1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright (c) 2000-2003 Silicon Graphics, Inc.
8 #include "xfs_format.h"
9 #include "xfs_log_format.h"
10 #include "xfs_shared.h"
11 #include "xfs_trans_resv.h"
13 #include "xfs_mount.h"
14 #include "xfs_defer.h"
15 #include "xfs_inode.h"
17 #include "xfs_quota.h"
18 #include "xfs_trans.h"
19 #include "xfs_buf_item.h"
20 #include "xfs_trans_space.h"
21 #include "xfs_trans_priv.h"
23 #include "xfs_trace.h"
25 #include "xfs_bmap_btree.h"
26 #include "xfs_error.h"
27 #include "xfs_health.h"
34 * dquot->q_qlock (xfs_dqlock() and friends)
35 * dquot->q_flush (xfs_dqflock() and friends)
38 * If two dquots need to be locked the order is user before group/project,
39 * otherwise by the lowest id first, see xfs_dqlock2.
42 struct kmem_cache *xfs_dqtrx_cache;
43 static struct kmem_cache *xfs_dquot_cache;
45 static struct lock_class_key xfs_dquot_group_class;
46 static struct lock_class_key xfs_dquot_project_class;
48 /* Record observations of quota corruption with the health tracking system. */
51 struct xfs_dquot *dqp)
53 struct xfs_mount *mp = dqp->q_mount;
55 switch (dqp->q_type) {
57 xfs_fs_mark_sick(mp, XFS_SICK_FS_UQUOTA);
59 case XFS_DQTYPE_GROUP:
60 xfs_fs_mark_sick(mp, XFS_SICK_FS_GQUOTA);
63 xfs_fs_mark_sick(mp, XFS_SICK_FS_PQUOTA);
72 * Detach the dquot buffer if it's still attached, because we can get called
73 * through dqpurge after a log shutdown. Caller must hold the dqflock or have
74 * otherwise isolated the dquot.
78 struct xfs_dquot *dqp)
80 struct xfs_dq_logitem *qlip = &dqp->q_logitem;
81 struct xfs_buf *bp = NULL;
83 spin_lock(&qlip->qli_lock);
84 if (qlip->qli_item.li_buf) {
85 bp = qlip->qli_item.li_buf;
86 qlip->qli_item.li_buf = NULL;
88 spin_unlock(&qlip->qli_lock);
90 list_del_init(&qlip->qli_item.li_bio_list);
96 * This is called to free all the memory associated with a dquot
100 struct xfs_dquot *dqp)
102 ASSERT(list_empty(&dqp->q_lru));
103 ASSERT(dqp->q_logitem.qli_item.li_buf == NULL);
105 kvfree(dqp->q_logitem.qli_item.li_lv_shadow);
106 mutex_destroy(&dqp->q_qlock);
108 XFS_STATS_DEC(dqp->q_mount, xs_qm_dquot);
109 kmem_cache_free(xfs_dquot_cache, dqp);
113 * If default limits are in force, push them into the dquot now.
114 * We overwrite the dquot limits only if they are zero and this
115 * is not the root dquot.
118 xfs_qm_adjust_dqlimits(
119 struct xfs_dquot *dq)
121 struct xfs_mount *mp = dq->q_mount;
122 struct xfs_quotainfo *q = mp->m_quotainfo;
123 struct xfs_def_quota *defq;
127 defq = xfs_get_defquota(q, xfs_dquot_type(dq));
129 if (!dq->q_blk.softlimit) {
130 dq->q_blk.softlimit = defq->blk.soft;
133 if (!dq->q_blk.hardlimit) {
134 dq->q_blk.hardlimit = defq->blk.hard;
137 if (!dq->q_ino.softlimit)
138 dq->q_ino.softlimit = defq->ino.soft;
139 if (!dq->q_ino.hardlimit)
140 dq->q_ino.hardlimit = defq->ino.hard;
141 if (!dq->q_rtb.softlimit)
142 dq->q_rtb.softlimit = defq->rtb.soft;
143 if (!dq->q_rtb.hardlimit)
144 dq->q_rtb.hardlimit = defq->rtb.hard;
147 xfs_dquot_set_prealloc_limits(dq);
150 /* Set the expiration time of a quota's grace period. */
152 xfs_dquot_set_timeout(
153 struct xfs_mount *mp,
156 struct xfs_quotainfo *qi = mp->m_quotainfo;
158 return clamp_t(time64_t, timeout, qi->qi_expiry_min,
162 /* Set the length of the default grace period. */
164 xfs_dquot_set_grace_period(
167 return clamp_t(time64_t, grace, XFS_DQ_GRACE_MIN, XFS_DQ_GRACE_MAX);
171 * Determine if this quota counter is over either limit and set the quota
172 * timers as appropriate.
175 xfs_qm_adjust_res_timer(
176 struct xfs_mount *mp,
177 struct xfs_dquot_res *res,
178 struct xfs_quota_limits *qlim)
180 ASSERT(res->hardlimit == 0 || res->softlimit <= res->hardlimit);
182 if ((res->softlimit && res->count > res->softlimit) ||
183 (res->hardlimit && res->count > res->hardlimit)) {
185 res->timer = xfs_dquot_set_timeout(mp,
186 ktime_get_real_seconds() + qlim->time);
193 * Check the limits and timers of a dquot and start or reset timers
195 * This gets called even when quota enforcement is OFF, which makes our
196 * life a little less complicated. (We just don't reject any quota
197 * reservations in that case, when enforcement is off).
198 * We also return 0 as the values of the timers in Q_GETQUOTA calls, when
200 * In contrast, warnings are a little different in that they don't
201 * 'automatically' get started when limits get exceeded. They do
202 * get reset to zero, however, when we find the count to be under
203 * the soft limit (they are only ever set non-zero via userspace).
