 mutex_lock(&dquot->dq_lock);
359 mutex_unlock(&dquot->dq_lock);
360 }
361
dquot_active(struct dquot * dquot)362 static inline int dquot_active(struct dquot *dquot)
363 {
364 return test_bit(DQ_ACTIVE_B, &dquot->dq_flags);
365 }
366
dquot_dirty(struct dquot * dquot)367 static inline int dquot_dirty(struct dquot *dquot)
368 {
369 return test_bit(DQ_MOD_B, &dquot->dq_flags);
370 }
371
mark_dquot_dirty(struct dquot * dquot)372 static inline int mark_dquot_dirty(struct dquot *dquot)
373 {
374 return dquot->dq_sb->dq_op->mark_dirty(dquot);
375 }
376
377 /* Mark dquot dirty in atomic manner, and return it's old dirty flag state */
dquot_mark_dquot_dirty(struct dquot * dquot)378 int dquot_mark_dquot_dirty(struct dquot *dquot)
379 {
380 int ret = 1;
381
382 if (!dquot_active(dquot))
383 return 0;
384
385 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY)
386 return test_and_set_bit(DQ_MOD_B, &dquot->dq_flags);
387
388 /* If quota is dirty already, we don't have to acquire dq_list_lock */
389 if (dquot_dirty(dquot))
390 return 1;
391
392 spin_lock(&dq_list_lock);
393 if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags)) {
394 list_add(&dquot->dq_dirty, &sb_dqopt(dquot->dq_sb)->
395 info[dquot->dq_id.type].dqi_dirty_list);
396 ret = 0;
397 }
398 spin_unlock(&dq_list_lock);
399 return ret;
400 }
401 EXPORT_SYMBOL(dquot_mark_dquot_dirty);
402
403 /* Dirtify all the dquots - this can block when journalling */
mark_all_dquot_dirty(struct dquot __rcu * const * dquots)404 static inline int mark_all_dquot_dirty(struct dquot __rcu * const *dquots)
405 {
406 int ret, err, cnt;
407 struct dquot *dquot;
408
409 ret = err = 0;
410 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
411 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
412 if (dquot)
413 /* Even in case of error we have to continue */
414 ret = mark_dquot_dirty(dquot);
415 if (!err && ret < 0)
416 err = ret;
417 }
418 return err;
419 }
420
dqput_all(struct dquot ** dquot)421 static inline void dqput_all(struct dquot **dquot)
422 {
423 unsigned int cnt;
424
425 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
426 dqput(dquot[cnt]);
427 }
428
clear_dquot_dirty(struct dquot * dquot)429 static inline int clear_dquot_dirty(struct dquot *dquot)
430 {
431 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY)
432 return test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags);
433
434 spin_lock(&dq_list_lock);
435 if (!test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags)) {
436 spin_unlock(&dq_list_lock);
437 return 0;
438 }
439 list_del_init(&dquot->dq_dirty);
440 spin_unlock(&dq_list_lock);
441 return 1;
442 }
443
mark_info_dirty(struct super_block * sb,int type)444 void mark_info_dirty(struct super_block *sb, int type)
445 {
446 spin_lock(&dq_data_lock);
447 sb_dqopt(sb)->info[type].dqi_flags |= DQF_INFO_DIRTY;
448 spin_unlock(&dq_data_lock);
449 }
450 EXPORT_SYMBOL(mark_info_dirty);
451
452 /*
453 * Read dquot from disk and alloc space for it
454 */
455
dquot_acquire(struct dquot * dquot)456 int dquot_acquire(struct dquot *dquot)
457 {
458 int ret = 0, ret2 = 0;
459 unsigned int memalloc;
460 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
461
462 mutex_lock(&dquot->dq_lock);
463 memalloc = memalloc_nofs_save();
464 if (!test_bit(DQ_READ_B, &dquot->dq_flags)) {
465 ret = dqopt->ops[dquot->dq_id.type]->read_dqblk(dquot);
466 if (ret < 0)
467 goto out_iolock;
468 }
469 /* Make sure flags update is visible after dquot has been filled */
470 smp_mb__before_atomic();
471 set_bit(DQ_READ_B, &dquot->dq_flags);
472 /* Instantiate dquot if needed */
473 if (!dquot_active(dquot) && !dquot->dq_off) {
474 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot);
475 /* Write the info if needed */
476 if (info_dirty(&dqopt->info[dquot->dq_id.type])) {
477 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info(
478 dquot->dq_sb, dquot->dq_id.type);
479 }
480 if (ret < 0)
481 goto out_iolock;
482 if (ret2 < 0) {
483 ret = ret2;
484 goto out_iolock;
485 }
486 }
487 /*
488 * Make sure flags update is visible after on-disk struct has been
489 * allocated. Paired with smp_rmb() in dqget().
490 */
491 smp_mb__before_atomic();
492 set_bit(DQ_ACTIVE_B, &dquot->dq_flags);
493 out_iolock:
494 memalloc_nofs_restore(memalloc);
495 mutex_unlock(&dquot->dq_lock);
496 return ret;
497 }
498 EXPORT_SYMBOL(dquot_acquire);
499
500 /*
501 * Write dquot to disk
502 */
dquot_commit(struct dquot * dquot)503 int dquot_commit(struct dquot *dquot)
504 {
505 int ret = 0;
506 unsigned int memalloc;
507 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
508
509 mutex_lock(&dquot->dq_lock);
510 memalloc = memalloc_nofs_save();
511 if (!clear_dquot_dirty(dquot))
512 goto out_lock;
513 /* Inactive dquot can be only if there was error during read/init
514 * => we have better not writing it */
515 if (dquot_active(dquot))
516 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot);
517 else
518 ret = -EIO;
519 out_lock:
520 memalloc_nofs_restore(memalloc);
521 mutex_unlock(&dquot->dq_lock);
522 return ret;
523 }
524 EXPORT_SYMBOL(dquot_commit);
525
526 /*
527 * Release dquot
528 */
dquot_release(struct dquot * dquot)529 int dquot_release(struct dquot *dquot)
530 {
531 int ret = 0, ret2 = 0;
532 unsigned int memalloc;
533 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
534
535 mutex_lock(&dquot->dq_lock);
536 memalloc = memalloc_nofs_save();
537 /* Check whether we are not racing with some other dqget() */
538 if (dquot_is_busy(dquot))
539 goto out_dqlock;
540 if (dqopt->ops[dquot->dq_id.type]->release_dqblk) {
541 ret = dqopt->ops[dquot->dq_id.type]->release_dqblk(dquot);
542 /* Write the info */
543 if (info_dirty(&dqopt->info[dquot->dq_id.type])) {
544 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info(
545 dquot->dq_sb, dquot->dq_id.type);
546 }
547 if (ret >= 0)
548 ret = ret2;
549 }
550 clear_bit(DQ_ACTIVE_B, &dquot->dq_flags);
551 out_dqlock:
552 memalloc_nofs_restore(memalloc);
553 mutex_unlock(&dquot->dq_lock);
554 return ret;
555 }
556 EXPORT_SYMBOL(dquot_release);
557
dquot_destroy(struct dquot * dquot)558 void dquot_destroy(struct dquot *dquot)
559 {
560 kmem_cache_free(dquot_cachep, dquot);
561 }
562 EXPORT_SYMBOL(dquot_destroy);
563
do_destroy_dquot(struct dquot * dquot)564 static inline void do_destroy_dquot(struct dquot *dquot)
565 {
566 dquot->dq_sb->dq_op->destroy_dquot(dquot);
567 }
568
569 /* Invalidate all dquots on the list. Note that this function is called after
570 * quota is disabled and pointers from inodes removed so there cannot be new
571 * quota users. There can still be some users of quotas due to inodes being
572 * just deleted or pruned by prune_icache() (those are not attached to any
573 * list) or parallel quotactl call. We have to wait for such users.
574 */
invalidate_dquots(struct super_block * sb,int type)575 static void invalidate_dquots(struct super_block *sb, int type)
576 {
577 struct dquot *dquot, *tmp;
578
579 restart:
580 flush_delayed_work("a_release_work);
581
582 spin_lock(&dq_list_lock);
583 list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) {
584 if (dquot->dq_sb != sb)
585 continue;
586 if (dquot->dq_id.type != type)
587 continue;
588 /* Wait for dquot users */
589 if (atomic_read(&dquot->dq_count)) {
590 atomic_inc(&dquot->dq_count);
591 spin_unlock(&dq_list_lock);
592 /*
593 * Once dqput() wakes us up, we know it's time to free
594 * the dquot.
595 * IMPORTANT: we rely on the fact that there is always
596 * at most one process waiting for dquot to free.
597 * Otherwise dq_count would be > 1 and we would never
598 * wake up.
599 */
600 wait_event(dquot_ref_wq,
601 atomic_read(&dquot->dq_count) == 1);
602 dqput(dquot);
603 /* At this moment dquot() need not exist (it could be
604 * reclaimed by prune_dqcache(). Hence we must
605 * restart. */
606 goto restart;
607 }
608 /*
609 * The last user already dropped its reference but dquot didn't
610 * get fully cleaned up yet. Restart the scan which flushes the
611 * work cleaning up released dquots.
612 */
613 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) {
614 spin_unlock(&dq_list_lock);
615 goto restart;
616 }
617 /*
618 * Quota now has no users and it has been written on last
619 * dqput()
620 */
621 remove_dquot_hash(dquot);
622 remove_free_dquot(dquot);
623 remove_inuse(dquot);
624 do_destroy_dquot(dquot);
625 }
626 spin_unlock(&dq_list_lock);
627 }
628
629 /* Call callback for every active dquot on given filesystem */
dquot_scan_active(struct super_block * sb,int (* fn)(struct dquot * dquot,unsigned long priv),unsigned long priv)630 int dquot_scan_active(struct super_block *sb,
631 int (*fn)(struct dquot *dquot, unsigned long priv),
632 unsigned long priv)
633 {
634 struct dquot *dquot, *old_dquot = NULL;
635 int ret = 0;
636
637 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount));
638
639 spin_lock(&dq_list_lock);
640 list_for_each_entry(dquot, &inuse_list, dq_inuse) {
641 if (!dquot_active(dquot))
642 continue;
643 if (dquot->dq_sb != sb)
644 continue;
645 /* Now we have active dquot so we can just increase use count */
646 atomic_inc(&dquot->dq_count);
647 spin_unlock(&dq_list_lock);
648 dqput(old_dquot);
649 old_dquot = dquot;
650 /*
651 * ->release_dquot() can be racing with us. Our reference
652 * protects us from new calls to it so just wait for any
653 * outstanding call and recheck the DQ_ACTIVE_B after that.
654 */
655 wait_on_dquot(dquot);
656 if (dquot_active(dquot)) {
657 ret = fn(dquot, priv);
658 if (ret < 0)
659 goto out;
660 }
661 spin_lock(&dq_list_lock);
662 /* We are safe to continue now because our dquot could not
663 * be moved out of the inuse list while we hold the reference */
664 }
665 spin_unlock(&dq_list_lock);
666 out:
667 dqput(old_dquot);
668 return ret;
669 }
670 EXPORT_SYMBOL(dquot_scan_active);
671
dquot_write_dquot(struct dquot * dquot)672 static inline int dquot_write_dquot(struct dquot *dquot)
673 {
674 int ret = dquot->dq_sb->dq_op->write_dquot(dquot);
675 if (ret < 0) {
676 quota_error(dquot->dq_sb, "Can't write quota structure "
677 "(error %d). Quota may get out of sync!", ret);
678 /* Clear dirty bit anyway to avoid infinite loop. */
679 clear_dquot_dirty(dquot);
680 }
681 return ret;
682 }
683
684 /* Write all dquot structures to quota files */
dquot_writeback_dquots(struct super_block * sb,int type)685 int dquot_writeback_dquots(struct super_block *sb, int type)
686 {
687 struct list_head dirty;
688 struct dquot *dquot;
689 struct quota_info *dqopt = sb_dqopt(sb);
690 int cnt;
691 int err, ret = 0;
692
693 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount));
694
695 flush_delayed_work("a_release_work);
696
697 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
698 if (type != -1 && cnt != type)
699 continue;
700 if (!sb_has_quota_active(sb, cnt))
701 continue;
702 spin_lock(&dq_list_lock);
703 /* Move list away to avoid livelock. */
704 list_replace_init(&dqopt->info[cnt].dqi_dirty_list, &dirty);
705 while (!list_empty(&dirty)) {
706 dquot = list_first_entry(&dirty, struct dquot,
707 dq_dirty);
708
709 WARN_ON(!dquot_active(dquot));
710 /* If the dquot is releasing we should not touch it */
711 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) {
712 spin_unlock(&dq_list_lock);
713 flush_delayed_work("a_release_work);
714 spin_lock(&dq_list_lock);
715 continue;
716 }
717
718 /* Now we have active dquot from which someone is
719 * holding reference so we can safely just increase
720 * use count */
721 dqgrab(dquot);
722 spin_unlock(&dq_list_lock);
723 err = dquot_write_dquot(dquot);
724 if (err && !ret)
725 ret = err;
726 dqput(dquot);
727 spin_lock(&dq_list_lock);
728 }
729 spin_unlock(&dq_list_lock);
730 }
731
732 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
733 if ((cnt == type || type == -1) && sb_has_quota_active(sb, cnt)
734 && info_dirty(&dqopt->info[cnt]))
735 sb->dq_op->write_info(sb, cnt);
736 dqstats_inc(DQST_SYNCS);
737
738 return ret;
739 }
740 EXPORT_SYMBOL(dquot_writeback_dquots);
741
742 /* Write all dquot structures to disk and make them visible from userspace */
dquot_quota_sync(struct super_block * sb,int type)743 int dquot_quota_sync(struct super_block *sb, int type)
744 {
745 struct quota_info *dqopt = sb_dqopt(sb);
746 int cnt;
747 int ret;
748
749 ret = dquot_writeback_dquots(sb, type);
750 if (ret)
751 return ret;
752 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE)
753 return 0;
754
755 /* This is not very clever (and fast) but currently I don't know about
756 * any other simple way of getting quota data to disk and we must get
757 * them there for userspace to be visible... */
758 if (sb->s_op->sync_fs) {
759 ret = sb->s_op->sync_fs(sb, 1);
760 if (ret)
761 return ret;
762 }
763 ret = sync_blockdev(sb->s_bdev);
764 if (ret)
765 return ret;
766
767 /*
768 * Now when everything is written we can discard the pagecache so
769 * that userspace sees the changes.
