1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4 * All Rights Reserved.
5 */
6 #include "xfs.h"
7 #include "xfs_fs.h"
8 #include "xfs_shared.h"
9 #include "xfs_format.h"
10 #include "xfs_log_format.h"
11 #include "xfs_trans_resv.h"
12 #include "xfs_bit.h"
13 #include "xfs_sb.h"
14 #include "xfs_mount.h"
15 #include "xfs_inode.h"
16 #include "xfs_iwalk.h"
17 #include "xfs_quota.h"
18 #include "xfs_bmap.h"
19 #include "xfs_bmap_util.h"
20 #include "xfs_trans.h"
21 #include "xfs_trans_space.h"
22 #include "xfs_qm.h"
23 #include "xfs_trace.h"
24 #include "xfs_icache.h"
25 #include "xfs_error.h"
26 #include "xfs_ag.h"
27 #include "xfs_ialloc.h"
28 #include "xfs_log_priv.h"
29 #include "xfs_health.h"
30
31 /*
32 * The global quota manager. There is only one of these for the entire
33 * system, _not_ one per file system. XQM keeps track of the overall
34 * quota functionality, including maintaining the freelist and hash
35 * tables of dquots.
36 */
37 STATIC int xfs_qm_init_quotainos(struct xfs_mount *mp);
38 STATIC int xfs_qm_init_quotainfo(struct xfs_mount *mp);
39
40 STATIC void xfs_qm_destroy_quotainos(struct xfs_quotainfo *qi);
41 STATIC void xfs_qm_dqfree_one(struct xfs_dquot *dqp);
42 /*
43 * We use the batch lookup interface to iterate over the dquots as it
44 * currently is the only interface into the radix tree code that allows
45 * fuzzy lookups instead of exact matches. Holding the lock over multiple
46 * operations is fine as all callers are used either during mount/umount
47 * or quotaoff.
48 */
49 #define XFS_DQ_LOOKUP_BATCH 32
50
51 STATIC int
xfs_qm_dquot_walk(struct xfs_mount * mp,xfs_dqtype_t type,int (* execute)(struct xfs_dquot * dqp,void * data),void * data)52 xfs_qm_dquot_walk(
53 struct xfs_mount *mp,
54 xfs_dqtype_t type,
55 int (*execute)(struct xfs_dquot *dqp, void *data),
56 void *data)
57 {
58 struct xfs_quotainfo *qi = mp->m_quotainfo;
59 struct radix_tree_root *tree = xfs_dquot_tree(qi, type);
60 uint32_t next_index;
61 int last_error = 0;
62 int skipped;
63 int nr_found;
64
65 restart:
66 skipped = 0;
67 next_index = 0;
68 nr_found = 0;
69
70 while (1) {
71 struct xfs_dquot *batch[XFS_DQ_LOOKUP_BATCH];
72 int error;
73 int i;
74
75 mutex_lock(&qi->qi_tree_lock);
76 nr_found = radix_tree_gang_lookup(tree, (void **)batch,
77 next_index, XFS_DQ_LOOKUP_BATCH);
78 if (!nr_found) {
79 mutex_unlock(&qi->qi_tree_lock);
80 break;
81 }
82
83 for (i = 0; i < nr_found; i++) {
84 struct xfs_dquot *dqp = batch[i];
85
86 next_index = dqp->q_id + 1;
87
88 error = execute(batch[i], data);
89 if (error == -EAGAIN) {
90 skipped++;
91 continue;
92 }
93 if (error && last_error != -EFSCORRUPTED)
94 last_error = error;
95 }
96
97 mutex_unlock(&qi->qi_tree_lock);
98
99 /* bail out if the filesystem is corrupted. */
100 if (last_error == -EFSCORRUPTED) {
101 skipped = 0;
102 break;
103 }
104 /* we're done if id overflows back to zero */
105 if (!next_index)
106 break;
107 }
108
109 if (skipped) {
110 delay(1);
111 goto restart;
112 }
113
114 return last_error;
115 }
116
117
118 /*
119 * Purge a dquot from all tracking data structures and free it.
120 */
121 STATIC int
xfs_qm_dqpurge(struct xfs_dquot * dqp,void * data)122 xfs_qm_dqpurge(
123 struct xfs_dquot *dqp,
124 void *data)
125 {
126 struct xfs_quotainfo *qi = dqp->q_mount->m_quotainfo;
127 int error = -EAGAIN;
128
129 xfs_dqlock(dqp);
130 if ((dqp->q_flags & XFS_DQFLAG_FREEING) || dqp->q_nrefs != 0)
131 goto out_unlock;
132
133 dqp->q_flags |= XFS_DQFLAG_FREEING;
134
135 xfs_dqflock(dqp);
136
137 /*
138 * If we are turning this type of quotas off, we don't care
139 * about the dirty metadata sitting in this dquot. OTOH, if
140 * we're unmounting, we do care, so we flush it and wait.
141 */
142 if (XFS_DQ_IS_DIRTY(dqp)) {
143 struct xfs_buf *bp = NULL;
144
145 /*
146 * We don't care about getting disk errors here. We need
147 * to purge this dquot anyway, so we go ahead regardless.
148 */
149 error = xfs_dquot_use_attached_buf(dqp, &bp);
150 if (error == -EAGAIN) {
151 xfs_dqfunlock(dqp);
152 dqp->q_flags &= ~XFS_DQFLAG_FREEING;
153 goto out_unlock;
154 }
155 if (!bp)
156 goto out_funlock;
157
158 /*
159 * dqflush completes dqflock on error, and the bwrite ioend
160 * does it on success.
161 */
162 error = xfs_qm_dqflush(dqp, bp);
163 if (!error) {
164 error = xfs_bwrite(bp);
165 xfs_buf_relse(bp);
166 }
167 xfs_dqflock(dqp);
168 }
169 xfs_dquot_detach_buf(dqp);
170
171 out_funlock:
172 ASSERT(atomic_read(&dqp->q_pincount) == 0);
173 ASSERT(xlog_is_shutdown(dqp->q_logitem.qli_item.li_log) ||
174 !test_bit(XFS_LI_IN_AIL, &dqp->q_logitem.qli_item.li_flags));
175
176 xfs_dqfunlock(dqp);
177 xfs_dqunlock(dqp);
178
179 radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id);
180 qi->qi_dquots--;
181
182 /*
183 * We move dquots to the freelist as soon as their reference count
184 * hits zero, so it really should be on the freelist here.
185 */
186 ASSERT(!list_empty(&dqp->q_lru));
187 list_lru_del_obj(&qi->qi_lru, &dqp->q_lru);
188 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
189
190 xfs_qm_dqdestroy(dqp);
191 return 0;
192
193 out_unlock:
194 xfs_dqunlock(dqp);
195 return error;
196 }
197
198 /*
199 * Purge the dquot cache.
200 */
201 static void
xfs_qm_dqpurge_all(struct xfs_mount * mp)202 xfs_qm_dqpurge_all(
203 struct xfs_mount *mp)
204 {
205 xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_dqpurge, NULL);
206 xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_dqpurge, NULL);
207 xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_dqpurge, NULL);
208 }
209
210 /*
211 * Just destroy the quotainfo structure.
212 */
213 void
xfs_qm_unmount(struct xfs_mount * mp)214 xfs_qm_unmount(
215 struct xfs_mount *mp)
216 {
217 if (mp->m_quotainfo) {
218 xfs_qm_dqpurge_all(mp);
219 xfs_qm_destroy_quotainfo(mp);
220 }
221 }
222
223 /*
224 * Called from the vfsops layer.
225 */
226 void
xfs_qm_unmount_quotas(xfs_mount_t * mp)227 xfs_qm_unmount_quotas(
228 xfs_mount_t *mp)
229 {
230 /*
231 * Release the dquots that root inode, et al might be holding,
232 * before we flush quotas and blow away the quotainfo structure.
233 */
234 ASSERT(mp->m_rootip);
235 xfs_qm_dqdetach(mp->m_rootip);
236 if (mp->m_rbmip)
237 xfs_qm_dqdetach(mp->m_rbmip);
238 if (mp->m_rsumip)
239 xfs_qm_dqdetach(mp->m_rsumip);
240
241 /*
242 * Release the quota inodes.
243 */
244 if (mp->m_quotainfo) {
245 if (mp->m_quotainfo->qi_uquotaip) {
246 xfs_irele(mp->m_quotainfo->qi_uquotaip);
247 mp->m_quotainfo->qi_uquotaip = NULL;
248 }
249 if (mp->m_quotainfo->qi_gquotaip) {
250 xfs_irele(mp->m_quotainfo->qi_gquotaip);
251 mp->m_quotainfo->qi_gquotaip = NULL;
252 }
253 if (mp->m_quotainfo->qi_pquotaip) {
254 xfs_irele(mp->m_quotainfo->qi_pquotaip);
255 mp->m_quotainfo->qi_pquotaip = NULL;
256 }
257 }
258 }
259
260 STATIC int
xfs_qm_dqattach_one(struct xfs_inode * ip,xfs_dqtype_t type,bool doalloc,struct xfs_dquot ** IO_idqpp)261 xfs_qm_dqattach_one(
262 struct xfs_inode *ip,
263 xfs_dqtype_t type,
264 bool doalloc,
265 struct xfs_dquot **IO_idqpp)
266 {
267 struct xfs_dquot *dqp;
268 int error;
269
270 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
271 error = 0;
272
273 /*
274 * See if we already have it in the inode itself. IO_idqpp is &i_udquot
275 * or &i_gdquot. This made the code look weird, but made the logic a lot
276 * simpler.
277 */
278 dqp = *IO_idqpp;
279 if (dqp) {
280 trace_xfs_dqattach_found(dqp);
281 return 0;
282 }
283
284 /*
285 * Find the dquot from somewhere. This bumps the reference count of
286 * dquot and returns it locked. This can return ENOENT if dquot didn't
287 * exist on disk and we didn't ask it to allocate; ESRCH if quotas got
288 * turned off suddenly.