206 xfs_qm_adjust_dqtimers(
207 struct xfs_dquot *dq)
209 struct xfs_mount *mp = dq->q_mount;
210 struct xfs_quotainfo *qi = mp->m_quotainfo;
211 struct xfs_def_quota *defq;
214 defq = xfs_get_defquota(qi, xfs_dquot_type(dq));
216 xfs_qm_adjust_res_timer(dq->q_mount, &dq->q_blk, &defq->blk);
217 xfs_qm_adjust_res_timer(dq->q_mount, &dq->q_ino, &defq->ino);
218 xfs_qm_adjust_res_timer(dq->q_mount, &dq->q_rtb, &defq->rtb);
222 * initialize a buffer full of dquots and log the whole thing
225 xfs_qm_init_dquot_blk(
226 struct xfs_trans *tp,
231 struct xfs_mount *mp = tp->t_mountp;
232 struct xfs_quotainfo *q = mp->m_quotainfo;
236 unsigned int blftype;
240 ASSERT(xfs_buf_islocked(bp));
243 case XFS_DQTYPE_USER:
244 qflag = XFS_UQUOTA_CHKD;
245 blftype = XFS_BLF_UDQUOT_BUF;
247 case XFS_DQTYPE_PROJ:
248 qflag = XFS_PQUOTA_CHKD;
249 blftype = XFS_BLF_PDQUOT_BUF;
251 case XFS_DQTYPE_GROUP:
252 qflag = XFS_GQUOTA_CHKD;
253 blftype = XFS_BLF_GDQUOT_BUF;
263 * ID of the first dquot in the block - id's are zero based.
265 curid = id - (id % q->qi_dqperchunk);
266 memset(d, 0, BBTOB(q->qi_dqchunklen));
267 for (i = 0; i < q->qi_dqperchunk; i++, d++, curid++) {
268 d->dd_diskdq.d_magic = cpu_to_be16(XFS_DQUOT_MAGIC);
269 d->dd_diskdq.d_version = XFS_DQUOT_VERSION;
270 d->dd_diskdq.d_id = cpu_to_be32(curid);
271 d->dd_diskdq.d_type = type;
272 if (curid > 0 && xfs_has_bigtime(mp))
273 d->dd_diskdq.d_type |= XFS_DQTYPE_BIGTIME;
274 if (xfs_has_crc(mp)) {
275 uuid_copy(&d->dd_uuid, &mp->m_sb.sb_meta_uuid);
276 xfs_update_cksum((char *)d, sizeof(struct xfs_dqblk),
281 xfs_trans_dquot_buf(tp, bp, blftype);
284 * quotacheck uses delayed writes to update all the dquots on disk in an
285 * efficient manner instead of logging the individual dquot changes as
286 * they are made. However if we log the buffer allocated here and crash
287 * after quotacheck while the logged initialisation is still in the
288 * active region of the log, log recovery can replay the dquot buffer
289 * initialisation over the top of the checked dquots and corrupt quota
292 * To avoid this problem, quotacheck cannot log the initialised buffer.
293 * We must still dirty the buffer and write it back before the
294 * allocation transaction clears the log. Therefore, mark the buffer as
295 * ordered instead of logging it directly. This is safe for quotacheck
296 * because it detects and repairs allocated but initialized dquot blocks
297 * in the quota inodes.
299 if (!(mp->m_qflags & qflag))
300 xfs_trans_ordered_buf(tp, bp);
302 xfs_trans_log_buf(tp, bp, 0, BBTOB(q->qi_dqchunklen) - 1);
306 xfs_dquot_set_prealloc(
307 struct xfs_dquot_pre *pre,
308 const struct xfs_dquot_res *res)
312 pre->q_prealloc_hi_wmark = res->hardlimit;
313 pre->q_prealloc_lo_wmark = res->softlimit;
315 space = div_u64(pre->q_prealloc_hi_wmark, 100);
316 if (!pre->q_prealloc_lo_wmark)
317 pre->q_prealloc_lo_wmark = space * 95;
319 pre->q_low_space[XFS_QLOWSP_1_PCNT] = space;
320 pre->q_low_space[XFS_QLOWSP_3_PCNT] = space * 3;
321 pre->q_low_space[XFS_QLOWSP_5_PCNT] = space * 5;
325 * Initialize the dynamic speculative preallocation thresholds. The lo/hi
326 * watermarks correspond to the soft and hard limits by default. If a soft limit
327 * is not specified, we use 95% of the hard limit.
