1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Implementation of the diskquota system for the LINUX operating system. QUOTA
4 * is implemented using the BSD system call interface as the means of
5 * communication with the user level. This file contains the generic routines
6 * called by the different filesystems on allocation of an inode or block.
7 * These routines take care of the administration needed to have a consistent
8 * diskquota tracking system. The ideas of both user and group quotas are based
9 * on the Melbourne quota system as used on BSD derived systems. The internal
10 * implementation is based on one of the several variants of the LINUX
11 * inode-subsystem with added complexity of the diskquota system.
12 *
13 * Author: Marco van Wieringen <mvw@planets.elm.net>
14 *
15 * Fixes: Dmitry Gorodchanin <pgmdsg@ibi.com>, 11 Feb 96
16 *
17 * Revised list management to avoid races
18 * -- Bill Hawes, <whawes@star.net>, 9/98
19 *
20 * Fixed races in dquot_transfer(), dqget() and dquot_alloc_...().
21 * As the consequence the locking was moved from dquot_decr_...(),
22 * dquot_incr_...() to calling functions.
23 * invalidate_dquots() now writes modified dquots.
24 * Serialized quota_off() and quota_on() for mount point.
25 * Fixed a few bugs in grow_dquots().
26 * Fixed deadlock in write_dquot() - we no longer account quotas on
27 * quota files
28 * remove_dquot_ref() moved to inode.c - it now traverses through inodes
29 * add_dquot_ref() restarts after blocking
30 * Added check for bogus uid and fixed check for group in quotactl.
31 * Jan Kara, <jack@suse.cz>, sponsored by SuSE CR, 10-11/99
32 *
33 * Used struct list_head instead of own list struct
34 * Invalidation of referenced dquots is no longer possible
35 * Improved free_dquots list management
36 * Quota and i_blocks are now updated in one place to avoid races
37 * Warnings are now delayed so we won't block in critical section
38 * Write updated not to require dquot lock
39 * Jan Kara, <jack@suse.cz>, 9/2000
40 *
41 * Added dynamic quota structure allocation
42 * Jan Kara <jack@suse.cz> 12/2000
43 *
44 * Rewritten quota interface. Implemented new quota format and
45 * formats registering.
46 * Jan Kara, <jack@suse.cz>, 2001,2002
47 *
48 * New SMP locking.
49 * Jan Kara, <jack@suse.cz>, 10/2002
50 *
51 * Added journalled quota support, fix lock inversion problems
52 * Jan Kara, <jack@suse.cz>, 2003,2004
53 *
54 * (C) Copyright 1994 - 1997 Marco van Wieringen
55 */
56
57 #include <linux/errno.h>
58 #include <linux/kernel.h>
59 #include <linux/fs.h>
60 #include <linux/mount.h>
61 #include <linux/mm.h>
62 #include <linux/time.h>
63 #include <linux/types.h>
64 #include <linux/string.h>
65 #include <linux/fcntl.h>
66 #include <linux/stat.h>
67 #include <linux/tty.h>
68 #include <linux/file.h>
69 #include <linux/slab.h>
70 #include <linux/sysctl.h>
71 #include <linux/init.h>
72 #include <linux/module.h>
73 #include <linux/proc_fs.h>
74 #include <linux/security.h>
75 #include <linux/sched.h>
76 #include <linux/cred.h>
77 #include <linux/kmod.h>
78 #include <linux/namei.h>
79 #include <linux/capability.h>
80 #include <linux/quotaops.h>
81 #include <linux/blkdev.h>
82 #include <linux/sched/mm.h>
83 #include "../internal.h" /* ugh */
84
85 #include <linux/uaccess.h>
86
87 /*
88 * There are five quota SMP locks:
89 * * dq_list_lock protects all lists with quotas and quota formats.
90 * * dquot->dq_dqb_lock protects data from dq_dqb
91 * * inode->i_lock protects inode->i_blocks, i_bytes and also guards
92 * consistency of dquot->dq_dqb with inode->i_blocks, i_bytes so that
93 * dquot_transfer() can stabilize amount it transfers
94 * * dq_data_lock protects mem_dqinfo structures and modifications of dquot
95 * pointers in the inode
96 * * dq_state_lock protects modifications of quota state (on quotaon and
97 * quotaoff) and readers who care about latest values take it as well.
98 *
99 * The spinlock ordering is hence:
100 * dq_data_lock > dq_list_lock > i_lock > dquot->dq_dqb_lock,
101 * dq_list_lock > dq_state_lock
102 *
103 * Note that some things (eg. sb pointer, type, id) doesn't change during
104 * the life of the dquot structure and so needn't to be protected by a lock
105 *
106 * Operation accessing dquots via inode pointers are protected by dquot_srcu.
107 * Operation of reading pointer needs srcu_read_lock(&dquot_srcu), and
108 * synchronize_srcu(&dquot_srcu) is called after clearing pointers from
109 * inode and before dropping dquot references to avoid use of dquots after
110 * they are freed. dq_data_lock is used to serialize the pointer setting and
111 * clearing operations.
112 * Special care needs to be taken about S_NOQUOTA inode flag (marking that
113 * inode is a quota file). Functions adding pointers from inode to dquots have
114 * to check this flag under dq_data_lock and then (if S_NOQUOTA is not set) they
115 * have to do all pointer modifications before dropping dq_data_lock. This makes
116 * sure they cannot race with quotaon which first sets S_NOQUOTA flag and
117 * then drops all pointers to dquots from an inode.
118 *
119 * Each dquot has its dq_lock mutex. Dquot is locked when it is being read to
120 * memory (or space for it is being allocated) on the first dqget(), when it is
121 * being written out, and when it is being released on the last dqput(). The
122 * allocation and release operations are serialized by the dq_lock and by
123 * checking the use count in dquot_release().
124 *
125 * Lock ordering (including related VFS locks) is the following:
126 * s_umount > i_mutex > journal_lock > dquot->dq_lock > dqio_sem
127 */
128
129 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_list_lock);
130 static __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_state_lock);
131 __cacheline_aligned_in_smp DEFINE_SPINLOCK(dq_data_lock);
132 EXPORT_SYMBOL(dq_data_lock);
133 DEFINE_STATIC_SRCU(dquot_srcu);
134
135 static DECLARE_WAIT_QUEUE_HEAD(dquot_ref_wq);
136
__quota_error(struct super_block * sb,const char * func,const char * fmt,...)137 void __quota_error(struct super_block *sb, const char *func,
138 const char *fmt, ...)
139 {
140 if (printk_ratelimit()) {
141 va_list args;
142 struct va_format vaf;
143
144 va_start(args, fmt);
145
146 vaf.fmt = fmt;
147 vaf.va = &args;
148
149 printk(KERN_ERR "Quota error (device %s): %s: %pV\n",
150 sb->s_id, func, &vaf);
151
152 va_end(args);
153 }
154 }
155 EXPORT_SYMBOL(__quota_error);
156
157 #if defined(CONFIG_QUOTA_DEBUG) || defined(CONFIG_PRINT_QUOTA_WARNING)
158 static char *quotatypes[] = INITQFNAMES;
159 #endif
160 static struct quota_format_type *quota_formats; /* List of registered formats */
161 static struct quota_module_name module_names[] = INIT_QUOTA_MODULE_NAMES;
162
163 /* SLAB cache for dquot structures */
164 static struct kmem_cache *dquot_cachep;
165
register_quota_format(struct quota_format_type * fmt)166 void register_quota_format(struct quota_format_type *fmt)
167 {
168 spin_lock(&dq_list_lock);
169 fmt->qf_next = quota_formats;
170 quota_formats = fmt;
171 spin_unlock(&dq_list_lock);
172 }
173 EXPORT_SYMBOL(register_quota_format);
174
unregister_quota_format(struct quota_format_type * fmt)175 void unregister_quota_format(struct quota_format_type *fmt)
176 {
177 struct quota_format_type **actqf;
178
179 spin_lock(&dq_list_lock);
180 for (actqf = "a_formats; *actqf && *actqf != fmt;
181 actqf = &(*actqf)->qf_next)
182 ;
183 if (*actqf)
184 *actqf = (*actqf)->qf_next;
185 spin_unlock(&dq_list_lock);
186 }
187 EXPORT_SYMBOL(unregister_quota_format);
188
find_quota_format(int id)189 static struct quota_format_type *find_quota_format(int id)
190 {
191 struct quota_format_type *actqf;
192
193 spin_lock(&dq_list_lock);
194 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id;
195 actqf = actqf->qf_next)
196 ;
197 if (!actqf || !try_module_get(actqf->qf_owner)) {
198 int qm;
199
200 spin_unlock(&dq_list_lock);
201
202 for (qm = 0; module_names[qm].qm_fmt_id &&
203 module_names[qm].qm_fmt_id != id; qm++)
204 ;
205 if (!module_names[qm].qm_fmt_id ||
206 request_module(module_names[qm].qm_mod_name))
207 return NULL;
208
209 spin_lock(&dq_list_lock);
210 for (actqf = quota_formats; actqf && actqf->qf_fmt_id != id;
211 actqf = actqf->qf_next)
212 ;
213 if (actqf && !try_module_get(actqf->qf_owner))
214 actqf = NULL;
215 }
216 spin_unlock(&dq_list_lock);
217 return actqf;
218 }
219
put_quota_format(struct quota_format_type * fmt)220 static void put_quota_format(struct quota_format_type *fmt)
221 {
222 module_put(fmt->qf_owner);
223 }
224
225 /*
226 * Dquot List Management:
227 * The quota code uses five lists for dquot management: the inuse_list,
228 * releasing_dquots, free_dquots, dqi_dirty_list, and dquot_hash[] array.
229 * A single dquot structure may be on some of those lists, depending on
230 * its current state.
231 *
232 * All dquots are placed to the end of inuse_list when first created, and this
233 * list is used for invalidate operation, which must look at every dquot.
234 *
235 * When the last reference of a dquot is dropped, the dquot is added to
236 * releasing_dquots. We'll then queue work item which will call
237 * synchronize_srcu() and after that perform the final cleanup of all the
238 * dquots on the list. Each cleaned up dquot is moved to free_dquots list.
239 * Both releasing_dquots and free_dquots use the dq_free list_head in the dquot
240 * struct.
241 *
242 * Unused and cleaned up dquots are in the free_dquots list and this list is
243 * searched whenever we need an available dquot. Dquots are removed from the
244 * list as soon as they are used again and dqstats.free_dquots gives the number
245 * of dquots on the list. When dquot is invalidated it's completely released
246 * from memory.
247 *
248 * Dirty dquots are added to the dqi_dirty_list of quota_info when mark
249 * dirtied, and this list is searched when writing dirty dquots back to
250 * quota file. Note that some filesystems do dirty dquot tracking on their
251 * own (e.g. in a journal) and thus don't use dqi_dirty_list.
252 *
253 * Dquots with a specific identity (device, type and id) are placed on
254 * one of the dquot_hash[] hash chains. The provides an efficient search
255 * mechanism to locate a specific dquot.
256 */
257
258 static LIST_HEAD(inuse_list);
259 static LIST_HEAD(free_dquots);
260 static LIST_HEAD(releasing_dquots);
261 static unsigned int dq_hash_bits, dq_hash_mask;
262 static struct hlist_head *dquot_hash;
263
264 struct dqstats dqstats;
265 EXPORT_SYMBOL(dqstats);
266
267 static qsize_t inode_get_rsv_space(struct inode *inode);
268 static qsize_t __inode_get_rsv_space(struct inode *inode);
269 static int __dquot_initialize(struct inode *inode, int type);
270
271 static void quota_release_workfn(struct work_struct *work);
272 static DECLARE_DELAYED_WORK(quota_release_work, quota_release_workfn);
273
274 static inline unsigned int
hashfn(const struct super_block * sb,struct kqid qid)275 hashfn(const struct super_block *sb, struct kqid qid)
276 {
277 unsigned int id = from_kqid(&init_user_ns, qid);
278 int type = qid.type;
279 unsigned long tmp;
280
281 tmp = (((unsigned long)sb>>L1_CACHE_SHIFT) ^ id) * (MAXQUOTAS - type);
282 return (tmp + (tmp >> dq_hash_bits)) & dq_hash_mask;
283 }
284
285 /*
286 * Following list functions expect dq_list_lock to be held
287 */
insert_dquot_hash(struct dquot * dquot)288 static inline void insert_dquot_hash(struct dquot *dquot)
289 {
290 struct hlist_head *head;
291 head = dquot_hash + hashfn(dquot->dq_sb, dquot->dq_id);
292 hlist_add_head(&dquot->dq_hash, head);
293 }
294
remove_dquot_hash(struct dquot * dquot)295 static inline void remove_dquot_hash(struct dquot *dquot)
296 {
297 hlist_del_init(&dquot->dq_hash);
298 }
299
find_dquot(unsigned int hashent,struct super_block * sb,struct kqid qid)300 static struct dquot *find_dquot(unsigned int hashent, struct super_block *sb,
301 struct kqid qid)
302 {
303 struct dquot *dquot;
304
305 hlist_for_each_entry(dquot, dquot_hash+hashent, dq_hash)
306 if (dquot->dq_sb == sb && qid_eq(dquot->dq_id, qid))
307 return dquot;
308
309 return NULL;
310 }
311
312 /* Add a dquot to the tail of the free list */
put_dquot_last(struct dquot * dquot)313 static inline void put_dquot_last(struct dquot *dquot)
314 {
315 list_add_tail(&dquot->dq_free, &free_dquots);
316 dqstats_inc(DQST_FREE_DQUOTS);
317 }
318
put_releasing_dquots(struct dquot * dquot)319 static inline void put_releasing_dquots(struct dquot *dquot)
320 {
321 list_add_tail(&dquot->dq_free, &releasing_dquots);
322 set_bit(DQ_RELEASING_B, &dquot->dq_flags);
323 }
324
remove_free_dquot(struct dquot * dquot)325 static inline void remove_free_dquot(struct dquot *dquot)
326 {
327 if (list_empty(&dquot->dq_free))
328 return;
329 list_del_init(&dquot->dq_free);
330 if (!test_bit(DQ_RELEASING_B, &dquot->dq_flags))
331 dqstats_dec(DQST_FREE_DQUOTS);
332 else
333 clear_bit(DQ_RELEASING_B, &dquot->dq_flags);
334 }
335
put_inuse(struct dquot * dquot)336 static inline void put_inuse(struct dquot *dquot)
337 {
338 /* We add to the back of inuse list so we don't have to restart
339 * when traversing this list and we block */
340 list_add_tail(&dquot->dq_inuse, &inuse_list);
341 dqstats_inc(DQST_ALLOC_DQUOTS);
342 }
343
remove_inuse(struct dquot * dquot)344 static inline void remove_inuse(struct dquot *dquot)
345 {
346 dqstats_dec(DQST_ALLOC_DQUOTS);
347 list_del(&dquot->dq_inuse);
348 }
349 /*
350 * End of list functions needing dq_list_lock
351 */
352
wait_on_dquot(struct dquot * dquot)353 static void wait_on_dquot(struct dquot *dquot)
354 {
355 mutex_lock(&dquot->dq_lock);
356 mutex_unlock(&dquot->dq_lock);
357 }
358
dquot_active(struct dquot * dquot)359 static inline int dquot_active(struct dquot *dquot)
360 {
361 return test_bit(DQ_ACTIVE_B, &dquot->dq_flags);
362 }
363
dquot_dirty(struct dquot * dquot)364 static inline int dquot_dirty(struct dquot *dquot)
365 {
366 return test_bit(DQ_MOD_B, &dquot->dq_flags);
367 }
368
mark_dquot_dirty(struct dquot * dquot)369 static inline int mark_dquot_dirty(struct dquot *dquot)
370 {
371 return dquot->dq_sb->dq_op->mark_dirty(dquot);
372 }
373
374 /* Mark dquot dirty in atomic manner, and return it's old dirty flag state */
dquot_mark_dquot_dirty(struct dquot * dquot)375 int dquot_mark_dquot_dirty(struct dquot *dquot)
376 {
377 int ret = 1;
378
379 if (!dquot_active(dquot))
380 return 0;
381
382 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY)
383 return test_and_set_bit(DQ_MOD_B, &dquot->dq_flags);
384
385 /* If quota is dirty already, we don't have to acquire dq_list_lock */
386 if (dquot_dirty(dquot))
387 return 1;
388
389 spin_lock(&dq_list_lock);
390 if (!test_and_set_bit(DQ_MOD_B, &dquot->dq_flags)) {
391 list_add(&dquot->dq_dirty, &sb_dqopt(dquot->dq_sb)->
392 info[dquot->dq_id.type].dqi_dirty_list);
393 ret = 0;
394 }
395 spin_unlock(&dq_list_lock);
396 return ret;
397 }
398 EXPORT_SYMBOL(dquot_mark_dquot_dirty);
399
400 /* Dirtify all the dquots - this can block when journalling */
mark_all_dquot_dirty(struct dquot __rcu * const * dquots)401 static inline int mark_all_dquot_dirty(struct dquot __rcu * const *dquots)
402 {
403 int ret, err, cnt;
404 struct dquot *dquot;
405
406 ret = err = 0;
407 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
408 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
409 if (dquot)
410 /* Even in case of error we have to continue */
411 ret = mark_dquot_dirty(dquot);
412 if (!err && ret < 0)
413 err = ret;
414 }
415 return err;
416 }
417
dqput_all(struct dquot ** dquot)418 static inline void dqput_all(struct dquot **dquot)
419 {
420 unsigned int cnt;
421
422 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
423 dqput(dquot[cnt]);
424 }
425
clear_dquot_dirty(struct dquot * dquot)426 static inline int clear_dquot_dirty(struct dquot *dquot)
427 {
428 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NOLIST_DIRTY)
429 return test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags);
430
431 spin_lock(&dq_list_lock);
432 if (!test_and_clear_bit(DQ_MOD_B, &dquot->dq_flags)) {
433 spin_unlock(&dq_list_lock);
434 return 0;
435 }
436 list_del_init(&dquot->dq_dirty);
437 spin_unlock(&dq_list_lock);
438 return 1;
439 }
440
mark_info_dirty(struct super_block * sb,int type)441 void mark_info_dirty(struct super_block *sb, int type)
442 {
443 spin_lock(&dq_data_lock);
444 sb_dqopt(sb)->info[type].dqi_flags |= DQF_INFO_DIRTY;
445 spin_unlock(&dq_data_lock);
446 }
447 EXPORT_SYMBOL(mark_info_dirty);
448
449 /*
450 * Read dquot from disk and alloc space for it
451 */
452
dquot_acquire(struct dquot * dquot)453 int dquot_acquire(struct dquot *dquot)
454 {
455 int ret = 0, ret2 = 0;
456 unsigned int memalloc;
457 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
458
459 mutex_lock(&dquot->dq_lock);
460 memalloc = memalloc_nofs_save();
461 if (!test_bit(DQ_READ_B, &dquot->dq_flags)) {
462 ret = dqopt->ops[dquot->dq_id.type]->read_dqblk(dquot);
463 if (ret < 0)
464 goto out_iolock;
465 }
466 /* Make sure flags update is visible after dquot has been filled */
467 smp_mb__before_atomic();
468 set_bit(DQ_READ_B, &dquot->dq_flags);
469 /* Instantiate dquot if needed */
470 if (!dquot_active(dquot) && !dquot->dq_off) {
471 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot);
472 /* Write the info if needed */
473 if (info_dirty(&dqopt->info[dquot->dq_id.type])) {
474 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info(
475 dquot->dq_sb, dquot->dq_id.type);
476 }
477 if (ret < 0)
478 goto out_iolock;
479 if (ret2 < 0) {
480 ret = ret2;
481 goto out_iolock;
482 }
483 }
484 /*
485 * Make sure flags update is visible after on-disk struct has been
486 * allocated. Paired with smp_rmb() in dqget().
