Loading...
1/*
2 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
3 * All Rights Reserved.
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18#include "xfs.h"
19#include "xfs_fs.h"
20#include "xfs_bit.h"
21#include "xfs_log.h"
22#include "xfs_inum.h"
23#include "xfs_trans.h"
24#include "xfs_sb.h"
25#include "xfs_ag.h"
26#include "xfs_alloc.h"
27#include "xfs_quota.h"
28#include "xfs_mount.h"
29#include "xfs_bmap_btree.h"
30#include "xfs_ialloc_btree.h"
31#include "xfs_dinode.h"
32#include "xfs_inode.h"
33#include "xfs_ialloc.h"
34#include "xfs_itable.h"
35#include "xfs_rtalloc.h"
36#include "xfs_error.h"
37#include "xfs_bmap.h"
38#include "xfs_attr.h"
39#include "xfs_buf_item.h"
40#include "xfs_trans_space.h"
41#include "xfs_utils.h"
42#include "xfs_qm.h"
43#include "xfs_trace.h"
44
45/*
46 * The global quota manager. There is only one of these for the entire
47 * system, _not_ one per file system. XQM keeps track of the overall
48 * quota functionality, including maintaining the freelist and hash
49 * tables of dquots.
50 */
51struct mutex xfs_Gqm_lock;
52struct xfs_qm *xfs_Gqm;
53uint ndquot;
54
55kmem_zone_t *qm_dqzone;
56kmem_zone_t *qm_dqtrxzone;
57
58STATIC void xfs_qm_list_init(xfs_dqlist_t *, char *, int);
59STATIC void xfs_qm_list_destroy(xfs_dqlist_t *);
60
61STATIC int xfs_qm_init_quotainos(xfs_mount_t *);
62STATIC int xfs_qm_init_quotainfo(xfs_mount_t *);
63STATIC int xfs_qm_shake(struct shrinker *, struct shrink_control *);
64
65static struct shrinker xfs_qm_shaker = {
66 .shrink = xfs_qm_shake,
67 .seeks = DEFAULT_SEEKS,
68};
69
70/*
71 * Initialize the XQM structure.
72 * Note that there is not one quota manager per file system.
73 */
74STATIC struct xfs_qm *
75xfs_Gqm_init(void)
76{
77 xfs_dqhash_t *udqhash, *gdqhash;
78 xfs_qm_t *xqm;
79 size_t hsize;
80 uint i;
81
82 /*
83 * Initialize the dquot hash tables.
84 */
85 udqhash = kmem_zalloc_greedy(&hsize,
86 XFS_QM_HASHSIZE_LOW * sizeof(xfs_dqhash_t),
87 XFS_QM_HASHSIZE_HIGH * sizeof(xfs_dqhash_t));
88 if (!udqhash)
89 goto out;
90
91 gdqhash = kmem_zalloc_large(hsize);
92 if (!gdqhash)
93 goto out_free_udqhash;
94
95 hsize /= sizeof(xfs_dqhash_t);
96 ndquot = hsize << 8;
97
98 xqm = kmem_zalloc(sizeof(xfs_qm_t), KM_SLEEP);
99 xqm->qm_dqhashmask = hsize - 1;
100 xqm->qm_usr_dqhtable = udqhash;
101 xqm->qm_grp_dqhtable = gdqhash;
102 ASSERT(xqm->qm_usr_dqhtable != NULL);
103 ASSERT(xqm->qm_grp_dqhtable != NULL);
104
105 for (i = 0; i < hsize; i++) {
106 xfs_qm_list_init(&(xqm->qm_usr_dqhtable[i]), "uxdqh", i);
107 xfs_qm_list_init(&(xqm->qm_grp_dqhtable[i]), "gxdqh", i);
108 }
109
110 /*
111 * Freelist of all dquots of all file systems
112 */
113 INIT_LIST_HEAD(&xqm->qm_dqfrlist);
114 xqm->qm_dqfrlist_cnt = 0;
115 mutex_init(&xqm->qm_dqfrlist_lock);
116
117 /*
118 * dquot zone. we register our own low-memory callback.
119 */
120 if (!qm_dqzone) {
121 xqm->qm_dqzone = kmem_zone_init(sizeof(xfs_dquot_t),
122 "xfs_dquots");
123 qm_dqzone = xqm->qm_dqzone;
124 } else
125 xqm->qm_dqzone = qm_dqzone;
126
127 register_shrinker(&xfs_qm_shaker);
128
129 /*
130 * The t_dqinfo portion of transactions.
131 */
132 if (!qm_dqtrxzone) {
133 xqm->qm_dqtrxzone = kmem_zone_init(sizeof(xfs_dquot_acct_t),
134 "xfs_dqtrx");
135 qm_dqtrxzone = xqm->qm_dqtrxzone;
136 } else
137 xqm->qm_dqtrxzone = qm_dqtrxzone;
138
139 atomic_set(&xqm->qm_totaldquots, 0);
140 xqm->qm_dqfree_ratio = XFS_QM_DQFREE_RATIO;
141 xqm->qm_nrefs = 0;
142 return xqm;
143
144 out_free_udqhash:
145 kmem_free_large(udqhash);
146 out:
147 return NULL;
148}
149
150/*
151 * Destroy the global quota manager when its reference count goes to zero.
152 */
153STATIC void
154xfs_qm_destroy(
155 struct xfs_qm *xqm)
156{
157 struct xfs_dquot *dqp, *n;
158 int hsize, i;
159
160 ASSERT(xqm != NULL);
161 ASSERT(xqm->qm_nrefs == 0);
162 unregister_shrinker(&xfs_qm_shaker);
163 hsize = xqm->qm_dqhashmask + 1;
164 for (i = 0; i < hsize; i++) {
165 xfs_qm_list_destroy(&(xqm->qm_usr_dqhtable[i]));
166 xfs_qm_list_destroy(&(xqm->qm_grp_dqhtable[i]));
167 }
168 kmem_free_large(xqm->qm_usr_dqhtable);
169 kmem_free_large(xqm->qm_grp_dqhtable);
170 xqm->qm_usr_dqhtable = NULL;
171 xqm->qm_grp_dqhtable = NULL;
172 xqm->qm_dqhashmask = 0;
173
174 /* frlist cleanup */
175 mutex_lock(&xqm->qm_dqfrlist_lock);
176 list_for_each_entry_safe(dqp, n, &xqm->qm_dqfrlist, q_freelist) {
177 xfs_dqlock(dqp);
178 list_del_init(&dqp->q_freelist);
179 xfs_Gqm->qm_dqfrlist_cnt--;
180 xfs_dqunlock(dqp);
181 xfs_qm_dqdestroy(dqp);
182 }
183 mutex_unlock(&xqm->qm_dqfrlist_lock);
184 mutex_destroy(&xqm->qm_dqfrlist_lock);
185 kmem_free(xqm);
186}
187
188/*
189 * Called at mount time to let XQM know that another file system is
190 * starting quotas. This isn't crucial information as the individual mount
191 * structures are pretty independent, but it helps the XQM keep a
192 * global view of what's going on.
193 */
194/* ARGSUSED */
195STATIC int
196xfs_qm_hold_quotafs_ref(
197 struct xfs_mount *mp)
198{
199 /*
200 * Need to lock the xfs_Gqm structure for things like this. For example,
201 * the structure could disappear between the entry to this routine and
202 * a HOLD operation if not locked.
203 */
204 mutex_lock(&xfs_Gqm_lock);
205
206 if (!xfs_Gqm) {
207 xfs_Gqm = xfs_Gqm_init();
208 if (!xfs_Gqm) {
209 mutex_unlock(&xfs_Gqm_lock);
210 return ENOMEM;
211 }
212 }
213
214 /*
215 * We can keep a list of all filesystems with quotas mounted for
216 * debugging and statistical purposes, but ...
217 * Just take a reference and get out.
218 */
219 xfs_Gqm->qm_nrefs++;
220 mutex_unlock(&xfs_Gqm_lock);
221
222 return 0;
223}
224
225
226/*
227 * Release the reference that a filesystem took at mount time,
228 * so that we know when we need to destroy the entire quota manager.
229 */
230/* ARGSUSED */
231STATIC void
232xfs_qm_rele_quotafs_ref(
233 struct xfs_mount *mp)
234{
235 xfs_dquot_t *dqp, *n;
236
237 ASSERT(xfs_Gqm);
238 ASSERT(xfs_Gqm->qm_nrefs > 0);
239
240 /*
241 * Go thru the freelist and destroy all inactive dquots.
242 */
243 mutex_lock(&xfs_Gqm->qm_dqfrlist_lock);
244
245 list_for_each_entry_safe(dqp, n, &xfs_Gqm->qm_dqfrlist, q_freelist) {
246 xfs_dqlock(dqp);
247 if (dqp->dq_flags & XFS_DQ_INACTIVE) {
248 ASSERT(dqp->q_mount == NULL);
249 ASSERT(! XFS_DQ_IS_DIRTY(dqp));
250 ASSERT(list_empty(&dqp->q_hashlist));
251 ASSERT(list_empty(&dqp->q_mplist));
252 list_del_init(&dqp->q_freelist);
253 xfs_Gqm->qm_dqfrlist_cnt--;
254 xfs_dqunlock(dqp);
255 xfs_qm_dqdestroy(dqp);
256 } else {
257 xfs_dqunlock(dqp);
258 }
259 }
260 mutex_unlock(&xfs_Gqm->qm_dqfrlist_lock);
261
262 /*
263 * Destroy the entire XQM. If somebody mounts with quotaon, this'll
264 * be restarted.
265 */
266 mutex_lock(&xfs_Gqm_lock);
267 if (--xfs_Gqm->qm_nrefs == 0) {
268 xfs_qm_destroy(xfs_Gqm);
269 xfs_Gqm = NULL;
270 }
271 mutex_unlock(&xfs_Gqm_lock);
272}
273
274/*
275 * Just destroy the quotainfo structure.
276 */
277void
278xfs_qm_unmount(
279 struct xfs_mount *mp)
280{
281 if (mp->m_quotainfo) {
282 xfs_qm_dqpurge_all(mp, XFS_QMOPT_QUOTALL);
283 xfs_qm_destroy_quotainfo(mp);
284 }
285}
286
287
288/*
289 * This is called from xfs_mountfs to start quotas and initialize all
290 * necessary data structures like quotainfo. This is also responsible for
291 * running a quotacheck as necessary. We are guaranteed that the superblock
292 * is consistently read in at this point.
293 *
294 * If we fail here, the mount will continue with quota turned off. We don't
295 * need to inidicate success or failure at all.
296 */
297void
298xfs_qm_mount_quotas(
299 xfs_mount_t *mp)
300{
301 int error = 0;
302 uint sbf;
303
304 /*
305 * If quotas on realtime volumes is not supported, we disable
306 * quotas immediately.
307 */
308 if (mp->m_sb.sb_rextents) {
309 xfs_notice(mp, "Cannot turn on quotas for realtime filesystem");
310 mp->m_qflags = 0;
311 goto write_changes;
312 }
313
314 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
315
316 /*
317 * Allocate the quotainfo structure inside the mount struct, and
318 * create quotainode(s), and change/rev superblock if necessary.
319 */
320 error = xfs_qm_init_quotainfo(mp);
321 if (error) {
322 /*
323 * We must turn off quotas.
324 */
325 ASSERT(mp->m_quotainfo == NULL);
326 mp->m_qflags = 0;
327 goto write_changes;
328 }
329 /*
330 * If any of the quotas are not consistent, do a quotacheck.
331 */
332 if (XFS_QM_NEED_QUOTACHECK(mp)) {
333 error = xfs_qm_quotacheck(mp);
334 if (error) {
335 /* Quotacheck failed and disabled quotas. */
336 return;
337 }
338 }
339 /*
340 * If one type of quotas is off, then it will lose its
341 * quotachecked status, since we won't be doing accounting for
342 * that type anymore.
343 */
344 if (!XFS_IS_UQUOTA_ON(mp))
345 mp->m_qflags &= ~XFS_UQUOTA_CHKD;
346 if (!(XFS_IS_GQUOTA_ON(mp) || XFS_IS_PQUOTA_ON(mp)))
347 mp->m_qflags &= ~XFS_OQUOTA_CHKD;
348
349 write_changes:
350 /*
351 * We actually don't have to acquire the m_sb_lock at all.
352 * This can only be called from mount, and that's single threaded. XXX
353 */
354 spin_lock(&mp->m_sb_lock);
355 sbf = mp->m_sb.sb_qflags;
356 mp->m_sb.sb_qflags = mp->m_qflags & XFS_MOUNT_QUOTA_ALL;
357 spin_unlock(&mp->m_sb_lock);
358
359 if (sbf != (mp->m_qflags & XFS_MOUNT_QUOTA_ALL)) {
360 if (xfs_qm_write_sb_changes(mp, XFS_SB_QFLAGS)) {
361 /*
362 * We could only have been turning quotas off.
363 * We aren't in very good shape actually because
364 * the incore structures are convinced that quotas are
365 * off, but the on disk superblock doesn't know that !
366 */
367 ASSERT(!(XFS_IS_QUOTA_RUNNING(mp)));
368 xfs_alert(mp, "%s: Superblock update failed!",
369 __func__);
370 }
371 }
372
373 if (error) {
374 xfs_warn(mp, "Failed to initialize disk quotas.");
375 return;
376 }
377}
378
379/*
380 * Called from the vfsops layer.
381 */
382void
383xfs_qm_unmount_quotas(
384 xfs_mount_t *mp)
385{
386 /*
387 * Release the dquots that root inode, et al might be holding,
388 * before we flush quotas and blow away the quotainfo structure.
389 */
390 ASSERT(mp->m_rootip);
391 xfs_qm_dqdetach(mp->m_rootip);
392 if (mp->m_rbmip)
393 xfs_qm_dqdetach(mp->m_rbmip);
394 if (mp->m_rsumip)
395 xfs_qm_dqdetach(mp->m_rsumip);
396
397 /*
398 * Release the quota inodes.
399 */
400 if (mp->m_quotainfo) {
401 if (mp->m_quotainfo->qi_uquotaip) {
402 IRELE(mp->m_quotainfo->qi_uquotaip);
403 mp->m_quotainfo->qi_uquotaip = NULL;
404 }
405 if (mp->m_quotainfo->qi_gquotaip) {
406 IRELE(mp->m_quotainfo->qi_gquotaip);
407 mp->m_quotainfo->qi_gquotaip = NULL;
408 }
409 }
410}
411
412/*
413 * Flush all dquots of the given file system to disk. The dquots are
414 * _not_ purged from memory here, just their data written to disk.
415 */
416STATIC int
417xfs_qm_dqflush_all(
418 struct xfs_mount *mp,
419 int sync_mode)
420{
421 struct xfs_quotainfo *q = mp->m_quotainfo;
422 int recl;
423 struct xfs_dquot *dqp;
424 int error;
425
426 if (!q)
427 return 0;
428again:
429 mutex_lock(&q->qi_dqlist_lock);
430 list_for_each_entry(dqp, &q->qi_dqlist, q_mplist) {
431 xfs_dqlock(dqp);
432 if (! XFS_DQ_IS_DIRTY(dqp)) {
433 xfs_dqunlock(dqp);
434 continue;
435 }
436
437 /* XXX a sentinel would be better */
438 recl = q->qi_dqreclaims;
439 if (!xfs_dqflock_nowait(dqp)) {
440 /*
441 * If we can't grab the flush lock then check
442 * to see if the dquot has been flushed delayed
443 * write. If so, grab its buffer and send it
444 * out immediately. We'll be able to acquire
445 * the flush lock when the I/O completes.
446 */
447 xfs_qm_dqflock_pushbuf_wait(dqp);
448 }
449 /*
450 * Let go of the mplist lock. We don't want to hold it
451 * across a disk write.
452 */
453 mutex_unlock(&q->qi_dqlist_lock);
454 error = xfs_qm_dqflush(dqp, sync_mode);
455 xfs_dqunlock(dqp);
456 if (error)
457 return error;
458
459 mutex_lock(&q->qi_dqlist_lock);
460 if (recl != q->qi_dqreclaims) {
461 mutex_unlock(&q->qi_dqlist_lock);
462 /* XXX restart limit */
463 goto again;
464 }
465 }
466
467 mutex_unlock(&q->qi_dqlist_lock);
468 /* return ! busy */
469 return 0;
470}
471/*
472 * Release the group dquot pointers the user dquots may be
473 * carrying around as a hint. mplist is locked on entry and exit.
474 */
475STATIC void
476xfs_qm_detach_gdquots(
477 struct xfs_mount *mp)
478{
479 struct xfs_quotainfo *q = mp->m_quotainfo;
480 struct xfs_dquot *dqp, *gdqp;
481 int nrecl;
482
483 again:
484 ASSERT(mutex_is_locked(&q->qi_dqlist_lock));
485 list_for_each_entry(dqp, &q->qi_dqlist, q_mplist) {
486 xfs_dqlock(dqp);
487 if ((gdqp = dqp->q_gdquot)) {
488 xfs_dqlock(gdqp);
489 dqp->q_gdquot = NULL;
490 }
491 xfs_dqunlock(dqp);
492
493 if (gdqp) {
494 /*
495 * Can't hold the mplist lock across a dqput.
496 * XXXmust convert to marker based iterations here.
497 */
498 nrecl = q->qi_dqreclaims;
499 mutex_unlock(&q->qi_dqlist_lock);
500 xfs_qm_dqput(gdqp);
501
502 mutex_lock(&q->qi_dqlist_lock);
503 if (nrecl != q->qi_dqreclaims)
504 goto again;
505 }
506 }
507}
508
509/*
510 * Go through all the incore dquots of this file system and take them
511 * off the mplist and hashlist, if the dquot type matches the dqtype
512 * parameter. This is used when turning off quota accounting for
513 * users and/or groups, as well as when the filesystem is unmounting.
514 */
515STATIC int
516xfs_qm_dqpurge_int(
517 struct xfs_mount *mp,
518 uint flags)
519{
520 struct xfs_quotainfo *q = mp->m_quotainfo;
521 struct xfs_dquot *dqp, *n;
522 uint dqtype;
523 int nrecl;
524 int nmisses;
525
526 if (!q)
527 return 0;
528
529 dqtype = (flags & XFS_QMOPT_UQUOTA) ? XFS_DQ_USER : 0;
530 dqtype |= (flags & XFS_QMOPT_PQUOTA) ? XFS_DQ_PROJ : 0;
531 dqtype |= (flags & XFS_QMOPT_GQUOTA) ? XFS_DQ_GROUP : 0;
532
533 mutex_lock(&q->qi_dqlist_lock);
534
535 /*
536 * In the first pass through all incore dquots of this filesystem,
537 * we release the group dquot pointers the user dquots may be
538 * carrying around as a hint. We need to do this irrespective of
539 * what's being turned off.
540 */
541 xfs_qm_detach_gdquots(mp);
542
543 again:
544 nmisses = 0;
545 ASSERT(mutex_is_locked(&q->qi_dqlist_lock));
546 /*
547 * Try to get rid of all of the unwanted dquots. The idea is to
548 * get them off mplist and hashlist, but leave them on freelist.
549 */
550 list_for_each_entry_safe(dqp, n, &q->qi_dqlist, q_mplist) {
551 /*
552 * It's OK to look at the type without taking dqlock here.
553 * We're holding the mplist lock here, and that's needed for
554 * a dqreclaim.
555 */
556 if ((dqp->dq_flags & dqtype) == 0)
557 continue;
558
559 if (!mutex_trylock(&dqp->q_hash->qh_lock)) {
560 nrecl = q->qi_dqreclaims;
561 mutex_unlock(&q->qi_dqlist_lock);
562 mutex_lock(&dqp->q_hash->qh_lock);
563 mutex_lock(&q->qi_dqlist_lock);
564
565 /*
566 * XXXTheoretically, we can get into a very long
567 * ping pong game here.