289 */
290 error = xfs_qm_dqget_inode(ip, type, doalloc, &dqp);
291 if (error)
292 return error;
293
294 trace_xfs_dqattach_get(dqp);
295
296 /*
297 * dqget may have dropped and re-acquired the ilock, but it guarantees
298 * that the dquot returned is the one that should go in the inode.
299 */
300 *IO_idqpp = dqp;
301 xfs_dqunlock(dqp);
302 return 0;
303 }
304
305 static bool
xfs_qm_need_dqattach(struct xfs_inode * ip)306 xfs_qm_need_dqattach(
307 struct xfs_inode *ip)
308 {
309 struct xfs_mount *mp = ip->i_mount;
310
311 if (!XFS_IS_QUOTA_ON(mp))
312 return false;
313 if (!XFS_NOT_DQATTACHED(mp, ip))
314 return false;
315 if (xfs_is_quota_inode(&mp->m_sb, ip->i_ino))
316 return false;
317 return true;
318 }
319
320 /*
321 * Given a locked inode, attach dquot(s) to it, taking U/G/P-QUOTAON
322 * into account.
323 * If @doalloc is true, the dquot(s) will be allocated if needed.
324 * Inode may get unlocked and relocked in here, and the caller must deal with
325 * the consequences.
326 */
327 int
xfs_qm_dqattach_locked(xfs_inode_t * ip,bool doalloc)328 xfs_qm_dqattach_locked(
329 xfs_inode_t *ip,
330 bool doalloc)
331 {
332 xfs_mount_t *mp = ip->i_mount;
333 int error = 0;
334
335 if (!xfs_qm_need_dqattach(ip))
336 return 0;
337
338 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
339
340 if (XFS_IS_UQUOTA_ON(mp) && !ip->i_udquot) {
341 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_USER,
342 doalloc, &ip->i_udquot);
343 if (error)
344 goto done;
345 ASSERT(ip->i_udquot);
346 }
347
348 if (XFS_IS_GQUOTA_ON(mp) && !ip->i_gdquot) {
349 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_GROUP,
350 doalloc, &ip->i_gdquot);
351 if (error)
352 goto done;
353 ASSERT(ip->i_gdquot);
354 }
355
356 if (XFS_IS_PQUOTA_ON(mp) && !ip->i_pdquot) {
357 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_PROJ,
358 doalloc, &ip->i_pdquot);
359 if (error)
360 goto done;
361 ASSERT(ip->i_pdquot);
362 }
363
364 done:
365 /*
366 * Don't worry about the dquots that we may have attached before any
367 * error - they'll get detached later if it has not already been done.
368 */
369 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
370 return error;
371 }
372
373 int
xfs_qm_dqattach(struct xfs_inode * ip)374 xfs_qm_dqattach(
375 struct xfs_inode *ip)
376 {
377 int error;
378
379 if (!xfs_qm_need_dqattach(ip))
380 return 0;
381
382 xfs_ilock(ip, XFS_ILOCK_EXCL);
383 error = xfs_qm_dqattach_locked(ip, false);
384 xfs_iunlock(ip, XFS_ILOCK_EXCL);
385
386 return error;
387 }
388
389 /*
390 * Release dquots (and their references) if any.
391 * The inode should be locked EXCL except when this's called by
392 * xfs_ireclaim.
393 */
394 void
xfs_qm_dqdetach(xfs_inode_t * ip)395 xfs_qm_dqdetach(
396 xfs_inode_t *ip)
397 {
398 if (!(ip->i_udquot || ip->i_gdquot || ip->i_pdquot))
399 return;
400
401 trace_xfs_dquot_dqdetach(ip);
402
403 ASSERT(!xfs_is_quota_inode(&ip->i_mount->m_sb, ip->i_ino));
404 if (ip->i_udquot) {
405 xfs_qm_dqrele(ip->i_udquot);
406 ip->i_udquot = NULL;
407 }
408 if (ip->i_gdquot) {
409 xfs_qm_dqrele(ip->i_gdquot);
410 ip->i_gdquot = NULL;
411 }
412 if (ip->i_pdquot) {
413 xfs_qm_dqrele(ip->i_pdquot);
414 ip->i_pdquot = NULL;
415 }
416 }
417
418 struct xfs_qm_isolate {
419 struct list_head buffers;
420 struct list_head dispose;
421 };
422
423 static enum lru_status
xfs_qm_dquot_isolate(struct list_head * item,struct list_lru_one * lru,spinlock_t * lru_lock,void * arg)424 xfs_qm_dquot_isolate(
425 struct list_head *item,
426 struct list_lru_one *lru,
427 spinlock_t *lru_lock,
428 void *arg)
429 __releases(lru_lock) __acquires(lru_lock)
430 {
431 struct xfs_dquot *dqp = container_of(item,
432 struct xfs_dquot, q_lru);
433 struct xfs_qm_isolate *isol = arg;
434
435 if (!xfs_dqlock_nowait(dqp))
436 goto out_miss_busy;
437
438 /*
439 * If something else is freeing this dquot and hasn't yet removed it
440 * from the LRU, leave it for the freeing task to complete the freeing
441 * process rather than risk it being free from under us here.
442 */
443 if (dqp->q_flags & XFS_DQFLAG_FREEING)
444 goto out_miss_unlock;
445
446 /*
447 * This dquot has acquired a reference in the meantime remove it from
448 * the freelist and try again.
449 */
450 if (dqp->q_nrefs) {
451 xfs_dqunlock(dqp);
452 XFS_STATS_INC(dqp->q_mount, xs_qm_dqwants);
453
454 trace_xfs_dqreclaim_want(dqp);
455 list_lru_isolate(lru, &dqp->q_lru);
456 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
457 return LRU_REMOVED;
458 }
459
460 /*
461 * If the dquot is dirty, flush it. If it's already being flushed, just
462 * skip it so there is time for the IO to complete before we try to
463 * reclaim it again on the next LRU pass.
464 */
465 if (!xfs_dqflock_nowait(dqp))
466 goto out_miss_unlock;
467
468 if (XFS_DQ_IS_DIRTY(dqp)) {
469 struct xfs_buf *bp = NULL;
470 int error;
471
472 trace_xfs_dqreclaim_dirty(dqp);
473
474 /* we have to drop the LRU lock to flush the dquot */
475 spin_unlock(lru_lock);
476
477 error = xfs_dquot_use_attached_buf(dqp, &bp);
478 if (!bp || error == -EAGAIN) {
479 xfs_dqfunlock(dqp);
480 goto out_unlock_dirty;
481 }
482
483 /*
484 * dqflush completes dqflock on error, and the delwri ioend
485 * does it on success.
486 */
487 error = xfs_qm_dqflush(dqp, bp);
488 if (error)
489 goto out_unlock_dirty;
490
491 xfs_buf_delwri_queue(bp, &isol->buffers);
492 xfs_buf_relse(bp);
493 goto out_unlock_dirty;
494 }
495
496 xfs_dquot_detach_buf(dqp);
497 xfs_dqfunlock(dqp);
498
499 /*
500 * Prevent lookups now that we are past the point of no return.
501 */
502 dqp->q_flags |= XFS_DQFLAG_FREEING;
503 xfs_dqunlock(dqp);
504
505 ASSERT(dqp->q_nrefs == 0);
506 list_lru_isolate_move(lru, &dqp->q_lru, &isol->dispose);
507 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
508 trace_xfs_dqreclaim_done(dqp);
509 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaims);
510 return LRU_REMOVED;
511
512 out_miss_unlock:
513 xfs_dqunlock(dqp);
514 out_miss_busy:
515 trace_xfs_dqreclaim_busy(dqp);
516 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses);
517 return LRU_SKIP;
518
519 out_unlock_dirty:
520 trace_xfs_dqreclaim_busy(dqp);
521 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses);
522 xfs_dqunlock(dqp);
523 spin_lock(lru_lock);
524 return LRU_RETRY;
525 }
526
527 static unsigned long
xfs_qm_shrink_scan(struct shrinker * shrink,struct shrink_control * sc)528 xfs_qm_shrink_scan(
529 struct shrinker *shrink,
530 struct shrink_control *sc)
531 {
532 struct xfs_quotainfo *qi = shrink->private_data;
533 struct xfs_qm_isolate isol;
534 unsigned long freed;
535 int error;
536
537 if ((sc->gfp_mask & (__GFP_FS|__GFP_DIRECT_RECLAIM)) != (__GFP_FS|__GFP_DIRECT_RECLAIM))
538 return 0;
539
540 INIT_LIST_HEAD(&isol.buffers);
541 INIT_LIST_HEAD(&isol.dispose);
542
543 freed = list_lru_shrink_walk(&qi->qi_lru, sc,
544 xfs_qm_dquot_isolate, &isol);
545
546 error = xfs_buf_delwri_submit(&isol.buffers);
547 if (error)
548 xfs_warn(NULL, "%s: dquot reclaim failed", __func__);
549
550 while (!list_empty(&isol.dispose)) {
551 struct xfs_dquot *dqp;
552
553 dqp = list_first_entry(&isol.dispose, struct xfs_dquot, q_lru);
554 list_del_init(&dqp->q_lru);
555 xfs_qm_dqfree_one(dqp);
556 }
557
558 return freed;
559 }
560
561 static unsigned long
xfs_qm_shrink_count(struct shrinker * shrink,struct shrink_control * sc)562 xfs_qm_shrink_count(
563 struct shrinker *shrink,
564 struct shrink_control *sc)
565 {
566 struct xfs_quotainfo *qi = shrink->private_data;
567
568 return list_lru_shrink_count(&qi->qi_lru, sc);
569 }
570
571 STATIC void
xfs_qm_set_defquota(struct xfs_mount * mp,xfs_dqtype_t type,struct xfs_quotainfo * qinf)572 xfs_qm_set_defquota(
573 struct xfs_mount *mp,
574 xfs_dqtype_t type,
575 struct xfs_quotainfo *qinf)
576 {
577 struct xfs_dquot *dqp;
578 struct xfs_def_quota *defq;
579 int error;
580
581 error = xfs_qm_dqget_uncached(mp, 0, type, &dqp);
582 if (error)
583 return;
584
585 defq = xfs_get_defquota(qinf, xfs_dquot_type(dqp));
586
587 /*
588 * Timers and warnings have been already set, let's just set the
589 * default limits for this quota type
590 */
591 defq->blk.hard = dqp->q_blk.hardlimit;
592 defq->blk.soft = dqp->q_blk.softlimit;
593 defq->ino.hard = dqp->q_ino.hardlimit;
594 defq->ino.soft = dqp->q_ino.softlimit;
595 defq->rtb.hard = dqp->q_rtb.hardlimit;
596 defq->rtb.soft = dqp->q_rtb.softlimit;
597 xfs_qm_dqdestroy(dqp);
598 }
599
600 /* Initialize quota time limits from the root dquot. */
601 static void
xfs_qm_init_timelimits(struct xfs_mount * mp,xfs_dqtype_t type)602 xfs_qm_init_timelimits(
603 struct xfs_mount *mp,
604 xfs_dqtype_t type)
605 {
606 struct xfs_quotainfo *qinf = mp->m_quotainfo;
607 struct xfs_def_quota *defq;
608 struct xfs_dquot *dqp;
609 int error;
610
611 defq = xfs_get_defquota(qinf, type);
612
613 defq->blk.time = XFS_QM_BTIMELIMIT;
614 defq->ino.time = XFS_QM_ITIMELIMIT;
615 defq->rtb.time = XFS_QM_RTBTIMELIMIT;
616
617 /*
618 * We try to get the limits from the superuser's limits fields.