770 */
771 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
772 if (type != -1 && cnt != type)
773 continue;
774 if (!sb_has_quota_active(sb, cnt))
775 continue;
776 inode_lock(dqopt->files[cnt]);
777 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0);
778 inode_unlock(dqopt->files[cnt]);
779 }
780
781 return 0;
782 }
783 EXPORT_SYMBOL(dquot_quota_sync);
784
785 static unsigned long
dqcache_shrink_scan(struct shrinker * shrink,struct shrink_control * sc)786 dqcache_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
787 {
788 struct dquot *dquot;
789 unsigned long freed = 0;
790
791 spin_lock(&dq_list_lock);
792 while (!list_empty(&free_dquots) && sc->nr_to_scan) {
793 dquot = list_first_entry(&free_dquots, struct dquot, dq_free);
794 remove_dquot_hash(dquot);
795 remove_free_dquot(dquot);
796 remove_inuse(dquot);
797 do_destroy_dquot(dquot);
798 sc->nr_to_scan--;
799 freed++;
800 }
801 spin_unlock(&dq_list_lock);
802 return freed;
803 }
804
805 static unsigned long
dqcache_shrink_count(struct shrinker * shrink,struct shrink_control * sc)806 dqcache_shrink_count(struct shrinker *shrink, struct shrink_control *sc)
807 {
808 return vfs_pressure_ratio(
809 percpu_counter_read_positive(&dqstats.counter[DQST_FREE_DQUOTS]));
810 }
811
812 /*
813 * Safely release dquot and put reference to dquot.
814 */
quota_release_workfn(struct work_struct * work)815 static void quota_release_workfn(struct work_struct *work)
816 {
817 struct dquot *dquot;
818 struct list_head rls_head;
819
820 spin_lock(&dq_list_lock);
821 /* Exchange the list head to avoid livelock. */
822 list_replace_init(&releasing_dquots, &rls_head);
823 spin_unlock(&dq_list_lock);
824 synchronize_srcu(&dquot_srcu);
825
826 restart:
827 spin_lock(&dq_list_lock);
828 while (!list_empty(&rls_head)) {
829 dquot = list_first_entry(&rls_head, struct dquot, dq_free);
830 WARN_ON_ONCE(atomic_read(&dquot->dq_count));
831 /*
832 * Note that DQ_RELEASING_B protects us from racing with
833 * invalidate_dquots() calls so we are safe to work with the
834 * dquot even after we drop dq_list_lock.
835 */
836 if (dquot_dirty(dquot)) {
837 spin_unlock(&dq_list_lock);
838 /* Commit dquot before releasing */
839 dquot_write_dquot(dquot);
840 goto restart;
841 }
842 if (dquot_active(dquot)) {
843 spin_unlock(&dq_list_lock);
844 dquot->dq_sb->dq_op->release_dquot(dquot);
845 goto restart;
846 }
847 /* Dquot is inactive and clean, now move it to free list */
848 remove_free_dquot(dquot);
849 put_dquot_last(dquot);
850 }
851 spin_unlock(&dq_list_lock);
852 }
853
854 /*
855 * Put reference to dquot
856 */
dqput(struct dquot * dquot)857 void dqput(struct dquot *dquot)
858 {
859 if (!dquot)
860 return;
861 #ifdef CONFIG_QUOTA_DEBUG
862 if (!atomic_read(&dquot->dq_count)) {
863 quota_error(dquot->dq_sb, "trying to free free dquot of %s %d",
864 quotatypes[dquot->dq_id.type],
865 from_kqid(&init_user_ns, dquot->dq_id));
866 BUG();
867 }
868 #endif
869 dqstats_inc(DQST_DROPS);
870
871 spin_lock(&dq_list_lock);
872 if (atomic_read(&dquot->dq_count) > 1) {
873 /* We have more than one user... nothing to do */
874 atomic_dec(&dquot->dq_count);
875 /* Releasing dquot during quotaoff phase? */
876 if (!sb_has_quota_active(dquot->dq_sb, dquot->dq_id.type) &&
877 atomic_read(&dquot->dq_count) == 1)
878 wake_up(&dquot_ref_wq);
879 spin_unlock(&dq_list_lock);
880 return;
881 }
882
883 /* Need to release dquot? */
884 WARN_ON_ONCE(!list_empty(&dquot->dq_free));
885 put_releasing_dquots(dquot);
886 atomic_dec(&dquot->dq_count);
887 spin_unlock(&dq_list_lock);
888 queue_delayed_work(quota_unbound_wq, "a_release_work, 1);
889 }
890 EXPORT_SYMBOL(dqput);
891
dquot_alloc(struct super_block * sb,int type)892 struct dquot *dquot_alloc(struct super_block *sb, int type)
893 {
894 return kmem_cache_zalloc(dquot_cachep, GFP_NOFS);
895 }
896 EXPORT_SYMBOL(dquot_alloc);
897
get_empty_dquot(struct super_block * sb,int type)898 static struct dquot *get_empty_dquot(struct super_block *sb, int type)
899 {
900 struct dquot *dquot;
901
902 dquot = sb->dq_op->alloc_dquot(sb, type);
903 if(!dquot)
904 return NULL;
905
906 mutex_init(&dquot->dq_lock);
907 INIT_LIST_HEAD(&dquot->dq_free);
908 INIT_LIST_HEAD(&dquot->dq_inuse);
909 INIT_HLIST_NODE(&dquot->dq_hash);
910 INIT_LIST_HEAD(&dquot->dq_dirty);
911 dquot->dq_sb = sb;
912 dquot->dq_id = make_kqid_invalid(type);
913 atomic_set(&dquot->dq_count, 1);
914 spin_lock_init(&dquot->dq_dqb_lock);
915
916 return dquot;
917 }
918
919 /*
920 * Get reference to dquot
921 *
922 * Locking is slightly tricky here. We are guarded from parallel quotaoff()
923 * destroying our dquot by:
924 * a) checking for quota flags under dq_list_lock and
925 * b) getting a reference to dquot before we release dq_list_lock
926 */
dqget(struct super_block * sb,struct kqid qid)927 struct dquot *dqget(struct super_block *sb, struct kqid qid)
928 {
929 unsigned int hashent = hashfn(sb, qid);
930 struct dquot *dquot, *empty = NULL;
931
932 if (!qid_has_mapping(sb->s_user_ns, qid))
933 return ERR_PTR(-EINVAL);
934
935 if (!sb_has_quota_active(sb, qid.type))
936 return ERR_PTR(-ESRCH);
937 we_slept:
938 spin_lock(&dq_list_lock);
939 spin_lock(&dq_state_lock);
940 if (!sb_has_quota_active(sb, qid.type)) {
941 spin_unlock(&dq_state_lock);
942 spin_unlock(&dq_list_lock);
943 dquot = ERR_PTR(-ESRCH);
944 goto out;
945 }
946 spin_unlock(&dq_state_lock);
947
948 dquot = find_dquot(hashent, sb, qid);
949 if (!dquot) {
950 if (!empty) {
951 spin_unlock(&dq_list_lock);
952 empty = get_empty_dquot(sb, qid.type);
953 if (!empty)
954 schedule(); /* Try to wait for a moment... */
955 goto we_slept;
956 }
957 dquot = empty;
958 empty = NULL;
959 dquot->dq_id = qid;
960 /* all dquots go on the inuse_list */
961 put_inuse(dquot);
962 /* hash it first so it can be found */
963 insert_dquot_hash(dquot);
964 spin_unlock(&dq_list_lock);
965 dqstats_inc(DQST_LOOKUPS);
966 } else {
967 if (!atomic_read(&dquot->dq_count))
968 remove_free_dquot(dquot);
969 atomic_inc(&dquot->dq_count);
970 spin_unlock(&dq_list_lock);
971 dqstats_inc(DQST_CACHE_HITS);
972 dqstats_inc(DQST_LOOKUPS);
973 }
974 /* Wait for dq_lock - after this we know that either dquot_release() is
975 * already finished or it will be canceled due to dq_count > 0 test */
976 wait_on_dquot(dquot);
977 /* Read the dquot / allocate space in quota file */
978 if (!dquot_active(dquot)) {
979 int err;
980
981 err = sb->dq_op->acquire_dquot(dquot);
982 if (err < 0) {
983 dqput(dquot);
984 dquot = ERR_PTR(err);
985 goto out;
986 }
987 }
988 /*
989 * Make sure following reads see filled structure - paired with
990 * smp_mb__before_atomic() in dquot_acquire().
991 */
992 smp_rmb();
993 /* Has somebody invalidated entry under us? */
994 WARN_ON_ONCE(hlist_unhashed(&dquot->dq_hash));
995 out:
996 if (empty)
997 do_destroy_dquot(empty);
998
999 return dquot;
1000 }
1001 EXPORT_SYMBOL(dqget);
1002
i_dquot(struct inode * inode)1003 static inline struct dquot __rcu **i_dquot(struct inode *inode)
1004 {
1005 return inode->i_sb->s_op->get_dquots(inode);
1006 }
1007
dqinit_needed(struct inode * inode,int type)1008 static int dqinit_needed(struct inode *inode, int type)
1009 {
1010 struct dquot __rcu * const *dquots;
1011 int cnt;
1012
1013 if (IS_NOQUOTA(inode))
1014 return 0;
1015
1016 dquots = i_dquot(inode);
1017 if (type != -1)
1018 return !dquots[type];
1019 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1020 if (!dquots[cnt])
1021 return 1;
1022 return 0;
1023 }
1024
1025 /* This routine is guarded by s_umount semaphore */
add_dquot_ref(struct super_block * sb,int type)1026 static int add_dquot_ref(struct super_block *sb, int type)
1027 {
1028 struct inode *inode, *old_inode = NULL;
1029 #ifdef CONFIG_QUOTA_DEBUG
1030 int reserved = 0;
1031 #endif
1032 int err = 0;
1033
1034 spin_lock(&sb->s_inode_list_lock);
1035 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {
1036 spin_lock(&inode->i_lock);
1037 if ((inode->i_state & (I_FREEING|I_WILL_FREE|I_NEW)) ||
1038 !atomic_read(&inode->i_writecount) ||
1039 !dqinit_needed(inode, type)) {
1040 spin_unlock(&inode->i_lock);
1041 continue;
1042 }
1043 __iget(inode);
1044 spin_unlock(&inode->i_lock);
1045 spin_unlock(&sb->s_inode_list_lock);
1046
1047 #ifdef CONFIG_QUOTA_DEBUG
1048 if (unlikely(inode_get_rsv_space(inode) > 0))
1049 reserved = 1;
1050 #endif
1051 iput(old_inode);
1052 err = __dquot_initialize(inode, type);
1053 if (err) {
1054 iput(inode);
1055 goto out;
1056 }
1057
1058 /*
1059 * We hold a reference to 'inode' so it couldn't have been
1060 * removed from s_inodes list while we dropped the
1061 * s_inode_list_lock. We cannot iput the inode now as we can be
1062 * holding the last reference and we cannot iput it under
1063 * s_inode_list_lock. So we keep the reference and iput it
1064 * later.
1065 */
1066 old_inode = inode;
1067 cond_resched();
1068 spin_lock(&sb->s_inode_list_lock);
1069 }
1070 spin_unlock(&sb->s_inode_list_lock);
1071 iput(old_inode);
1072 out:
1073 #ifdef CONFIG_QUOTA_DEBUG
1074 if (reserved) {
1075 quota_error(sb, "Writes happened before quota was turned on "
1076 "thus quota information is probably inconsistent. "
1077 "Please run quotacheck(8)");
1078 }
1079 #endif
1080 return err;
1081 }
1082
remove_dquot_ref(struct super_block * sb,int type)1083 static void remove_dquot_ref(struct super_block *sb, int type)
1084 {
1085 struct inode *inode;
1086 #ifdef CONFIG_QUOTA_DEBUG
1087 int reserved = 0;
1088 #endif
1089
1090 spin_lock(&sb->s_inode_list_lock);
1091 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {
1092 /*
1093 * We have to scan also I_NEW inodes because they can already
1094 * have quota pointer initialized. Luckily, we need to touch
1095 * only quota pointers and these have separate locking
1096 * (dq_data_lock).