487 */
488 smp_mb__before_atomic();
489 set_bit(DQ_ACTIVE_B, &dquot->dq_flags);
490 out_iolock:
491 memalloc_nofs_restore(memalloc);
492 mutex_unlock(&dquot->dq_lock);
493 return ret;
494 }
495 EXPORT_SYMBOL(dquot_acquire);
496
497 /*
498 * Write dquot to disk
499 */
dquot_commit(struct dquot * dquot)500 int dquot_commit(struct dquot *dquot)
501 {
502 int ret = 0;
503 unsigned int memalloc;
504 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
505
506 mutex_lock(&dquot->dq_lock);
507 memalloc = memalloc_nofs_save();
508 if (!clear_dquot_dirty(dquot))
509 goto out_lock;
510 /* Inactive dquot can be only if there was error during read/init
511 * => we have better not writing it */
512 if (dquot_active(dquot))
513 ret = dqopt->ops[dquot->dq_id.type]->commit_dqblk(dquot);
514 else
515 ret = -EIO;
516 out_lock:
517 memalloc_nofs_restore(memalloc);
518 mutex_unlock(&dquot->dq_lock);
519 return ret;
520 }
521 EXPORT_SYMBOL(dquot_commit);
522
523 /*
524 * Release dquot
525 */
dquot_release(struct dquot * dquot)526 int dquot_release(struct dquot *dquot)
527 {
528 int ret = 0, ret2 = 0;
529 unsigned int memalloc;
530 struct quota_info *dqopt = sb_dqopt(dquot->dq_sb);
531
532 mutex_lock(&dquot->dq_lock);
533 memalloc = memalloc_nofs_save();
534 /* Check whether we are not racing with some other dqget() */
535 if (dquot_is_busy(dquot))
536 goto out_dqlock;
537 if (dqopt->ops[dquot->dq_id.type]->release_dqblk) {
538 ret = dqopt->ops[dquot->dq_id.type]->release_dqblk(dquot);
539 /* Write the info */
540 if (info_dirty(&dqopt->info[dquot->dq_id.type])) {
541 ret2 = dqopt->ops[dquot->dq_id.type]->write_file_info(
542 dquot->dq_sb, dquot->dq_id.type);
543 }
544 if (ret >= 0)
545 ret = ret2;
546 }
547 clear_bit(DQ_ACTIVE_B, &dquot->dq_flags);
548 out_dqlock:
549 memalloc_nofs_restore(memalloc);
550 mutex_unlock(&dquot->dq_lock);
551 return ret;
552 }
553 EXPORT_SYMBOL(dquot_release);
554
dquot_destroy(struct dquot * dquot)555 void dquot_destroy(struct dquot *dquot)
556 {
557 kmem_cache_free(dquot_cachep, dquot);
558 }
559 EXPORT_SYMBOL(dquot_destroy);
560
do_destroy_dquot(struct dquot * dquot)561 static inline void do_destroy_dquot(struct dquot *dquot)
562 {
563 dquot->dq_sb->dq_op->destroy_dquot(dquot);
564 }
565
566 /* Invalidate all dquots on the list. Note that this function is called after
567 * quota is disabled and pointers from inodes removed so there cannot be new
568 * quota users. There can still be some users of quotas due to inodes being
569 * just deleted or pruned by prune_icache() (those are not attached to any
570 * list) or parallel quotactl call. We have to wait for such users.
571 */
invalidate_dquots(struct super_block * sb,int type)572 static void invalidate_dquots(struct super_block *sb, int type)
573 {
574 struct dquot *dquot, *tmp;
575
576 restart:
577 flush_delayed_work("a_release_work);
578
579 spin_lock(&dq_list_lock);
580 list_for_each_entry_safe(dquot, tmp, &inuse_list, dq_inuse) {
581 if (dquot->dq_sb != sb)
582 continue;
583 if (dquot->dq_id.type != type)
584 continue;
585 /* Wait for dquot users */
586 if (atomic_read(&dquot->dq_count)) {
587 atomic_inc(&dquot->dq_count);
588 spin_unlock(&dq_list_lock);
589 /*
590 * Once dqput() wakes us up, we know it's time to free
591 * the dquot.
592 * IMPORTANT: we rely on the fact that there is always
593 * at most one process waiting for dquot to free.
594 * Otherwise dq_count would be > 1 and we would never
595 * wake up.
596 */
597 wait_event(dquot_ref_wq,
598 atomic_read(&dquot->dq_count) == 1);
599 dqput(dquot);
600 /* At this moment dquot() need not exist (it could be
601 * reclaimed by prune_dqcache(). Hence we must
602 * restart. */
603 goto restart;
604 }
605 /*
606 * The last user already dropped its reference but dquot didn't
607 * get fully cleaned up yet. Restart the scan which flushes the
608 * work cleaning up released dquots.
609 */
610 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) {
611 spin_unlock(&dq_list_lock);
612 goto restart;
613 }
614 /*
615 * Quota now has no users and it has been written on last
616 * dqput()
617 */
618 remove_dquot_hash(dquot);
619 remove_free_dquot(dquot);
620 remove_inuse(dquot);
621 do_destroy_dquot(dquot);
622 }
623 spin_unlock(&dq_list_lock);
624 }
625
626 /* Call callback for every active dquot on given filesystem */
dquot_scan_active(struct super_block * sb,int (* fn)(struct dquot * dquot,unsigned long priv),unsigned long priv)627 int dquot_scan_active(struct super_block *sb,
628 int (*fn)(struct dquot *dquot, unsigned long priv),
629 unsigned long priv)
630 {
631 struct dquot *dquot, *old_dquot = NULL;
632 int ret = 0;
633
634 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount));
635
636 spin_lock(&dq_list_lock);
637 list_for_each_entry(dquot, &inuse_list, dq_inuse) {
638 if (!dquot_active(dquot))
639 continue;
640 if (dquot->dq_sb != sb)
641 continue;
642 /* Now we have active dquot so we can just increase use count */
643 atomic_inc(&dquot->dq_count);
644 spin_unlock(&dq_list_lock);
645 dqput(old_dquot);
646 old_dquot = dquot;
647 /*
648 * ->release_dquot() can be racing with us. Our reference
649 * protects us from new calls to it so just wait for any
650 * outstanding call and recheck the DQ_ACTIVE_B after that.
651 */
652 wait_on_dquot(dquot);
653 if (dquot_active(dquot)) {
654 ret = fn(dquot, priv);
655 if (ret < 0)
656 goto out;
657 }
658 spin_lock(&dq_list_lock);
659 /* We are safe to continue now because our dquot could not
660 * be moved out of the inuse list while we hold the reference */
661 }
662 spin_unlock(&dq_list_lock);
663 out:
664 dqput(old_dquot);
665 return ret;
666 }
667 EXPORT_SYMBOL(dquot_scan_active);
668
dquot_write_dquot(struct dquot * dquot)669 static inline int dquot_write_dquot(struct dquot *dquot)
670 {
671 int ret = dquot->dq_sb->dq_op->write_dquot(dquot);
672 if (ret < 0) {
673 quota_error(dquot->dq_sb, "Can't write quota structure "
674 "(error %d). Quota may get out of sync!", ret);
675 /* Clear dirty bit anyway to avoid infinite loop. */
676 clear_dquot_dirty(dquot);
677 }
678 return ret;
679 }
680
681 /* Write all dquot structures to quota files */
dquot_writeback_dquots(struct super_block * sb,int type)682 int dquot_writeback_dquots(struct super_block *sb, int type)
683 {
684 struct list_head dirty;
685 struct dquot *dquot;
686 struct quota_info *dqopt = sb_dqopt(sb);
687 int cnt;
688 int err, ret = 0;
689
690 WARN_ON_ONCE(!rwsem_is_locked(&sb->s_umount));
691
692 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
693 if (type != -1 && cnt != type)
694 continue;
695 if (!sb_has_quota_active(sb, cnt))
696 continue;
697 spin_lock(&dq_list_lock);
698 /* Move list away to avoid livelock. */
699 list_replace_init(&dqopt->info[cnt].dqi_dirty_list, &dirty);
700 while (!list_empty(&dirty)) {
701 dquot = list_first_entry(&dirty, struct dquot,
702 dq_dirty);
703
704 WARN_ON(!dquot_active(dquot));
705 /* If the dquot is releasing we should not touch it */
706 if (test_bit(DQ_RELEASING_B, &dquot->dq_flags)) {
707 spin_unlock(&dq_list_lock);
708 flush_delayed_work("a_release_work);
709 spin_lock(&dq_list_lock);
710 continue;
711 }
712
713 /* Now we have active dquot from which someone is
714 * holding reference so we can safely just increase
715 * use count */
716 dqgrab(dquot);
717 spin_unlock(&dq_list_lock);
718 err = dquot_write_dquot(dquot);
719 if (err && !ret)
720 ret = err;
721 dqput(dquot);
722 spin_lock(&dq_list_lock);
723 }
724 spin_unlock(&dq_list_lock);
725 }
726
727 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
728 if ((cnt == type || type == -1) && sb_has_quota_active(sb, cnt)
729 && info_dirty(&dqopt->info[cnt]))
730 sb->dq_op->write_info(sb, cnt);
731 dqstats_inc(DQST_SYNCS);
732
733 return ret;
734 }
735 EXPORT_SYMBOL(dquot_writeback_dquots);
736
737 /* Write all dquot structures to disk and make them visible from userspace */
dquot_quota_sync(struct super_block * sb,int type)738 int dquot_quota_sync(struct super_block *sb, int type)
739 {
740 struct quota_info *dqopt = sb_dqopt(sb);
741 int cnt;
742 int ret;
743
744 ret = dquot_writeback_dquots(sb, type);
745 if (ret)
746 return ret;
747 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE)
748 return 0;
749
750 /* This is not very clever (and fast) but currently I don't know about
751 * any other simple way of getting quota data to disk and we must get
752 * them there for userspace to be visible... */
753 if (sb->s_op->sync_fs) {
754 ret = sb->s_op->sync_fs(sb, 1);
755 if (ret)
756 return ret;
757 }
758 ret = sync_blockdev(sb->s_bdev);
759 if (ret)
760 return ret;
761
762 /*
763 * Now when everything is written we can discard the pagecache so
764 * that userspace sees the changes.
765 */
766 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
767 if (type != -1 && cnt != type)
768 continue;
769 if (!sb_has_quota_active(sb, cnt))
770 continue;
771 inode_lock(dqopt->files[cnt]);
772 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0);
773 inode_unlock(dqopt->files[cnt]);
774 }
775
776 return 0;
777 }
778 EXPORT_SYMBOL(dquot_quota_sync);
779
780 static unsigned long
dqcache_shrink_scan(struct shrinker * shrink,struct shrink_control * sc)781 dqcache_shrink_scan(struct shrinker *shrink, struct shrink_control *sc)
782 {
783 struct dquot *dquot;
784 unsigned long freed = 0;
785
786 spin_lock(&dq_list_lock);
787 while (!list_empty(&free_dquots) && sc->nr_to_scan) {
788 dquot = list_first_entry(&free_dquots, struct dquot, dq_free);
789 remove_dquot_hash(dquot);
790 remove_free_dquot(dquot);
791 remove_inuse(dquot);
792 do_destroy_dquot(dquot);
793 sc->nr_to_scan--;
794 freed++;
795 }
796 spin_unlock(&dq_list_lock);
797 return freed;
798 }
799
800 static unsigned long
dqcache_shrink_count(struct shrinker * shrink,struct shrink_control * sc)801 dqcache_shrink_count(struct shrinker *shrink, struct shrink_control *sc)
802 {
803 return vfs_pressure_ratio(
804 percpu_counter_read_positive(&dqstats.counter[DQST_FREE_DQUOTS]));
805 }
806
807 /*
808 * Safely release dquot and put reference to dquot.
