Loading...
1/*
2 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
3 * All Rights Reserved.
4 *
5 * This program is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * This program is distributed in the hope that it would be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU General Public License for more details.
13 *
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write the Free Software Foundation,
16 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
17 */
18#include "xfs.h"
19#include "xfs_fs.h"
20#include "xfs_bit.h"
21#include "xfs_log.h"
22#include "xfs_inum.h"
23#include "xfs_trans.h"
24#include "xfs_sb.h"
25#include "xfs_ag.h"
26#include "xfs_alloc.h"
27#include "xfs_quota.h"
28#include "xfs_mount.h"
29#include "xfs_bmap_btree.h"
30#include "xfs_ialloc_btree.h"
31#include "xfs_dinode.h"
32#include "xfs_inode.h"
33#include "xfs_ialloc.h"
34#include "xfs_itable.h"
35#include "xfs_rtalloc.h"
36#include "xfs_error.h"
37#include "xfs_bmap.h"
38#include "xfs_attr.h"
39#include "xfs_buf_item.h"
40#include "xfs_trans_space.h"
41#include "xfs_utils.h"
42#include "xfs_qm.h"
43#include "xfs_trace.h"
44
45/*
46 * The global quota manager. There is only one of these for the entire
47 * system, _not_ one per file system. XQM keeps track of the overall
48 * quota functionality, including maintaining the freelist and hash
49 * tables of dquots.
50 */
51struct mutex xfs_Gqm_lock;
52struct xfs_qm *xfs_Gqm;
53uint ndquot;
54
55kmem_zone_t *qm_dqzone;
56kmem_zone_t *qm_dqtrxzone;
57
58STATIC void xfs_qm_list_init(xfs_dqlist_t *, char *, int);
59STATIC void xfs_qm_list_destroy(xfs_dqlist_t *);
60
61STATIC int xfs_qm_init_quotainos(xfs_mount_t *);
62STATIC int xfs_qm_init_quotainfo(xfs_mount_t *);
63STATIC int xfs_qm_shake(struct shrinker *, struct shrink_control *);
64
65static struct shrinker xfs_qm_shaker = {
66 .shrink = xfs_qm_shake,
67 .seeks = DEFAULT_SEEKS,
68};
69
70/*
71 * Initialize the XQM structure.
72 * Note that there is not one quota manager per file system.
73 */
74STATIC struct xfs_qm *
75xfs_Gqm_init(void)
76{
77 xfs_dqhash_t *udqhash, *gdqhash;
78 xfs_qm_t *xqm;
79 size_t hsize;
80 uint i;
81
82 /*
83 * Initialize the dquot hash tables.
84 */
85 udqhash = kmem_zalloc_greedy(&hsize,
86 XFS_QM_HASHSIZE_LOW * sizeof(xfs_dqhash_t),
87 XFS_QM_HASHSIZE_HIGH * sizeof(xfs_dqhash_t));
88 if (!udqhash)
89 goto out;
90
91 gdqhash = kmem_zalloc_large(hsize);
92 if (!gdqhash)
93 goto out_free_udqhash;
94
95 hsize /= sizeof(xfs_dqhash_t);
96 ndquot = hsize << 8;
97
98 xqm = kmem_zalloc(sizeof(xfs_qm_t), KM_SLEEP);
99 xqm->qm_dqhashmask = hsize - 1;
100 xqm->qm_usr_dqhtable = udqhash;
101 xqm->qm_grp_dqhtable = gdqhash;
102 ASSERT(xqm->qm_usr_dqhtable != NULL);
103 ASSERT(xqm->qm_grp_dqhtable != NULL);
104
105 for (i = 0; i < hsize; i++) {
106 xfs_qm_list_init(&(xqm->qm_usr_dqhtable[i]), "uxdqh", i);
107 xfs_qm_list_init(&(xqm->qm_grp_dqhtable[i]), "gxdqh", i);
108 }
109
110 /*
111 * Freelist of all dquots of all file systems
112 */
113 INIT_LIST_HEAD(&xqm->qm_dqfrlist);
114 xqm->qm_dqfrlist_cnt = 0;
115 mutex_init(&xqm->qm_dqfrlist_lock);
116
117 /*
118 * dquot zone. we register our own low-memory callback.
119 */
120 if (!qm_dqzone) {
121 xqm->qm_dqzone = kmem_zone_init(sizeof(xfs_dquot_t),
122 "xfs_dquots");
123 qm_dqzone = xqm->qm_dqzone;
124 } else
125 xqm->qm_dqzone = qm_dqzone;
126
127 register_shrinker(&xfs_qm_shaker);
128
129 /*
130 * The t_dqinfo portion of transactions.
131 */
132 if (!qm_dqtrxzone) {
133 xqm->qm_dqtrxzone = kmem_zone_init(sizeof(xfs_dquot_acct_t),
134 "xfs_dqtrx");
135 qm_dqtrxzone = xqm->qm_dqtrxzone;
136 } else
137 xqm->qm_dqtrxzone = qm_dqtrxzone;
138
139 atomic_set(&xqm->qm_totaldquots, 0);
140 xqm->qm_dqfree_ratio = XFS_QM_DQFREE_RATIO;
141 xqm->qm_nrefs = 0;
142 return xqm;
143
144 out_free_udqhash:
145 kmem_free_large(udqhash);
146 out:
147 return NULL;
148}
149
150/*
151 * Destroy the global quota manager when its reference count goes to zero.
152 */
153STATIC void
154xfs_qm_destroy(
155 struct xfs_qm *xqm)
156{
157 struct xfs_dquot *dqp, *n;
158 int hsize, i;
159
160 ASSERT(xqm != NULL);
161 ASSERT(xqm->qm_nrefs == 0);
162 unregister_shrinker(&xfs_qm_shaker);
163 hsize = xqm->qm_dqhashmask + 1;
164 for (i = 0; i < hsize; i++) {
165 xfs_qm_list_destroy(&(xqm->qm_usr_dqhtable[i]));
166 xfs_qm_list_destroy(&(xqm->qm_grp_dqhtable[i]));
167 }
168 kmem_free_large(xqm->qm_usr_dqhtable);
169 kmem_free_large(xqm->qm_grp_dqhtable);
170 xqm->qm_usr_dqhtable = NULL;
171 xqm->qm_grp_dqhtable = NULL;
172 xqm->qm_dqhashmask = 0;
173
174 /* frlist cleanup */
175 mutex_lock(&xqm->qm_dqfrlist_lock);
176 list_for_each_entry_safe(dqp, n, &xqm->qm_dqfrlist, q_freelist) {
177 xfs_dqlock(dqp);
178 list_del_init(&dqp->q_freelist);
179 xfs_Gqm->qm_dqfrlist_cnt--;
180 xfs_dqunlock(dqp);
181 xfs_qm_dqdestroy(dqp);
182 }
183 mutex_unlock(&xqm->qm_dqfrlist_lock);
184 mutex_destroy(&xqm->qm_dqfrlist_lock);
185 kmem_free(xqm);
186}
187
188/*
189 * Called at mount time to let XQM know that another file system is
190 * starting quotas. This isn't crucial information as the individual mount
191 * structures are pretty independent, but it helps the XQM keep a
192 * global view of what's going on.
193 */
194/* ARGSUSED */
195STATIC int
196xfs_qm_hold_quotafs_ref(
197 struct xfs_mount *mp)
198{
199 /*
200 * Need to lock the xfs_Gqm structure for things like this. For example,
201 * the structure could disappear between the entry to this routine and
202 * a HOLD operation if not locked.
203 */
204 mutex_lock(&xfs_Gqm_lock);
205
206 if (!xfs_Gqm) {
207 xfs_Gqm = xfs_Gqm_init();
208 if (!xfs_Gqm) {
209 mutex_unlock(&xfs_Gqm_lock);
210 return ENOMEM;
211 }
212 }
213
214 /*
215 * We can keep a list of all filesystems with quotas mounted for
216 * debugging and statistical purposes, but ...
217 * Just take a reference and get out.
218 */
219 xfs_Gqm->qm_nrefs++;
220 mutex_unlock(&xfs_Gqm_lock);
221
222 return 0;
223}
224
225
226/*
227 * Release the reference that a filesystem took at mount time,
228 * so that we know when we need to destroy the entire quota manager.
229 */
230/* ARGSUSED */
231STATIC void
232xfs_qm_rele_quotafs_ref(
233 struct xfs_mount *mp)
234{
235 xfs_dquot_t *dqp, *n;
236
237 ASSERT(xfs_Gqm);
238 ASSERT(xfs_Gqm->qm_nrefs > 0);
239
240 /*
241 * Go thru the freelist and destroy all inactive dquots.
242 */
243 mutex_lock(&xfs_Gqm->qm_dqfrlist_lock);
244
245 list_for_each_entry_safe(dqp, n, &xfs_Gqm->qm_dqfrlist, q_freelist) {
246 xfs_dqlock(dqp);
247 if (dqp->dq_flags & XFS_DQ_INACTIVE) {
248 ASSERT(dqp->q_mount == NULL);
249 ASSERT(! XFS_DQ_IS_DIRTY(dqp));
250 ASSERT(list_empty(&dqp->q_hashlist));
251 ASSERT(list_empty(&dqp->q_mplist));
252 list_del_init(&dqp->q_freelist);
253 xfs_Gqm->qm_dqfrlist_cnt--;
254 xfs_dqunlock(dqp);
255 xfs_qm_dqdestroy(dqp);
256 } else {
257 xfs_dqunlock(dqp);
258 }
259 }
260 mutex_unlock(&xfs_Gqm->qm_dqfrlist_lock);
261
262 /*
263 * Destroy the entire XQM. If somebody mounts with quotaon, this'll
264 * be restarted.
265 */
266 mutex_lock(&xfs_Gqm_lock);
267 if (--xfs_Gqm->qm_nrefs == 0) {
268 xfs_qm_destroy(xfs_Gqm);
269 xfs_Gqm = NULL;
270 }
271 mutex_unlock(&xfs_Gqm_lock);
272}
273
274/*
275 * Just destroy the quotainfo structure.
276 */
277void
278xfs_qm_unmount(
279 struct xfs_mount *mp)
280{
281 if (mp->m_quotainfo) {
282 xfs_qm_dqpurge_all(mp, XFS_QMOPT_QUOTALL);
283 xfs_qm_destroy_quotainfo(mp);
284 }
285}
286
287
288/*
289 * This is called from xfs_mountfs to start quotas and initialize all
290 * necessary data structures like quotainfo. This is also responsible for
291 * running a quotacheck as necessary. We are guaranteed that the superblock
292 * is consistently read in at this point.
293 *
294 * If we fail here, the mount will continue with quota turned off. We don't
295 * need to inidicate success or failure at all.
296 */
297void
298xfs_qm_mount_quotas(
299 xfs_mount_t *mp)
300{
301 int error = 0;
302 uint sbf;
303
304 /*
305 * If quotas on realtime volumes is not supported, we disable
306 * quotas immediately.
307 */
308 if (mp->m_sb.sb_rextents) {
309 xfs_notice(mp, "Cannot turn on quotas for realtime filesystem");
310 mp->m_qflags = 0;
311 goto write_changes;
312 }
313
314 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
315
316 /*
317 * Allocate the quotainfo structure inside the mount struct, and
318 * create quotainode(s), and change/rev superblock if necessary.
319 */
320 error = xfs_qm_init_quotainfo(mp);
321 if (error) {
322 /*
323 * We must turn off quotas.
324 */
325 ASSERT(mp->m_quotainfo == NULL);
326 mp->m_qflags = 0;
327 goto write_changes;
328 }
329 /*
330 * If any of the quotas are not consistent, do a quotacheck.
331 */
332 if (XFS_QM_NEED_QUOTACHECK(mp)) {
333 error = xfs_qm_quotacheck(mp);
334 if (error) {
335 /* Quotacheck failed and disabled quotas. */
336 return;
337 }
338 }
339 /*
340 * If one type of quotas is off, then it will lose its
341 * quotachecked status, since we won't be doing accounting for
342 * that type anymore.
343 */
344 if (!XFS_IS_UQUOTA_ON(mp))
345 mp->m_qflags &= ~XFS_UQUOTA_CHKD;
346 if (!(XFS_IS_GQUOTA_ON(mp) || XFS_IS_PQUOTA_ON(mp)))
347 mp->m_qflags &= ~XFS_OQUOTA_CHKD;
348
349 write_changes:
350 /*
351 * We actually don't have to acquire the m_sb_lock at all.
352 * This can only be called from mount, and that's single threaded. XXX
353 */
354 spin_lock(&mp->m_sb_lock);
355 sbf = mp->m_sb.sb_qflags;
356 mp->m_sb.sb_qflags = mp->m_qflags & XFS_MOUNT_QUOTA_ALL;
357 spin_unlock(&mp->m_sb_lock);
358
359 if (sbf != (mp->m_qflags & XFS_MOUNT_QUOTA_ALL)) {
360 if (xfs_qm_write_sb_changes(mp, XFS_SB_QFLAGS)) {
361 /*
362 * We could only have been turning quotas off.
363 * We aren't in very good shape actually because
364 * the incore structures are convinced that quotas are
365 * off, but the on disk superblock doesn't know that !
366 */
367 ASSERT(!(XFS_IS_QUOTA_RUNNING(mp)));
368 xfs_alert(mp, "%s: Superblock update failed!",
369 __func__);
370 }
371 }
372
373 if (error) {
374 xfs_warn(mp, "Failed to initialize disk quotas.");
375 return;
376 }
377}
378
379/*
380 * Called from the vfsops layer.
381 */
382void
383xfs_qm_unmount_quotas(
384 xfs_mount_t *mp)
385{
386 /*
387 * Release the dquots that root inode, et al might be holding,
388 * before we flush quotas and blow away the quotainfo structure.
389 */
390 ASSERT(mp->m_rootip);
391 xfs_qm_dqdetach(mp->m_rootip);
392 if (mp->m_rbmip)
393 xfs_qm_dqdetach(mp->m_rbmip);
394 if (mp->m_rsumip)
395 xfs_qm_dqdetach(mp->m_rsumip);
396
397 /*
398 * Release the quota inodes.
399 */
400 if (mp->m_quotainfo) {
401 if (mp->m_quotainfo->qi_uquotaip) {
402 IRELE(mp->m_quotainfo->qi_uquotaip);
403 mp->m_quotainfo->qi_uquotaip = NULL;
404 }
405 if (mp->m_quotainfo->qi_gquotaip) {
406 IRELE(mp->m_quotainfo->qi_gquotaip);
407 mp->m_quotainfo->qi_gquotaip = NULL;
408 }
409 }
410}
411
412/*
413 * Flush all dquots of the given file system to disk. The dquots are
414 * _not_ purged from memory here, just their data written to disk.
415 */
416STATIC int
417xfs_qm_dqflush_all(
418 struct xfs_mount *mp,
419 int sync_mode)
420{
421 struct xfs_quotainfo *q = mp->m_quotainfo;
422 int recl;
423 struct xfs_dquot *dqp;
424 int error;
425
426 if (!q)
427 return 0;
428again:
429 mutex_lock(&q->qi_dqlist_lock);
430 list_for_each_entry(dqp, &q->qi_dqlist, q_mplist) {
431 xfs_dqlock(dqp);
432 if (! XFS_DQ_IS_DIRTY(dqp)) {
433 xfs_dqunlock(dqp);
434 continue;
435 }
436
437 /* XXX a sentinel would be better */
438 recl = q->qi_dqreclaims;
439 if (!xfs_dqflock_nowait(dqp)) {
440 /*
441 * If we can't grab the flush lock then check
442 * to see if the dquot has been flushed delayed
443 * write. If so, grab its buffer and send it
444 * out immediately. We'll be able to acquire
445 * the flush lock when the I/O completes.
446 */
447 xfs_qm_dqflock_pushbuf_wait(dqp);
448 }
449 /*
450 * Let go of the mplist lock. We don't want to hold it
451 * across a disk write.
452 */
453 mutex_unlock(&q->qi_dqlist_lock);
454 error = xfs_qm_dqflush(dqp, sync_mode);
455 xfs_dqunlock(dqp);
456 if (error)
457 return error;
458
459 mutex_lock(&q->qi_dqlist_lock);
460 if (recl != q->qi_dqreclaims) {
461 mutex_unlock(&q->qi_dqlist_lock);
462 /* XXX restart limit */
463 goto again;
464 }
465 }
466
467 mutex_unlock(&q->qi_dqlist_lock);
468 /* return ! busy */
469 return 0;
470}
471/*
472 * Release the group dquot pointers the user dquots may be
473 * carrying around as a hint. mplist is locked on entry and exit.
474 */
475STATIC void
476xfs_qm_detach_gdquots(
477 struct xfs_mount *mp)
478{
479 struct xfs_quotainfo *q = mp->m_quotainfo;
480 struct xfs_dquot *dqp, *gdqp;
481 int nrecl;
482
483 again:
484 ASSERT(mutex_is_locked(&q->qi_dqlist_lock));
485 list_for_each_entry(dqp, &q->qi_dqlist, q_mplist) {
486 xfs_dqlock(dqp);
487 if ((gdqp = dqp->q_gdquot)) {
488 xfs_dqlock(gdqp);
489 dqp->q_gdquot = NULL;
490 }
491 xfs_dqunlock(dqp);
492
493 if (gdqp) {
494 /*
495 * Can't hold the mplist lock across a dqput.
496 * XXXmust convert to marker based iterations here.
497 */
498 nrecl = q->qi_dqreclaims;
499 mutex_unlock(&q->qi_dqlist_lock);
500 xfs_qm_dqput(gdqp);
501
502 mutex_lock(&q->qi_dqlist_lock);
503 if (nrecl != q->qi_dqreclaims)
504 goto again;
505 }
506 }
507}
508
509/*
510 * Go through all the incore dquots of this file system and take them
511 * off the mplist and hashlist, if the dquot type matches the dqtype
512 * parameter. This is used when turning off quota accounting for
513 * users and/or groups, as well as when the filesystem is unmounting.
514 */
515STATIC int
516xfs_qm_dqpurge_int(
517 struct xfs_mount *mp,
518 uint flags)
519{
520 struct xfs_quotainfo *q = mp->m_quotainfo;
521 struct xfs_dquot *dqp, *n;
522 uint dqtype;
523 int nrecl;
524 int nmisses;
525
526 if (!q)
527 return 0;
528
529 dqtype = (flags & XFS_QMOPT_UQUOTA) ? XFS_DQ_USER : 0;
530 dqtype |= (flags & XFS_QMOPT_PQUOTA) ? XFS_DQ_PROJ : 0;
531 dqtype |= (flags & XFS_QMOPT_GQUOTA) ? XFS_DQ_GROUP : 0;
532
533 mutex_lock(&q->qi_dqlist_lock);
534
535 /*
536 * In the first pass through all incore dquots of this filesystem,
537 * we release the group dquot pointers the user dquots may be
538 * carrying around as a hint. We need to do this irrespective of
539 * what's being turned off.
540 */
541 xfs_qm_detach_gdquots(mp);
542
543 again:
544 nmisses = 0;
545 ASSERT(mutex_is_locked(&q->qi_dqlist_lock));
546 /*
547 * Try to get rid of all of the unwanted dquots. The idea is to
548 * get them off mplist and hashlist, but leave them on freelist.
549 */
550 list_for_each_entry_safe(dqp, n, &q->qi_dqlist, q_mplist) {
551 /*
552 * It's OK to look at the type without taking dqlock here.
553 * We're holding the mplist lock here, and that's needed for
554 * a dqreclaim.
555 */
556 if ((dqp->dq_flags & dqtype) == 0)
557 continue;
558
559 if (!mutex_trylock(&dqp->q_hash->qh_lock)) {
560 nrecl = q->qi_dqreclaims;
561 mutex_unlock(&q->qi_dqlist_lock);
562 mutex_lock(&dqp->q_hash->qh_lock);
563 mutex_lock(&q->qi_dqlist_lock);
564
565 /*
566 * XXXTheoretically, we can get into a very long
567 * ping pong game here.
568 * No one can be adding dquots to the mplist at
569 * this point, but somebody might be taking things off.