568 * No one can be adding dquots to the mplist at
569 * this point, but somebody might be taking things off.
570 */
571 if (nrecl != q->qi_dqreclaims) {
572 mutex_unlock(&dqp->q_hash->qh_lock);
573 goto again;
574 }
575 }
576
577 /*
578 * Take the dquot off the mplist and hashlist. It may remain on
579 * freelist in INACTIVE state.
580 */
581 nmisses += xfs_qm_dqpurge(dqp);
582 }
583 mutex_unlock(&q->qi_dqlist_lock);
584 return nmisses;
585}
586
587int
588xfs_qm_dqpurge_all(
589 xfs_mount_t *mp,
590 uint flags)
591{
592 int ndquots;
593
594 /*
595 * Purge the dquot cache.
596 * None of the dquots should really be busy at this point.
597 */
598 if (mp->m_quotainfo) {
599 while ((ndquots = xfs_qm_dqpurge_int(mp, flags))) {
600 delay(ndquots * 10);
601 }
602 }
603 return 0;
604}
605
606STATIC int
607xfs_qm_dqattach_one(
608 xfs_inode_t *ip,
609 xfs_dqid_t id,
610 uint type,
611 uint doalloc,
612 xfs_dquot_t *udqhint, /* hint */
613 xfs_dquot_t **IO_idqpp)
614{
615 xfs_dquot_t *dqp;
616 int error;
617
618 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
619 error = 0;
620
621 /*
622 * See if we already have it in the inode itself. IO_idqpp is
623 * &i_udquot or &i_gdquot. This made the code look weird, but
624 * made the logic a lot simpler.
625 */
626 dqp = *IO_idqpp;
627 if (dqp) {
628 trace_xfs_dqattach_found(dqp);
629 return 0;
630 }
631
632 /*
633 * udqhint is the i_udquot field in inode, and is non-NULL only
634 * when the type arg is group/project. Its purpose is to save a
635 * lookup by dqid (xfs_qm_dqget) by caching a group dquot inside
636 * the user dquot.
637 */
638 if (udqhint) {
639 ASSERT(type == XFS_DQ_GROUP || type == XFS_DQ_PROJ);
640 xfs_dqlock(udqhint);
641
642 /*
643 * No need to take dqlock to look at the id.
644 *
645 * The ID can't change until it gets reclaimed, and it won't
646 * be reclaimed as long as we have a ref from inode and we
647 * hold the ilock.
648 */
649 dqp = udqhint->q_gdquot;
650 if (dqp && be32_to_cpu(dqp->q_core.d_id) == id) {
651 xfs_dqlock(dqp);
652 XFS_DQHOLD(dqp);
653 ASSERT(*IO_idqpp == NULL);
654 *IO_idqpp = dqp;
655
656 xfs_dqunlock(dqp);
657 xfs_dqunlock(udqhint);
658 return 0;
659 }
660
661 /*
662 * We can't hold a dquot lock when we call the dqget code.
663 * We'll deadlock in no time, because of (not conforming to)
664 * lock ordering - the inodelock comes before any dquot lock,
665 * and we may drop and reacquire the ilock in xfs_qm_dqget().
666 */
667 xfs_dqunlock(udqhint);
668 }
669
670 /*
671 * Find the dquot from somewhere. This bumps the
672 * reference count of dquot and returns it locked.
673 * This can return ENOENT if dquot didn't exist on
674 * disk and we didn't ask it to allocate;
675 * ESRCH if quotas got turned off suddenly.
676 */
677 error = xfs_qm_dqget(ip->i_mount, ip, id, type, XFS_QMOPT_DOWARN, &dqp);
678 if (error)
679 return error;
680
681 trace_xfs_dqattach_get(dqp);
682
683 /*
684 * dqget may have dropped and re-acquired the ilock, but it guarantees
685 * that the dquot returned is the one that should go in the inode.
686 */
687 *IO_idqpp = dqp;
688 xfs_dqunlock(dqp);
689 return 0;
690}
691
692
693/*
694 * Given a udquot and gdquot, attach a ptr to the group dquot in the
695 * udquot as a hint for future lookups. The idea sounds simple, but the
696 * execution isn't, because the udquot might have a group dquot attached
697 * already and getting rid of that gets us into lock ordering constraints.
698 * The process is complicated more by the fact that the dquots may or may not
699 * be locked on entry.
700 */
701STATIC void
702xfs_qm_dqattach_grouphint(
703 xfs_dquot_t *udq,
704 xfs_dquot_t *gdq)
705{
706 xfs_dquot_t *tmp;
707
708 xfs_dqlock(udq);
709
710 if ((tmp = udq->q_gdquot)) {
711 if (tmp == gdq) {
712 xfs_dqunlock(udq);
713 return;
714 }
715
716 udq->q_gdquot = NULL;
717 /*
718 * We can't keep any dqlocks when calling dqrele,
719 * because the freelist lock comes before dqlocks.
720 */
721 xfs_dqunlock(udq);
722 /*
723 * we took a hard reference once upon a time in dqget,
724 * so give it back when the udquot no longer points at it
725 * dqput() does the unlocking of the dquot.
726 */
727 xfs_qm_dqrele(tmp);
728
729 xfs_dqlock(udq);
730 xfs_dqlock(gdq);
731
732 } else {
733 ASSERT(XFS_DQ_IS_LOCKED(udq));
734 xfs_dqlock(gdq);
735 }
736
737 ASSERT(XFS_DQ_IS_LOCKED(udq));
738 ASSERT(XFS_DQ_IS_LOCKED(gdq));
739 /*
740 * Somebody could have attached a gdquot here,
741 * when we dropped the uqlock. If so, just do nothing.
742 */
743 if (udq->q_gdquot == NULL) {
744 XFS_DQHOLD(gdq);
745 udq->q_gdquot = gdq;
746 }
747
748 xfs_dqunlock(gdq);
749 xfs_dqunlock(udq);
750}
751
752
753/*
754 * Given a locked inode, attach dquot(s) to it, taking U/G/P-QUOTAON
755 * into account.
756 * If XFS_QMOPT_DQALLOC, the dquot(s) will be allocated if needed.
757 * Inode may get unlocked and relocked in here, and the caller must deal with
758 * the consequences.
759 */
760int
761xfs_qm_dqattach_locked(
762 xfs_inode_t *ip,
763 uint flags)
764{
765 xfs_mount_t *mp = ip->i_mount;
766 uint nquotas = 0;
767 int error = 0;
768
769 if (!XFS_IS_QUOTA_RUNNING(mp) ||
770 !XFS_IS_QUOTA_ON(mp) ||
771 !XFS_NOT_DQATTACHED(mp, ip) ||
772 ip->i_ino == mp->m_sb.sb_uquotino ||
773 ip->i_ino == mp->m_sb.sb_gquotino)
774 return 0;
775
776 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
777
778 if (XFS_IS_UQUOTA_ON(mp)) {
779 error = xfs_qm_dqattach_one(ip, ip->i_d.di_uid, XFS_DQ_USER,
780 flags & XFS_QMOPT_DQALLOC,
781 NULL, &ip->i_udquot);
782 if (error)
783 goto done;
784 nquotas++;
785 }
786
787 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
788 if (XFS_IS_OQUOTA_ON(mp)) {
789 error = XFS_IS_GQUOTA_ON(mp) ?
790 xfs_qm_dqattach_one(ip, ip->i_d.di_gid, XFS_DQ_GROUP,
791 flags & XFS_QMOPT_DQALLOC,
792 ip->i_udquot, &ip->i_gdquot) :
793 xfs_qm_dqattach_one(ip, xfs_get_projid(ip), XFS_DQ_PROJ,
794 flags & XFS_QMOPT_DQALLOC,
795 ip->i_udquot, &ip->i_gdquot);
796 /*
797 * Don't worry about the udquot that we may have
798 * attached above. It'll get detached, if not already.
799 */
800 if (error)
801 goto done;
802 nquotas++;
803 }
804
805 /*
806 * Attach this group quota to the user quota as a hint.
807 * This WON'T, in general, result in a thrash.
808 */
809 if (nquotas == 2) {
810 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
811 ASSERT(ip->i_udquot);
812 ASSERT(ip->i_gdquot);
813
814 /*
815 * We may or may not have the i_udquot locked at this point,
816 * but this check is OK since we don't depend on the i_gdquot to
817 * be accurate 100% all the time. It is just a hint, and this
818 * will succeed in general.
819 */
820 if (ip->i_udquot->q_gdquot == ip->i_gdquot)
821 goto done;
822 /*
823 * Attach i_gdquot to the gdquot hint inside the i_udquot.
824 */
825 xfs_qm_dqattach_grouphint(ip->i_udquot, ip->i_gdquot);
826 }
827
828 done:
829#ifdef DEBUG
830 if (!error) {
831 if (XFS_IS_UQUOTA_ON(mp))
832 ASSERT(ip->i_udquot);
833 if (XFS_IS_OQUOTA_ON(mp))
834 ASSERT(ip->i_gdquot);
835 }
836 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
837#endif
838 return error;
839}
840
841int
842xfs_qm_dqattach(
843 struct xfs_inode *ip,
844 uint flags)
845{
846 int error;
847
848 xfs_ilock(ip, XFS_ILOCK_EXCL);
849 error = xfs_qm_dqattach_locked(ip, flags);
850 xfs_iunlock(ip, XFS_ILOCK_EXCL);
851
852 return error;
853}
854
855/*
856 * Release dquots (and their references) if any.
857 * The inode should be locked EXCL except when this's called by
858 * xfs_ireclaim.
859 */
860void
861xfs_qm_dqdetach(
862 xfs_inode_t *ip)
863{
864 if (!(ip->i_udquot || ip->i_gdquot))
865 return;
866
867 trace_xfs_dquot_dqdetach(ip);
868
869 ASSERT(ip->i_ino != ip->i_mount->m_sb.sb_uquotino);
870 ASSERT(ip->i_ino != ip->i_mount->m_sb.sb_gquotino);
871 if (ip->i_udquot) {
872 xfs_qm_dqrele(ip->i_udquot);
873 ip->i_udquot = NULL;
874 }
875 if (ip->i_gdquot) {
876 xfs_qm_dqrele(ip->i_gdquot);
877 ip->i_gdquot = NULL;
878 }
879}
880
881int
882xfs_qm_sync(
883 struct xfs_mount *mp,
884 int flags)
885{
886 struct xfs_quotainfo *q = mp->m_quotainfo;
887 int recl, restarts;
888 struct xfs_dquot *dqp;
889 int error;
890
891 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
892 return 0;
893
894 restarts = 0;
895
896 again:
897 mutex_lock(&q->qi_dqlist_lock);
898 /*
899 * dqpurge_all() also takes the mplist lock and iterate thru all dquots
900 * in quotaoff. However, if the QUOTA_ACTIVE bits are not cleared
901 * when we have the mplist lock, we know that dquots will be consistent
902 * as long as we have it locked.
903 */
904 if (!XFS_IS_QUOTA_ON(mp)) {
905 mutex_unlock(&q->qi_dqlist_lock);
906 return 0;
907 }
908 ASSERT(mutex_is_locked(&q->qi_dqlist_lock));
909 list_for_each_entry(dqp, &q->qi_dqlist, q_mplist) {
910 /*
911 * If this is vfs_sync calling, then skip the dquots that
912 * don't 'seem' to be dirty. ie. don't acquire dqlock.
913 * This is very similar to what xfs_sync does with inodes.
914 */
915 if (flags & SYNC_TRYLOCK) {
916 if (!XFS_DQ_IS_DIRTY(dqp))
917 continue;
918 if (!xfs_qm_dqlock_nowait(dqp))
919 continue;
920 } else {
921 xfs_dqlock(dqp);
922 }
923
924 /*
925 * Now, find out for sure if this dquot is dirty or not.
926 */
927 if (! XFS_DQ_IS_DIRTY(dqp)) {
928 xfs_dqunlock(dqp);
929 continue;
930 }
931
932 /* XXX a sentinel would be better */
933 recl = q->qi_dqreclaims;
934 if (!xfs_dqflock_nowait(dqp)) {
935 if (flags & SYNC_TRYLOCK) {
936 xfs_dqunlock(dqp);
937 continue;
938 }
939 /*
940 * If we can't grab the flush lock then if the caller
941 * really wanted us to give this our best shot, so
942 * see if we can give a push to the buffer before we wait
943 * on the flush lock. At this point, we know that
944 * even though the dquot is being flushed,
945 * it has (new) dirty data.
946 */
947 xfs_qm_dqflock_pushbuf_wait(dqp);
948 }
949 /*
950 * Let go of the mplist lock. We don't want to hold it
951 * across a disk write
952 */
953 mutex_unlock(&q->qi_dqlist_lock);
954 error = xfs_qm_dqflush(dqp, flags);
955 xfs_dqunlock(dqp);
956 if (error && XFS_FORCED_SHUTDOWN(mp))
957 return 0; /* Need to prevent umount failure */
958 else if (error)
959 return error;
960
961 mutex_lock(&q->qi_dqlist_lock);
962 if (recl != q->qi_dqreclaims) {
963 if (++restarts >= XFS_QM_SYNC_MAX_RESTARTS)
964 break;
965
966 mutex_unlock(&q->qi_dqlist_lock);
967 goto again;
968 }
969 }
970
971 mutex_unlock(&q->qi_dqlist_lock);
972 return 0;
973}
974
975/*
976 * The hash chains and the mplist use the same xfs_dqhash structure as
977 * their list head, but we can take the mplist qh_lock and one of the
978 * hash qh_locks at the same time without any problem as they aren't
979 * related.
980 */
981static struct lock_class_key xfs_quota_mplist_class;
982
983/*
984 * This initializes all the quota information that's kept in the
985 * mount structure
986 */
987STATIC int
988xfs_qm_init_quotainfo(
989 xfs_mount_t *mp)
990{
991 xfs_quotainfo_t *qinf;
992 int error;
993 xfs_dquot_t *dqp;
994
995 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
996
997 /*
998 * Tell XQM that we exist as soon as possible.
999 */
1000 if ((error = xfs_qm_hold_quotafs_ref(mp))) {
1001 return error;
1002 }
1003
1004 qinf = mp->m_quotainfo = kmem_zalloc(sizeof(xfs_quotainfo_t), KM_SLEEP);
1005
1006 /*
1007 * See if quotainodes are setup, and if not, allocate them,
1008 * and change the superblock accordingly.
1009 */
1010 if ((error = xfs_qm_init_quotainos(mp))) {
1011 kmem_free(qinf);
1012 mp->m_quotainfo = NULL;
1013 return error;
1014 }
1015
1016 INIT_LIST_HEAD(&qinf->qi_dqlist);
1017 mutex_init(&qinf->qi_dqlist_lock);
1018 lockdep_set_class(&qinf->qi_dqlist_lock, &xfs_quota_mplist_class);
1019
1020 qinf->qi_dqreclaims = 0;
1021
1022 /* mutex used to serialize quotaoffs */
1023 mutex_init(&qinf->qi_quotaofflock);
1024
1025 /* Precalc some constants */
1026 qinf->qi_dqchunklen = XFS_FSB_TO_BB(mp, XFS_DQUOT_CLUSTER_SIZE_FSB);
1027 ASSERT(qinf->qi_dqchunklen);
1028 qinf->qi_dqperchunk = BBTOB(qinf->qi_dqchunklen);
1029 do_div(qinf->qi_dqperchunk, sizeof(xfs_dqblk_t));
1030
1031 mp->m_qflags |= (mp->m_sb.sb_qflags & XFS_ALL_QUOTA_CHKD);
1032
1033 /*
1034 * We try to get the limits from the superuser's limits fields.
1035 * This is quite hacky, but it is standard quota practice.
1036 * We look at the USR dquot with id == 0 first, but if user quotas
1037 * are not enabled we goto the GRP dquot with id == 0.
1038 * We don't really care to keep separate default limits for user
1039 * and group quotas, at least not at this point.
1040 */
1041 error = xfs_qm_dqget(mp, NULL, (xfs_dqid_t)0,
1042 XFS_IS_UQUOTA_RUNNING(mp) ? XFS_DQ_USER :
1043 (XFS_IS_GQUOTA_RUNNING(mp) ? XFS_DQ_GROUP :
1044 XFS_DQ_PROJ),
1045 XFS_QMOPT_DQSUSER|XFS_QMOPT_DOWARN,
1046 &dqp);
1047 if (! error) {
1048 xfs_disk_dquot_t *ddqp = &dqp->q_core;
1049
1050 /*
1051 * The warnings and timers set the grace period given to
1052 * a user or group before he or she can not perform any
1053 * more writing. If it is zero, a default is used.
1054 */
1055 qinf->qi_btimelimit = ddqp->d_btimer ?
1056 be32_to_cpu(ddqp->d_btimer) : XFS_QM_BTIMELIMIT;
1057 qinf->qi_itimelimit = ddqp->d_itimer ?
1058 be32_to_cpu(ddqp->d_itimer) : XFS_QM_ITIMELIMIT;
1059 qinf->qi_rtbtimelimit = ddqp->d_rtbtimer ?
1060 be32_to_cpu(ddqp->d_rtbtimer) : XFS_QM_RTBTIMELIMIT;
1061 qinf->qi_bwarnlimit = ddqp->d_bwarns ?
1062 be16_to_cpu(ddqp->d_bwarns) : XFS_QM_BWARNLIMIT;
1063 qinf->qi_iwarnlimit = ddqp->d_iwarns ?
1064 be16_to_cpu(ddqp->d_iwarns) : XFS_QM_IWARNLIMIT;
1065 qinf->qi_rtbwarnlimit = ddqp->d_rtbwarns ?
1066 be16_to_cpu(ddqp->d_rtbwarns) : XFS_QM_RTBWARNLIMIT;
1067 qinf->qi_bhardlimit = be64_to_cpu(ddqp->d_blk_hardlimit);
1068 qinf->qi_bsoftlimit = be64_to_cpu(ddqp->d_blk_softlimit);
1069 qinf->qi_ihardlimit = be64_to_cpu(ddqp->d_ino_hardlimit);
1070 qinf->qi_isoftlimit = be64_to_cpu(ddqp->d_ino_softlimit);
1071 qinf->qi_rtbhardlimit = be64_to_cpu(ddqp->d_rtb_hardlimit);
1072 qinf->qi_rtbsoftlimit = be64_to_cpu(ddqp->d_rtb_softlimit);
1073
1074 /*
1075 * We sent the XFS_QMOPT_DQSUSER flag to dqget because
1076 * we don't want this dquot cached. We haven't done a
1077 * quotacheck yet, and quotacheck doesn't like incore dquots.
1078 */
1079 xfs_qm_dqdestroy(dqp);
1080 } else {
1081 qinf->qi_btimelimit = XFS_QM_BTIMELIMIT;
1082 qinf->qi_itimelimit = XFS_QM_ITIMELIMIT;
1083 qinf->qi_rtbtimelimit = XFS_QM_RTBTIMELIMIT;
1084 qinf->qi_bwarnlimit = XFS_QM_BWARNLIMIT;
1085 qinf->qi_iwarnlimit = XFS_QM_IWARNLIMIT;
1086 qinf->qi_rtbwarnlimit = XFS_QM_RTBWARNLIMIT;
1087 }
1088
1089 return 0;
1090}
1091
1092
1093/*
1094 * Gets called when unmounting a filesystem or when all quotas get
1095 * turned off.