809 */
quota_release_workfn(struct work_struct * work)810 static void quota_release_workfn(struct work_struct *work)
811 {
812 struct dquot *dquot;
813 struct list_head rls_head;
814
815 spin_lock(&dq_list_lock);
816 /* Exchange the list head to avoid livelock. */
817 list_replace_init(&releasing_dquots, &rls_head);
818 spin_unlock(&dq_list_lock);
819 synchronize_srcu(&dquot_srcu);
820
821 restart:
822 spin_lock(&dq_list_lock);
823 while (!list_empty(&rls_head)) {
824 dquot = list_first_entry(&rls_head, struct dquot, dq_free);
825 WARN_ON_ONCE(atomic_read(&dquot->dq_count));
826 /*
827 * Note that DQ_RELEASING_B protects us from racing with
828 * invalidate_dquots() calls so we are safe to work with the
829 * dquot even after we drop dq_list_lock.
830 */
831 if (dquot_dirty(dquot)) {
832 spin_unlock(&dq_list_lock);
833 /* Commit dquot before releasing */
834 dquot_write_dquot(dquot);
835 goto restart;
836 }
837 if (dquot_active(dquot)) {
838 spin_unlock(&dq_list_lock);
839 dquot->dq_sb->dq_op->release_dquot(dquot);
840 goto restart;
841 }
842 /* Dquot is inactive and clean, now move it to free list */
843 remove_free_dquot(dquot);
844 put_dquot_last(dquot);
845 }
846 spin_unlock(&dq_list_lock);
847 }
848
849 /*
850 * Put reference to dquot
851 */
dqput(struct dquot * dquot)852 void dqput(struct dquot *dquot)
853 {
854 if (!dquot)
855 return;
856 #ifdef CONFIG_QUOTA_DEBUG
857 if (!atomic_read(&dquot->dq_count)) {
858 quota_error(dquot->dq_sb, "trying to free free dquot of %s %d",
859 quotatypes[dquot->dq_id.type],
860 from_kqid(&init_user_ns, dquot->dq_id));
861 BUG();
862 }
863 #endif
864 dqstats_inc(DQST_DROPS);
865
866 spin_lock(&dq_list_lock);
867 if (atomic_read(&dquot->dq_count) > 1) {
868 /* We have more than one user... nothing to do */
869 atomic_dec(&dquot->dq_count);
870 /* Releasing dquot during quotaoff phase? */
871 if (!sb_has_quota_active(dquot->dq_sb, dquot->dq_id.type) &&
872 atomic_read(&dquot->dq_count) == 1)
873 wake_up(&dquot_ref_wq);
874 spin_unlock(&dq_list_lock);
875 return;
876 }
877
878 /* Need to release dquot? */
879 WARN_ON_ONCE(!list_empty(&dquot->dq_free));
880 put_releasing_dquots(dquot);
881 atomic_dec(&dquot->dq_count);
882 spin_unlock(&dq_list_lock);
883 queue_delayed_work(system_unbound_wq, "a_release_work, 1);
884 }
885 EXPORT_SYMBOL(dqput);
886
dquot_alloc(struct super_block * sb,int type)887 struct dquot *dquot_alloc(struct super_block *sb, int type)
888 {
889 return kmem_cache_zalloc(dquot_cachep, GFP_NOFS);
890 }
891 EXPORT_SYMBOL(dquot_alloc);
892
get_empty_dquot(struct super_block * sb,int type)893 static struct dquot *get_empty_dquot(struct super_block *sb, int type)
894 {
895 struct dquot *dquot;
896
897 dquot = sb->dq_op->alloc_dquot(sb, type);
898 if(!dquot)
899 return NULL;
900
901 mutex_init(&dquot->dq_lock);
902 INIT_LIST_HEAD(&dquot->dq_free);
903 INIT_LIST_HEAD(&dquot->dq_inuse);
904 INIT_HLIST_NODE(&dquot->dq_hash);
905 INIT_LIST_HEAD(&dquot->dq_dirty);
906 dquot->dq_sb = sb;
907 dquot->dq_id = make_kqid_invalid(type);
908 atomic_set(&dquot->dq_count, 1);
909 spin_lock_init(&dquot->dq_dqb_lock);
910
911 return dquot;
912 }
913
914 /*
915 * Get reference to dquot
916 *
917 * Locking is slightly tricky here. We are guarded from parallel quotaoff()
918 * destroying our dquot by:
919 * a) checking for quota flags under dq_list_lock and
920 * b) getting a reference to dquot before we release dq_list_lock
921 */
dqget(struct super_block * sb,struct kqid qid)922 struct dquot *dqget(struct super_block *sb, struct kqid qid)
923 {
924 unsigned int hashent = hashfn(sb, qid);
925 struct dquot *dquot, *empty = NULL;
926
927 if (!qid_has_mapping(sb->s_user_ns, qid))
928 return ERR_PTR(-EINVAL);
929
930 if (!sb_has_quota_active(sb, qid.type))
931 return ERR_PTR(-ESRCH);
932 we_slept:
933 spin_lock(&dq_list_lock);
934 spin_lock(&dq_state_lock);
935 if (!sb_has_quota_active(sb, qid.type)) {
936 spin_unlock(&dq_state_lock);
937 spin_unlock(&dq_list_lock);
938 dquot = ERR_PTR(-ESRCH);
939 goto out;
940 }
941 spin_unlock(&dq_state_lock);
942
943 dquot = find_dquot(hashent, sb, qid);
944 if (!dquot) {
945 if (!empty) {
946 spin_unlock(&dq_list_lock);
947 empty = get_empty_dquot(sb, qid.type);
948 if (!empty)
949 schedule(); /* Try to wait for a moment... */
950 goto we_slept;
951 }
952 dquot = empty;
953 empty = NULL;
954 dquot->dq_id = qid;
955 /* all dquots go on the inuse_list */
956 put_inuse(dquot);
957 /* hash it first so it can be found */
958 insert_dquot_hash(dquot);
959 spin_unlock(&dq_list_lock);
960 dqstats_inc(DQST_LOOKUPS);
961 } else {
962 if (!atomic_read(&dquot->dq_count))
963 remove_free_dquot(dquot);
964 atomic_inc(&dquot->dq_count);
965 spin_unlock(&dq_list_lock);
966 dqstats_inc(DQST_CACHE_HITS);
967 dqstats_inc(DQST_LOOKUPS);
968 }
969 /* Wait for dq_lock - after this we know that either dquot_release() is
970 * already finished or it will be canceled due to dq_count > 0 test */
971 wait_on_dquot(dquot);
972 /* Read the dquot / allocate space in quota file */
973 if (!dquot_active(dquot)) {
974 int err;
975
976 err = sb->dq_op->acquire_dquot(dquot);
977 if (err < 0) {
978 dqput(dquot);
979 dquot = ERR_PTR(err);
980 goto out;
981 }
982 }
983 /*
984 * Make sure following reads see filled structure - paired with
985 * smp_mb__before_atomic() in dquot_acquire().
986 */
987 smp_rmb();
988 /* Has somebody invalidated entry under us? */
989 WARN_ON_ONCE(hlist_unhashed(&dquot->dq_hash));
990 out:
991 if (empty)
992 do_destroy_dquot(empty);
993
994 return dquot;
995 }
996 EXPORT_SYMBOL(dqget);
997
i_dquot(struct inode * inode)998 static inline struct dquot __rcu **i_dquot(struct inode *inode)
999 {
1000 return inode->i_sb->s_op->get_dquots(inode);
1001 }
1002
dqinit_needed(struct inode * inode,int type)1003 static int dqinit_needed(struct inode *inode, int type)
1004 {
1005 struct dquot __rcu * const *dquots;
1006 int cnt;
1007
1008 if (IS_NOQUOTA(inode))
1009 return 0;
1010
1011 dquots = i_dquot(inode);
1012 if (type != -1)
1013 return !dquots[type];
1014 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1015 if (!dquots[cnt])
1016 return 1;
1017 return 0;
1018 }
1019
1020 /* This routine is guarded by s_umount semaphore */
add_dquot_ref(struct super_block * sb,int type)1021 static int add_dquot_ref(struct super_block *sb, int type)
1022 {
1023 struct inode *inode, *old_inode = NULL;
1024 #ifdef CONFIG_QUOTA_DEBUG
1025 int reserved = 0;
1026 #endif
1027 int err = 0;
1028
1029 spin_lock(&sb->s_inode_list_lock);
1030 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {
1031 spin_lock(&inode->i_lock);
1032 if ((inode->i_state & (I_FREEING|I_WILL_FREE|I_NEW)) ||
1033 !atomic_read(&inode->i_writecount) ||
1034 !dqinit_needed(inode, type)) {
1035 spin_unlock(&inode->i_lock);
1036 continue;
1037 }
1038 __iget(inode);
1039 spin_unlock(&inode->i_lock);
1040 spin_unlock(&sb->s_inode_list_lock);
1041
1042 #ifdef CONFIG_QUOTA_DEBUG
1043 if (unlikely(inode_get_rsv_space(inode) > 0))
1044 reserved = 1;
1045 #endif
1046 iput(old_inode);
1047 err = __dquot_initialize(inode, type);
1048 if (err) {
1049 iput(inode);
1050 goto out;
1051 }
1052
1053 /*
1054 * We hold a reference to 'inode' so it couldn't have been
1055 * removed from s_inodes list while we dropped the
1056 * s_inode_list_lock. We cannot iput the inode now as we can be
1057 * holding the last reference and we cannot iput it under
1058 * s_inode_list_lock. So we keep the reference and iput it
1059 * later.
1060 */
1061 old_inode = inode;
1062 cond_resched();
1063 spin_lock(&sb->s_inode_list_lock);
1064 }
1065 spin_unlock(&sb->s_inode_list_lock);
1066 iput(old_inode);
1067 out:
1068 #ifdef CONFIG_QUOTA_DEBUG
1069 if (reserved) {
1070 quota_error(sb, "Writes happened before quota was turned on "
1071 "thus quota information is probably inconsistent. "
1072 "Please run quotacheck(8)");
1073 }
1074 #endif
1075 return err;
1076 }
1077
remove_dquot_ref(struct super_block * sb,int type)1078 static void remove_dquot_ref(struct super_block *sb, int type)
1079 {
1080 struct inode *inode;
1081 #ifdef CONFIG_QUOTA_DEBUG
1082 int reserved = 0;
1083 #endif
1084
1085 spin_lock(&sb->s_inode_list_lock);
1086 list_for_each_entry(inode, &sb->s_inodes, i_sb_list) {
1087 /*
1088 * We have to scan also I_NEW inodes because they can already
1089 * have quota pointer initialized. Luckily, we need to touch
1090 * only quota pointers and these have separate locking
1091 * (dq_data_lock).
1092 */
1093 spin_lock(&dq_data_lock);
1094 if (!IS_NOQUOTA(inode)) {
1095 struct dquot __rcu **dquots = i_dquot(inode);
1096 struct dquot *dquot = srcu_dereference_check(
1097 dquots[type], &dquot_srcu,
1098 lockdep_is_held(&dq_data_lock));
1099
1100 #ifdef CONFIG_QUOTA_DEBUG
1101 if (unlikely(inode_get_rsv_space(inode) > 0))
1102 reserved = 1;
1103 #endif
1104 rcu_assign_pointer(dquots[type], NULL);
1105 if (dquot)
1106 dqput(dquot);
1107 }
1108 spin_unlock(&dq_data_lock);
1109 }
1110 spin_unlock(&sb->s_inode_list_lock);
1111 #ifdef CONFIG_QUOTA_DEBUG
1112 if (reserved) {
1113 printk(KERN_WARNING "VFS (%s): Writes happened after quota"
1114 " was disabled thus quota information is probably "
1115 "inconsistent. Please run quotacheck(8).\n", sb->s_id);
1116 }
1117 #endif
1118 }
1119
1120 /* Gather all references from inodes and drop them */
drop_dquot_ref(struct super_block * sb,int type)1121 static void drop_dquot_ref(struct super_block *sb, int type)
1122 {
1123 if (sb->dq_op)
1124 remove_dquot_ref(sb, type);
1125 }
1126
1127 static inline
dquot_free_reserved_space(struct dquot * dquot,qsize_t number)1128 void dquot_free_reserved_space(struct dquot *dquot, qsize_t number)
1129 {
1130 if (dquot->dq_dqb.dqb_rsvspace >= number)
1131 dquot->dq_dqb.dqb_rsvspace -= number;
1132 else {
1133 WARN_ON_ONCE(1);
1134 dquot->dq_dqb.dqb_rsvspace = 0;
1135 }
1136 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <=
1137 dquot->dq_dqb.dqb_bsoftlimit)
1138 dquot->dq_dqb.dqb_btime = (time64_t) 0;
1139 clear_bit(DQ_BLKS_B, &dquot->dq_flags);
1140 }
1141
dquot_decr_inodes(struct dquot * dquot,qsize_t number)1142 static void dquot_decr_inodes(struct dquot *dquot, qsize_t number)
1143 {
1144 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE ||
1145 dquot->dq_dqb.dqb_curinodes >= number)
1146 dquot->dq_dqb.dqb_curinodes -= number;
1147 else
1148 dquot->dq_dqb.dqb_curinodes = 0;
1149 if (dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit)
1150 dquot->dq_dqb.dqb_itime = (time64_t) 0;
1151 clear_bit(DQ_INODES_B, &dquot->dq_flags);
1152 }
1153
dquot_decr_space(struct dquot * dquot,qsize_t number)1154 static void dquot_decr_space(struct dquot *dquot, qsize_t number)
1155 {
1156 if (sb_dqopt(dquot->dq_sb)->flags & DQUOT_NEGATIVE_USAGE ||
1157 dquot->dq_dqb.dqb_curspace >= number)
1158 dquot->dq_dqb.dqb_curspace -= number;
1159 else
1160 dquot->dq_dqb.dqb_curspace = 0;
1161 if (dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace <=
1162 dquot->dq_dqb.dqb_bsoftlimit)
1163 dquot->dq_dqb.dqb_btime = (time64_t) 0;
1164 clear_bit(DQ_BLKS_B, &dquot->dq_flags);
1165 }
1166
1167 struct dquot_warn {
1168 struct super_block *w_sb;
1169 struct kqid w_dq_id;
1170 short w_type;
1171 };
1172
warning_issued(struct dquot * dquot,const int warntype)1173 static int warning_issued(struct dquot *dquot, const int warntype)
1174 {
1175 int flag = (warntype == QUOTA_NL_BHARDWARN ||
1176 warntype == QUOTA_NL_BSOFTLONGWARN) ? DQ_BLKS_B :
1177 ((warntype == QUOTA_NL_IHARDWARN ||
1178 warntype == QUOTA_NL_ISOFTLONGWARN) ? DQ_INODES_B : 0);
1179
1180 if (!flag)
1181 return 0;
1182 return test_and_set_bit(flag, &dquot->dq_flags);
1183 }
1184
1185 #ifdef CONFIG_PRINT_QUOTA_WARNING
1186 static int flag_print_warnings = 1;
1187
need_print_warning(struct dquot_warn * warn)1188 static int need_print_warning(struct dquot_warn *warn)
1189 {
1190 if (!flag_print_warnings)
1191 return 0;
1192
1193 switch (warn->w_dq_id.type) {
1194 case USRQUOTA:
1195 return uid_eq(current_fsuid(), warn->w_dq_id.uid);
1196 case GRPQUOTA:
1197 return in_group_p(warn->w_dq_id.gid);
1198 case PRJQUOTA:
1199 return 1;
1200 }
1201 return 0;
1202 }
1203
1204 /* Print warning to user which exceeded quota */
print_warning(struct dquot_warn * warn)1205 static void print_warning(struct dquot_warn *warn)
1206 {
1207 char *msg = NULL;
1208 struct tty_struct *tty;
1209 int warntype = warn->w_type;
1210
1211 if (warntype == QUOTA_NL_IHARDBELOW ||
1212 warntype == QUOTA_NL_ISOFTBELOW ||
1213 warntype == QUOTA_NL_BHARDBELOW ||
1214 warntype == QUOTA_NL_BSOFTBELOW || !need_print_warning(warn))
1215 return;
1216
1217 tty = get_current_tty();
1218 if (!tty)
1219 return;
1220 tty_write_message(tty, warn->w_sb->s_id);
1221 if (warntype == QUOTA_NL_ISOFTWARN || warntype == QUOTA_NL_BSOFTWARN)
1222 tty_write_message(tty, ": warning, ");
1223 else
1224 tty_write_message(tty, ": write failed, ");
1225 tty_write_message(tty, quotatypes[warn->w_dq_id.type]);
1226 switch (warntype) {
1227 case QUOTA_NL_IHARDWARN:
1228 msg = " file limit reached.\r\n";
1229 break;
1230 case QUOTA_NL_ISOFTLONGWARN:
1231 msg = " file quota exceeded too long.\r\n";
1232 break;
1233 case QUOTA_NL_ISOFTWARN:
1234 msg = " file quota exceeded.\r\n";
1235 break;
1236 case QUOTA_NL_BHARDWARN:
1237 msg = " block limit reached.\r\n";
1238 break;
1239 case QUOTA_NL_BSOFTLONGWARN:
1240 msg = " block quota exceeded too long.\r\n";
1241 break;
1242 case QUOTA_NL_BSOFTWARN:
1243 msg = " block quota exceeded.\r\n";
1244 break;
1245 }
1246 tty_write_message(tty, msg);
1247 tty_kref_put(tty);
1248 }
1249 #endif
1250
prepare_warning(struct dquot_warn * warn,struct dquot * dquot,int warntype)1251 static void prepare_warning(struct dquot_warn *warn, struct dquot *dquot,
1252 int warntype)
1253 {
1254 if (warning_issued(dquot, warntype))
1255 return;
1256 warn->w_type = warntype;
1257 warn->w_sb = dquot->dq_sb;
1258 warn->w_dq_id = dquot->dq_id;
1259 }
1260
1261 /*
1262 * Write warnings to the console and send warning messages over netlink.