570 */
571 if (nrecl != q->qi_dqreclaims) {
572 mutex_unlock(&dqp->q_hash->qh_lock);
573 goto again;
574 }
575 }
576
577 /*
578 * Take the dquot off the mplist and hashlist. It may remain on
579 * freelist in INACTIVE state.
580 */
581 nmisses += xfs_qm_dqpurge(dqp);
582 }
583 mutex_unlock(&q->qi_dqlist_lock);
584 return nmisses;
585}
586
587int
588xfs_qm_dqpurge_all(
589 xfs_mount_t *mp,
590 uint flags)
591{
592 int ndquots;
593
594 /*
595 * Purge the dquot cache.
596 * None of the dquots should really be busy at this point.
597 */
598 if (mp->m_quotainfo) {
599 while ((ndquots = xfs_qm_dqpurge_int(mp, flags))) {
600 delay(ndquots * 10);
601 }
602 }
603 return 0;
604}
605
606STATIC int
607xfs_qm_dqattach_one(
608 xfs_inode_t *ip,
609 xfs_dqid_t id,
610 uint type,
611 uint doalloc,
612 xfs_dquot_t *udqhint, /* hint */
613 xfs_dquot_t **IO_idqpp)
614{
615 xfs_dquot_t *dqp;
616 int error;
617
618 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
619 error = 0;
620
621 /*
622 * See if we already have it in the inode itself. IO_idqpp is
623 * &i_udquot or &i_gdquot. This made the code look weird, but
624 * made the logic a lot simpler.
625 */
626 dqp = *IO_idqpp;
627 if (dqp) {
628 trace_xfs_dqattach_found(dqp);
629 return 0;
630 }
631
632 /*
633 * udqhint is the i_udquot field in inode, and is non-NULL only
634 * when the type arg is group/project. Its purpose is to save a
635 * lookup by dqid (xfs_qm_dqget) by caching a group dquot inside
636 * the user dquot.
637 */
638 if (udqhint) {
639 ASSERT(type == XFS_DQ_GROUP || type == XFS_DQ_PROJ);
640 xfs_dqlock(udqhint);
641
642 /*
643 * No need to take dqlock to look at the id.
644 *
645 * The ID can't change until it gets reclaimed, and it won't
646 * be reclaimed as long as we have a ref from inode and we
647 * hold the ilock.
648 */
649 dqp = udqhint->q_gdquot;
650 if (dqp && be32_to_cpu(dqp->q_core.d_id) == id) {
651 xfs_dqlock(dqp);
652 XFS_DQHOLD(dqp);
653 ASSERT(*IO_idqpp == NULL);
654 *IO_idqpp = dqp;
655
656 xfs_dqunlock(dqp);
657 xfs_dqunlock(udqhint);
658 return 0;
659 }
660
661 /*
662 * We can't hold a dquot lock when we call the dqget code.
663 * We'll deadlock in no time, because of (not conforming to)
664 * lock ordering - the inodelock comes before any dquot lock,
665 * and we may drop and reacquire the ilock in xfs_qm_dqget().
666 */
667 xfs_dqunlock(udqhint);
668 }
669
670 /*
671 * Find the dquot from somewhere. This bumps the
672 * reference count of dquot and returns it locked.
673 * This can return ENOENT if dquot didn't exist on
674 * disk and we didn't ask it to allocate;
675 * ESRCH if quotas got turned off suddenly.
676 */
677 error = xfs_qm_dqget(ip->i_mount, ip, id, type, XFS_QMOPT_DOWARN, &dqp);
678 if (error)
679 return error;
680
681 trace_xfs_dqattach_get(dqp);
682
683 /*
684 * dqget may have dropped and re-acquired the ilock, but it guarantees
685 * that the dquot returned is the one that should go in the inode.
686 */
687 *IO_idqpp = dqp;
688 xfs_dqunlock(dqp);
689 return 0;
690}
691
692
693/*
694 * Given a udquot and gdquot, attach a ptr to the group dquot in the
695 * udquot as a hint for future lookups. The idea sounds simple, but the
696 * execution isn't, because the udquot might have a group dquot attached
697 * already and getting rid of that gets us into lock ordering constraints.
698 * The process is complicated more by the fact that the dquots may or may not
699 * be locked on entry.
700 */
701STATIC void
702xfs_qm_dqattach_grouphint(
703 xfs_dquot_t *udq,
704 xfs_dquot_t *gdq)
705{
706 xfs_dquot_t *tmp;
707
708 xfs_dqlock(udq);
709
710 if ((tmp = udq->q_gdquot)) {
711 if (tmp == gdq) {
712 xfs_dqunlock(udq);
713 return;
714 }
715
716 udq->q_gdquot = NULL;
717 /*
718 * We can't keep any dqlocks when calling dqrele,
719 * because the freelist lock comes before dqlocks.
720 */
721 xfs_dqunlock(udq);
722 /*
723 * we took a hard reference once upon a time in dqget,
724 * so give it back when the udquot no longer points at it
725 * dqput() does the unlocking of the dquot.
726 */
727 xfs_qm_dqrele(tmp);
728
729 xfs_dqlock(udq);
730 xfs_dqlock(gdq);
731
732 } else {
733 ASSERT(XFS_DQ_IS_LOCKED(udq));
734 xfs_dqlock(gdq);
735 }
736
737 ASSERT(XFS_DQ_IS_LOCKED(udq));
738 ASSERT(XFS_DQ_IS_LOCKED(gdq));
739 /*
740 * Somebody could have attached a gdquot here,
741 * when we dropped the uqlock. If so, just do nothing.
742 */
743 if (udq->q_gdquot == NULL) {
744 XFS_DQHOLD(gdq);
745 udq->q_gdquot = gdq;
746 }
747
748 xfs_dqunlock(gdq);
749 xfs_dqunlock(udq);
750}
751
752
753/*
754 * Given a locked inode, attach dquot(s) to it, taking U/G/P-QUOTAON
755 * into account.
756 * If XFS_QMOPT_DQALLOC, the dquot(s) will be allocated if needed.
757 * Inode may get unlocked and relocked in here, and the caller must deal with
758 * the consequences.
759 */
760int
761xfs_qm_dqattach_locked(
762 xfs_inode_t *ip,
763 uint flags)
764{
765 xfs_mount_t *mp = ip->i_mount;
766 uint nquotas = 0;
767 int error = 0;
768
769 if (!XFS_IS_QUOTA_RUNNING(mp) ||
770 !XFS_IS_QUOTA_ON(mp) ||
771 !XFS_NOT_DQATTACHED(mp, ip) ||
772 ip->i_ino == mp->m_sb.sb_uquotino ||
773 ip->i_ino == mp->m_sb.sb_gquotino)
774 return 0;
775
776 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
777
778 if (XFS_IS_UQUOTA_ON(mp)) {
779 error = xfs_qm_dqattach_one(ip, ip->i_d.di_uid, XFS_DQ_USER,
780 flags & XFS_QMOPT_DQALLOC,
781 NULL, &ip->i_udquot);
782 if (error)
783 goto done;
784 nquotas++;
785 }
786
787 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
788 if (XFS_IS_OQUOTA_ON(mp)) {
789 error = XFS_IS_GQUOTA_ON(mp) ?
790 xfs_qm_dqattach_one(ip, ip->i_d.di_gid, XFS_DQ_GROUP,
791 flags & XFS_QMOPT_DQALLOC,
792 ip->i_udquot, &ip->i_gdquot) :
793 xfs_qm_dqattach_one(ip, xfs_get_projid(ip), XFS_DQ_PROJ,
794 flags & XFS_QMOPT_DQALLOC,
795 ip->i_udquot, &ip->i_gdquot);
796 /*
797 * Don't worry about the udquot that we may have
798 * attached above. It'll get detached, if not already.
799 */
800 if (error)
801 goto done;
802 nquotas++;
803 }
804
805 /*
806 * Attach this group quota to the user quota as a hint.
807 * This WON'T, in general, result in a thrash.
808 */
809 if (nquotas == 2) {
810 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
811 ASSERT(ip->i_udquot);
812 ASSERT(ip->i_gdquot);
813
814 /*
815 * We may or may not have the i_udquot locked at this point,
816 * but this check is OK since we don't depend on the i_gdquot to
817 * be accurate 100% all the time. It is just a hint, and this
818 * will succeed in general.
819 */
820 if (ip->i_udquot->q_gdquot == ip->i_gdquot)
821 goto done;
822 /*
823 * Attach i_gdquot to the gdquot hint inside the i_udquot.
824 */
825 xfs_qm_dqattach_grouphint(ip->i_udquot, ip->i_gdquot);
826 }
827
828 done:
829#ifdef DEBUG
830 if (!error) {
831 if (XFS_IS_UQUOTA_ON(mp))
832 ASSERT(ip->i_udquot);
833 if (XFS_IS_OQUOTA_ON(mp))
834 ASSERT(ip->i_gdquot);
835 }
836 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
837#endif
838 return error;
839}
840
841int
842xfs_qm_dqattach(
843 struct xfs_inode *ip,
844 uint flags)
845{
846 int error;
847
848 xfs_ilock(ip, XFS_ILOCK_EXCL);
849 error = xfs_qm_dqattach_locked(ip, flags);
850 xfs_iunlock(ip, XFS_ILOCK_EXCL);
851
852 return error;
853}
854
855/*
856 * Release dquots (and their references) if any.
857 * The inode should be locked EXCL except when this's called by
858 * xfs_ireclaim.
859 */
860void
861xfs_qm_dqdetach(
862 xfs_inode_t *ip)
863{
864 if (!(ip->i_udquot || ip->i_gdquot))
865 return;
866
867 trace_xfs_dquot_dqdetach(ip);
868
869 ASSERT(ip->i_ino != ip->i_mount->m_sb.sb_uquotino);
870 ASSERT(ip->i_ino != ip->i_mount->m_sb.sb_gquotino);
871 if (ip->i_udquot) {
872 xfs_qm_dqrele(ip->i_udquot);
873 ip->i_udquot = NULL;
874 }
875 if (ip->i_gdquot) {
876 xfs_qm_dqrele(ip->i_gdquot);
877 ip->i_gdquot = NULL;
878 }
879}
880
881int
882xfs_qm_sync(
883 struct xfs_mount *mp,
884 int flags)
885{
886 struct xfs_quotainfo *q = mp->m_quotainfo;
887 int recl, restarts;
888 struct xfs_dquot *dqp;
889 int error;
890
891 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
892 return 0;
893
894 restarts = 0;
895
896 again:
897 mutex_lock(&q->qi_dqlist_lock);
898 /*
899 * dqpurge_all() also takes the mplist lock and iterate thru all dquots
900 * in quotaoff. However, if the QUOTA_ACTIVE bits are not cleared
901 * when we have the mplist lock, we know that dquots will be consistent
902 * as long as we have it locked.
903 */
904 if (!XFS_IS_QUOTA_ON(mp)) {
905 mutex_unlock(&q->qi_dqlist_lock);
906 return 0;
907 }
908 ASSERT(mutex_is_locked(&q->qi_dqlist_lock));
909 list_for_each_entry(dqp, &q->qi_dqlist, q_mplist) {
910 /*
911 * If this is vfs_sync calling, then skip the dquots that
912 * don't 'seem' to be dirty. ie. don't acquire dqlock.
913 * This is very similar to what xfs_sync does with inodes.
914 */
915 if (flags & SYNC_TRYLOCK) {
916 if (!XFS_DQ_IS_DIRTY(dqp))
917 continue;
918 if (!xfs_qm_dqlock_nowait(dqp))
919 continue;
920 } else {
921 xfs_dqlock(dqp);
922 }
923
924 /*
925 * Now, find out for sure if this dquot is dirty or not.
926 */
927 if (! XFS_DQ_IS_DIRTY(dqp)) {
928 xfs_dqunlock(dqp);
929 continue;
930 }
931
932 /* XXX a sentinel would be better */
933 recl = q->qi_dqreclaims;
934 if (!xfs_dqflock_nowait(dqp)) {
935 if (flags & SYNC_TRYLOCK) {
936 xfs_dqunlock(dqp);
937 continue;
938 }
939 /*
940 * If we can't grab the flush lock then if the caller
941 * really wanted us to give this our best shot, so
942 * see if we can give a push to the buffer before we wait
943 * on the flush lock. At this point, we know that
944 * even though the dquot is being flushed,
945 * it has (new) dirty data.
946 */
947 xfs_qm_dqflock_pushbuf_wait(dqp);
948 }
949 /*
950 * Let go of the mplist lock. We don't want to hold it
951 * across a disk write
952 */
953 mutex_unlock(&q->qi_dqlist_lock);
954 error = xfs_qm_dqflush(dqp, flags);
955 xfs_dqunlock(dqp);
956 if (error && XFS_FORCED_SHUTDOWN(mp))
957 return 0; /* Need to prevent umount failure */
958 else if (error)
959 return error;
960
961 mutex_lock(&q->qi_dqlist_lock);
962 if (recl != q->qi_dqreclaims) {
963 if (++restarts >= XFS_QM_SYNC_MAX_RESTARTS)
964 break;
965
966 mutex_unlock(&q->qi_dqlist_lock);
967 goto again;
968 }
969 }
970
971 mutex_unlock(&q->qi_dqlist_lock);
972 return 0;
973}
974
975/*
976 * The hash chains and the mplist use the same xfs_dqhash structure as
977 * their list head, but we can take the mplist qh_lock and one of the
978 * hash qh_locks at the same time without any problem as they aren't
979 * related.
980 */
981static struct lock_class_key xfs_quota_mplist_class;
982
983/*
984 * This initializes all the quota information that's kept in the
985 * mount structure
986 */
987STATIC int
988xfs_qm_init_quotainfo(
989 xfs_mount_t *mp)
990{
991 xfs_quotainfo_t *qinf;
992 int error;
993 xfs_dquot_t *dqp;
994
995 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
996
997 /*
998 * Tell XQM that we exist as soon as possible.
999 */
1000 if ((error = xfs_qm_hold_quotafs_ref(mp))) {
1001 return error;
1002 }
1003
1004 qinf = mp->m_quotainfo = kmem_zalloc(sizeof(xfs_quotainfo_t), KM_SLEEP);
1005
1006 /*
1007 * See if quotainodes are setup, and if not, allocate them,
1008 * and change the superblock accordingly.
1009 */
1010 if ((error = xfs_qm_init_quotainos(mp))) {
1011 kmem_free(qinf);
1012 mp->m_quotainfo = NULL;
1013 return error;
1014 }
1015
1016 INIT_LIST_HEAD(&qinf->qi_dqlist);
1017 mutex_init(&qinf->qi_dqlist_lock);
1018 lockdep_set_class(&qinf->qi_dqlist_lock, &xfs_quota_mplist_class);
1019
1020 qinf->qi_dqreclaims = 0;
1021
1022 /* mutex used to serialize quotaoffs */
1023 mutex_init(&qinf->qi_quotaofflock);
1024
1025 /* Precalc some constants */
1026 qinf->qi_dqchunklen = XFS_FSB_TO_BB(mp, XFS_DQUOT_CLUSTER_SIZE_FSB);
1027 ASSERT(qinf->qi_dqchunklen);
1028 qinf->qi_dqperchunk = BBTOB(qinf->qi_dqchunklen);
1029 do_div(qinf->qi_dqperchunk, sizeof(xfs_dqblk_t));
1030
1031 mp->m_qflags |= (mp->m_sb.sb_qflags & XFS_ALL_QUOTA_CHKD);
1032
1033 /*
1034 * We try to get the limits from the superuser's limits fields.
1035 * This is quite hacky, but it is standard quota practice.
1036 * We look at the USR dquot with id == 0 first, but if user quotas
1037 * are not enabled we goto the GRP dquot with id == 0.
1038 * We don't really care to keep separate default limits for user
1039 * and group quotas, at least not at this point.
1040 */
1041 error = xfs_qm_dqget(mp, NULL, (xfs_dqid_t)0,
1042 XFS_IS_UQUOTA_RUNNING(mp) ? XFS_DQ_USER :
1043 (XFS_IS_GQUOTA_RUNNING(mp) ? XFS_DQ_GROUP :
1044 XFS_DQ_PROJ),
1045 XFS_QMOPT_DQSUSER|XFS_QMOPT_DOWARN,
1046 &dqp);
1047 if (! error) {
1048 xfs_disk_dquot_t *ddqp = &dqp->q_core;
1049
1050 /*
1051 * The warnings and timers set the grace period given to
1052 * a user or group before he or she can not perform any
1053 * more writing. If it is zero, a default is used.
1054 */
1055 qinf->qi_btimelimit = ddqp->d_btimer ?
1056 be32_to_cpu(ddqp->d_btimer) : XFS_QM_BTIMELIMIT;
1057 qinf->qi_itimelimit = ddqp->d_itimer ?
1058 be32_to_cpu(ddqp->d_itimer) : XFS_QM_ITIMELIMIT;
1059 qinf->qi_rtbtimelimit = ddqp->d_rtbtimer ?
1060 be32_to_cpu(ddqp->d_rtbtimer) : XFS_QM_RTBTIMELIMIT;
1061 qinf->qi_bwarnlimit = ddqp->d_bwarns ?
1062 be16_to_cpu(ddqp->d_bwarns) : XFS_QM_BWARNLIMIT;
1063 qinf->qi_iwarnlimit = ddqp->d_iwarns ?
1064 be16_to_cpu(ddqp->d_iwarns) : XFS_QM_IWARNLIMIT;
1065 qinf->qi_rtbwarnlimit = ddqp->d_rtbwarns ?
1066 be16_to_cpu(ddqp->d_rtbwarns) : XFS_QM_RTBWARNLIMIT;
1067 qinf->qi_bhardlimit = be64_to_cpu(ddqp->d_blk_hardlimit);
1068 qinf->qi_bsoftlimit = be64_to_cpu(ddqp->d_blk_softlimit);
1069 qinf->qi_ihardlimit = be64_to_cpu(ddqp->d_ino_hardlimit);
1070 qinf->qi_isoftlimit = be64_to_cpu(ddqp->d_ino_softlimit);
1071 qinf->qi_rtbhardlimit = be64_to_cpu(ddqp->d_rtb_hardlimit);
1072 qinf->qi_rtbsoftlimit = be64_to_cpu(ddqp->d_rtb_softlimit);
1073
1074 /*
1075 * We sent the XFS_QMOPT_DQSUSER flag to dqget because
1076 * we don't want this dquot cached. We haven't done a
1077 * quotacheck yet, and quotacheck doesn't like incore dquots.
1078 */
1079 xfs_qm_dqdestroy(dqp);
1080 } else {
1081 qinf->qi_btimelimit = XFS_QM_BTIMELIMIT;
1082 qinf->qi_itimelimit = XFS_QM_ITIMELIMIT;
1083 qinf->qi_rtbtimelimit = XFS_QM_RTBTIMELIMIT;
1084 qinf->qi_bwarnlimit = XFS_QM_BWARNLIMIT;
1085 qinf->qi_iwarnlimit = XFS_QM_IWARNLIMIT;
1086 qinf->qi_rtbwarnlimit = XFS_QM_RTBWARNLIMIT;
1087 }
1088
1089 return 0;
1090}
1091
1092
1093/*
1094 * Gets called when unmounting a filesystem or when all quotas get
1095 * turned off.
1096 * This purges the quota inodes, destroys locks and frees itself.
1097 */
1098void
1099xfs_qm_destroy_quotainfo(
1100 xfs_mount_t *mp)
1101{
1102 xfs_quotainfo_t *qi;
1103
1104 qi = mp->m_quotainfo;
1105 ASSERT(qi != NULL);
1106 ASSERT(xfs_Gqm != NULL);
1107
1108 /*
1109 * Release the reference that XQM kept, so that we know
1110 * when the XQM structure should be freed. We cannot assume
1111 * that xfs_Gqm is non-null after this point.