330 xfs_dquot_set_prealloc_limits(struct xfs_dquot *dqp)
332 xfs_dquot_set_prealloc(&dqp->q_blk_prealloc, &dqp->q_blk);
333 xfs_dquot_set_prealloc(&dqp->q_rtb_prealloc, &dqp->q_rtb);
337 * Ensure that the given in-core dquot has a buffer on disk backing it, and
338 * return the buffer locked and held. This is called when the bmapi finds a
342 xfs_dquot_disk_alloc(
343 struct xfs_dquot *dqp,
344 struct xfs_buf **bpp)
346 struct xfs_bmbt_irec map;
347 struct xfs_trans *tp;
348 struct xfs_mount *mp = dqp->q_mount;
350 xfs_dqtype_t qtype = xfs_dquot_type(dqp);
351 struct xfs_inode *quotip = xfs_quota_inode(mp, qtype);
355 trace_xfs_dqalloc(dqp);
357 error = xfs_trans_alloc(mp, &M_RES(mp)->tr_qm_dqalloc,
358 XFS_QM_DQALLOC_SPACE_RES(mp), 0, 0, &tp);
362 xfs_ilock(quotip, XFS_ILOCK_EXCL);
363 xfs_trans_ijoin(tp, quotip, 0);
365 if (!xfs_this_quota_on(dqp->q_mount, qtype)) {
367 * Return if this type of quotas is turned off while we didn't
374 error = xfs_iext_count_extend(tp, quotip, XFS_DATA_FORK,
375 XFS_IEXT_ADD_NOSPLIT_CNT);
379 /* Create the block mapping. */
380 error = xfs_bmapi_write(tp, quotip, dqp->q_fileoffset,
381 XFS_DQUOT_CLUSTER_SIZE_FSB, XFS_BMAPI_METADATA, 0, &map,
386 ASSERT(map.br_blockcount == XFS_DQUOT_CLUSTER_SIZE_FSB);
387 ASSERT((map.br_startblock != DELAYSTARTBLOCK) &&
388 (map.br_startblock != HOLESTARTBLOCK));
391 * Keep track of the blkno to save a lookup later
393 dqp->q_blkno = XFS_FSB_TO_DADDR(mp, map.br_startblock);
395 /* now we can just get the buffer (there's nothing to read yet) */
396 error = xfs_trans_get_buf(tp, mp->m_ddev_targp, dqp->q_blkno,
397 mp->m_quotainfo->qi_dqchunklen, 0, &bp);
400 bp->b_ops = &xfs_dquot_buf_ops;
403 * Make a chunk of dquots out of this buffer and log
406 xfs_qm_init_dquot_blk(tp, dqp->q_id, qtype, bp);
407 xfs_buf_set_ref(bp, XFS_DQUOT_REF);
410 * Hold the buffer and join it to the dfops so that we'll still own
411 * the buffer when we return to the caller. The buffer disposal on
412 * error must be paid attention to very carefully, as it has been
413 * broken since commit efa092f3d4c6 "[XFS] Fixes a bug in the quota
414 * code when allocating a new dquot record" in 2005, and the later
415 * conversion to xfs_defer_ops in commit 310a75a3c6c747 failed to keep
416 * the buffer locked across the _defer_finish call. We can now do
417 * this correctly with xfs_defer_bjoin.
419 * Above, we allocated a disk block for the dquot information and used
420 * get_buf to initialize the dquot. If the _defer_finish fails, the old
421 * transaction is gone but the new buffer is not joined or held to any
422 * transaction, so we must _buf_relse it.
424 * If everything succeeds, the caller of this function is returned a
425 * buffer that is locked and held to the transaction. The caller
426 * is responsible for unlocking any buffer passed back, either
427 * manually or by committing the transaction. On error, the buffer is
428 * released and not passed back.
430 * Keep the quota inode ILOCKed until after the transaction commit to
431 * maintain the atomicity of bmap/rmap updates.
433 xfs_trans_bhold(tp, bp);
434 error = xfs_trans_commit(tp);
435 xfs_iunlock(quotip, XFS_ILOCK_EXCL);
445 xfs_trans_cancel(tp);
446 xfs_iunlock(quotip, XFS_ILOCK_EXCL);
451 * Read in the in-core dquot's on-disk metadata and return the buffer.
452 * Returns ENOENT to signal a hole.
456 struct xfs_mount *mp,
457 struct xfs_dquot *dqp,
458 struct xfs_buf **bpp)
460 struct xfs_bmbt_irec map;
462 xfs_dqtype_t qtype = xfs_dquot_type(dqp);
463 struct xfs_inode *quotip = xfs_quota_inode(mp, qtype);
468 lock_mode = xfs_ilock_data_map_shared(quotip);
469 if (!xfs_this_quota_on(mp, qtype)) {
471 * Return if this type of quotas is turned off while we
472 * didn't have the quota inode lock.
474 xfs_iunlock(quotip, lock_mode);
479 * Find the block map; no allocations yet
481 error = xfs_bmapi_read(quotip, dqp->q_fileoffset,
482 XFS_DQUOT_CLUSTER_SIZE_FSB, &map, &nmaps, 0);
483 xfs_iunlock(quotip, lock_mode);
488 ASSERT(map.br_blockcount >= 1);
489 ASSERT(map.br_startblock != DELAYSTARTBLOCK);
490 if (map.br_startblock == HOLESTARTBLOCK)
493 trace_xfs_dqtobp_read(dqp);
496 * store the blkno etc so that we don't have to do the
497 * mapping all the time
499 dqp->q_blkno = XFS_FSB_TO_DADDR(mp, map.br_startblock);
501 error = xfs_trans_read_buf(mp, NULL, mp->m_ddev_targp, dqp->q_blkno,
502 mp->m_quotainfo->qi_dqchunklen, 0, &bp,
504 if (xfs_metadata_is_sick(error))
505 xfs_dquot_mark_sick(dqp);
511 ASSERT(xfs_buf_islocked(bp));
512 xfs_buf_set_ref(bp, XFS_DQUOT_REF);
518 /* Allocate and initialize everything we need for an incore dquot. */
519 STATIC struct xfs_dquot *
521 struct xfs_mount *mp,
525 struct xfs_dquot *dqp;
527 dqp = kmem_cache_zalloc(xfs_dquot_cache, GFP_KERNEL | __GFP_NOFAIL);
532 INIT_LIST_HEAD(&dqp->q_lru);
533 mutex_init(&dqp->q_qlock);
534 init_waitqueue_head(&dqp->q_pinwait);
535 dqp->q_fileoffset = (xfs_fileoff_t)id / mp->m_quotainfo->qi_dqperchunk;
537 * Offset of dquot in the (fixed sized) dquot chunk.
539 dqp->q_bufoffset = (id % mp->m_quotainfo->qi_dqperchunk) *
540 sizeof(struct xfs_dqblk);
543 * Because we want to use a counting completion, complete
544 * the flush completion once to allow a single access to
545 * the flush completion without blocking.