1097 */
1098 spin_lock(&dq_data_lock);
1099 if (!IS_NOQUOTA(inode)) {
1100 struct dquot __rcu **dquots = i_dquot(inode);
1101 struct dquot *dquot = srcu_dereference_check(
1102 dquots[type], &dquot_srcu,
1103 lockdep_is_held(&dq_data_lock));
1104
1105 #ifdef CONFIG_QUOTA_DEBUG
1106 if (unlikely(inode_get_rsv_space(inode) > 0))
1107 reserved = 1;
1108 #endif
1109 rcu_assign_pointer(dquots[type], NULL);
1110 if (dquot)
1111 dqput(dquot);
1112 }
1113 spin_unlock(&dq_data_lock);
1114 }
1115 spin_unlock(&sb->s_inode_list_lock);
1116 #ifdef CONFIG_QUOTA_DEBUG
1117 if (reserved) {
1118 printk(KERN_WARNING "VFS (%s): Writes happened after quota"
1119 " was disabled thus quota information is probably "
1120 "inconsistent. Please run quotacheck(8).\n", sb->s_id);
1121 }
1122 #endif
1123 }
1124
1125 /* Gather all references from inodes and drop them */
drop_dquot_ref(struct super_block * sb,int type)1126 static void drop_dquot_ref(struct super_block *sb, int type)
1127 {
1128 if (sb->dq_op)
1129 remove_dquot_ref(sb, type);
1130 }
1131
1132 static inline
dquot_free_reserved_space(struct dquot * dquot,qsize_t number)1133 void dquot_free_reserved_space(struct dquot *dquot, qsize_t number)
1134 {
1135 if (dquot->dq_dqb.dqb_rsvspace >= number)
1136 dquot->dq_dqb.dqb_rsvspace -= number;
1137 else {
1138 WARN_ON_ONCE(1);
1139 dquot->dq_dqb.dqb_rsvspace = 0;
1140 }
1141 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <=
1142 dquot->dq_dqb.dqb_bsoftlimit)
1143 dquot->dq_dqb.dqb_btime = (time64_t) 0;
1144 clear_bit(DQ_BLKS_B, &dquot->dq_flags);
1145 }
1146
dquot_decr_inodes(struct dquot * dquot,qsize_t number)1147 static void dquot_decr_inodes(struct dquot *dquot, qsize_t number)
1148 {
1149 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE ||
1150 dquot->dq_dqb.dqb_curinodes >= number)
1151 dquot->dq_dqb.dqb_curinodes -= number;
1152 else
1153 dquot->dq_dqb.dqb_curinodes = 0;
1154 if (dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit)
1155 dquot->dq_dqb.dqb_itime = (time64_t) 0;
1156 clear_bit(DQ_INODES_B, &dquot->dq_flags);
1157 }
1158
dquot_decr_space(struct dquot * dquot,qsize_t number)1159 static void dquot_decr_space(struct dquot *dquot, qsize_t number)
1160 {
1161 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE ||
1162 dquot->dq_dqb.dqb_curspace >= number)
1163 dquot->dq_dqb.dqb_curspace -= number;
1164 else
1165 dquot->dq_dqb.dqb_curspace = 0;
1166 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <=
1167 dquot->dq_dqb.dqb_bsoftlimit)
1168 dquot->dq_dqb.dqb_btime = (time64_t) 0;
1169 clear_bit(DQ_BLKS_B, &dquot->dq_flags);
1170 }
1171
1172 struct dquot_warn {
1173 struct super_block *w_sb;
1174 struct kqid w_dq_id;
1175 short w_type;
1176 };
1177
warning_issued(struct dquot * dquot,const int warntype)1178 static int warning_issued(struct dquot *dquot, const int warntype)
1179 {
1180 int flag = (warntype == QUOTA_NL_BHARDWARN ||
1181 warntype == QUOTA_NL_BSOFTLONGWARN) ? DQ_BLKS_B :
1182 ((warntype == QUOTA_NL_IHARDWARN ||
1183 warntype == QUOTA_NL_ISOFTLONGWARN) ? DQ_INODES_B : 0);
1184
1185 if (!flag)
1186 return 0;
1187 return test_and_set_bit(flag, &dquot->dq_flags);
1188 }
1189
1190 #ifdef CONFIG_PRINT_QUOTA_WARNING
1191 static int flag_print_warnings = 1;
1192
need_print_warning(struct dquot_warn * warn)1193 static int need_print_warning(struct dquot_warn *warn)
1194 {
1195 if (!flag_print_warnings)
1196 return 0;
1197
1198 switch (warn->w_dq_id.type) {
1199 case USRQUOTA:
1200 return uid_eq(current_fsuid(), warn->w_dq_id.uid);
1201 case GRPQUOTA:
1202 return in_group_p(warn->w_dq_id.gid);
1203 case PRJQUOTA:
1204 return 1;
1205 }
1206 return 0;
1207 }
1208
1209 /* Print warning to user which exceeded quota */
print_warning(struct dquot_warn * warn)1210 static void print_warning(struct dquot_warn *warn)
1211 {
1212 char *msg = NULL;
1213 struct tty_struct *tty;
1214 int warntype = warn->w_type;
1215
1216 if (warntype == QUOTA_NL_IHARDBELOW ||
1217 warntype == QUOTA_NL_ISOFTBELOW ||
1218 warntype == QUOTA_NL_BHARDBELOW ||
1219 warntype == QUOTA_NL_BSOFTBELOW || !need_print_warning(warn))
1220 return;
1221
1222 tty = get_current_tty();
1223 if (!tty)
1224 return;
1225 tty_write_message(tty, warn->w_sb->s_id);
1226 if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN)
1227 tty_write_message(tty, ": warning, ");
1228 else
1229 tty_write_message(tty, ": write failed, ");
1230 tty_write_message(tty, quotatypes[warn->w_dq_id.type]);
1231 switch (warntype) {
1232 case QUOTA_NL_IHARDWARN:
1233 msg = " file limit reached.\r\n";
1234 break;
1235 case QUOTA_NL_ISOFTLONGWARN:
1236 msg = " file quota exceeded too long.\r\n";
1237 break;
1238 case QUOTA_NL_ISOFTWARN:
1239 msg = " file quota exceeded.\r\n";
1240 break;
1241 case QUOTA_NL_BHARDWARN:
1242 msg = " block limit reached.\r\n";
1243 break;
1244 case QUOTA_NL_BSOFTLONGWARN:
1245 msg = " block quota exceeded too long.\r\n";
1246 break;
1247 case QUOTA_NL_BSOFTWARN:
1248 msg = " block quota exceeded.\r\n";
1249 break;
1250 }
1251 tty_write_message(tty, msg);
1252 tty_kref_put(tty);
1253 }
1254 #endif
1255
prepare_warning(struct dquot_warn * warn,struct dquot * dquot,int warntype)1256 static void prepare_warning(struct dquot_warn *warn, struct dquot *dquot,
1257 int warntype)
1258 {
1259 if (warning_issued(dquot, warntype))
1260 return;
1261 warn->w_type = warntype;
1262 warn->w_sb = dquot->dq_sb;
1263 warn->w_dq_id = dquot->dq_id;
1264 }
1265
1266 /*
1267 * Write warnings to the console and send warning messages over netlink.
1268 *
1269 * Note that this function can call into tty and networking code.
1270 */
flush_warnings(struct dquot_warn * warn)1271 static void flush_warnings(struct dquot_warn *warn)
1272 {
1273 int i;
1274
1275 for (i = 0; i < MAXQUOTAS; i++) {
1276 if (warn[i].w_type == QUOTA_NL_NOWARN)
1277 continue;
1278 #ifdef CONFIG_PRINT_QUOTA_WARNING
1279 print_warning(&warn[i]);
1280 #endif
1281 quota_send_warning(warn[i].w_dq_id,
1282 warn[i].w_sb->s_dev, warn[i].w_type);
1283 }
1284 }
1285
ignore_hardlimit(struct dquot * dquot)1286 static int ignore_hardlimit(struct dquot *dquot)
1287 {
1288 struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type];
1289
1290 return capable(CAP_SYS_RESOURCE) &&
1291 (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD ||
1292 !(info->dqi_flags & DQF_ROOT_SQUASH));
1293 }
1294
dquot_add_inodes(struct dquot * dquot,qsize_t inodes,struct dquot_warn * warn)1295 static int dquot_add_inodes(struct dquot *dquot, qsize_t inodes,
1296 struct dquot_warn *warn)
1297 {
1298 qsize_t newinodes;
1299 int ret = 0;
1300
1301 spin_lock(&dquot->dq_dqb_lock);
1302 newinodes = dquot->dq_dqb.dqb_curinodes + inodes;
1303 if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type) ||
1304 test_bit(DQ_FAKE_B, &dquot->dq_flags))
1305 goto add;
1306
1307 if (dquot->dq_dqb.dqb_ihardlimit &&
1308 newinodes > dquot->dq_dqb.dqb_ihardlimit &&
1309 !ignore_hardlimit(dquot)) {
1310 prepare_warning(warn, dquot, QUOTA_NL_IHARDWARN);
1311 ret = -EDQUOT;
1312 goto out;
1313 }
1314
1315 if (dquot->dq_dqb.dqb_isoftlimit &&
1316 newinodes > dquot->dq_dqb.dqb_isoftlimit &&
1317 dquot->dq_dqb.dqb_itime &&
1318 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_itime &&
1319 !ignore_hardlimit(dquot)) {
1320 prepare_warning(warn, dquot, QUOTA_NL_ISOFTLONGWARN);
1321 ret = -EDQUOT;
1322 goto out;
1323 }
1324
1325 if (dquot->dq_dqb.dqb_isoftlimit &&
1326 newinodes > dquot->dq_dqb.dqb_isoftlimit &&
1327 dquot->dq_dqb.dqb_itime == 0) {
1328 prepare_warning(warn, dquot, QUOTA_NL_ISOFTWARN);
1329 dquot->dq_dqb.dqb_itime = ktime_get_real_seconds() +
1330 sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type].dqi_igrace;
1331 }
1332 add:
1333 dquot->dq_dqb.dqb_curinodes = newinodes;
1334
1335 out:
1336 spin_unlock(&dquot->dq_dqb_lock);
1337 return ret;
1338 }
1339
dquot_add_space(struct dquot * dquot,qsize_t space,qsize_t rsv_space,unsigned int flags,struct dquot_warn * warn)1340 static int dquot_add_space(struct dquot *dquot, qsize_t space,
1341 qsize_t rsv_space, unsigned int flags,
1342 struct dquot_warn *warn)
1343 {
1344 qsize_t tspace;
1345 struct super_block *sb = dquot->dq_sb;
1346 int ret = 0;
1347
1348 spin_lock(&dquot->dq_dqb_lock);
1349 if (!sb_has_quota_limits_enabled(sb, dquot->dq_id.type) ||
1350 test_bit(DQ_FAKE_B, &dquot->dq_flags))
1351 goto finish;
1352
1353 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace
1354 + space + rsv_space;
1355
1356 if (dquot->dq_dqb.dqb_bhardlimit &&
1357 tspace > dquot->dq_dqb.dqb_bhardlimit &&
1358 !ignore_hardlimit(dquot)) {
1359 if (flags & DQUOT_SPACE_WARN)
1360 prepare_warning(warn, dquot, QUOTA_NL_BHARDWARN);
1361 ret = -EDQUOT;
1362 goto finish;
1363 }
1364
1365 if (dquot->dq_dqb.dqb_bsoftlimit &&
1366 tspace > dquot->dq_dqb.dqb_bsoftlimit &&
1367 dquot->dq_dqb.dqb_btime &&
1368 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_btime &&
1369 !ignore_hardlimit(dquot)) {
1370 if (flags & DQUOT_SPACE_WARN)
1371 prepare_warning(warn, dquot, QUOTA_NL_BSOFTLONGWARN);
1372 ret = -EDQUOT;
1373 goto finish;
1374 }
1375
1376 if (dquot->dq_dqb.dqb_bsoftlimit &&
1377 tspace > dquot->dq_dqb.dqb_bsoftlimit &&
1378 dquot->dq_dqb.dqb_btime == 0) {
1379 if (flags & DQUOT_SPACE_WARN) {
1380 prepare_warning(warn, dquot, QUOTA_NL_BSOFTWARN);
1381 dquot->dq_dqb.dqb_btime = ktime_get_real_seconds() +
1382 sb_dqopt(sb)->info[dquot->dq_id.type].dqi_bgrace;
1383 } else {
1384 /*
1385 * We don't allow preallocation to exceed softlimit so exceeding will
1386 * be always printed
1387 */
1388 ret = -EDQUOT;
1389 goto finish;
1390 }
1391 }
1392 finish:
1393 /*
1394 * We have to be careful and go through warning generation & grace time
1395 * setting even if DQUOT_SPACE_NOFAIL is set. That's why we check it
1396 * only here...