1112 */
1113 xfs_qm_rele_quotafs_ref(mp);
1114
1115 ASSERT(list_empty(&qi->qi_dqlist));
1116 mutex_destroy(&qi->qi_dqlist_lock);
1117
1118 if (qi->qi_uquotaip) {
1119 IRELE(qi->qi_uquotaip);
1120 qi->qi_uquotaip = NULL; /* paranoia */
1121 }
1122 if (qi->qi_gquotaip) {
1123 IRELE(qi->qi_gquotaip);
1124 qi->qi_gquotaip = NULL;
1125 }
1126 mutex_destroy(&qi->qi_quotaofflock);
1127 kmem_free(qi);
1128 mp->m_quotainfo = NULL;
1129}
1130
1131
1132
1133/* ------------------- PRIVATE STATIC FUNCTIONS ----------------------- */
1134
1135/* ARGSUSED */
1136STATIC void
1137xfs_qm_list_init(
1138 xfs_dqlist_t *list,
1139 char *str,
1140 int n)
1141{
1142 mutex_init(&list->qh_lock);
1143 INIT_LIST_HEAD(&list->qh_list);
1144 list->qh_version = 0;
1145 list->qh_nelems = 0;
1146}
1147
1148STATIC void
1149xfs_qm_list_destroy(
1150 xfs_dqlist_t *list)
1151{
1152 mutex_destroy(&(list->qh_lock));
1153}
1154
1155/*
1156 * Create an inode and return with a reference already taken, but unlocked
1157 * This is how we create quota inodes
1158 */
1159STATIC int
1160xfs_qm_qino_alloc(
1161 xfs_mount_t *mp,
1162 xfs_inode_t **ip,
1163 __int64_t sbfields,
1164 uint flags)
1165{
1166 xfs_trans_t *tp;
1167 int error;
1168 int committed;
1169
1170 tp = xfs_trans_alloc(mp, XFS_TRANS_QM_QINOCREATE);
1171 if ((error = xfs_trans_reserve(tp,
1172 XFS_QM_QINOCREATE_SPACE_RES(mp),
1173 XFS_CREATE_LOG_RES(mp), 0,
1174 XFS_TRANS_PERM_LOG_RES,
1175 XFS_CREATE_LOG_COUNT))) {
1176 xfs_trans_cancel(tp, 0);
1177 return error;
1178 }
1179
1180 error = xfs_dir_ialloc(&tp, NULL, S_IFREG, 1, 0, 0, 1, ip, &committed);
1181 if (error) {
1182 xfs_trans_cancel(tp, XFS_TRANS_RELEASE_LOG_RES |
1183 XFS_TRANS_ABORT);
1184 return error;
1185 }
1186
1187 /*
1188 * Make the changes in the superblock, and log those too.
1189 * sbfields arg may contain fields other than *QUOTINO;
1190 * VERSIONNUM for example.
1191 */
1192 spin_lock(&mp->m_sb_lock);
1193 if (flags & XFS_QMOPT_SBVERSION) {
1194 ASSERT(!xfs_sb_version_hasquota(&mp->m_sb));
1195 ASSERT((sbfields & (XFS_SB_VERSIONNUM | XFS_SB_UQUOTINO |
1196 XFS_SB_GQUOTINO | XFS_SB_QFLAGS)) ==
1197 (XFS_SB_VERSIONNUM | XFS_SB_UQUOTINO |
1198 XFS_SB_GQUOTINO | XFS_SB_QFLAGS));
1199
1200 xfs_sb_version_addquota(&mp->m_sb);
1201 mp->m_sb.sb_uquotino = NULLFSINO;
1202 mp->m_sb.sb_gquotino = NULLFSINO;
1203
1204 /* qflags will get updated _after_ quotacheck */
1205 mp->m_sb.sb_qflags = 0;
1206 }
1207 if (flags & XFS_QMOPT_UQUOTA)
1208 mp->m_sb.sb_uquotino = (*ip)->i_ino;
1209 else
1210 mp->m_sb.sb_gquotino = (*ip)->i_ino;
1211 spin_unlock(&mp->m_sb_lock);
1212 xfs_mod_sb(tp, sbfields);
1213
1214 if ((error = xfs_trans_commit(tp, XFS_TRANS_RELEASE_LOG_RES))) {
1215 xfs_alert(mp, "%s failed (error %d)!", __func__, error);
1216 return error;
1217 }
1218 return 0;
1219}
1220
1221
1222STATIC void
1223xfs_qm_reset_dqcounts(
1224 xfs_mount_t *mp,
1225 xfs_buf_t *bp,
1226 xfs_dqid_t id,
1227 uint type)
1228{
1229 xfs_disk_dquot_t *ddq;
1230 int j;
1231
1232 trace_xfs_reset_dqcounts(bp, _RET_IP_);
1233
1234 /*
1235 * Reset all counters and timers. They'll be
1236 * started afresh by xfs_qm_quotacheck.
1237 */
1238#ifdef DEBUG
1239 j = XFS_FSB_TO_B(mp, XFS_DQUOT_CLUSTER_SIZE_FSB);
1240 do_div(j, sizeof(xfs_dqblk_t));
1241 ASSERT(mp->m_quotainfo->qi_dqperchunk == j);
1242#endif
1243 ddq = bp->b_addr;
1244 for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) {
1245 /*
1246 * Do a sanity check, and if needed, repair the dqblk. Don't
1247 * output any warnings because it's perfectly possible to
1248 * find uninitialised dquot blks. See comment in xfs_qm_dqcheck.
1249 */
1250 (void) xfs_qm_dqcheck(mp, ddq, id+j, type, XFS_QMOPT_DQREPAIR,
1251 "xfs_quotacheck");
1252 ddq->d_bcount = 0;
1253 ddq->d_icount = 0;
1254 ddq->d_rtbcount = 0;
1255 ddq->d_btimer = 0;
1256 ddq->d_itimer = 0;
1257 ddq->d_rtbtimer = 0;
1258 ddq->d_bwarns = 0;
1259 ddq->d_iwarns = 0;
1260 ddq->d_rtbwarns = 0;
1261 ddq = (xfs_disk_dquot_t *) ((xfs_dqblk_t *)ddq + 1);
1262 }
1263}
1264
1265STATIC int
1266xfs_qm_dqiter_bufs(
1267 xfs_mount_t *mp,
1268 xfs_dqid_t firstid,
1269 xfs_fsblock_t bno,
1270 xfs_filblks_t blkcnt,
1271 uint flags)
1272{
1273 xfs_buf_t *bp;
1274 int error;
1275 int type;
1276
1277 ASSERT(blkcnt > 0);
1278 type = flags & XFS_QMOPT_UQUOTA ? XFS_DQ_USER :
1279 (flags & XFS_QMOPT_PQUOTA ? XFS_DQ_PROJ : XFS_DQ_GROUP);
1280 error = 0;
1281
1282 /*
1283 * Blkcnt arg can be a very big number, and might even be
1284 * larger than the log itself. So, we have to break it up into
1285 * manageable-sized transactions.
1286 * Note that we don't start a permanent transaction here; we might
1287 * not be able to get a log reservation for the whole thing up front,
1288 * and we don't really care to either, because we just discard
1289 * everything if we were to crash in the middle of this loop.
1290 */
1291 while (blkcnt--) {
1292 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
1293 XFS_FSB_TO_DADDR(mp, bno),
1294 mp->m_quotainfo->qi_dqchunklen, 0, &bp);
1295 if (error)
1296 break;
1297
1298 xfs_qm_reset_dqcounts(mp, bp, firstid, type);
1299 xfs_bdwrite(mp, bp);
1300 /*
1301 * goto the next block.
1302 */
1303 bno++;
1304 firstid += mp->m_quotainfo->qi_dqperchunk;
1305 }
1306 return error;
1307}
1308
1309/*
1310 * Iterate over all allocated USR/GRP/PRJ dquots in the system, calling a
1311 * caller supplied function for every chunk of dquots that we find.
1312 */
1313STATIC int
1314xfs_qm_dqiterate(
1315 xfs_mount_t *mp,
1316 xfs_inode_t *qip,
1317 uint flags)
1318{
1319 xfs_bmbt_irec_t *map;
1320 int i, nmaps; /* number of map entries */
1321 int error; /* return value */
1322 xfs_fileoff_t lblkno;
1323 xfs_filblks_t maxlblkcnt;
1324 xfs_dqid_t firstid;
1325 xfs_fsblock_t rablkno;
1326 xfs_filblks_t rablkcnt;
1327
1328 error = 0;
1329 /*
1330 * This looks racy, but we can't keep an inode lock across a
1331 * trans_reserve. But, this gets called during quotacheck, and that
1332 * happens only at mount time which is single threaded.
1333 */
1334 if (qip->i_d.di_nblocks == 0)
1335 return 0;
1336
1337 map = kmem_alloc(XFS_DQITER_MAP_SIZE * sizeof(*map), KM_SLEEP);
1338
1339 lblkno = 0;
1340 maxlblkcnt = XFS_B_TO_FSB(mp, (xfs_ufsize_t)XFS_MAXIOFFSET(mp));
1341 do {
1342 nmaps = XFS_DQITER_MAP_SIZE;
1343 /*
1344 * We aren't changing the inode itself. Just changing
1345 * some of its data. No new blocks are added here, and
1346 * the inode is never added to the transaction.
1347 */
1348 xfs_ilock(qip, XFS_ILOCK_SHARED);
1349 error = xfs_bmapi(NULL, qip, lblkno,
1350 maxlblkcnt - lblkno,
1351 XFS_BMAPI_METADATA,
1352 NULL,
1353 0, map, &nmaps, NULL);
1354 xfs_iunlock(qip, XFS_ILOCK_SHARED);
1355 if (error)
1356 break;
1357
1358 ASSERT(nmaps <= XFS_DQITER_MAP_SIZE);
1359 for (i = 0; i < nmaps; i++) {
1360 ASSERT(map[i].br_startblock != DELAYSTARTBLOCK);
1361 ASSERT(map[i].br_blockcount);
1362
1363
1364 lblkno += map[i].br_blockcount;
1365
1366 if (map[i].br_startblock == HOLESTARTBLOCK)
1367 continue;
1368
1369 firstid = (xfs_dqid_t) map[i].br_startoff *
1370 mp->m_quotainfo->qi_dqperchunk;
1371 /*
1372 * Do a read-ahead on the next extent.
1373 */
1374 if ((i+1 < nmaps) &&
1375 (map[i+1].br_startblock != HOLESTARTBLOCK)) {
1376 rablkcnt = map[i+1].br_blockcount;
1377 rablkno = map[i+1].br_startblock;
1378 while (rablkcnt--) {
1379 xfs_buf_readahead(mp->m_ddev_targp,
1380 XFS_FSB_TO_DADDR(mp, rablkno),
1381 mp->m_quotainfo->qi_dqchunklen);
1382 rablkno++;
1383 }
1384 }
1385 /*
1386 * Iterate thru all the blks in the extent and
1387 * reset the counters of all the dquots inside them.
1388 */
1389 if ((error = xfs_qm_dqiter_bufs(mp,
1390 firstid,
1391 map[i].br_startblock,
1392 map[i].br_blockcount,
1393 flags))) {
1394 break;
1395 }
1396 }
1397
1398 if (error)
1399 break;
1400 } while (nmaps > 0);
1401
1402 kmem_free(map);
1403
1404 return error;
1405}
1406
1407/*
1408 * Called by dqusage_adjust in doing a quotacheck.
1409 *
1410 * Given the inode, and a dquot id this updates both the incore dqout as well
1411 * as the buffer copy. This is so that once the quotacheck is done, we can
1412 * just log all the buffers, as opposed to logging numerous updates to
1413 * individual dquots.
1414 */
1415STATIC int
1416xfs_qm_quotacheck_dqadjust(
1417 struct xfs_inode *ip,
1418 xfs_dqid_t id,
1419 uint type,
1420 xfs_qcnt_t nblks,
1421 xfs_qcnt_t rtblks)
1422{
1423 struct xfs_mount *mp = ip->i_mount;
1424 struct xfs_dquot *dqp;
1425 int error;
1426
1427 error = xfs_qm_dqget(mp, ip, id, type,
1428 XFS_QMOPT_DQALLOC | XFS_QMOPT_DOWARN, &dqp);
1429 if (error) {
1430 /*
1431 * Shouldn't be able to turn off quotas here.
1432 */
1433 ASSERT(error != ESRCH);
1434 ASSERT(error != ENOENT);
1435 return error;
1436 }
1437
1438 trace_xfs_dqadjust(dqp);
1439
1440 /*
1441 * Adjust the inode count and the block count to reflect this inode's
1442 * resource usage.
1443 */
1444 be64_add_cpu(&dqp->q_core.d_icount, 1);
1445 dqp->q_res_icount++;
1446 if (nblks) {
1447 be64_add_cpu(&dqp->q_core.d_bcount, nblks);
1448 dqp->q_res_bcount += nblks;
1449 }
1450 if (rtblks) {
1451 be64_add_cpu(&dqp->q_core.d_rtbcount, rtblks);
1452 dqp->q_res_rtbcount += rtblks;
1453 }
1454
1455 /*
1456 * Set default limits, adjust timers (since we changed usages)
1457 *
1458 * There are no timers for the default values set in the root dquot.
1459 */
1460 if (dqp->q_core.d_id) {
1461 xfs_qm_adjust_dqlimits(mp, &dqp->q_core);
1462 xfs_qm_adjust_dqtimers(mp, &dqp->q_core);
1463 }
1464
1465 dqp->dq_flags |= XFS_DQ_DIRTY;
1466 xfs_qm_dqput(dqp);
1467 return 0;
1468}
1469
1470STATIC int
1471xfs_qm_get_rtblks(
1472 xfs_inode_t *ip,
1473 xfs_qcnt_t *O_rtblks)
1474{
1475 xfs_filblks_t rtblks; /* total rt blks */
1476 xfs_extnum_t idx; /* extent record index */
1477 xfs_ifork_t *ifp; /* inode fork pointer */
1478 xfs_extnum_t nextents; /* number of extent entries */
1479 int error;
1480
1481 ASSERT(XFS_IS_REALTIME_INODE(ip));
1482 ifp = XFS_IFORK_PTR(ip, XFS_DATA_FORK);
1483 if (!(ifp->if_flags & XFS_IFEXTENTS)) {
1484 if ((error = xfs_iread_extents(NULL, ip, XFS_DATA_FORK)))
1485 return error;
1486 }
1487 rtblks = 0;
1488 nextents = ifp->if_bytes / (uint)sizeof(xfs_bmbt_rec_t);
1489 for (idx = 0; idx < nextents; idx++)
1490 rtblks += xfs_bmbt_get_blockcount(xfs_iext_get_ext(ifp, idx));
1491 *O_rtblks = (xfs_qcnt_t)rtblks;
1492 return 0;
1493}
1494
1495/*
1496 * callback routine supplied to bulkstat(). Given an inumber, find its
1497 * dquots and update them to account for resources taken by that inode.
1498 */
1499/* ARGSUSED */
1500STATIC int
1501xfs_qm_dqusage_adjust(
1502 xfs_mount_t *mp, /* mount point for filesystem */
1503 xfs_ino_t ino, /* inode number to get data for */
1504 void __user *buffer, /* not used */
1505 int ubsize, /* not used */
1506 int *ubused, /* not used */
1507 int *res) /* result code value */
1508{
1509 xfs_inode_t *ip;
1510 xfs_qcnt_t nblks, rtblks = 0;
1511 int error;
1512
1513 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
1514
1515 /*
1516 * rootino must have its resources accounted for, not so with the quota
1517 * inodes.
1518 */
1519 if (ino == mp->m_sb.sb_uquotino || ino == mp->m_sb.sb_gquotino) {
1520 *res = BULKSTAT_RV_NOTHING;
1521 return XFS_ERROR(EINVAL);
1522 }
1523
1524 /*
1525 * We don't _need_ to take the ilock EXCL. However, the xfs_qm_dqget
1526 * interface expects the inode to be exclusively locked because that's
1527 * the case in all other instances. It's OK that we do this because
1528 * quotacheck is done only at mount time.
1529 */
1530 error = xfs_iget(mp, NULL, ino, 0, XFS_ILOCK_EXCL, &ip);
1531 if (error) {
1532 *res = BULKSTAT_RV_NOTHING;
1533 return error;
1534 }
1535
1536 ASSERT(ip->i_delayed_blks == 0);
1537
1538 if (XFS_IS_REALTIME_INODE(ip)) {
1539 /*
1540 * Walk thru the extent list and count the realtime blocks.
1541 */
1542 error = xfs_qm_get_rtblks(ip, &rtblks);
1543 if (error)
1544 goto error0;
1545 }
1546
1547 nblks = (xfs_qcnt_t)ip->i_d.di_nblocks - rtblks;
1548
1549 /*
1550 * Add the (disk blocks and inode) resources occupied by this
1551 * inode to its dquots. We do this adjustment in the incore dquot,
1552 * and also copy the changes to its buffer.
1553 * We don't care about putting these changes in a transaction
1554 * envelope because if we crash in the middle of a 'quotacheck'
1555 * we have to start from the beginning anyway.
1556 * Once we're done, we'll log all the dquot bufs.
1557 *
1558 * The *QUOTA_ON checks below may look pretty racy, but quotachecks
1559 * and quotaoffs don't race. (Quotachecks happen at mount time only).
1560 */
1561 if (XFS_IS_UQUOTA_ON(mp)) {
1562 error = xfs_qm_quotacheck_dqadjust(ip, ip->i_d.di_uid,
1563 XFS_DQ_USER, nblks, rtblks);
1564 if (error)
1565 goto error0;
1566 }
1567
1568 if (XFS_IS_GQUOTA_ON(mp)) {
1569 error = xfs_qm_quotacheck_dqadjust(ip, ip->i_d.di_gid,
1570 XFS_DQ_GROUP, nblks, rtblks);
1571 if (error)
1572 goto error0;
1573 }
1574
1575 if (XFS_IS_PQUOTA_ON(mp)) {
1576 error = xfs_qm_quotacheck_dqadjust(ip, xfs_get_projid(ip),
1577 XFS_DQ_PROJ, nblks, rtblks);
1578 if (error)
1579 goto error0;
1580 }
1581
1582 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1583 IRELE(ip);
1584 *res = BULKSTAT_RV_DIDONE;
1585 return 0;
1586
1587error0:
1588 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1589 IRELE(ip);
1590 *res = BULKSTAT_RV_GIVEUP;
1591 return error;
1592}
1593
1594/*
1595 * Walk thru all the filesystem inodes and construct a consistent view
1596 * of the disk quota world. If the quotacheck fails, disable quotas.
1597 */
1598int
1599xfs_qm_quotacheck(
1600 xfs_mount_t *mp)
1601{
1602 int done, count, error;
1603 xfs_ino_t lastino;
1604 size_t structsz;
1605 xfs_inode_t *uip, *gip;
1606 uint flags;
1607
1608 count = INT_MAX;
1609 structsz = 1;
1610 lastino = 0;
1611 flags = 0;
1612
1613 ASSERT(mp->m_quotainfo->qi_uquotaip || mp->m_quotainfo->qi_gquotaip);
1614 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
1615
1616 /*
1617 * There should be no cached dquots. The (simplistic) quotacheck
1618 * algorithm doesn't like that.
1619 */
1620 ASSERT(list_empty(&mp->m_quotainfo->qi_dqlist));
1621
1622 xfs_notice(mp, "Quotacheck needed: Please wait.");
1623
1624 /*
1625 * First we go thru all the dquots on disk, USR and GRP/PRJ, and reset
1626 * their counters to zero. We need a clean slate.
1627 * We don't log our changes till later.
1628 */
1629 uip = mp->m_quotainfo->qi_uquotaip;
1630 if (uip) {
1631 error = xfs_qm_dqiterate(mp, uip, XFS_QMOPT_UQUOTA);
1632 if (error)
1633 goto error_return;
1634 flags |= XFS_UQUOTA_CHKD;
1635 }
1636
1637 gip = mp->m_quotainfo->qi_gquotaip;
1638 if (gip) {
1639 error = xfs_qm_dqiterate(mp, gip, XFS_IS_GQUOTA_ON(mp) ?
1640 XFS_QMOPT_GQUOTA : XFS_QMOPT_PQUOTA);
1641 if (error)
1642 goto error_return;
1643 flags |= XFS_OQUOTA_CHKD;
1644 }
1645
1646 do {
1647 /*
1648 * Iterate thru all the inodes in the file system,
1649 * adjusting the corresponding dquot counters in core.