1096 * This purges the quota inodes, destroys locks and frees itself.
1097 */
1098void
1099xfs_qm_destroy_quotainfo(
1100 xfs_mount_t *mp)
1101{
1102 xfs_quotainfo_t *qi;
1103
1104 qi = mp->m_quotainfo;
1105 ASSERT(qi != NULL);
1106 ASSERT(xfs_Gqm != NULL);
1107
1108 /*
1109 * Release the reference that XQM kept, so that we know
1110 * when the XQM structure should be freed. We cannot assume
1111 * that xfs_Gqm is non-null after this point.
1112 */
1113 xfs_qm_rele_quotafs_ref(mp);
1114
1115 ASSERT(list_empty(&qi->qi_dqlist));
1116 mutex_destroy(&qi->qi_dqlist_lock);
1117
1118 if (qi->qi_uquotaip) {
1119 IRELE(qi->qi_uquotaip);
1120 qi->qi_uquotaip = NULL; /* paranoia */
1121 }
1122 if (qi->qi_gquotaip) {
1123 IRELE(qi->qi_gquotaip);
1124 qi->qi_gquotaip = NULL;
1125 }
1126 mutex_destroy(&qi->qi_quotaofflock);
1127 kmem_free(qi);
1128 mp->m_quotainfo = NULL;
1129}
1130
1131
1132
1133/* ------------------- PRIVATE STATIC FUNCTIONS ----------------------- */
1134
1135/* ARGSUSED */
1136STATIC void
1137xfs_qm_list_init(
1138 xfs_dqlist_t *list,
1139 char *str,
1140 int n)
1141{
1142 mutex_init(&list->qh_lock);
1143 INIT_LIST_HEAD(&list->qh_list);
1144 list->qh_version = 0;
1145 list->qh_nelems = 0;
1146}
1147
1148STATIC void
1149xfs_qm_list_destroy(
1150 xfs_dqlist_t *list)
1151{
1152 mutex_destroy(&(list->qh_lock));
1153}
1154
1155/*
1156 * Create an inode and return with a reference already taken, but unlocked
1157 * This is how we create quota inodes
1158 */
1159STATIC int
1160xfs_qm_qino_alloc(
1161 xfs_mount_t *mp,
1162 xfs_inode_t **ip,
1163 __int64_t sbfields,
1164 uint flags)
1165{
1166 xfs_trans_t *tp;
1167 int error;
1168 int committed;
1169
1170 tp = xfs_trans_alloc(mp, XFS_TRANS_QM_QINOCREATE);
1171 if ((error = xfs_trans_reserve(tp,
1172 XFS_QM_QINOCREATE_SPACE_RES(mp),
1173 XFS_CREATE_LOG_RES(mp), 0,
1174 XFS_TRANS_PERM_LOG_RES,
1175 XFS_CREATE_LOG_COUNT))) {
1176 xfs_trans_cancel(tp, 0);
1177 return error;
1178 }
1179
1180 error = xfs_dir_ialloc(&tp, NULL, S_IFREG, 1, 0, 0, 1, ip, &committed);
1181 if (error) {
1182 xfs_trans_cancel(tp, XFS_TRANS_RELEASE_LOG_RES |
1183 XFS_TRANS_ABORT);
1184 return error;
1185 }
1186
1187 /*
1188 * Make the changes in the superblock, and log those too.
1189 * sbfields arg may contain fields other than *QUOTINO;
1190 * VERSIONNUM for example.
1191 */
1192 spin_lock(&mp->m_sb_lock);
1193 if (flags & XFS_QMOPT_SBVERSION) {
1194 ASSERT(!xfs_sb_version_hasquota(&mp->m_sb));
1195 ASSERT((sbfields & (XFS_SB_VERSIONNUM | XFS_SB_UQUOTINO |
1196 XFS_SB_GQUOTINO | XFS_SB_QFLAGS)) ==
1197 (XFS_SB_VERSIONNUM | XFS_SB_UQUOTINO |
1198 XFS_SB_GQUOTINO | XFS_SB_QFLAGS));
1199
1200 xfs_sb_version_addquota(&mp->m_sb);
1201 mp->m_sb.sb_uquotino = NULLFSINO;
1202 mp->m_sb.sb_gquotino = NULLFSINO;
1203
1204 /* qflags will get updated _after_ quotacheck */
1205 mp->m_sb.sb_qflags = 0;
1206 }
1207 if (flags & XFS_QMOPT_UQUOTA)
1208 mp->m_sb.sb_uquotino = (*ip)->i_ino;
1209 else
1210 mp->m_sb.sb_gquotino = (*ip)->i_ino;
1211 spin_unlock(&mp->m_sb_lock);
1212 xfs_mod_sb(tp, sbfields);
1213
1214 if ((error = xfs_trans_commit(tp, XFS_TRANS_RELEASE_LOG_RES))) {
1215 xfs_alert(mp, "%s failed (error %d)!", __func__, error);
1216 return error;
1217 }
1218 return 0;
1219}
1220
1221
1222STATIC void
1223xfs_qm_reset_dqcounts(
1224 xfs_mount_t *mp,
1225 xfs_buf_t *bp,
1226 xfs_dqid_t id,
1227 uint type)
1228{
1229 xfs_disk_dquot_t *ddq;
1230 int j;
1231
1232 trace_xfs_reset_dqcounts(bp, _RET_IP_);
1233
1234 /*
1235 * Reset all counters and timers. They'll be
1236 * started afresh by xfs_qm_quotacheck.
1237 */
1238#ifdef DEBUG
1239 j = XFS_FSB_TO_B(mp, XFS_DQUOT_CLUSTER_SIZE_FSB);
1240 do_div(j, sizeof(xfs_dqblk_t));
1241 ASSERT(mp->m_quotainfo->qi_dqperchunk == j);
1242#endif
1243 ddq = bp->b_addr;
1244 for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) {
1245 /*
1246 * Do a sanity check, and if needed, repair the dqblk. Don't
1247 * output any warnings because it's perfectly possible to
1248 * find uninitialised dquot blks. See comment in xfs_qm_dqcheck.
1249 */
1250 (void) xfs_qm_dqcheck(mp, ddq, id+j, type, XFS_QMOPT_DQREPAIR,
1251 "xfs_quotacheck");
1252 ddq->d_bcount = 0;
1253 ddq->d_icount = 0;
1254 ddq->d_rtbcount = 0;
1255 ddq->d_btimer = 0;
1256 ddq->d_itimer = 0;
1257 ddq->d_rtbtimer = 0;
1258 ddq->d_bwarns = 0;
1259 ddq->d_iwarns = 0;
1260 ddq->d_rtbwarns = 0;
1261 ddq = (xfs_disk_dquot_t *) ((xfs_dqblk_t *)ddq + 1);
1262 }
1263}
1264
1265STATIC int
1266xfs_qm_dqiter_bufs(
1267 xfs_mount_t *mp,
1268 xfs_dqid_t firstid,
1269 xfs_fsblock_t bno,
1270 xfs_filblks_t blkcnt,
1271 uint flags)
1272{
1273 xfs_buf_t *bp;
1274 int error;
1275 int type;
1276
1277 ASSERT(blkcnt > 0);
1278 type = flags & XFS_QMOPT_UQUOTA ? XFS_DQ_USER :
1279 (flags & XFS_QMOPT_PQUOTA ? XFS_DQ_PROJ : XFS_DQ_GROUP);
1280 error = 0;
1281
1282 /*
1283 * Blkcnt arg can be a very big number, and might even be
1284 * larger than the log itself. So, we have to break it up into
1285 * manageable-sized transactions.
1286 * Note that we don't start a permanent transaction here; we might
1287 * not be able to get a log reservation for the whole thing up front,
1288 * and we don't really care to either, because we just discard
1289 * everything if we were to crash in the middle of this loop.
1290 */
1291 while (blkcnt--) {
1292 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
1293 XFS_FSB_TO_DADDR(mp, bno),
1294 mp->m_quotainfo->qi_dqchunklen, 0, &bp);
1295 if (error)
1296 break;
1297
1298 xfs_qm_reset_dqcounts(mp, bp, firstid, type);
1299 xfs_bdwrite(mp, bp);
1300 /*
1301 * goto the next block.
1302 */
1303 bno++;
1304 firstid += mp->m_quotainfo->qi_dqperchunk;
1305 }
1306 return error;
1307}
1308
1309/*
1310 * Iterate over all allocated USR/GRP/PRJ dquots in the system, calling a
1311 * caller supplied function for every chunk of dquots that we find.
1312 */
1313STATIC int
1314xfs_qm_dqiterate(
1315 xfs_mount_t *mp,
1316 xfs_inode_t *qip,
1317 uint flags)
1318{
1319 xfs_bmbt_irec_t *map;
1320 int i, nmaps; /* number of map entries */
1321 int error; /* return value */
1322 xfs_fileoff_t lblkno;
1323 xfs_filblks_t maxlblkcnt;
1324 xfs_dqid_t firstid;
1325 xfs_fsblock_t rablkno;
1326 xfs_filblks_t rablkcnt;
1327
1328 error = 0;
1329 /*
1330 * This looks racy, but we can't keep an inode lock across a
1331 * trans_reserve. But, this gets called during quotacheck, and that
1332 * happens only at mount time which is single threaded.
1333 */
1334 if (qip->i_d.di_nblocks == 0)
1335 return 0;
1336
1337 map = kmem_alloc(XFS_DQITER_MAP_SIZE * sizeof(*map), KM_SLEEP);
1338
1339 lblkno = 0;
1340 maxlblkcnt = XFS_B_TO_FSB(mp, (xfs_ufsize_t)XFS_MAXIOFFSET(mp));
1341 do {
1342 nmaps = XFS_DQITER_MAP_SIZE;
1343 /*
1344 * We aren't changing the inode itself. Just changing
1345 * some of its data. No new blocks are added here, and
1346 * the inode is never added to the transaction.
1347 */
1348 xfs_ilock(qip, XFS_ILOCK_SHARED);
1349 error = xfs_bmapi(NULL, qip, lblkno,
1350 maxlblkcnt - lblkno,
1351 XFS_BMAPI_METADATA,
1352 NULL,
1353 0, map, &nmaps, NULL);
1354 xfs_iunlock(qip, XFS_ILOCK_SHARED);
1355 if (error)
1356 break;
1357
1358 ASSERT(nmaps <= XFS_DQITER_MAP_SIZE);
1359 for (i = 0; i < nmaps; i++) {
1360 ASSERT(map[i].br_startblock != DELAYSTARTBLOCK);
1361 ASSERT(map[i].br_blockcount);
1362
1363
1364 lblkno += map[i].br_blockcount;
1365
1366 if (map[i].br_startblock == HOLESTARTBLOCK)
1367 continue;
1368
1369 firstid = (xfs_dqid_t) map[i].br_startoff *
1370 mp->m_quotainfo->qi_dqperchunk;
1371 /*
1372 * Do a read-ahead on the next extent.
1373 */
1374 if ((i+1 < nmaps) &&
1375 (map[i+1].br_startblock != HOLESTARTBLOCK)) {
1376 rablkcnt = map[i+1].br_blockcount;
1377 rablkno = map[i+1].br_startblock;
1378 while (rablkcnt--) {
1379 xfs_buf_readahead(mp->m_ddev_targp,
1380 XFS_FSB_TO_DADDR(mp, rablkno),
1381 mp->m_quotainfo->qi_dqchunklen);
1382 rablkno++;
1383 }
1384 }
1385 /*
1386 * Iterate thru all the blks in the extent and
1387 * reset the counters of all the dquots inside them.
1388 */
1389 if ((error = xfs_qm_dqiter_bufs(mp,
1390 firstid,
1391 map[i].br_startblock,
1392 map[i].br_blockcount,
1393 flags))) {
1394 break;
1395 }
1396 }
1397
1398 if (error)
1399 break;
1400 } while (nmaps > 0);
1401
1402 kmem_free(map);
1403
1404 return error;
1405}
1406
1407/*
1408 * Called by dqusage_adjust in doing a quotacheck.
1409 *
1410 * Given the inode, and a dquot id this updates both the incore dqout as well
1411 * as the buffer copy. This is so that once the quotacheck is done, we can
1412 * just log all the buffers, as opposed to logging numerous updates to
1413 * individual dquots.
1414 */
1415STATIC int
1416xfs_qm_quotacheck_dqadjust(
1417 struct xfs_inode *ip,
1418 xfs_dqid_t id,
1419 uint type,
1420 xfs_qcnt_t nblks,
1421 xfs_qcnt_t rtblks)
1422{
1423 struct xfs_mount *mp = ip->i_mount;
1424 struct xfs_dquot *dqp;
1425 int error;
1426
1427 error = xfs_qm_dqget(mp, ip, id, type,
1428 XFS_QMOPT_DQALLOC | XFS_QMOPT_DOWARN, &dqp);
1429 if (error) {
1430 /*
1431 * Shouldn't be able to turn off quotas here.
1432 */
1433 ASSERT(error != ESRCH);
1434 ASSERT(error != ENOENT);
1435 return error;
1436 }
1437
1438 trace_xfs_dqadjust(dqp);
1439
1440 /*
1441 * Adjust the inode count and the block count to reflect this inode's
1442 * resource usage.
1443 */
1444 be64_add_cpu(&dqp->q_core.d_icount, 1);
1445 dqp->q_res_icount++;
1446 if (nblks) {
1447 be64_add_cpu(&dqp->q_core.d_bcount, nblks);
1448 dqp->q_res_bcount += nblks;
1449 }
1450 if (rtblks) {
1451 be64_add_cpu(&dqp->q_core.d_rtbcount, rtblks);
1452 dqp->q_res_rtbcount += rtblks;
1453 }
1454
1455 /*
1456 * Set default limits, adjust timers (since we changed usages)
1457 *
1458 * There are no timers for the default values set in the root dquot.
1459 */
1460 if (dqp->q_core.d_id) {
1461 xfs_qm_adjust_dqlimits(mp, &dqp->q_core);
1462 xfs_qm_adjust_dqtimers(mp, &dqp->q_core);
1463 }
1464
1465 dqp->dq_flags |= XFS_DQ_DIRTY;
1466 xfs_qm_dqput(dqp);
1467 return 0;
1468}
1469
1470STATIC int
1471xfs_qm_get_rtblks(
1472 xfs_inode_t *ip,
1473 xfs_qcnt_t *O_rtblks)
1474{
1475 xfs_filblks_t rtblks; /* total rt blks */
1476 xfs_extnum_t idx; /* extent record index */
1477 xfs_ifork_t *ifp; /* inode fork pointer */
1478 xfs_extnum_t nextents; /* number of extent entries */
1479 int error;
1480
1481 ASSERT(XFS_IS_REALTIME_INODE(ip));
1482 ifp = XFS_IFORK_PTR(ip, XFS_DATA_FORK);
1483 if (!(ifp->if_flags & XFS_IFEXTENTS)) {
1484 if ((error = xfs_iread_extents(NULL, ip, XFS_DATA_FORK)))
1485 return error;
1486 }
1487 rtblks = 0;
1488 nextents = ifp->if_bytes / (uint)sizeof(xfs_bmbt_rec_t);
1489 for (idx = 0; idx < nextents; idx++)
1490 rtblks += xfs_bmbt_get_blockcount(xfs_iext_get_ext(ifp, idx));
1491 *O_rtblks = (xfs_qcnt_t)rtblks;
1492 return 0;
1493}
1494
1495/*
1496 * callback routine supplied to bulkstat(). Given an inumber, find its
1497 * dquots and update them to account for resources taken by that inode.
1498 */
1499/* ARGSUSED */
1500STATIC int
1501xfs_qm_dqusage_adjust(
1502 xfs_mount_t *mp, /* mount point for filesystem */
1503 xfs_ino_t ino, /* inode number to get data for */
1504 void __user *buffer, /* not used */
1505 int ubsize, /* not used */
1506 int *ubused, /* not used */
1507 int *res) /* result code value */
1508{
1509 xfs_inode_t *ip;
1510 xfs_qcnt_t nblks, rtblks = 0;
1511 int error;
1512
1513 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
1514
1515 /*
1516 * rootino must have its resources accounted for, not so with the quota
1517 * inodes.
1518 */
1519 if (ino == mp->m_sb.sb_uquotino || ino == mp->m_sb.sb_gquotino) {
1520 *res = BULKSTAT_RV_NOTHING;
1521 return XFS_ERROR(EINVAL);
1522 }
1523
1524 /*
1525 * We don't _need_ to take the ilock EXCL. However, the xfs_qm_dqget
1526 * interface expects the inode to be exclusively locked because that's
1527 * the case in all other instances. It's OK that we do this because
1528 * quotacheck is done only at mount time.
1529 */
1530 error = xfs_iget(mp, NULL, ino, 0, XFS_ILOCK_EXCL, &ip);
1531 if (error) {
1532 *res = BULKSTAT_RV_NOTHING;
1533 return error;
1534 }
1535
1536 ASSERT(ip->i_delayed_blks == 0);
1537
1538 if (XFS_IS_REALTIME_INODE(ip)) {
1539 /*
1540 * Walk thru the extent list and count the realtime blocks.
1541 */
1542 error = xfs_qm_get_rtblks(ip, &rtblks);
1543 if (error)
1544 goto error0;
1545 }
1546
1547 nblks = (xfs_qcnt_t)ip->i_d.di_nblocks - rtblks;
1548
1549 /*
1550 * Add the (disk blocks and inode) resources occupied by this
1551 * inode to its dquots. We do this adjustment in the incore dquot,
1552 * and also copy the changes to its buffer.
1553 * We don't care about putting these changes in a transaction
1554 * envelope because if we crash in the middle of a 'quotacheck'
1555 * we have to start from the beginning anyway.
1556 * Once we're done, we'll log all the dquot bufs.
1557 *
1558 * The *QUOTA_ON checks below may look pretty racy, but quotachecks
1559 * and quotaoffs don't race. (Quotachecks happen at mount time only).
1560 */
1561 if (XFS_IS_UQUOTA_ON(mp)) {
1562 error = xfs_qm_quotacheck_dqadjust(ip, ip->i_d.di_uid,
1563 XFS_DQ_USER, nblks, rtblks);
1564 if (error)
1565 goto error0;
1566 }
1567
1568 if (XFS_IS_GQUOTA_ON(mp)) {
1569 error = xfs_qm_quotacheck_dqadjust(ip, ip->i_d.di_gid,
1570 XFS_DQ_GROUP, nblks, rtblks);
1571 if (error)
1572 goto error0;
1573 }
1574
1575 if (XFS_IS_PQUOTA_ON(mp)) {
1576 error = xfs_qm_quotacheck_dqadjust(ip, xfs_get_projid(ip),
1577 XFS_DQ_PROJ, nblks, rtblks);
1578 if (error)
1579 goto error0;
1580 }
1581
1582 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1583 IRELE(ip);
1584 *res = BULKSTAT_RV_DIDONE;
1585 return 0;
1586
1587error0:
1588 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1589 IRELE(ip);
1590 *res = BULKSTAT_RV_GIVEUP;
1591 return error;
1592}
1593
1594/*
1595 * Walk thru all the filesystem inodes and construct a consistent view
1596 * of the disk quota world. If the quotacheck fails, disable quotas.
1597 */
1598int
1599xfs_qm_quotacheck(
1600 xfs_mount_t *mp)
1601{
1602 int done, count, error;
1603 xfs_ino_t lastino;
1604 size_t structsz;
1605 xfs_inode_t *uip, *gip;
1606 uint flags;
1607
1608 count = INT_MAX;
1609 structsz = 1;
1610 lastino = 0;
1611 flags = 0;
1612
1613 ASSERT(mp->m_quotainfo->qi_uquotaip || mp->m_quotainfo->qi_gquotaip);
1614 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
1615
1616 /*
1617 * There should be no cached dquots. The (simplistic) quotacheck
1618 * algorithm doesn't like that.