1263 *
1264 * Note that this function can call into tty and networking code.
1265 */
flush_warnings(struct dquot_warn * warn)1266 static void flush_warnings(struct dquot_warn *warn)
1267 {
1268 int i;
1269
1270 for (i = 0; i < MAXQUOTAS; i++) {
1271 if (warn[i].w_type == QUOTA_NL_NOWARN)
1272 continue;
1273 #ifdef CONFIG_PRINT_QUOTA_WARNING
1274 print_warning(&warn[i]);
1275 #endif
1276 quota_send_warning(warn[i].w_dq_id,
1277 warn[i].w_sb->s_dev, warn[i].w_type);
1278 }
1279 }
1280
ignore_hardlimit(struct dquot * dquot)1281 static int ignore_hardlimit(struct dquot *dquot)
1282 {
1283 struct mem_dqinfo *info = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type];
1284
1285 return capable(CAP_SYS_RESOURCE) &&
1286 (info->dqi_format->qf_fmt_id != QFMT_VFS_OLD ||
1287 !(info->dqi_flags & DQF_ROOT_SQUASH));
1288 }
1289
dquot_add_inodes(struct dquot * dquot,qsize_t inodes,struct dquot_warn * warn)1290 static int dquot_add_inodes(struct dquot *dquot, qsize_t inodes,
1291 struct dquot_warn *warn)
1292 {
1293 qsize_t newinodes;
1294 int ret = 0;
1295
1296 spin_lock(&dquot->dq_dqb_lock);
1297 newinodes = dquot->dq_dqb.dqb_curinodes + inodes;
1298 if (!sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type) ||
1299 test_bit(DQ_FAKE_B, &dquot->dq_flags))
1300 goto add;
1301
1302 if (dquot->dq_dqb.dqb_ihardlimit &&
1303 newinodes > dquot->dq_dqb.dqb_ihardlimit &&
1304 !ignore_hardlimit(dquot)) {
1305 prepare_warning(warn, dquot, QUOTA_NL_IHARDWARN);
1306 ret = -EDQUOT;
1307 goto out;
1308 }
1309
1310 if (dquot->dq_dqb.dqb_isoftlimit &&
1311 newinodes > dquot->dq_dqb.dqb_isoftlimit &&
1312 dquot->dq_dqb.dqb_itime &&
1313 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_itime &&
1314 !ignore_hardlimit(dquot)) {
1315 prepare_warning(warn, dquot, QUOTA_NL_ISOFTLONGWARN);
1316 ret = -EDQUOT;
1317 goto out;
1318 }
1319
1320 if (dquot->dq_dqb.dqb_isoftlimit &&
1321 newinodes > dquot->dq_dqb.dqb_isoftlimit &&
1322 dquot->dq_dqb.dqb_itime == 0) {
1323 prepare_warning(warn, dquot, QUOTA_NL_ISOFTWARN);
1324 dquot->dq_dqb.dqb_itime = ktime_get_real_seconds() +
1325 sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type].dqi_igrace;
1326 }
1327 add:
1328 dquot->dq_dqb.dqb_curinodes = newinodes;
1329
1330 out:
1331 spin_unlock(&dquot->dq_dqb_lock);
1332 return ret;
1333 }
1334
dquot_add_space(struct dquot * dquot,qsize_t space,qsize_t rsv_space,unsigned int flags,struct dquot_warn * warn)1335 static int dquot_add_space(struct dquot *dquot, qsize_t space,
1336 qsize_t rsv_space, unsigned int flags,
1337 struct dquot_warn *warn)
1338 {
1339 qsize_t tspace;
1340 struct super_block *sb = dquot->dq_sb;
1341 int ret = 0;
1342
1343 spin_lock(&dquot->dq_dqb_lock);
1344 if (!sb_has_quota_limits_enabled(sb, dquot->dq_id.type) ||
1345 test_bit(DQ_FAKE_B, &dquot->dq_flags))
1346 goto finish;
1347
1348 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace
1349 + space + rsv_space;
1350
1351 if (dquot->dq_dqb.dqb_bhardlimit &&
1352 tspace > dquot->dq_dqb.dqb_bhardlimit &&
1353 !ignore_hardlimit(dquot)) {
1354 if (flags & DQUOT_SPACE_WARN)
1355 prepare_warning(warn, dquot, QUOTA_NL_BHARDWARN);
1356 ret = -EDQUOT;
1357 goto finish;
1358 }
1359
1360 if (dquot->dq_dqb.dqb_bsoftlimit &&
1361 tspace > dquot->dq_dqb.dqb_bsoftlimit &&
1362 dquot->dq_dqb.dqb_btime &&
1363 ktime_get_real_seconds() >= dquot->dq_dqb.dqb_btime &&
1364 !ignore_hardlimit(dquot)) {
1365 if (flags & DQUOT_SPACE_WARN)
1366 prepare_warning(warn, dquot, QUOTA_NL_BSOFTLONGWARN);
1367 ret = -EDQUOT;
1368 goto finish;
1369 }
1370
1371 if (dquot->dq_dqb.dqb_bsoftlimit &&
1372 tspace > dquot->dq_dqb.dqb_bsoftlimit &&
1373 dquot->dq_dqb.dqb_btime == 0) {
1374 if (flags & DQUOT_SPACE_WARN) {
1375 prepare_warning(warn, dquot, QUOTA_NL_BSOFTWARN);
1376 dquot->dq_dqb.dqb_btime = ktime_get_real_seconds() +
1377 sb_dqopt(sb)->info[dquot->dq_id.type].dqi_bgrace;
1378 } else {
1379 /*
1380 * We don't allow preallocation to exceed softlimit so exceeding will
1381 * be always printed
1382 */
1383 ret = -EDQUOT;
1384 goto finish;
1385 }
1386 }
1387 finish:
1388 /*
1389 * We have to be careful and go through warning generation & grace time
1390 * setting even if DQUOT_SPACE_NOFAIL is set. That's why we check it
1391 * only here...
1392 */
1393 if (flags & DQUOT_SPACE_NOFAIL)
1394 ret = 0;
1395 if (!ret) {
1396 dquot->dq_dqb.dqb_rsvspace += rsv_space;
1397 dquot->dq_dqb.dqb_curspace += space;
1398 }
1399 spin_unlock(&dquot->dq_dqb_lock);
1400 return ret;
1401 }
1402
info_idq_free(struct dquot * dquot,qsize_t inodes)1403 static int info_idq_free(struct dquot *dquot, qsize_t inodes)
1404 {
1405 qsize_t newinodes;
1406
1407 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) ||
1408 dquot->dq_dqb.dqb_curinodes <= dquot->dq_dqb.dqb_isoftlimit ||
1409 !sb_has_quota_limits_enabled(dquot->dq_sb, dquot->dq_id.type))
1410 return QUOTA_NL_NOWARN;
1411
1412 newinodes = dquot->dq_dqb.dqb_curinodes - inodes;
1413 if (newinodes <= dquot->dq_dqb.dqb_isoftlimit)
1414 return QUOTA_NL_ISOFTBELOW;
1415 if (dquot->dq_dqb.dqb_curinodes >= dquot->dq_dqb.dqb_ihardlimit &&
1416 newinodes < dquot->dq_dqb.dqb_ihardlimit)
1417 return QUOTA_NL_IHARDBELOW;
1418 return QUOTA_NL_NOWARN;
1419 }
1420
info_bdq_free(struct dquot * dquot,qsize_t space)1421 static int info_bdq_free(struct dquot *dquot, qsize_t space)
1422 {
1423 qsize_t tspace;
1424
1425 tspace = dquot->dq_dqb.dqb_curspace + dquot->dq_dqb.dqb_rsvspace;
1426
1427 if (test_bit(DQ_FAKE_B, &dquot->dq_flags) ||
1428 tspace <= dquot->dq_dqb.dqb_bsoftlimit)
1429 return QUOTA_NL_NOWARN;
1430
1431 if (tspace - space <= dquot->dq_dqb.dqb_bsoftlimit)
1432 return QUOTA_NL_BSOFTBELOW;
1433 if (tspace >= dquot->dq_dqb.dqb_bhardlimit &&
1434 tspace - space < dquot->dq_dqb.dqb_bhardlimit)
1435 return QUOTA_NL_BHARDBELOW;
1436 return QUOTA_NL_NOWARN;
1437 }
1438
inode_quota_active(const struct inode * inode)1439 static int inode_quota_active(const struct inode *inode)
1440 {
1441 struct super_block *sb = inode->i_sb;
1442
1443 if (IS_NOQUOTA(inode))
1444 return 0;
1445 return sb_any_quota_loaded(sb) & ~sb_any_quota_suspended(sb);
1446 }
1447
1448 /*
1449 * Initialize quota pointers in inode
1450 *
1451 * It is better to call this function outside of any transaction as it
1452 * might need a lot of space in journal for dquot structure allocation.
1453 */
__dquot_initialize(struct inode * inode,int type)1454 static int __dquot_initialize(struct inode *inode, int type)
1455 {
1456 int cnt, init_needed = 0;
1457 struct dquot __rcu **dquots;
1458 struct dquot *got[MAXQUOTAS] = {};
1459 struct super_block *sb = inode->i_sb;
1460 qsize_t rsv;
1461 int ret = 0;
1462
1463 if (!inode_quota_active(inode))
1464 return 0;
1465
1466 dquots = i_dquot(inode);
1467
1468 /* First get references to structures we might need. */
1469 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1470 struct kqid qid;
1471 kprojid_t projid;
1472 int rc;
1473 struct dquot *dquot;
1474
1475 if (type != -1 && cnt != type)
1476 continue;
1477 /*
1478 * The i_dquot should have been initialized in most cases,
1479 * we check it without locking here to avoid unnecessary
1480 * dqget()/dqput() calls.
1481 */
1482 if (dquots[cnt])
1483 continue;
1484
1485 if (!sb_has_quota_active(sb, cnt))
1486 continue;
1487
1488 init_needed = 1;
1489
1490 switch (cnt) {
1491 case USRQUOTA:
1492 qid = make_kqid_uid(inode->i_uid);
1493 break;
1494 case GRPQUOTA:
1495 qid = make_kqid_gid(inode->i_gid);
1496 break;
1497 case PRJQUOTA:
1498 rc = inode->i_sb->dq_op->get_projid(inode, &projid);
1499 if (rc)
1500 continue;
1501 qid = make_kqid_projid(projid);
1502 break;
1503 }
1504 dquot = dqget(sb, qid);
1505 if (IS_ERR(dquot)) {
1506 /* We raced with somebody turning quotas off... */
1507 if (PTR_ERR(dquot) != -ESRCH) {
1508 ret = PTR_ERR(dquot);
1509 goto out_put;
1510 }
1511 dquot = NULL;
1512 }
1513 got[cnt] = dquot;
1514 }
1515
1516 /* All required i_dquot has been initialized */
1517 if (!init_needed)
1518 return 0;
1519
1520 spin_lock(&dq_data_lock);
1521 if (IS_NOQUOTA(inode))
1522 goto out_lock;
1523 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1524 if (type != -1 && cnt != type)
1525 continue;
1526 /* Avoid races with quotaoff() */
1527 if (!sb_has_quota_active(sb, cnt))
1528 continue;
1529 /* We could race with quotaon or dqget() could have failed */
1530 if (!got[cnt])
1531 continue;
1532 if (!dquots[cnt]) {
1533 rcu_assign_pointer(dquots[cnt], got[cnt]);
1534 got[cnt] = NULL;
1535 /*
1536 * Make quota reservation system happy if someone
1537 * did a write before quota was turned on
1538 */
1539 rsv = inode_get_rsv_space(inode);
1540 if (unlikely(rsv)) {
1541 struct dquot *dquot = srcu_dereference_check(
1542 dquots[cnt], &dquot_srcu,
1543 lockdep_is_held(&dq_data_lock));
1544
1545 spin_lock(&inode->i_lock);
1546 /* Get reservation again under proper lock */
1547 rsv = __inode_get_rsv_space(inode);
1548 spin_lock(&dquot->dq_dqb_lock);
1549 dquot->dq_dqb.dqb_rsvspace += rsv;
1550 spin_unlock(&dquot->dq_dqb_lock);
1551 spin_unlock(&inode->i_lock);
1552 }
1553 }
1554 }
1555 out_lock:
1556 spin_unlock(&dq_data_lock);
1557 out_put:
1558 /* Drop unused references */
1559 dqput_all(got);
1560
1561 return ret;
1562 }
1563
dquot_initialize(struct inode * inode)1564 int dquot_initialize(struct inode *inode)
1565 {
1566 return __dquot_initialize(inode, -1);
1567 }
1568 EXPORT_SYMBOL(dquot_initialize);
1569
dquot_initialize_needed(struct inode * inode)1570 bool dquot_initialize_needed(struct inode *inode)
1571 {
1572 struct dquot __rcu **dquots;
1573 int i;
1574
1575 if (!inode_quota_active(inode))
1576 return false;
1577
1578 dquots = i_dquot(inode);
1579 for (i = 0; i < MAXQUOTAS; i++)
1580 if (!dquots[i] && sb_has_quota_active(inode->i_sb, i))
1581 return true;
1582 return false;
1583 }
1584 EXPORT_SYMBOL(dquot_initialize_needed);
1585
1586 /*
1587 * Release all quotas referenced by inode.