619 * This is quite hacky, but it is standard quota practice.
620 *
621 * Since we may not have done a quotacheck by this point, just read
622 * the dquot without attaching it to any hashtables or lists.
623 */
624 error = xfs_qm_dqget_uncached(mp, 0, type, &dqp);
625 if (error)
626 return;
627
628 /*
629 * The warnings and timers set the grace period given to
630 * a user or group before he or she can not perform any
631 * more writing. If it is zero, a default is used.
632 */
633 if (dqp->q_blk.timer)
634 defq->blk.time = dqp->q_blk.timer;
635 if (dqp->q_ino.timer)
636 defq->ino.time = dqp->q_ino.timer;
637 if (dqp->q_rtb.timer)
638 defq->rtb.time = dqp->q_rtb.timer;
639
640 xfs_qm_dqdestroy(dqp);
641 }
642
643 /*
644 * This initializes all the quota information that's kept in the
645 * mount structure
646 */
647 STATIC int
xfs_qm_init_quotainfo(struct xfs_mount * mp)648 xfs_qm_init_quotainfo(
649 struct xfs_mount *mp)
650 {
651 struct xfs_quotainfo *qinf;
652 int error;
653
654 ASSERT(XFS_IS_QUOTA_ON(mp));
655
656 qinf = mp->m_quotainfo = kzalloc(sizeof(struct xfs_quotainfo),
657 GFP_KERNEL | __GFP_NOFAIL);
658
659 error = list_lru_init(&qinf->qi_lru);
660 if (error)
661 goto out_free_qinf;
662
663 /*
664 * See if quotainodes are setup, and if not, allocate them,
665 * and change the superblock accordingly.
666 */
667 error = xfs_qm_init_quotainos(mp);
668 if (error)
669 goto out_free_lru;
670
671 INIT_RADIX_TREE(&qinf->qi_uquota_tree, GFP_KERNEL);
672 INIT_RADIX_TREE(&qinf->qi_gquota_tree, GFP_KERNEL);
673 INIT_RADIX_TREE(&qinf->qi_pquota_tree, GFP_KERNEL);
674 mutex_init(&qinf->qi_tree_lock);
675
676 /* mutex used to serialize quotaoffs */
677 mutex_init(&qinf->qi_quotaofflock);
678
679 /* Precalc some constants */
680 qinf->qi_dqchunklen = XFS_FSB_TO_BB(mp, XFS_DQUOT_CLUSTER_SIZE_FSB);
681 qinf->qi_dqperchunk = xfs_calc_dquots_per_chunk(qinf->qi_dqchunklen);
682 if (xfs_has_bigtime(mp)) {
683 qinf->qi_expiry_min =
684 xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MIN);
685 qinf->qi_expiry_max =
686 xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MAX);
687 } else {
688 qinf->qi_expiry_min = XFS_DQ_LEGACY_EXPIRY_MIN;
689 qinf->qi_expiry_max = XFS_DQ_LEGACY_EXPIRY_MAX;
690 }
691 trace_xfs_quota_expiry_range(mp, qinf->qi_expiry_min,
692 qinf->qi_expiry_max);
693
694 mp->m_qflags |= (mp->m_sb.sb_qflags & XFS_ALL_QUOTA_CHKD);
695
696 xfs_qm_init_timelimits(mp, XFS_DQTYPE_USER);
697 xfs_qm_init_timelimits(mp, XFS_DQTYPE_GROUP);
698 xfs_qm_init_timelimits(mp, XFS_DQTYPE_PROJ);
699
700 if (XFS_IS_UQUOTA_ON(mp))
701 xfs_qm_set_defquota(mp, XFS_DQTYPE_USER, qinf);
702 if (XFS_IS_GQUOTA_ON(mp))
703 xfs_qm_set_defquota(mp, XFS_DQTYPE_GROUP, qinf);
704 if (XFS_IS_PQUOTA_ON(mp))
705 xfs_qm_set_defquota(mp, XFS_DQTYPE_PROJ, qinf);
706
707 qinf->qi_shrinker = shrinker_alloc(SHRINKER_NUMA_AWARE, "xfs-qm:%s",
708 mp->m_super->s_id);
709 if (!qinf->qi_shrinker) {
710 error = -ENOMEM;
711 goto out_free_inos;
712 }
713
714 qinf->qi_shrinker->count_objects = xfs_qm_shrink_count;
715 qinf->qi_shrinker->scan_objects = xfs_qm_shrink_scan;
716 qinf->qi_shrinker->private_data = qinf;
717
718 shrinker_register(qinf->qi_shrinker);
719
720 xfs_hooks_init(&qinf->qi_mod_ino_dqtrx_hooks);
721 xfs_hooks_init(&qinf->qi_apply_dqtrx_hooks);
722
723 return 0;
724
725 out_free_inos:
726 mutex_destroy(&qinf->qi_quotaofflock);
727 mutex_destroy(&qinf->qi_tree_lock);
728 xfs_qm_destroy_quotainos(qinf);
729 out_free_lru:
730 list_lru_destroy(&qinf->qi_lru);
731 out_free_qinf:
732 kfree(qinf);
733 mp->m_quotainfo = NULL;
734 return error;
735 }
736
737 /*
738 * Gets called when unmounting a filesystem or when all quotas get
739 * turned off.
740 * This purges the quota inodes, destroys locks and frees itself.
741 */
742 void
xfs_qm_destroy_quotainfo(struct xfs_mount * mp)743 xfs_qm_destroy_quotainfo(
744 struct xfs_mount *mp)
745 {
746 struct xfs_quotainfo *qi;
747
748 qi = mp->m_quotainfo;
749 ASSERT(qi != NULL);
750
751 shrinker_free(qi->qi_shrinker);
752 list_lru_destroy(&qi->qi_lru);
753 xfs_qm_destroy_quotainos(qi);
754 mutex_destroy(&qi->qi_tree_lock);
755 mutex_destroy(&qi->qi_quotaofflock);
756 kfree(qi);
757 mp->m_quotainfo = NULL;
758 }
759
760 /*
761 * Create an inode and return with a reference already taken, but unlocked
762 * This is how we create quota inodes
763 */
764 STATIC int
xfs_qm_qino_alloc(struct xfs_mount * mp,struct xfs_inode ** ipp,unsigned int flags)765 xfs_qm_qino_alloc(
766 struct xfs_mount *mp,
767 struct xfs_inode **ipp,
768 unsigned int flags)
769 {
770 struct xfs_trans *tp;
771 int error;
772 bool need_alloc = true;
773
774 *ipp = NULL;
775 /*
776 * With superblock that doesn't have separate pquotino, we
777 * share an inode between gquota and pquota. If the on-disk
778 * superblock has GQUOTA and the filesystem is now mounted
779 * with PQUOTA, just use sb_gquotino for sb_pquotino and
780 * vice-versa.