1619 */
1620 ASSERT(list_empty(&mp->m_quotainfo->qi_dqlist));
1621
1622 xfs_notice(mp, "Quotacheck needed: Please wait.");
1623
1624 /*
1625 * First we go thru all the dquots on disk, USR and GRP/PRJ, and reset
1626 * their counters to zero. We need a clean slate.
1627 * We don't log our changes till later.
1628 */
1629 uip = mp->m_quotainfo->qi_uquotaip;
1630 if (uip) {
1631 error = xfs_qm_dqiterate(mp, uip, XFS_QMOPT_UQUOTA);
1632 if (error)
1633 goto error_return;
1634 flags |= XFS_UQUOTA_CHKD;
1635 }
1636
1637 gip = mp->m_quotainfo->qi_gquotaip;
1638 if (gip) {
1639 error = xfs_qm_dqiterate(mp, gip, XFS_IS_GQUOTA_ON(mp) ?
1640 XFS_QMOPT_GQUOTA : XFS_QMOPT_PQUOTA);
1641 if (error)
1642 goto error_return;
1643 flags |= XFS_OQUOTA_CHKD;
1644 }
1645
1646 do {
1647 /*
1648 * Iterate thru all the inodes in the file system,
1649 * adjusting the corresponding dquot counters in core.
1650 */
1651 error = xfs_bulkstat(mp, &lastino, &count,
1652 xfs_qm_dqusage_adjust,
1653 structsz, NULL, &done);
1654 if (error)
1655 break;
1656
1657 } while (!done);
1658
1659 /*
1660 * We've made all the changes that we need to make incore.
1661 * Flush them down to disk buffers if everything was updated
1662 * successfully.
1663 */
1664 if (!error)
1665 error = xfs_qm_dqflush_all(mp, 0);
1666
1667 /*
1668 * We can get this error if we couldn't do a dquot allocation inside
1669 * xfs_qm_dqusage_adjust (via bulkstat). We don't care about the
1670 * dirty dquots that might be cached, we just want to get rid of them
1671 * and turn quotaoff. The dquots won't be attached to any of the inodes
1672 * at this point (because we intentionally didn't in dqget_noattach).
1673 */
1674 if (error) {
1675 xfs_qm_dqpurge_all(mp, XFS_QMOPT_QUOTALL);
1676 goto error_return;
1677 }
1678
1679 /*
1680 * We didn't log anything, because if we crashed, we'll have to
1681 * start the quotacheck from scratch anyway. However, we must make
1682 * sure that our dquot changes are secure before we put the
1683 * quotacheck'd stamp on the superblock. So, here we do a synchronous
1684 * flush.
1685 */
1686 XFS_bflush(mp->m_ddev_targp);
1687
1688 /*
1689 * If one type of quotas is off, then it will lose its
1690 * quotachecked status, since we won't be doing accounting for
1691 * that type anymore.
1692 */
1693 mp->m_qflags &= ~(XFS_OQUOTA_CHKD | XFS_UQUOTA_CHKD);
1694 mp->m_qflags |= flags;
1695
1696 error_return:
1697 if (error) {
1698 xfs_warn(mp,
1699 "Quotacheck: Unsuccessful (Error %d): Disabling quotas.",
1700 error);
1701 /*
1702 * We must turn off quotas.
1703 */
1704 ASSERT(mp->m_quotainfo != NULL);
1705 ASSERT(xfs_Gqm != NULL);
1706 xfs_qm_destroy_quotainfo(mp);
1707 if (xfs_mount_reset_sbqflags(mp)) {
1708 xfs_warn(mp,
1709 "Quotacheck: Failed to reset quota flags.");
1710 }
1711 } else
1712 xfs_notice(mp, "Quotacheck: Done.");
1713 return (error);
1714}
1715
1716/*
1717 * This is called after the superblock has been read in and we're ready to
1718 * iget the quota inodes.
1719 */
1720STATIC int
1721xfs_qm_init_quotainos(
1722 xfs_mount_t *mp)
1723{
1724 xfs_inode_t *uip, *gip;
1725 int error;
1726 __int64_t sbflags;
1727 uint flags;
1728
1729 ASSERT(mp->m_quotainfo);
1730 uip = gip = NULL;
1731 sbflags = 0;
1732 flags = 0;
1733
1734 /*
1735 * Get the uquota and gquota inodes
1736 */
1737 if (xfs_sb_version_hasquota(&mp->m_sb)) {
1738 if (XFS_IS_UQUOTA_ON(mp) &&
1739 mp->m_sb.sb_uquotino != NULLFSINO) {
1740 ASSERT(mp->m_sb.sb_uquotino > 0);
1741 if ((error = xfs_iget(mp, NULL, mp->m_sb.sb_uquotino,
1742 0, 0, &uip)))
1743 return XFS_ERROR(error);
1744 }
1745 if (XFS_IS_OQUOTA_ON(mp) &&
1746 mp->m_sb.sb_gquotino != NULLFSINO) {
1747 ASSERT(mp->m_sb.sb_gquotino > 0);
1748 if ((error = xfs_iget(mp, NULL, mp->m_sb.sb_gquotino,
1749 0, 0, &gip))) {
1750 if (uip)
1751 IRELE(uip);
1752 return XFS_ERROR(error);
1753 }
1754 }
1755 } else {
1756 flags |= XFS_QMOPT_SBVERSION;
1757 sbflags |= (XFS_SB_VERSIONNUM | XFS_SB_UQUOTINO |
1758 XFS_SB_GQUOTINO | XFS_SB_QFLAGS);
1759 }
1760
1761 /*
1762 * Create the two inodes, if they don't exist already. The changes
1763 * made above will get added to a transaction and logged in one of
1764 * the qino_alloc calls below. If the device is readonly,
1765 * temporarily switch to read-write to do this.
1766 */
1767 if (XFS_IS_UQUOTA_ON(mp) && uip == NULL) {
1768 if ((error = xfs_qm_qino_alloc(mp, &uip,
1769 sbflags | XFS_SB_UQUOTINO,
1770 flags | XFS_QMOPT_UQUOTA)))
1771 return XFS_ERROR(error);
1772
1773 flags &= ~XFS_QMOPT_SBVERSION;
1774 }
1775 if (XFS_IS_OQUOTA_ON(mp) && gip == NULL) {
1776 flags |= (XFS_IS_GQUOTA_ON(mp) ?
1777 XFS_QMOPT_GQUOTA : XFS_QMOPT_PQUOTA);
1778 error = xfs_qm_qino_alloc(mp, &gip,
1779 sbflags | XFS_SB_GQUOTINO, flags);
1780 if (error) {
1781 if (uip)
1782 IRELE(uip);
1783
1784 return XFS_ERROR(error);
1785 }
1786 }
1787
1788 mp->m_quotainfo->qi_uquotaip = uip;
1789 mp->m_quotainfo->qi_gquotaip = gip;
1790
1791 return 0;
1792}
1793
1794
1795
1796/*
1797 * Just pop the least recently used dquot off the freelist and
1798 * recycle it. The returned dquot is locked.
1799 */
1800STATIC xfs_dquot_t *
1801xfs_qm_dqreclaim_one(void)
1802{
1803 xfs_dquot_t *dqpout;
1804 xfs_dquot_t *dqp;
1805 int restarts;
1806 int startagain;
1807
1808 restarts = 0;
1809 dqpout = NULL;
1810
1811 /* lockorder: hashchainlock, freelistlock, mplistlock, dqlock, dqflock */
1812again:
1813 startagain = 0;
1814 mutex_lock(&xfs_Gqm->qm_dqfrlist_lock);
1815
1816 list_for_each_entry(dqp, &xfs_Gqm->qm_dqfrlist, q_freelist) {
1817 struct xfs_mount *mp = dqp->q_mount;
1818 xfs_dqlock(dqp);
1819
1820 /*
1821 * We are racing with dqlookup here. Naturally we don't
1822 * want to reclaim a dquot that lookup wants. We release the
1823 * freelist lock and start over, so that lookup will grab
1824 * both the dquot and the freelistlock.
1825 */
1826 if (dqp->dq_flags & XFS_DQ_WANT) {
1827 ASSERT(! (dqp->dq_flags & XFS_DQ_INACTIVE));
1828
1829 trace_xfs_dqreclaim_want(dqp);
1830 XQM_STATS_INC(xqmstats.xs_qm_dqwants);
1831 restarts++;
1832 startagain = 1;
1833 goto dqunlock;
1834 }
1835
1836 /*
1837 * If the dquot is inactive, we are assured that it is
1838 * not on the mplist or the hashlist, and that makes our
1839 * life easier.
1840 */
1841 if (dqp->dq_flags & XFS_DQ_INACTIVE) {
1842 ASSERT(mp == NULL);
1843 ASSERT(! XFS_DQ_IS_DIRTY(dqp));
1844 ASSERT(list_empty(&dqp->q_hashlist));
1845 ASSERT(list_empty(&dqp->q_mplist));
1846 list_del_init(&dqp->q_freelist);
1847 xfs_Gqm->qm_dqfrlist_cnt--;
1848 dqpout = dqp;
1849 XQM_STATS_INC(xqmstats.xs_qm_dqinact_reclaims);
1850 goto dqunlock;
1851 }
1852
1853 ASSERT(dqp->q_hash);
1854 ASSERT(!list_empty(&dqp->q_mplist));
1855
1856 /*
1857 * Try to grab the flush lock. If this dquot is in the process
1858 * of getting flushed to disk, we don't want to reclaim it.
1859 */
1860 if (!xfs_dqflock_nowait(dqp))
1861 goto dqunlock;
1862
1863 /*
1864 * We have the flush lock so we know that this is not in the
1865 * process of being flushed. So, if this is dirty, flush it
1866 * DELWRI so that we don't get a freelist infested with
1867 * dirty dquots.
1868 */
1869 if (XFS_DQ_IS_DIRTY(dqp)) {
1870 int error;
1871
1872 trace_xfs_dqreclaim_dirty(dqp);
1873
1874 /*
1875 * We flush it delayed write, so don't bother
1876 * releasing the freelist lock.
1877 */
1878 error = xfs_qm_dqflush(dqp, 0);
1879 if (error) {
1880 xfs_warn(mp, "%s: dquot %p flush failed",
1881 __func__, dqp);
1882 }
1883 goto dqunlock;
1884 }
1885
1886 /*
1887 * We're trying to get the hashlock out of order. This races
1888 * with dqlookup; so, we giveup and goto the next dquot if
1889 * we couldn't get the hashlock. This way, we won't starve
1890 * a dqlookup process that holds the hashlock that is
1891 * waiting for the freelist lock.
1892 */
1893 if (!mutex_trylock(&dqp->q_hash->qh_lock)) {
1894 restarts++;
1895 goto dqfunlock;
1896 }
1897
1898 /*
1899 * This races with dquot allocation code as well as dqflush_all
1900 * and reclaim code. So, if we failed to grab the mplist lock,
1901 * giveup everything and start over.
1902 */
1903 if (!mutex_trylock(&mp->m_quotainfo->qi_dqlist_lock)) {
1904 restarts++;
1905 startagain = 1;
1906 goto qhunlock;
1907 }
1908
1909 ASSERT(dqp->q_nrefs == 0);
1910 list_del_init(&dqp->q_mplist);
1911 mp->m_quotainfo->qi_dquots--;
1912 mp->m_quotainfo->qi_dqreclaims++;
1913 list_del_init(&dqp->q_hashlist);
1914 dqp->q_hash->qh_version++;
1915 list_del_init(&dqp->q_freelist);
1916 xfs_Gqm->qm_dqfrlist_cnt--;
1917 dqpout = dqp;
1918 mutex_unlock(&mp->m_quotainfo->qi_dqlist_lock);
1919qhunlock:
1920 mutex_unlock(&dqp->q_hash->qh_lock);
1921dqfunlock:
1922 xfs_dqfunlock(dqp);
1923dqunlock:
1924 xfs_dqunlock(dqp);
1925 if (dqpout)
1926 break;
1927 if (restarts >= XFS_QM_RECLAIM_MAX_RESTARTS)
1928 break;
1929 if (startagain) {
1930 mutex_unlock(&xfs_Gqm->qm_dqfrlist_lock);
1931 goto again;
1932 }
1933 }
1934 mutex_unlock(&xfs_Gqm->qm_dqfrlist_lock);
1935 return dqpout;
1936}
1937
1938/*
1939 * Traverse the freelist of dquots and attempt to reclaim a maximum of
1940 * 'howmany' dquots. This operation races with dqlookup(), and attempts to
1941 * favor the lookup function ...
1942 */
1943STATIC int
1944xfs_qm_shake_freelist(
1945 int howmany)
1946{
1947 int nreclaimed = 0;
1948 xfs_dquot_t *dqp;
1949
1950 if (howmany <= 0)
1951 return 0;
1952
1953 while (nreclaimed < howmany) {
1954 dqp = xfs_qm_dqreclaim_one();
1955 if (!dqp)
1956 return nreclaimed;
1957 xfs_qm_dqdestroy(dqp);
1958 nreclaimed++;
1959 }
1960 return nreclaimed;
1961}
1962
1963/*
1964 * The kmem_shake interface is invoked when memory is running low.
1965 */
1966/* ARGSUSED */
1967STATIC int
1968xfs_qm_shake(
1969 struct shrinker *shrink,
1970 struct shrink_control *sc)
1971{
1972 int ndqused, nfree, n;
1973 gfp_t gfp_mask = sc->gfp_mask;
1974
1975 if (!kmem_shake_allow(gfp_mask))
1976 return 0;
1977 if (!xfs_Gqm)
1978 return 0;
1979
1980 nfree = xfs_Gqm->qm_dqfrlist_cnt; /* free dquots */
1981 /* incore dquots in all f/s's */
1982 ndqused = atomic_read(&xfs_Gqm->qm_totaldquots) - nfree;
1983
1984 ASSERT(ndqused >= 0);
1985
1986 if (nfree <= ndqused && nfree < ndquot)
1987 return 0;
1988
1989 ndqused *= xfs_Gqm->qm_dqfree_ratio; /* target # of free dquots */
1990 n = nfree - ndqused - ndquot; /* # over target */
1991
1992 return xfs_qm_shake_freelist(MAX(nfree, n));
1993}
1994
1995
1996/*------------------------------------------------------------------*/
1997
1998/*
1999 * Return a new incore dquot. Depending on the number of
2000 * dquots in the system, we either allocate a new one on the kernel heap,
2001 * or reclaim a free one.
2002 * Return value is B_TRUE if we allocated a new dquot, B_FALSE if we managed
2003 * to reclaim an existing one from the freelist.
2004 */
2005boolean_t
2006xfs_qm_dqalloc_incore(
2007 xfs_dquot_t **O_dqpp)
2008{
2009 xfs_dquot_t *dqp;
2010
2011 /*
2012 * Check against high water mark to see if we want to pop
2013 * a nincompoop dquot off the freelist.
2014 */
2015 if (atomic_read(&xfs_Gqm->qm_totaldquots) >= ndquot) {
2016 /*
2017 * Try to recycle a dquot from the freelist.
2018 */
2019 if ((dqp = xfs_qm_dqreclaim_one())) {
2020 XQM_STATS_INC(xqmstats.xs_qm_dqreclaims);
2021 /*
2022 * Just zero the core here. The rest will get
2023 * reinitialized by caller. XXX we shouldn't even
2024 * do this zero ...
2025 */
2026 memset(&dqp->q_core, 0, sizeof(dqp->q_core));
2027 *O_dqpp = dqp;
2028 return B_FALSE;
2029 }
2030 XQM_STATS_INC(xqmstats.xs_qm_dqreclaim_misses);
2031 }
2032
2033 /*
2034 * Allocate a brand new dquot on the kernel heap and return it
2035 * to the caller to initialize.
2036 */
2037 ASSERT(xfs_Gqm->qm_dqzone != NULL);
2038 *O_dqpp = kmem_zone_zalloc(xfs_Gqm->qm_dqzone, KM_SLEEP);
2039 atomic_inc(&xfs_Gqm->qm_totaldquots);
2040
2041 return B_TRUE;
2042}
2043
2044
2045/*
2046 * Start a transaction and write the incore superblock changes to
2047 * disk. flags parameter indicates which fields have changed.
2048 */
2049int
2050xfs_qm_write_sb_changes(
2051 xfs_mount_t *mp,
2052 __int64_t flags)
2053{
2054 xfs_trans_t *tp;
2055 int error;
2056
2057 tp = xfs_trans_alloc(mp, XFS_TRANS_QM_SBCHANGE);
2058 if ((error = xfs_trans_reserve(tp, 0,
2059 mp->m_sb.sb_sectsize + 128, 0,
2060 0,
2061 XFS_DEFAULT_LOG_COUNT))) {
2062 xfs_trans_cancel(tp, 0);
2063 return error;
2064 }
2065
2066 xfs_mod_sb(tp, flags);
2067 error = xfs_trans_commit(tp, 0);
2068
2069 return error;
2070}
2071
2072
2073/* --------------- utility functions for vnodeops ---------------- */
2074
2075
2076/*
2077 * Given an inode, a uid, gid and prid make sure that we have
2078 * allocated relevant dquot(s) on disk, and that we won't exceed inode
2079 * quotas by creating this file.
2080 * This also attaches dquot(s) to the given inode after locking it,
2081 * and returns the dquots corresponding to the uid and/or gid.
2082 *
2083 * in : inode (unlocked)
2084 * out : udquot, gdquot with references taken and unlocked
2085 */
2086int
2087xfs_qm_vop_dqalloc(
2088 struct xfs_inode *ip,
2089 uid_t uid,
2090 gid_t gid,
2091 prid_t prid,
2092 uint flags,
2093 struct xfs_dquot **O_udqpp,
2094 struct xfs_dquot **O_gdqpp)
2095{
2096 struct xfs_mount *mp = ip->i_mount;
2097 struct xfs_dquot *uq, *gq;
2098 int error;
2099 uint lockflags;
2100
2101 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
2102 return 0;
2103
2104 lockflags = XFS_ILOCK_EXCL;
2105 xfs_ilock(ip, lockflags);
2106
2107 if ((flags & XFS_QMOPT_INHERIT) && XFS_INHERIT_GID(ip))
2108 gid = ip->i_d.di_gid;
2109
2110 /*
2111 * Attach the dquot(s) to this inode, doing a dquot allocation
2112 * if necessary. The dquot(s) will not be locked.
2113 */
2114 if (XFS_NOT_DQATTACHED(mp, ip)) {
2115 error = xfs_qm_dqattach_locked(ip, XFS_QMOPT_DQALLOC);
2116 if (error) {
2117 xfs_iunlock(ip, lockflags);
2118 return error;
2119 }
2120 }
2121
2122 uq = gq = NULL;
2123 if ((flags & XFS_QMOPT_UQUOTA) && XFS_IS_UQUOTA_ON(mp)) {
2124 if (ip->i_d.di_uid != uid) {
2125 /*
2126 * What we need is the dquot that has this uid, and
2127 * if we send the inode to dqget, the uid of the inode
2128 * takes priority over what's sent in the uid argument.
2129 * We must unlock inode here before calling dqget if
2130 * we're not sending the inode, because otherwise
2131 * we'll deadlock by doing trans_reserve while
2132 * holding ilock.