547 init_completion(&dqp->q_flush);
548 complete(&dqp->q_flush);
551 * Make sure group quotas have a different lock class than user
555 case XFS_DQTYPE_USER:
556 /* uses the default lock class */
558 case XFS_DQTYPE_GROUP:
559 lockdep_set_class(&dqp->q_qlock, &xfs_dquot_group_class);
561 case XFS_DQTYPE_PROJ:
562 lockdep_set_class(&dqp->q_qlock, &xfs_dquot_project_class);
569 xfs_qm_dquot_logitem_init(dqp);
571 XFS_STATS_INC(mp, xs_qm_dquot);
575 /* Check the ondisk dquot's id and type match what the incore dquot expects. */
577 xfs_dquot_check_type(
578 struct xfs_dquot *dqp,
579 struct xfs_disk_dquot *ddqp)
584 ddqp_type = ddqp->d_type & XFS_DQTYPE_REC_MASK;
585 dqp_type = xfs_dquot_type(dqp);
587 if (be32_to_cpu(ddqp->d_id) != dqp->q_id)
591 * V5 filesystems always expect an exact type match. V4 filesystems
592 * expect an exact match for user dquots and for non-root group and
595 if (xfs_has_crc(dqp->q_mount) ||
596 dqp_type == XFS_DQTYPE_USER || dqp->q_id != 0)
597 return ddqp_type == dqp_type;
600 * V4 filesystems support either group or project quotas, but not both
601 * at the same time. The non-user quota file can be switched between
602 * group and project quota uses depending on the mount options, which
603 * means that we can encounter the other type when we try to load quota
604 * defaults. Quotacheck will soon reset the entire quota file
605 * (including the root dquot) anyway, but don't log scary corruption
608 return ddqp_type == XFS_DQTYPE_GROUP || ddqp_type == XFS_DQTYPE_PROJ;
611 /* Copy the in-core quota fields in from the on-disk buffer. */
614 struct xfs_dquot *dqp,
617 struct xfs_dqblk *dqb = xfs_buf_offset(bp, dqp->q_bufoffset);
618 struct xfs_disk_dquot *ddqp = &dqb->dd_diskdq;
621 * Ensure that we got the type and ID we were looking for.
622 * Everything else was checked by the dquot buffer verifier.
624 if (!xfs_dquot_check_type(dqp, ddqp)) {
625 xfs_alert_tag(bp->b_mount, XFS_PTAG_VERIFIER_ERROR,
626 "Metadata corruption detected at %pS, quota %u",
627 __this_address, dqp->q_id);
628 xfs_alert(bp->b_mount, "Unmount and run xfs_repair");
629 xfs_dquot_mark_sick(dqp);
630 return -EFSCORRUPTED;
633 /* copy everything from disk dquot to the incore dquot */
634 dqp->q_type = ddqp->d_type;
635 dqp->q_blk.hardlimit = be64_to_cpu(ddqp->d_blk_hardlimit);
636 dqp->q_blk.softlimit = be64_to_cpu(ddqp->d_blk_softlimit);
637 dqp->q_ino.hardlimit = be64_to_cpu(ddqp->d_ino_hardlimit);
638 dqp->q_ino.softlimit = be64_to_cpu(ddqp->d_ino_softlimit);
639 dqp->q_rtb.hardlimit = be64_to_cpu(ddqp->d_rtb_hardlimit);
640 dqp->q_rtb.softlimit = be64_to_cpu(ddqp->d_rtb_softlimit);
642 dqp->q_blk.count = be64_to_cpu(ddqp->d_bcount);
643 dqp->q_ino.count = be64_to_cpu(ddqp->d_icount);
644 dqp->q_rtb.count = be64_to_cpu(ddqp->d_rtbcount);
646 dqp->q_blk.timer = xfs_dquot_from_disk_ts(ddqp, ddqp->d_btimer);
647 dqp->q_ino.timer = xfs_dquot_from_disk_ts(ddqp, ddqp->d_itimer);
648 dqp->q_rtb.timer = xfs_dquot_from_disk_ts(ddqp, ddqp->d_rtbtimer);
651 * Reservation counters are defined as reservation plus current usage
652 * to avoid having to add every time.
654 dqp->q_blk.reserved = dqp->q_blk.count;
655 dqp->q_ino.reserved = dqp->q_ino.count;
656 dqp->q_rtb.reserved = dqp->q_rtb.count;
658 /* initialize the dquot speculative prealloc thresholds */
659 xfs_dquot_set_prealloc_limits(dqp);
663 /* Copy the in-core quota fields into the on-disk buffer. */
666 struct xfs_disk_dquot *ddqp,
667 struct xfs_dquot *dqp)
669 ddqp->d_magic = cpu_to_be16(XFS_DQUOT_MAGIC);
670 ddqp->d_version = XFS_DQUOT_VERSION;
671 ddqp->d_type = dqp->q_type;
672 ddqp->d_id = cpu_to_be32(dqp->q_id);
676 ddqp->d_blk_hardlimit = cpu_to_be64(dqp->q_blk.hardlimit);
677 ddqp->d_blk_softlimit = cpu_to_be64(dqp->q_blk.softlimit);
678 ddqp->d_ino_hardlimit = cpu_to_be64(dqp->q_ino.hardlimit);
679 ddqp->d_ino_softlimit = cpu_to_be64(dqp->q_ino.softlimit);
680 ddqp->d_rtb_hardlimit = cpu_to_be64(dqp->q_rtb.hardlimit);
681 ddqp->d_rtb_softlimit = cpu_to_be64(dqp->q_rtb.softlimit);
683 ddqp->d_bcount = cpu_to_be64(dqp->q_blk.count);
684 ddqp->d_icount = cpu_to_be64(dqp->q_ino.count);
685 ddqp->d_rtbcount = cpu_to_be64(dqp->q_rtb.count);
689 ddqp->d_rtbwarns = 0;
691 ddqp->d_btimer = xfs_dquot_to_disk_ts(dqp, dqp->q_blk.timer);
692 ddqp->d_itimer = xfs_dquot_to_disk_ts(dqp, dqp->q_ino.timer);
693 ddqp->d_rtbtimer = xfs_dquot_to_disk_ts(dqp, dqp->q_rtb.timer);
697 * Read in the ondisk dquot using dqtobp() then copy it to an incore version,
698 * and release the buffer immediately. If @can_alloc is true, fill any
699 * holes in the on-disk metadata.