781 */
782 if (!xfs_has_pquotino(mp) &&
783 (flags & (XFS_QMOPT_PQUOTA|XFS_QMOPT_GQUOTA))) {
784 xfs_ino_t ino = NULLFSINO;
785
786 if ((flags & XFS_QMOPT_PQUOTA) &&
787 (mp->m_sb.sb_gquotino != NULLFSINO)) {
788 ino = mp->m_sb.sb_gquotino;
789 if (XFS_IS_CORRUPT(mp,
790 mp->m_sb.sb_pquotino != NULLFSINO)) {
791 xfs_fs_mark_sick(mp, XFS_SICK_FS_PQUOTA);
792 return -EFSCORRUPTED;
793 }
794 } else if ((flags & XFS_QMOPT_GQUOTA) &&
795 (mp->m_sb.sb_pquotino != NULLFSINO)) {
796 ino = mp->m_sb.sb_pquotino;
797 if (XFS_IS_CORRUPT(mp,
798 mp->m_sb.sb_gquotino != NULLFSINO)) {
799 xfs_fs_mark_sick(mp, XFS_SICK_FS_GQUOTA);
800 return -EFSCORRUPTED;
801 }
802 }
803 if (ino != NULLFSINO) {
804 error = xfs_iget(mp, NULL, ino, 0, 0, ipp);
805 if (error)
806 return error;
807 mp->m_sb.sb_gquotino = NULLFSINO;
808 mp->m_sb.sb_pquotino = NULLFSINO;
809 need_alloc = false;
810 }
811 }
812
813 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_create,
814 need_alloc ? XFS_QM_QINOCREATE_SPACE_RES(mp) : 0,
815 0, 0, &tp);
816 if (error)
817 return error;
818
819 if (need_alloc) {
820 struct xfs_icreate_args args = {
821 .mode = S_IFREG,
822 .flags = XFS_ICREATE_UNLINKABLE,
823 };
824 xfs_ino_t ino;
825
826 error = xfs_dialloc(&tp, &args, &ino);
827 if (!error)
828 error = xfs_icreate(tp, ino, &args, ipp);
829 if (error) {
830 xfs_trans_cancel(tp);
831 return error;
832 }
833 }
834
835 /*
836 * Make the changes in the superblock, and log those too.
837 * sbfields arg may contain fields other than *QUOTINO;
838 * VERSIONNUM for example.
839 */
840 spin_lock(&mp->m_sb_lock);
841 if (flags & XFS_QMOPT_SBVERSION) {
842 ASSERT(!xfs_has_quota(mp));
843
844 xfs_add_quota(mp);
845 mp->m_sb.sb_uquotino = NULLFSINO;
846 mp->m_sb.sb_gquotino = NULLFSINO;
847 mp->m_sb.sb_pquotino = NULLFSINO;
848
849 /* qflags will get updated fully _after_ quotacheck */
850 mp->m_sb.sb_qflags = mp->m_qflags & XFS_ALL_QUOTA_ACCT;
851 }
852 if (flags & XFS_QMOPT_UQUOTA)
853 mp->m_sb.sb_uquotino = (*ipp)->i_ino;
854 else if (flags & XFS_QMOPT_GQUOTA)
855 mp->m_sb.sb_gquotino = (*ipp)->i_ino;
856 else
857 mp->m_sb.sb_pquotino = (*ipp)->i_ino;
858 spin_unlock(&mp->m_sb_lock);
859 xfs_log_sb(tp);
860
861 error = xfs_trans_commit(tp);
862 if (error) {
863 ASSERT(xfs_is_shutdown(mp));
864 xfs_alert(mp, "%s failed (error %d)!", __func__, error);
865 }
866 if (need_alloc) {
867 xfs_iunlock(*ipp, XFS_ILOCK_EXCL);
868 xfs_finish_inode_setup(*ipp);
869 }
870 return error;
871 }
872
873
874 STATIC void
xfs_qm_reset_dqcounts(struct xfs_mount * mp,struct xfs_buf * bp,xfs_dqid_t id,xfs_dqtype_t type)875 xfs_qm_reset_dqcounts(
876 struct xfs_mount *mp,
877 struct xfs_buf *bp,
878 xfs_dqid_t id,
879 xfs_dqtype_t type)
880 {
881 struct xfs_dqblk *dqb;
882 int j;
883
884 trace_xfs_reset_dqcounts(bp, _RET_IP_);
885
886 /*
887 * Reset all counters and timers. They'll be
888 * started afresh by xfs_qm_quotacheck.
889 */
890 #ifdef DEBUG
891 j = (int)XFS_FSB_TO_B(mp, XFS_DQUOT_CLUSTER_SIZE_FSB) /
892 sizeof(struct xfs_dqblk);
893 ASSERT(mp->m_quotainfo->qi_dqperchunk == j);
894 #endif
895 dqb = bp->b_addr;
896 for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) {
897 struct xfs_disk_dquot *ddq;
898
899 ddq = (struct xfs_disk_dquot *)&dqb[j];
900
901 /*
902 * Do a sanity check, and if needed, repair the dqblk. Don't
903 * output any warnings because it's perfectly possible to
904 * find uninitialised dquot blks. See comment in
905 * xfs_dquot_verify.
906 */
907 if (xfs_dqblk_verify(mp, &dqb[j], id + j) ||
908 (dqb[j].dd_diskdq.d_type & XFS_DQTYPE_REC_MASK) != type)
909 xfs_dqblk_repair(mp, &dqb[j], id + j, type);
910
911 /*
912 * Reset type in case we are reusing group quota file for
913 * project quotas or vice versa
914 */
915 ddq->d_type = type;
916 ddq->d_bcount = 0;
917 ddq->d_icount = 0;
918 ddq->d_rtbcount = 0;
919
920 /*
921 * dquot id 0 stores the default grace period and the maximum
922 * warning limit that were set by the administrator, so we
923 * should not reset them.
924 */
925 if (ddq->d_id != 0) {
926 ddq->d_btimer = 0;
927 ddq->d_itimer = 0;
928 ddq->d_rtbtimer = 0;
929 ddq->d_bwarns = 0;
930 ddq->d_iwarns = 0;
931 ddq->d_rtbwarns = 0;
932 if (xfs_has_bigtime(mp))
933 ddq->d_type |= XFS_DQTYPE_BIGTIME;
934 }
935
936 if (xfs_has_crc(mp)) {
937 xfs_update_cksum((char *)&dqb[j],
938 sizeof(struct xfs_dqblk),
939 XFS_DQUOT_CRC_OFF);
940 }
941 }
942 }
943
944 STATIC int
xfs_qm_reset_dqcounts_all(struct xfs_mount * mp,xfs_dqid_t firstid,xfs_fsblock_t bno,xfs_filblks_t blkcnt,xfs_dqtype_t type,struct list_head * buffer_list)945 xfs_qm_reset_dqcounts_all(
946 struct xfs_mount *mp,
947 xfs_dqid_t firstid,
948 xfs_fsblock_t bno,
949 xfs_filblks_t blkcnt,
950 xfs_dqtype_t type,
951 struct list_head *buffer_list)
952 {
953 struct xfs_buf *bp;
954 int error = 0;
955
956 ASSERT(blkcnt > 0);
957
958 /*
959 * Blkcnt arg can be a very big number, and might even be
960 * larger than the log itself. So, we have to break it up into
961 * manageable-sized transactions.
962 * Note that we don't start a permanent transaction here; we might
963 * not be able to get a log reservation for the whole thing up front,
964 * and we don't really care to either, because we just discard
965 * everything if we were to crash in the middle of this loop.
966 */
967 while (blkcnt--) {
968 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
969 XFS_FSB_TO_DADDR(mp, bno),
970 mp->m_quotainfo->qi_dqchunklen, 0, &bp,
971 &xfs_dquot_buf_ops);
972
973 /*
974 * CRC and validation errors will return a EFSCORRUPTED here. If
975 * this occurs, re-read without CRC validation so that we can
976 * repair the damage via xfs_qm_reset_dqcounts(). This process
977 * will leave a trace in the log indicating corruption has
978 * been detected.
979 */
980 if (error == -EFSCORRUPTED) {
981 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
982 XFS_FSB_TO_DADDR(mp, bno),
983 mp->m_quotainfo->qi_dqchunklen, 0, &bp,
984 NULL);
985 }
986
987 if (error)
988 break;
989
990 /*
991 * A corrupt buffer might not have a verifier attached, so
992 * make sure we have the correct one attached before writeback
993 * occurs.
994 */
995 bp->b_ops = &xfs_dquot_buf_ops;
996 xfs_qm_reset_dqcounts(mp, bp, firstid, type);
997 xfs_buf_delwri_queue(bp, buffer_list);
998 xfs_buf_relse(bp);
999
1000 /* goto the next block. */
1001 bno++;
1002 firstid += mp->m_quotainfo->qi_dqperchunk;
1003 }
1004
1005 return error;
1006 }
1007
1008 /*
1009 * Iterate over all allocated dquot blocks in this quota inode, zeroing all
1010 * counters for every chunk of dquots that we find.
1011 */
1012 STATIC int
xfs_qm_reset_dqcounts_buf(struct xfs_mount * mp,struct xfs_inode * qip,xfs_dqtype_t type,struct list_head * buffer_list)1013 xfs_qm_reset_dqcounts_buf(
1014 struct xfs_mount *mp,
1015 struct xfs_inode *qip,
1016 xfs_dqtype_t type,
1017 struct list_head *buffer_list)
1018 {
1019 struct xfs_bmbt_irec *map;
1020 int i, nmaps; /* number of map entries */
1021 int error; /* return value */
1022 xfs_fileoff_t lblkno;
1023 xfs_filblks_t maxlblkcnt;
1024 xfs_dqid_t firstid;
1025 xfs_fsblock_t rablkno;
1026 xfs_filblks_t rablkcnt;
1027
1028 error = 0;
1029 /*
1030 * This looks racy, but we can't keep an inode lock across a
1031 * trans_reserve. But, this gets called during quotacheck, and that
1032 * happens only at mount time which is single threaded.
1033 */
1034 if (qip->i_nblocks == 0)
1035 return 0;
1036
1037 map = kmalloc(XFS_DQITER_MAP_SIZE * sizeof(*map),
1038 GFP_KERNEL | __GFP_NOFAIL);
1039
1040 lblkno = 0;
1041 maxlblkcnt = XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes);
1042 do {
1043 uint lock_mode;
1044
1045 nmaps = XFS_DQITER_MAP_SIZE;
1046 /*
1047 * We aren't changing the inode itself. Just changing
1048 * some of its data. No new blocks are added here, and
1049 * the inode is never added to the transaction.