2133 */
2134 xfs_iunlock(ip, lockflags);
2135 if ((error = xfs_qm_dqget(mp, NULL, (xfs_dqid_t) uid,
2136 XFS_DQ_USER,
2137 XFS_QMOPT_DQALLOC |
2138 XFS_QMOPT_DOWARN,
2139 &uq))) {
2140 ASSERT(error != ENOENT);
2141 return error;
2142 }
2143 /*
2144 * Get the ilock in the right order.
2145 */
2146 xfs_dqunlock(uq);
2147 lockflags = XFS_ILOCK_SHARED;
2148 xfs_ilock(ip, lockflags);
2149 } else {
2150 /*
2151 * Take an extra reference, because we'll return
2152 * this to caller
2153 */
2154 ASSERT(ip->i_udquot);
2155 uq = ip->i_udquot;
2156 xfs_dqlock(uq);
2157 XFS_DQHOLD(uq);
2158 xfs_dqunlock(uq);
2159 }
2160 }
2161 if ((flags & XFS_QMOPT_GQUOTA) && XFS_IS_GQUOTA_ON(mp)) {
2162 if (ip->i_d.di_gid != gid) {
2163 xfs_iunlock(ip, lockflags);
2164 if ((error = xfs_qm_dqget(mp, NULL, (xfs_dqid_t)gid,
2165 XFS_DQ_GROUP,
2166 XFS_QMOPT_DQALLOC |
2167 XFS_QMOPT_DOWARN,
2168 &gq))) {
2169 if (uq)
2170 xfs_qm_dqrele(uq);
2171 ASSERT(error != ENOENT);
2172 return error;
2173 }
2174 xfs_dqunlock(gq);
2175 lockflags = XFS_ILOCK_SHARED;
2176 xfs_ilock(ip, lockflags);
2177 } else {
2178 ASSERT(ip->i_gdquot);
2179 gq = ip->i_gdquot;
2180 xfs_dqlock(gq);
2181 XFS_DQHOLD(gq);
2182 xfs_dqunlock(gq);
2183 }
2184 } else if ((flags & XFS_QMOPT_PQUOTA) && XFS_IS_PQUOTA_ON(mp)) {
2185 if (xfs_get_projid(ip) != prid) {
2186 xfs_iunlock(ip, lockflags);
2187 if ((error = xfs_qm_dqget(mp, NULL, (xfs_dqid_t)prid,
2188 XFS_DQ_PROJ,
2189 XFS_QMOPT_DQALLOC |
2190 XFS_QMOPT_DOWARN,
2191 &gq))) {
2192 if (uq)
2193 xfs_qm_dqrele(uq);
2194 ASSERT(error != ENOENT);
2195 return (error);
2196 }
2197 xfs_dqunlock(gq);
2198 lockflags = XFS_ILOCK_SHARED;
2199 xfs_ilock(ip, lockflags);
2200 } else {
2201 ASSERT(ip->i_gdquot);
2202 gq = ip->i_gdquot;
2203 xfs_dqlock(gq);
2204 XFS_DQHOLD(gq);
2205 xfs_dqunlock(gq);
2206 }
2207 }
2208 if (uq)
2209 trace_xfs_dquot_dqalloc(ip);
2210
2211 xfs_iunlock(ip, lockflags);
2212 if (O_udqpp)
2213 *O_udqpp = uq;
2214 else if (uq)
2215 xfs_qm_dqrele(uq);
2216 if (O_gdqpp)
2217 *O_gdqpp = gq;
2218 else if (gq)
2219 xfs_qm_dqrele(gq);
2220 return 0;
2221}
2222
2223/*
2224 * Actually transfer ownership, and do dquot modifications.
2225 * These were already reserved.
2226 */
2227xfs_dquot_t *
2228xfs_qm_vop_chown(
2229 xfs_trans_t *tp,
2230 xfs_inode_t *ip,
2231 xfs_dquot_t **IO_olddq,
2232 xfs_dquot_t *newdq)
2233{
2234 xfs_dquot_t *prevdq;
2235 uint bfield = XFS_IS_REALTIME_INODE(ip) ?
2236 XFS_TRANS_DQ_RTBCOUNT : XFS_TRANS_DQ_BCOUNT;
2237
2238
2239 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
2240 ASSERT(XFS_IS_QUOTA_RUNNING(ip->i_mount));
2241
2242 /* old dquot */
2243 prevdq = *IO_olddq;
2244 ASSERT(prevdq);
2245 ASSERT(prevdq != newdq);
2246
2247 xfs_trans_mod_dquot(tp, prevdq, bfield, -(ip->i_d.di_nblocks));
2248 xfs_trans_mod_dquot(tp, prevdq, XFS_TRANS_DQ_ICOUNT, -1);
2249
2250 /* the sparkling new dquot */
2251 xfs_trans_mod_dquot(tp, newdq, bfield, ip->i_d.di_nblocks);
2252 xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_ICOUNT, 1);
2253
2254 /*
2255 * Take an extra reference, because the inode
2256 * is going to keep this dquot pointer even
2257 * after the trans_commit.
2258 */
2259 xfs_dqlock(newdq);
2260 XFS_DQHOLD(newdq);
2261 xfs_dqunlock(newdq);
2262 *IO_olddq = newdq;
2263
2264 return prevdq;
2265}
2266
2267/*
2268 * Quota reservations for setattr(AT_UID|AT_GID|AT_PROJID).
2269 */
2270int
2271xfs_qm_vop_chown_reserve(
2272 xfs_trans_t *tp,
2273 xfs_inode_t *ip,
2274 xfs_dquot_t *udqp,
2275 xfs_dquot_t *gdqp,
2276 uint flags)
2277{
2278 xfs_mount_t *mp = ip->i_mount;
2279 uint delblks, blkflags, prjflags = 0;
2280 xfs_dquot_t *unresudq, *unresgdq, *delblksudq, *delblksgdq;
2281 int error;
2282
2283
2284 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL|XFS_ILOCK_SHARED));
2285 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
2286
2287 delblks = ip->i_delayed_blks;
2288 delblksudq = delblksgdq = unresudq = unresgdq = NULL;
2289 blkflags = XFS_IS_REALTIME_INODE(ip) ?
2290 XFS_QMOPT_RES_RTBLKS : XFS_QMOPT_RES_REGBLKS;
2291
2292 if (XFS_IS_UQUOTA_ON(mp) && udqp &&
2293 ip->i_d.di_uid != (uid_t)be32_to_cpu(udqp->q_core.d_id)) {
2294 delblksudq = udqp;
2295 /*
2296 * If there are delayed allocation blocks, then we have to
2297 * unreserve those from the old dquot, and add them to the
2298 * new dquot.
2299 */
2300 if (delblks) {
2301 ASSERT(ip->i_udquot);
2302 unresudq = ip->i_udquot;
2303 }
2304 }
2305 if (XFS_IS_OQUOTA_ON(ip->i_mount) && gdqp) {
2306 if (XFS_IS_PQUOTA_ON(ip->i_mount) &&
2307 xfs_get_projid(ip) != be32_to_cpu(gdqp->q_core.d_id))
2308 prjflags = XFS_QMOPT_ENOSPC;
2309
2310 if (prjflags ||
2311 (XFS_IS_GQUOTA_ON(ip->i_mount) &&
2312 ip->i_d.di_gid != be32_to_cpu(gdqp->q_core.d_id))) {
2313 delblksgdq = gdqp;
2314 if (delblks) {
2315 ASSERT(ip->i_gdquot);
2316 unresgdq = ip->i_gdquot;
2317 }
2318 }
2319 }
2320
2321 if ((error = xfs_trans_reserve_quota_bydquots(tp, ip->i_mount,
2322 delblksudq, delblksgdq, ip->i_d.di_nblocks, 1,
2323 flags | blkflags | prjflags)))
2324 return (error);
2325
2326 /*
2327 * Do the delayed blks reservations/unreservations now. Since, these
2328 * are done without the help of a transaction, if a reservation fails
2329 * its previous reservations won't be automatically undone by trans
2330 * code. So, we have to do it manually here.
2331 */
2332 if (delblks) {
2333 /*
2334 * Do the reservations first. Unreservation can't fail.
2335 */
2336 ASSERT(delblksudq || delblksgdq);
2337 ASSERT(unresudq || unresgdq);
2338 if ((error = xfs_trans_reserve_quota_bydquots(NULL, ip->i_mount,
2339 delblksudq, delblksgdq, (xfs_qcnt_t)delblks, 0,
2340 flags | blkflags | prjflags)))
2341 return (error);
2342 xfs_trans_reserve_quota_bydquots(NULL, ip->i_mount,
2343 unresudq, unresgdq, -((xfs_qcnt_t)delblks), 0,
2344 blkflags);
2345 }
2346
2347 return (0);
2348}
2349
2350int
2351xfs_qm_vop_rename_dqattach(
2352 struct xfs_inode **i_tab)
2353{
2354 struct xfs_mount *mp = i_tab[0]->i_mount;
2355 int i;
2356
2357 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
2358 return 0;
2359
2360 for (i = 0; (i < 4 && i_tab[i]); i++) {
2361 struct xfs_inode *ip = i_tab[i];
2362 int error;
2363
2364 /*
2365 * Watch out for duplicate entries in the table.
2366 */
2367 if (i == 0 || ip != i_tab[i-1]) {
2368 if (XFS_NOT_DQATTACHED(mp, ip)) {
2369 error = xfs_qm_dqattach(ip, 0);
2370 if (error)
2371 return error;
2372 }
2373 }
2374 }
2375 return 0;
2376}
2377
2378void
2379xfs_qm_vop_create_dqattach(
2380 struct xfs_trans *tp,
2381 struct xfs_inode *ip,
2382 struct xfs_dquot *udqp,
2383 struct xfs_dquot *gdqp)
2384{
2385 struct xfs_mount *mp = tp->t_mountp;
2386
2387 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
2388 return;
2389
2390 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
2391 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
2392
2393 if (udqp) {
2394 xfs_dqlock(udqp);
2395 XFS_DQHOLD(udqp);
2396 xfs_dqunlock(udqp);
2397 ASSERT(ip->i_udquot == NULL);
2398 ip->i_udquot = udqp;
2399 ASSERT(XFS_IS_UQUOTA_ON(mp));
2400 ASSERT(ip->i_d.di_uid == be32_to_cpu(udqp->q_core.d_id));
2401 xfs_trans_mod_dquot(tp, udqp, XFS_TRANS_DQ_ICOUNT, 1);
2402 }
2403 if (gdqp) {
2404 xfs_dqlock(gdqp);
2405 XFS_DQHOLD(gdqp);
2406 xfs_dqunlock(gdqp);
2407 ASSERT(ip->i_gdquot == NULL);
2408 ip->i_gdquot = gdqp;
2409 ASSERT(XFS_IS_OQUOTA_ON(mp));
2410 ASSERT((XFS_IS_GQUOTA_ON(mp) ?
2411 ip->i_d.di_gid : xfs_get_projid(ip)) ==
2412 be32_to_cpu(gdqp->q_core.d_id));
2413 xfs_trans_mod_dquot(tp, gdqp, XFS_TRANS_DQ_ICOUNT, 1);
2414 }
2415}
2416
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4 * All Rights Reserved.
5 */
6#include "xfs.h"
7#include "xfs_fs.h"
8#include "xfs_shared.h"
9#include "xfs_format.h"
10#include "xfs_log_format.h"
11#include "xfs_trans_resv.h"
12#include "xfs_bit.h"
13#include "xfs_sb.h"
14#include "xfs_mount.h"
15#include "xfs_inode.h"
16#include "xfs_iwalk.h"
17#include "xfs_quota.h"
18#include "xfs_bmap.h"
19#include "xfs_bmap_util.h"
20#include "xfs_trans.h"
21#include "xfs_trans_space.h"
22#include "xfs_qm.h"
23#include "xfs_trace.h"
24#include "xfs_icache.h"
25#include "xfs_error.h"
26#include "xfs_ag.h"
27#include "xfs_ialloc.h"
28
29/*
30 * The global quota manager. There is only one of these for the entire
31 * system, _not_ one per file system. XQM keeps track of the overall
32 * quota functionality, including maintaining the freelist and hash
33 * tables of dquots.
34 */
35STATIC int xfs_qm_init_quotainos(struct xfs_mount *mp);
36STATIC int xfs_qm_init_quotainfo(struct xfs_mount *mp);
37
38STATIC void xfs_qm_destroy_quotainos(struct xfs_quotainfo *qi);
39STATIC void xfs_qm_dqfree_one(struct xfs_dquot *dqp);
40/*
41 * We use the batch lookup interface to iterate over the dquots as it
42 * currently is the only interface into the radix tree code that allows
43 * fuzzy lookups instead of exact matches. Holding the lock over multiple
44 * operations is fine as all callers are used either during mount/umount
45 * or quotaoff.
46 */
47#define XFS_DQ_LOOKUP_BATCH 32
48
49STATIC int
50xfs_qm_dquot_walk(
51 struct xfs_mount *mp,
52 xfs_dqtype_t type,
53 int (*execute)(struct xfs_dquot *dqp, void *data),
54 void *data)
55{
56 struct xfs_quotainfo *qi = mp->m_quotainfo;
57 struct radix_tree_root *tree = xfs_dquot_tree(qi, type);
58 uint32_t next_index;
59 int last_error = 0;
60 int skipped;
61 int nr_found;
62
63restart:
64 skipped = 0;
65 next_index = 0;
66 nr_found = 0;
67
68 while (1) {
69 struct xfs_dquot *batch[XFS_DQ_LOOKUP_BATCH];
70 int error = 0;
71 int i;
72
73 mutex_lock(&qi->qi_tree_lock);
74 nr_found = radix_tree_gang_lookup(tree, (void **)batch,
75 next_index, XFS_DQ_LOOKUP_BATCH);
76 if (!nr_found) {
77 mutex_unlock(&qi->qi_tree_lock);
78 break;
79 }
80
81 for (i = 0; i < nr_found; i++) {
82 struct xfs_dquot *dqp = batch[i];
83
84 next_index = dqp->q_id + 1;
85
86 error = execute(batch[i], data);
87 if (error == -EAGAIN) {
88 skipped++;
89 continue;
90 }
91 if (error && last_error != -EFSCORRUPTED)
92 last_error = error;
93 }
94
95 mutex_unlock(&qi->qi_tree_lock);
96
97 /* bail out if the filesystem is corrupted. */
98 if (last_error == -EFSCORRUPTED) {
99 skipped = 0;
100 break;
101 }
102 /* we're done if id overflows back to zero */
103 if (!next_index)
104 break;
105 }
106
107 if (skipped) {
108 delay(1);
109 goto restart;
110 }
111
112 return last_error;
113}
114
115
116/*
117 * Purge a dquot from all tracking data structures and free it.
118 */
119STATIC int
120xfs_qm_dqpurge(
121 struct xfs_dquot *dqp,
122 void *data)
123{
124 struct xfs_mount *mp = dqp->q_mount;
125 struct xfs_quotainfo *qi = mp->m_quotainfo;
126 int error = -EAGAIN;
127
128 xfs_dqlock(dqp);
129 if ((dqp->q_flags & XFS_DQFLAG_FREEING) || dqp->q_nrefs != 0)
130 goto out_unlock;
131
132 dqp->q_flags |= XFS_DQFLAG_FREEING;
133
134 xfs_dqflock(dqp);
135
136 /*
137 * If we are turning this type of quotas off, we don't care
138 * about the dirty metadata sitting in this dquot. OTOH, if
139 * we're unmounting, we do care, so we flush it and wait.
140 */
141 if (XFS_DQ_IS_DIRTY(dqp)) {
142 struct xfs_buf *bp = NULL;
143
144 /*
145 * We don't care about getting disk errors here. We need
146 * to purge this dquot anyway, so we go ahead regardless.
147 */
148 error = xfs_qm_dqflush(dqp, &bp);
149 if (!error) {
150 error = xfs_bwrite(bp);
151 xfs_buf_relse(bp);
152 } else if (error == -EAGAIN) {
153 dqp->q_flags &= ~XFS_DQFLAG_FREEING;
154 goto out_unlock;
155 }
156 xfs_dqflock(dqp);
157 }
158
159 ASSERT(atomic_read(&dqp->q_pincount) == 0);
160 ASSERT(XFS_FORCED_SHUTDOWN(mp) ||
161 !test_bit(XFS_LI_IN_AIL, &dqp->q_logitem.qli_item.li_flags));
162
163 xfs_dqfunlock(dqp);
164 xfs_dqunlock(dqp);
165
166 radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id);
167 qi->qi_dquots--;
168
169 /*
170 * We move dquots to the freelist as soon as their reference count
171 * hits zero, so it really should be on the freelist here.
172 */
173 ASSERT(!list_empty(&dqp->q_lru));
174 list_lru_del(&qi->qi_lru, &dqp->q_lru);
175 XFS_STATS_DEC(mp, xs_qm_dquot_unused);
176
177 xfs_qm_dqdestroy(dqp);
178 return 0;
179
180out_unlock:
181 xfs_dqunlock(dqp);
182 return error;
183}
184
185/*
186 * Purge the dquot cache.
187 */
188void
189xfs_qm_dqpurge_all(
190 struct xfs_mount *mp,
191 uint flags)
192{
193 if (flags & XFS_QMOPT_UQUOTA)
194 xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_dqpurge, NULL);
195 if (flags & XFS_QMOPT_GQUOTA)
196 xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_dqpurge, NULL);
197 if (flags & XFS_QMOPT_PQUOTA)
198 xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_dqpurge, NULL);
199}
200
201/*
202 * Just destroy the quotainfo structure.
203 */
204void
205xfs_qm_unmount(
206 struct xfs_mount *mp)
207{
208 if (mp->m_quotainfo) {
209 xfs_qm_dqpurge_all(mp, XFS_QMOPT_QUOTALL);
210 xfs_qm_destroy_quotainfo(mp);
211 }
212}
213
214/*
215 * Called from the vfsops layer.
216 */
217void
218xfs_qm_unmount_quotas(
219 xfs_mount_t *mp)
220{
221 /*
222 * Release the dquots that root inode, et al might be holding,
223 * before we flush quotas and blow away the quotainfo structure.
224 */
225 ASSERT(mp->m_rootip);
226 xfs_qm_dqdetach(mp->m_rootip);
227 if (mp->m_rbmip)
228 xfs_qm_dqdetach(mp->m_rbmip);
229 if (mp->m_rsumip)
230 xfs_qm_dqdetach(mp->m_rsumip);
231
232 /*
233 * Release the quota inodes.
234 */
235 if (mp->m_quotainfo) {
236 if (mp->m_quotainfo->qi_uquotaip) {
237 xfs_irele(mp->m_quotainfo->qi_uquotaip);
238 mp->m_quotainfo->qi_uquotaip = NULL;
239 }
240 if (mp->m_quotainfo->qi_gquotaip) {
241 xfs_irele(mp->m_quotainfo->qi_gquotaip);
242 mp->m_quotainfo->qi_gquotaip = NULL;
243 }
244 if (mp->m_quotainfo->qi_pquotaip) {
245 xfs_irele(mp->m_quotainfo->qi_pquotaip);
246 mp->m_quotainfo->qi_pquotaip = NULL;
247 }
248 }
249}
250
251STATIC int
252xfs_qm_dqattach_one(
253 struct xfs_inode *ip,
254 xfs_dqtype_t type,
255 bool doalloc,
256 struct xfs_dquot **IO_idqpp)
257{
258 struct xfs_dquot *dqp;
259 int error;
260
261 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
262 error = 0;
263
264 /*
265 * See if we already have it in the inode itself. IO_idqpp is &i_udquot
266 * or &i_gdquot. This made the code look weird, but made the logic a lot
267 * simpler.