703 struct xfs_mount *mp,
707 struct xfs_dquot **dqpp)
709 struct xfs_dquot *dqp;
713 dqp = xfs_dquot_alloc(mp, id, type);
714 trace_xfs_dqread(dqp);
716 /* Try to read the buffer, allocating if necessary. */
717 error = xfs_dquot_disk_read(mp, dqp, &bp);
718 if (error == -ENOENT && can_alloc)
719 error = xfs_dquot_disk_alloc(dqp, &bp);
724 * At this point we should have a clean locked buffer. Copy the data
725 * to the incore dquot and release the buffer since the incore dquot
726 * has its own locking protocol so we needn't tie up the buffer any
729 ASSERT(xfs_buf_islocked(bp));
730 error = xfs_dquot_from_disk(dqp, bp);
739 trace_xfs_dqread_fail(dqp);
740 xfs_qm_dqdestroy(dqp);
746 * Advance to the next id in the current chunk, or if at the
747 * end of the chunk, skip ahead to first id in next allocated chunk
748 * using the SEEK_DATA interface.
752 struct xfs_mount *mp,
756 struct xfs_inode *quotip = xfs_quota_inode(mp, type);
757 xfs_dqid_t next_id = *id + 1; /* simple advance */
759 struct xfs_bmbt_irec got;
760 struct xfs_iext_cursor cur;
764 /* If we'd wrap past the max ID, stop */
768 /* If new ID is within the current chunk, advancing it sufficed */
769 if (next_id % mp->m_quotainfo->qi_dqperchunk) {
774 /* Nope, next_id is now past the current chunk, so find the next one */
775 start = (xfs_fsblock_t)next_id / mp->m_quotainfo->qi_dqperchunk;
777 lock_flags = xfs_ilock_data_map_shared(quotip);
778 error = xfs_iread_extents(NULL, quotip, XFS_DATA_FORK);
782 if (xfs_iext_lookup_extent(quotip, "ip->i_df, start, &cur, &got)) {
783 /* contiguous chunk, bump startoff for the id calculation */
784 if (got.br_startoff < start)
785 got.br_startoff = start;
786 *id = got.br_startoff * mp->m_quotainfo->qi_dqperchunk;
791 xfs_iunlock(quotip, lock_flags);
797 * Look up the dquot in the in-core cache. If found, the dquot is returned
798 * locked and ready to go.
800 static struct xfs_dquot *
801 xfs_qm_dqget_cache_lookup(
802 struct xfs_mount *mp,
803 struct xfs_quotainfo *qi,
804 struct radix_tree_root *tree,
807 struct xfs_dquot *dqp;
810 mutex_lock(&qi->qi_tree_lock);
811 dqp = radix_tree_lookup(tree, id);
813 mutex_unlock(&qi->qi_tree_lock);
814 XFS_STATS_INC(mp, xs_qm_dqcachemisses);
819 if (dqp->q_flags & XFS_DQFLAG_FREEING) {
821 mutex_unlock(&qi->qi_tree_lock);
822 trace_xfs_dqget_freeing(dqp);
828 mutex_unlock(&qi->qi_tree_lock);
830 trace_xfs_dqget_hit(dqp);
831 XFS_STATS_INC(mp, xs_qm_dqcachehits);
836 * Try to insert a new dquot into the in-core cache. If an error occurs the
837 * caller should throw away the dquot and start over. Otherwise, the dquot
838 * is returned locked (and held by the cache) as if there had been a cache
841 * The insert needs to be done under memalloc_nofs context because the radix
842 * tree can do memory allocation during insert. The qi->qi_tree_lock is taken in
843 * memory reclaim when freeing unused dquots, so we cannot have the radix tree
844 * node allocation recursing into filesystem reclaim whilst we hold the
848 xfs_qm_dqget_cache_insert(
849 struct xfs_mount *mp,
850 struct xfs_quotainfo *qi,
851 struct radix_tree_root *tree,
853 struct xfs_dquot *dqp)
855 unsigned int nofs_flags;
858 nofs_flags = memalloc_nofs_save();
859 mutex_lock(&qi->qi_tree_lock);
860 error = radix_tree_insert(tree, id, dqp);
861 if (unlikely(error)) {
862 /* Duplicate found! Caller must try again. */
863 trace_xfs_dqget_dup(dqp);
867 /* Return a locked dquot to the caller, with a reference taken. */
873 mutex_unlock(&qi->qi_tree_lock);
874 memalloc_nofs_restore(nofs_flags);
878 /* Check our input parameters. */
881 struct xfs_mount *mp,
885 case XFS_DQTYPE_USER:
886 if (!XFS_IS_UQUOTA_ON(mp))
889 case XFS_DQTYPE_GROUP:
890 if (!XFS_IS_GQUOTA_ON(mp))
893 case XFS_DQTYPE_PROJ:
894 if (!XFS_IS_PQUOTA_ON(mp))
904 * Given the file system, id, and type (UDQUOT/GDQUOT/PDQUOT), return a
905 * locked dquot, doing an allocation (if requested) as needed.
909 struct xfs_mount *mp,
913 struct xfs_dquot **O_dqpp)
915 struct xfs_quotainfo *qi = mp->m_quotainfo;
916 struct radix_tree_root *tree = xfs_dquot_tree(qi, type);
917 struct xfs_dquot *dqp;
920 error = xfs_qm_dqget_checks(mp, type);
925 dqp = xfs_qm_dqget_cache_lookup(mp, qi, tree, id);
931 error = xfs_qm_dqread(mp, id, type, can_alloc, &dqp);
935 error = xfs_qm_dqget_cache_insert(mp, qi, tree, id, dqp);
938 * Duplicate found. Just throw away the new dquot and start
941 xfs_qm_dqdestroy(dqp);
942 XFS_STATS_INC(mp, xs_qm_dquot_dups);
946 trace_xfs_dqget_miss(dqp);
952 * Given a dquot id and type, read and initialize a dquot from the on-disk
953 * metadata. This function is only for use during quota initialization so
954 * it ignores the dquot cache assuming that the dquot shrinker isn't set up.