1650 */
1651 error = xfs_bulkstat(mp, &lastino, &count,
1652 xfs_qm_dqusage_adjust,
1653 structsz, NULL, &done);
1654 if (error)
1655 break;
1656
1657 } while (!done);
1658
1659 /*
1660 * We've made all the changes that we need to make incore.
1661 * Flush them down to disk buffers if everything was updated
1662 * successfully.
1663 */
1664 if (!error)
1665 error = xfs_qm_dqflush_all(mp, 0);
1666
1667 /*
1668 * We can get this error if we couldn't do a dquot allocation inside
1669 * xfs_qm_dqusage_adjust (via bulkstat). We don't care about the
1670 * dirty dquots that might be cached, we just want to get rid of them
1671 * and turn quotaoff. The dquots won't be attached to any of the inodes
1672 * at this point (because we intentionally didn't in dqget_noattach).
1673 */
1674 if (error) {
1675 xfs_qm_dqpurge_all(mp, XFS_QMOPT_QUOTALL);
1676 goto error_return;
1677 }
1678
1679 /*
1680 * We didn't log anything, because if we crashed, we'll have to
1681 * start the quotacheck from scratch anyway. However, we must make
1682 * sure that our dquot changes are secure before we put the
1683 * quotacheck'd stamp on the superblock. So, here we do a synchronous
1684 * flush.
1685 */
1686 XFS_bflush(mp->m_ddev_targp);
1687
1688 /*
1689 * If one type of quotas is off, then it will lose its
1690 * quotachecked status, since we won't be doing accounting for
1691 * that type anymore.
1692 */
1693 mp->m_qflags &= ~(XFS_OQUOTA_CHKD | XFS_UQUOTA_CHKD);
1694 mp->m_qflags |= flags;
1695
1696 error_return:
1697 if (error) {
1698 xfs_warn(mp,
1699 "Quotacheck: Unsuccessful (Error %d): Disabling quotas.",
1700 error);
1701 /*
1702 * We must turn off quotas.
1703 */
1704 ASSERT(mp->m_quotainfo != NULL);
1705 ASSERT(xfs_Gqm != NULL);
1706 xfs_qm_destroy_quotainfo(mp);
1707 if (xfs_mount_reset_sbqflags(mp)) {
1708 xfs_warn(mp,
1709 "Quotacheck: Failed to reset quota flags.");
1710 }
1711 } else
1712 xfs_notice(mp, "Quotacheck: Done.");
1713 return (error);
1714}
1715
1716/*
1717 * This is called after the superblock has been read in and we're ready to
1718 * iget the quota inodes.
1719 */
1720STATIC int
1721xfs_qm_init_quotainos(
1722 xfs_mount_t *mp)
1723{
1724 xfs_inode_t *uip, *gip;
1725 int error;
1726 __int64_t sbflags;
1727 uint flags;
1728
1729 ASSERT(mp->m_quotainfo);
1730 uip = gip = NULL;
1731 sbflags = 0;
1732 flags = 0;
1733
1734 /*
1735 * Get the uquota and gquota inodes
1736 */
1737 if (xfs_sb_version_hasquota(&mp->m_sb)) {
1738 if (XFS_IS_UQUOTA_ON(mp) &&
1739 mp->m_sb.sb_uquotino != NULLFSINO) {
1740 ASSERT(mp->m_sb.sb_uquotino > 0);
1741 if ((error = xfs_iget(mp, NULL, mp->m_sb.sb_uquotino,
1742 0, 0, &uip)))
1743 return XFS_ERROR(error);
1744 }
1745 if (XFS_IS_OQUOTA_ON(mp) &&
1746 mp->m_sb.sb_gquotino != NULLFSINO) {
1747 ASSERT(mp->m_sb.sb_gquotino > 0);
1748 if ((error = xfs_iget(mp, NULL, mp->m_sb.sb_gquotino,
1749 0, 0, &gip))) {
1750 if (uip)
1751 IRELE(uip);
1752 return XFS_ERROR(error);
1753 }
1754 }
1755 } else {
1756 flags |= XFS_QMOPT_SBVERSION;
1757 sbflags |= (XFS_SB_VERSIONNUM | XFS_SB_UQUOTINO |
1758 XFS_SB_GQUOTINO | XFS_SB_QFLAGS);
1759 }
1760
1761 /*
1762 * Create the two inodes, if they don't exist already. The changes
1763 * made above will get added to a transaction and logged in one of
1764 * the qino_alloc calls below. If the device is readonly,
1765 * temporarily switch to read-write to do this.
1766 */
1767 if (XFS_IS_UQUOTA_ON(mp) && uip == NULL) {
1768 if ((error = xfs_qm_qino_alloc(mp, &uip,
1769 sbflags | XFS_SB_UQUOTINO,
1770 flags | XFS_QMOPT_UQUOTA)))
1771 return XFS_ERROR(error);
1772
1773 flags &= ~XFS_QMOPT_SBVERSION;
1774 }
1775 if (XFS_IS_OQUOTA_ON(mp) && gip == NULL) {
1776 flags |= (XFS_IS_GQUOTA_ON(mp) ?
1777 XFS_QMOPT_GQUOTA : XFS_QMOPT_PQUOTA);
1778 error = xfs_qm_qino_alloc(mp, &gip,
1779 sbflags | XFS_SB_GQUOTINO, flags);
1780 if (error) {
1781 if (uip)
1782 IRELE(uip);
1783
1784 return XFS_ERROR(error);
1785 }
1786 }
1787
1788 mp->m_quotainfo->qi_uquotaip = uip;
1789 mp->m_quotainfo->qi_gquotaip = gip;
1790
1791 return 0;
1792}
1793
1794
1795
1796/*
1797 * Just pop the least recently used dquot off the freelist and
1798 * recycle it. The returned dquot is locked.
1799 */
1800STATIC xfs_dquot_t *
1801xfs_qm_dqreclaim_one(void)
1802{
1803 xfs_dquot_t *dqpout;
1804 xfs_dquot_t *dqp;
1805 int restarts;
1806 int startagain;
1807
1808 restarts = 0;
1809 dqpout = NULL;
1810
1811 /* lockorder: hashchainlock, freelistlock, mplistlock, dqlock, dqflock */
1812again:
1813 startagain = 0;
1814 mutex_lock(&xfs_Gqm->qm_dqfrlist_lock);
1815
1816 list_for_each_entry(dqp, &xfs_Gqm->qm_dqfrlist, q_freelist) {
1817 struct xfs_mount *mp = dqp->q_mount;
1818 xfs_dqlock(dqp);
1819
1820 /*
1821 * We are racing with dqlookup here. Naturally we don't
1822 * want to reclaim a dquot that lookup wants. We release the
1823 * freelist lock and start over, so that lookup will grab
1824 * both the dquot and the freelistlock.
1825 */
1826 if (dqp->dq_flags & XFS_DQ_WANT) {
1827 ASSERT(! (dqp->dq_flags & XFS_DQ_INACTIVE));
1828
1829 trace_xfs_dqreclaim_want(dqp);
1830 XQM_STATS_INC(xqmstats.xs_qm_dqwants);
1831 restarts++;
1832 startagain = 1;
1833 goto dqunlock;
1834 }
1835
1836 /*
1837 * If the dquot is inactive, we are assured that it is
1838 * not on the mplist or the hashlist, and that makes our
1839 * life easier.
1840 */
1841 if (dqp->dq_flags & XFS_DQ_INACTIVE) {
1842 ASSERT(mp == NULL);
1843 ASSERT(! XFS_DQ_IS_DIRTY(dqp));
1844 ASSERT(list_empty(&dqp->q_hashlist));
1845 ASSERT(list_empty(&dqp->q_mplist));
1846 list_del_init(&dqp->q_freelist);
1847 xfs_Gqm->qm_dqfrlist_cnt--;
1848 dqpout = dqp;
1849 XQM_STATS_INC(xqmstats.xs_qm_dqinact_reclaims);
1850 goto dqunlock;
1851 }
1852
1853 ASSERT(dqp->q_hash);
1854 ASSERT(!list_empty(&dqp->q_mplist));
1855
1856 /*
1857 * Try to grab the flush lock. If this dquot is in the process
1858 * of getting flushed to disk, we don't want to reclaim it.
1859 */
1860 if (!xfs_dqflock_nowait(dqp))
1861 goto dqunlock;
1862
1863 /*
1864 * We have the flush lock so we know that this is not in the
1865 * process of being flushed. So, if this is dirty, flush it
1866 * DELWRI so that we don't get a freelist infested with
1867 * dirty dquots.
1868 */
1869 if (XFS_DQ_IS_DIRTY(dqp)) {
1870 int error;
1871
1872 trace_xfs_dqreclaim_dirty(dqp);
1873
1874 /*
1875 * We flush it delayed write, so don't bother
1876 * releasing the freelist lock.
1877 */
1878 error = xfs_qm_dqflush(dqp, 0);
1879 if (error) {
1880 xfs_warn(mp, "%s: dquot %p flush failed",
1881 __func__, dqp);
1882 }
1883 goto dqunlock;
1884 }
1885
1886 /*
1887 * We're trying to get the hashlock out of order. This races
1888 * with dqlookup; so, we giveup and goto the next dquot if
1889 * we couldn't get the hashlock. This way, we won't starve
1890 * a dqlookup process that holds the hashlock that is
1891 * waiting for the freelist lock.
1892 */
1893 if (!mutex_trylock(&dqp->q_hash->qh_lock)) {
1894 restarts++;
1895 goto dqfunlock;
1896 }
1897
1898 /*
1899 * This races with dquot allocation code as well as dqflush_all
1900 * and reclaim code. So, if we failed to grab the mplist lock,
1901 * giveup everything and start over.
1902 */
1903 if (!mutex_trylock(&mp->m_quotainfo->qi_dqlist_lock)) {
1904 restarts++;
1905 startagain = 1;
1906 goto qhunlock;
1907 }
1908
1909 ASSERT(dqp->q_nrefs == 0);
1910 list_del_init(&dqp->q_mplist);
1911 mp->m_quotainfo->qi_dquots--;
1912 mp->m_quotainfo->qi_dqreclaims++;
1913 list_del_init(&dqp->q_hashlist);
1914 dqp->q_hash->qh_version++;
1915 list_del_init(&dqp->q_freelist);
1916 xfs_Gqm->qm_dqfrlist_cnt--;
1917 dqpout = dqp;
1918 mutex_unlock(&mp->m_quotainfo->qi_dqlist_lock);
1919qhunlock:
1920 mutex_unlock(&dqp->q_hash->qh_lock);
1921dqfunlock:
1922 xfs_dqfunlock(dqp);
1923dqunlock:
1924 xfs_dqunlock(dqp);
1925 if (dqpout)
1926 break;
1927 if (restarts >= XFS_QM_RECLAIM_MAX_RESTARTS)
1928 break;
1929 if (startagain) {
1930 mutex_unlock(&xfs_Gqm->qm_dqfrlist_lock);
1931 goto again;
1932 }
1933 }
1934 mutex_unlock(&xfs_Gqm->qm_dqfrlist_lock);
1935 return dqpout;
1936}
1937
1938/*
1939 * Traverse the freelist of dquots and attempt to reclaim a maximum of
1940 * 'howmany' dquots. This operation races with dqlookup(), and attempts to
1941 * favor the lookup function ...
1942 */
1943STATIC int
1944xfs_qm_shake_freelist(
1945 int howmany)
1946{
1947 int nreclaimed = 0;
1948 xfs_dquot_t *dqp;
1949
1950 if (howmany <= 0)
1951 return 0;
1952
1953 while (nreclaimed < howmany) {
1954 dqp = xfs_qm_dqreclaim_one();
1955 if (!dqp)
1956 return nreclaimed;
1957 xfs_qm_dqdestroy(dqp);
1958 nreclaimed++;
1959 }
1960 return nreclaimed;
1961}
1962
1963/*
1964 * The kmem_shake interface is invoked when memory is running low.
1965 */
1966/* ARGSUSED */
1967STATIC int
1968xfs_qm_shake(
1969 struct shrinker *shrink,
1970 struct shrink_control *sc)
1971{
1972 int ndqused, nfree, n;
1973 gfp_t gfp_mask = sc->gfp_mask;
1974
1975 if (!kmem_shake_allow(gfp_mask))
1976 return 0;
1977 if (!xfs_Gqm)
1978 return 0;
1979
1980 nfree = xfs_Gqm->qm_dqfrlist_cnt; /* free dquots */
1981 /* incore dquots in all f/s's */
1982 ndqused = atomic_read(&xfs_Gqm->qm_totaldquots) - nfree;
1983
1984 ASSERT(ndqused >= 0);
1985
1986 if (nfree <= ndqused && nfree < ndquot)
1987 return 0;
1988
1989 ndqused *= xfs_Gqm->qm_dqfree_ratio; /* target # of free dquots */
1990 n = nfree - ndqused - ndquot; /* # over target */
1991
1992 return xfs_qm_shake_freelist(MAX(nfree, n));
1993}
1994
1995
1996/*------------------------------------------------------------------*/
1997
1998/*
1999 * Return a new incore dquot. Depending on the number of
2000 * dquots in the system, we either allocate a new one on the kernel heap,
2001 * or reclaim a free one.
2002 * Return value is B_TRUE if we allocated a new dquot, B_FALSE if we managed
2003 * to reclaim an existing one from the freelist.
2004 */
2005boolean_t
2006xfs_qm_dqalloc_incore(
2007 xfs_dquot_t **O_dqpp)
2008{
2009 xfs_dquot_t *dqp;
2010
2011 /*
2012 * Check against high water mark to see if we want to pop
2013 * a nincompoop dquot off the freelist.
2014 */
2015 if (atomic_read(&xfs_Gqm->qm_totaldquots) >= ndquot) {
2016 /*
2017 * Try to recycle a dquot from the freelist.
2018 */
2019 if ((dqp = xfs_qm_dqreclaim_one())) {
2020 XQM_STATS_INC(xqmstats.xs_qm_dqreclaims);
2021 /*
2022 * Just zero the core here. The rest will get
2023 * reinitialized by caller. XXX we shouldn't even
2024 * do this zero ...
2025 */
2026 memset(&dqp->q_core, 0, sizeof(dqp->q_core));
2027 *O_dqpp = dqp;
2028 return B_FALSE;
2029 }
2030 XQM_STATS_INC(xqmstats.xs_qm_dqreclaim_misses);
2031 }
2032
2033 /*
2034 * Allocate a brand new dquot on the kernel heap and return it
2035 * to the caller to initialize.
2036 */
2037 ASSERT(xfs_Gqm->qm_dqzone != NULL);
2038 *O_dqpp = kmem_zone_zalloc(xfs_Gqm->qm_dqzone, KM_SLEEP);
2039 atomic_inc(&xfs_Gqm->qm_totaldquots);
2040
2041 return B_TRUE;
2042}
2043
2044
2045/*
2046 * Start a transaction and write the incore superblock changes to
2047 * disk. flags parameter indicates which fields have changed.
2048 */
2049int
2050xfs_qm_write_sb_changes(
2051 xfs_mount_t *mp,
2052 __int64_t flags)
2053{
2054 xfs_trans_t *tp;
2055 int error;
2056
2057 tp = xfs_trans_alloc(mp, XFS_TRANS_QM_SBCHANGE);
2058 if ((error = xfs_trans_reserve(tp, 0,
2059 mp->m_sb.sb_sectsize + 128, 0,
2060 0,
2061 XFS_DEFAULT_LOG_COUNT))) {
2062 xfs_trans_cancel(tp, 0);
2063 return error;
2064 }
2065
2066 xfs_mod_sb(tp, flags);
2067 error = xfs_trans_commit(tp, 0);
2068
2069 return error;
2070}
2071
2072
2073/* --------------- utility functions for vnodeops ---------------- */
2074
2075
2076/*
2077 * Given an inode, a uid, gid and prid make sure that we have
2078 * allocated relevant dquot(s) on disk, and that we won't exceed inode
2079 * quotas by creating this file.
2080 * This also attaches dquot(s) to the given inode after locking it,
2081 * and returns the dquots corresponding to the uid and/or gid.
2082 *
2083 * in : inode (unlocked)
2084 * out : udquot, gdquot with references taken and unlocked
2085 */
2086int
2087xfs_qm_vop_dqalloc(
2088 struct xfs_inode *ip,
2089 uid_t uid,
2090 gid_t gid,
2091 prid_t prid,
2092 uint flags,
2093 struct xfs_dquot **O_udqpp,
2094 struct xfs_dquot **O_gdqpp)
2095{
2096 struct xfs_mount *mp = ip->i_mount;
2097 struct xfs_dquot *uq, *gq;
2098 int error;
2099 uint lockflags;
2100
2101 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
2102 return 0;
2103
2104 lockflags = XFS_ILOCK_EXCL;
2105 xfs_ilock(ip, lockflags);
2106
2107 if ((flags & XFS_QMOPT_INHERIT) && XFS_INHERIT_GID(ip))
2108 gid = ip->i_d.di_gid;
2109
2110 /*
2111 * Attach the dquot(s) to this inode, doing a dquot allocation
2112 * if necessary. The dquot(s) will not be locked.
2113 */
2114 if (XFS_NOT_DQATTACHED(mp, ip)) {
2115 error = xfs_qm_dqattach_locked(ip, XFS_QMOPT_DQALLOC);
2116 if (error) {
2117 xfs_iunlock(ip, lockflags);
2118 return error;
2119 }
2120 }
2121
2122 uq = gq = NULL;
2123 if ((flags & XFS_QMOPT_UQUOTA) && XFS_IS_UQUOTA_ON(mp)) {
2124 if (ip->i_d.di_uid != uid) {
2125 /*
2126 * What we need is the dquot that has this uid, and
2127 * if we send the inode to dqget, the uid of the inode
2128 * takes priority over what's sent in the uid argument.
2129 * We must unlock inode here before calling dqget if
2130 * we're not sending the inode, because otherwise
2131 * we'll deadlock by doing trans_reserve while
2132 * holding ilock.
2133 */
2134 xfs_iunlock(ip, lockflags);
2135 if ((error = xfs_qm_dqget(mp, NULL, (xfs_dqid_t) uid,
2136 XFS_DQ_USER,
2137 XFS_QMOPT_DQALLOC |
2138 XFS_QMOPT_DOWARN,
2139 &uq))) {
2140 ASSERT(error != ENOENT);
2141 return error;
2142 }
2143 /*
2144 * Get the ilock in the right order.
2145 */
2146 xfs_dqunlock(uq);
2147 lockflags = XFS_ILOCK_SHARED;
2148 xfs_ilock(ip, lockflags);
2149 } else {
2150 /*
2151 * Take an extra reference, because we'll return
2152 * this to caller
2153 */
2154 ASSERT(ip->i_udquot);
2155 uq = ip->i_udquot;
2156 xfs_dqlock(uq);
2157 XFS_DQHOLD(uq);
2158 xfs_dqunlock(uq);
2159 }
2160 }
2161 if ((flags & XFS_QMOPT_GQUOTA) && XFS_IS_GQUOTA_ON(mp)) {
2162 if (ip->i_d.di_gid != gid) {
2163 xfs_iunlock(ip, lockflags);
2164 if ((error = xfs_qm_dqget(mp, NULL, (xfs_dqid_t)gid,
2165 XFS_DQ_GROUP,
2166 XFS_QMOPT_DQALLOC |
2167 XFS_QMOPT_DOWARN,
2168 &gq))) {
2169 if (uq)
2170 xfs_qm_dqrele(uq);
2171 ASSERT(error != ENOENT);
2172 return error;
2173 }
2174 xfs_dqunlock(gq);
2175 lockflags = XFS_ILOCK_SHARED;
2176 xfs_ilock(ip, lockflags);
2177 } else {
2178 ASSERT(ip->i_gdquot);
2179 gq = ip->i_gdquot;
2180 xfs_dqlock(gq);
2181 XFS_DQHOLD(gq);
2182 xfs_dqunlock(gq);
2183 }
2184 } else if ((flags & XFS_QMOPT_PQUOTA) && XFS_IS_PQUOTA_ON(mp)) {
2185 if (xfs_get_projid(ip) != prid) {
2186 xfs_iunlock(ip, lockflags);
2187 if ((error = xfs_qm_dqget(mp, NULL, (xfs_dqid_t)prid,
2188 XFS_DQ_PROJ,
2189 XFS_QMOPT_DQALLOC |
2190 XFS_QMOPT_DOWARN,
2191 &gq))) {
2192 if (uq)
2193 xfs_qm_dqrele(uq);
2194 ASSERT(error != ENOENT);
2195 return (error);
2196 }
2197 xfs_dqunlock(gq);
2198 lockflags = XFS_ILOCK_SHARED;
2199 xfs_ilock(ip, lockflags);
2200 } else {
2201 ASSERT(ip->i_gdquot);
2202 gq = ip->i_gdquot;
2203 xfs_dqlock(gq);
2204 XFS_DQHOLD(gq);
2205 xfs_dqunlock(gq);
2206 }
2207 }
2208 if (uq)
2209 trace_xfs_dquot_dqalloc(ip);
2210
2211 xfs_iunlock(ip, lockflags);
2212 if (O_udqpp)
2213 *O_udqpp = uq;
2214 else if (uq)
2215 xfs_qm_dqrele(uq);
2216 if (O_gdqpp)
2217 *O_gdqpp = gq;
2218 else if (gq)
2219 xfs_qm_dqrele(gq);
2220 return 0;
2221}
2222
2223/*
2224 * Actually transfer ownership, and do dquot modifications.