1050 */
1051 lock_mode = xfs_ilock_data_map_shared(qip);
1052 error = xfs_bmapi_read(qip, lblkno, maxlblkcnt - lblkno,
1053 map, &nmaps, 0);
1054 xfs_iunlock(qip, lock_mode);
1055 if (error)
1056 break;
1057
1058 ASSERT(nmaps <= XFS_DQITER_MAP_SIZE);
1059 for (i = 0; i < nmaps; i++) {
1060 ASSERT(map[i].br_startblock != DELAYSTARTBLOCK);
1061 ASSERT(map[i].br_blockcount);
1062
1063
1064 lblkno += map[i].br_blockcount;
1065
1066 if (map[i].br_startblock == HOLESTARTBLOCK)
1067 continue;
1068
1069 firstid = (xfs_dqid_t) map[i].br_startoff *
1070 mp->m_quotainfo->qi_dqperchunk;
1071 /*
1072 * Do a read-ahead on the next extent.
1073 */
1074 if ((i+1 < nmaps) &&
1075 (map[i+1].br_startblock != HOLESTARTBLOCK)) {
1076 rablkcnt = map[i+1].br_blockcount;
1077 rablkno = map[i+1].br_startblock;
1078 while (rablkcnt--) {
1079 xfs_buf_readahead(mp->m_ddev_targp,
1080 XFS_FSB_TO_DADDR(mp, rablkno),
1081 mp->m_quotainfo->qi_dqchunklen,
1082 &xfs_dquot_buf_ops);
1083 rablkno++;
1084 }
1085 }
1086 /*
1087 * Iterate thru all the blks in the extent and
1088 * reset the counters of all the dquots inside them.
1089 */
1090 error = xfs_qm_reset_dqcounts_all(mp, firstid,
1091 map[i].br_startblock,
1092 map[i].br_blockcount,
1093 type, buffer_list);
1094 if (error)
1095 goto out;
1096 }
1097 } while (nmaps > 0);
1098
1099 out:
1100 kfree(map);
1101 return error;
1102 }
1103
1104 /*
1105 * Called by dqusage_adjust in doing a quotacheck.
1106 *
1107 * Given the inode, and a dquot id this updates both the incore dqout as well
1108 * as the buffer copy. This is so that once the quotacheck is done, we can
1109 * just log all the buffers, as opposed to logging numerous updates to
1110 * individual dquots.
1111 */
1112 STATIC int
xfs_qm_quotacheck_dqadjust(struct xfs_inode * ip,xfs_dqtype_t type,xfs_qcnt_t nblks,xfs_qcnt_t rtblks)1113 xfs_qm_quotacheck_dqadjust(
1114 struct xfs_inode *ip,
1115 xfs_dqtype_t type,
1116 xfs_qcnt_t nblks,
1117 xfs_qcnt_t rtblks)
1118 {
1119 struct xfs_mount *mp = ip->i_mount;
1120 struct xfs_dquot *dqp;
1121 xfs_dqid_t id;
1122 int error;
1123
1124 id = xfs_qm_id_for_quotatype(ip, type);
1125 error = xfs_qm_dqget(mp, id, type, true, &dqp);
1126 if (error) {
1127 /*
1128 * Shouldn't be able to turn off quotas here.
1129 */
1130 ASSERT(error != -ESRCH);
1131 ASSERT(error != -ENOENT);
1132 return error;
1133 }
1134
1135 error = xfs_dquot_attach_buf(NULL, dqp);
1136 if (error)
1137 return error;
1138
1139 trace_xfs_dqadjust(dqp);
1140
1141 /*
1142 * Adjust the inode count and the block count to reflect this inode's
1143 * resource usage.
1144 */
1145 dqp->q_ino.count++;
1146 dqp->q_ino.reserved++;
1147 if (nblks) {
1148 dqp->q_blk.count += nblks;
1149 dqp->q_blk.reserved += nblks;
1150 }
1151 if (rtblks) {
1152 dqp->q_rtb.count += rtblks;
1153 dqp->q_rtb.reserved += rtblks;
1154 }
1155
1156 /*
1157 * Set default limits, adjust timers (since we changed usages)
1158 *
1159 * There are no timers for the default values set in the root dquot.
1160 */
1161 if (dqp->q_id) {
1162 xfs_qm_adjust_dqlimits(dqp);
1163 xfs_qm_adjust_dqtimers(dqp);
1164 }
1165
1166 dqp->q_flags |= XFS_DQFLAG_DIRTY;
1167 xfs_qm_dqput(dqp);
1168 return 0;
1169 }
1170
1171 /*
1172 * callback routine supplied to bulkstat(). Given an inumber, find its
1173 * dquots and update them to account for resources taken by that inode.
1174 */
1175 /* ARGSUSED */
1176 STATIC int
xfs_qm_dqusage_adjust(struct xfs_mount * mp,struct xfs_trans * tp,xfs_ino_t ino,void * data)1177 xfs_qm_dqusage_adjust(
1178 struct xfs_mount *mp,
1179 struct xfs_trans *tp,
1180 xfs_ino_t ino,
1181 void *data)
1182 {
1183 struct xfs_inode *ip;
1184 xfs_qcnt_t nblks;
1185 xfs_filblks_t rtblks = 0; /* total rt blks */
1186 int error;
1187
1188 ASSERT(XFS_IS_QUOTA_ON(mp));
1189
1190 /*
1191 * rootino must have its resources accounted for, not so with the quota
1192 * inodes.
1193 */
1194 if (xfs_is_quota_inode(&mp->m_sb, ino))
1195 return 0;
1196
1197 /*
1198 * We don't _need_ to take the ilock EXCL here because quotacheck runs
1199 * at mount time and therefore nobody will be racing chown/chproj.
1200 */
1201 error = xfs_iget(mp, tp, ino, XFS_IGET_DONTCACHE, 0, &ip);
1202 if (error == -EINVAL || error == -ENOENT)
1203 return 0;
1204 if (error)
1205 return error;
1206
1207 /*
1208 * Reload the incore unlinked list to avoid failure in inodegc.
1209 * Use an unlocked check here because unrecovered unlinked inodes
1210 * should be somewhat rare.
1211 */
1212 if (xfs_inode_unlinked_incomplete(ip)) {
1213 error = xfs_inode_reload_unlinked(ip);
1214 if (error) {
1215 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
1216 goto error0;
1217 }
1218 }
1219
1220 ASSERT(ip->i_delayed_blks == 0);
1221
1222 if (XFS_IS_REALTIME_INODE(ip)) {
1223 struct xfs_ifork *ifp = xfs_ifork_ptr(ip, XFS_DATA_FORK);
1224
1225 error = xfs_iread_extents(tp, ip, XFS_DATA_FORK);
1226 if (error)
1227 goto error0;
1228
1229 xfs_bmap_count_leaves(ifp, &rtblks);
1230 }
1231
1232 nblks = (xfs_qcnt_t)ip->i_nblocks - rtblks;
1233 xfs_iflags_clear(ip, XFS_IQUOTAUNCHECKED);
1234
1235 /*
1236 * Add the (disk blocks and inode) resources occupied by this
1237 * inode to its dquots. We do this adjustment in the incore dquot,
1238 * and also copy the changes to its buffer.
1239 * We don't care about putting these changes in a transaction
1240 * envelope because if we crash in the middle of a 'quotacheck'
1241 * we have to start from the beginning anyway.
1242 * Once we're done, we'll log all the dquot bufs.
1243 *
1244 * The *QUOTA_ON checks below may look pretty racy, but quotachecks
1245 * and quotaoffs don't race. (Quotachecks happen at mount time only).
1246 */
1247 if (XFS_IS_UQUOTA_ON(mp)) {
1248 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_USER, nblks,
1249 rtblks);
1250 if (error)
1251 goto error0;
1252 }
1253
1254 if (XFS_IS_GQUOTA_ON(mp)) {
1255 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_GROUP, nblks,
1256 rtblks);
1257 if (error)
1258 goto error0;
1259 }
1260
1261 if (XFS_IS_PQUOTA_ON(mp)) {
1262 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_PROJ, nblks,
1263 rtblks);
1264 if (error)
1265 goto error0;
1266 }
1267
1268 error0:
1269 xfs_irele(ip);
1270 return error;
1271 }
1272
1273 STATIC int
xfs_qm_flush_one(struct xfs_dquot * dqp,void * data)1274 xfs_qm_flush_one(
1275 struct xfs_dquot *dqp,
1276 void *data)
1277 {
1278 struct xfs_mount *mp = dqp->q_mount;
1279 struct list_head *buffer_list = data;
1280 struct xfs_buf *bp = NULL;
1281 int error = 0;
1282
1283 xfs_dqlock(dqp);
1284 if (dqp->q_flags & XFS_DQFLAG_FREEING)
1285 goto out_unlock;
1286 if (!XFS_DQ_IS_DIRTY(dqp))
1287 goto out_unlock;
1288
1289 /*
1290 * The only way the dquot is already flush locked by the time quotacheck
1291 * gets here is if reclaim flushed it before the dqadjust walk dirtied
1292 * it for the final time. Quotacheck collects all dquot bufs in the
1293 * local delwri queue before dquots are dirtied, so reclaim can't have
1294 * possibly queued it for I/O. The only way out is to push the buffer to
1295 * cycle the flush lock.