1588 *
1589 * This function only be called on inode free or converting
1590 * a file to quota file, no other users for the i_dquot in
1591 * both cases, so we needn't call synchronize_srcu() after
1592 * clearing i_dquot.
1593 */
__dquot_drop(struct inode * inode)1594 static void __dquot_drop(struct inode *inode)
1595 {
1596 int cnt;
1597 struct dquot __rcu **dquots = i_dquot(inode);
1598 struct dquot *put[MAXQUOTAS];
1599
1600 spin_lock(&dq_data_lock);
1601 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1602 put[cnt] = srcu_dereference_check(dquots[cnt], &dquot_srcu,
1603 lockdep_is_held(&dq_data_lock));
1604 rcu_assign_pointer(dquots[cnt], NULL);
1605 }
1606 spin_unlock(&dq_data_lock);
1607 dqput_all(put);
1608 }
1609
dquot_drop(struct inode * inode)1610 void dquot_drop(struct inode *inode)
1611 {
1612 struct dquot __rcu * const *dquots;
1613 int cnt;
1614
1615 if (IS_NOQUOTA(inode))
1616 return;
1617
1618 /*
1619 * Test before calling to rule out calls from proc and such
1620 * where we are not allowed to block. Note that this is
1621 * actually reliable test even without the lock - the caller
1622 * must assure that nobody can come after the DQUOT_DROP and
1623 * add quota pointers back anyway.
1624 */
1625 dquots = i_dquot(inode);
1626 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1627 if (dquots[cnt])
1628 break;
1629 }
1630
1631 if (cnt < MAXQUOTAS)
1632 __dquot_drop(inode);
1633 }
1634 EXPORT_SYMBOL(dquot_drop);
1635
1636 /*
1637 * inode_reserved_space is managed internally by quota, and protected by
1638 * i_lock similar to i_blocks+i_bytes.
1639 */
inode_reserved_space(struct inode * inode)1640 static qsize_t *inode_reserved_space(struct inode * inode)
1641 {
1642 /* Filesystem must explicitly define it's own method in order to use
1643 * quota reservation interface */
1644 BUG_ON(!inode->i_sb->dq_op->get_reserved_space);
1645 return inode->i_sb->dq_op->get_reserved_space(inode);
1646 }
1647
__inode_get_rsv_space(struct inode * inode)1648 static qsize_t __inode_get_rsv_space(struct inode *inode)
1649 {
1650 if (!inode->i_sb->dq_op->get_reserved_space)
1651 return 0;
1652 return *inode_reserved_space(inode);
1653 }
1654
inode_get_rsv_space(struct inode * inode)1655 static qsize_t inode_get_rsv_space(struct inode *inode)
1656 {
1657 qsize_t ret;
1658
1659 if (!inode->i_sb->dq_op->get_reserved_space)
1660 return 0;
1661 spin_lock(&inode->i_lock);
1662 ret = __inode_get_rsv_space(inode);
1663 spin_unlock(&inode->i_lock);
1664 return ret;
1665 }
1666
1667 /*
1668 * This functions updates i_blocks+i_bytes fields and quota information
1669 * (together with appropriate checks).
1670 *
1671 * NOTE: We absolutely rely on the fact that caller dirties the inode
1672 * (usually helpers in quotaops.h care about this) and holds a handle for
1673 * the current transaction so that dquot write and inode write go into the
1674 * same transaction.
1675 */
1676
1677 /*
1678 * This operation can block, but only after everything is updated
1679 */
__dquot_alloc_space(struct inode * inode,qsize_t number,int flags)1680 int __dquot_alloc_space(struct inode *inode, qsize_t number, int flags)
1681 {
1682 int cnt, ret = 0, index;
1683 struct dquot_warn warn[MAXQUOTAS];
1684 int reserve = flags & DQUOT_SPACE_RESERVE;
1685 struct dquot __rcu **dquots;
1686 struct dquot *dquot;
1687
1688 if (!inode_quota_active(inode)) {
1689 if (reserve) {
1690 spin_lock(&inode->i_lock);
1691 *inode_reserved_space(inode) += number;
1692 spin_unlock(&inode->i_lock);
1693 } else {
1694 inode_add_bytes(inode, number);
1695 }
1696 goto out;
1697 }
1698
1699 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1700 warn[cnt].w_type = QUOTA_NL_NOWARN;
1701
1702 dquots = i_dquot(inode);
1703 index = srcu_read_lock(&dquot_srcu);
1704 spin_lock(&inode->i_lock);
1705 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1706 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1707 if (!dquot)
1708 continue;
1709 if (reserve) {
1710 ret = dquot_add_space(dquot, 0, number, flags, &warn[cnt]);
1711 } else {
1712 ret = dquot_add_space(dquot, number, 0, flags, &warn[cnt]);
1713 }
1714 if (ret) {
1715 /* Back out changes we already did */
1716 for (cnt--; cnt >= 0; cnt--) {
1717 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1718 if (!dquot)
1719 continue;
1720 spin_lock(&dquot->dq_dqb_lock);
1721 if (reserve)
1722 dquot_free_reserved_space(dquot, number);
1723 else
1724 dquot_decr_space(dquot, number);
1725 spin_unlock(&dquot->dq_dqb_lock);
1726 }
1727 spin_unlock(&inode->i_lock);
1728 goto out_flush_warn;
1729 }
1730 }
1731 if (reserve)
1732 *inode_reserved_space(inode) += number;
1733 else
1734 __inode_add_bytes(inode, number);
1735 spin_unlock(&inode->i_lock);
1736
1737 if (reserve)
1738 goto out_flush_warn;
1739 ret = mark_all_dquot_dirty(dquots);
1740 out_flush_warn:
1741 srcu_read_unlock(&dquot_srcu, index);
1742 flush_warnings(warn);
1743 out:
1744 return ret;
1745 }
1746 EXPORT_SYMBOL(__dquot_alloc_space);
1747
1748 /*
1749 * This operation can block, but only after everything is updated
1750 */
dquot_alloc_inode(struct inode * inode)1751 int dquot_alloc_inode(struct inode *inode)
1752 {
1753 int cnt, ret = 0, index;
1754 struct dquot_warn warn[MAXQUOTAS];
1755 struct dquot __rcu * const *dquots;
1756 struct dquot *dquot;
1757
1758 if (!inode_quota_active(inode))
1759 return 0;
1760 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
1761 warn[cnt].w_type = QUOTA_NL_NOWARN;
1762
1763 dquots = i_dquot(inode);
1764 index = srcu_read_lock(&dquot_srcu);
1765 spin_lock(&inode->i_lock);
1766 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1767 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1768 if (!dquot)
1769 continue;
1770 ret = dquot_add_inodes(dquot, 1, &warn[cnt]);
1771 if (ret) {
1772 for (cnt--; cnt >= 0; cnt--) {
1773 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1774 if (!dquot)
1775 continue;
1776 /* Back out changes we already did */
1777 spin_lock(&dquot->dq_dqb_lock);
1778 dquot_decr_inodes(dquot, 1);
1779 spin_unlock(&dquot->dq_dqb_lock);
1780 }
1781 goto warn_put_all;
1782 }
1783 }
1784
1785 warn_put_all:
1786 spin_unlock(&inode->i_lock);
1787 if (ret == 0)
1788 ret = mark_all_dquot_dirty(dquots);
1789 srcu_read_unlock(&dquot_srcu, index);
1790 flush_warnings(warn);
1791 return ret;
1792 }
1793 EXPORT_SYMBOL(dquot_alloc_inode);
1794
1795 /*
1796 * Convert in-memory reserved quotas to real consumed quotas
1797 */
dquot_claim_space_nodirty(struct inode * inode,qsize_t number)1798 void dquot_claim_space_nodirty(struct inode *inode, qsize_t number)
1799 {
1800 struct dquot __rcu **dquots;
1801 struct dquot *dquot;
1802 int cnt, index;
1803
1804 if (!inode_quota_active(inode)) {
1805 spin_lock(&inode->i_lock);
1806 *inode_reserved_space(inode) -= number;
1807 __inode_add_bytes(inode, number);
1808 spin_unlock(&inode->i_lock);
1809 return;
1810 }
1811
1812 dquots = i_dquot(inode);
1813 index = srcu_read_lock(&dquot_srcu);
1814 spin_lock(&inode->i_lock);
1815 /* Claim reserved quotas to allocated quotas */
1816 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1817 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1818 if (dquot) {
1819 spin_lock(&dquot->dq_dqb_lock);
1820 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_rsvspace < number))
1821 number = dquot->dq_dqb.dqb_rsvspace;
1822 dquot->dq_dqb.dqb_curspace += number;
1823 dquot->dq_dqb.dqb_rsvspace -= number;
1824 spin_unlock(&dquot->dq_dqb_lock);
1825 }
1826 }
1827 /* Update inode bytes */
1828 *inode_reserved_space(inode) -= number;
1829 __inode_add_bytes(inode, number);
1830 spin_unlock(&inode->i_lock);
1831 mark_all_dquot_dirty(dquots);
1832 srcu_read_unlock(&dquot_srcu, index);
1833 }
1834 EXPORT_SYMBOL(dquot_claim_space_nodirty);
1835
1836 /*
1837 * Convert allocated space back to in-memory reserved quotas
1838 */
dquot_reclaim_space_nodirty(struct inode * inode,qsize_t number)1839 void dquot_reclaim_space_nodirty(struct inode *inode, qsize_t number)
1840 {
1841 struct dquot __rcu **dquots;
1842 struct dquot *dquot;
1843 int cnt, index;
1844
1845 if (!inode_quota_active(inode)) {
1846 spin_lock(&inode->i_lock);
1847 *inode_reserved_space(inode) += number;
1848 __inode_sub_bytes(inode, number);
1849 spin_unlock(&inode->i_lock);
1850 return;
1851 }
1852
1853 dquots = i_dquot(inode);
1854 index = srcu_read_lock(&dquot_srcu);
1855 spin_lock(&inode->i_lock);
1856 /* Claim reserved quotas to allocated quotas */
1857 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1858 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1859 if (dquot) {
1860 spin_lock(&dquot->dq_dqb_lock);
1861 if (WARN_ON_ONCE(dquot->dq_dqb.dqb_curspace < number))
1862 number = dquot->dq_dqb.dqb_curspace;
1863 dquot->dq_dqb.dqb_rsvspace += number;
1864 dquot->dq_dqb.dqb_curspace -= number;
1865 spin_unlock(&dquot->dq_dqb_lock);
1866 }
1867 }
1868 /* Update inode bytes */
1869 *inode_reserved_space(inode) += number;
1870 __inode_sub_bytes(inode, number);
1871 spin_unlock(&inode->i_lock);
1872 mark_all_dquot_dirty(dquots);
1873 srcu_read_unlock(&dquot_srcu, index);
1874 }
1875 EXPORT_SYMBOL(dquot_reclaim_space_nodirty);
1876
1877 /*
1878 * This operation can block, but only after everything is updated
1879 */
__dquot_free_space(struct inode * inode,qsize_t number,int flags)1880 void __dquot_free_space(struct inode *inode, qsize_t number, int flags)
1881 {
1882 unsigned int cnt;
1883 struct dquot_warn warn[MAXQUOTAS];
1884 struct dquot __rcu **dquots;
1885 struct dquot *dquot;
1886 int reserve = flags & DQUOT_SPACE_RESERVE, index;
1887
1888 if (!inode_quota_active(inode)) {
1889 if (reserve) {
1890 spin_lock(&inode->i_lock);
1891 *inode_reserved_space(inode) -= number;
1892 spin_unlock(&inode->i_lock);
1893 } else {
1894 inode_sub_bytes(inode, number);
1895 }
1896 return;
1897 }
1898
1899 dquots = i_dquot(inode);
1900 index = srcu_read_lock(&dquot_srcu);
1901 spin_lock(&inode->i_lock);
1902 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1903 int wtype;
1904
1905 warn[cnt].w_type = QUOTA_NL_NOWARN;
1906 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1907 if (!dquot)
1908 continue;
1909 spin_lock(&dquot->dq_dqb_lock);
1910 wtype = info_bdq_free(dquot, number);
1911 if (wtype != QUOTA_NL_NOWARN)
1912 prepare_warning(&warn[cnt], dquot, wtype);
1913 if (reserve)
1914 dquot_free_reserved_space(dquot, number);
1915 else
1916 dquot_decr_space(dquot, number);
1917 spin_unlock(&dquot->dq_dqb_lock);
1918 }
1919 if (reserve)
1920 *inode_reserved_space(inode) -= number;
1921 else
1922 __inode_sub_bytes(inode, number);
1923 spin_unlock(&inode->i_lock);
1924
1925 if (reserve)
1926 goto out_unlock;
1927 mark_all_dquot_dirty(dquots);
1928 out_unlock:
1929 srcu_read_unlock(&dquot_srcu, index);
1930 flush_warnings(warn);
1931 }
1932 EXPORT_SYMBOL(__dquot_free_space);
1933
1934 /*
1935 * This operation can block, but only after everything is updated
1936 */
dquot_free_inode(struct inode * inode)1937 void dquot_free_inode(struct inode *inode)
1938 {
1939 unsigned int cnt;
1940 struct dquot_warn warn[MAXQUOTAS];
1941 struct dquot __rcu * const *dquots;
1942 struct dquot *dquot;
1943 int index;
1944
1945 if (!inode_quota_active(inode))
1946 return;
1947
1948 dquots = i_dquot(inode);
1949 index = srcu_read_lock(&dquot_srcu);
1950 spin_lock(&inode->i_lock);
1951 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
1952 int wtype;
1953 warn[cnt].w_type = QUOTA_NL_NOWARN;
1954 dquot = srcu_dereference(dquots[cnt], &dquot_srcu);
1955 if (!dquot)
1956 continue;
1957 spin_lock(&dquot->dq_dqb_lock);
1958 wtype = info_idq_free(dquot, 1);
1959 if (wtype != QUOTA_NL_NOWARN)
1960 prepare_warning(&warn[cnt], dquot, wtype);
1961 dquot_decr_inodes(dquot, 1);
1962 spin_unlock(&dquot->dq_dqb_lock);
1963 }
1964 spin_unlock(&inode->i_lock);
1965 mark_all_dquot_dirty(dquots);
1966 srcu_read_unlock(&dquot_srcu, index);
1967 flush_warnings(warn);
1968 }
1969 EXPORT_SYMBOL(dquot_free_inode);
1970
1971 /*
1972 * Transfer the number of inode and blocks from one diskquota to an other.
1973 * On success, dquot references in transfer_to are consumed and references
1974 * to original dquots that need to be released are placed there. On failure,
1975 * references are kept untouched.