1397 */
1398 if (flags & DQUOT_SPACE_NOFAIL)
1399 ret = 0;
1400 if (!ret) {
1401 dquot->dq_dqb.dqb_rsvspace += rsv_space;
1402 dquot->dq_dqb.dqb_curspace += space;
1403 }
1404 spin_unlock(&dquot->dq_dqb_lock);
1405 return ret;
1406 }
1407
info_idq_free(struct dquot * dquot,qsize_t inodes)1408 static int info_idq_free(struct dquot *dquot, qsize_t inodes)
1409 {
1410 qsize_t newinodes;
1411
1412 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) ||
1413 dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit ||
1414 !sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type))
1415 return QUOTA_NL_NOWARN;
1416
1417 newinodes = dquot->dq_dqb.dqb_curinodes - inodes;
1418 if (newinodes <= dquot->dq_dqb.dqb_isoftlimit)
1419 return QUOTA_NL_ISOFTBELOW;
1420 if (dquot->dq_dqb.dqb_curinodes >= dquot->dq_dqb.dqb_ihardlimit &&
1421 newinodes < dquot->dq_dqb.dqb_ihardlimit)
1422 return QUOTA_NL_IHARDBELOW;
1423 return QUOTA_NL_NOWARN;
1424 }
1425
info_bdq_free(struct dquot * dquot,qsize_t space)1426 static int info_bdq_free(struct dquot *dquot, qsize_t space)
1427 {
1428 qsize_t tspace;
1429
1430 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace;
1431
1432 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) ||
1433 tspace <= dquot->dq_dqb.dqb_bsoftlimit)
1434 return QUOTA_NL_NOWARN;
1435
1436 if (tspace - space <= dquot->dq_dqb.dqb_bsoftlimit)
1437 return QUOTA_NL_BSOFTBELOW;
1438 if (tspace >= dquot->dq_dqb.dqb_bhardlimit &&
1439 tspace - space < dquot->dq_dqb.dqb_bhardlimit)
1440 return QUOTA_NL_BHARDBELOW;
1441 return QUOTA_NL_NOWARN;
1442 }
1443
inode_quota_active(const struct inode * inode)1444 static int inode_quota_active(const struct inode *inode)
1445 {
1446 struct super_block *sb = inode->i_sb;
1447
1448 if (IS_NOQUOTA(inode))
1449 return 0;
1450 return sb_any_quota_loaded(sb) & ~sb_any_quota_suspended(sb);
1451 }
1452
1453 /*
1454 * Initialize quota pointers in inode
1455 *
1456 * It is better to call this function outside of any transaction as it
1457 * might need a lot of space in journal for dquot structure allocation.
1458 */
__dquot_initialize(struct inode * inode,int type)1459 static int __dquot_initialize(struct inode *inode, int type)
1460 {
1461 int cnt, init_needed = 0;
1462 struct dquot __rcu **dquots;
1463 struct dquot *got[MAXQUOTAS] = {};
1464 struct super_block *sb = inode->i_sb;
1465 qsize_t rsv;
1466 int ret = 0;
1467
1468 if (!inode_quota_active(inode))
1469 return 0;
1470
1471 dquots = i_dquot(inode);
1472
1473 /* First get references to structures we might need. */
1474 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1475 struct kqid qid;
1476 kprojid_t projid;
1477 int rc;
1478 struct dquot *dquot;
1479
1480 if (type != -1 && cnt != type)
1481 continue;
1482 /*
1483 * The i_dquot should have been initialized in most cases,
1484 * we check it without locking here to avoid unnecessary
1485 * dqget()/dqput() calls.
1486 */
1487 if (dquots[cnt])
1488 continue;
1489
1490 if (!sb_has_quota_active(sb, cnt))
1491 continue;
1492
1493 init_needed = 1;
1494
1495 switch (cnt) {
1496 case USRQUOTA:
1497 qid = make_kqid_uid(inode->i_uid);
1498 break;
1499 case GRPQUOTA:
1500 qid = make_kqid_gid(inode->i_gid);
1501 break;
1502 case PRJQUOTA:
1503 rc = inode->i_sb->dq_op->get_projid(inode, &projid);
1504 if (rc)
1505 continue;
1506 qid = make_kqid_projid(projid);
1507 break;
1508 }
1509 dquot = dqget(sb, qid);
1510 if (IS_ERR(dquot)) {
1511 /* We raced with somebody turning quotas off... */
1512 if (PTR_ERR(dquot) != -ESRCH) {
1513 ret = PTR_ERR(dquot);
1514 goto out_put;
1515 }
1516 dquot = NULL;
1517 }
1518 got[cnt] = dquot;
1519 }
1520
1521 /* All required i_dquot has been initialized */
1522 if (!init_needed)
1523 return 0;
1524
1525 spin_lock(&dq_data_lock);
1526 if (IS_NOQUOTA(inode))
1527 goto out_lock;
1528 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1529 if (type != -1 && cnt != type)
1530 continue;
1531 /* Avoid races with quotaoff() */
1532 if (!sb_has_quota_active(sb, cnt))
1533 continue;
1534 /* We could race with quotaon or dqget() could have failed */
1535 if (!got[cnt])
1536 continue;
1537 if (!dquots[cnt]) {
1538 rcu_assign_pointer(dquots[cnt], got[cnt]);
1539 got[cnt] = NULL;
1540 /*
1541 * Make quota reservation system happy if someone
1542 * did a write before quota was turned on
1543 */
1544 rsv = inode_get_rsv_space(inode);
1545 if (unlikely(rsv)) {
1546 struct dquot *dquot = srcu_dereference_check(
1547 dquots[cnt], &dquot_srcu,
1548 lockdep_is_held(&dq_data_lock));
1549
1550 spin_lock(&inode->i_lock);
1551 /* Get reservation again under proper lock */
1552 rsv = __inode_get_rsv_space(inode);
1553 spin_lock(&dquot->dq_dqb_lock);
1554 dquot->dq_dqb.dqb_rsvspace += rsv;
1555 spin_unlock(&dquot->dq_dqb_lock);
1556 spin_unlock(&inode->i_lock);
1557 }
1558 }
1559 }
1560 out_lock:
1561 spin_unlock(&dq_data_lock);
1562 out_put:
1563 /* Drop unused references */
1564 dqput_all(got);
1565
1566 return ret;
1567 }
1568
dquot_initialize(struct inode * inode)1569 int dquot_initialize(struct inode *inode)
1570 {
1571 return __dquot_initialize(inode, -1);
1572 }
1573 EXPORT_SYMBOL(dquot_initialize);
1574
dquot_initialize_needed(struct inode * inode)1575 bool dquot_initialize_needed(struct inode *inode)
1576 {
1577 struct dquot __rcu **dquots;
1578 int i;
1579
1580 if (!inode_quota_active(inode))
1581 return false;
1582
1583 dquots = i_dquot(inode);
1584 for (i = 0; i < MAXQUOTAS; i++)
1585 if (!dquots[i] && sb_has_quota_active(inode->i_sb, i))
1586 return true;
1587 return false;
1588 }
1589 EXPORT_SYMBOL(dquot_initialize_needed);
1590
1591 /*
1592 * Release all quotas referenced by inode.
1593 *
1594 * This function only be called on inode free or converting
1595 * a file to quota file, no other users for the i_dquot in
1596 * both cases, so we needn't call synchronize_srcu() after
1597 * clearing i_dquot.
1598 */
__dquot_drop(struct inode * inode)1599 static void __dquot_drop(struct inode *inode)
1600 {
1601 int cnt;
1602 struct dquot __rcu **dquots = i_dquot(inode);
1603 struct dquot *put[MAXQUOTAS];
1604
1605 spin_lock(&dq_data_lock);
1606 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1607 put[cnt] = srcu_dereference_check(dquots[cnt], &dquot_srcu,
1608 lockdep_is_held(&dq_data_lock));
1609 rcu_assign_pointer(dquots[cnt], NULL);
1610 }
1611 spin_unlock(&dq_data_lock);
1612 dqput_all(put);
1613 }
1614
dquot_drop(struct inode * inode)1615 void dquot_drop(struct inode *inode)
1616 {
1617 struct dquot __rcu * const *dquots;
1618 int cnt;
1619
1620 if (IS_NOQUOTA(inode))
1621 return;
1622
1623 /*
1624 * Test before calling to rule out calls from proc and such
1625 * where we are not allowed to block. Note that this is
1626 * actually reliable test even without the lock - the caller
1627 * must assure that nobody can come after the DQUOT_DROP and
1628 * add quota pointers back anyway.
1629 */
1630 dquots = i_dquot(inode);
1631 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1632 if (dquots[cnt])
1633 break;
1634 }
1635
1636 if (cnt < MAXQUOTAS)
1637 __dquot_drop(inode);
1638 }
1639 EXPORT_SYMBOL(dquot_drop);
1640
1641 /*
1642 * inode_reserved_space is managed internally by quota, and protected by
1643 * i_lock similar to i_blocks+i_bytes.
1644 */
inode_reserved_space(struct inode * inode)1645 static qsize_t *inode_reserved_space(struct inode * inode)
1646 {
1647 /* Filesystem must explicitly define it's own method in order to use
1648 * quota reservation interface */
1649 BUG_ON(!inode->i_sb->dq_op->get_reserved_space);
1650 return inode->i_sb->dq_op->get_reserved_space(inode);
1651 }
1652
__inode_get_rsv_space(struct inode * inode)1653 static qsize_t __inode_get_rsv_space(struct inode *inode)
1654 {
1655 if (!inode->i_sb->dq_op->get_reserved_space)
1656 return 0;
1657 return *inode_reserved_space(inode);
1658 }
1659
inode_get_rsv_space(struct inode * inode)1660 static qsize_t inode_get_rsv_space(struct inode *inode)
1661 {
1662 qsize_t ret;
1663
1664 if (!inode->i_sb->dq_op->get_reserved_space)
1665 return 0;
1666 spin_lock(&inode->i_lock);
1667 ret = __inode_get_rsv_space(inode);
1668 spin_unlock(&inode->i_lock);
1669 return ret;
1670 }
1671
1672 /*
1673 * This functions updates i_blocks+i_bytes fields and quota information
1674 * (together with appropriate checks).
1675 *
1676 * NOTE: We absolutely rely on the fact that caller dirties the inode
1677 * (usually helpers in quotaops.h care about this) and holds a handle for
1678 * the current transaction so that dquot write and inode write go into the
1679 * same transaction.