1296 */
1297 if (!xfs_dqflock_nowait(dqp)) {
1298 /* buf is pinned in-core by delwri list */
1299 error = xfs_buf_incore(mp->m_ddev_targp, dqp->q_blkno,
1300 mp->m_quotainfo->qi_dqchunklen, 0, &bp);
1301 if (error)
1302 goto out_unlock;
1303
1304 if (!(bp->b_flags & _XBF_DELWRI_Q)) {
1305 error = -EAGAIN;
1306 xfs_buf_relse(bp);
1307 goto out_unlock;
1308 }
1309 xfs_buf_unlock(bp);
1310
1311 xfs_buf_delwri_pushbuf(bp, buffer_list);
1312 xfs_buf_rele(bp);
1313
1314 error = -EAGAIN;
1315 goto out_unlock;
1316 }
1317
1318 error = xfs_dquot_use_attached_buf(dqp, &bp);
1319 if (error)
1320 goto out_unlock;
1321 if (!bp) {
1322 error = -EFSCORRUPTED;
1323 goto out_unlock;
1324 }
1325
1326 error = xfs_qm_dqflush(dqp, bp);
1327 if (!error)
1328 xfs_buf_delwri_queue(bp, buffer_list);
1329 xfs_buf_relse(bp);
1330 out_unlock:
1331 xfs_dqunlock(dqp);
1332 return error;
1333 }
1334
1335 /*
1336 * Walk thru all the filesystem inodes and construct a consistent view
1337 * of the disk quota world. If the quotacheck fails, disable quotas.
1338 */
1339 STATIC int
xfs_qm_quotacheck(xfs_mount_t * mp)1340 xfs_qm_quotacheck(
1341 xfs_mount_t *mp)
1342 {
1343 int error, error2;
1344 uint flags;
1345 LIST_HEAD (buffer_list);
1346 struct xfs_inode *uip = mp->m_quotainfo->qi_uquotaip;
1347 struct xfs_inode *gip = mp->m_quotainfo->qi_gquotaip;
1348 struct xfs_inode *pip = mp->m_quotainfo->qi_pquotaip;
1349
1350 flags = 0;
1351
1352 ASSERT(uip || gip || pip);
1353 ASSERT(XFS_IS_QUOTA_ON(mp));
1354
1355 xfs_notice(mp, "Quotacheck needed: Please wait.");
1356
1357 /*
1358 * First we go thru all the dquots on disk, USR and GRP/PRJ, and reset
1359 * their counters to zero. We need a clean slate.
1360 * We don't log our changes till later.
1361 */
1362 if (uip) {
1363 error = xfs_qm_reset_dqcounts_buf(mp, uip, XFS_DQTYPE_USER,
1364 &buffer_list);
1365 if (error)
1366 goto error_return;
1367 flags |= XFS_UQUOTA_CHKD;
1368 }
1369
1370 if (gip) {
1371 error = xfs_qm_reset_dqcounts_buf(mp, gip, XFS_DQTYPE_GROUP,
1372 &buffer_list);
1373 if (error)
1374 goto error_return;
1375 flags |= XFS_GQUOTA_CHKD;
1376 }
1377
1378 if (pip) {
1379 error = xfs_qm_reset_dqcounts_buf(mp, pip, XFS_DQTYPE_PROJ,
1380 &buffer_list);
1381 if (error)
1382 goto error_return;
1383 flags |= XFS_PQUOTA_CHKD;
1384 }
1385
1386 xfs_set_quotacheck_running(mp);
1387 error = xfs_iwalk_threaded(mp, 0, 0, xfs_qm_dqusage_adjust, 0, true,
1388 NULL);
1389 xfs_clear_quotacheck_running(mp);
1390
1391 /*
1392 * On error, the inode walk may have partially populated the dquot
1393 * caches. We must purge them before disabling quota and tearing down
1394 * the quotainfo, or else the dquots will leak.
1395 */
1396 if (error)
1397 goto error_purge;
1398
1399 /*
1400 * We've made all the changes that we need to make incore. Flush them
1401 * down to disk buffers if everything was updated successfully.
1402 */
1403 if (XFS_IS_UQUOTA_ON(mp)) {
1404 error = xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_flush_one,
1405 &buffer_list);
1406 }
1407 if (XFS_IS_GQUOTA_ON(mp)) {
1408 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_flush_one,
1409 &buffer_list);
1410 if (!error)
1411 error = error2;
1412 }
1413 if (XFS_IS_PQUOTA_ON(mp)) {
1414 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_flush_one,
1415 &buffer_list);
1416 if (!error)
1417 error = error2;
1418 }
1419
1420 error2 = xfs_buf_delwri_submit(&buffer_list);
1421 if (!error)
1422 error = error2;
1423
1424 /*
1425 * We can get this error if we couldn't do a dquot allocation inside
1426 * xfs_qm_dqusage_adjust (via bulkstat). We don't care about the
1427 * dirty dquots that might be cached, we just want to get rid of them
1428 * and turn quotaoff. The dquots won't be attached to any of the inodes
1429 * at this point (because we intentionally didn't in dqget_noattach).
1430 */
1431 if (error)
1432 goto error_purge;
1433
1434 /*
1435 * If one type of quotas is off, then it will lose its
1436 * quotachecked status, since we won't be doing accounting for
1437 * that type anymore.
1438 */
1439 mp->m_qflags &= ~XFS_ALL_QUOTA_CHKD;
1440 mp->m_qflags |= flags;
1441
1442 error_return:
1443 xfs_buf_delwri_cancel(&buffer_list);
1444
1445 if (error) {
1446 xfs_warn(mp,
1447 "Quotacheck: Unsuccessful (Error %d): Disabling quotas.",
1448 error);
1449 /*
1450 * We must turn off quotas.
1451 */
1452 ASSERT(mp->m_quotainfo != NULL);
1453 xfs_qm_destroy_quotainfo(mp);
1454 if (xfs_mount_reset_sbqflags(mp)) {
1455 xfs_warn(mp,
1456 "Quotacheck: Failed to reset quota flags.");
1457 }
1458 xfs_fs_mark_sick(mp, XFS_SICK_FS_QUOTACHECK);
1459 } else {
1460 xfs_notice(mp, "Quotacheck: Done.");
1461 xfs_fs_mark_healthy(mp, XFS_SICK_FS_QUOTACHECK);
1462 }
1463
1464 return error;
1465
1466 error_purge:
1467 /*
1468 * On error, we may have inodes queued for inactivation. This may try
1469 * to attach dquots to the inode before running cleanup operations on
1470 * the inode and this can race with the xfs_qm_destroy_quotainfo() call
1471 * below that frees mp->m_quotainfo. To avoid this race, flush all the
1472 * pending inodegc operations before we purge the dquots from memory,
1473 * ensuring that background inactivation is idle whilst we turn off
1474 * quotas.
1475 */
1476 xfs_inodegc_flush(mp);
1477 xfs_qm_dqpurge_all(mp);
1478 goto error_return;
1479
1480 }
1481
1482 /*
1483 * This is called from xfs_mountfs to start quotas and initialize all
1484 * necessary data structures like quotainfo. This is also responsible for
1485 * running a quotacheck as necessary. We are guaranteed that the superblock
1486 * is consistently read in at this point.
1487 *
1488 * If we fail here, the mount will continue with quota turned off. We don't
1489 * need to inidicate success or failure at all.
1490 */
1491 void
xfs_qm_mount_quotas(struct xfs_mount * mp)1492 xfs_qm_mount_quotas(
1493 struct xfs_mount *mp)
1494 {
1495 int error = 0;
1496 uint sbf;
1497
1498 /*
1499 * If quotas on realtime volumes is not supported, we disable
1500 * quotas immediately.
1501 */
1502 if (mp->m_sb.sb_rextents) {
1503 xfs_notice(mp, "Cannot turn on quotas for realtime filesystem");
1504 mp->m_qflags = 0;
1505 goto write_changes;
1506 }
1507
1508 ASSERT(XFS_IS_QUOTA_ON(mp));
1509
1510 /*
1511 * Allocate the quotainfo structure inside the mount struct, and
1512 * create quotainode(s), and change/rev superblock if necessary.
1513 */
1514 error = xfs_qm_init_quotainfo(mp);
1515 if (error) {
1516 /*
1517 * We must turn off quotas.
1518 */
1519 ASSERT(mp->m_quotainfo == NULL);
1520 mp->m_qflags = 0;
1521 goto write_changes;
1522 }
1523 /*
1524 * If any of the quotas are not consistent, do a quotacheck.
1525 */
1526 if (XFS_QM_NEED_QUOTACHECK(mp)) {
1527 error = xfs_qm_quotacheck(mp);
1528 if (error) {
1529 /* Quotacheck failed and disabled quotas. */
1530 return;
1531 }
1532 }
1533 /*
1534 * If one type of quotas is off, then it will lose its
1535 * quotachecked status, since we won't be doing accounting for
1536 * that type anymore.
1537 */
1538 if (!XFS_IS_UQUOTA_ON(mp))
1539 mp->m_qflags &= ~XFS_UQUOTA_CHKD;
1540 if (!XFS_IS_GQUOTA_ON(mp))
1541 mp->m_qflags &= ~XFS_GQUOTA_CHKD;
1542 if (!XFS_IS_PQUOTA_ON(mp))
1543 mp->m_qflags &= ~XFS_PQUOTA_CHKD;
1544
1545 write_changes:
1546 /*
1547 * We actually don't have to acquire the m_sb_lock at all.
1548 * This can only be called from mount, and that's single threaded. XXX
1549 */
1550 spin_lock(&mp->m_sb_lock);
1551 sbf = mp->m_sb.sb_qflags;
1552 mp->m_sb.sb_qflags = mp->m_qflags & XFS_MOUNT_QUOTA_ALL;
1553 spin_unlock(&mp->m_sb_lock);
1554
1555 if (sbf != (mp->m_qflags & XFS_MOUNT_QUOTA_ALL)) {
1556 if (xfs_sync_sb(mp, false)) {
1557 /*
1558 * We could only have been turning quotas off.
1559 * We aren't in very good shape actually because
1560 * the incore structures are convinced that quotas are
1561 * off, but the on disk superblock doesn't know that !