955 * The caller is responsible for _qm_dqdestroy'ing the returned dquot.
958 xfs_qm_dqget_uncached(
959 struct xfs_mount *mp,
962 struct xfs_dquot **dqpp)
966 error = xfs_qm_dqget_checks(mp, type);
970 return xfs_qm_dqread(mp, id, type, 0, dqpp);
973 /* Return the quota id for a given inode and type. */
975 xfs_qm_id_for_quotatype(
976 struct xfs_inode *ip,
980 case XFS_DQTYPE_USER:
981 return i_uid_read(VFS_I(ip));
982 case XFS_DQTYPE_GROUP:
983 return i_gid_read(VFS_I(ip));
984 case XFS_DQTYPE_PROJ:
992 * Return the dquot for a given inode and type. If @can_alloc is true, then
993 * allocate blocks if needed. The inode's ILOCK must be held and it must not
994 * have already had an inode attached.
998 struct xfs_inode *ip,
1001 struct xfs_dquot **O_dqpp)
1003 struct xfs_mount *mp = ip->i_mount;
1004 struct xfs_quotainfo *qi = mp->m_quotainfo;
1005 struct radix_tree_root *tree = xfs_dquot_tree(qi, type);
1006 struct xfs_dquot *dqp;
1010 error = xfs_qm_dqget_checks(mp, type);
1014 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
1015 ASSERT(xfs_inode_dquot(ip, type) == NULL);
1016 ASSERT(!xfs_is_metadir_inode(ip));
1018 id = xfs_qm_id_for_quotatype(ip, type);
1021 dqp = xfs_qm_dqget_cache_lookup(mp, qi, tree, id);
1028 * Dquot cache miss. We don't want to keep the inode lock across
1029 * a (potential) disk read. Also we don't want to deal with the lock
1030 * ordering between quotainode and this inode. OTOH, dropping the inode
1031 * lock here means dealing with a chown that can happen before
1032 * we re-acquire the lock.
1034 xfs_iunlock(ip, XFS_ILOCK_EXCL);
1035 error = xfs_qm_dqread(mp, id, type, can_alloc, &dqp);
1036 xfs_ilock(ip, XFS_ILOCK_EXCL);
1041 * A dquot could be attached to this inode by now, since we had
1042 * dropped the ilock.
1044 if (xfs_this_quota_on(mp, type)) {
1045 struct xfs_dquot *dqp1;
1047 dqp1 = xfs_inode_dquot(ip, type);
1049 xfs_qm_dqdestroy(dqp);
1055 /* inode stays locked on return */
1056 xfs_qm_dqdestroy(dqp);
1060 error = xfs_qm_dqget_cache_insert(mp, qi, tree, id, dqp);
1063 * Duplicate found. Just throw away the new dquot and start
1066 xfs_qm_dqdestroy(dqp);
1067 XFS_STATS_INC(mp, xs_qm_dquot_dups);
1072 xfs_assert_ilocked(ip, XFS_ILOCK_EXCL);
1073 trace_xfs_dqget_miss(dqp);
1079 * Starting at @id and progressing upwards, look for an initialized incore
1080 * dquot, lock it, and return it.
1084 struct xfs_mount *mp,
1087 struct xfs_dquot **dqpp)
1089 struct xfs_dquot *dqp;
1093 for (; !error; error = xfs_dq_get_next_id(mp, type, &id)) {
1094 error = xfs_qm_dqget(mp, id, type, false, &dqp);
1095 if (error == -ENOENT)
1097 else if (error != 0)
1100 if (!XFS_IS_DQUOT_UNINITIALIZED(dqp)) {
1112 * Release a reference to the dquot (decrement ref-count) and unlock it.
1114 * If there is a group quota attached to this dquot, carefully release that
1115 * too without tripping over deadlocks'n'stuff.
1119 struct xfs_dquot *dqp)
1121 ASSERT(dqp->q_nrefs > 0);
1122 ASSERT(XFS_DQ_IS_LOCKED(dqp));
1124 trace_xfs_dqput(dqp);
1126 if (--dqp->q_nrefs == 0) {
1127 struct xfs_quotainfo *qi = dqp->q_mount->m_quotainfo;
1128 trace_xfs_dqput_free(dqp);
1130 if (list_lru_add_obj(&qi->qi_lru, &dqp->q_lru))
1131 XFS_STATS_INC(dqp->q_mount, xs_qm_dquot_unused);
1137 * Release a dquot. Flush it if dirty, then dqput() it.
1138 * dquot must not be locked.
1142 struct xfs_dquot *dqp)
1147 trace_xfs_dqrele(dqp);
1151 * We don't care to flush it if the dquot is dirty here.
1152 * That will create stutters that we want to avoid.
1153 * Instead we do a delayed write when we try to reclaim
1154 * a dirty dquot. Also xfs_sync will take part of the burden...
1160 * This is the dquot flushing I/O completion routine. It is called
1161 * from interrupt level when the buffer containing the dquot is
1162 * flushed to disk. It is responsible for removing the dquot logitem
1163 * from the AIL if it has not been re-logged, and unlocking the dquot's
1164 * flush lock. This behavior is very similar to that of inodes..
1167 xfs_qm_dqflush_done(
1168 struct xfs_log_item *lip)
1170 struct xfs_dq_logitem *qlip =
1171 container_of(lip, struct xfs_dq_logitem, qli_item);
1172 struct xfs_dquot *dqp = qlip->qli_dquot;
1173 struct xfs_ail *ailp = lip->li_ailp;
1174 struct xfs_buf *bp = NULL;
1178 * We only want to pull the item from the AIL if its
1179 * location in the log has not changed since we started the flush.