1976 *
1977 * This operation can block, but only after everything is updated
1978 * A transaction must be started when entering this function.
1979 *
1980 * We are holding reference on transfer_from & transfer_to, no need to
1981 * protect them by srcu_read_lock().
1982 */
__dquot_transfer(struct inode * inode,struct dquot ** transfer_to)1983 int __dquot_transfer(struct inode *inode, struct dquot **transfer_to)
1984 {
1985 qsize_t cur_space;
1986 qsize_t rsv_space = 0;
1987 qsize_t inode_usage = 1;
1988 struct dquot __rcu **dquots;
1989 struct dquot *transfer_from[MAXQUOTAS] = {};
1990 int cnt, index, ret = 0, err;
1991 char is_valid[MAXQUOTAS] = {};
1992 struct dquot_warn warn_to[MAXQUOTAS];
1993 struct dquot_warn warn_from_inodes[MAXQUOTAS];
1994 struct dquot_warn warn_from_space[MAXQUOTAS];
1995
1996 if (IS_NOQUOTA(inode))
1997 return 0;
1998
1999 if (inode->i_sb->dq_op->get_inode_usage) {
2000 ret = inode->i_sb->dq_op->get_inode_usage(inode, &inode_usage);
2001 if (ret)
2002 return ret;
2003 }
2004
2005 /* Initialize the arrays */
2006 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2007 warn_to[cnt].w_type = QUOTA_NL_NOWARN;
2008 warn_from_inodes[cnt].w_type = QUOTA_NL_NOWARN;
2009 warn_from_space[cnt].w_type = QUOTA_NL_NOWARN;
2010 }
2011
2012 spin_lock(&dq_data_lock);
2013 spin_lock(&inode->i_lock);
2014 if (IS_NOQUOTA(inode)) { /* File without quota accounting? */
2015 spin_unlock(&inode->i_lock);
2016 spin_unlock(&dq_data_lock);
2017 return 0;
2018 }
2019 cur_space = __inode_get_bytes(inode);
2020 rsv_space = __inode_get_rsv_space(inode);
2021 dquots = i_dquot(inode);
2022 /*
2023 * Build the transfer_from list, check limits, and update usage in
2024 * the target structures.
2025 */
2026 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2027 /*
2028 * Skip changes for same uid or gid or for turned off quota-type.
2029 */
2030 if (!transfer_to[cnt])
2031 continue;
2032 /* Avoid races with quotaoff() */
2033 if (!sb_has_quota_active(inode->i_sb, cnt))
2034 continue;
2035 is_valid[cnt] = 1;
2036 transfer_from[cnt] = srcu_dereference_check(dquots[cnt],
2037 &dquot_srcu, lockdep_is_held(&dq_data_lock));
2038 ret = dquot_add_inodes(transfer_to[cnt], inode_usage,
2039 &warn_to[cnt]);
2040 if (ret)
2041 goto over_quota;
2042 ret = dquot_add_space(transfer_to[cnt], cur_space, rsv_space,
2043 DQUOT_SPACE_WARN, &warn_to[cnt]);
2044 if (ret) {
2045 spin_lock(&transfer_to[cnt]->dq_dqb_lock);
2046 dquot_decr_inodes(transfer_to[cnt], inode_usage);
2047 spin_unlock(&transfer_to[cnt]->dq_dqb_lock);
2048 goto over_quota;
2049 }
2050 }
2051
2052 /* Decrease usage for source structures and update quota pointers */
2053 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2054 if (!is_valid[cnt])
2055 continue;
2056 /* Due to IO error we might not have transfer_from[] structure */
2057 if (transfer_from[cnt]) {
2058 int wtype;
2059
2060 spin_lock(&transfer_from[cnt]->dq_dqb_lock);
2061 wtype = info_idq_free(transfer_from[cnt], inode_usage);
2062 if (wtype != QUOTA_NL_NOWARN)
2063 prepare_warning(&warn_from_inodes[cnt],
2064 transfer_from[cnt], wtype);
2065 wtype = info_bdq_free(transfer_from[cnt],
2066 cur_space + rsv_space);
2067 if (wtype != QUOTA_NL_NOWARN)
2068 prepare_warning(&warn_from_space[cnt],
2069 transfer_from[cnt], wtype);
2070 dquot_decr_inodes(transfer_from[cnt], inode_usage);
2071 dquot_decr_space(transfer_from[cnt], cur_space);
2072 dquot_free_reserved_space(transfer_from[cnt],
2073 rsv_space);
2074 spin_unlock(&transfer_from[cnt]->dq_dqb_lock);
2075 }
2076 rcu_assign_pointer(dquots[cnt], transfer_to[cnt]);
2077 }
2078 spin_unlock(&inode->i_lock);
2079 spin_unlock(&dq_data_lock);
2080
2081 /*
2082 * These arrays are local and we hold dquot references so we don't need
2083 * the srcu protection but still take dquot_srcu to avoid warning in
2084 * mark_all_dquot_dirty().
2085 */
2086 index = srcu_read_lock(&dquot_srcu);
2087 err = mark_all_dquot_dirty((struct dquot __rcu **)transfer_from);
2088 if (err < 0)
2089 ret = err;
2090 err = mark_all_dquot_dirty((struct dquot __rcu **)transfer_to);
2091 if (err < 0)
2092 ret = err;
2093 srcu_read_unlock(&dquot_srcu, index);
2094
2095 flush_warnings(warn_to);
2096 flush_warnings(warn_from_inodes);
2097 flush_warnings(warn_from_space);
2098 /* Pass back references to put */
2099 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
2100 if (is_valid[cnt])
2101 transfer_to[cnt] = transfer_from[cnt];
2102 return ret;
2103 over_quota:
2104 /* Back out changes we already did */
2105 for (cnt--; cnt >= 0; cnt--) {
2106 if (!is_valid[cnt])
2107 continue;
2108 spin_lock(&transfer_to[cnt]->dq_dqb_lock);
2109 dquot_decr_inodes(transfer_to[cnt], inode_usage);
2110 dquot_decr_space(transfer_to[cnt], cur_space);
2111 dquot_free_reserved_space(transfer_to[cnt], rsv_space);
2112 spin_unlock(&transfer_to[cnt]->dq_dqb_lock);
2113 }
2114 spin_unlock(&inode->i_lock);
2115 spin_unlock(&dq_data_lock);
2116 flush_warnings(warn_to);
2117 return ret;
2118 }
2119 EXPORT_SYMBOL(__dquot_transfer);
2120
2121 /* Wrapper for transferring ownership of an inode for uid/gid only
2122 * Called from FSXXX_setattr()
2123 */
dquot_transfer(struct mnt_idmap * idmap,struct inode * inode,struct iattr * iattr)2124 int dquot_transfer(struct mnt_idmap *idmap, struct inode *inode,
2125 struct iattr *iattr)
2126 {
2127 struct dquot *transfer_to[MAXQUOTAS] = {};
2128 struct dquot *dquot;
2129 struct super_block *sb = inode->i_sb;
2130 int ret;
2131
2132 if (!inode_quota_active(inode))
2133 return 0;
2134
2135 if (i_uid_needs_update(idmap, iattr, inode)) {
2136 kuid_t kuid = from_vfsuid(idmap, i_user_ns(inode),
2137 iattr->ia_vfsuid);
2138
2139 dquot = dqget(sb, make_kqid_uid(kuid));
2140 if (IS_ERR(dquot)) {
2141 if (PTR_ERR(dquot) != -ESRCH) {
2142 ret = PTR_ERR(dquot);
2143 goto out_put;
2144 }
2145 dquot = NULL;
2146 }
2147 transfer_to[USRQUOTA] = dquot;
2148 }
2149 if (i_gid_needs_update(idmap, iattr, inode)) {
2150 kgid_t kgid = from_vfsgid(idmap, i_user_ns(inode),
2151 iattr->ia_vfsgid);
2152
2153 dquot = dqget(sb, make_kqid_gid(kgid));
2154 if (IS_ERR(dquot)) {
2155 if (PTR_ERR(dquot) != -ESRCH) {
2156 ret = PTR_ERR(dquot);
2157 goto out_put;
2158 }
2159 dquot = NULL;
2160 }
2161 transfer_to[GRPQUOTA] = dquot;
2162 }
2163 ret = __dquot_transfer(inode, transfer_to);
2164 out_put:
2165 dqput_all(transfer_to);
2166 return ret;
2167 }
2168 EXPORT_SYMBOL(dquot_transfer);
2169
2170 /*
2171 * Write info of quota file to disk
2172 */
dquot_commit_info(struct super_block * sb,int type)2173 int dquot_commit_info(struct super_block *sb, int type)
2174 {
2175 struct quota_info *dqopt = sb_dqopt(sb);
2176
2177 return dqopt->ops[type]->write_file_info(sb, type);
2178 }
2179 EXPORT_SYMBOL(dquot_commit_info);
2180
dquot_get_next_id(struct super_block * sb,struct kqid * qid)2181 int dquot_get_next_id(struct super_block *sb, struct kqid *qid)
2182 {
2183 struct quota_info *dqopt = sb_dqopt(sb);
2184
2185 if (!sb_has_quota_active(sb, qid->type))
2186 return -ESRCH;
2187 if (!dqopt->ops[qid->type]->get_next_id)
2188 return -ENOSYS;
2189 return dqopt->ops[qid->type]->get_next_id(sb, qid);
2190 }
2191 EXPORT_SYMBOL(dquot_get_next_id);
2192
2193 /*
2194 * Definitions of diskquota operations.
2195 */
2196 const struct dquot_operations dquot_operations = {
2197 .write_dquot = dquot_commit,
2198 .acquire_dquot = dquot_acquire,
2199 .release_dquot = dquot_release,
2200 .mark_dirty = dquot_mark_dquot_dirty,
2201 .write_info = dquot_commit_info,
2202 .alloc_dquot = dquot_alloc,
2203 .destroy_dquot = dquot_destroy,
2204 .get_next_id = dquot_get_next_id,
2205 };
2206 EXPORT_SYMBOL(dquot_operations);
2207
2208 /*
2209 * Generic helper for ->open on filesystems supporting disk quotas.
2210 */
dquot_file_open(struct inode * inode,struct file * file)2211 int dquot_file_open(struct inode *inode, struct file *file)
2212 {
2213 int error;
2214
2215 error = generic_file_open(inode, file);
2216 if (!error && (file->f_mode & FMODE_WRITE))
2217 error = dquot_initialize(inode);
2218 return error;
2219 }
2220 EXPORT_SYMBOL(dquot_file_open);
2221
vfs_cleanup_quota_inode(struct super_block * sb,int type)2222 static void vfs_cleanup_quota_inode(struct super_block *sb, int type)
2223 {
2224 struct quota_info *dqopt = sb_dqopt(sb);
2225 struct inode *inode = dqopt->files[type];
2226
2227 if (!inode)
2228 return;
2229 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
2230 inode_lock(inode);
2231 inode->i_flags &= ~S_NOQUOTA;
2232 inode_unlock(inode);
2233 }
2234 dqopt->files[type] = NULL;
2235 iput(inode);
2236 }
2237
2238 /*
2239 * Turn quota off on a device. type == -1 ==> quotaoff for all types (umount)
2240 */
dquot_disable(struct super_block * sb,int type,unsigned int flags)2241 int dquot_disable(struct super_block *sb, int type, unsigned int flags)
2242 {
2243 int cnt;
2244 struct quota_info *dqopt = sb_dqopt(sb);
2245
2246 rwsem_assert_held_write(&sb->s_umount);
2247
2248 /* Cannot turn off usage accounting without turning off limits, or
2249 * suspend quotas and simultaneously turn quotas off. */
2250 if ((flags & DQUOT_USAGE_ENABLED && !(flags & DQUOT_LIMITS_ENABLED))
2251 || (flags & DQUOT_SUSPENDED && flags & (DQUOT_LIMITS_ENABLED |
2252 DQUOT_USAGE_ENABLED)))
2253 return -EINVAL;
2254
2255 /*
2256 * Skip everything if there's nothing to do. We have to do this because
2257 * sometimes we are called when fill_super() failed and calling
2258 * sync_fs() in such cases does no good.
2259 */
2260 if (!sb_any_quota_loaded(sb))
2261 return 0;
2262
2263 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2264 if (type != -1 && cnt != type)
2265 continue;
2266 if (!sb_has_quota_loaded(sb, cnt))
2267 continue;
2268
2269 if (flags & DQUOT_SUSPENDED) {
2270 spin_lock(&dq_state_lock);
2271 dqopt->flags |=
2272 dquot_state_flag(DQUOT_SUSPENDED, cnt);
2273 spin_unlock(&dq_state_lock);
2274 } else {
2275 spin_lock(&dq_state_lock);
2276 dqopt->flags &= ~dquot_state_flag(flags, cnt);
2277 /* Turning off suspended quotas? */
2278 if (!sb_has_quota_loaded(sb, cnt) &&
2279 sb_has_quota_suspended(sb, cnt)) {
2280 dqopt->flags &= ~dquot_state_flag(
2281 DQUOT_SUSPENDED, cnt);
2282 spin_unlock(&dq_state_lock);
2283 vfs_cleanup_quota_inode(sb, cnt);
2284 continue;
2285 }
2286 spin_unlock(&dq_state_lock);
2287 }
2288
2289 /* We still have to keep quota loaded? */
2290 if (sb_has_quota_loaded(sb, cnt) && !(flags & DQUOT_SUSPENDED))
2291 continue;
2292
2293 /* Note: these are blocking operations */
2294 drop_dquot_ref(sb, cnt);
2295 invalidate_dquots(sb, cnt);
2296 /*
2297 * Now all dquots should be invalidated, all writes done so we
2298 * should be only users of the info. No locks needed.