1562 */
1563 ASSERT(!(XFS_IS_QUOTA_ON(mp)));
1564 xfs_alert(mp, "%s: Superblock update failed!",
1565 __func__);
1566 }
1567 }
1568
1569 if (error) {
1570 xfs_warn(mp, "Failed to initialize disk quotas.");
1571 return;
1572 }
1573 }
1574
1575 /*
1576 * Load the inode for a given type of quota, assuming that the sb fields have
1577 * been sorted out. This is not true when switching quota types on a V4
1578 * filesystem, so do not use this function for that.
1579 *
1580 * Returns -ENOENT if the quota inode field is NULLFSINO; 0 and an inode on
1581 * success; or a negative errno.
1582 */
1583 int
xfs_qm_qino_load(struct xfs_mount * mp,xfs_dqtype_t type,struct xfs_inode ** ipp)1584 xfs_qm_qino_load(
1585 struct xfs_mount *mp,
1586 xfs_dqtype_t type,
1587 struct xfs_inode **ipp)
1588 {
1589 xfs_ino_t ino = NULLFSINO;
1590
1591 switch (type) {
1592 case XFS_DQTYPE_USER:
1593 ino = mp->m_sb.sb_uquotino;
1594 break;
1595 case XFS_DQTYPE_GROUP:
1596 ino = mp->m_sb.sb_gquotino;
1597 break;
1598 case XFS_DQTYPE_PROJ:
1599 ino = mp->m_sb.sb_pquotino;
1600 break;
1601 default:
1602 ASSERT(0);
1603 return -EFSCORRUPTED;
1604 }
1605
1606 if (ino == NULLFSINO)
1607 return -ENOENT;
1608
1609 return xfs_iget(mp, NULL, ino, 0, 0, ipp);
1610 }
1611
1612 /*
1613 * This is called after the superblock has been read in and we're ready to
1614 * iget the quota inodes.
1615 */
1616 STATIC int
xfs_qm_init_quotainos(xfs_mount_t * mp)1617 xfs_qm_init_quotainos(
1618 xfs_mount_t *mp)
1619 {
1620 struct xfs_inode *uip = NULL;
1621 struct xfs_inode *gip = NULL;
1622 struct xfs_inode *pip = NULL;
1623 int error;
1624 uint flags = 0;
1625
1626 ASSERT(mp->m_quotainfo);
1627
1628 /*
1629 * Get the uquota and gquota inodes
1630 */
1631 if (xfs_has_quota(mp)) {
1632 if (XFS_IS_UQUOTA_ON(mp) &&
1633 mp->m_sb.sb_uquotino != NULLFSINO) {
1634 ASSERT(mp->m_sb.sb_uquotino > 0);
1635 error = xfs_qm_qino_load(mp, XFS_DQTYPE_USER, &uip);
1636 if (error)
1637 return error;
1638 }
1639 if (XFS_IS_GQUOTA_ON(mp) &&
1640 mp->m_sb.sb_gquotino != NULLFSINO) {
1641 ASSERT(mp->m_sb.sb_gquotino > 0);
1642 error = xfs_qm_qino_load(mp, XFS_DQTYPE_GROUP, &gip);
1643 if (error)
1644 goto error_rele;
1645 }
1646 if (XFS_IS_PQUOTA_ON(mp) &&
1647 mp->m_sb.sb_pquotino != NULLFSINO) {
1648 ASSERT(mp->m_sb.sb_pquotino > 0);
1649 error = xfs_qm_qino_load(mp, XFS_DQTYPE_PROJ, &pip);
1650 if (error)
1651 goto error_rele;
1652 }
1653 } else {
1654 flags |= XFS_QMOPT_SBVERSION;
1655 }
1656
1657 /*
1658 * Create the three inodes, if they don't exist already. The changes
1659 * made above will get added to a transaction and logged in one of
1660 * the qino_alloc calls below. If the device is readonly,
1661 * temporarily switch to read-write to do this.
1662 */
1663 if (XFS_IS_UQUOTA_ON(mp) && uip == NULL) {
1664 error = xfs_qm_qino_alloc(mp, &uip,
1665 flags | XFS_QMOPT_UQUOTA);
1666 if (error)
1667 goto error_rele;
1668
1669 flags &= ~XFS_QMOPT_SBVERSION;
1670 }
1671 if (XFS_IS_GQUOTA_ON(mp) && gip == NULL) {
1672 error = xfs_qm_qino_alloc(mp, &gip,
1673 flags | XFS_QMOPT_GQUOTA);
1674 if (error)
1675 goto error_rele;
1676
1677 flags &= ~XFS_QMOPT_SBVERSION;
1678 }
1679 if (XFS_IS_PQUOTA_ON(mp) && pip == NULL) {
1680 error = xfs_qm_qino_alloc(mp, &pip,
1681 flags | XFS_QMOPT_PQUOTA);
1682 if (error)
1683 goto error_rele;
1684 }
1685
1686 mp->m_quotainfo->qi_uquotaip = uip;
1687 mp->m_quotainfo->qi_gquotaip = gip;
1688 mp->m_quotainfo->qi_pquotaip = pip;
1689
1690 return 0;
1691
1692 error_rele:
1693 if (uip)
1694 xfs_irele(uip);
1695 if (gip)
1696 xfs_irele(gip);
1697 if (pip)
1698 xfs_irele(pip);
1699 return error;
1700 }
1701
1702 STATIC void
xfs_qm_destroy_quotainos(struct xfs_quotainfo * qi)1703 xfs_qm_destroy_quotainos(
1704 struct xfs_quotainfo *qi)
1705 {
1706 if (qi->qi_uquotaip) {
1707 xfs_irele(qi->qi_uquotaip);
1708 qi->qi_uquotaip = NULL; /* paranoia */
1709 }
1710 if (qi->qi_gquotaip) {
1711 xfs_irele(qi->qi_gquotaip);
1712 qi->qi_gquotaip = NULL;
1713 }
1714 if (qi->qi_pquotaip) {
1715 xfs_irele(qi->qi_pquotaip);
1716 qi->qi_pquotaip = NULL;
1717 }
1718 }
1719
1720 STATIC void
xfs_qm_dqfree_one(struct xfs_dquot * dqp)1721 xfs_qm_dqfree_one(
1722 struct xfs_dquot *dqp)
1723 {
1724 struct xfs_mount *mp = dqp->q_mount;
1725 struct xfs_quotainfo *qi = mp->m_quotainfo;
1726
1727 mutex_lock(&qi->qi_tree_lock);
1728 radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id);
1729
1730 qi->qi_dquots--;
1731 mutex_unlock(&qi->qi_tree_lock);
1732
1733 xfs_qm_dqdestroy(dqp);
1734 }
1735
1736 /* --------------- utility functions for vnodeops ---------------- */
1737
1738
1739 /*
1740 * Given an inode, a uid, gid and prid make sure that we have
1741 * allocated relevant dquot(s) on disk, and that we won't exceed inode
1742 * quotas by creating this file.
1743 * This also attaches dquot(s) to the given inode after locking it,
1744 * and returns the dquots corresponding to the uid and/or gid.
1745 *
1746 * in : inode (unlocked)
1747 * out : udquot, gdquot with references taken and unlocked
1748 */
1749 int
xfs_qm_vop_dqalloc(struct xfs_inode * ip,kuid_t uid,kgid_t gid,prid_t prid,uint flags,struct xfs_dquot ** O_udqpp,struct xfs_dquot ** O_gdqpp,struct xfs_dquot ** O_pdqpp)1750 xfs_qm_vop_dqalloc(
1751 struct xfs_inode *ip,
1752 kuid_t uid,
1753 kgid_t gid,
1754 prid_t prid,
1755 uint flags,
1756 struct xfs_dquot **O_udqpp,
1757 struct xfs_dquot **O_gdqpp,
1758 struct xfs_dquot **O_pdqpp)
1759 {
1760 struct xfs_mount *mp = ip->i_mount;
1761 struct inode *inode = VFS_I(ip);
1762 struct user_namespace *user_ns = inode->i_sb->s_user_ns;
1763 struct xfs_dquot *uq = NULL;
1764 struct xfs_dquot *gq = NULL;
1765 struct xfs_dquot *pq = NULL;
1766 int error;
1767 uint lockflags;
1768
1769 if (!XFS_IS_QUOTA_ON(mp))
1770 return 0;
1771
1772 lockflags = XFS_ILOCK_EXCL;
1773 xfs_ilock(ip, lockflags);
1774
1775 if ((flags & XFS_QMOPT_INHERIT) && XFS_INHERIT_GID(ip))
1776 gid = inode->i_gid;
1777
1778 /*
1779 * Attach the dquot(s) to this inode, doing a dquot allocation
1780 * if necessary. The dquot(s) will not be locked.
1781 */
1782 if (XFS_NOT_DQATTACHED(mp, ip)) {
1783 error = xfs_qm_dqattach_locked(ip, true);
1784 if (error) {
1785 xfs_iunlock(ip, lockflags);
1786 return error;
1787 }
1788 }
1789
1790 if ((flags & XFS_QMOPT_UQUOTA) && XFS_IS_UQUOTA_ON(mp)) {
1791 ASSERT(O_udqpp);
1792 if (!uid_eq(inode->i_uid, uid)) {
1793 /*
1794 * What we need is the dquot that has this uid, and
1795 * if we send the inode to dqget, the uid of the inode
1796 * takes priority over what's sent in the uid argument.
1797 * We must unlock inode here before calling dqget if
1798 * we're not sending the inode, because otherwise
1799 * we'll deadlock by doing trans_reserve while
1800 * holding ilock.
1801 */
1802 xfs_iunlock(ip, lockflags);
1803 error = xfs_qm_dqget(mp, from_kuid(user_ns, uid),
1804 XFS_DQTYPE_USER, true, &uq);
1805 if (error) {
1806 ASSERT(error != -ENOENT);
1807 return error;
1808 }
1809 /*
1810 * Get the ilock in the right order.