1680 */
1681
1682 /*
1683 * This operation can block, but only after everything is updated
1684 */
__dquot_alloc_space(struct inode * inode,qsize_t number,int flags)1685 int __dquot_alloc_space(struct inode *inode, qsize_t number, int flags)
1686 {
1687 int cnt, ret = 0, index;
1688 struct dquot_warn warn[MAXQUOTAS];
1689 int reserve = flags & DQUOT_SPACE_RESERVE;
1690 struct dquot __rcu **dquots;
1691 struct dquot *dquot;
1692
1693 if (!inode_quota_active(inode)) {
1694 if (reserve) {
1695 spin_lock(&inode->i_lock);
1696 *inode_reserved_space(inode) += number;
1697 spin_unlock(&inode->i_lock);
1698 } else {
1699 inode_add_bytes(inode, number);
1700 }
1701 goto out;
1702 }
1703
1704 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1705 warn[cnt].w_type = QUOTA_NL_NOWARN;
1706
1707 dquots = i_dquot(inode);
1708 index = srcu_read_lock(&dquot_srcu);
1709 spin_lock(&inode->i_lock);
1710 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1711 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1712 if (!dquot)
1713 continue;
1714 if (reserve) {
1715 ret = dquot_add_space(dquot, 0, number, flags, &warn[cnt]);
1716 } else {
1717 ret = dquot_add_space(dquot, number, 0, flags, &warn[cnt]);
1718 }
1719 if (ret) {
1720 /* Back out changes we already did */
1721 for (cnt--; cnt >= 0; cnt--) {
1722 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1723 if (!dquot)
1724 continue;
1725 spin_lock(&dquot->dq_dqb_lock);
1726 if (reserve)
1727 dquot_free_reserved_space(dquot, number);
1728 else
1729 dquot_decr_space(dquot, number);
1730 spin_unlock(&dquot->dq_dqb_lock);
1731 }
1732 spin_unlock(&inode->i_lock);
1733 goto out_flush_warn;
1734 }
1735 }
1736 if (reserve)
1737 *inode_reserved_space(inode) += number;
1738 else
1739 __inode_add_bytes(inode, number);
1740 spin_unlock(&inode->i_lock);
1741
1742 if (reserve)
1743 goto out_flush_warn;
1744 ret = mark_all_dquot_dirty(dquots);
1745 out_flush_warn:
1746 srcu_read_unlock(&dquot_srcu, index);
1747 flush_warnings(warn);
1748 out:
1749 return ret;
1750 }
1751 EXPORT_SYMBOL(__dquot_alloc_space);
1752
1753 /*
1754 * This operation can block, but only after everything is updated
1755 */
dquot_alloc_inode(struct inode * inode)1756 int dquot_alloc_inode(struct inode *inode)
1757 {
1758 int cnt, ret = 0, index;
1759 struct dquot_warn warn[MAXQUOTAS];
1760 struct dquot __rcu * const *dquots;
1761 struct dquot *dquot;
1762
1763 if (!inode_quota_active(inode))
1764 return 0;
1765 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1766 warn[cnt].w_type = QUOTA_NL_NOWARN;
1767
1768 dquots = i_dquot(inode);
1769 index = srcu_read_lock(&dquot_srcu);
1770 spin_lock(&inode->i_lock);
1771 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1772 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1773 if (!dquot)
1774 continue;
1775 ret = dquot_add_inodes(dquot, 1, &warn[cnt]);
1776 if (ret) {
1777 for (cnt--; cnt >= 0; cnt--) {
1778 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1779 if (!dquot)
1780 continue;
1781 /* Back out changes we already did */
1782 spin_lock(&dquot->dq_dqb_lock);
1783 dquot_decr_inodes(dquot, 1);
1784 spin_unlock(&dquot->dq_dqb_lock);
1785 }
1786 goto warn_put_all;
1787 }
1788 }
1789
1790 warn_put_all:
1791 spin_unlock(&inode->i_lock);
1792 if (ret == 0)
1793 ret = mark_all_dquot_dirty(dquots);
1794 srcu_read_unlock(&dquot_srcu, index);
1795 flush_warnings(warn);
1796 return ret;
1797 }
1798 EXPORT_SYMBOL(dquot_alloc_inode);
1799
1800 /*
1801 * Convert in-memory reserved quotas to real consumed quotas
1802 */
dquot_claim_space_nodirty(struct inode * inode,qsize_t number)1803 void dquot_claim_space_nodirty(struct inode *inode, qsize_t number)
1804 {
1805 struct dquot __rcu **dquots;
1806 struct dquot *dquot;
1807 int cnt, index;
1808
1809 if (!inode_quota_active(inode)) {
1810 spin_lock(&inode->i_lock);
1811 *inode_reserved_space(inode) -= number;
1812 __inode_add_bytes(inode, number);
1813 spin_unlock(&inode->i_lock);
1814 return;
1815 }
1816
1817 dquots = i_dquot(inode);
1818 index = srcu_read_lock(&dquot_srcu);
1819 spin_lock(&inode->i_lock);
1820 /* Claim reserved quotas to allocated quotas */
1821 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1822 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1823 if (dquot) {
1824 spin_lock(&dquot->dq_dqb_lock);
1825 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_rsvspace < number))
1826 number = dquot->dq_dqb.dqb_rsvspace;
1827 dquot->dq_dqb.dqb_curspace += number;
1828 dquot->dq_dqb.dqb_rsvspace -= number;
1829 spin_unlock(&dquot->dq_dqb_lock);
1830 }
1831 }
1832 /* Update inode bytes */
1833 *inode_reserved_space(inode) -= number;
1834 __inode_add_bytes(inode, number);
1835 spin_unlock(&inode->i_lock);
1836 mark_all_dquot_dirty(dquots);
1837 srcu_read_unlock(&dquot_srcu, index);
1838 }
1839 EXPORT_SYMBOL(dquot_claim_space_nodirty);
1840
1841 /*
1842 * Convert allocated space back to in-memory reserved quotas
1843 */
dquot_reclaim_space_nodirty(struct inode * inode,qsize_t number)1844 void dquot_reclaim_space_nodirty(struct inode *inode, qsize_t number)
1845 {
1846 struct dquot __rcu **dquots;
1847 struct dquot *dquot;
1848 int cnt, index;
1849
1850 if (!inode_quota_active(inode)) {
1851 spin_lock(&inode->i_lock);
1852 *inode_reserved_space(inode) += number;
1853 __inode_sub_bytes(inode, number);
1854 spin_unlock(&inode->i_lock);
1855 return;
1856 }
1857
1858 dquots = i_dquot(inode);
1859 index = srcu_read_lock(&dquot_srcu);
1860 spin_lock(&inode->i_lock);
1861 /* Claim reserved quotas to allocated quotas */
1862 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1863 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1864 if (dquot) {
1865 spin_lock(&dquot->dq_dqb_lock);
1866 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_curspace < number))
1867 number = dquot->dq_dqb.dqb_curspace;
1868 dquot->dq_dqb.dqb_rsvspace += number;
1869 dquot->dq_dqb.dqb_curspace -= number;
1870 spin_unlock(&dquot->dq_dqb_lock);
1871 }
1872 }
1873 /* Update inode bytes */
1874 *inode_reserved_space(inode) += number;
1875 __inode_sub_bytes(inode, number);
1876 spin_unlock(&inode->i_lock);
1877 mark_all_dquot_dirty(dquots);
1878 srcu_read_unlock(&dquot_srcu, index);
1879 }
1880 EXPORT_SYMBOL(dquot_reclaim_space_nodirty);
1881
1882 /*
1883 * This operation can block, but only after everything is updated
1884 */
__dquot_free_space(struct inode * inode,qsize_t number,int flags)1885 void __dquot_free_space(struct inode *inode, qsize_t number, int flags)
1886 {
1887 unsigned int cnt;
1888 struct dquot_warn warn[MAXQUOTAS];
1889 struct dquot __rcu **dquots;
1890 struct dquot *dquot;
1891 int reserve = flags & DQUOT_SPACE_RESERVE, index;
1892
1893 if (!inode_quota_active(inode)) {
1894 if (reserve) {
1895 spin_lock(&inode->i_lock);
1896 *inode_reserved_space(inode) -= number;
1897 spin_unlock(&inode->i_lock);
1898 } else {
1899 inode_sub_bytes(inode, number);
1900 }
1901 return;
1902 }
1903
1904 dquots = i_dquot(inode);
1905 index = srcu_read_lock(&dquot_srcu);
1906 spin_lock(&inode->i_lock);
1907 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1908 int wtype;
1909
1910 warn[cnt].w_type = QUOTA_NL_NOWARN;
1911 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1912 if (!dquot)
1913 continue;
1914 spin_lock(&dquot->dq_dqb_lock);
1915 wtype = info_bdq_free(dquot, number);
1916 if (wtype != QUOTA_NL_NOWARN)
1917 prepare_warning(&warn[cnt], dquot, wtype);
1918 if (reserve)
1919 dquot_free_reserved_space(dquot, number);
1920 else
1921 dquot_decr_space(dquot, number);
1922 spin_unlock(&dquot->dq_dqb_lock);
1923 }
1924 if (reserve)
1925 *inode_reserved_space(inode) -= number;
1926 else
1927 __inode_sub_bytes(inode, number);
1928 spin_unlock(&inode->i_lock);
1929
1930 if (reserve)
1931 goto out_unlock;
1932 mark_all_dquot_dirty(dquots);
1933 out_unlock:
1934 srcu_read_unlock(&dquot_srcu, index);
1935 flush_warnings(warn);
1936 }
1937 EXPORT_SYMBOL(__dquot_free_space);
1938
1939 /*
1940 * This operation can block, but only after everything is updated
1941 */
dquot_free_inode(struct inode * inode)1942 void dquot_free_inode(struct inode *inode)
1943 {
1944 unsigned int cnt;
1945 struct dquot_warn warn[MAXQUOTAS];
1946 struct dquot __rcu * const *dquots;
1947 struct dquot *dquot;
1948 int index;
1949
1950 if (!inode_quota_active(inode))
1951 return;
1952
1953 dquots = i_dquot(inode);
1954 index = srcu_read_lock(&dquot_srcu);
1955 spin_lock(&inode->i_lock);
1956 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1957 int wtype;
1958 warn[cnt].w_type = QUOTA_NL_NOWARN;
1959 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1960 if (!dquot)
1961 continue;
1962 spin_lock(&dquot->dq_dqb_lock);
1963 wtype = info_idq_free(dquot, 1);
1964 if (wtype != QUOTA_NL_NOWARN)
1965 prepare_warning(&warn[cnt], dquot, wtype);
1966 dquot_decr_inodes(dquot, 1);
1967 spin_unlock(&dquot->dq_dqb_lock);
1968 }
1969 spin_unlock(&inode->i_lock);
1970 mark_all_dquot_dirty(dquots);
1971 srcu_read_unlock(&dquot_srcu, index);
1972 flush_warnings(warn);
1973 }
1974 EXPORT_SYMBOL(dquot_free_inode);
1975
1976 /*
1977 * Transfer the number of inode and blocks from one diskquota to an other.
1978 * On success, dquot references in transfer_to are consumed and references
1979 * to original dquots that need to be released are placed there. On failure,
1980 * references are kept untouched.
1981 *
1982 * This operation can block, but only after everything is updated
1983 * A transaction must be started when entering this function.
1984 *
1985 * We are holding reference on transfer_from & transfer_to, no need to
1986 * protect them by srcu_read_lock().
1987 */
__dquot_transfer(struct inode * inode,struct dquot ** transfer_to)1988 int __dquot_transfer(struct inode *inode, struct dquot **transfer_to)
1989 {
1990 qsize_t cur_space;
1991 qsize_t rsv_space = 0;
1992 qsize_t inode_usage = 1;
1993 struct dquot __rcu **dquots;
1994 struct dquot *transfer_from[MAXQUOTAS] = {};
1995 int cnt, index, ret = 0, err;
1996 char is_valid[MAXQUOTAS] = {};
1997 struct dquot_warn warn_to[MAXQUOTAS];
1998 struct dquot_warn warn_from_inodes[MAXQUOTAS];
1999 struct dquot_warn warn_from_space[MAXQUOTAS];
2000
2001 if (IS_NOQUOTA(inode))
2002 return 0;
2003
2004 if (inode->i_sb->dq_op->get_inode_usage) {
2005 ret = inode->i_sb->dq_op->get_inode_usage(inode, &inode_usage);
2006 if (ret)
2007 return ret;
2008 }
2009
2010 /* Initialize the arrays */
2011 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2012 warn_to[cnt].w_type = QUOTA_NL_NOWARN;
2013 warn_from_inodes[cnt].w_type = QUOTA_NL_NOWARN;
2014 warn_from_space[cnt].w_type = QUOTA_NL_NOWARN;
2015 }
2016
2017 spin_lock(&dq_data_lock);
2018 spin_lock(&inode->i_lock);
2019 if (IS_NOQUOTA(inode)) { /* File without quota accounting? */
2020 spin_unlock(&inode->i_lock);
2021 spin_unlock(&dq_data_lock);
2022 return 0;
2023 }
2024 cur_space = __inode_get_bytes(inode);
2025 rsv_space = __inode_get_rsv_space(inode);
2026 dquots = i_dquot(inode);
2027 /*
2028 * Build the transfer_from list, check limits, and update usage in
2029 * the target structures.
2030 */
2031 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2032 /*
2033 * Skip changes for same uid or gid or for turned off quota-type.
2034 */
2035 if (!transfer_to[cnt])
2036 continue;
2037 /* Avoid races with quotaoff() */
2038 if (!sb_has_quota_active(inode->i_sb, cnt))
2039 continue;
2040 is_valid[cnt] = 1;
2041 transfer_from[cnt] = srcu_dereference_check(dquots[cnt],
2042 &dquot_srcu, lockdep_is_held(&dq_data_lock));
2043 ret = dquot_add_inodes(transfer_to[cnt], inode_usage,
2044 &warn_to[cnt]);
2045 if (ret)
2046 goto over_quota;
2047 ret = dquot_add_space(transfer_to[cnt], cur_space, rsv_space,
2048 DQUOT_SPACE_WARN, &warn_to[cnt]);
2049 if (ret) {
2050 spin_lock(&transfer_to[cnt]->dq_dqb_lock);
2051 dquot_decr_inodes(transfer_to[cnt], inode_usage);
2052 spin_unlock(&transfer_to[cnt]->dq_dqb_lock);
2053 goto over_quota;
2054 }
2055 }
2056
2057 /* Decrease usage for source structures and update quota pointers */
2058 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2059 if (!is_valid[cnt])
2060 continue;
2061 /* Due to IO error we might not have transfer_from[] structure */
2062 if (transfer_from[cnt]) {
2063 int wtype;
2064
2065 spin_lock(&transfer_from[cnt]->dq_dqb_lock);
2066 wtype = info_idq_free(transfer_from[cnt], inode_usage);
2067 if (wtype != QUOTA_NL_NOWARN)
2068 prepare_warning(&warn_from_inodes[cnt],
2069 transfer_from[cnt], wtype);
2070 wtype = info_bdq_free(transfer_from[cnt],
2071 cur_space + rsv_space);
2072 if (wtype != QUOTA_NL_NOWARN)
2073 prepare_warning(&warn_from_space[cnt],
2074 transfer_from[cnt], wtype);
2075 dquot_decr_inodes(transfer_from[cnt], inode_usage);
2076 dquot_decr_space(transfer_from[cnt], cur_space);
2077 dquot_free_reserved_space(transfer_from[cnt],
2078 rsv_space);
2079 spin_unlock(&transfer_from[cnt]->dq_dqb_lock);
2080 }
2081 rcu_assign_pointer(dquots[cnt], transfer_to[cnt]);
2082 }
2083 spin_unlock(&inode->i_lock);
2084 spin_unlock(&dq_data_lock);
2085
2086 /*
2087 * These arrays are local and we hold dquot references so we don't need
2088 * the srcu protection but still take dquot_srcu to avoid warning in
2089 * mark_all_dquot_dirty().