268 */
269 dqp = *IO_idqpp;
270 if (dqp) {
271 trace_xfs_dqattach_found(dqp);
272 return 0;
273 }
274
275 /*
276 * Find the dquot from somewhere. This bumps the reference count of
277 * dquot and returns it locked. This can return ENOENT if dquot didn't
278 * exist on disk and we didn't ask it to allocate; ESRCH if quotas got
279 * turned off suddenly.
280 */
281 error = xfs_qm_dqget_inode(ip, type, doalloc, &dqp);
282 if (error)
283 return error;
284
285 trace_xfs_dqattach_get(dqp);
286
287 /*
288 * dqget may have dropped and re-acquired the ilock, but it guarantees
289 * that the dquot returned is the one that should go in the inode.
290 */
291 *IO_idqpp = dqp;
292 xfs_dqunlock(dqp);
293 return 0;
294}
295
296static bool
297xfs_qm_need_dqattach(
298 struct xfs_inode *ip)
299{
300 struct xfs_mount *mp = ip->i_mount;
301
302 if (!XFS_IS_QUOTA_RUNNING(mp))
303 return false;
304 if (!XFS_IS_QUOTA_ON(mp))
305 return false;
306 if (!XFS_NOT_DQATTACHED(mp, ip))
307 return false;
308 if (xfs_is_quota_inode(&mp->m_sb, ip->i_ino))
309 return false;
310 return true;
311}
312
313/*
314 * Given a locked inode, attach dquot(s) to it, taking U/G/P-QUOTAON
315 * into account.
316 * If @doalloc is true, the dquot(s) will be allocated if needed.
317 * Inode may get unlocked and relocked in here, and the caller must deal with
318 * the consequences.
319 */
320int
321xfs_qm_dqattach_locked(
322 xfs_inode_t *ip,
323 bool doalloc)
324{
325 xfs_mount_t *mp = ip->i_mount;
326 int error = 0;
327
328 if (!xfs_qm_need_dqattach(ip))
329 return 0;
330
331 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
332
333 if (XFS_IS_UQUOTA_ON(mp) && !ip->i_udquot) {
334 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_USER,
335 doalloc, &ip->i_udquot);
336 if (error)
337 goto done;
338 ASSERT(ip->i_udquot);
339 }
340
341 if (XFS_IS_GQUOTA_ON(mp) && !ip->i_gdquot) {
342 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_GROUP,
343 doalloc, &ip->i_gdquot);
344 if (error)
345 goto done;
346 ASSERT(ip->i_gdquot);
347 }
348
349 if (XFS_IS_PQUOTA_ON(mp) && !ip->i_pdquot) {
350 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_PROJ,
351 doalloc, &ip->i_pdquot);
352 if (error)
353 goto done;
354 ASSERT(ip->i_pdquot);
355 }
356
357done:
358 /*
359 * Don't worry about the dquots that we may have attached before any
360 * error - they'll get detached later if it has not already been done.
361 */
362 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
363 return error;
364}
365
366int
367xfs_qm_dqattach(
368 struct xfs_inode *ip)
369{
370 int error;
371
372 if (!xfs_qm_need_dqattach(ip))
373 return 0;
374
375 xfs_ilock(ip, XFS_ILOCK_EXCL);
376 error = xfs_qm_dqattach_locked(ip, false);
377 xfs_iunlock(ip, XFS_ILOCK_EXCL);
378
379 return error;
380}
381
382/*
383 * Release dquots (and their references) if any.
384 * The inode should be locked EXCL except when this's called by
385 * xfs_ireclaim.
386 */
387void
388xfs_qm_dqdetach(
389 xfs_inode_t *ip)
390{
391 if (!(ip->i_udquot || ip->i_gdquot || ip->i_pdquot))
392 return;
393
394 trace_xfs_dquot_dqdetach(ip);
395
396 ASSERT(!xfs_is_quota_inode(&ip->i_mount->m_sb, ip->i_ino));
397 if (ip->i_udquot) {
398 xfs_qm_dqrele(ip->i_udquot);
399 ip->i_udquot = NULL;
400 }
401 if (ip->i_gdquot) {
402 xfs_qm_dqrele(ip->i_gdquot);
403 ip->i_gdquot = NULL;
404 }
405 if (ip->i_pdquot) {
406 xfs_qm_dqrele(ip->i_pdquot);
407 ip->i_pdquot = NULL;
408 }
409}
410
411struct xfs_qm_isolate {
412 struct list_head buffers;
413 struct list_head dispose;
414};
415
416static enum lru_status
417xfs_qm_dquot_isolate(
418 struct list_head *item,
419 struct list_lru_one *lru,
420 spinlock_t *lru_lock,
421 void *arg)
422 __releases(lru_lock) __acquires(lru_lock)
423{
424 struct xfs_dquot *dqp = container_of(item,
425 struct xfs_dquot, q_lru);
426 struct xfs_qm_isolate *isol = arg;
427
428 if (!xfs_dqlock_nowait(dqp))
429 goto out_miss_busy;
430
431 /*
432 * This dquot has acquired a reference in the meantime remove it from
433 * the freelist and try again.
434 */
435 if (dqp->q_nrefs) {
436 xfs_dqunlock(dqp);
437 XFS_STATS_INC(dqp->q_mount, xs_qm_dqwants);
438
439 trace_xfs_dqreclaim_want(dqp);
440 list_lru_isolate(lru, &dqp->q_lru);
441 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
442 return LRU_REMOVED;
443 }
444
445 /*
446 * If the dquot is dirty, flush it. If it's already being flushed, just
447 * skip it so there is time for the IO to complete before we try to
448 * reclaim it again on the next LRU pass.
449 */
450 if (!xfs_dqflock_nowait(dqp)) {
451 xfs_dqunlock(dqp);
452 goto out_miss_busy;
453 }
454
455 if (XFS_DQ_IS_DIRTY(dqp)) {
456 struct xfs_buf *bp = NULL;
457 int error;
458
459 trace_xfs_dqreclaim_dirty(dqp);
460
461 /* we have to drop the LRU lock to flush the dquot */
462 spin_unlock(lru_lock);
463
464 error = xfs_qm_dqflush(dqp, &bp);
465 if (error)
466 goto out_unlock_dirty;
467
468 xfs_buf_delwri_queue(bp, &isol->buffers);
469 xfs_buf_relse(bp);
470 goto out_unlock_dirty;
471 }
472 xfs_dqfunlock(dqp);
473
474 /*
475 * Prevent lookups now that we are past the point of no return.
476 */
477 dqp->q_flags |= XFS_DQFLAG_FREEING;
478 xfs_dqunlock(dqp);
479
480 ASSERT(dqp->q_nrefs == 0);
481 list_lru_isolate_move(lru, &dqp->q_lru, &isol->dispose);
482 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
483 trace_xfs_dqreclaim_done(dqp);
484 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaims);
485 return LRU_REMOVED;
486
487out_miss_busy:
488 trace_xfs_dqreclaim_busy(dqp);
489 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses);
490 return LRU_SKIP;
491
492out_unlock_dirty:
493 trace_xfs_dqreclaim_busy(dqp);
494 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses);
495 xfs_dqunlock(dqp);
496 spin_lock(lru_lock);
497 return LRU_RETRY;
498}
499
500static unsigned long
501xfs_qm_shrink_scan(
502 struct shrinker *shrink,
503 struct shrink_control *sc)
504{
505 struct xfs_quotainfo *qi = container_of(shrink,
506 struct xfs_quotainfo, qi_shrinker);
507 struct xfs_qm_isolate isol;
508 unsigned long freed;
509 int error;
510
511 if ((sc->gfp_mask & (__GFP_FS|__GFP_DIRECT_RECLAIM)) != (__GFP_FS|__GFP_DIRECT_RECLAIM))
512 return 0;
513
514 INIT_LIST_HEAD(&isol.buffers);
515 INIT_LIST_HEAD(&isol.dispose);
516
517 freed = list_lru_shrink_walk(&qi->qi_lru, sc,
518 xfs_qm_dquot_isolate, &isol);
519
520 error = xfs_buf_delwri_submit(&isol.buffers);
521 if (error)
522 xfs_warn(NULL, "%s: dquot reclaim failed", __func__);
523
524 while (!list_empty(&isol.dispose)) {
525 struct xfs_dquot *dqp;
526
527 dqp = list_first_entry(&isol.dispose, struct xfs_dquot, q_lru);
528 list_del_init(&dqp->q_lru);
529 xfs_qm_dqfree_one(dqp);
530 }
531
532 return freed;
533}
534
535static unsigned long
536xfs_qm_shrink_count(
537 struct shrinker *shrink,
538 struct shrink_control *sc)
539{
540 struct xfs_quotainfo *qi = container_of(shrink,
541 struct xfs_quotainfo, qi_shrinker);
542
543 return list_lru_shrink_count(&qi->qi_lru, sc);
544}
545
546STATIC void
547xfs_qm_set_defquota(
548 struct xfs_mount *mp,
549 xfs_dqtype_t type,
550 struct xfs_quotainfo *qinf)
551{
552 struct xfs_dquot *dqp;
553 struct xfs_def_quota *defq;
554 int error;
555
556 error = xfs_qm_dqget_uncached(mp, 0, type, &dqp);
557 if (error)
558 return;
559
560 defq = xfs_get_defquota(qinf, xfs_dquot_type(dqp));
561
562 /*
563 * Timers and warnings have been already set, let's just set the
564 * default limits for this quota type
565 */
566 defq->blk.hard = dqp->q_blk.hardlimit;
567 defq->blk.soft = dqp->q_blk.softlimit;
568 defq->ino.hard = dqp->q_ino.hardlimit;
569 defq->ino.soft = dqp->q_ino.softlimit;
570 defq->rtb.hard = dqp->q_rtb.hardlimit;
571 defq->rtb.soft = dqp->q_rtb.softlimit;
572 xfs_qm_dqdestroy(dqp);
573}
574
575/* Initialize quota time limits from the root dquot. */
576static void
577xfs_qm_init_timelimits(
578 struct xfs_mount *mp,
579 xfs_dqtype_t type)
580{
581 struct xfs_quotainfo *qinf = mp->m_quotainfo;
582 struct xfs_def_quota *defq;
583 struct xfs_dquot *dqp;
584 int error;
585
586 defq = xfs_get_defquota(qinf, type);
587
588 defq->blk.time = XFS_QM_BTIMELIMIT;
589 defq->ino.time = XFS_QM_ITIMELIMIT;
590 defq->rtb.time = XFS_QM_RTBTIMELIMIT;
591 defq->blk.warn = XFS_QM_BWARNLIMIT;
592 defq->ino.warn = XFS_QM_IWARNLIMIT;
593 defq->rtb.warn = XFS_QM_RTBWARNLIMIT;
594
595 /*
596 * We try to get the limits from the superuser's limits fields.
597 * This is quite hacky, but it is standard quota practice.
598 *
599 * Since we may not have done a quotacheck by this point, just read
600 * the dquot without attaching it to any hashtables or lists.
601 */
602 error = xfs_qm_dqget_uncached(mp, 0, type, &dqp);
603 if (error)
604 return;
605
606 /*
607 * The warnings and timers set the grace period given to
608 * a user or group before he or she can not perform any
609 * more writing. If it is zero, a default is used.
610 */
611 if (dqp->q_blk.timer)
612 defq->blk.time = dqp->q_blk.timer;
613 if (dqp->q_ino.timer)
614 defq->ino.time = dqp->q_ino.timer;
615 if (dqp->q_rtb.timer)
616 defq->rtb.time = dqp->q_rtb.timer;
617 if (dqp->q_blk.warnings)
618 defq->blk.warn = dqp->q_blk.warnings;
619 if (dqp->q_ino.warnings)
620 defq->ino.warn = dqp->q_ino.warnings;
621 if (dqp->q_rtb.warnings)
622 defq->rtb.warn = dqp->q_rtb.warnings;
623
624 xfs_qm_dqdestroy(dqp);
625}
626
627/*
628 * This initializes all the quota information that's kept in the
629 * mount structure
630 */
631STATIC int
632xfs_qm_init_quotainfo(
633 struct xfs_mount *mp)
634{
635 struct xfs_quotainfo *qinf;
636 int error;
637
638 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
639
640 qinf = mp->m_quotainfo = kmem_zalloc(sizeof(struct xfs_quotainfo), 0);
641
642 error = list_lru_init(&qinf->qi_lru);
643 if (error)
644 goto out_free_qinf;
645
646 /*
647 * See if quotainodes are setup, and if not, allocate them,
648 * and change the superblock accordingly.
649 */
650 error = xfs_qm_init_quotainos(mp);
651 if (error)
652 goto out_free_lru;
653
654 INIT_RADIX_TREE(&qinf->qi_uquota_tree, GFP_NOFS);
655 INIT_RADIX_TREE(&qinf->qi_gquota_tree, GFP_NOFS);
656 INIT_RADIX_TREE(&qinf->qi_pquota_tree, GFP_NOFS);
657 mutex_init(&qinf->qi_tree_lock);
658
659 /* mutex used to serialize quotaoffs */
660 mutex_init(&qinf->qi_quotaofflock);
661
662 /* Precalc some constants */
663 qinf->qi_dqchunklen = XFS_FSB_TO_BB(mp, XFS_DQUOT_CLUSTER_SIZE_FSB);
664 qinf->qi_dqperchunk = xfs_calc_dquots_per_chunk(qinf->qi_dqchunklen);
665 if (xfs_sb_version_hasbigtime(&mp->m_sb)) {
666 qinf->qi_expiry_min =
667 xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MIN);
668 qinf->qi_expiry_max =
669 xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MAX);
670 } else {
671 qinf->qi_expiry_min = XFS_DQ_LEGACY_EXPIRY_MIN;
672 qinf->qi_expiry_max = XFS_DQ_LEGACY_EXPIRY_MAX;
673 }
674 trace_xfs_quota_expiry_range(mp, qinf->qi_expiry_min,
675 qinf->qi_expiry_max);
676
677 mp->m_qflags |= (mp->m_sb.sb_qflags & XFS_ALL_QUOTA_CHKD);
678
679 xfs_qm_init_timelimits(mp, XFS_DQTYPE_USER);
680 xfs_qm_init_timelimits(mp, XFS_DQTYPE_GROUP);
681 xfs_qm_init_timelimits(mp, XFS_DQTYPE_PROJ);
682
683 if (XFS_IS_UQUOTA_RUNNING(mp))
684 xfs_qm_set_defquota(mp, XFS_DQTYPE_USER, qinf);
685 if (XFS_IS_GQUOTA_RUNNING(mp))
686 xfs_qm_set_defquota(mp, XFS_DQTYPE_GROUP, qinf);
687 if (XFS_IS_PQUOTA_RUNNING(mp))
688 xfs_qm_set_defquota(mp, XFS_DQTYPE_PROJ, qinf);
689
690 qinf->qi_shrinker.count_objects = xfs_qm_shrink_count;
691 qinf->qi_shrinker.scan_objects = xfs_qm_shrink_scan;
692 qinf->qi_shrinker.seeks = DEFAULT_SEEKS;
693 qinf->qi_shrinker.flags = SHRINKER_NUMA_AWARE;
694
695 error = register_shrinker(&qinf->qi_shrinker);
696 if (error)
697 goto out_free_inos;
698
699 return 0;
700
701out_free_inos:
702 mutex_destroy(&qinf->qi_quotaofflock);
703 mutex_destroy(&qinf->qi_tree_lock);
704 xfs_qm_destroy_quotainos(qinf);
705out_free_lru:
706 list_lru_destroy(&qinf->qi_lru);
707out_free_qinf:
708 kmem_free(qinf);
709 mp->m_quotainfo = NULL;
710 return error;
711}
712
713/*
714 * Gets called when unmounting a filesystem or when all quotas get
715 * turned off.
716 * This purges the quota inodes, destroys locks and frees itself.
717 */
718void
719xfs_qm_destroy_quotainfo(
720 struct xfs_mount *mp)
721{
722 struct xfs_quotainfo *qi;
723
724 qi = mp->m_quotainfo;
725 ASSERT(qi != NULL);
726
727 unregister_shrinker(&qi->qi_shrinker);
728 list_lru_destroy(&qi->qi_lru);
729 xfs_qm_destroy_quotainos(qi);
730 mutex_destroy(&qi->qi_tree_lock);
731 mutex_destroy(&qi->qi_quotaofflock);
732 kmem_free(qi);
733 mp->m_quotainfo = NULL;
734}
735
736/*
737 * Create an inode and return with a reference already taken, but unlocked
738 * This is how we create quota inodes
739 */
740STATIC int
741xfs_qm_qino_alloc(
742 struct xfs_mount *mp,
743 struct xfs_inode **ipp,
744 unsigned int flags)
745{
746 struct xfs_trans *tp;
747 int error;
748 bool need_alloc = true;
749
750 *ipp = NULL;
751 /*
752 * With superblock that doesn't have separate pquotino, we
753 * share an inode between gquota and pquota. If the on-disk
754 * superblock has GQUOTA and the filesystem is now mounted
755 * with PQUOTA, just use sb_gquotino for sb_pquotino and
756 * vice-versa.
757 */
758 if (!xfs_sb_version_has_pquotino(&mp->m_sb) &&
759 (flags & (XFS_QMOPT_PQUOTA|XFS_QMOPT_GQUOTA))) {
760 xfs_ino_t ino = NULLFSINO;
761
762 if ((flags & XFS_QMOPT_PQUOTA) &&
763 (mp->m_sb.sb_gquotino != NULLFSINO)) {
764 ino = mp->m_sb.sb_gquotino;
765 if (XFS_IS_CORRUPT(mp,
766 mp->m_sb.sb_pquotino != NULLFSINO))
767 return -EFSCORRUPTED;
768 } else if ((flags & XFS_QMOPT_GQUOTA) &&
769 (mp->m_sb.sb_pquotino != NULLFSINO)) {
770 ino = mp->m_sb.sb_pquotino;
771 if (XFS_IS_CORRUPT(mp,
772 mp->m_sb.sb_gquotino != NULLFSINO))
773 return -EFSCORRUPTED;
774 }
775 if (ino != NULLFSINO) {
776 error = xfs_iget(mp, NULL, ino, 0, 0, ipp);
777 if (error)
778 return error;
779 mp->m_sb.sb_gquotino = NULLFSINO;
780 mp->m_sb.sb_pquotino = NULLFSINO;
781 need_alloc = false;
782 }
783 }
784
785 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_create,
786 need_alloc ? XFS_QM_QINOCREATE_SPACE_RES(mp) : 0,
787 0, 0, &tp);
788 if (error)
789 return error;
790
791 if (need_alloc) {
792 xfs_ino_t ino;
793
794 error = xfs_dialloc(&tp, 0, S_IFREG, &ino);
795 if (!error)
796 error = xfs_init_new_inode(&init_user_ns, tp, NULL, ino,
797 S_IFREG, 1, 0, 0, false, ipp);
798 if (error) {
799 xfs_trans_cancel(tp);
800 return error;
801 }
802 }
803
804 /*
805 * Make the changes in the superblock, and log those too.
806 * sbfields arg may contain fields other than *QUOTINO;
807 * VERSIONNUM for example.