2225 * These were already reserved.
2226 */
2227xfs_dquot_t *
2228xfs_qm_vop_chown(
2229 xfs_trans_t *tp,
2230 xfs_inode_t *ip,
2231 xfs_dquot_t **IO_olddq,
2232 xfs_dquot_t *newdq)
2233{
2234 xfs_dquot_t *prevdq;
2235 uint bfield = XFS_IS_REALTIME_INODE(ip) ?
2236 XFS_TRANS_DQ_RTBCOUNT : XFS_TRANS_DQ_BCOUNT;
2237
2238
2239 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
2240 ASSERT(XFS_IS_QUOTA_RUNNING(ip->i_mount));
2241
2242 /* old dquot */
2243 prevdq = *IO_olddq;
2244 ASSERT(prevdq);
2245 ASSERT(prevdq != newdq);
2246
2247 xfs_trans_mod_dquot(tp, prevdq, bfield, -(ip->i_d.di_nblocks));
2248 xfs_trans_mod_dquot(tp, prevdq, XFS_TRANS_DQ_ICOUNT, -1);
2249
2250 /* the sparkling new dquot */
2251 xfs_trans_mod_dquot(tp, newdq, bfield, ip->i_d.di_nblocks);
2252 xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_ICOUNT, 1);
2253
2254 /*
2255 * Take an extra reference, because the inode
2256 * is going to keep this dquot pointer even
2257 * after the trans_commit.
2258 */
2259 xfs_dqlock(newdq);
2260 XFS_DQHOLD(newdq);
2261 xfs_dqunlock(newdq);
2262 *IO_olddq = newdq;
2263
2264 return prevdq;
2265}
2266
2267/*
2268 * Quota reservations for setattr(AT_UID|AT_GID|AT_PROJID).
2269 */
2270int
2271xfs_qm_vop_chown_reserve(
2272 xfs_trans_t *tp,
2273 xfs_inode_t *ip,
2274 xfs_dquot_t *udqp,
2275 xfs_dquot_t *gdqp,
2276 uint flags)
2277{
2278 xfs_mount_t *mp = ip->i_mount;
2279 uint delblks, blkflags, prjflags = 0;
2280 xfs_dquot_t *unresudq, *unresgdq, *delblksudq, *delblksgdq;
2281 int error;
2282
2283
2284 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL|XFS_ILOCK_SHARED));
2285 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
2286
2287 delblks = ip->i_delayed_blks;
2288 delblksudq = delblksgdq = unresudq = unresgdq = NULL;
2289 blkflags = XFS_IS_REALTIME_INODE(ip) ?
2290 XFS_QMOPT_RES_RTBLKS : XFS_QMOPT_RES_REGBLKS;
2291
2292 if (XFS_IS_UQUOTA_ON(mp) && udqp &&
2293 ip->i_d.di_uid != (uid_t)be32_to_cpu(udqp->q_core.d_id)) {
2294 delblksudq = udqp;
2295 /*
2296 * If there are delayed allocation blocks, then we have to
2297 * unreserve those from the old dquot, and add them to the
2298 * new dquot.
2299 */
2300 if (delblks) {
2301 ASSERT(ip->i_udquot);
2302 unresudq = ip->i_udquot;
2303 }
2304 }
2305 if (XFS_IS_OQUOTA_ON(ip->i_mount) && gdqp) {
2306 if (XFS_IS_PQUOTA_ON(ip->i_mount) &&
2307 xfs_get_projid(ip) != be32_to_cpu(gdqp->q_core.d_id))
2308 prjflags = XFS_QMOPT_ENOSPC;
2309
2310 if (prjflags ||
2311 (XFS_IS_GQUOTA_ON(ip->i_mount) &&
2312 ip->i_d.di_gid != be32_to_cpu(gdqp->q_core.d_id))) {
2313 delblksgdq = gdqp;
2314 if (delblks) {
2315 ASSERT(ip->i_gdquot);
2316 unresgdq = ip->i_gdquot;
2317 }
2318 }
2319 }
2320
2321 if ((error = xfs_trans_reserve_quota_bydquots(tp, ip->i_mount,
2322 delblksudq, delblksgdq, ip->i_d.di_nblocks, 1,
2323 flags | blkflags | prjflags)))
2324 return (error);
2325
2326 /*
2327 * Do the delayed blks reservations/unreservations now. Since, these
2328 * are done without the help of a transaction, if a reservation fails
2329 * its previous reservations won't be automatically undone by trans
2330 * code. So, we have to do it manually here.
2331 */
2332 if (delblks) {
2333 /*
2334 * Do the reservations first. Unreservation can't fail.
2335 */
2336 ASSERT(delblksudq || delblksgdq);
2337 ASSERT(unresudq || unresgdq);
2338 if ((error = xfs_trans_reserve_quota_bydquots(NULL, ip->i_mount,
2339 delblksudq, delblksgdq, (xfs_qcnt_t)delblks, 0,
2340 flags | blkflags | prjflags)))
2341 return (error);
2342 xfs_trans_reserve_quota_bydquots(NULL, ip->i_mount,
2343 unresudq, unresgdq, -((xfs_qcnt_t)delblks), 0,
2344 blkflags);
2345 }
2346
2347 return (0);
2348}
2349
2350int
2351xfs_qm_vop_rename_dqattach(
2352 struct xfs_inode **i_tab)
2353{
2354 struct xfs_mount *mp = i_tab[0]->i_mount;
2355 int i;
2356
2357 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
2358 return 0;
2359
2360 for (i = 0; (i < 4 && i_tab[i]); i++) {
2361 struct xfs_inode *ip = i_tab[i];
2362 int error;
2363
2364 /*
2365 * Watch out for duplicate entries in the table.
2366 */
2367 if (i == 0 || ip != i_tab[i-1]) {
2368 if (XFS_NOT_DQATTACHED(mp, ip)) {
2369 error = xfs_qm_dqattach(ip, 0);
2370 if (error)
2371 return error;
2372 }
2373 }
2374 }
2375 return 0;
2376}
2377
2378void
2379xfs_qm_vop_create_dqattach(
2380 struct xfs_trans *tp,
2381 struct xfs_inode *ip,
2382 struct xfs_dquot *udqp,
2383 struct xfs_dquot *gdqp)
2384{
2385 struct xfs_mount *mp = tp->t_mountp;
2386
2387 if (!XFS_IS_QUOTA_RUNNING(mp) || !XFS_IS_QUOTA_ON(mp))
2388 return;
2389
2390 ASSERT(xfs_isilocked(ip, XFS_ILOCK_EXCL));
2391 ASSERT(XFS_IS_QUOTA_RUNNING(mp));
2392
2393 if (udqp) {
2394 xfs_dqlock(udqp);
2395 XFS_DQHOLD(udqp);
2396 xfs_dqunlock(udqp);
2397 ASSERT(ip->i_udquot == NULL);
2398 ip->i_udquot = udqp;
2399 ASSERT(XFS_IS_UQUOTA_ON(mp));
2400 ASSERT(ip->i_d.di_uid == be32_to_cpu(udqp->q_core.d_id));
2401 xfs_trans_mod_dquot(tp, udqp, XFS_TRANS_DQ_ICOUNT, 1);
2402 }
2403 if (gdqp) {
2404 xfs_dqlock(gdqp);
2405 XFS_DQHOLD(gdqp);
2406 xfs_dqunlock(gdqp);
2407 ASSERT(ip->i_gdquot == NULL);
2408 ip->i_gdquot = gdqp;
2409 ASSERT(XFS_IS_OQUOTA_ON(mp));
2410 ASSERT((XFS_IS_GQUOTA_ON(mp) ?
2411 ip->i_d.di_gid : xfs_get_projid(ip)) ==
2412 be32_to_cpu(gdqp->q_core.d_id));
2413 xfs_trans_mod_dquot(tp, gdqp, XFS_TRANS_DQ_ICOUNT, 1);
2414 }
2415}
2416
1// SPDX-License-Identifier: GPL-2.0
2/*
3 * Copyright (c) 2000-2005 Silicon Graphics, Inc.
4 * All Rights Reserved.
5 */
6#include "xfs.h"
7#include "xfs_fs.h"
8#include "xfs_shared.h"
9#include "xfs_format.h"
10#include "xfs_log_format.h"
11#include "xfs_trans_resv.h"
12#include "xfs_bit.h"
13#include "xfs_sb.h"
14#include "xfs_mount.h"
15#include "xfs_inode.h"
16#include "xfs_iwalk.h"
17#include "xfs_quota.h"
18#include "xfs_bmap.h"
19#include "xfs_bmap_util.h"
20#include "xfs_trans.h"
21#include "xfs_trans_space.h"
22#include "xfs_qm.h"
23#include "xfs_trace.h"
24#include "xfs_icache.h"
25#include "xfs_error.h"
26#include "xfs_ag.h"
27#include "xfs_ialloc.h"
28#include "xfs_log_priv.h"
29#include "xfs_health.h"
30
31/*
32 * The global quota manager. There is only one of these for the entire
33 * system, _not_ one per file system. XQM keeps track of the overall
34 * quota functionality, including maintaining the freelist and hash
35 * tables of dquots.
36 */
37STATIC int xfs_qm_init_quotainos(struct xfs_mount *mp);
38STATIC int xfs_qm_init_quotainfo(struct xfs_mount *mp);
39
40STATIC void xfs_qm_destroy_quotainos(struct xfs_quotainfo *qi);
41STATIC void xfs_qm_dqfree_one(struct xfs_dquot *dqp);
42/*
43 * We use the batch lookup interface to iterate over the dquots as it
44 * currently is the only interface into the radix tree code that allows
45 * fuzzy lookups instead of exact matches. Holding the lock over multiple
46 * operations is fine as all callers are used either during mount/umount
47 * or quotaoff.
48 */
49#define XFS_DQ_LOOKUP_BATCH 32
50
51STATIC int
52xfs_qm_dquot_walk(
53 struct xfs_mount *mp,
54 xfs_dqtype_t type,
55 int (*execute)(struct xfs_dquot *dqp, void *data),
56 void *data)
57{
58 struct xfs_quotainfo *qi = mp->m_quotainfo;
59 struct radix_tree_root *tree = xfs_dquot_tree(qi, type);
60 uint32_t next_index;
61 int last_error = 0;
62 int skipped;
63 int nr_found;
64
65restart:
66 skipped = 0;
67 next_index = 0;
68 nr_found = 0;
69
70 while (1) {
71 struct xfs_dquot *batch[XFS_DQ_LOOKUP_BATCH];
72 int error;
73 int i;
74
75 mutex_lock(&qi->qi_tree_lock);
76 nr_found = radix_tree_gang_lookup(tree, (void **)batch,
77 next_index, XFS_DQ_LOOKUP_BATCH);
78 if (!nr_found) {
79 mutex_unlock(&qi->qi_tree_lock);
80 break;
81 }
82
83 for (i = 0; i < nr_found; i++) {
84 struct xfs_dquot *dqp = batch[i];
85
86 next_index = dqp->q_id + 1;
87
88 error = execute(batch[i], data);
89 if (error == -EAGAIN) {
90 skipped++;
91 continue;
92 }
93 if (error && last_error != -EFSCORRUPTED)
94 last_error = error;
95 }
96
97 mutex_unlock(&qi->qi_tree_lock);
98
99 /* bail out if the filesystem is corrupted. */
100 if (last_error == -EFSCORRUPTED) {
101 skipped = 0;
102 break;
103 }
104 /* we're done if id overflows back to zero */
105 if (!next_index)
106 break;
107 }
108
109 if (skipped) {
110 delay(1);
111 goto restart;
112 }
113
114 return last_error;
115}
116
117
118/*
119 * Purge a dquot from all tracking data structures and free it.
120 */
121STATIC int
122xfs_qm_dqpurge(
123 struct xfs_dquot *dqp,
124 void *data)
125{
126 struct xfs_quotainfo *qi = dqp->q_mount->m_quotainfo;
127 int error = -EAGAIN;
128
129 xfs_dqlock(dqp);
130 if ((dqp->q_flags & XFS_DQFLAG_FREEING) || dqp->q_nrefs != 0)
131 goto out_unlock;
132
133 dqp->q_flags |= XFS_DQFLAG_FREEING;
134
135 xfs_dqflock(dqp);
136
137 /*
138 * If we are turning this type of quotas off, we don't care
139 * about the dirty metadata sitting in this dquot. OTOH, if
140 * we're unmounting, we do care, so we flush it and wait.
141 */
142 if (XFS_DQ_IS_DIRTY(dqp)) {
143 struct xfs_buf *bp = NULL;
144
145 /*
146 * We don't care about getting disk errors here. We need
147 * to purge this dquot anyway, so we go ahead regardless.
148 */
149 error = xfs_qm_dqflush(dqp, &bp);
150 if (!error) {
151 error = xfs_bwrite(bp);
152 xfs_buf_relse(bp);
153 } else if (error == -EAGAIN) {
154 dqp->q_flags &= ~XFS_DQFLAG_FREEING;
155 goto out_unlock;
156 }
157 xfs_dqflock(dqp);
158 }
159
160 ASSERT(atomic_read(&dqp->q_pincount) == 0);
161 ASSERT(xlog_is_shutdown(dqp->q_logitem.qli_item.li_log) ||
162 !test_bit(XFS_LI_IN_AIL, &dqp->q_logitem.qli_item.li_flags));
163
164 xfs_dqfunlock(dqp);
165 xfs_dqunlock(dqp);
166
167 radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id);
168 qi->qi_dquots--;
169
170 /*
171 * We move dquots to the freelist as soon as their reference count
172 * hits zero, so it really should be on the freelist here.
173 */
174 ASSERT(!list_empty(&dqp->q_lru));
175 list_lru_del_obj(&qi->qi_lru, &dqp->q_lru);
176 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
177
178 xfs_qm_dqdestroy(dqp);
179 return 0;
180
181out_unlock:
182 xfs_dqunlock(dqp);
183 return error;
184}
185
186/*
187 * Purge the dquot cache.
188 */
189static void
190xfs_qm_dqpurge_all(
191 struct xfs_mount *mp)
192{
193 xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_dqpurge, NULL);
194 xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_dqpurge, NULL);
195 xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_dqpurge, NULL);
196}
197
198/*
199 * Just destroy the quotainfo structure.
200 */
201void
202xfs_qm_unmount(
203 struct xfs_mount *mp)
204{
205 if (mp->m_quotainfo) {
206 xfs_qm_dqpurge_all(mp);
207 xfs_qm_destroy_quotainfo(mp);
208 }
209}
210
211/*
212 * Called from the vfsops layer.
213 */
214void
215xfs_qm_unmount_quotas(
216 xfs_mount_t *mp)
217{
218 /*
219 * Release the dquots that root inode, et al might be holding,
220 * before we flush quotas and blow away the quotainfo structure.
221 */
222 ASSERT(mp->m_rootip);
223 xfs_qm_dqdetach(mp->m_rootip);
224 if (mp->m_rbmip)
225 xfs_qm_dqdetach(mp->m_rbmip);
226 if (mp->m_rsumip)
227 xfs_qm_dqdetach(mp->m_rsumip);
228
229 /*
230 * Release the quota inodes.
231 */
232 if (mp->m_quotainfo) {
233 if (mp->m_quotainfo->qi_uquotaip) {
234 xfs_irele(mp->m_quotainfo->qi_uquotaip);
235 mp->m_quotainfo->qi_uquotaip = NULL;
236 }
237 if (mp->m_quotainfo->qi_gquotaip) {
238 xfs_irele(mp->m_quotainfo->qi_gquotaip);
239 mp->m_quotainfo->qi_gquotaip = NULL;
240 }
241 if (mp->m_quotainfo->qi_pquotaip) {
242 xfs_irele(mp->m_quotainfo->qi_pquotaip);
243 mp->m_quotainfo->qi_pquotaip = NULL;
244 }
245 }
246}
247
248STATIC int
249xfs_qm_dqattach_one(
250 struct xfs_inode *ip,
251 xfs_dqtype_t type,
252 bool doalloc,
253 struct xfs_dquot **IO_idqpp)
254{
255 struct xfs_dquot *dqp;
256 int error;
257
258 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
259 error = 0;
260
261 /*
262 * See if we already have it in the inode itself. IO_idqpp is &i_udquot
263 * or &i_gdquot. This made the code look weird, but made the logic a lot
264 * simpler.
265 */
266 dqp = *IO_idqpp;
267 if (dqp) {
268 trace_xfs_dqattach_found(dqp);
269 return 0;
270 }
271
272 /*
273 * Find the dquot from somewhere. This bumps the reference count of
274 * dquot and returns it locked. This can return ENOENT if dquot didn't
275 * exist on disk and we didn't ask it to allocate; ESRCH if quotas got
276 * turned off suddenly.
277 */
278 error = xfs_qm_dqget_inode(ip, type, doalloc, &dqp);
279 if (error)
280 return error;
281
282 trace_xfs_dqattach_get(dqp);
283
284 /*
285 * dqget may have dropped and re-acquired the ilock, but it guarantees
286 * that the dquot returned is the one that should go in the inode.
287 */
288 *IO_idqpp = dqp;
289 xfs_dqunlock(dqp);
290 return 0;
291}
292
293static bool
294xfs_qm_need_dqattach(
295 struct xfs_inode *ip)
296{
297 struct xfs_mount *mp = ip->i_mount;
298
299 if (!XFS_IS_QUOTA_ON(mp))
300 return false;
301 if (!XFS_NOT_DQATTACHED(mp, ip))
302 return false;
303 if (xfs_is_quota_inode(&mp->m_sb, ip->i_ino))
304 return false;
305 return true;
306}
307
308/*
309 * Given a locked inode, attach dquot(s) to it, taking U/G/P-QUOTAON
310 * into account.
311 * If @doalloc is true, the dquot(s) will be allocated if needed.
312 * Inode may get unlocked and relocked in here, and the caller must deal with
313 * the consequences.
314 */
315int
316xfs_qm_dqattach_locked(
317 xfs_inode_t *ip,
318 bool doalloc)
319{
320 xfs_mount_t *mp = ip->i_mount;
321 int error = 0;
322
323 if (!xfs_qm_need_dqattach(ip))
324 return 0;
325
326 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
327
328 if (XFS_IS_UQUOTA_ON(mp) && !ip->i_udquot) {
329 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_USER,
330 doalloc, &ip->i_udquot);
331 if (error)
332 goto done;
333 ASSERT(ip->i_udquot);
334 }
335
336 if (XFS_IS_GQUOTA_ON(mp) && !ip->i_gdquot) {
337 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_GROUP,
338 doalloc, &ip->i_gdquot);
339 if (error)
340 goto done;
341 ASSERT(ip->i_gdquot);
342 }
343
344 if (XFS_IS_PQUOTA_ON(mp) && !ip->i_pdquot) {
345 error = xfs_qm_dqattach_one(ip, XFS_DQTYPE_PROJ,
346 doalloc, &ip->i_pdquot);
347 if (error)
348 goto done;
349 ASSERT(ip->i_pdquot);
350 }
351
352done:
353 /*
354 * Don't worry about the dquots that we may have attached before any
355 * error - they'll get detached later if it has not already been done.