2090 */
2091 index = srcu_read_lock(&dquot_srcu);
2092 err = mark_all_dquot_dirty((struct dquot __rcu **)transfer_from);
2093 if (err < 0)
2094 ret = err;
2095 err = mark_all_dquot_dirty((struct dquot __rcu **)transfer_to);
2096 if (err < 0)
2097 ret = err;
2098 srcu_read_unlock(&dquot_srcu, index);
2099
2100 flush_warnings(warn_to);
2101 flush_warnings(warn_from_inodes);
2102 flush_warnings(warn_from_space);
2103 /* Pass back references to put */
2104 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
2105 if (is_valid[cnt])
2106 transfer_to[cnt] = transfer_from[cnt];
2107 return ret;
2108 over_quota:
2109 /* Back out changes we already did */
2110 for (cnt--; cnt >= 0; cnt--) {
2111 if (!is_valid[cnt])
2112 continue;
2113 spin_lock(&transfer_to[cnt]->dq_dqb_lock);
2114 dquot_decr_inodes(transfer_to[cnt], inode_usage);
2115 dquot_decr_space(transfer_to[cnt], cur_space);
2116 dquot_free_reserved_space(transfer_to[cnt], rsv_space);
2117 spin_unlock(&transfer_to[cnt]->dq_dqb_lock);
2118 }
2119 spin_unlock(&inode->i_lock);
2120 spin_unlock(&dq_data_lock);
2121 flush_warnings(warn_to);
2122 return ret;
2123 }
2124 EXPORT_SYMBOL(__dquot_transfer);
2125
2126 /* Wrapper for transferring ownership of an inode for uid/gid only
2127 * Called from FSXXX_setattr()
2128 */
dquot_transfer(struct mnt_idmap * idmap,struct inode * inode,struct iattr * iattr)2129 int dquot_transfer(struct mnt_idmap *idmap, struct inode *inode,
2130 struct iattr *iattr)
2131 {
2132 struct dquot *transfer_to[MAXQUOTAS] = {};
2133 struct dquot *dquot;
2134 struct super_block *sb = inode->i_sb;
2135 int ret;
2136
2137 if (!inode_quota_active(inode))
2138 return 0;
2139
2140 if (i_uid_needs_update(idmap, iattr, inode)) {
2141 kuid_t kuid = from_vfsuid(idmap, i_user_ns(inode),
2142 iattr->ia_vfsuid);
2143
2144 dquot = dqget(sb, make_kqid_uid(kuid));
2145 if (IS_ERR(dquot)) {
2146 if (PTR_ERR(dquot) != -ESRCH) {
2147 ret = PTR_ERR(dquot);
2148 goto out_put;
2149 }
2150 dquot = NULL;
2151 }
2152 transfer_to[USRQUOTA] = dquot;
2153 }
2154 if (i_gid_needs_update(idmap, iattr, inode)) {
2155 kgid_t kgid = from_vfsgid(idmap, i_user_ns(inode),
2156 iattr->ia_vfsgid);
2157
2158 dquot = dqget(sb, make_kqid_gid(kgid));
2159 if (IS_ERR(dquot)) {
2160 if (PTR_ERR(dquot) != -ESRCH) {
2161 ret = PTR_ERR(dquot);
2162 goto out_put;
2163 }
2164 dquot = NULL;
2165 }
2166 transfer_to[GRPQUOTA] = dquot;
2167 }
2168 ret = __dquot_transfer(inode, transfer_to);
2169 out_put:
2170 dqput_all(transfer_to);
2171 return ret;
2172 }
2173 EXPORT_SYMBOL(dquot_transfer);
2174
2175 /*
2176 * Write info of quota file to disk
2177 */
dquot_commit_info(struct super_block * sb,int type)2178 int dquot_commit_info(struct super_block *sb, int type)
2179 {
2180 struct quota_info *dqopt = sb_dqopt(sb);
2181
2182 return dqopt->ops[type]->write_file_info(sb, type);
2183 }
2184 EXPORT_SYMBOL(dquot_commit_info);
2185
dquot_get_next_id(struct super_block * sb,struct kqid * qid)2186 int dquot_get_next_id(struct super_block *sb, struct kqid *qid)
2187 {
2188 struct quota_info *dqopt = sb_dqopt(sb);
2189
2190 if (!sb_has_quota_active(sb, qid->type))
2191 return -ESRCH;
2192 if (!dqopt->ops[qid->type]->get_next_id)
2193 return -ENOSYS;
2194 return dqopt->ops[qid->type]->get_next_id(sb, qid);
2195 }
2196 EXPORT_SYMBOL(dquot_get_next_id);
2197
2198 /*
2199 * Definitions of diskquota operations.
2200 */
2201 const struct dquot_operations dquot_operations = {
2202 .write_dquot = dquot_commit,
2203 .acquire_dquot = dquot_acquire,
2204 .release_dquot = dquot_release,
2205 .mark_dirty = dquot_mark_dquot_dirty,
2206 .write_info = dquot_commit_info,
2207 .alloc_dquot = dquot_alloc,
2208 .destroy_dquot = dquot_destroy,
2209 .get_next_id = dquot_get_next_id,
2210 };
2211 EXPORT_SYMBOL(dquot_operations);
2212
2213 /*
2214 * Generic helper for ->open on filesystems supporting disk quotas.
2215 */
dquot_file_open(struct inode * inode,struct file * file)2216 int dquot_file_open(struct inode *inode, struct file *file)
2217 {
2218 int error;
2219
2220 error = generic_file_open(inode, file);
2221 if (!error && (file->f_mode & FMODE_WRITE))
2222 error = dquot_initialize(inode);
2223 return error;
2224 }
2225 EXPORT_SYMBOL(dquot_file_open);
2226
vfs_cleanup_quota_inode(struct super_block * sb,int type)2227 static void vfs_cleanup_quota_inode(struct super_block *sb, int type)
2228 {
2229 struct quota_info *dqopt = sb_dqopt(sb);
2230 struct inode *inode = dqopt->files[type];
2231
2232 if (!inode)
2233 return;
2234 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
2235 inode_lock(inode);
2236 inode->i_flags &= ~S_NOQUOTA;
2237 inode_unlock(inode);
2238 }
2239 dqopt->files[type] = NULL;
2240 iput(inode);
2241 }
2242
2243 /*
2244 * Turn quota off on a device. type == -1 ==> quotaoff for all types (umount)
2245 */
dquot_disable(struct super_block * sb,int type,unsigned int flags)2246 int dquot_disable(struct super_block *sb, int type, unsigned int flags)
2247 {
2248 int cnt;
2249 struct quota_info *dqopt = sb_dqopt(sb);
2250
2251 rwsem_assert_held_write(&sb->s_umount);
2252
2253 /* Cannot turn off usage accounting without turning off limits, or
2254 * suspend quotas and simultaneously turn quotas off. */
2255 if ((flags & DQUOT_USAGE_ENABLED && !(flags & DQUOT_LIMITS_ENABLED))
2256 || (flags & DQUOT_SUSPENDED && flags & (DQUOT_LIMITS_ENABLED |
2257 DQUOT_USAGE_ENABLED)))
2258 return -EINVAL;
2259
2260 /*
2261 * Skip everything if there's nothing to do. We have to do this because
2262 * sometimes we are called when fill_super() failed and calling
2263 * sync_fs() in such cases does no good.
2264 */
2265 if (!sb_any_quota_loaded(sb))
2266 return 0;
2267
2268 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2269 if (type != -1 && cnt != type)
2270 continue;
2271 if (!sb_has_quota_loaded(sb, cnt))
2272 continue;
2273
2274 if (flags & DQUOT_SUSPENDED) {
2275 spin_lock(&dq_state_lock);
2276 dqopt->flags |=
2277 dquot_state_flag(DQUOT_SUSPENDED, cnt);
2278 spin_unlock(&dq_state_lock);
2279 } else {
2280 spin_lock(&dq_state_lock);
2281 dqopt->flags &= ~dquot_state_flag(flags, cnt);
2282 /* Turning off suspended quotas? */
2283 if (!sb_has_quota_loaded(sb, cnt) &&
2284 sb_has_quota_suspended(sb, cnt)) {
2285 dqopt->flags &= ~dquot_state_flag(
2286 DQUOT_SUSPENDED, cnt);
2287 spin_unlock(&dq_state_lock);
2288 vfs_cleanup_quota_inode(sb, cnt);
2289 continue;
2290 }
2291 spin_unlock(&dq_state_lock);
2292 }
2293
2294 /* We still have to keep quota loaded? */
2295 if (sb_has_quota_loaded(sb, cnt) && !(flags & DQUOT_SUSPENDED))
2296 continue;
2297
2298 /* Note: these are blocking operations */
2299 drop_dquot_ref(sb, cnt);
2300 invalidate_dquots(sb, cnt);
2301 /*
2302 * Now all dquots should be invalidated, all writes done so we
2303 * should be only users of the info. No locks needed.
2304 */
2305 if (info_dirty(&dqopt->info[cnt]))
2306 sb->dq_op->write_info(sb, cnt);
2307 if (dqopt->ops[cnt]->free_file_info)
2308 dqopt->ops[cnt]->free_file_info(sb, cnt);
2309 put_quota_format(dqopt->info[cnt].dqi_format);
2310 dqopt->info[cnt].dqi_flags = 0;
2311 dqopt->info[cnt].dqi_igrace = 0;
2312 dqopt->info[cnt].dqi_bgrace = 0;
2313 dqopt->ops[cnt] = NULL;
2314 }
2315
2316 /* Skip syncing and setting flags if quota files are hidden */
2317 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE)
2318 goto put_inodes;
2319
2320 /* Sync the superblock so that buffers with quota data are written to
2321 * disk (and so userspace sees correct data afterwards). */
2322 if (sb->s_op->sync_fs)
2323 sb->s_op->sync_fs(sb, 1);
2324 sync_blockdev(sb->s_bdev);
2325 /* Now the quota files are just ordinary files and we can set the
2326 * inode flags back. Moreover we discard the pagecache so that
2327 * userspace sees the writes we did bypassing the pagecache. We
2328 * must also discard the blockdev buffers so that we see the
2329 * changes done by userspace on the next quotaon() */
2330 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
2331 if (!sb_has_quota_loaded(sb, cnt) && dqopt->files[cnt]) {
2332 inode_lock(dqopt->files[cnt]);
2333 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0);
2334 inode_unlock(dqopt->files[cnt]);
2335 }
2336 if (sb->s_bdev)
2337 invalidate_bdev(sb->s_bdev);
2338 put_inodes:
2339 /* We are done when suspending quotas */
2340 if (flags & DQUOT_SUSPENDED)
2341 return 0;
2342
2343 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
2344 if (!sb_has_quota_loaded(sb, cnt))
2345 vfs_cleanup_quota_inode(sb, cnt);
2346 return 0;
2347 }
2348 EXPORT_SYMBOL(dquot_disable);
2349
dquot_quota_off(struct super_block * sb,int type)2350 int dquot_quota_off(struct super_block *sb, int type)
2351 {
2352 return dquot_disable(sb, type,
2353 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED);
2354 }
2355 EXPORT_SYMBOL(dquot_quota_off);
2356
2357 /*
2358 * Turn quotas on on a device
2359 */
2360
vfs_setup_quota_inode(struct inode * inode,int type)2361 static int vfs_setup_quota_inode(struct inode *inode, int type)
2362 {
2363 struct super_block *sb = inode->i_sb;
2364 struct quota_info *dqopt = sb_dqopt(sb);
2365
2366 if (is_bad_inode(inode))
2367 return -EUCLEAN;
2368 if (!S_ISREG(inode->i_mode))
2369 return -EACCES;
2370 if (IS_RDONLY(inode))
2371 return -EROFS;
2372 if (sb_has_quota_loaded(sb, type))
2373 return -EBUSY;
2374
2375 /*
2376 * Quota files should never be encrypted. They should be thought of as
2377 * filesystem metadata, not user data. New-style internal quota files
2378 * cannot be encrypted by users anyway, but old-style external quota
2379 * files could potentially be incorrectly created in an encrypted
2380 * directory, hence this explicit check. Some reasons why encrypted
2381 * quota files don't work include: (1) some filesystems that support
2382 * encryption don't handle it in their quota_read and quota_write, and
2383 * (2) cleaning up encrypted quota files at unmount would need special
2384 * consideration, as quota files are cleaned up later than user files.