2299 */
2300 if (info_dirty(&dqopt->info[cnt]))
2301 sb->dq_op->write_info(sb, cnt);
2302 if (dqopt->ops[cnt]->free_file_info)
2303 dqopt->ops[cnt]->free_file_info(sb, cnt);
2304 put_quota_format(dqopt->info[cnt].dqi_format);
2305 dqopt->info[cnt].dqi_flags = 0;
2306 dqopt->info[cnt].dqi_igrace = 0;
2307 dqopt->info[cnt].dqi_bgrace = 0;
2308 dqopt->ops[cnt] = NULL;
2309 }
2310
2311 /* Skip syncing and setting flags if quota files are hidden */
2312 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE)
2313 goto put_inodes;
2314
2315 /* Sync the superblock so that buffers with quota data are written to
2316 * disk (and so userspace sees correct data afterwards). */
2317 if (sb->s_op->sync_fs)
2318 sb->s_op->sync_fs(sb, 1);
2319 sync_blockdev(sb->s_bdev);
2320 /* Now the quota files are just ordinary files and we can set the
2321 * inode flags back. Moreover we discard the pagecache so that
2322 * userspace sees the writes we did bypassing the pagecache. We
2323 * must also discard the blockdev buffers so that we see the
2324 * changes done by userspace on the next quotaon() */
2325 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
2326 if (!sb_has_quota_loaded(sb, cnt) && dqopt->files[cnt]) {
2327 inode_lock(dqopt->files[cnt]);
2328 truncate_inode_pages(&dqopt->files[cnt]->i_data, 0);
2329 inode_unlock(dqopt->files[cnt]);
2330 }
2331 if (sb->s_bdev)
2332 invalidate_bdev(sb->s_bdev);
2333 put_inodes:
2334 /* We are done when suspending quotas */
2335 if (flags & DQUOT_SUSPENDED)
2336 return 0;
2337
2338 for (cnt = 0; cnt < MAXQUOTAS; cnt++)
2339 if (!sb_has_quota_loaded(sb, cnt))
2340 vfs_cleanup_quota_inode(sb, cnt);
2341 return 0;
2342 }
2343 EXPORT_SYMBOL(dquot_disable);
2344
dquot_quota_off(struct super_block * sb,int type)2345 int dquot_quota_off(struct super_block *sb, int type)
2346 {
2347 return dquot_disable(sb, type,
2348 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED);
2349 }
2350 EXPORT_SYMBOL(dquot_quota_off);
2351
2352 /*
2353 * Turn quotas on on a device
2354 */
2355
vfs_setup_quota_inode(struct inode * inode,int type)2356 static int vfs_setup_quota_inode(struct inode *inode, int type)
2357 {
2358 struct super_block *sb = inode->i_sb;
2359 struct quota_info *dqopt = sb_dqopt(sb);
2360
2361 if (is_bad_inode(inode))
2362 return -EUCLEAN;
2363 if (!S_ISREG(inode->i_mode))
2364 return -EACCES;
2365 if (IS_RDONLY(inode))
2366 return -EROFS;
2367 if (sb_has_quota_loaded(sb, type))
2368 return -EBUSY;
2369
2370 /*
2371 * Quota files should never be encrypted. They should be thought of as
2372 * filesystem metadata, not user data. New-style internal quota files
2373 * cannot be encrypted by users anyway, but old-style external quota
2374 * files could potentially be incorrectly created in an encrypted
2375 * directory, hence this explicit check. Some reasons why encrypted
2376 * quota files don't work include: (1) some filesystems that support
2377 * encryption don't handle it in their quota_read and quota_write, and
2378 * (2) cleaning up encrypted quota files at unmount would need special
2379 * consideration, as quota files are cleaned up later than user files.
2380 */
2381 if (IS_ENCRYPTED(inode))
2382 return -EINVAL;
2383
2384 dqopt->files[type] = igrab(inode);
2385 if (!dqopt->files[type])
2386 return -EIO;
2387 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
2388 /* We don't want quota and atime on quota files (deadlocks
2389 * possible) Also nobody should write to the file - we use
2390 * special IO operations which ignore the immutable bit. */
2391 inode_lock(inode);
2392 inode->i_flags |= S_NOQUOTA;
2393 inode_unlock(inode);
2394 /*
2395 * When S_NOQUOTA is set, remove dquot references as no more
2396 * references can be added
2397 */
2398 __dquot_drop(inode);
2399 }
2400 return 0;
2401 }
2402
dquot_load_quota_sb(struct super_block * sb,int type,int format_id,unsigned int flags)2403 int dquot_load_quota_sb(struct super_block *sb, int type, int format_id,
2404 unsigned int flags)
2405 {
2406 struct quota_format_type *fmt;
2407 struct quota_info *dqopt = sb_dqopt(sb);
2408 int error;
2409
2410 lockdep_assert_held_write(&sb->s_umount);
2411
2412 /* Just unsuspend quotas? */
2413 if (WARN_ON_ONCE(flags & DQUOT_SUSPENDED))
2414 return -EINVAL;
2415
2416 fmt = find_quota_format(format_id);
2417 if (!fmt)
2418 return -ESRCH;
2419 if (!sb->dq_op || !sb->s_qcop ||
2420 (type == PRJQUOTA && sb->dq_op->get_projid == NULL)) {
2421 error = -EINVAL;
2422 goto out_fmt;
2423 }
2424 /* Filesystems outside of init_user_ns not yet supported */
2425 if (sb->s_user_ns != &init_user_ns) {
2426 error = -EINVAL;
2427 goto out_fmt;
2428 }
2429 /* Usage always has to be set... */
2430 if (!(flags & DQUOT_USAGE_ENABLED)) {
2431 error = -EINVAL;
2432 goto out_fmt;
2433 }
2434 if (sb_has_quota_loaded(sb, type)) {
2435 error = -EBUSY;
2436 goto out_fmt;
2437 }
2438
2439 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE)) {
2440 /* As we bypass the pagecache we must now flush all the
2441 * dirty data and invalidate caches so that kernel sees
2442 * changes from userspace. It is not enough to just flush
2443 * the quota file since if blocksize < pagesize, invalidation
2444 * of the cache could fail because of other unrelated dirty
2445 * data */
2446 sync_filesystem(sb);
2447 invalidate_bdev(sb->s_bdev);
2448 }
2449
2450 error = -EINVAL;
2451 if (!fmt->qf_ops->check_quota_file(sb, type))
2452 goto out_fmt;
2453
2454 dqopt->ops[type] = fmt->qf_ops;
2455 dqopt->info[type].dqi_format = fmt;
2456 dqopt->info[type].dqi_fmt_id = format_id;
2457 INIT_LIST_HEAD(&dqopt->info[type].dqi_dirty_list);
2458 error = dqopt->ops[type]->read_file_info(sb, type);
2459 if (error < 0)
2460 goto out_fmt;
2461 if (dqopt->flags & DQUOT_QUOTA_SYS_FILE) {
2462 spin_lock(&dq_data_lock);
2463 dqopt->info[type].dqi_flags |= DQF_SYS_FILE;
2464 spin_unlock(&dq_data_lock);
2465 }
2466 spin_lock(&dq_state_lock);
2467 dqopt->flags |= dquot_state_flag(flags, type);
2468 spin_unlock(&dq_state_lock);
2469
2470 error = add_dquot_ref(sb, type);
2471 if (error)
2472 dquot_disable(sb, type,
2473 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED);
2474
2475 return error;
2476 out_fmt:
2477 put_quota_format(fmt);
2478
2479 return error;
2480 }
2481 EXPORT_SYMBOL(dquot_load_quota_sb);
2482
2483 /*
2484 * More powerful function for turning on quotas on given quota inode allowing
2485 * setting of individual quota flags
2486 */
dquot_load_quota_inode(struct inode * inode,int type,int format_id,unsigned int flags)2487 int dquot_load_quota_inode(struct inode *inode, int type, int format_id,
2488 unsigned int flags)
2489 {
2490 int err;
2491
2492 err = vfs_setup_quota_inode(inode, type);
2493 if (err < 0)
2494 return err;
2495 err = dquot_load_quota_sb(inode->i_sb, type, format_id, flags);
2496 if (err < 0)
2497 vfs_cleanup_quota_inode(inode->i_sb, type);
2498 return err;
2499 }
2500 EXPORT_SYMBOL(dquot_load_quota_inode);
2501
2502 /* Reenable quotas on remount RW */
dquot_resume(struct super_block * sb,int type)2503 int dquot_resume(struct super_block *sb, int type)
2504 {
2505 struct quota_info *dqopt = sb_dqopt(sb);
2506 int ret = 0, cnt;
2507 unsigned int flags;
2508
2509 rwsem_assert_held_write(&sb->s_umount);
2510
2511 for (cnt = 0; cnt < MAXQUOTAS; cnt++) {
2512 if (type != -1 && cnt != type)
2513 continue;
2514 if (!sb_has_quota_suspended(sb, cnt))
2515 continue;
2516
2517 spin_lock(&dq_state_lock);
2518 flags = dqopt->flags & dquot_state_flag(DQUOT_USAGE_ENABLED |
2519 DQUOT_LIMITS_ENABLED,
2520 cnt);
2521 dqopt->flags &= ~dquot_state_flag(DQUOT_STATE_FLAGS, cnt);
2522 spin_unlock(&dq_state_lock);
2523
2524 flags = dquot_generic_flag(flags, cnt);
2525 ret = dquot_load_quota_sb(sb, cnt, dqopt->info[cnt].dqi_fmt_id,
2526 flags);
2527 if (ret < 0)
2528 vfs_cleanup_quota_inode(sb, cnt);
2529 }
2530
2531 return ret;
2532 }
2533 EXPORT_SYMBOL(dquot_resume);
2534
dquot_quota_on(struct super_block * sb,int type,int format_id,const struct path * path)2535 int dquot_quota_on(struct super_block *sb, int type, int format_id,
2536 const struct path *path)
2537 {
2538 int error = security_quota_on(path->dentry);
2539 if (error)
2540 return error;
2541 /* Quota file not on the same filesystem? */
2542 if (path->dentry->d_sb != sb)
2543 error = -EXDEV;
2544 else
2545 error = dquot_load_quota_inode(d_inode(path->dentry), type,
2546 format_id, DQUOT_USAGE_ENABLED |
2547 DQUOT_LIMITS_ENABLED);
2548 return error;
2549 }
2550 EXPORT_SYMBOL(dquot_quota_on);
2551
2552 /*
2553 * This function is used when filesystem needs to initialize quotas
2554 * during mount time.
2555 */
dquot_quota_on_mount(struct super_block * sb,char * qf_name,int format_id,int type)2556 int dquot_quota_on_mount(struct super_block *sb, char *qf_name,
2557 int format_id, int type)
2558 {
2559 struct dentry *dentry;
2560 int error;
2561
2562 dentry = lookup_positive_unlocked(qf_name, sb->s_root, strlen(qf_name));
2563 if (IS_ERR(dentry))
2564 return PTR_ERR(dentry);
2565
2566 error = security_quota_on(dentry);
2567 if (!error)
2568 error = dquot_load_quota_inode(d_inode(dentry), type, format_id,
2569 DQUOT_USAGE_ENABLED | DQUOT_LIMITS_ENABLED);
2570
2571 dput(dentry);
2572 return error;
2573 }
2574 EXPORT_SYMBOL(dquot_quota_on_mount);
2575
dquot_quota_enable(struct super_block * sb,unsigned int flags)2576 static int dquot_quota_enable(struct super_block *sb, unsigned int flags)
2577 {
2578 int ret;
2579 int type;
2580 struct quota_info *dqopt = sb_dqopt(sb);
2581
2582 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE))
2583 return -ENOSYS;
2584 /* Accounting cannot be turned on while fs is mounted */
2585 flags &= ~(FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT);
2586 if (!flags)
2587 return -EINVAL;
2588 for (type = 0; type < MAXQUOTAS; type++) {
2589 if (!(flags & qtype_enforce_flag(type)))
2590 continue;
2591 /* Can't enforce without accounting */
2592 if (!sb_has_quota_usage_enabled(sb, type)) {
2593 ret = -EINVAL;
2594 goto out_err;
2595 }
2596 if (sb_has_quota_limits_enabled(sb, type)) {
2597 /* compatible with XFS */
2598 ret = -EEXIST;
2599 goto out_err;
2600 }
2601 spin_lock(&dq_state_lock);
2602 dqopt->flags |= dquot_state_flag(DQUOT_LIMITS_ENABLED, type);
2603 spin_unlock(&dq_state_lock);
2604 }
2605 return 0;
2606 out_err:
2607 /* Backout enforcement enablement we already did */
2608 for (type--; type >= 0; type--) {
2609 if (flags & qtype_enforce_flag(type))
2610 dquot_disable(sb, type, DQUOT_LIMITS_ENABLED);
2611 }
2612 return ret;
2613 }
2614
dquot_quota_disable(struct super_block * sb,unsigned int flags)2615 static int dquot_quota_disable(struct super_block *sb, unsigned int flags)
2616 {
2617 int ret;
2618 int type;
2619 struct quota_info *dqopt = sb_dqopt(sb);
2620
2621 if (!(dqopt->flags & DQUOT_QUOTA_SYS_FILE))
2622 return -ENOSYS;
2623 /*
2624 * We don't support turning off accounting via quotactl. In principle
2625 * quota infrastructure can do this but filesystems don't expect
2626 * userspace to be able to do it.