1180 * Thus, we only bother if the dquot's lsn has
1181 * not changed. First we check the lsn outside the lock
1182 * since it's cheaper, and then we recheck while
1183 * holding the lock before removing the dquot from the AIL.
1185 if (test_bit(XFS_LI_IN_AIL, &lip->li_flags) &&
1186 (lip->li_lsn == qlip->qli_flush_lsn ||
1187 test_bit(XFS_LI_FAILED, &lip->li_flags))) {
1189 spin_lock(&ailp->ail_lock);
1190 xfs_clear_li_failed(lip);
1191 if (lip->li_lsn == qlip->qli_flush_lsn) {
1192 /* xfs_ail_update_finish() drops the AIL lock */
1193 tail_lsn = xfs_ail_delete_one(ailp, lip);
1194 xfs_ail_update_finish(ailp, tail_lsn);
1196 spin_unlock(&ailp->ail_lock);
1201 * If this dquot hasn't been dirtied since initiating the last dqflush,
1202 * release the buffer reference. We already unlinked this dquot item
1205 spin_lock(&qlip->qli_lock);
1206 if (!qlip->qli_dirty) {
1210 spin_unlock(&qlip->qli_lock);
1215 * Release the dq's flush lock since we're done with it.
1221 xfs_buf_dquot_iodone(
1224 struct xfs_log_item *lip, *n;
1226 list_for_each_entry_safe(lip, n, &bp->b_li_list, li_bio_list) {
1227 list_del_init(&lip->li_bio_list);
1228 xfs_qm_dqflush_done(lip);
1233 xfs_buf_dquot_io_fail(
1236 struct xfs_log_item *lip;
1238 spin_lock(&bp->b_mount->m_ail->ail_lock);
1239 list_for_each_entry(lip, &bp->b_li_list, li_bio_list)
1240 set_bit(XFS_LI_FAILED, &lip->li_flags);
1241 spin_unlock(&bp->b_mount->m_ail->ail_lock);
1244 /* Check incore dquot for errors before we flush. */
1245 static xfs_failaddr_t
1246 xfs_qm_dqflush_check(
1247 struct xfs_dquot *dqp)
1249 xfs_dqtype_t type = xfs_dquot_type(dqp);
1251 if (type != XFS_DQTYPE_USER &&
1252 type != XFS_DQTYPE_GROUP &&
1253 type != XFS_DQTYPE_PROJ)
1254 return __this_address;
1259 if (dqp->q_blk.softlimit && dqp->q_blk.count > dqp->q_blk.softlimit &&
1261 return __this_address;
1263 if (dqp->q_ino.softlimit && dqp->q_ino.count > dqp->q_ino.softlimit &&
1265 return __this_address;
1267 if (dqp->q_rtb.softlimit && dqp->q_rtb.count > dqp->q_rtb.softlimit &&
1269 return __this_address;
1271 /* bigtime flag should never be set on root dquots */
1272 if (dqp->q_type & XFS_DQTYPE_BIGTIME) {
1273 if (!xfs_has_bigtime(dqp->q_mount))
1274 return __this_address;
1276 return __this_address;
1283 * Get the buffer containing the on-disk dquot.
1285 * Requires dquot flush lock, will clear the dirty flag, delete the quota log
1286 * item from the AIL, and shut down the system if something goes wrong.
1290 struct xfs_trans *tp,
1291 struct xfs_dquot *dqp,
1292 struct xfs_buf **bpp)
1294 struct xfs_mount *mp = dqp->q_mount;
1295 struct xfs_buf *bp = NULL;
1298 error = xfs_trans_read_buf(mp, tp, mp->m_ddev_targp, dqp->q_blkno,
1299 mp->m_quotainfo->qi_dqchunklen, 0,
1300 &bp, &xfs_dquot_buf_ops);
1301 if (xfs_metadata_is_sick(error))
1302 xfs_dquot_mark_sick(dqp);
1310 dqp->q_flags &= ~XFS_DQFLAG_DIRTY;
1311 xfs_trans_ail_delete(&dqp->q_logitem.qli_item, 0);
1312 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
1317 * Attach a dquot buffer to this dquot to avoid allocating a buffer during a
1318 * dqflush, since dqflush can be called from reclaim context.
1321 xfs_dquot_attach_buf(
1322 struct xfs_trans *tp,
1323 struct xfs_dquot *dqp)
1325 struct xfs_dq_logitem *qlip = &dqp->q_logitem;
1326 struct xfs_log_item *lip = &qlip->qli_item;
1329 spin_lock(&qlip->qli_lock);
1331 struct xfs_buf *bp = NULL;
1333 spin_unlock(&qlip->qli_lock);
1334 error = xfs_dquot_read_buf(tp, dqp, &bp);
1339 * Attach the dquot to the buffer so that the AIL does not have
1340 * to read the dquot buffer to push this item.
1343 spin_lock(&qlip->qli_lock);
1345 xfs_trans_brelse(tp, bp);
1347 qlip->qli_dirty = true;
1348 spin_unlock(&qlip->qli_lock);
1354 * Get a new reference the dquot buffer attached to this dquot for a dqflush
1357 * Returns 0 and a NULL bp if none was attached to the dquot; 0 and a locked
1358 * bp; or -EAGAIN if the buffer could not be locked.
1361 xfs_dquot_use_attached_buf(
1362 struct xfs_dquot *dqp,
1363 struct xfs_buf **bpp)
1365 struct xfs_buf *bp = dqp->q_logitem.qli_item.li_buf;
1368 * A NULL buffer can happen if the dquot dirty flag was set but the
1369 * filesystem shut down before transaction commit happened. In that
1370 * case we're not going to flush anyway.
1373 ASSERT(xfs_is_shutdown(dqp->q_mount));
1379 if (!xfs_buf_trylock(bp))
1388 * Write a modified dquot to disk.
1389 * The dquot must be locked and the flush lock too taken by caller.