1811 */
1812 xfs_dqunlock(uq);
1813 lockflags = XFS_ILOCK_SHARED;
1814 xfs_ilock(ip, lockflags);
1815 } else {
1816 /*
1817 * Take an extra reference, because we'll return
1818 * this to caller
1819 */
1820 ASSERT(ip->i_udquot);
1821 uq = xfs_qm_dqhold(ip->i_udquot);
1822 }
1823 }
1824 if ((flags & XFS_QMOPT_GQUOTA) && XFS_IS_GQUOTA_ON(mp)) {
1825 ASSERT(O_gdqpp);
1826 if (!gid_eq(inode->i_gid, gid)) {
1827 xfs_iunlock(ip, lockflags);
1828 error = xfs_qm_dqget(mp, from_kgid(user_ns, gid),
1829 XFS_DQTYPE_GROUP, true, &gq);
1830 if (error) {
1831 ASSERT(error != -ENOENT);
1832 goto error_rele;
1833 }
1834 xfs_dqunlock(gq);
1835 lockflags = XFS_ILOCK_SHARED;
1836 xfs_ilock(ip, lockflags);
1837 } else {
1838 ASSERT(ip->i_gdquot);
1839 gq = xfs_qm_dqhold(ip->i_gdquot);
1840 }
1841 }
1842 if ((flags & XFS_QMOPT_PQUOTA) && XFS_IS_PQUOTA_ON(mp)) {
1843 ASSERT(O_pdqpp);
1844 if (ip->i_projid != prid) {
1845 xfs_iunlock(ip, lockflags);
1846 error = xfs_qm_dqget(mp, prid,
1847 XFS_DQTYPE_PROJ, true, &pq);
1848 if (error) {
1849 ASSERT(error != -ENOENT);
1850 goto error_rele;
1851 }
1852 xfs_dqunlock(pq);
1853 lockflags = XFS_ILOCK_SHARED;
1854 xfs_ilock(ip, lockflags);
1855 } else {
1856 ASSERT(ip->i_pdquot);
1857 pq = xfs_qm_dqhold(ip->i_pdquot);
1858 }
1859 }
1860 trace_xfs_dquot_dqalloc(ip);
1861
1862 xfs_iunlock(ip, lockflags);
1863 if (O_udqpp)
1864 *O_udqpp = uq;
1865 else
1866 xfs_qm_dqrele(uq);
1867 if (O_gdqpp)
1868 *O_gdqpp = gq;
1869 else
1870 xfs_qm_dqrele(gq);
1871 if (O_pdqpp)
1872 *O_pdqpp = pq;
1873 else
1874 xfs_qm_dqrele(pq);
1875 return 0;
1876
1877 error_rele:
1878 xfs_qm_dqrele(gq);
1879 xfs_qm_dqrele(uq);
1880 return error;
1881 }
1882
1883 /*
1884 * Actually transfer ownership, and do dquot modifications.
1885 * These were already reserved.
1886 */
1887 struct xfs_dquot *
xfs_qm_vop_chown(struct xfs_trans * tp,struct xfs_inode * ip,struct xfs_dquot ** IO_olddq,struct xfs_dquot * newdq)1888 xfs_qm_vop_chown(
1889 struct xfs_trans *tp,
1890 struct xfs_inode *ip,
1891 struct xfs_dquot **IO_olddq,
1892 struct xfs_dquot *newdq)
1893 {
1894 struct xfs_dquot *prevdq;
1895 uint bfield = XFS_IS_REALTIME_INODE(ip) ?
1896 XFS_TRANS_DQ_RTBCOUNT : XFS_TRANS_DQ_BCOUNT;
1897
1898
1899 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
1900 ASSERT(XFS_IS_QUOTA_ON(ip->i_mount));
1901
1902 /* old dquot */
1903 prevdq = *IO_olddq;
1904 ASSERT(prevdq);
1905 ASSERT(prevdq != newdq);
1906
1907 xfs_trans_mod_ino_dquot(tp, ip, prevdq, bfield, -(ip->i_nblocks));
1908 xfs_trans_mod_ino_dquot(tp, ip, prevdq, XFS_TRANS_DQ_ICOUNT, -1);
1909
1910 /* the sparkling new dquot */
1911 xfs_trans_mod_ino_dquot(tp, ip, newdq, bfield, ip->i_nblocks);
1912 xfs_trans_mod_ino_dquot(tp, ip, newdq, XFS_TRANS_DQ_ICOUNT, 1);
1913
1914 /*
1915 * Back when we made quota reservations for the chown, we reserved the
1916 * ondisk blocks + delalloc blocks with the new dquot. Now that we've
1917 * switched the dquots, decrease the new dquot's block reservation
1918 * (having already bumped up the real counter) so that we don't have
1919 * any reservation to give back when we commit.
1920 */
1921 xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_RES_BLKS,
1922 -ip->i_delayed_blks);
1923
1924 /*
1925 * Give the incore reservation for delalloc blocks back to the old
1926 * dquot. We don't normally handle delalloc quota reservations
1927 * transactionally, so just lock the dquot and subtract from the
1928 * reservation. Dirty the transaction because it's too late to turn
1929 * back now.
1930 */
1931 tp->t_flags |= XFS_TRANS_DIRTY;
1932 xfs_dqlock(prevdq);
1933 ASSERT(prevdq->q_blk.reserved >= ip->i_delayed_blks);
1934 prevdq->q_blk.reserved -= ip->i_delayed_blks;
1935 xfs_dqunlock(prevdq);
1936
1937 /*
1938 * Take an extra reference, because the inode is going to keep
1939 * this dquot pointer even after the trans_commit.
1940 */
1941 *IO_olddq = xfs_qm_dqhold(newdq);
1942
1943 return prevdq;
1944 }
1945
1946 int
xfs_qm_vop_rename_dqattach(struct xfs_inode ** i_tab)1947 xfs_qm_vop_rename_dqattach(
1948 struct xfs_inode **i_tab)
1949 {
1950 struct xfs_mount *mp = i_tab[0]->i_mount;
1951 int i;
1952
1953 if (!XFS_IS_QUOTA_ON(mp))
1954 return 0;
1955
1956 for (i = 0; (i < 4 && i_tab[i]); i++) {
1957 struct xfs_inode *ip = i_tab[i];
1958 int error;
1959
1960 /*
1961 * Watch out for duplicate entries in the table.
1962 */
1963 if (i == 0 || ip != i_tab[i-1]) {
1964 if (XFS_NOT_DQATTACHED(mp, ip)) {
1965 error = xfs_qm_dqattach(ip);
1966 if (error)
1967 return error;
1968 }
1969 }
1970 }
1971 return 0;
1972 }
1973
1974 void
xfs_qm_vop_create_dqattach(struct xfs_trans * tp,struct xfs_inode * ip,struct xfs_dquot * udqp,struct xfs_dquot * gdqp,struct xfs_dquot * pdqp)1975 xfs_qm_vop_create_dqattach(
1976 struct xfs_trans *tp,
1977 struct xfs_inode *ip,
1978 struct xfs_dquot *udqp,
1979 struct xfs_dquot *gdqp,
1980 struct xfs_dquot *pdqp)
1981 {
1982 struct xfs_mount *mp = tp->t_mountp;
1983
1984 if (!XFS_IS_QUOTA_ON(mp))
1985 return;
1986
1987 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
1988
1989 if (udqp && XFS_IS_UQUOTA_ON(mp)) {
1990 ASSERT(ip->i_udquot == NULL);
1991 ASSERT(i_uid_read(VFS_I(ip)) == udqp->q_id);
1992
1993 ip->i_udquot = xfs_qm_dqhold(udqp);
1994 }
1995 if (gdqp && XFS_IS_GQUOTA_ON(mp)) {
1996 ASSERT(ip->i_gdquot == NULL);
1997 ASSERT(i_gid_read(VFS_I(ip)) == gdqp->q_id);
1998
1999 ip->i_gdquot = xfs_qm_dqhold(gdqp);
2000 }
2001 if (pdqp && XFS_IS_PQUOTA_ON(mp)) {
2002 ASSERT(ip->i_pdquot == NULL);
2003 ASSERT(ip->i_projid == pdqp->q_id);
2004
2005 ip->i_pdquot = xfs_qm_dqhold(pdqp);
2006 }
2007
2008 xfs_trans_mod_dquot_byino(tp, ip, XFS_TRANS_DQ_ICOUNT, 1);
2009 }
2010
2011 /* Decide if this inode's dquot is near an enforcement boundary. */
2012 bool
xfs_inode_near_dquot_enforcement(struct xfs_inode * ip,xfs_dqtype_t type)2013 xfs_inode_near_dquot_enforcement(
2014 struct xfs_inode *ip,
2015 xfs_dqtype_t type)
2016 {
2017 struct xfs_dquot *dqp;
2018 int64_t freesp;
2019
2020 /* We only care for quotas that are enabled and enforced. */
2021 dqp = xfs_inode_dquot(ip, type);
2022 if (!dqp || !xfs_dquot_is_enforced(dqp))
2023 return false;
2024
2025 if (xfs_dquot_res_over_limits(&dqp->q_ino) ||
2026 xfs_dquot_res_over_limits(&dqp->q_rtb))
2027 return true;
2028
2029 /* For space on the data device, check the various thresholds. */
2030 if (!dqp->q_prealloc_hi_wmark)
2031 return false;
2032
2033 if (dqp->q_blk.reserved < dqp->q_prealloc_lo_wmark)
2034 return false;
2035
2036 if (dqp->q_blk.reserved >= dqp->q_prealloc_hi_wmark)
2037 return true;
2038
2039 freesp = dqp->q_prealloc_hi_wmark - dqp->q_blk.reserved;
2040 if (freesp < dqp->q_low_space[XFS_QLOWSP_5_PCNT])
2041 return true;
2042
2043 return false;
2044 }
2045