808 */
809 spin_lock(&mp->m_sb_lock);
810 if (flags & XFS_QMOPT_SBVERSION) {
811 ASSERT(!xfs_sb_version_hasquota(&mp->m_sb));
812
813 xfs_sb_version_addquota(&mp->m_sb);
814 mp->m_sb.sb_uquotino = NULLFSINO;
815 mp->m_sb.sb_gquotino = NULLFSINO;
816 mp->m_sb.sb_pquotino = NULLFSINO;
817
818 /* qflags will get updated fully _after_ quotacheck */
819 mp->m_sb.sb_qflags = mp->m_qflags & XFS_ALL_QUOTA_ACCT;
820 }
821 if (flags & XFS_QMOPT_UQUOTA)
822 mp->m_sb.sb_uquotino = (*ipp)->i_ino;
823 else if (flags & XFS_QMOPT_GQUOTA)
824 mp->m_sb.sb_gquotino = (*ipp)->i_ino;
825 else
826 mp->m_sb.sb_pquotino = (*ipp)->i_ino;
827 spin_unlock(&mp->m_sb_lock);
828 xfs_log_sb(tp);
829
830 error = xfs_trans_commit(tp);
831 if (error) {
832 ASSERT(XFS_FORCED_SHUTDOWN(mp));
833 xfs_alert(mp, "%s failed (error %d)!", __func__, error);
834 }
835 if (need_alloc)
836 xfs_finish_inode_setup(*ipp);
837 return error;
838}
839
840
841STATIC void
842xfs_qm_reset_dqcounts(
843 struct xfs_mount *mp,
844 struct xfs_buf *bp,
845 xfs_dqid_t id,
846 xfs_dqtype_t type)
847{
848 struct xfs_dqblk *dqb;
849 int j;
850
851 trace_xfs_reset_dqcounts(bp, _RET_IP_);
852
853 /*
854 * Reset all counters and timers. They'll be
855 * started afresh by xfs_qm_quotacheck.
856 */
857#ifdef DEBUG
858 j = (int)XFS_FSB_TO_B(mp, XFS_DQUOT_CLUSTER_SIZE_FSB) /
859 sizeof(xfs_dqblk_t);
860 ASSERT(mp->m_quotainfo->qi_dqperchunk == j);
861#endif
862 dqb = bp->b_addr;
863 for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) {
864 struct xfs_disk_dquot *ddq;
865
866 ddq = (struct xfs_disk_dquot *)&dqb[j];
867
868 /*
869 * Do a sanity check, and if needed, repair the dqblk. Don't
870 * output any warnings because it's perfectly possible to
871 * find uninitialised dquot blks. See comment in
872 * xfs_dquot_verify.
873 */
874 if (xfs_dqblk_verify(mp, &dqb[j], id + j) ||
875 (dqb[j].dd_diskdq.d_type & XFS_DQTYPE_REC_MASK) != type)
876 xfs_dqblk_repair(mp, &dqb[j], id + j, type);
877
878 /*
879 * Reset type in case we are reusing group quota file for
880 * project quotas or vice versa
881 */
882 ddq->d_type = type;
883 ddq->d_bcount = 0;
884 ddq->d_icount = 0;
885 ddq->d_rtbcount = 0;
886
887 /*
888 * dquot id 0 stores the default grace period and the maximum
889 * warning limit that were set by the administrator, so we
890 * should not reset them.
891 */
892 if (ddq->d_id != 0) {
893 ddq->d_btimer = 0;
894 ddq->d_itimer = 0;
895 ddq->d_rtbtimer = 0;
896 ddq->d_bwarns = 0;
897 ddq->d_iwarns = 0;
898 ddq->d_rtbwarns = 0;
899 if (xfs_sb_version_hasbigtime(&mp->m_sb))
900 ddq->d_type |= XFS_DQTYPE_BIGTIME;
901 }
902
903 if (xfs_sb_version_hascrc(&mp->m_sb)) {
904 xfs_update_cksum((char *)&dqb[j],
905 sizeof(struct xfs_dqblk),
906 XFS_DQUOT_CRC_OFF);
907 }
908 }
909}
910
911STATIC int
912xfs_qm_reset_dqcounts_all(
913 struct xfs_mount *mp,
914 xfs_dqid_t firstid,
915 xfs_fsblock_t bno,
916 xfs_filblks_t blkcnt,
917 xfs_dqtype_t type,
918 struct list_head *buffer_list)
919{
920 struct xfs_buf *bp;
921 int error = 0;
922
923 ASSERT(blkcnt > 0);
924
925 /*
926 * Blkcnt arg can be a very big number, and might even be
927 * larger than the log itself. So, we have to break it up into
928 * manageable-sized transactions.
929 * Note that we don't start a permanent transaction here; we might
930 * not be able to get a log reservation for the whole thing up front,
931 * and we don't really care to either, because we just discard
932 * everything if we were to crash in the middle of this loop.
933 */
934 while (blkcnt--) {
935 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
936 XFS_FSB_TO_DADDR(mp, bno),
937 mp->m_quotainfo->qi_dqchunklen, 0, &bp,
938 &xfs_dquot_buf_ops);
939
940 /*
941 * CRC and validation errors will return a EFSCORRUPTED here. If
942 * this occurs, re-read without CRC validation so that we can
943 * repair the damage via xfs_qm_reset_dqcounts(). This process
944 * will leave a trace in the log indicating corruption has
945 * been detected.
946 */
947 if (error == -EFSCORRUPTED) {
948 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
949 XFS_FSB_TO_DADDR(mp, bno),
950 mp->m_quotainfo->qi_dqchunklen, 0, &bp,
951 NULL);
952 }
953
954 if (error)
955 break;
956
957 /*
958 * A corrupt buffer might not have a verifier attached, so
959 * make sure we have the correct one attached before writeback
960 * occurs.
961 */
962 bp->b_ops = &xfs_dquot_buf_ops;
963 xfs_qm_reset_dqcounts(mp, bp, firstid, type);
964 xfs_buf_delwri_queue(bp, buffer_list);
965 xfs_buf_relse(bp);
966
967 /* goto the next block. */
968 bno++;
969 firstid += mp->m_quotainfo->qi_dqperchunk;
970 }
971
972 return error;
973}
974
975/*
976 * Iterate over all allocated dquot blocks in this quota inode, zeroing all
977 * counters for every chunk of dquots that we find.
978 */
979STATIC int
980xfs_qm_reset_dqcounts_buf(
981 struct xfs_mount *mp,
982 struct xfs_inode *qip,
983 xfs_dqtype_t type,
984 struct list_head *buffer_list)
985{
986 struct xfs_bmbt_irec *map;
987 int i, nmaps; /* number of map entries */
988 int error; /* return value */
989 xfs_fileoff_t lblkno;
990 xfs_filblks_t maxlblkcnt;
991 xfs_dqid_t firstid;
992 xfs_fsblock_t rablkno;
993 xfs_filblks_t rablkcnt;
994
995 error = 0;
996 /*
997 * This looks racy, but we can't keep an inode lock across a
998 * trans_reserve. But, this gets called during quotacheck, and that
999 * happens only at mount time which is single threaded.
1000 */
1001 if (qip->i_nblocks == 0)
1002 return 0;
1003
1004 map = kmem_alloc(XFS_DQITER_MAP_SIZE * sizeof(*map), 0);
1005
1006 lblkno = 0;
1007 maxlblkcnt = XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes);
1008 do {
1009 uint lock_mode;
1010
1011 nmaps = XFS_DQITER_MAP_SIZE;
1012 /*
1013 * We aren't changing the inode itself. Just changing
1014 * some of its data. No new blocks are added here, and
1015 * the inode is never added to the transaction.
1016 */
1017 lock_mode = xfs_ilock_data_map_shared(qip);
1018 error = xfs_bmapi_read(qip, lblkno, maxlblkcnt - lblkno,
1019 map, &nmaps, 0);
1020 xfs_iunlock(qip, lock_mode);
1021 if (error)
1022 break;
1023
1024 ASSERT(nmaps <= XFS_DQITER_MAP_SIZE);
1025 for (i = 0; i < nmaps; i++) {
1026 ASSERT(map[i].br_startblock != DELAYSTARTBLOCK);
1027 ASSERT(map[i].br_blockcount);
1028
1029
1030 lblkno += map[i].br_blockcount;
1031
1032 if (map[i].br_startblock == HOLESTARTBLOCK)
1033 continue;
1034
1035 firstid = (xfs_dqid_t) map[i].br_startoff *
1036 mp->m_quotainfo->qi_dqperchunk;
1037 /*
1038 * Do a read-ahead on the next extent.
1039 */
1040 if ((i+1 < nmaps) &&
1041 (map[i+1].br_startblock != HOLESTARTBLOCK)) {
1042 rablkcnt = map[i+1].br_blockcount;
1043 rablkno = map[i+1].br_startblock;
1044 while (rablkcnt--) {
1045 xfs_buf_readahead(mp->m_ddev_targp,
1046 XFS_FSB_TO_DADDR(mp, rablkno),
1047 mp->m_quotainfo->qi_dqchunklen,
1048 &xfs_dquot_buf_ops);
1049 rablkno++;
1050 }
1051 }
1052 /*
1053 * Iterate thru all the blks in the extent and
1054 * reset the counters of all the dquots inside them.
1055 */
1056 error = xfs_qm_reset_dqcounts_all(mp, firstid,
1057 map[i].br_startblock,
1058 map[i].br_blockcount,
1059 type, buffer_list);
1060 if (error)
1061 goto out;
1062 }
1063 } while (nmaps > 0);
1064
1065out:
1066 kmem_free(map);
1067 return error;
1068}
1069
1070/*
1071 * Called by dqusage_adjust in doing a quotacheck.
1072 *
1073 * Given the inode, and a dquot id this updates both the incore dqout as well
1074 * as the buffer copy. This is so that once the quotacheck is done, we can
1075 * just log all the buffers, as opposed to logging numerous updates to
1076 * individual dquots.
1077 */
1078STATIC int
1079xfs_qm_quotacheck_dqadjust(
1080 struct xfs_inode *ip,
1081 xfs_dqtype_t type,
1082 xfs_qcnt_t nblks,
1083 xfs_qcnt_t rtblks)
1084{
1085 struct xfs_mount *mp = ip->i_mount;
1086 struct xfs_dquot *dqp;
1087 xfs_dqid_t id;
1088 int error;
1089
1090 id = xfs_qm_id_for_quotatype(ip, type);
1091 error = xfs_qm_dqget(mp, id, type, true, &dqp);
1092 if (error) {
1093 /*
1094 * Shouldn't be able to turn off quotas here.
1095 */
1096 ASSERT(error != -ESRCH);
1097 ASSERT(error != -ENOENT);
1098 return error;
1099 }
1100
1101 trace_xfs_dqadjust(dqp);
1102
1103 /*
1104 * Adjust the inode count and the block count to reflect this inode's
1105 * resource usage.
1106 */
1107 dqp->q_ino.count++;
1108 dqp->q_ino.reserved++;
1109 if (nblks) {
1110 dqp->q_blk.count += nblks;
1111 dqp->q_blk.reserved += nblks;
1112 }
1113 if (rtblks) {
1114 dqp->q_rtb.count += rtblks;
1115 dqp->q_rtb.reserved += rtblks;
1116 }
1117
1118 /*
1119 * Set default limits, adjust timers (since we changed usages)
1120 *
1121 * There are no timers for the default values set in the root dquot.
1122 */
1123 if (dqp->q_id) {
1124 xfs_qm_adjust_dqlimits(dqp);
1125 xfs_qm_adjust_dqtimers(dqp);
1126 }
1127
1128 dqp->q_flags |= XFS_DQFLAG_DIRTY;
1129 xfs_qm_dqput(dqp);
1130 return 0;
1131}
1132
1133/*
1134 * callback routine supplied to bulkstat(). Given an inumber, find its
1135 * dquots and update them to account for resources taken by that inode.
1136 */
1137/* ARGSUSED */
1138STATIC int
1139xfs_qm_dqusage_adjust(
1140 struct xfs_mount *mp,
1141 struct xfs_trans *tp,
1142 xfs_ino_t ino,
1143 void *data)
1144{
1145 struct xfs_inode *ip;
1146 xfs_qcnt_t nblks;
1147 xfs_filblks_t rtblks = 0; /* total rt blks */
1148 int error;
1149
1150 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
1151
1152 /*
1153 * rootino must have its resources accounted for, not so with the quota
1154 * inodes.
1155 */
1156 if (xfs_is_quota_inode(&mp->m_sb, ino))
1157 return 0;
1158
1159 /*
1160 * We don't _need_ to take the ilock EXCL here because quotacheck runs
1161 * at mount time and therefore nobody will be racing chown/chproj.
1162 */
1163 error = xfs_iget(mp, tp, ino, XFS_IGET_DONTCACHE, 0, &ip);
1164 if (error == -EINVAL || error == -ENOENT)
1165 return 0;
1166 if (error)
1167 return error;
1168
1169 ASSERT(ip->i_delayed_blks == 0);
1170
1171 if (XFS_IS_REALTIME_INODE(ip)) {
1172 struct xfs_ifork *ifp = XFS_IFORK_PTR(ip, XFS_DATA_FORK);
1173
1174 error = xfs_iread_extents(tp, ip, XFS_DATA_FORK);
1175 if (error)
1176 goto error0;
1177
1178 xfs_bmap_count_leaves(ifp, &rtblks);
1179 }
1180
1181 nblks = (xfs_qcnt_t)ip->i_nblocks - rtblks;
1182
1183 /*
1184 * Add the (disk blocks and inode) resources occupied by this
1185 * inode to its dquots. We do this adjustment in the incore dquot,
1186 * and also copy the changes to its buffer.
1187 * We don't care about putting these changes in a transaction
1188 * envelope because if we crash in the middle of a 'quotacheck'
1189 * we have to start from the beginning anyway.
1190 * Once we're done, we'll log all the dquot bufs.
1191 *
1192 * The *QUOTA_ON checks below may look pretty racy, but quotachecks
1193 * and quotaoffs don't race. (Quotachecks happen at mount time only).
1194 */
1195 if (XFS_IS_UQUOTA_ON(mp)) {
1196 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_USER, nblks,
1197 rtblks);
1198 if (error)
1199 goto error0;
1200 }
1201
1202 if (XFS_IS_GQUOTA_ON(mp)) {
1203 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_GROUP, nblks,
1204 rtblks);
1205 if (error)
1206 goto error0;
1207 }
1208
1209 if (XFS_IS_PQUOTA_ON(mp)) {
1210 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_PROJ, nblks,
1211 rtblks);
1212 if (error)
1213 goto error0;
1214 }
1215
1216error0:
1217 xfs_irele(ip);
1218 return error;
1219}
1220
1221STATIC int
1222xfs_qm_flush_one(
1223 struct xfs_dquot *dqp,
1224 void *data)
1225{
1226 struct xfs_mount *mp = dqp->q_mount;
1227 struct list_head *buffer_list = data;
1228 struct xfs_buf *bp = NULL;
1229 int error = 0;
1230
1231 xfs_dqlock(dqp);
1232 if (dqp->q_flags & XFS_DQFLAG_FREEING)
1233 goto out_unlock;
1234 if (!XFS_DQ_IS_DIRTY(dqp))
1235 goto out_unlock;
1236
1237 /*
1238 * The only way the dquot is already flush locked by the time quotacheck
1239 * gets here is if reclaim flushed it before the dqadjust walk dirtied
1240 * it for the final time. Quotacheck collects all dquot bufs in the
1241 * local delwri queue before dquots are dirtied, so reclaim can't have
1242 * possibly queued it for I/O. The only way out is to push the buffer to
1243 * cycle the flush lock.
1244 */
1245 if (!xfs_dqflock_nowait(dqp)) {
1246 /* buf is pinned in-core by delwri list */
1247 bp = xfs_buf_incore(mp->m_ddev_targp, dqp->q_blkno,
1248 mp->m_quotainfo->qi_dqchunklen, 0);
1249 if (!bp) {
1250 error = -EINVAL;
1251 goto out_unlock;
1252 }
1253 xfs_buf_unlock(bp);
1254
1255 xfs_buf_delwri_pushbuf(bp, buffer_list);
1256 xfs_buf_rele(bp);
1257
1258 error = -EAGAIN;
1259 goto out_unlock;
1260 }
1261
1262 error = xfs_qm_dqflush(dqp, &bp);
1263 if (error)
1264 goto out_unlock;
1265
1266 xfs_buf_delwri_queue(bp, buffer_list);
1267 xfs_buf_relse(bp);
1268out_unlock:
1269 xfs_dqunlock(dqp);
1270 return error;
1271}
1272
1273/*
1274 * Walk thru all the filesystem inodes and construct a consistent view
1275 * of the disk quota world. If the quotacheck fails, disable quotas.
1276 */
1277STATIC int
1278xfs_qm_quotacheck(
1279 xfs_mount_t *mp)
1280{
1281 int error, error2;
1282 uint flags;
1283 LIST_HEAD (buffer_list);
1284 struct xfs_inode *uip = mp->m_quotainfo->qi_uquotaip;
1285 struct xfs_inode *gip = mp->m_quotainfo->qi_gquotaip;
1286 struct xfs_inode *pip = mp->m_quotainfo->qi_pquotaip;
1287
1288 flags = 0;
1289
1290 ASSERT(uip || gip || pip);
1291 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
1292
1293 xfs_notice(mp, "Quotacheck needed: Please wait.");
1294
1295 /*
1296 * First we go thru all the dquots on disk, USR and GRP/PRJ, and reset
1297 * their counters to zero. We need a clean slate.
1298 * We don't log our changes till later.
1299 */
1300 if (uip) {
1301 error = xfs_qm_reset_dqcounts_buf(mp, uip, XFS_DQTYPE_USER,
1302 &buffer_list);
1303 if (error)
1304 goto error_return;
1305 flags |= XFS_UQUOTA_CHKD;
1306 }
1307
1308 if (gip) {
1309 error = xfs_qm_reset_dqcounts_buf(mp, gip, XFS_DQTYPE_GROUP,
1310 &buffer_list);
1311 if (error)
1312 goto error_return;
1313 flags |= XFS_GQUOTA_CHKD;
1314 }
1315
1316 if (pip) {
1317 error = xfs_qm_reset_dqcounts_buf(mp, pip, XFS_DQTYPE_PROJ,
1318 &buffer_list);
1319 if (error)
1320 goto error_return;
1321 flags |= XFS_PQUOTA_CHKD;
1322 }
1323
1324 error = xfs_iwalk_threaded(mp, 0, 0, xfs_qm_dqusage_adjust, 0, true,
1325 NULL);
1326 if (error)
1327 goto error_return;
1328
1329 /*
1330 * We've made all the changes that we need to make incore. Flush them
1331 * down to disk buffers if everything was updated successfully.
1332 */
1333 if (XFS_IS_UQUOTA_ON(mp)) {
1334 error = xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_flush_one,
1335 &buffer_list);
1336 }
1337 if (XFS_IS_GQUOTA_ON(mp)) {
1338 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_flush_one,
1339 &buffer_list);
1340 if (!error)
1341 error = error2;
1342 }
1343 if (XFS_IS_PQUOTA_ON(mp)) {
1344 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_flush_one,
1345 &buffer_list);
1346 if (!error)
1347 error = error2;
1348 }
1349
1350 error2 = xfs_buf_delwri_submit(&buffer_list);
1351 if (!error)
1352 error = error2;
1353
1354 /*
1355 * We can get this error if we couldn't do a dquot allocation inside
1356 * xfs_qm_dqusage_adjust (via bulkstat). We don't care about the
1357 * dirty dquots that might be cached, we just want to get rid of them
1358 * and turn quotaoff. The dquots won't be attached to any of the inodes
1359 * at this point (because we intentionally didn't in dqget_noattach).
1360 */
1361 if (error) {
1362 xfs_qm_dqpurge_all(mp, XFS_QMOPT_QUOTALL);
1363 goto error_return;
1364 }
1365
1366 /*
1367 * If one type of quotas is off, then it will lose its
1368 * quotachecked status, since we won't be doing accounting for
1369 * that type anymore.