1390 * The flush lock will not be unlocked until the dquot reaches the disk,
1391 * but the dquot is free to be unlocked and modified by the caller
1392 * in the interim. Dquot is still locked on return. This behavior is
1393 * identical to that of inodes.
1397 struct xfs_dquot *dqp,
1400 struct xfs_mount *mp = dqp->q_mount;
1401 struct xfs_dq_logitem *qlip = &dqp->q_logitem;
1402 struct xfs_log_item *lip = &qlip->qli_item;
1403 struct xfs_dqblk *dqblk;
1407 ASSERT(XFS_DQ_IS_LOCKED(dqp));
1408 ASSERT(!completion_done(&dqp->q_flush));
1410 trace_xfs_dqflush(dqp);
1412 xfs_qm_dqunpin_wait(dqp);
1414 fa = xfs_qm_dqflush_check(dqp);
1416 xfs_alert(mp, "corrupt dquot ID 0x%x in memory at %pS",
1418 xfs_dquot_mark_sick(dqp);
1419 error = -EFSCORRUPTED;
1423 /* Flush the incore dquot to the ondisk buffer. */
1424 dqblk = xfs_buf_offset(bp, dqp->q_bufoffset);
1425 xfs_dquot_to_disk(&dqblk->dd_diskdq, dqp);
1428 * Clear the dirty field and remember the flush lsn for later use.
1430 dqp->q_flags &= ~XFS_DQFLAG_DIRTY;
1433 * We hold the dquot lock, so nobody can dirty it while we're
1434 * scheduling the write out. Clear the dirty-since-flush flag.
1436 spin_lock(&qlip->qli_lock);
1437 qlip->qli_dirty = false;
1438 spin_unlock(&qlip->qli_lock);
1440 xfs_trans_ail_copy_lsn(mp->m_ail, &qlip->qli_flush_lsn, &lip->li_lsn);
1443 * copy the lsn into the on-disk dquot now while we have the in memory
1444 * dquot here. This can't be done later in the write verifier as we
1445 * can't get access to the log item at that point in time.
1447 * We also calculate the CRC here so that the on-disk dquot in the
1448 * buffer always has a valid CRC. This ensures there is no possibility
1449 * of a dquot without an up-to-date CRC getting to disk.
1451 if (xfs_has_crc(mp)) {
1452 dqblk->dd_lsn = cpu_to_be64(lip->li_lsn);
1453 xfs_update_cksum((char *)dqblk, sizeof(struct xfs_dqblk),
1458 * Attach the dquot to the buffer so that we can remove this dquot from
1459 * the AIL and release the flush lock once the dquot is synced to disk.
1461 bp->b_flags |= _XBF_DQUOTS;
1462 list_add_tail(&lip->li_bio_list, &bp->b_li_list);
1465 * If the buffer is pinned then push on the log so we won't
1466 * get stuck waiting in the write for too long.
1468 if (xfs_buf_ispinned(bp)) {
1469 trace_xfs_dqflush_force(dqp);
1470 xfs_log_force(mp, 0);
1473 trace_xfs_dqflush_done(dqp);
1477 dqp->q_flags &= ~XFS_DQFLAG_DIRTY;
1478 xfs_trans_ail_delete(lip, 0);
1479 xfs_force_shutdown(mp, SHUTDOWN_CORRUPT_INCORE);
1485 * Lock two xfs_dquot structures.
1487 * To avoid deadlocks we always lock the quota structure with
1488 * the lowerd id first.
1492 struct xfs_dquot *d1,
1493 struct xfs_dquot *d2)
1497 if (d1->q_id > d2->q_id) {
1498 mutex_lock(&d2->q_qlock);
1499 mutex_lock_nested(&d1->q_qlock, XFS_QLOCK_NESTED);
1501 mutex_lock(&d1->q_qlock);
1502 mutex_lock_nested(&d2->q_qlock, XFS_QLOCK_NESTED);
1505 mutex_lock(&d1->q_qlock);
1507 mutex_lock(&d2->q_qlock);
1516 const struct xfs_dqtrx *qa = a;
1517 const struct xfs_dqtrx *qb = b;
1519 if (qa->qt_dquot->q_id > qb->qt_dquot->q_id)
1521 if (qa->qt_dquot->q_id < qb->qt_dquot->q_id)
1528 struct xfs_dqtrx *q)
1532 BUILD_BUG_ON(XFS_QM_TRANS_MAXDQS > MAX_LOCKDEP_SUBCLASSES);
1534 /* Sort in order of dquot id, do not allow duplicates */
1535 for (i = 0; i < XFS_QM_TRANS_MAXDQS && q[i].qt_dquot != NULL; i++) {
1538 for (j = 0; j < i; j++)
1539 ASSERT(q[i].qt_dquot != q[j].qt_dquot);
1544 sort(q, i, sizeof(struct xfs_dqtrx), xfs_dqtrx_cmp, NULL);
1546 mutex_lock(&q[0].qt_dquot->q_qlock);
1547 for (i = 1; i < XFS_QM_TRANS_MAXDQS && q[i].qt_dquot != NULL; i++)
1548 mutex_lock_nested(&q[i].qt_dquot->q_qlock,
1549 XFS_QLOCK_NESTED + i - 1);
1555 xfs_dquot_cache = kmem_cache_create("xfs_dquot",
1556 sizeof(struct xfs_dquot),
1558 if (!xfs_dquot_cache)
1561 xfs_dqtrx_cache = kmem_cache_create("xfs_dqtrx",
1562 sizeof(struct xfs_dquot_acct),
1564 if (!xfs_dqtrx_cache)
1565 goto out_free_dquot_cache;
1569 out_free_dquot_cache:
1570 kmem_cache_destroy(xfs_dquot_cache);
1578 kmem_cache_destroy(xfs_dqtrx_cache);
1579 kmem_cache_destroy(xfs_dquot_cache);
projects / J-linux.git / blob