356 */
357 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
358 return error;
359}
360
361int
362xfs_qm_dqattach(
363 struct xfs_inode *ip)
364{
365 int error;
366
367 if (!xfs_qm_need_dqattach(ip))
368 return 0;
369
370 xfs_ilock(ip, XFS_ILOCK_EXCL);
371 error = xfs_qm_dqattach_locked(ip, false);
372 xfs_iunlock(ip, XFS_ILOCK_EXCL);
373
374 return error;
375}
376
377/*
378 * Release dquots (and their references) if any.
379 * The inode should be locked EXCL except when this's called by
380 * xfs_ireclaim.
381 */
382void
383xfs_qm_dqdetach(
384 xfs_inode_t *ip)
385{
386 if (!(ip->i_udquot || ip->i_gdquot || ip->i_pdquot))
387 return;
388
389 trace_xfs_dquot_dqdetach(ip);
390
391 ASSERT(!xfs_is_quota_inode(&ip->i_mount->m_sb, ip->i_ino));
392 if (ip->i_udquot) {
393 xfs_qm_dqrele(ip->i_udquot);
394 ip->i_udquot = NULL;
395 }
396 if (ip->i_gdquot) {
397 xfs_qm_dqrele(ip->i_gdquot);
398 ip->i_gdquot = NULL;
399 }
400 if (ip->i_pdquot) {
401 xfs_qm_dqrele(ip->i_pdquot);
402 ip->i_pdquot = NULL;
403 }
404}
405
406struct xfs_qm_isolate {
407 struct list_head buffers;
408 struct list_head dispose;
409};
410
411static enum lru_status
412xfs_qm_dquot_isolate(
413 struct list_head *item,
414 struct list_lru_one *lru,
415 spinlock_t *lru_lock,
416 void *arg)
417 __releases(lru_lock) __acquires(lru_lock)
418{
419 struct xfs_dquot *dqp = container_of(item,
420 struct xfs_dquot, q_lru);
421 struct xfs_qm_isolate *isol = arg;
422
423 if (!xfs_dqlock_nowait(dqp))
424 goto out_miss_busy;
425
426 /*
427 * If something else is freeing this dquot and hasn't yet removed it
428 * from the LRU, leave it for the freeing task to complete the freeing
429 * process rather than risk it being free from under us here.
430 */
431 if (dqp->q_flags & XFS_DQFLAG_FREEING)
432 goto out_miss_unlock;
433
434 /*
435 * This dquot has acquired a reference in the meantime remove it from
436 * the freelist and try again.
437 */
438 if (dqp->q_nrefs) {
439 xfs_dqunlock(dqp);
440 XFS_STATS_INC(dqp->q_mount, xs_qm_dqwants);
441
442 trace_xfs_dqreclaim_want(dqp);
443 list_lru_isolate(lru, &dqp->q_lru);
444 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
445 return LRU_REMOVED;
446 }
447
448 /*
449 * If the dquot is dirty, flush it. If it's already being flushed, just
450 * skip it so there is time for the IO to complete before we try to
451 * reclaim it again on the next LRU pass.
452 */
453 if (!xfs_dqflock_nowait(dqp))
454 goto out_miss_unlock;
455
456 if (XFS_DQ_IS_DIRTY(dqp)) {
457 struct xfs_buf *bp = NULL;
458 int error;
459
460 trace_xfs_dqreclaim_dirty(dqp);
461
462 /* we have to drop the LRU lock to flush the dquot */
463 spin_unlock(lru_lock);
464
465 error = xfs_qm_dqflush(dqp, &bp);
466 if (error)
467 goto out_unlock_dirty;
468
469 xfs_buf_delwri_queue(bp, &isol->buffers);
470 xfs_buf_relse(bp);
471 goto out_unlock_dirty;
472 }
473 xfs_dqfunlock(dqp);
474
475 /*
476 * Prevent lookups now that we are past the point of no return.
477 */
478 dqp->q_flags |= XFS_DQFLAG_FREEING;
479 xfs_dqunlock(dqp);
480
481 ASSERT(dqp->q_nrefs == 0);
482 list_lru_isolate_move(lru, &dqp->q_lru, &isol->dispose);
483 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot_unused);
484 trace_xfs_dqreclaim_done(dqp);
485 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaims);
486 return LRU_REMOVED;
487
488out_miss_unlock:
489 xfs_dqunlock(dqp);
490out_miss_busy:
491 trace_xfs_dqreclaim_busy(dqp);
492 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses);
493 return LRU_SKIP;
494
495out_unlock_dirty:
496 trace_xfs_dqreclaim_busy(dqp);
497 XFS_STATS_INC(dqp->q_mount, xs_qm_dqreclaim_misses);
498 xfs_dqunlock(dqp);
499 spin_lock(lru_lock);
500 return LRU_RETRY;
501}
502
503static unsigned long
504xfs_qm_shrink_scan(
505 struct shrinker *shrink,
506 struct shrink_control *sc)
507{
508 struct xfs_quotainfo *qi = shrink->private_data;
509 struct xfs_qm_isolate isol;
510 unsigned long freed;
511 int error;
512
513 if ((sc->gfp_mask & (__GFP_FS|__GFP_DIRECT_RECLAIM)) != (__GFP_FS|__GFP_DIRECT_RECLAIM))
514 return 0;
515
516 INIT_LIST_HEAD(&isol.buffers);
517 INIT_LIST_HEAD(&isol.dispose);
518
519 freed = list_lru_shrink_walk(&qi->qi_lru, sc,
520 xfs_qm_dquot_isolate, &isol);
521
522 error = xfs_buf_delwri_submit(&isol.buffers);
523 if (error)
524 xfs_warn(NULL, "%s: dquot reclaim failed", __func__);
525
526 while (!list_empty(&isol.dispose)) {
527 struct xfs_dquot *dqp;
528
529 dqp = list_first_entry(&isol.dispose, struct xfs_dquot, q_lru);
530 list_del_init(&dqp->q_lru);
531 xfs_qm_dqfree_one(dqp);
532 }
533
534 return freed;
535}
536
537static unsigned long
538xfs_qm_shrink_count(
539 struct shrinker *shrink,
540 struct shrink_control *sc)
541{
542 struct xfs_quotainfo *qi = shrink->private_data;
543
544 return list_lru_shrink_count(&qi->qi_lru, sc);
545}
546
547STATIC void
548xfs_qm_set_defquota(
549 struct xfs_mount *mp,
550 xfs_dqtype_t type,
551 struct xfs_quotainfo *qinf)
552{
553 struct xfs_dquot *dqp;
554 struct xfs_def_quota *defq;
555 int error;
556
557 error = xfs_qm_dqget_uncached(mp, 0, type, &dqp);
558 if (error)
559 return;
560
561 defq = xfs_get_defquota(qinf, xfs_dquot_type(dqp));
562
563 /*
564 * Timers and warnings have been already set, let's just set the
565 * default limits for this quota type
566 */
567 defq->blk.hard = dqp->q_blk.hardlimit;
568 defq->blk.soft = dqp->q_blk.softlimit;
569 defq->ino.hard = dqp->q_ino.hardlimit;
570 defq->ino.soft = dqp->q_ino.softlimit;
571 defq->rtb.hard = dqp->q_rtb.hardlimit;
572 defq->rtb.soft = dqp->q_rtb.softlimit;
573 xfs_qm_dqdestroy(dqp);
574}
575
576/* Initialize quota time limits from the root dquot. */
577static void
578xfs_qm_init_timelimits(
579 struct xfs_mount *mp,
580 xfs_dqtype_t type)
581{
582 struct xfs_quotainfo *qinf = mp->m_quotainfo;
583 struct xfs_def_quota *defq;
584 struct xfs_dquot *dqp;
585 int error;
586
587 defq = xfs_get_defquota(qinf, type);
588
589 defq->blk.time = XFS_QM_BTIMELIMIT;
590 defq->ino.time = XFS_QM_ITIMELIMIT;
591 defq->rtb.time = XFS_QM_RTBTIMELIMIT;
592
593 /*
594 * We try to get the limits from the superuser's limits fields.
595 * This is quite hacky, but it is standard quota practice.
596 *
597 * Since we may not have done a quotacheck by this point, just read
598 * the dquot without attaching it to any hashtables or lists.
599 */
600 error = xfs_qm_dqget_uncached(mp, 0, type, &dqp);
601 if (error)
602 return;
603
604 /*
605 * The warnings and timers set the grace period given to
606 * a user or group before he or she can not perform any
607 * more writing. If it is zero, a default is used.
608 */
609 if (dqp->q_blk.timer)
610 defq->blk.time = dqp->q_blk.timer;
611 if (dqp->q_ino.timer)
612 defq->ino.time = dqp->q_ino.timer;
613 if (dqp->q_rtb.timer)
614 defq->rtb.time = dqp->q_rtb.timer;
615
616 xfs_qm_dqdestroy(dqp);
617}
618
619/*
620 * This initializes all the quota information that's kept in the
621 * mount structure
622 */
623STATIC int
624xfs_qm_init_quotainfo(
625 struct xfs_mount *mp)
626{
627 struct xfs_quotainfo *qinf;
628 int error;
629
630 ASSERT(XFS_IS_QUOTA_ON(mp));
631
632 qinf = mp->m_quotainfo = kzalloc(sizeof(struct xfs_quotainfo),
633 GFP_KERNEL | __GFP_NOFAIL);
634
635 error = list_lru_init(&qinf->qi_lru);
636 if (error)
637 goto out_free_qinf;
638
639 /*
640 * See if quotainodes are setup, and if not, allocate them,
641 * and change the superblock accordingly.
642 */
643 error = xfs_qm_init_quotainos(mp);
644 if (error)
645 goto out_free_lru;
646
647 INIT_RADIX_TREE(&qinf->qi_uquota_tree, GFP_KERNEL);
648 INIT_RADIX_TREE(&qinf->qi_gquota_tree, GFP_KERNEL);
649 INIT_RADIX_TREE(&qinf->qi_pquota_tree, GFP_KERNEL);
650 mutex_init(&qinf->qi_tree_lock);
651
652 /* mutex used to serialize quotaoffs */
653 mutex_init(&qinf->qi_quotaofflock);
654
655 /* Precalc some constants */
656 qinf->qi_dqchunklen = XFS_FSB_TO_BB(mp, XFS_DQUOT_CLUSTER_SIZE_FSB);
657 qinf->qi_dqperchunk = xfs_calc_dquots_per_chunk(qinf->qi_dqchunklen);
658 if (xfs_has_bigtime(mp)) {
659 qinf->qi_expiry_min =
660 xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MIN);
661 qinf->qi_expiry_max =
662 xfs_dq_bigtime_to_unix(XFS_DQ_BIGTIME_EXPIRY_MAX);
663 } else {
664 qinf->qi_expiry_min = XFS_DQ_LEGACY_EXPIRY_MIN;
665 qinf->qi_expiry_max = XFS_DQ_LEGACY_EXPIRY_MAX;
666 }
667 trace_xfs_quota_expiry_range(mp, qinf->qi_expiry_min,
668 qinf->qi_expiry_max);
669
670 mp->m_qflags |= (mp->m_sb.sb_qflags & XFS_ALL_QUOTA_CHKD);
671
672 xfs_qm_init_timelimits(mp, XFS_DQTYPE_USER);
673 xfs_qm_init_timelimits(mp, XFS_DQTYPE_GROUP);
674 xfs_qm_init_timelimits(mp, XFS_DQTYPE_PROJ);
675
676 if (XFS_IS_UQUOTA_ON(mp))
677 xfs_qm_set_defquota(mp, XFS_DQTYPE_USER, qinf);
678 if (XFS_IS_GQUOTA_ON(mp))
679 xfs_qm_set_defquota(mp, XFS_DQTYPE_GROUP, qinf);
680 if (XFS_IS_PQUOTA_ON(mp))
681 xfs_qm_set_defquota(mp, XFS_DQTYPE_PROJ, qinf);
682
683 qinf->qi_shrinker = shrinker_alloc(SHRINKER_NUMA_AWARE, "xfs-qm:%s",
684 mp->m_super->s_id);
685 if (!qinf->qi_shrinker) {
686 error = -ENOMEM;
687 goto out_free_inos;
688 }
689
690 qinf->qi_shrinker->count_objects = xfs_qm_shrink_count;
691 qinf->qi_shrinker->scan_objects = xfs_qm_shrink_scan;
692 qinf->qi_shrinker->private_data = qinf;
693
694 shrinker_register(qinf->qi_shrinker);
695
696 xfs_hooks_init(&qinf->qi_mod_ino_dqtrx_hooks);
697 xfs_hooks_init(&qinf->qi_apply_dqtrx_hooks);
698
699 return 0;
700
701out_free_inos:
702 mutex_destroy(&qinf->qi_quotaofflock);
703 mutex_destroy(&qinf->qi_tree_lock);
704 xfs_qm_destroy_quotainos(qinf);
705out_free_lru:
706 list_lru_destroy(&qinf->qi_lru);
707out_free_qinf:
708 kfree(qinf);
709 mp->m_quotainfo = NULL;
710 return error;
711}
712
713/*
714 * Gets called when unmounting a filesystem or when all quotas get
715 * turned off.
716 * This purges the quota inodes, destroys locks and frees itself.
717 */
718void
719xfs_qm_destroy_quotainfo(
720 struct xfs_mount *mp)
721{
722 struct xfs_quotainfo *qi;
723
724 qi = mp->m_quotainfo;
725 ASSERT(qi != NULL);
726
727 shrinker_free(qi->qi_shrinker);
728 list_lru_destroy(&qi->qi_lru);
729 xfs_qm_destroy_quotainos(qi);
730 mutex_destroy(&qi->qi_tree_lock);
731 mutex_destroy(&qi->qi_quotaofflock);
732 kfree(qi);
733 mp->m_quotainfo = NULL;
734}
735
736/*
737 * Create an inode and return with a reference already taken, but unlocked
738 * This is how we create quota inodes
739 */
740STATIC int
741xfs_qm_qino_alloc(
742 struct xfs_mount *mp,
743 struct xfs_inode **ipp,
744 unsigned int flags)
745{
746 struct xfs_trans *tp;
747 int error;
748 bool need_alloc = true;
749
750 *ipp = NULL;
751 /*
752 * With superblock that doesn't have separate pquotino, we
753 * share an inode between gquota and pquota. If the on-disk
754 * superblock has GQUOTA and the filesystem is now mounted
755 * with PQUOTA, just use sb_gquotino for sb_pquotino and
756 * vice-versa.
757 */
758 if (!xfs_has_pquotino(mp) &&
759 (flags & (XFS_QMOPT_PQUOTA|XFS_QMOPT_GQUOTA))) {
760 xfs_ino_t ino = NULLFSINO;
761
762 if ((flags & XFS_QMOPT_PQUOTA) &&
763 (mp->m_sb.sb_gquotino != NULLFSINO)) {
764 ino = mp->m_sb.sb_gquotino;
765 if (XFS_IS_CORRUPT(mp,
766 mp->m_sb.sb_pquotino != NULLFSINO)) {
767 xfs_fs_mark_sick(mp, XFS_SICK_FS_PQUOTA);
768 return -EFSCORRUPTED;
769 }
770 } else if ((flags & XFS_QMOPT_GQUOTA) &&
771 (mp->m_sb.sb_pquotino != NULLFSINO)) {
772 ino = mp->m_sb.sb_pquotino;
773 if (XFS_IS_CORRUPT(mp,
774 mp->m_sb.sb_gquotino != NULLFSINO)) {
775 xfs_fs_mark_sick(mp, XFS_SICK_FS_GQUOTA);
776 return -EFSCORRUPTED;
777 }
778 }
779 if (ino != NULLFSINO) {
780 error = xfs_iget(mp, NULL, ino, 0, 0, ipp);
781 if (error)
782 return error;
783 mp->m_sb.sb_gquotino = NULLFSINO;
784 mp->m_sb.sb_pquotino = NULLFSINO;
785 need_alloc = false;
786 }
787 }
788
789 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_create,
790 need_alloc ? XFS_QM_QINOCREATE_SPACE_RES(mp) : 0,
791 0, 0, &tp);
792 if (error)
793 return error;
794
795 if (need_alloc) {
796 xfs_ino_t ino;
797
798 error = xfs_dialloc(&tp, 0, S_IFREG, &ino);
799 if (!error)
800 error = xfs_init_new_inode(&nop_mnt_idmap, tp, NULL, ino,
801 S_IFREG, 1, 0, 0, false, ipp);
802 if (error) {
803 xfs_trans_cancel(tp);
804 return error;
805 }
806 }
807
808 /*
809 * Make the changes in the superblock, and log those too.
810 * sbfields arg may contain fields other than *QUOTINO;
811 * VERSIONNUM for example.
812 */
813 spin_lock(&mp->m_sb_lock);
814 if (flags & XFS_QMOPT_SBVERSION) {
815 ASSERT(!xfs_has_quota(mp));
816
817 xfs_add_quota(mp);
818 mp->m_sb.sb_uquotino = NULLFSINO;
819 mp->m_sb.sb_gquotino = NULLFSINO;
820 mp->m_sb.sb_pquotino = NULLFSINO;
821
822 /* qflags will get updated fully _after_ quotacheck */
823 mp->m_sb.sb_qflags = mp->m_qflags & XFS_ALL_QUOTA_ACCT;
824 }
825 if (flags & XFS_QMOPT_UQUOTA)
826 mp->m_sb.sb_uquotino = (*ipp)->i_ino;
827 else if (flags & XFS_QMOPT_GQUOTA)
828 mp->m_sb.sb_gquotino = (*ipp)->i_ino;
829 else
830 mp->m_sb.sb_pquotino = (*ipp)->i_ino;
831 spin_unlock(&mp->m_sb_lock);
832 xfs_log_sb(tp);
833
834 error = xfs_trans_commit(tp);
835 if (error) {
836 ASSERT(xfs_is_shutdown(mp));
837 xfs_alert(mp, "%s failed (error %d)!", __func__, error);
838 }
839 if (need_alloc)
840 xfs_finish_inode_setup(*ipp);
841 return error;
842}
843
844
845STATIC void
846xfs_qm_reset_dqcounts(
847 struct xfs_mount *mp,
848 struct xfs_buf *bp,
849 xfs_dqid_t id,
850 xfs_dqtype_t type)
851{
852 struct xfs_dqblk *dqb;
853 int j;
854
855 trace_xfs_reset_dqcounts(bp, _RET_IP_);
856
857 /*
858 * Reset all counters and timers. They'll be
859 * started afresh by xfs_qm_quotacheck.
860 */
861#ifdef DEBUG
862 j = (int)XFS_FSB_TO_B(mp, XFS_DQUOT_CLUSTER_SIZE_FSB) /
863 sizeof(struct xfs_dqblk);
864 ASSERT(mp->m_quotainfo->qi_dqperchunk == j);
865#endif
866 dqb = bp->b_addr;
867 for (j = 0; j < mp->m_quotainfo->qi_dqperchunk; j++) {
868 struct xfs_disk_dquot *ddq;
869
870 ddq = (struct xfs_disk_dquot *)&dqb[j];
871
872 /*
873 * Do a sanity check, and if needed, repair the dqblk. Don't
874 * output any warnings because it's perfectly possible to
875 * find uninitialised dquot blks. See comment in
876 * xfs_dquot_verify.
877 */
878 if (xfs_dqblk_verify(mp, &dqb[j], id + j) ||
879 (dqb[j].dd_diskdq.d_type & XFS_DQTYPE_REC_MASK) != type)
880 xfs_dqblk_repair(mp, &dqb[j], id + j, type);
881
882 /*
883 * Reset type in case we are reusing group quota file for
884 * project quotas or vice versa
885 */
886 ddq->d_type = type;
887 ddq->d_bcount = 0;
888 ddq->d_icount = 0;
889 ddq->d_rtbcount = 0;
890
891 /*
892 * dquot id 0 stores the default grace period and the maximum
893 * warning limit that were set by the administrator, so we
894 * should not reset them.