1370 */
1371 mp->m_qflags &= ~XFS_ALL_QUOTA_CHKD;
1372 mp->m_qflags |= flags;
1373
1374 error_return:
1375 xfs_buf_delwri_cancel(&buffer_list);
1376
1377 if (error) {
1378 xfs_warn(mp,
1379 "Quotacheck: Unsuccessful (Error %d): Disabling quotas.",
1380 error);
1381 /*
1382 * We must turn off quotas.
1383 */
1384 ASSERT(mp->m_quotainfo != NULL);
1385 xfs_qm_destroy_quotainfo(mp);
1386 if (xfs_mount_reset_sbqflags(mp)) {
1387 xfs_warn(mp,
1388 "Quotacheck: Failed to reset quota flags.");
1389 }
1390 } else
1391 xfs_notice(mp, "Quotacheck: Done.");
1392 return error;
1393}
1394
1395/*
1396 * This is called from xfs_mountfs to start quotas and initialize all
1397 * necessary data structures like quotainfo. This is also responsible for
1398 * running a quotacheck as necessary. We are guaranteed that the superblock
1399 * is consistently read in at this point.
1400 *
1401 * If we fail here, the mount will continue with quota turned off. We don't
1402 * need to inidicate success or failure at all.
1403 */
1404void
1405xfs_qm_mount_quotas(
1406 struct xfs_mount *mp)
1407{
1408 int error = 0;
1409 uint sbf;
1410
1411 /*
1412 * If quotas on realtime volumes is not supported, we disable
1413 * quotas immediately.
1414 */
1415 if (mp->m_sb.sb_rextents) {
1416 xfs_notice(mp, "Cannot turn on quotas for realtime filesystem");
1417 mp->m_qflags = 0;
1418 goto write_changes;
1419 }
1420
1421 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
1422
1423 /*
1424 * Allocate the quotainfo structure inside the mount struct, and
1425 * create quotainode(s), and change/rev superblock if necessary.
1426 */
1427 error = xfs_qm_init_quotainfo(mp);
1428 if (error) {
1429 /*
1430 * We must turn off quotas.
1431 */
1432 ASSERT(mp->m_quotainfo == NULL);
1433 mp->m_qflags = 0;
1434 goto write_changes;
1435 }
1436 /*
1437 * If any of the quotas are not consistent, do a quotacheck.
1438 */
1439 if (XFS_QM_NEED_QUOTACHECK(mp)) {
1440 error = xfs_qm_quotacheck(mp);
1441 if (error) {
1442 /* Quotacheck failed and disabled quotas. */
1443 return;
1444 }
1445 }
1446 /*
1447 * If one type of quotas is off, then it will lose its
1448 * quotachecked status, since we won't be doing accounting for
1449 * that type anymore.
1450 */
1451 if (!XFS_IS_UQUOTA_ON(mp))
1452 mp->m_qflags &= ~XFS_UQUOTA_CHKD;
1453 if (!XFS_IS_GQUOTA_ON(mp))
1454 mp->m_qflags &= ~XFS_GQUOTA_CHKD;
1455 if (!XFS_IS_PQUOTA_ON(mp))
1456 mp->m_qflags &= ~XFS_PQUOTA_CHKD;
1457
1458 write_changes:
1459 /*
1460 * We actually don't have to acquire the m_sb_lock at all.
1461 * This can only be called from mount, and that's single threaded. XXX
1462 */
1463 spin_lock(&mp->m_sb_lock);
1464 sbf = mp->m_sb.sb_qflags;
1465 mp->m_sb.sb_qflags = mp->m_qflags & XFS_MOUNT_QUOTA_ALL;
1466 spin_unlock(&mp->m_sb_lock);
1467
1468 if (sbf != (mp->m_qflags & XFS_MOUNT_QUOTA_ALL)) {
1469 if (xfs_sync_sb(mp, false)) {
1470 /*
1471 * We could only have been turning quotas off.
1472 * We aren't in very good shape actually because
1473 * the incore structures are convinced that quotas are
1474 * off, but the on disk superblock doesn't know that !
1475 */
1476 ASSERT(!(XFS_IS_QUOTA_RUNNING(mp)));
1477 xfs_alert(mp, "%s: Superblock update failed!",
1478 __func__);
1479 }
1480 }
1481
1482 if (error) {
1483 xfs_warn(mp, "Failed to initialize disk quotas.");
1484 return;
1485 }
1486}
1487
1488/*
1489 * This is called after the superblock has been read in and we're ready to
1490 * iget the quota inodes.
1491 */
1492STATIC int
1493xfs_qm_init_quotainos(
1494 xfs_mount_t *mp)
1495{
1496 struct xfs_inode *uip = NULL;
1497 struct xfs_inode *gip = NULL;
1498 struct xfs_inode *pip = NULL;
1499 int error;
1500 uint flags = 0;
1501
1502 ASSERT(mp->m_quotainfo);
1503
1504 /*
1505 * Get the uquota and gquota inodes
1506 */
1507 if (xfs_sb_version_hasquota(&mp->m_sb)) {
1508 if (XFS_IS_UQUOTA_ON(mp) &&
1509 mp->m_sb.sb_uquotino != NULLFSINO) {
1510 ASSERT(mp->m_sb.sb_uquotino > 0);
1511 error = xfs_iget(mp, NULL, mp->m_sb.sb_uquotino,
1512 0, 0, &uip);
1513 if (error)
1514 return error;
1515 }
1516 if (XFS_IS_GQUOTA_ON(mp) &&
1517 mp->m_sb.sb_gquotino != NULLFSINO) {
1518 ASSERT(mp->m_sb.sb_gquotino > 0);
1519 error = xfs_iget(mp, NULL, mp->m_sb.sb_gquotino,
1520 0, 0, &gip);
1521 if (error)
1522 goto error_rele;
1523 }
1524 if (XFS_IS_PQUOTA_ON(mp) &&
1525 mp->m_sb.sb_pquotino != NULLFSINO) {
1526 ASSERT(mp->m_sb.sb_pquotino > 0);
1527 error = xfs_iget(mp, NULL, mp->m_sb.sb_pquotino,
1528 0, 0, &pip);
1529 if (error)
1530 goto error_rele;
1531 }
1532 } else {
1533 flags |= XFS_QMOPT_SBVERSION;
1534 }
1535
1536 /*
1537 * Create the three inodes, if they don't exist already. The changes
1538 * made above will get added to a transaction and logged in one of
1539 * the qino_alloc calls below. If the device is readonly,
1540 * temporarily switch to read-write to do this.
1541 */
1542 if (XFS_IS_UQUOTA_ON(mp) && uip == NULL) {
1543 error = xfs_qm_qino_alloc(mp, &uip,
1544 flags | XFS_QMOPT_UQUOTA);
1545 if (error)
1546 goto error_rele;
1547
1548 flags &= ~XFS_QMOPT_SBVERSION;
1549 }
1550 if (XFS_IS_GQUOTA_ON(mp) && gip == NULL) {
1551 error = xfs_qm_qino_alloc(mp, &gip,
1552 flags | XFS_QMOPT_GQUOTA);
1553 if (error)
1554 goto error_rele;
1555
1556 flags &= ~XFS_QMOPT_SBVERSION;
1557 }
1558 if (XFS_IS_PQUOTA_ON(mp) && pip == NULL) {
1559 error = xfs_qm_qino_alloc(mp, &pip,
1560 flags | XFS_QMOPT_PQUOTA);
1561 if (error)
1562 goto error_rele;
1563 }
1564
1565 mp->m_quotainfo->qi_uquotaip = uip;
1566 mp->m_quotainfo->qi_gquotaip = gip;
1567 mp->m_quotainfo->qi_pquotaip = pip;
1568
1569 return 0;
1570
1571error_rele:
1572 if (uip)
1573 xfs_irele(uip);
1574 if (gip)
1575 xfs_irele(gip);
1576 if (pip)
1577 xfs_irele(pip);
1578 return error;
1579}
1580
1581STATIC void
1582xfs_qm_destroy_quotainos(
1583 struct xfs_quotainfo *qi)
1584{
1585 if (qi->qi_uquotaip) {
1586 xfs_irele(qi->qi_uquotaip);
1587 qi->qi_uquotaip = NULL; /* paranoia */
1588 }
1589 if (qi->qi_gquotaip) {
1590 xfs_irele(qi->qi_gquotaip);
1591 qi->qi_gquotaip = NULL;
1592 }
1593 if (qi->qi_pquotaip) {
1594 xfs_irele(qi->qi_pquotaip);
1595 qi->qi_pquotaip = NULL;
1596 }
1597}
1598
1599STATIC void
1600xfs_qm_dqfree_one(
1601 struct xfs_dquot *dqp)
1602{
1603 struct xfs_mount *mp = dqp->q_mount;
1604 struct xfs_quotainfo *qi = mp->m_quotainfo;
1605
1606 mutex_lock(&qi->qi_tree_lock);
1607 radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id);
1608
1609 qi->qi_dquots--;
1610 mutex_unlock(&qi->qi_tree_lock);
1611
1612 xfs_qm_dqdestroy(dqp);
1613}
1614
1615/* --------------- utility functions for vnodeops ---------------- */
1616
1617
1618/*
1619 * Given an inode, a uid, gid and prid make sure that we have
1620 * allocated relevant dquot(s) on disk, and that we won't exceed inode
1621 * quotas by creating this file.
1622 * This also attaches dquot(s) to the given inode after locking it,
1623 * and returns the dquots corresponding to the uid and/or gid.
1624 *
1625 * in : inode (unlocked)
1626 * out : udquot, gdquot with references taken and unlocked
1627 */
1628int
1629xfs_qm_vop_dqalloc(
1630 struct xfs_inode *ip,
1631 kuid_t uid,
1632 kgid_t gid,
1633 prid_t prid,
1634 uint flags,
1635 struct xfs_dquot **O_udqpp,
1636 struct xfs_dquot **O_gdqpp,
1637 struct xfs_dquot **O_pdqpp)
1638{
1639 struct xfs_mount *mp = ip->i_mount;
1640 struct inode *inode = VFS_I(ip);
1641 struct user_namespace *user_ns = inode->i_sb->s_user_ns;
1642 struct xfs_dquot *uq = NULL;
1643 struct xfs_dquot *gq = NULL;
1644 struct xfs_dquot *pq = NULL;
1645 int error;
1646 uint lockflags;
1647
1648 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
1649 return 0;
1650
1651 lockflags = XFS_ILOCK_EXCL;
1652 xfs_ilock(ip, lockflags);
1653
1654 if ((flags & XFS_QMOPT_INHERIT) && XFS_INHERIT_GID(ip))
1655 gid = inode->i_gid;
1656
1657 /*
1658 * Attach the dquot(s) to this inode, doing a dquot allocation
1659 * if necessary. The dquot(s) will not be locked.
1660 */
1661 if (XFS_NOT_DQATTACHED(mp, ip)) {
1662 error = xfs_qm_dqattach_locked(ip, true);
1663 if (error) {
1664 xfs_iunlock(ip, lockflags);
1665 return error;
1666 }
1667 }
1668
1669 if ((flags & XFS_QMOPT_UQUOTA) && XFS_IS_UQUOTA_ON(mp)) {
1670 ASSERT(O_udqpp);
1671 if (!uid_eq(inode->i_uid, uid)) {
1672 /*
1673 * What we need is the dquot that has this uid, and
1674 * if we send the inode to dqget, the uid of the inode
1675 * takes priority over what's sent in the uid argument.
1676 * We must unlock inode here before calling dqget if
1677 * we're not sending the inode, because otherwise
1678 * we'll deadlock by doing trans_reserve while
1679 * holding ilock.
1680 */
1681 xfs_iunlock(ip, lockflags);
1682 error = xfs_qm_dqget(mp, from_kuid(user_ns, uid),
1683 XFS_DQTYPE_USER, true, &uq);
1684 if (error) {
1685 ASSERT(error != -ENOENT);
1686 return error;
1687 }
1688 /*
1689 * Get the ilock in the right order.
1690 */
1691 xfs_dqunlock(uq);
1692 lockflags = XFS_ILOCK_SHARED;
1693 xfs_ilock(ip, lockflags);
1694 } else {
1695 /*
1696 * Take an extra reference, because we'll return
1697 * this to caller
1698 */
1699 ASSERT(ip->i_udquot);
1700 uq = xfs_qm_dqhold(ip->i_udquot);
1701 }
1702 }
1703 if ((flags & XFS_QMOPT_GQUOTA) && XFS_IS_GQUOTA_ON(mp)) {
1704 ASSERT(O_gdqpp);
1705 if (!gid_eq(inode->i_gid, gid)) {
1706 xfs_iunlock(ip, lockflags);
1707 error = xfs_qm_dqget(mp, from_kgid(user_ns, gid),
1708 XFS_DQTYPE_GROUP, true, &gq);
1709 if (error) {
1710 ASSERT(error != -ENOENT);
1711 goto error_rele;
1712 }
1713 xfs_dqunlock(gq);
1714 lockflags = XFS_ILOCK_SHARED;
1715 xfs_ilock(ip, lockflags);
1716 } else {
1717 ASSERT(ip->i_gdquot);
1718 gq = xfs_qm_dqhold(ip->i_gdquot);
1719 }
1720 }
1721 if ((flags & XFS_QMOPT_PQUOTA) && XFS_IS_PQUOTA_ON(mp)) {
1722 ASSERT(O_pdqpp);
1723 if (ip->i_projid != prid) {
1724 xfs_iunlock(ip, lockflags);
1725 error = xfs_qm_dqget(mp, prid,
1726 XFS_DQTYPE_PROJ, true, &pq);
1727 if (error) {
1728 ASSERT(error != -ENOENT);
1729 goto error_rele;
1730 }
1731 xfs_dqunlock(pq);
1732 lockflags = XFS_ILOCK_SHARED;
1733 xfs_ilock(ip, lockflags);
1734 } else {
1735 ASSERT(ip->i_pdquot);
1736 pq = xfs_qm_dqhold(ip->i_pdquot);
1737 }
1738 }
1739 trace_xfs_dquot_dqalloc(ip);
1740
1741 xfs_iunlock(ip, lockflags);
1742 if (O_udqpp)
1743 *O_udqpp = uq;
1744 else
1745 xfs_qm_dqrele(uq);
1746 if (O_gdqpp)
1747 *O_gdqpp = gq;
1748 else
1749 xfs_qm_dqrele(gq);
1750 if (O_pdqpp)
1751 *O_pdqpp = pq;
1752 else
1753 xfs_qm_dqrele(pq);
1754 return 0;
1755
1756error_rele:
1757 xfs_qm_dqrele(gq);
1758 xfs_qm_dqrele(uq);
1759 return error;
1760}
1761
1762/*
1763 * Actually transfer ownership, and do dquot modifications.
1764 * These were already reserved.
1765 */
1766struct xfs_dquot *
1767xfs_qm_vop_chown(
1768 struct xfs_trans *tp,
1769 struct xfs_inode *ip,
1770 struct xfs_dquot **IO_olddq,
1771 struct xfs_dquot *newdq)
1772{
1773 struct xfs_dquot *prevdq;
1774 uint bfield = XFS_IS_REALTIME_INODE(ip) ?
1775 XFS_TRANS_DQ_RTBCOUNT : XFS_TRANS_DQ_BCOUNT;
1776
1777
1778 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
1779 ASSERT(XFS_IS_QUOTA_RUNNING(ip->i_mount));
1780
1781 /* old dquot */
1782 prevdq = *IO_olddq;
1783 ASSERT(prevdq);
1784 ASSERT(prevdq != newdq);
1785
1786 xfs_trans_mod_dquot(tp, prevdq, bfield, -(ip->i_nblocks));
1787 xfs_trans_mod_dquot(tp, prevdq, XFS_TRANS_DQ_ICOUNT, -1);
1788
1789 /* the sparkling new dquot */
1790 xfs_trans_mod_dquot(tp, newdq, bfield, ip->i_nblocks);
1791 xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_ICOUNT, 1);
1792
1793 /*
1794 * Back when we made quota reservations for the chown, we reserved the
1795 * ondisk blocks + delalloc blocks with the new dquot. Now that we've
1796 * switched the dquots, decrease the new dquot's block reservation
1797 * (having already bumped up the real counter) so that we don't have
1798 * any reservation to give back when we commit.
1799 */
1800 xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_RES_BLKS,
1801 -ip->i_delayed_blks);
1802
1803 /*
1804 * Give the incore reservation for delalloc blocks back to the old
1805 * dquot. We don't normally handle delalloc quota reservations
1806 * transactionally, so just lock the dquot and subtract from the
1807 * reservation. Dirty the transaction because it's too late to turn
1808 * back now.
1809 */
1810 tp->t_flags |= XFS_TRANS_DIRTY;
1811 xfs_dqlock(prevdq);
1812 ASSERT(prevdq->q_blk.reserved >= ip->i_delayed_blks);
1813 prevdq->q_blk.reserved -= ip->i_delayed_blks;
1814 xfs_dqunlock(prevdq);
1815
1816 /*
1817 * Take an extra reference, because the inode is going to keep
1818 * this dquot pointer even after the trans_commit.
1819 */
1820 *IO_olddq = xfs_qm_dqhold(newdq);
1821
1822 return prevdq;
1823}
1824
1825int
1826xfs_qm_vop_rename_dqattach(
1827 struct xfs_inode **i_tab)
1828{
1829 struct xfs_mount *mp = i_tab[0]->i_mount;
1830 int i;
1831
1832 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
1833 return 0;
1834
1835 for (i = 0; (i < 4 && i_tab[i]); i++) {
1836 struct xfs_inode *ip = i_tab[i];
1837 int error;
1838
1839 /*
1840 * Watch out for duplicate entries in the table.
1841 */
1842 if (i == 0 || ip != i_tab[i-1]) {
1843 if (XFS_NOT_DQATTACHED(mp, ip)) {
1844 error = xfs_qm_dqattach(ip);
1845 if (error)
1846 return error;
1847 }
1848 }
1849 }
1850 return 0;
1851}
1852
1853void
1854xfs_qm_vop_create_dqattach(
1855 struct xfs_trans *tp,
1856 struct xfs_inode *ip,
1857 struct xfs_dquot *udqp,
1858 struct xfs_dquot *gdqp,
1859 struct xfs_dquot *pdqp)
1860{
1861 struct xfs_mount *mp = tp->t_mountp;
1862
1863 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
1864 return;
1865
1866 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
1867
1868 if (udqp && XFS_IS_UQUOTA_ON(mp)) {
1869 ASSERT(ip->i_udquot == NULL);
1870 ASSERT(i_uid_read(VFS_I(ip)) == udqp->q_id);
1871
1872 ip->i_udquot = xfs_qm_dqhold(udqp);
1873 xfs_trans_mod_dquot(tp, udqp, XFS_TRANS_DQ_ICOUNT, 1);
1874 }
1875 if (gdqp && XFS_IS_GQUOTA_ON(mp)) {
1876 ASSERT(ip->i_gdquot == NULL);
1877 ASSERT(i_gid_read(VFS_I(ip)) == gdqp->q_id);
1878
1879 ip->i_gdquot = xfs_qm_dqhold(gdqp);
1880 xfs_trans_mod_dquot(tp, gdqp, XFS_TRANS_DQ_ICOUNT, 1);
1881 }
1882 if (pdqp && XFS_IS_PQUOTA_ON(mp)) {
1883 ASSERT(ip->i_pdquot == NULL);
1884 ASSERT(ip->i_projid == pdqp->q_id);
1885
1886 ip->i_pdquot = xfs_qm_dqhold(pdqp);
1887 xfs_trans_mod_dquot(tp, pdqp, XFS_TRANS_DQ_ICOUNT, 1);
1888 }
1889}
1890