2385 */
2386 if (IS_ENCRYPTED(inode))
2387 return -EINVAL;
2388
2389 dqopt->files[type] = igrab(inode);
2390 if (!dqopt->files[type])
2391 return -EIO;
2392 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
2393 /* We don't want quota and atime on quota files (deadlocks
2394 * possible) Also nobody should write to the file - we use
2395 * special IO operations which ignore the immutable bit. */
2396 inode_lock(inode);
2397 inode->i_flags |= S_NOQUOTA;
2398 inode_unlock(inode);
2399 /*
2400 * When S_NOQUOTA is set, remove dquot references as no more
2401 * references can be added
2402 */
2403 __dquot_drop(inode);
2404 }
2405 return 0;
2406 }
2407
dquot_load_quota_sb(struct super_block * sb,int type,int format_id,unsigned int flags)2408 int dquot_load_quota_sb(struct super_block *sb, int type, int format_id,
2409 unsigned int flags)
2410 {
2411 struct quota_format_type *fmt;
2412 struct quota_info *dqopt = sb_dqopt(sb);
2413 int error;
2414
2415 lockdep_assert_held_write(&sb->s_umount);
2416
2417 /* Just unsuspend quotas? */
2418 if (WARN_ON_ONCE(flags & DQUOT_SUSPENDED))
2419 return -EINVAL;
2420
2421 fmt = find_quota_format(format_id);
2422 if (!fmt)
2423 return -ESRCH;
2424 if (!sb->dq_op || !sb->s_qcop ||
2425 (type == PRJQUOTA && sb->dq_op->get_projid == NULL)) {
2426 error = -EINVAL;
2427 goto out_fmt;
2428 }
2429 /* Filesystems outside of init_user_ns not yet supported */
2430 if (sb->s_user_ns != &init_user_ns) {
2431 error = -EINVAL;
2432 goto out_fmt;
2433 }
2434 /* Usage always has to be set... */
2435 if (!(flags & DQUOT_USAGE_ENABLED)) {
2436 error = -EINVAL;
2437 goto out_fmt;
2438 }
2439 if (sb_has_quota_loaded(sb, type)) {
2440 error = -EBUSY;
2441 goto out_fmt;
2442 }
2443
2444 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
2445 /* As we bypass the pagecache we must now flush all the
2446 * dirty data and invalidate caches so that kernel sees
2447 * changes from userspace. It is not enough to just flush
2448 * the quota file since if blocksize < pagesize, invalidation
2449 * of the cache could fail because of other unrelated dirty
2450 * data */
2451 sync_filesystem(sb);
2452 invalidate_bdev(sb->s_bdev);
2453 }
2454
2455 error = -EINVAL;
2456 if (!fmt->qf_ops->check_quota_file(sb, type))
2457 goto out_fmt;
2458
2459 dqopt->ops[type] = fmt->qf_ops;
2460 dqopt->info[type].dqi_format = fmt;
2461 dqopt->info[type].dqi_fmt_id = format_id;
2462 INIT_LIST_HEAD(&dqopt->info[type].dqi_dirty_list);
2463 error = dqopt->ops[type]->read_file_info(sb, type);
2464 if (error < 0)
2465 goto out_fmt;
2466 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) {
2467 spin_lock(&dq_data_lock);
2468 dqopt->info[type].dqi_flags |= DQF_SYS_FILE;
2469 spin_unlock(&dq_data_lock);
2470 }
2471 spin_lock(&dq_state_lock);
2472 dqopt->flags |= dquot_state_flag(flags, type);
2473 spin_unlock(&dq_state_lock);
2474
2475 error = add_dquot_ref(sb, type);
2476 if (error)
2477 dquot_disable(sb, type,
2478 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED);
2479
2480 return error;
2481 out_fmt:
2482 put_quota_format(fmt);
2483
2484 return error;
2485 }
2486 EXPORT_SYMBOL(dquot_load_quota_sb);
2487
2488 /*
2489 * More powerful function for turning on quotas on given quota inode allowing
2490 * setting of individual quota flags
2491 */
dquot_load_quota_inode(struct inode * inode,int type,int format_id,unsigned int flags)2492 int dquot_load_quota_inode(struct inode *inode, int type, int format_id,
2493 unsigned int flags)
2494 {
2495 int err;
2496
2497 err = vfs_setup_quota_inode(inode, type);
2498 if (err < 0)
2499 return err;
2500 err = dquot_load_quota_sb(inode->i_sb, type, format_id, flags);
2501 if (err < 0)
2502 vfs_cleanup_quota_inode(inode->i_sb, type);
2503 return err;
2504 }
2505 EXPORT_SYMBOL(dquot_load_quota_inode);
2506
2507 /* Reenable quotas on remount RW */
dquot_resume(struct super_block * sb,int type)2508 int dquot_resume(struct super_block *sb, int type)
2509 {
2510 struct quota_info *dqopt = sb_dqopt(sb);
2511 int ret = 0, cnt;
2512 unsigned int flags;
2513
2514 rwsem_assert_held_write(&sb->s_umount);
2515
2516 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2517 if (type != -1 && cnt != type)
2518 continue;
2519 if (!sb_has_quota_suspended(sb, cnt))
2520 continue;
2521
2522 spin_lock(&dq_state_lock);
2523 flags = dqopt->flags & dquot_state_flag(DQUOT_USAGE_ENABLED |
2524 DQUOT_LIMITS_ENABLED,
2525 cnt);
2526 dqopt->flags &= ~dquot_state_flag(DQUOT_STATE_FLAGS, cnt);
2527 spin_unlock(&dq_state_lock);
2528
2529 flags = dquot_generic_flag(flags, cnt);
2530 ret = dquot_load_quota_sb(sb, cnt, dqopt->info[cnt].dqi_fmt_id,
2531 flags);
2532 if (ret < 0)
2533 vfs_cleanup_quota_inode(sb, cnt);
2534 }
2535
2536 return ret;
2537 }
2538 EXPORT_SYMBOL(dquot_resume);
2539
dquot_quota_on(struct super_block * sb,int type,int format_id,const struct path * path)2540 int dquot_quota_on(struct super_block *sb, int type, int format_id,
2541 const struct path *path)
2542 {
2543 int error = security_quota_on(path->dentry);
2544 if (error)
2545 return error;
2546 /* Quota file not on the same filesystem? */
2547 if (path->dentry->d_sb != sb)
2548 error = -EXDEV;
2549 else
2550 error = dquot_load_quota_inode(d_inode(path->dentry), type,
2551 format_id, DQUOT_USAGE_ENABLED |
2552 DQUOT_LIMITS_ENABLED);
2553 return error;
2554 }
2555 EXPORT_SYMBOL(dquot_quota_on);
2556
2557 /*
2558 * This function is used when filesystem needs to initialize quotas
2559 * during mount time.
2560 */
dquot_quota_on_mount(struct super_block * sb,char * qf_name,int format_id,int type)2561 int dquot_quota_on_mount(struct super_block *sb, char *qf_name,
2562 int format_id, int type)
2563 {
2564 struct dentry *dentry;
2565 int error;
2566
2567 dentry = lookup_positive_unlocked(qf_name, sb->s_root, strlen(qf_name));
2568 if (IS_ERR(dentry))
2569 return PTR_ERR(dentry);
2570
2571 error = security_quota_on(dentry);
2572 if (!error)
2573 error = dquot_load_quota_inode(d_inode(dentry), type, format_id,
2574 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED);
2575
2576 dput(dentry);
2577 return error;
2578 }
2579 EXPORT_SYMBOL(dquot_quota_on_mount);
2580
dquot_quota_enable(struct super_block * sb,unsigned int flags)2581 static int dquot_quota_enable(struct super_block *sb, unsigned int flags)
2582 {
2583 int ret;
2584 int type;
2585 struct quota_info *dqopt = sb_dqopt(sb);
2586
2587 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE))
2588 return -ENOSYS;
2589 /* Accounting cannot be turned on while fs is mounted */
2590 flags &= ~(FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT);
2591 if (!flags)
2592 return -EINVAL;
2593 for (type = 0; type < MAXQUOTAS; type++) {
2594 if (!(flags & qtype_enforce_flag(type)))
2595 continue;
2596 /* Can't enforce without accounting */
2597 if (!sb_has_quota_usage_enabled(sb, type)) {
2598 ret = -EINVAL;
2599 goto out_err;
2600 }
2601 if (sb_has_quota_limits_enabled(sb, type)) {
2602 /* compatible with XFS */
2603 ret = -EEXIST;
2604 goto out_err;
2605 }
2606 spin_lock(&dq_state_lock);
2607 dqopt->flags |= dquot_state_flag(DQUOT_LIMITS_ENABLED, type);
2608 spin_unlock(&dq_state_lock);
2609 }
2610 return 0;
2611 out_err:
2612 /* Backout enforcement enablement we already did */
2613 for (type--; type >= 0; type--) {
2614 if (flags & qtype_enforce_flag(type))
2615 dquot_disable(sb, type, DQUOT_LIMITS_ENABLED);
2616 }
2617 return ret;
2618 }
2619
dquot_quota_disable(struct super_block * sb,unsigned int flags)2620 static int dquot_quota_disable(struct super_block *sb, unsigned int flags)
2621 {
2622 int ret;
2623 int type;
2624 struct quota_info *dqopt = sb_dqopt(sb);
2625
2626 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE))
2627 return -ENOSYS;
2628 /*
2629 * We don't support turning off accounting via quotactl. In principle
2630 * quota infrastructure can do this but filesystems don't expect
2631 * userspace to be able to do it.
2632 */
2633 if (flags &
2634 (FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT))
2635 return -EOPNOTSUPP;
2636
2637 /* Filter out limits not enabled */
2638 for (type = 0; type < MAXQUOTAS; type++)
2639 if (!sb_has_quota_limits_enabled(sb, type))
2640 flags &= ~qtype_enforce_flag(type);
2641 /* Nothing left? */
2642 if (!flags)
2643 return -EEXIST;
2644 for (type = 0; type < MAXQUOTAS; type++) {
2645 if (flags & qtype_enforce_flag(type)) {
2646 ret = dquot_disable(sb, type, DQUOT_LIMITS_ENABLED);
2647 if (ret < 0)
2648 goto out_err;
2649 }
2650 }
2651 return 0;
2652 out_err:
2653 /* Backout enforcement disabling we already did */
2654 for (type--; type >= 0; type--) {
2655 if (flags & qtype_enforce_flag(type)) {
2656 spin_lock(&dq_state_lock);
2657 dqopt->flags |=
2658 dquot_state_flag(DQUOT_LIMITS_ENABLED, type);
2659 spin_unlock(&dq_state_lock);
2660 }
2661 }
2662 return ret;
2663 }
2664
2665 /* Generic routine for getting common part of quota structure */
do_get_dqblk(struct dquot * dquot,struct qc_dqblk * di)2666 static void do_get_dqblk(struct dquot *dquot, struct qc_dqblk *di)
2667 {
2668 struct mem_dqblk *dm = &dquot->dq_dqb;
2669
2670 memset(di, 0, sizeof(*di));
2671 spin_lock(&dquot->dq_dqb_lock);
2672 di->d_spc_hardlimit = dm->dqb_bhardlimit;
2673 di->d_spc_softlimit = dm->dqb_bsoftlimit;
2674 di->d_ino_hardlimit = dm->dqb_ihardlimit;
2675 di->d_ino_softlimit = dm->dqb_isoftlimit;
2676 di->d_space = dm->dqb_curspace + dm->dqb_rsvspace;
2677 di->d_ino_count = dm->dqb_curinodes;
2678 di->d_spc_timer = dm->dqb_btime;
2679 di->d_ino_timer = dm->dqb_itime;
2680 spin_unlock(&dquot->dq_dqb_lock);
2681 }
2682
dquot_get_dqblk(struct super_block * sb,struct kqid qid,struct qc_dqblk * di)2683 int dquot_get_dqblk(struct super_block *sb, struct kqid qid,
2684 struct qc_dqblk *di)
2685 {
2686 struct dquot *dquot;
2687
2688 dquot = dqget(sb, qid);
2689 if (IS_ERR(dquot))
2690 return PTR_ERR(dquot);
2691 do_get_dqblk(dquot, di);
2692 dqput(dquot);
2693
2694 return 0;
2695 }
2696 EXPORT_SYMBOL(dquot_get_dqblk);
2697
dquot_get_next_dqblk(struct super_block * sb,struct kqid * qid,struct qc_dqblk * di)2698 int dquot_get_next_dqblk(struct super_block *sb, struct kqid *qid,
2699 struct qc_dqblk *di)
2700 {
2701 struct dquot *dquot;
2702 int err;
2703
2704 if (!sb->dq_op->get_next_id)
2705 return -ENOSYS;
2706 err = sb->dq_op->get_next_id(sb, qid);
2707 if (err < 0)
2708 return err;
2709 dquot = dqget(sb, *qid);
2710 if (IS_ERR(dquot))
2711 return PTR_ERR(dquot);
2712 do_get_dqblk(dquot, di);
2713 dqput(dquot);
2714
2715 return 0;
2716 }
2717 EXPORT_SYMBOL(dquot_get_next_dqblk);
2718
2719 #define VFS_QC_MASK \
2720 (QC_SPACE | QC_SPC_SOFT | QC_SPC_HARD | \
2721 QC_INO_COUNT | QC_INO_SOFT | QC_INO_HARD | \
2722 QC_SPC_TIMER | QC_INO_TIMER)
2723
2724 /* Generic routine for setting common part of quota structure */