895 */
896 if (ddq->d_id != 0) {
897 ddq->d_btimer = 0;
898 ddq->d_itimer = 0;
899 ddq->d_rtbtimer = 0;
900 ddq->d_bwarns = 0;
901 ddq->d_iwarns = 0;
902 ddq->d_rtbwarns = 0;
903 if (xfs_has_bigtime(mp))
904 ddq->d_type |= XFS_DQTYPE_BIGTIME;
905 }
906
907 if (xfs_has_crc(mp)) {
908 xfs_update_cksum((char *)&dqb[j],
909 sizeof(struct xfs_dqblk),
910 XFS_DQUOT_CRC_OFF);
911 }
912 }
913}
914
915STATIC int
916xfs_qm_reset_dqcounts_all(
917 struct xfs_mount *mp,
918 xfs_dqid_t firstid,
919 xfs_fsblock_t bno,
920 xfs_filblks_t blkcnt,
921 xfs_dqtype_t type,
922 struct list_head *buffer_list)
923{
924 struct xfs_buf *bp;
925 int error = 0;
926
927 ASSERT(blkcnt > 0);
928
929 /*
930 * Blkcnt arg can be a very big number, and might even be
931 * larger than the log itself. So, we have to break it up into
932 * manageable-sized transactions.
933 * Note that we don't start a permanent transaction here; we might
934 * not be able to get a log reservation for the whole thing up front,
935 * and we don't really care to either, because we just discard
936 * everything if we were to crash in the middle of this loop.
937 */
938 while (blkcnt--) {
939 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
940 XFS_FSB_TO_DADDR(mp, bno),
941 mp->m_quotainfo->qi_dqchunklen, 0, &bp,
942 &xfs_dquot_buf_ops);
943
944 /*
945 * CRC and validation errors will return a EFSCORRUPTED here. If
946 * this occurs, re-read without CRC validation so that we can
947 * repair the damage via xfs_qm_reset_dqcounts(). This process
948 * will leave a trace in the log indicating corruption has
949 * been detected.
950 */
951 if (error == -EFSCORRUPTED) {
952 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp,
953 XFS_FSB_TO_DADDR(mp, bno),
954 mp->m_quotainfo->qi_dqchunklen, 0, &bp,
955 NULL);
956 }
957
958 if (error)
959 break;
960
961 /*
962 * A corrupt buffer might not have a verifier attached, so
963 * make sure we have the correct one attached before writeback
964 * occurs.
965 */
966 bp->b_ops = &xfs_dquot_buf_ops;
967 xfs_qm_reset_dqcounts(mp, bp, firstid, type);
968 xfs_buf_delwri_queue(bp, buffer_list);
969 xfs_buf_relse(bp);
970
971 /* goto the next block. */
972 bno++;
973 firstid += mp->m_quotainfo->qi_dqperchunk;
974 }
975
976 return error;
977}
978
979/*
980 * Iterate over all allocated dquot blocks in this quota inode, zeroing all
981 * counters for every chunk of dquots that we find.
982 */
983STATIC int
984xfs_qm_reset_dqcounts_buf(
985 struct xfs_mount *mp,
986 struct xfs_inode *qip,
987 xfs_dqtype_t type,
988 struct list_head *buffer_list)
989{
990 struct xfs_bmbt_irec *map;
991 int i, nmaps; /* number of map entries */
992 int error; /* return value */
993 xfs_fileoff_t lblkno;
994 xfs_filblks_t maxlblkcnt;
995 xfs_dqid_t firstid;
996 xfs_fsblock_t rablkno;
997 xfs_filblks_t rablkcnt;
998
999 error = 0;
1000 /*
1001 * This looks racy, but we can't keep an inode lock across a
1002 * trans_reserve. But, this gets called during quotacheck, and that
1003 * happens only at mount time which is single threaded.
1004 */
1005 if (qip->i_nblocks == 0)
1006 return 0;
1007
1008 map = kmalloc(XFS_DQITER_MAP_SIZE * sizeof(*map),
1009 GFP_KERNEL | __GFP_NOFAIL);
1010
1011 lblkno = 0;
1012 maxlblkcnt = XFS_B_TO_FSB(mp, mp->m_super->s_maxbytes);
1013 do {
1014 uint lock_mode;
1015
1016 nmaps = XFS_DQITER_MAP_SIZE;
1017 /*
1018 * We aren't changing the inode itself. Just changing
1019 * some of its data. No new blocks are added here, and
1020 * the inode is never added to the transaction.
1021 */
1022 lock_mode = xfs_ilock_data_map_shared(qip);
1023 error = xfs_bmapi_read(qip, lblkno, maxlblkcnt - lblkno,
1024 map, &nmaps, 0);
1025 xfs_iunlock(qip, lock_mode);
1026 if (error)
1027 break;
1028
1029 ASSERT(nmaps <= XFS_DQITER_MAP_SIZE);
1030 for (i = 0; i < nmaps; i++) {
1031 ASSERT(map[i].br_startblock != DELAYSTARTBLOCK);
1032 ASSERT(map[i].br_blockcount);
1033
1034
1035 lblkno += map[i].br_blockcount;
1036
1037 if (map[i].br_startblock == HOLESTARTBLOCK)
1038 continue;
1039
1040 firstid = (xfs_dqid_t) map[i].br_startoff *
1041 mp->m_quotainfo->qi_dqperchunk;
1042 /*
1043 * Do a read-ahead on the next extent.
1044 */
1045 if ((i+1 < nmaps) &&
1046 (map[i+1].br_startblock != HOLESTARTBLOCK)) {
1047 rablkcnt = map[i+1].br_blockcount;
1048 rablkno = map[i+1].br_startblock;
1049 while (rablkcnt--) {
1050 xfs_buf_readahead(mp->m_ddev_targp,
1051 XFS_FSB_TO_DADDR(mp, rablkno),
1052 mp->m_quotainfo->qi_dqchunklen,
1053 &xfs_dquot_buf_ops);
1054 rablkno++;
1055 }
1056 }
1057 /*
1058 * Iterate thru all the blks in the extent and
1059 * reset the counters of all the dquots inside them.
1060 */
1061 error = xfs_qm_reset_dqcounts_all(mp, firstid,
1062 map[i].br_startblock,
1063 map[i].br_blockcount,
1064 type, buffer_list);
1065 if (error)
1066 goto out;
1067 }
1068 } while (nmaps > 0);
1069
1070out:
1071 kfree(map);
1072 return error;
1073}
1074
1075/*
1076 * Called by dqusage_adjust in doing a quotacheck.
1077 *
1078 * Given the inode, and a dquot id this updates both the incore dqout as well
1079 * as the buffer copy. This is so that once the quotacheck is done, we can
1080 * just log all the buffers, as opposed to logging numerous updates to
1081 * individual dquots.
1082 */
1083STATIC int
1084xfs_qm_quotacheck_dqadjust(
1085 struct xfs_inode *ip,
1086 xfs_dqtype_t type,
1087 xfs_qcnt_t nblks,
1088 xfs_qcnt_t rtblks)
1089{
1090 struct xfs_mount *mp = ip->i_mount;
1091 struct xfs_dquot *dqp;
1092 xfs_dqid_t id;
1093 int error;
1094
1095 id = xfs_qm_id_for_quotatype(ip, type);
1096 error = xfs_qm_dqget(mp, id, type, true, &dqp);
1097 if (error) {
1098 /*
1099 * Shouldn't be able to turn off quotas here.
1100 */
1101 ASSERT(error != -ESRCH);
1102 ASSERT(error != -ENOENT);
1103 return error;
1104 }
1105
1106 trace_xfs_dqadjust(dqp);
1107
1108 /*
1109 * Adjust the inode count and the block count to reflect this inode's
1110 * resource usage.
1111 */
1112 dqp->q_ino.count++;
1113 dqp->q_ino.reserved++;
1114 if (nblks) {
1115 dqp->q_blk.count += nblks;
1116 dqp->q_blk.reserved += nblks;
1117 }
1118 if (rtblks) {
1119 dqp->q_rtb.count += rtblks;
1120 dqp->q_rtb.reserved += rtblks;
1121 }
1122
1123 /*
1124 * Set default limits, adjust timers (since we changed usages)
1125 *
1126 * There are no timers for the default values set in the root dquot.
1127 */
1128 if (dqp->q_id) {
1129 xfs_qm_adjust_dqlimits(dqp);
1130 xfs_qm_adjust_dqtimers(dqp);
1131 }
1132
1133 dqp->q_flags |= XFS_DQFLAG_DIRTY;
1134 xfs_qm_dqput(dqp);
1135 return 0;
1136}
1137
1138/*
1139 * callback routine supplied to bulkstat(). Given an inumber, find its
1140 * dquots and update them to account for resources taken by that inode.
1141 */
1142/* ARGSUSED */
1143STATIC int
1144xfs_qm_dqusage_adjust(
1145 struct xfs_mount *mp,
1146 struct xfs_trans *tp,
1147 xfs_ino_t ino,
1148 void *data)
1149{
1150 struct xfs_inode *ip;
1151 xfs_qcnt_t nblks;
1152 xfs_filblks_t rtblks = 0; /* total rt blks */
1153 int error;
1154
1155 ASSERT(XFS_IS_QUOTA_ON(mp));
1156
1157 /*
1158 * rootino must have its resources accounted for, not so with the quota
1159 * inodes.
1160 */
1161 if (xfs_is_quota_inode(&mp->m_sb, ino))
1162 return 0;
1163
1164 /*
1165 * We don't _need_ to take the ilock EXCL here because quotacheck runs
1166 * at mount time and therefore nobody will be racing chown/chproj.
1167 */
1168 error = xfs_iget(mp, tp, ino, XFS_IGET_DONTCACHE, 0, &ip);
1169 if (error == -EINVAL || error == -ENOENT)
1170 return 0;
1171 if (error)
1172 return error;
1173
1174 /*
1175 * Reload the incore unlinked list to avoid failure in inodegc.
1176 * Use an unlocked check here because unrecovered unlinked inodes
1177 * should be somewhat rare.
1178 */
1179 if (xfs_inode_unlinked_incomplete(ip)) {
1180 error = xfs_inode_reload_unlinked(ip);
1181 if (error) {
1182 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
1183 goto error0;
1184 }
1185 }
1186
1187 ASSERT(ip->i_delayed_blks == 0);
1188
1189 if (XFS_IS_REALTIME_INODE(ip)) {
1190 struct xfs_ifork *ifp = xfs_ifork_ptr(ip, XFS_DATA_FORK);
1191
1192 error = xfs_iread_extents(tp, ip, XFS_DATA_FORK);
1193 if (error)
1194 goto error0;
1195
1196 xfs_bmap_count_leaves(ifp, &rtblks);
1197 }
1198
1199 nblks = (xfs_qcnt_t)ip->i_nblocks - rtblks;
1200 xfs_iflags_clear(ip, XFS_IQUOTAUNCHECKED);
1201
1202 /*
1203 * Add the (disk blocks and inode) resources occupied by this
1204 * inode to its dquots. We do this adjustment in the incore dquot,
1205 * and also copy the changes to its buffer.
1206 * We don't care about putting these changes in a transaction
1207 * envelope because if we crash in the middle of a 'quotacheck'
1208 * we have to start from the beginning anyway.
1209 * Once we're done, we'll log all the dquot bufs.
1210 *
1211 * The *QUOTA_ON checks below may look pretty racy, but quotachecks
1212 * and quotaoffs don't race. (Quotachecks happen at mount time only).
1213 */
1214 if (XFS_IS_UQUOTA_ON(mp)) {
1215 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_USER, nblks,
1216 rtblks);
1217 if (error)
1218 goto error0;
1219 }
1220
1221 if (XFS_IS_GQUOTA_ON(mp)) {
1222 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_GROUP, nblks,
1223 rtblks);
1224 if (error)
1225 goto error0;
1226 }
1227
1228 if (XFS_IS_PQUOTA_ON(mp)) {
1229 error = xfs_qm_quotacheck_dqadjust(ip, XFS_DQTYPE_PROJ, nblks,
1230 rtblks);
1231 if (error)
1232 goto error0;
1233 }
1234
1235error0:
1236 xfs_irele(ip);
1237 return error;
1238}
1239
1240STATIC int
1241xfs_qm_flush_one(
1242 struct xfs_dquot *dqp,
1243 void *data)
1244{
1245 struct xfs_mount *mp = dqp->q_mount;
1246 struct list_head *buffer_list = data;
1247 struct xfs_buf *bp = NULL;
1248 int error = 0;
1249
1250 xfs_dqlock(dqp);
1251 if (dqp->q_flags & XFS_DQFLAG_FREEING)
1252 goto out_unlock;
1253 if (!XFS_DQ_IS_DIRTY(dqp))
1254 goto out_unlock;
1255
1256 /*
1257 * The only way the dquot is already flush locked by the time quotacheck
1258 * gets here is if reclaim flushed it before the dqadjust walk dirtied
1259 * it for the final time. Quotacheck collects all dquot bufs in the
1260 * local delwri queue before dquots are dirtied, so reclaim can't have
1261 * possibly queued it for I/O. The only way out is to push the buffer to
1262 * cycle the flush lock.
1263 */
1264 if (!xfs_dqflock_nowait(dqp)) {
1265 /* buf is pinned in-core by delwri list */
1266 error = xfs_buf_incore(mp->m_ddev_targp, dqp->q_blkno,
1267 mp->m_quotainfo->qi_dqchunklen, 0, &bp);
1268 if (error)
1269 goto out_unlock;
1270
1271 if (!(bp->b_flags & _XBF_DELWRI_Q)) {
1272 error = -EAGAIN;
1273 xfs_buf_relse(bp);
1274 goto out_unlock;
1275 }
1276 xfs_buf_unlock(bp);
1277
1278 xfs_buf_delwri_pushbuf(bp, buffer_list);
1279 xfs_buf_rele(bp);
1280
1281 error = -EAGAIN;
1282 goto out_unlock;
1283 }
1284
1285 error = xfs_qm_dqflush(dqp, &bp);
1286 if (error)
1287 goto out_unlock;
1288
1289 xfs_buf_delwri_queue(bp, buffer_list);
1290 xfs_buf_relse(bp);
1291out_unlock:
1292 xfs_dqunlock(dqp);
1293 return error;
1294}
1295
1296/*
1297 * Walk thru all the filesystem inodes and construct a consistent view
1298 * of the disk quota world. If the quotacheck fails, disable quotas.
1299 */
1300STATIC int
1301xfs_qm_quotacheck(
1302 xfs_mount_t *mp)
1303{
1304 int error, error2;
1305 uint flags;
1306 LIST_HEAD (buffer_list);
1307 struct xfs_inode *uip = mp->m_quotainfo->qi_uquotaip;
1308 struct xfs_inode *gip = mp->m_quotainfo->qi_gquotaip;
1309 struct xfs_inode *pip = mp->m_quotainfo->qi_pquotaip;
1310
1311 flags = 0;
1312
1313 ASSERT(uip || gip || pip);
1314 ASSERT(XFS_IS_QUOTA_ON(mp));
1315
1316 xfs_notice(mp, "Quotacheck needed: Please wait.");
1317
1318 /*
1319 * First we go thru all the dquots on disk, USR and GRP/PRJ, and reset
1320 * their counters to zero. We need a clean slate.
1321 * We don't log our changes till later.
1322 */
1323 if (uip) {
1324 error = xfs_qm_reset_dqcounts_buf(mp, uip, XFS_DQTYPE_USER,
1325 &buffer_list);
1326 if (error)
1327 goto error_return;
1328 flags |= XFS_UQUOTA_CHKD;
1329 }
1330
1331 if (gip) {
1332 error = xfs_qm_reset_dqcounts_buf(mp, gip, XFS_DQTYPE_GROUP,
1333 &buffer_list);
1334 if (error)
1335 goto error_return;
1336 flags |= XFS_GQUOTA_CHKD;
1337 }
1338
1339 if (pip) {
1340 error = xfs_qm_reset_dqcounts_buf(mp, pip, XFS_DQTYPE_PROJ,
1341 &buffer_list);
1342 if (error)
1343 goto error_return;
1344 flags |= XFS_PQUOTA_CHKD;
1345 }
1346
1347 xfs_set_quotacheck_running(mp);
1348 error = xfs_iwalk_threaded(mp, 0, 0, xfs_qm_dqusage_adjust, 0, true,
1349 NULL);
1350 xfs_clear_quotacheck_running(mp);
1351
1352 /*
1353 * On error, the inode walk may have partially populated the dquot
1354 * caches. We must purge them before disabling quota and tearing down
1355 * the quotainfo, or else the dquots will leak.
1356 */
1357 if (error)
1358 goto error_purge;
1359
1360 /*
1361 * We've made all the changes that we need to make incore. Flush them
1362 * down to disk buffers if everything was updated successfully.
1363 */
1364 if (XFS_IS_UQUOTA_ON(mp)) {
1365 error = xfs_qm_dquot_walk(mp, XFS_DQTYPE_USER, xfs_qm_flush_one,
1366 &buffer_list);
1367 }
1368 if (XFS_IS_GQUOTA_ON(mp)) {
1369 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_GROUP, xfs_qm_flush_one,
1370 &buffer_list);
1371 if (!error)
1372 error = error2;
1373 }
1374 if (XFS_IS_PQUOTA_ON(mp)) {
1375 error2 = xfs_qm_dquot_walk(mp, XFS_DQTYPE_PROJ, xfs_qm_flush_one,
1376 &buffer_list);
1377 if (!error)
1378 error = error2;
1379 }
1380
1381 error2 = xfs_buf_delwri_submit(&buffer_list);
1382 if (!error)
1383 error = error2;
1384
1385 /*
1386 * We can get this error if we couldn't do a dquot allocation inside
1387 * xfs_qm_dqusage_adjust (via bulkstat). We don't care about the
1388 * dirty dquots that might be cached, we just want to get rid of them
1389 * and turn quotaoff. The dquots won't be attached to any of the inodes
1390 * at this point (because we intentionally didn't in dqget_noattach).
1391 */
1392 if (error)
1393 goto error_purge;
1394
1395 /*
1396 * If one type of quotas is off, then it will lose its
1397 * quotachecked status, since we won't be doing accounting for
1398 * that type anymore.
1399 */
1400 mp->m_qflags &= ~XFS_ALL_QUOTA_CHKD;
1401 mp->m_qflags |= flags;
1402
1403error_return:
1404 xfs_buf_delwri_cancel(&buffer_list);
1405
1406 if (error) {
1407 xfs_warn(mp,
1408 "Quotacheck: Unsuccessful (Error %d): Disabling quotas.",
1409 error);
1410 /*
1411 * We must turn off quotas.
1412 */
1413 ASSERT(mp->m_quotainfo != NULL);
1414 xfs_qm_destroy_quotainfo(mp);
1415 if (xfs_mount_reset_sbqflags(mp)) {
1416 xfs_warn(mp,
1417 "Quotacheck: Failed to reset quota flags.");
1418 }
1419 xfs_fs_mark_sick(mp, XFS_SICK_FS_QUOTACHECK);
1420 } else {
1421 xfs_notice(mp, "Quotacheck: Done.");
1422 xfs_fs_mark_healthy(mp, XFS_SICK_FS_QUOTACHECK);
1423 }
1424
1425 return error;
1426
1427error_purge:
1428 /*
1429 * On error, we may have inodes queued for inactivation. This may try
1430 * to attach dquots to the inode before running cleanup operations on
1431 * the inode and this can race with the xfs_qm_destroy_quotainfo() call
1432 * below that frees mp->m_quotainfo. To avoid this race, flush all the
1433 * pending inodegc operations before we purge the dquots from memory,
1434 * ensuring that background inactivation is idle whilst we turn off
1435 * quotas.
1436 */
1437 xfs_inodegc_flush(mp);
1438 xfs_qm_dqpurge_all(mp);
1439 goto error_return;
1440
1441}
1442
1443/*
1444 * This is called from xfs_mountfs to start quotas and initialize all
1445 * necessary data structures like quotainfo. This is also responsible for
1446 * running a quotacheck as necessary. We are guaranteed that the superblock
1447 * is consistently read in at this point.