2627 */
2628 if (flags &
2629 (FS_QUOTA_UDQ_ACCT | FS_QUOTA_GDQ_ACCT | FS_QUOTA_PDQ_ACCT))
2630 return -EOPNOTSUPP;
2631
2632 /* Filter out limits not enabled */
2633 for (type = 0; type < MAXQUOTAS; type++)
2634 if (!sb_has_quota_limits_enabled(sb, type))
2635 flags &= ~qtype_enforce_flag(type);
2636 /* Nothing left? */
2637 if (!flags)
2638 return -EEXIST;
2639 for (type = 0; type < MAXQUOTAS; type++) {
2640 if (flags & qtype_enforce_flag(type)) {
2641 ret = dquot_disable(sb, type, DQUOT_LIMITS_ENABLED);
2642 if (ret < 0)
2643 goto out_err;
2644 }
2645 }
2646 return 0;
2647 out_err:
2648 /* Backout enforcement disabling we already did */
2649 for (type--; type >= 0; type--) {
2650 if (flags & qtype_enforce_flag(type)) {
2651 spin_lock(&dq_state_lock);
2652 dqopt->flags |=
2653 dquot_state_flag(DQUOT_LIMITS_ENABLED, type);
2654 spin_unlock(&dq_state_lock);
2655 }
2656 }
2657 return ret;
2658 }
2659
2660 /* Generic routine for getting common part of quota structure */
do_get_dqblk(struct dquot * dquot,struct qc_dqblk * di)2661 static void do_get_dqblk(struct dquot *dquot, struct qc_dqblk *di)
2662 {
2663 struct mem_dqblk *dm = &dquot->dq_dqb;
2664
2665 memset(di, 0, sizeof(*di));
2666 spin_lock(&dquot->dq_dqb_lock);
2667 di->d_spc_hardlimit = dm->dqb_bhardlimit;
2668 di->d_spc_softlimit = dm->dqb_bsoftlimit;
2669 di->d_ino_hardlimit = dm->dqb_ihardlimit;
2670 di->d_ino_softlimit = dm->dqb_isoftlimit;
2671 di->d_space = dm->dqb_curspace + dm->dqb_rsvspace;
2672 di->d_ino_count = dm->dqb_curinodes;
2673 di->d_spc_timer = dm->dqb_btime;
2674 di->d_ino_timer = dm->dqb_itime;
2675 spin_unlock(&dquot->dq_dqb_lock);
2676 }
2677
dquot_get_dqblk(struct super_block * sb,struct kqid qid,struct qc_dqblk * di)2678 int dquot_get_dqblk(struct super_block *sb, struct kqid qid,
2679 struct qc_dqblk *di)
2680 {
2681 struct dquot *dquot;
2682
2683 dquot = dqget(sb, qid);
2684 if (IS_ERR(dquot))
2685 return PTR_ERR(dquot);
2686 do_get_dqblk(dquot, di);
2687 dqput(dquot);
2688
2689 return 0;
2690 }
2691 EXPORT_SYMBOL(dquot_get_dqblk);
2692
dquot_get_next_dqblk(struct super_block * sb,struct kqid * qid,struct qc_dqblk * di)2693 int dquot_get_next_dqblk(struct super_block *sb, struct kqid *qid,
2694 struct qc_dqblk *di)
2695 {
2696 struct dquot *dquot;
2697 int err;
2698
2699 if (!sb->dq_op->get_next_id)
2700 return -ENOSYS;
2701 err = sb->dq_op->get_next_id(sb, qid);
2702 if (err < 0)
2703 return err;
2704 dquot = dqget(sb, *qid);
2705 if (IS_ERR(dquot))
2706 return PTR_ERR(dquot);
2707 do_get_dqblk(dquot, di);
2708 dqput(dquot);
2709
2710 return 0;
2711 }
2712 EXPORT_SYMBOL(dquot_get_next_dqblk);
2713
2714 #define VFS_QC_MASK \
2715 (QC_SPACE | QC_SPC_SOFT | QC_SPC_HARD | \
2716 QC_INO_COUNT | QC_INO_SOFT | QC_INO_HARD | \
2717 QC_SPC_TIMER | QC_INO_TIMER)
2718
2719 /* Generic routine for setting common part of quota structure */
do_set_dqblk(struct dquot * dquot,struct qc_dqblk * di)2720 static int do_set_dqblk(struct dquot *dquot, struct qc_dqblk *di)
2721 {
2722 struct mem_dqblk *dm = &dquot->dq_dqb;
2723 int check_blim = 0, check_ilim = 0;
2724 struct mem_dqinfo *dqi = &sb_dqopt(dquot->dq_sb)->info[dquot->dq_id.type];
2725 int ret;
2726
2727 if (di->d_fieldmask & ~VFS_QC_MASK)
2728 return -EINVAL;
2729
2730 if (((di->d_fieldmask & QC_SPC_SOFT) &&
2731 di->d_spc_softlimit > dqi->dqi_max_spc_limit) ||
2732 ((di->d_fieldmask & QC_SPC_HARD) &&
2733 di->d_spc_hardlimit > dqi->dqi_max_spc_limit) ||
2734 ((di->d_fieldmask & QC_INO_SOFT) &&
2735 (di->d_ino_softlimit > dqi->dqi_max_ino_limit)) ||
2736 ((di->d_fieldmask & QC_INO_HARD) &&
2737 (di->d_ino_hardlimit > dqi->dqi_max_ino_limit)))
2738 return -ERANGE;
2739
2740 spin_lock(&dquot->dq_dqb_lock);
2741 if (di->d_fieldmask & QC_SPACE) {
2742 dm->dqb_curspace = di->d_space - dm->dqb_rsvspace;
2743 check_blim = 1;
2744 set_bit(DQ_LASTSET_B + QIF_SPACE_B, &dquot->dq_flags);
2745 }
2746
2747 if (di->d_fieldmask & QC_SPC_SOFT)
2748 dm->dqb_bsoftlimit = di->d_spc_softlimit;
2749 if (di->d_fieldmask & QC_SPC_HARD)
2750 dm->dqb_bhardlimit = di->d_spc_hardlimit;
2751 if (di->d_fieldmask & (QC_SPC_SOFT | QC_SPC_HARD)) {
2752 check_blim = 1;
2753 set_bit(DQ_LASTSET_B + QIF_BLIMITS_B, &dquot->dq_flags);
2754 }
2755
2756 if (di->d_fieldmask & QC_INO_COUNT) {
2757 dm->dqb_curinodes = di->d_ino_count;
2758 check_ilim = 1;
2759 set_bit(DQ_LASTSET_B + QIF_INODES_B, &dquot->dq_flags);
2760 }
2761
2762 if (di->d_fieldmask & QC_INO_SOFT)
2763 dm->dqb_isoftlimit = di->d_ino_softlimit;
2764 if (di->d_fieldmask & QC_INO_HARD)
2765 dm->dqb_ihardlimit = di->d_ino_hardlimit;
2766 if (di->d_fieldmask & (QC_INO_SOFT | QC_INO_HARD)) {
2767 check_ilim = 1;
2768 set_bit(DQ_LASTSET_B + QIF_ILIMITS_B, &dquot->dq_flags);
2769 }
2770
2771 if (di->d_fieldmask & QC_SPC_TIMER) {
2772 dm->dqb_btime = di->d_spc_timer;
2773 check_blim = 1;
2774 set_bit(DQ_LASTSET_B + QIF_BTIME_B, &dquot->dq_flags);
2775 }
2776
2777 if (di->d_fieldmask & QC_INO_TIMER) {
2778 dm->dqb_itime = di->d_ino_timer;
2779 check_ilim = 1;
2780 set_bit(DQ_LASTSET_B + QIF_ITIME_B, &dquot->dq_flags);
2781 }
2782
2783 if (check_blim) {
2784 if (!dm->dqb_bsoftlimit ||
2785 dm->dqb_curspace + dm->dqb_rsvspace <= dm->dqb_bsoftlimit) {
2786 dm->dqb_btime = 0;
2787 clear_bit(DQ_BLKS_B, &dquot->dq_flags);
2788 } else if (!(di->d_fieldmask & QC_SPC_TIMER))
2789 /* Set grace only if user hasn't provided his own... */
2790 dm->dqb_btime = ktime_get_real_seconds() + dqi->dqi_bgrace;
2791 }
2792 if (check_ilim) {
2793 if (!dm->dqb_isoftlimit ||
2794 dm->dqb_curinodes <= dm->dqb_isoftlimit) {
2795 dm->dqb_itime = 0;
2796 clear_bit(DQ_INODES_B, &dquot->dq_flags);
2797 } else if (!(di->d_fieldmask & QC_INO_TIMER))
2798 /* Set grace only if user hasn't provided his own... */
2799 dm->dqb_itime = ktime_get_real_seconds() + dqi->dqi_igrace;
2800 }
2801 if (dm->dqb_bhardlimit || dm->dqb_bsoftlimit || dm->dqb_ihardlimit ||
2802 dm->dqb_isoftlimit)
2803 clear_bit(DQ_FAKE_B, &dquot->dq_flags);
2804 else
2805 set_bit(DQ_FAKE_B, &dquot->dq_flags);
2806 spin_unlock(&dquot->dq_dqb_lock);
2807 ret = mark_dquot_dirty(dquot);
2808 if (ret < 0)
2809 return ret;
2810 return 0;
2811 }
2812
dquot_set_dqblk(struct super_block * sb,struct kqid qid,struct qc_dqblk * di)2813 int dquot_set_dqblk(struct super_block *sb, struct kqid qid,
2814 struct qc_dqblk *di)
2815 {
2816 struct dquot *dquot;
2817 int rc;
2818
2819 dquot = dqget(sb, qid);
2820 if (IS_ERR(dquot)) {
2821 rc = PTR_ERR(dquot);
2822 goto out;
2823 }
2824 rc = do_set_dqblk(dquot, di);
2825 dqput(dquot);
2826 out:
2827 return rc;
2828 }
2829 EXPORT_SYMBOL(dquot_set_dqblk);
2830
2831 /* Generic routine for getting common part of quota file information */
dquot_get_state(struct super_block * sb,struct qc_state * state)2832 int dquot_get_state(struct super_block *sb, struct qc_state *state)
2833 {
2834 struct mem_dqinfo *mi;
2835 struct qc_type_state *tstate;
2836 struct quota_info *dqopt = sb_dqopt(sb);
2837 int type;
2838
2839 memset(state, 0, sizeof(*state));
2840 for (type = 0; type < MAXQUOTAS; type++) {
2841 if (!sb_has_quota_active(sb, type))
2842 continue;
2843 tstate = state->s_state + type;
2844 mi = sb_dqopt(sb)->info + type;
2845 tstate->flags = QCI_ACCT_ENABLED;
2846 spin_lock(&dq_data_lock);
2847 if (mi->dqi_flags & DQF_SYS_FILE)
2848 tstate->flags |= QCI_SYSFILE;
2849 if (mi->dqi_flags & DQF_ROOT_SQUASH)
2850 tstate->flags |= QCI_ROOT_SQUASH;
2851 if (sb_has_quota_limits_enabled(sb, type))
2852 tstate->flags |= QCI_LIMITS_ENFORCED;
2853 tstate->spc_timelimit = mi->dqi_bgrace;
2854 tstate->ino_timelimit = mi->dqi_igrace;
2855 if (dqopt->files[type]) {
2856 tstate->ino = dqopt->files[type]->i_ino;
2857 tstate->blocks = dqopt->files[type]->i_blocks;
2858 }
2859 tstate->nextents = 1; /* We don't know... */
2860 spin_unlock(&dq_data_lock);
2861 }
2862 return 0;
2863 }
2864 EXPORT_SYMBOL(dquot_get_state);
2865
2866 /* Generic routine for setting common part of quota file information */
dquot_set_dqinfo(struct super_block * sb,int type,struct qc_info * ii)2867 int dquot_set_dqinfo(struct super_block *sb, int type, struct qc_info *ii)
2868 {
2869 struct mem_dqinfo *mi;
2870
2871 if ((ii->i_fieldmask & QC_WARNS_MASK) ||
2872 (ii->i_fieldmask & QC_RT_SPC_TIMER))
2873 return -EINVAL;
2874 if (!sb_has_quota_active(sb, type))
2875 return -ESRCH;
2876 mi = sb_dqopt(sb)->info + type;
2877 if (ii->i_fieldmask & QC_FLAGS) {
2878 if ((ii->i_flags & QCI_ROOT_SQUASH &&
2879 mi->dqi_format->qf_fmt_id != QFMT_VFS_OLD))
2880 return -EINVAL;
2881 }
2882 spin_lock(&dq_data_lock);
2883 if (ii->i_fieldmask & QC_SPC_TIMER)
2884 mi->dqi_bgrace = ii->i_spc_timelimit;
2885 if (ii->i_fieldmask & QC_INO_TIMER)
2886 mi->dqi_igrace = ii->i_ino_timelimit;
2887 if (ii->i_fieldmask & QC_FLAGS) {
2888 if (ii->i_flags & QCI_ROOT_SQUASH)
2889 mi->dqi_flags |= DQF_ROOT_SQUASH;
2890 else
2891 mi->dqi_flags &= ~DQF_ROOT_SQUASH;
2892 }
2893 spin_unlock(&dq_data_lock);
2894 mark_info_dirty(sb, type);
2895 /* Force write to disk */
2896 return sb->dq_op->write_info(sb, type);
2897 }
2898 EXPORT_SYMBOL(dquot_set_dqinfo);
2899
2900 const struct quotactl_ops dquot_quotactl_sysfile_ops = {
2901 .quota_enable = dquot_quota_enable,
2902 .quota_disable = dquot_quota_disable,
2903 .quota_sync = dquot_quota_sync,
2904 .get_state = dquot_get_state,
2905 .set_info = dquot_set_dqinfo,
2906 .get_dqblk = dquot_get_dqblk,
2907 .get_nextdqblk = dquot_get_next_dqblk,
2908 .set_dqblk = dquot_set_dqblk
2909 };
2910 EXPORT_SYMBOL(dquot_quotactl_sysfile_ops);
2911
do_proc_dqstats(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)2912 static int do_proc_dqstats(const struct ctl_table *table, int write,
2913 void *buffer, size_t *lenp, loff_t *ppos)
2914 {
2915 unsigned int type = (unsigned long *)table->data - dqstats.stat;
2916 s64 value = percpu_counter_sum(&dqstats.counter[type]);
2917
2918 /* Filter negative values for non-monotonic counters */
2919 if (value < 0 && (type == DQST_ALLOC_DQUOTS ||
2920 type == DQST_FREE_DQUOTS))
2921 value = 0;
2922
2923 /* Update global table */
2924 dqstats.stat[type] = value;
2925 return proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
2926 }
2927
2928 static struct ctl_table fs_dqstats_table[] = {
2929 {
2930 .procname = "lookups",
2931 .data = &dqstats.stat[DQST_LOOKUPS],
2932 .maxlen = sizeof(unsigned long),
2933 .mode = 0444,
2934 .proc_handler = do_proc_dqstats,
2935 },
2936 {
2937 .procname = "drops",
2938 .data = &dqstats.stat[DQST_DROPS],
2939 .maxlen = sizeof(unsigned long),
2940 .mode = 0444,
2941 .proc_handler = do_proc_dqstats,
2942 },
2943 {
2944 .procname = "reads",
2945 .data = &dqstats.stat[DQST_READS],
2946 .maxlen = sizeof(unsigned long),
2947 .mode = 0444,
2948 .proc_handler = do_proc_dqstats,
2949 },
2950 {
2951 .procname = "writes",
2952 .data = &dqstats.stat[DQST_WRITES],
2953 .maxlen = sizeof(unsigned long),
2954 .mode = 0444,
2955 .proc_handler = do_proc_dqstats,
2956 },
2957 {
2958 .procname = "cache_hits",
2959 .data = &dqstats.stat[DQST_CACHE_HITS],
2960 .maxlen = sizeof(unsigned long),
2961 .mode = 0444,
2962 .proc_handler = do_proc_dqstats,
2963 },
2964 {
2965 .procname = "allocated_dquots",
2966 .data = &dqstats.stat[DQST_ALLOC_DQUOTS],
2967 .maxlen = sizeof(unsigned long),
2968 .mode = 0444,
2969 .proc_handler = do_proc_dqstats,
2970 },
2971 {
2972 .procname = "free_dquots",
2973 .data = &dqstats.stat[DQST_FREE_DQUOTS],
2974 .maxlen = sizeof(unsigned long),
2975 .mode = 0444,
2976 .proc_handler = do_proc_dqstats,
2977 },
2978 {
2979 .procname = "syncs",
2980 .data = &dqstats.stat[DQST_SYNCS],
2981 .maxlen = sizeof(unsigned long),
2982 .mode = 0444,
2983 .proc_handler = do_proc_dqstats,
2984 },
2985 #ifdef CONFIG_PRINT_QUOTA_WARNING
2986 {
2987 .procname = "warnings",
2988 .data = &flag_print_warnings,
2989 .maxlen = sizeof(int),
2990 .mode = 0644,
2991 .proc_handler = proc_dointvec,
2992 },
2993 #endif
2994 };
2995
dquot_init(void)2996 static int __init dquot_init(void)
2997 {
2998 int i, ret;
2999 unsigned long nr_hash, order;
3000 struct shrinker *dqcache_shrinker;
3001
3002 printk(KERN_NOTICE "VFS: Disk quotas %s\n", __DQUOT_VERSION__);
3003
3004 register_sysctl_init("fs/quota", fs_dqstats_table);
3005
3006 dquot_cachep = kmem_cache_create("dquot",
3007 sizeof(struct dquot), sizeof(unsigned long) * 4,
3008 (SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT|
3009 SLAB_PANIC),
3010 NULL);
3011
3012 order = 0;
3013 dquot_hash = (struct hlist_head *)__get_free_pages(GFP_KERNEL, order);
3014 if (!dquot_hash)
3015 panic("Cannot create dquot hash table");
3016
3017 ret = percpu_counter_init_many(dqstats.counter, 0, GFP_KERNEL,
3018 _DQST_DQSTAT_LAST);
3019 if (ret)
3020 panic("Cannot create dquot stat counters");
3021
3022 /* Find power-of-two hlist_heads which can fit into allocation */
3023 nr_hash = (1UL << order) * PAGE_SIZE / sizeof(struct hlist_head);
3024 dq_hash_bits = ilog2(nr_hash);
3025
3026 nr_hash = 1UL << dq_hash_bits;
3027 dq_hash_mask = nr_hash - 1;
3028 for (i = 0; i < nr_hash; i++)
3029 INIT_HLIST_HEAD(dquot_hash + i);
3030
3031 pr_info("VFS: Dquot-cache hash table entries: %ld (order %ld,"
3032 " %ld bytes)\n", nr_hash, order, (PAGE_SIZE << order));
3033
3034 dqcache_shrinker = shrinker_alloc(0, "dquota-cache");
3035 if (!dqcache_shrinker)
3036 panic("Cannot allocate dquot shrinker");
3037
3038 dqcache_shrinker->count_objects = dqcache_shrink_count;
3039 dqcache_shrinker->scan_objects = dqcache_shrink_scan;
3040
3041 shrinker_register(dqcache_shrinker);
3042
3043 return 0;
3044 }
3045 fs_initcall(dquot_init);
3046