do_set_dqblk(struct dquot * dquot,struct qc_dqblk * di)2725 static int do_set_dqblk(struct dquot *dquot, struct qc_dqblk *di)
2726 {
2727 struct mem_dqblk *dm = &dquot->dq_dqb;
2728 int check_blim = 0, check_ilim = 0;
2729 struct mem_dqinfo *dqi = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type];
2730 int ret;
2731
2732 if (di->d_fieldmask & ~VFS_QC_MASK)
2733 return -EINVAL;
2734
2735 if (((di->d_fieldmask & QC_SPC_SOFT) &&
2736 di->d_spc_softlimit > dqi->dqi_max_spc_limit) ||
2737 ((di->d_fieldmask & QC_SPC_HARD) &&
2738 di->d_spc_hardlimit > dqi->dqi_max_spc_limit) ||
2739 ((di->d_fieldmask & QC_INO_SOFT) &&
2740 (di->d_ino_softlimit > dqi->dqi_max_ino_limit)) ||
2741 ((di->d_fieldmask & QC_INO_HARD) &&
2742 (di->d_ino_hardlimit > dqi->dqi_max_ino_limit)))
2743 return -ERANGE;
2744
2745 spin_lock(&dquot->dq_dqb_lock);
2746 if (di->d_fieldmask & QC_SPACE) {
2747 dm->dqb_curspace = di->d_space - dm->dqb_rsvspace;
2748 check_blim = 1;
2749 set_bit(DQ_LASTSET_B + QIF_SPACE_B, &dquot->dq_flags);
2750 }
2751
2752 if (di->d_fieldmask & QC_SPC_SOFT)
2753 dm->dqb_bsoftlimit = di->d_spc_softlimit;
2754 if (di->d_fieldmask & QC_SPC_HARD)
2755 dm->dqb_bhardlimit = di->d_spc_hardlimit;
2756 if (di->d_fieldmask & (QC_SPC_SOFT | QC_SPC_HARD)) {
2757 check_blim = 1;
2758 set_bit(DQ_LASTSET_B + QIF_BLIMITS_B, &dquot->dq_flags);
2759 }
2760
2761 if (di->d_fieldmask & QC_INO_COUNT) {
2762 dm->dqb_curinodes = di->d_ino_count;
2763 check_ilim = 1;
2764 set_bit(DQ_LASTSET_B + QIF_INODES_B, &dquot->dq_flags);
2765 }
2766
2767 if (di->d_fieldmask & QC_INO_SOFT)
2768 dm->dqb_isoftlimit = di->d_ino_softlimit;
2769 if (di->d_fieldmask & QC_INO_HARD)
2770 dm->dqb_ihardlimit = di->d_ino_hardlimit;
2771 if (di->d_fieldmask & (QC_INO_SOFT | QC_INO_HARD)) {
2772 check_ilim = 1;
2773 set_bit(DQ_LASTSET_B + QIF_ILIMITS_B, &dquot->dq_flags);
2774 }
2775
2776 if (di->d_fieldmask & QC_SPC_TIMER) {
2777 dm->dqb_btime = di->d_spc_timer;
2778 check_blim = 1;
2779 set_bit(DQ_LASTSET_B + QIF_BTIME_B, &dquot->dq_flags);
2780 }
2781
2782 if (di->d_fieldmask & QC_INO_TIMER) {
2783 dm->dqb_itime = di->d_ino_timer;
2784 check_ilim = 1;
2785 set_bit(DQ_LASTSET_B + QIF_ITIME_B, &dquot->dq_flags);
2786 }
2787
2788 if (check_blim) {
2789 if (!dm->dqb_bsoftlimit ||
2790 dm->dqb_curspace + dm->dqb_rsvspace <= dm->dqb_bsoftlimit) {
2791 dm->dqb_btime = 0;
2792 clear_bit(DQ_BLKS_B, &dquot->dq_flags);
2793 } else if (!(di->d_fieldmask & QC_SPC_TIMER))
2794 /* Set grace only if user hasn't provided his own... */
2795 dm->dqb_btime = ktime_get_real_seconds() + dqi->dqi_bgrace;
2796 }
2797 if (check_ilim) {
2798 if (!dm->dqb_isoftlimit ||
2799 dm->dqb_curinodes <= dm->dqb_isoftlimit) {
2800 dm->dqb_itime = 0;
2801 clear_bit(DQ_INODES_B, &dquot->dq_flags);
2802 } else if (!(di->d_fieldmask & QC_INO_TIMER))
2803 /* Set grace only if user hasn't provided his own... */
2804 dm->dqb_itime = ktime_get_real_seconds() + dqi->dqi_igrace;
2805 }
2806 if (dm->dqb_bhardlimit || dm->dqb_bsoftlimit || dm->dqb_ihardlimit ||
2807 dm->dqb_isoftlimit)
2808 clear_bit(DQ_FAKE_B, &dquot->dq_flags);
2809 else
2810 set_bit(DQ_FAKE_B, &dquot->dq_flags);
2811 spin_unlock(&dquot->dq_dqb_lock);
2812 ret = mark_dquot_dirty(dquot);
2813 if (ret < 0)
2814 return ret;
2815 return 0;
2816 }
2817
dquot_set_dqblk(struct super_block * sb,struct kqid qid,struct qc_dqblk * di)2818 int dquot_set_dqblk(struct super_block *sb, struct kqid qid,
2819 struct qc_dqblk *di)
2820 {
2821 struct dquot *dquot;
2822 int rc;
2823
2824 dquot = dqget(sb, qid);
2825 if (IS_ERR(dquot)) {
2826 rc = PTR_ERR(dquot);
2827 goto out;
2828 }
2829 rc = do_set_dqblk(dquot, di);
2830 dqput(dquot);
2831 out:
2832 return rc;
2833 }
2834 EXPORT_SYMBOL(dquot_set_dqblk);
2835
2836 /* Generic routine for getting common part of quota file information */
dquot_get_state(struct super_block * sb,struct qc_state * state)2837 int dquot_get_state(struct super_block *sb, struct qc_state *state)
2838 {
2839 struct mem_dqinfo *mi;
2840 struct qc_type_state *tstate;
2841 struct quota_info *dqopt = sb_dqopt(sb);
2842 int type;
2843
2844 memset(state, 0, sizeof(*state));
2845 for (type = 0; type < MAXQUOTAS; type++) {
2846 if (!sb_has_quota_active(sb, type))
2847 continue;
2848 tstate = state->s_state + type;
2849 mi = sb_dqopt(sb)->info + type;
2850 tstate->flags = QCI_ACCT_ENABLED;
2851 spin_lock(&dq_data_lock);
2852 if (mi->dqi_flags & DQF_SYS_FILE)
2853 tstate->flags |= QCI_SYSFILE;
2854 if (mi->dqi_flags & DQF_ROOT_SQUASH)
2855 tstate->flags |= QCI_ROOT_SQUASH;
2856 if (sb_has_quota_limits_enabled(sb, type))
2857 tstate->flags |= QCI_LIMITS_ENFORCED;
2858 tstate->spc_timelimit = mi->dqi_bgrace;
2859 tstate->ino_timelimit = mi->dqi_igrace;
2860 if (dqopt->files[type]) {
2861 tstate->ino = dqopt->files[type]->i_ino;
2862 tstate->blocks = dqopt->files[type]->i_blocks;
2863 }
2864 tstate->nextents = 1; /* We don't know... */
2865 spin_unlock(&dq_data_lock);
2866 }
2867 return 0;
2868 }
2869 EXPORT_SYMBOL(dquot_get_state);
2870
2871 /* Generic routine for setting common part of quota file information */
dquot_set_dqinfo(struct super_block * sb,int type,struct qc_info * ii)2872 int dquot_set_dqinfo(struct super_block *sb, int type, struct qc_info *ii)
2873 {
2874 struct mem_dqinfo *mi;
2875
2876 if ((ii->i_fieldmask & QC_WARNS_MASK) ||
2877 (ii->i_fieldmask & QC_RT_SPC_TIMER))
2878 return -EINVAL;
2879 if (!sb_has_quota_active(sb, type))
2880 return -ESRCH;
2881 mi = sb_dqopt(sb)->info + type;
2882 if (ii->i_fieldmask & QC_FLAGS) {
2883 if ((ii->i_flags & QCI_ROOT_SQUASH &&
2884 mi->dqi_format->qf_fmt_id != QFMT_VFS_OLD))
2885 return -EINVAL;
2886 }
2887 spin_lock(&dq_data_lock);
2888 if (ii->i_fieldmask & QC_SPC_TIMER)
2889 mi->dqi_bgrace = ii->i_spc_timelimit;
2890 if (ii->i_fieldmask & QC_INO_TIMER)
2891 mi->dqi_igrace = ii->i_ino_timelimit;
2892 if (ii->i_fieldmask & QC_FLAGS) {
2893 if (ii->i_flags & QCI_ROOT_SQUASH)
2894 mi->dqi_flags |= DQF_ROOT_SQUASH;
2895 else
2896 mi->dqi_flags &= ~DQF_ROOT_SQUASH;
2897 }
2898 spin_unlock(&dq_data_lock);
2899 mark_info_dirty(sb, type);
2900 /* Force write to disk */
2901 return sb->dq_op->write_info(sb, type);
2902 }
2903 EXPORT_SYMBOL(dquot_set_dqinfo);
2904
2905 const struct quotactl_ops dquot_quotactl_sysfile_ops = {
2906 .quota_enable = dquot_quota_enable,
2907 .quota_disable = dquot_quota_disable,
2908 .quota_sync = dquot_quota_sync,
2909 .get_state = dquot_get_state,
2910 .set_info = dquot_set_dqinfo,
2911 .get_dqblk = dquot_get_dqblk,
2912 .get_nextdqblk = dquot_get_next_dqblk,
2913 .set_dqblk = dquot_set_dqblk
2914 };
2915 EXPORT_SYMBOL(dquot_quotactl_sysfile_ops);
2916
do_proc_dqstats(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)2917 static int do_proc_dqstats(const struct ctl_table *table, int write,
2918 void *buffer, size_t *lenp, loff_t *ppos)
2919 {
2920 unsigned int type = (unsigned long *)table->data - dqstats.stat;
2921 s64 value = percpu_counter_sum(&dqstats.counter[type]);
2922
2923 /* Filter negative values for non-monotonic counters */
2924 if (value < 0 && (type == DQST_ALLOC_DQUOTS ||
2925 type == DQST_FREE_DQUOTS))
2926 value = 0;
2927
2928 /* Update global table */
2929 dqstats.stat[type] = value;
2930 return proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
2931 }
2932
2933 static struct ctl_table fs_dqstats_table[] = {
2934 {
2935 .procname = "lookups",
2936 .data = &dqstats.stat[DQST_LOOKUPS],
2937 .maxlen = sizeof(unsigned long),
2938 .mode = 0444,
2939 .proc_handler = do_proc_dqstats,
2940 },
2941 {
2942 .procname = "drops",
2943 .data = &dqstats.stat[DQST_DROPS],
2944 .maxlen = sizeof(unsigned long),
2945 .mode = 0444,
2946 .proc_handler = do_proc_dqstats,
2947 },
2948 {
2949 .procname = "reads",
2950 .data = &dqstats.stat[DQST_READS],
2951 .maxlen = sizeof(unsigned long),
2952 .mode = 0444,
2953 .proc_handler = do_proc_dqstats,
2954 },
2955 {
2956 .procname = "writes",
2957 .data = &dqstats.stat[DQST_WRITES],
2958 .maxlen = sizeof(unsigned long),
2959 .mode = 0444,
2960 .proc_handler = do_proc_dqstats,
2961 },
2962 {
2963 .procname = "cache_hits",
2964 .data = &dqstats.stat[DQST_CACHE_HITS],
2965 .maxlen = sizeof(unsigned long),
2966 .mode = 0444,
2967 .proc_handler = do_proc_dqstats,
2968 },
2969 {
2970 .procname = "allocated_dquots",
2971 .data = &dqstats.stat[DQST_ALLOC_DQUOTS],
2972 .maxlen = sizeof(unsigned long),
2973 .mode = 0444,
2974 .proc_handler = do_proc_dqstats,
2975 },
2976 {
2977 .procname = "free_dquots",
2978 .data = &dqstats.stat[DQST_FREE_DQUOTS],
2979 .maxlen = sizeof(unsigned long),
2980 .mode = 0444,
2981 .proc_handler = do_proc_dqstats,
2982 },
2983 {
2984 .procname = "syncs",
2985 .data = &dqstats.stat[DQST_SYNCS],
2986 .maxlen = sizeof(unsigned long),
2987 .mode = 0444,
2988 .proc_handler = do_proc_dqstats,
2989 },
2990 #ifdef CONFIG_PRINT_QUOTA_WARNING
2991 {
2992 .procname = "warnings",
2993 .data = &flag_print_warnings,
2994 .maxlen = sizeof(int),
2995 .mode = 0644,
2996 .proc_handler = proc_dointvec,
2997 },
2998 #endif
2999 };
3000
dquot_init(void)3001 static int __init dquot_init(void)
3002 {
3003 int i, ret;
3004 unsigned long nr_hash, order;
3005 struct shrinker *dqcache_shrinker;
3006
3007 printk(KERN_NOTICE "VFS: Disk quotas %s\n", __DQUOT_VERSION__);
3008
3009 register_sysctl_init("fs/quota", fs_dqstats_table);
3010
3011 dquot_cachep = kmem_cache_create("dquot",
3012 sizeof(struct dquot), sizeof(unsigned long) * 4,
3013 (SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT|
3014 SLAB_PANIC),
3015 NULL);
3016
3017 order = 0;
3018 dquot_hash = (struct hlist_head *)__get_free_pages(GFP_KERNEL, order);
3019 if (!dquot_hash)
3020 panic("Cannot create dquot hash table");
3021
3022 ret = percpu_counter_init_many(dqstats.counter, 0, GFP_KERNEL,
3023 _DQST_DQSTAT_LAST);
3024 if (ret)
3025 panic("Cannot create dquot stat counters");
3026
3027 /* Find power-of-two hlist_heads which can fit into allocation */
3028 nr_hash = (1UL << order) * PAGE_SIZE / sizeof(struct hlist_head);
3029 dq_hash_bits = ilog2(nr_hash);
3030
3031 nr_hash = 1UL << dq_hash_bits;
3032 dq_hash_mask = nr_hash - 1;
3033 for (i = 0; i < nr_hash; i++)
3034 INIT_HLIST_HEAD(dquot_hash + i);
3035
3036 pr_info("VFS: Dquot-cache hash table entries: %ld (order %ld,"
3037 " %ld bytes)\n", nr_hash, order, (PAGE_SIZE << order));
3038
3039 dqcache_shrinker = shrinker_alloc(0, "dquota-cache");
3040 if (!dqcache_shrinker)
3041 panic("Cannot allocate dquot shrinker");
3042
3043 dqcache_shrinker->count_objects = dqcache_shrink_count;
3044 dqcache_shrinker->scan_objects = dqcache_shrink_scan;
3045
3046 shrinker_register(dqcache_shrinker);
3047
3048 quota_unbound_wq = alloc_workqueue("quota_events_unbound",
3049 WQ_UNBOUND | WQ_MEM_RECLAIM, WQ_MAX_ACTIVE);
3050 if (!quota_unbound_wq)
3051 panic("Cannot create quota_unbound_wq\n");
3052
3053 return 0;
3054 }
3055 fs_initcall(dquot_init);
3056