1448 *
1449 * If we fail here, the mount will continue with quota turned off. We don't
1450 * need to inidicate success or failure at all.
1451 */
1452void
1453xfs_qm_mount_quotas(
1454 struct xfs_mount *mp)
1455{
1456 int error = 0;
1457 uint sbf;
1458
1459 /*
1460 * If quotas on realtime volumes is not supported, we disable
1461 * quotas immediately.
1462 */
1463 if (mp->m_sb.sb_rextents) {
1464 xfs_notice(mp, "Cannot turn on quotas for realtime filesystem");
1465 mp->m_qflags = 0;
1466 goto write_changes;
1467 }
1468
1469 ASSERT(XFS_IS_QUOTA_ON(mp));
1470
1471 /*
1472 * Allocate the quotainfo structure inside the mount struct, and
1473 * create quotainode(s), and change/rev superblock if necessary.
1474 */
1475 error = xfs_qm_init_quotainfo(mp);
1476 if (error) {
1477 /*
1478 * We must turn off quotas.
1479 */
1480 ASSERT(mp->m_quotainfo == NULL);
1481 mp->m_qflags = 0;
1482 goto write_changes;
1483 }
1484 /*
1485 * If any of the quotas are not consistent, do a quotacheck.
1486 */
1487 if (XFS_QM_NEED_QUOTACHECK(mp)) {
1488 error = xfs_qm_quotacheck(mp);
1489 if (error) {
1490 /* Quotacheck failed and disabled quotas. */
1491 return;
1492 }
1493 }
1494 /*
1495 * If one type of quotas is off, then it will lose its
1496 * quotachecked status, since we won't be doing accounting for
1497 * that type anymore.
1498 */
1499 if (!XFS_IS_UQUOTA_ON(mp))
1500 mp->m_qflags &= ~XFS_UQUOTA_CHKD;
1501 if (!XFS_IS_GQUOTA_ON(mp))
1502 mp->m_qflags &= ~XFS_GQUOTA_CHKD;
1503 if (!XFS_IS_PQUOTA_ON(mp))
1504 mp->m_qflags &= ~XFS_PQUOTA_CHKD;
1505
1506 write_changes:
1507 /*
1508 * We actually don't have to acquire the m_sb_lock at all.
1509 * This can only be called from mount, and that's single threaded. XXX
1510 */
1511 spin_lock(&mp->m_sb_lock);
1512 sbf = mp->m_sb.sb_qflags;
1513 mp->m_sb.sb_qflags = mp->m_qflags & XFS_MOUNT_QUOTA_ALL;
1514 spin_unlock(&mp->m_sb_lock);
1515
1516 if (sbf != (mp->m_qflags & XFS_MOUNT_QUOTA_ALL)) {
1517 if (xfs_sync_sb(mp, false)) {
1518 /*
1519 * We could only have been turning quotas off.
1520 * We aren't in very good shape actually because
1521 * the incore structures are convinced that quotas are
1522 * off, but the on disk superblock doesn't know that !
1523 */
1524 ASSERT(!(XFS_IS_QUOTA_ON(mp)));
1525 xfs_alert(mp, "%s: Superblock update failed!",
1526 __func__);
1527 }
1528 }
1529
1530 if (error) {
1531 xfs_warn(mp, "Failed to initialize disk quotas.");
1532 return;
1533 }
1534}
1535
1536/*
1537 * This is called after the superblock has been read in and we're ready to
1538 * iget the quota inodes.
1539 */
1540STATIC int
1541xfs_qm_init_quotainos(
1542 xfs_mount_t *mp)
1543{
1544 struct xfs_inode *uip = NULL;
1545 struct xfs_inode *gip = NULL;
1546 struct xfs_inode *pip = NULL;
1547 int error;
1548 uint flags = 0;
1549
1550 ASSERT(mp->m_quotainfo);
1551
1552 /*
1553 * Get the uquota and gquota inodes
1554 */
1555 if (xfs_has_quota(mp)) {
1556 if (XFS_IS_UQUOTA_ON(mp) &&
1557 mp->m_sb.sb_uquotino != NULLFSINO) {
1558 ASSERT(mp->m_sb.sb_uquotino > 0);
1559 error = xfs_iget(mp, NULL, mp->m_sb.sb_uquotino,
1560 0, 0, &uip);
1561 if (error)
1562 return error;
1563 }
1564 if (XFS_IS_GQUOTA_ON(mp) &&
1565 mp->m_sb.sb_gquotino != NULLFSINO) {
1566 ASSERT(mp->m_sb.sb_gquotino > 0);
1567 error = xfs_iget(mp, NULL, mp->m_sb.sb_gquotino,
1568 0, 0, &gip);
1569 if (error)
1570 goto error_rele;
1571 }
1572 if (XFS_IS_PQUOTA_ON(mp) &&
1573 mp->m_sb.sb_pquotino != NULLFSINO) {
1574 ASSERT(mp->m_sb.sb_pquotino > 0);
1575 error = xfs_iget(mp, NULL, mp->m_sb.sb_pquotino,
1576 0, 0, &pip);
1577 if (error)
1578 goto error_rele;
1579 }
1580 } else {
1581 flags |= XFS_QMOPT_SBVERSION;
1582 }
1583
1584 /*
1585 * Create the three inodes, if they don't exist already. The changes
1586 * made above will get added to a transaction and logged in one of
1587 * the qino_alloc calls below. If the device is readonly,
1588 * temporarily switch to read-write to do this.
1589 */
1590 if (XFS_IS_UQUOTA_ON(mp) && uip == NULL) {
1591 error = xfs_qm_qino_alloc(mp, &uip,
1592 flags | XFS_QMOPT_UQUOTA);
1593 if (error)
1594 goto error_rele;
1595
1596 flags &= ~XFS_QMOPT_SBVERSION;
1597 }
1598 if (XFS_IS_GQUOTA_ON(mp) && gip == NULL) {
1599 error = xfs_qm_qino_alloc(mp, &gip,
1600 flags | XFS_QMOPT_GQUOTA);
1601 if (error)
1602 goto error_rele;
1603
1604 flags &= ~XFS_QMOPT_SBVERSION;
1605 }
1606 if (XFS_IS_PQUOTA_ON(mp) && pip == NULL) {
1607 error = xfs_qm_qino_alloc(mp, &pip,
1608 flags | XFS_QMOPT_PQUOTA);
1609 if (error)
1610 goto error_rele;
1611 }
1612
1613 mp->m_quotainfo->qi_uquotaip = uip;
1614 mp->m_quotainfo->qi_gquotaip = gip;
1615 mp->m_quotainfo->qi_pquotaip = pip;
1616
1617 return 0;
1618
1619error_rele:
1620 if (uip)
1621 xfs_irele(uip);
1622 if (gip)
1623 xfs_irele(gip);
1624 if (pip)
1625 xfs_irele(pip);
1626 return error;
1627}
1628
1629STATIC void
1630xfs_qm_destroy_quotainos(
1631 struct xfs_quotainfo *qi)
1632{
1633 if (qi->qi_uquotaip) {
1634 xfs_irele(qi->qi_uquotaip);
1635 qi->qi_uquotaip = NULL; /* paranoia */
1636 }
1637 if (qi->qi_gquotaip) {
1638 xfs_irele(qi->qi_gquotaip);
1639 qi->qi_gquotaip = NULL;
1640 }
1641 if (qi->qi_pquotaip) {
1642 xfs_irele(qi->qi_pquotaip);
1643 qi->qi_pquotaip = NULL;
1644 }
1645}
1646
1647STATIC void
1648xfs_qm_dqfree_one(
1649 struct xfs_dquot *dqp)
1650{
1651 struct xfs_mount *mp = dqp->q_mount;
1652 struct xfs_quotainfo *qi = mp->m_quotainfo;
1653
1654 mutex_lock(&qi->qi_tree_lock);
1655 radix_tree_delete(xfs_dquot_tree(qi, xfs_dquot_type(dqp)), dqp->q_id);
1656
1657 qi->qi_dquots--;
1658 mutex_unlock(&qi->qi_tree_lock);
1659
1660 xfs_qm_dqdestroy(dqp);
1661}
1662
1663/* --------------- utility functions for vnodeops ---------------- */
1664
1665
1666/*
1667 * Given an inode, a uid, gid and prid make sure that we have
1668 * allocated relevant dquot(s) on disk, and that we won't exceed inode
1669 * quotas by creating this file.
1670 * This also attaches dquot(s) to the given inode after locking it,
1671 * and returns the dquots corresponding to the uid and/or gid.
1672 *
1673 * in : inode (unlocked)
1674 * out : udquot, gdquot with references taken and unlocked
1675 */
1676int
1677xfs_qm_vop_dqalloc(
1678 struct xfs_inode *ip,
1679 kuid_t uid,
1680 kgid_t gid,
1681 prid_t prid,
1682 uint flags,
1683 struct xfs_dquot **O_udqpp,
1684 struct xfs_dquot **O_gdqpp,
1685 struct xfs_dquot **O_pdqpp)
1686{
1687 struct xfs_mount *mp = ip->i_mount;
1688 struct inode *inode = VFS_I(ip);
1689 struct user_namespace *user_ns = inode->i_sb->s_user_ns;
1690 struct xfs_dquot *uq = NULL;
1691 struct xfs_dquot *gq = NULL;
1692 struct xfs_dquot *pq = NULL;
1693 int error;
1694 uint lockflags;
1695
1696 if (!XFS_IS_QUOTA_ON(mp))
1697 return 0;
1698
1699 lockflags = XFS_ILOCK_EXCL;
1700 xfs_ilock(ip, lockflags);
1701
1702 if ((flags & XFS_QMOPT_INHERIT) && XFS_INHERIT_GID(ip))
1703 gid = inode->i_gid;
1704
1705 /*
1706 * Attach the dquot(s) to this inode, doing a dquot allocation
1707 * if necessary. The dquot(s) will not be locked.
1708 */
1709 if (XFS_NOT_DQATTACHED(mp, ip)) {
1710 error = xfs_qm_dqattach_locked(ip, true);
1711 if (error) {
1712 xfs_iunlock(ip, lockflags);
1713 return error;
1714 }
1715 }
1716
1717 if ((flags & XFS_QMOPT_UQUOTA) && XFS_IS_UQUOTA_ON(mp)) {
1718 ASSERT(O_udqpp);
1719 if (!uid_eq(inode->i_uid, uid)) {
1720 /*
1721 * What we need is the dquot that has this uid, and
1722 * if we send the inode to dqget, the uid of the inode
1723 * takes priority over what's sent in the uid argument.
1724 * We must unlock inode here before calling dqget if
1725 * we're not sending the inode, because otherwise
1726 * we'll deadlock by doing trans_reserve while
1727 * holding ilock.
1728 */
1729 xfs_iunlock(ip, lockflags);
1730 error = xfs_qm_dqget(mp, from_kuid(user_ns, uid),
1731 XFS_DQTYPE_USER, true, &uq);
1732 if (error) {
1733 ASSERT(error != -ENOENT);
1734 return error;
1735 }
1736 /*
1737 * Get the ilock in the right order.
1738 */
1739 xfs_dqunlock(uq);
1740 lockflags = XFS_ILOCK_SHARED;
1741 xfs_ilock(ip, lockflags);
1742 } else {
1743 /*
1744 * Take an extra reference, because we'll return
1745 * this to caller
1746 */
1747 ASSERT(ip->i_udquot);
1748 uq = xfs_qm_dqhold(ip->i_udquot);
1749 }
1750 }
1751 if ((flags & XFS_QMOPT_GQUOTA) && XFS_IS_GQUOTA_ON(mp)) {
1752 ASSERT(O_gdqpp);
1753 if (!gid_eq(inode->i_gid, gid)) {
1754 xfs_iunlock(ip, lockflags);
1755 error = xfs_qm_dqget(mp, from_kgid(user_ns, gid),
1756 XFS_DQTYPE_GROUP, true, &gq);
1757 if (error) {
1758 ASSERT(error != -ENOENT);
1759 goto error_rele;
1760 }
1761 xfs_dqunlock(gq);
1762 lockflags = XFS_ILOCK_SHARED;
1763 xfs_ilock(ip, lockflags);
1764 } else {
1765 ASSERT(ip->i_gdquot);
1766 gq = xfs_qm_dqhold(ip->i_gdquot);
1767 }
1768 }
1769 if ((flags & XFS_QMOPT_PQUOTA) && XFS_IS_PQUOTA_ON(mp)) {
1770 ASSERT(O_pdqpp);
1771 if (ip->i_projid != prid) {
1772 xfs_iunlock(ip, lockflags);
1773 error = xfs_qm_dqget(mp, prid,
1774 XFS_DQTYPE_PROJ, true, &pq);
1775 if (error) {
1776 ASSERT(error != -ENOENT);
1777 goto error_rele;
1778 }
1779 xfs_dqunlock(pq);
1780 lockflags = XFS_ILOCK_SHARED;
1781 xfs_ilock(ip, lockflags);
1782 } else {
1783 ASSERT(ip->i_pdquot);
1784 pq = xfs_qm_dqhold(ip->i_pdquot);
1785 }
1786 }
1787 trace_xfs_dquot_dqalloc(ip);
1788
1789 xfs_iunlock(ip, lockflags);
1790 if (O_udqpp)
1791 *O_udqpp = uq;
1792 else
1793 xfs_qm_dqrele(uq);
1794 if (O_gdqpp)
1795 *O_gdqpp = gq;
1796 else
1797 xfs_qm_dqrele(gq);
1798 if (O_pdqpp)
1799 *O_pdqpp = pq;
1800 else
1801 xfs_qm_dqrele(pq);
1802 return 0;
1803
1804error_rele:
1805 xfs_qm_dqrele(gq);
1806 xfs_qm_dqrele(uq);
1807 return error;
1808}
1809
1810/*
1811 * Actually transfer ownership, and do dquot modifications.
1812 * These were already reserved.
1813 */
1814struct xfs_dquot *
1815xfs_qm_vop_chown(
1816 struct xfs_trans *tp,
1817 struct xfs_inode *ip,
1818 struct xfs_dquot **IO_olddq,
1819 struct xfs_dquot *newdq)
1820{
1821 struct xfs_dquot *prevdq;
1822 uint bfield = XFS_IS_REALTIME_INODE(ip) ?
1823 XFS_TRANS_DQ_RTBCOUNT : XFS_TRANS_DQ_BCOUNT;
1824
1825
1826 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
1827 ASSERT(XFS_IS_QUOTA_ON(ip->i_mount));
1828
1829 /* old dquot */
1830 prevdq = *IO_olddq;
1831 ASSERT(prevdq);
1832 ASSERT(prevdq != newdq);
1833
1834 xfs_trans_mod_ino_dquot(tp, ip, prevdq, bfield, -(ip->i_nblocks));
1835 xfs_trans_mod_ino_dquot(tp, ip, prevdq, XFS_TRANS_DQ_ICOUNT, -1);
1836
1837 /* the sparkling new dquot */
1838 xfs_trans_mod_ino_dquot(tp, ip, newdq, bfield, ip->i_nblocks);
1839 xfs_trans_mod_ino_dquot(tp, ip, newdq, XFS_TRANS_DQ_ICOUNT, 1);
1840
1841 /*
1842 * Back when we made quota reservations for the chown, we reserved the
1843 * ondisk blocks + delalloc blocks with the new dquot. Now that we've
1844 * switched the dquots, decrease the new dquot's block reservation
1845 * (having already bumped up the real counter) so that we don't have
1846 * any reservation to give back when we commit.
1847 */
1848 xfs_trans_mod_dquot(tp, newdq, XFS_TRANS_DQ_RES_BLKS,
1849 -ip->i_delayed_blks);
1850
1851 /*
1852 * Give the incore reservation for delalloc blocks back to the old
1853 * dquot. We don't normally handle delalloc quota reservations
1854 * transactionally, so just lock the dquot and subtract from the
1855 * reservation. Dirty the transaction because it's too late to turn
1856 * back now.
1857 */
1858 tp->t_flags |= XFS_TRANS_DIRTY;
1859 xfs_dqlock(prevdq);
1860 ASSERT(prevdq->q_blk.reserved >= ip->i_delayed_blks);
1861 prevdq->q_blk.reserved -= ip->i_delayed_blks;
1862 xfs_dqunlock(prevdq);
1863
1864 /*
1865 * Take an extra reference, because the inode is going to keep
1866 * this dquot pointer even after the trans_commit.
1867 */
1868 *IO_olddq = xfs_qm_dqhold(newdq);
1869
1870 return prevdq;
1871}
1872
1873int
1874xfs_qm_vop_rename_dqattach(
1875 struct xfs_inode **i_tab)
1876{
1877 struct xfs_mount *mp = i_tab[0]->i_mount;
1878 int i;
1879
1880 if (!XFS_IS_QUOTA_ON(mp))
1881 return 0;
1882
1883 for (i = 0; (i < 4 && i_tab[i]); i++) {
1884 struct xfs_inode *ip = i_tab[i];
1885 int error;
1886
1887 /*
1888 * Watch out for duplicate entries in the table.
1889 */
1890 if (i == 0 || ip != i_tab[i-1]) {
1891 if (XFS_NOT_DQATTACHED(mp, ip)) {
1892 error = xfs_qm_dqattach(ip);
1893 if (error)
1894 return error;
1895 }
1896 }
1897 }
1898 return 0;
1899}
1900
1901void
1902xfs_qm_vop_create_dqattach(
1903 struct xfs_trans *tp,
1904 struct xfs_inode *ip,
1905 struct xfs_dquot *udqp,
1906 struct xfs_dquot *gdqp,
1907 struct xfs_dquot *pdqp)
1908{
1909 struct xfs_mount *mp = tp->t_mountp;
1910
1911 if (!XFS_IS_QUOTA_ON(mp))
1912 return;
1913
1914 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
1915
1916 if (udqp && XFS_IS_UQUOTA_ON(mp)) {
1917 ASSERT(ip->i_udquot == NULL);
1918 ASSERT(i_uid_read(VFS_I(ip)) == udqp->q_id);
1919
1920 ip->i_udquot = xfs_qm_dqhold(udqp);
1921 }
1922 if (gdqp && XFS_IS_GQUOTA_ON(mp)) {
1923 ASSERT(ip->i_gdquot == NULL);
1924 ASSERT(i_gid_read(VFS_I(ip)) == gdqp->q_id);
1925
1926 ip->i_gdquot = xfs_qm_dqhold(gdqp);
1927 }
1928 if (pdqp && XFS_IS_PQUOTA_ON(mp)) {
1929 ASSERT(ip->i_pdquot == NULL);
1930 ASSERT(ip->i_projid == pdqp->q_id);
1931
1932 ip->i_pdquot = xfs_qm_dqhold(pdqp);
1933 }
1934
1935 xfs_trans_mod_dquot_byino(tp, ip, XFS_TRANS_DQ_ICOUNT, 1);
1936}
1937
1938/* Decide if this inode's dquot is near an enforcement boundary. */
1939bool
1940xfs_inode_near_dquot_enforcement(
1941 struct xfs_inode *ip,
1942 xfs_dqtype_t type)
1943{
1944 struct xfs_dquot *dqp;
1945 int64_t freesp;
1946
1947 /* We only care for quotas that are enabled and enforced. */
1948 dqp = xfs_inode_dquot(ip, type);
1949 if (!dqp || !xfs_dquot_is_enforced(dqp))
1950 return false;
1951
1952 if (xfs_dquot_res_over_limits(&dqp->q_ino) ||
1953 xfs_dquot_res_over_limits(&dqp->q_rtb))
1954 return true;
1955
1956 /* For space on the data device, check the various thresholds. */
1957 if (!dqp->q_prealloc_hi_wmark)
1958 return false;
1959
1960 if (dqp->q_blk.reserved < dqp->q_prealloc_lo_wmark)
1961 return false;
1962
1963 if (dqp->q_blk.reserved >= dqp->q_prealloc_hi_wmark)
1964 return true;
1965
1966 freesp = dqp->q_prealloc_hi_wmark - dqp->q_blk.reserved;
1967 if (freesp < dqp->q_low_space[XFS_QLOWSP_5_PCNT])
1968 return true;
1969
1970 return false;
1971}